Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Slow Internet/Browser Speeds

Started by Mike12345, Apr 29 2012 06:04 AM

This topic is locked
Go to first unread post

16 replies to this topic

#1
Mike12345

Posted 29 April 2012 - 06:04 AM

New Member

Members
8 posts

Hello,

One of my computers is proably infected since it has slow internet/browser speeds ( the laptop is brand new) and when I google it says that I have malware and requests human Identification. Since I have Norton, Malwarebytes and Microsoft security essencials installed, I'm not quite sure were is the problem. The DDS and Attach files are included.

Thank you for your help,
MIke.

Attached Files

DDS.txt 32.23K 4 downloads
Attach.txt 5.23K 3 downloads

#2
Elise

Posted 30 April 2012 - 03:39 AM

Forum Deity

Experts
8,720 posts

Gender:Female
Location:Romania

Hello and

TWO ANTIVIRUS PROGRAMS
---------------------------------------
I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:

False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.

Therefore please go to add/remove in the control panel and remove either Norton or MS Security Essentials.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
Vista/Windows 7 users right-click and select Run As Administrator.
If TDSSKiller does not run, try renaming it.
To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
Click the Start Scan button.
Do not use the computer during the scan
If the scan completes with nothing found, click Close to exit.
If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
Copy and paste the contents of that file in your next reply.

regards, Elise

If I am helping you and I haven't replied within 24 hours, please feel free to send me a PM.

#3
Mike12345

Posted 30 April 2012 - 08:18 AM

New Member

Members
8 posts

As asked, here's the TDSSKiller logs. No malicous object were found, norton was uninstalled ( it had only few days left anyways) and after trying to google, it still talks about malware.

Best regards,
Mike.

The log:

21:06:12.0394 5424 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43
21:06:13.0170 5424 ============================================================
21:06:13.0170 5424 Current date / time: 2012/04/30 21:06:13.0170
21:06:13.0170 5424 SystemInfo:
21:06:13.0170 5424
21:06:13.0170 5424 OS Version: 6.1.7601 ServicePack: 1.0
21:06:13.0170 5424 Product type: Workstation
21:06:13.0170 5424 ComputerName: USER-MSI
21:06:13.0170 5424 UserName: user
21:06:13.0170 5424 Windows directory: C:\windows
21:06:13.0170 5424 System windows directory: C:\windows
21:06:13.0170 5424 Running under WOW64
21:06:13.0170 5424 Processor architecture: Intel x64
21:06:13.0170 5424 Number of processors: 8
21:06:13.0170 5424 Page size: 0x1000
21:06:13.0170 5424 Boot type: Normal boot
21:06:13.0170 5424 ============================================================
21:06:13.0800 5424 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:06:13.0823 5424 Drive \Device\Harddisk1\DR4 - Size: 0xE8E0B00000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB00, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:06:13.0827 5424 ============================================================
21:06:13.0827 5424 \Device\Harddisk0\DR0:
21:06:13.0827 5424 MBR partitions:
21:06:13.0828 5424 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1478000, BlocksNum 0xC34B000
21:06:13.0843 5424 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xD7C3800, BlocksNum 0x49D82000
21:06:13.0843 5424 \Device\Harddisk1\DR4:
21:06:13.0844 5424 MBR partitions:
21:06:13.0844 5424 \Device\Harddisk1\DR4\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705000
21:06:13.0844 5424 ============================================================
21:06:13.0876 5424 C: <-> \Device\Harddisk0\DR0\Partition0
21:06:13.0914 5424 D: <-> \Device\Harddisk0\DR0\Partition1
21:06:13.0946 5424 G: <-> \Device\Harddisk1\DR4\Partition0
21:06:13.0946 5424 ============================================================
21:06:13.0946 5424 Initialize success
21:06:13.0946 5424 ============================================================
21:10:16.0296 4244 ============================================================
21:10:16.0296 4244 Scan started
21:10:16.0296 4244 Mode: Manual;
21:10:16.0296 4244 ============================================================
21:10:16.0683 4244 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys
21:10:16.0690 4244 1394ohci - ok
21:10:16.0752 4244 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys
21:10:16.0760 4244 ACPI - ok
21:10:16.0804 4244 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys
21:10:16.0806 4244 AcpiPmi - ok
21:10:16.0952 4244 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:10:16.0957 4244 AdobeFlashPlayerUpdateSvc - ok
21:10:17.0040 4244 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\drivers\adp94xx.sys
21:10:17.0051 4244 adp94xx - ok
21:10:17.0139 4244 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\drivers\adpahci.sys
21:10:17.0148 4244 adpahci - ok
21:10:17.0178 4244 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\drivers\adpu320.sys
21:10:17.0183 4244 adpu320 - ok
21:10:17.0221 4244 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll
21:10:17.0223 4244 AeLookupSvc - ok
21:10:17.0301 4244 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys
21:10:17.0312 4244 AFD - ok
21:10:17.0350 4244 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys
21:10:17.0353 4244 agp440 - ok
21:10:17.0395 4244 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe
21:10:17.0398 4244 ALG - ok
21:10:17.0420 4244 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys
21:10:17.0422 4244 aliide - ok
21:10:17.0446 4244 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys
21:10:17.0448 4244 amdide - ok
21:10:17.0480 4244 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\drivers\amdk8.sys
21:10:17.0483 4244 AmdK8 - ok
21:10:17.0518 4244 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\drivers\amdppm.sys
21:10:17.0521 4244 AmdPPM - ok
21:10:17.0563 4244 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys
21:10:17.0566 4244 amdsata - ok
21:10:17.0602 4244 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\drivers\amdsbs.sys
21:10:17.0607 4244 amdsbs - ok
21:10:17.0627 4244 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys
21:10:17.0629 4244 amdxata - ok
21:10:17.0699 4244 AMPPAL (9921e78bc29634235f4bf5809e7e8cde) C:\windows\system32\DRIVERS\AMPPAL.sys
21:10:17.0706 4244 AMPPAL - ok
21:10:17.0715 4244 AMPPALP (9921e78bc29634235f4bf5809e7e8cde) C:\windows\system32\DRIVERS\amppal.sys
21:10:17.0719 4244 AMPPALP - ok
21:10:17.0893 4244 AMPPALR3 (83a0e7ba4ae616d3654e700d9c5ff9db) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
21:10:17.0910 4244 AMPPALR3 - ok
21:10:18.0059 4244 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys
21:10:18.0061 4244 AppID - ok
21:10:18.0097 4244 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll
21:10:18.0099 4244 AppIDSvc - ok
21:10:18.0143 4244 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll
21:10:18.0145 4244 Appinfo - ok
21:10:18.0183 4244 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\drivers\arc.sys
21:10:18.0185 4244 arc - ok
21:10:18.0216 4244 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\drivers\arcsas.sys
21:10:18.0218 4244 arcsas - ok
21:10:18.0237 4244 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
21:10:18.0239 4244 AsyncMac - ok
21:10:18.0279 4244 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys
21:10:18.0281 4244 atapi - ok
21:10:18.0398 4244 athr (e857eee6b92aaa473ebb3465add8f7e7) C:\windows\system32\DRIVERS\athrx.sys
21:10:18.0419 4244 athr - ok
21:10:18.0612 4244 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
21:10:18.0625 4244 AudioEndpointBuilder - ok
21:10:18.0638 4244 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll
21:10:18.0643 4244 AudioSrv - ok
21:10:18.0681 4244 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll
21:10:18.0683 4244 AxInstSV - ok
21:10:18.0777 4244 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\drivers\bxvbda.sys
21:10:18.0789 4244 b06bdrv - ok
21:10:18.0852 4244 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
21:10:18.0858 4244 b57nd60a - ok
21:10:18.0905 4244 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll
21:10:18.0908 4244 BDESVC - ok
21:10:18.0941 4244 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
21:10:18.0943 4244 Beep - ok
21:10:19.0028 4244 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll
21:10:19.0040 4244 BFE - ok
21:10:19.0140 4244 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\System32\qmgr.dll
21:10:19.0155 4244 BITS - ok
21:10:19.0208 4244 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\drivers\blbdrive.sys
21:10:19.0210 4244 blbdrive - ok
21:10:19.0356 4244 Bluetooth Device Monitor (55b0c8441de7d91a819a39d0351154a2) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
21:10:19.0364 4244 Bluetooth Device Monitor - ok
21:10:19.0460 4244 Bluetooth Media Service (7e262330df0c4be4ece853b59b9cbe4c) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
21:10:19.0471 4244 Bluetooth Media Service - ok
21:10:19.0560 4244 Bluetooth OBEX Service (8bf4b9956e13871a88a3810074e2e110) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
21:10:19.0565 4244 Bluetooth OBEX Service - ok
21:10:19.0755 4244 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys
21:10:19.0759 4244 bowser - ok
21:10:19.0809 4244 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\drivers\BrFiltLo.sys
21:10:19.0811 4244 BrFiltLo - ok
21:10:19.0818 4244 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\drivers\BrFiltUp.sys
21:10:19.0821 4244 BrFiltUp - ok
21:10:19.0860 4244 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll
21:10:19.0863 4244 Browser - ok
21:10:19.0919 4244 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
21:10:19.0926 4244 Brserid - ok
21:10:19.0935 4244 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
21:10:19.0937 4244 BrSerWdm - ok
21:10:19.0943 4244 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
21:10:19.0945 4244 BrUsbMdm - ok
21:10:19.0951 4244 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
21:10:19.0953 4244 BrUsbSer - ok
21:10:19.0988 4244 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\windows\system32\DRIVERS\BthEnum.sys
21:10:19.0991 4244 BthEnum - ok
21:10:20.0005 4244 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\drivers\bthmodem.sys
21:10:20.0008 4244 BTHMODEM - ok
21:10:20.0034 4244 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\windows\system32\DRIVERS\bthpan.sys
21:10:20.0037 4244 BthPan - ok
21:10:20.0109 4244 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\windows\system32\Drivers\BTHport.sys
21:10:20.0121 4244 BTHPORT - ok
21:10:20.0183 4244 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll
21:10:20.0186 4244 bthserv - ok
21:10:20.0263 4244 BTHSSecurityMgr (a5b3e8b2b78c7b3da56a0de490e6718c) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
21:10:20.0267 4244 BTHSSecurityMgr - ok
21:10:20.0296 4244 BTHUSB (f188b7394d81010767b6df3178519a37) C:\windows\system32\Drivers\BTHUSB.sys
21:10:20.0299 4244 BTHUSB - ok
21:10:20.0335 4244 btmaux (270fba230e78e25726d065a924589a72) C:\windows\system32\DRIVERS\btmaux.sys
21:10:20.0338 4244 btmaux - ok
21:10:20.0380 4244 btmhsf (0010a54571f525a97eed8c091e96eaa9) C:\windows\system32\DRIVERS\btmhsf.sys
21:10:20.0387 4244 btmhsf - ok
21:10:20.0431 4244 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
21:10:20.0434 4244 cdfs - ok
21:10:20.0488 4244 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys
21:10:20.0493 4244 cdrom - ok
21:10:20.0531 4244 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
21:10:20.0534 4244 CertPropSvc - ok
21:10:20.0584 4244 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\drivers\circlass.sys
21:10:20.0587 4244 circlass - ok
21:10:20.0643 4244 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
21:10:20.0647 4244 CLFS - ok
21:10:20.0731 4244 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:10:20.0735 4244 clr_optimization_v2.0.50727_32 - ok
21:10:20.0806 4244 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:10:20.0810 4244 clr_optimization_v2.0.50727_64 - ok
21:10:20.0886 4244 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:10:20.0890 4244 clr_optimization_v4.0.30319_32 - ok
21:10:20.0941 4244 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:10:20.0945 4244 clr_optimization_v4.0.30319_64 - ok
21:10:20.0979 4244 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\drivers\CmBatt.sys
21:10:20.0981 4244 CmBatt - ok
21:10:21.0011 4244 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys
21:10:21.0013 4244 cmdide - ok
21:10:21.0089 4244 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys
21:10:21.0101 4244 CNG - ok
21:10:21.0156 4244 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\drivers\compbatt.sys
21:10:21.0159 4244 Compbatt - ok
21:10:21.0195 4244 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\drivers\CompositeBus.sys
21:10:21.0198 4244 CompositeBus - ok
21:10:21.0213 4244 COMSysApp - ok
21:10:21.0251 4244 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\drivers\crcdisk.sys
21:10:21.0252 4244 crcdisk - ok
21:10:21.0299 4244 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\windows\system32\cryptsvc.dll
21:10:21.0301 4244 CryptSvc - ok
21:10:21.0413 4244 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
21:10:21.0417 4244 cvhsvc - ok
21:10:21.0478 4244 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
21:10:21.0485 4244 DcomLaunch - ok
21:10:21.0555 4244 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll
21:10:21.0564 4244 defragsvc - ok
21:10:21.0619 4244 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys
21:10:21.0623 4244 DfsC - ok
21:10:21.0700 4244 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll
21:10:21.0708 4244 Dhcp - ok
21:10:21.0721 4244 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
21:10:21.0724 4244 discache - ok
21:10:21.0761 4244 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\drivers\disk.sys
21:10:21.0763 4244 Disk - ok
21:10:21.0798 4244 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll
21:10:21.0802 4244 Dnscache - ok
21:10:21.0842 4244 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll
21:10:21.0846 4244 dot3svc - ok
21:10:21.0877 4244 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll
21:10:21.0881 4244 DPS - ok
21:10:21.0913 4244 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
21:10:21.0914 4244 drmkaud - ok
21:10:21.0970 4244 dtsoftbus01 (46571ed73ae84469dca53081d33cf3c8) C:\windows\system32\DRIVERS\dtsoftbus01.sys
21:10:21.0973 4244 dtsoftbus01 - ok
21:10:22.0070 4244 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys
21:10:22.0086 4244 DXGKrnl - ok
21:10:22.0134 4244 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll
21:10:22.0138 4244 EapHost - ok
21:10:22.0411 4244 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\drivers\evbda.sys
21:10:22.0443 4244 ebdrv - ok
21:10:22.0569 4244 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe
21:10:22.0572 4244 EFS - ok
21:10:22.0751 4244 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe
21:10:22.0765 4244 ehRecvr - ok
21:10:22.0818 4244 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe
21:10:22.0823 4244 ehSched - ok
21:10:22.0917 4244 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\drivers\elxstor.sys
21:10:22.0928 4244 elxstor - ok
21:10:22.0947 4244 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys
21:10:22.0949 4244 ErrDev - ok
21:10:23.0031 4244 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll
21:10:23.0040 4244 EventSystem - ok
21:10:23.0090 4244 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
21:10:23.0095 4244 exfat - ok
21:10:23.0128 4244 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
21:10:23.0133 4244 fastfat - ok
21:10:23.0216 4244 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe
21:10:23.0224 4244 Fax - ok
21:10:23.0248 4244 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\drivers\fdc.sys
21:10:23.0249 4244 fdc - ok
21:10:23.0277 4244 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll
21:10:23.0279 4244 fdPHost - ok
21:10:23.0289 4244 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll
21:10:23.0290 4244 FDResPub - ok
21:10:23.0320 4244 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
21:10:23.0322 4244 FileInfo - ok
21:10:23.0350 4244 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
21:10:23.0351 4244 Filetrace - ok
21:10:23.0384 4244 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\drivers\flpydisk.sys
21:10:23.0385 4244 flpydisk - ok
21:10:23.0418 4244 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys
21:10:23.0421 4244 FltMgr - ok
21:10:23.0525 4244 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll
21:10:23.0540 4244 FontCache - ok
21:10:23.0615 4244 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:10:23.0617 4244 FontCache3.0.0.0 - ok
21:10:23.0675 4244 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
21:10:23.0678 4244 FsDepends - ok
21:10:23.0714 4244 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\windows\system32\drivers\Fs_Rec.sys
21:10:23.0717 4244 Fs_Rec - ok
21:10:23.0774 4244 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys
21:10:23.0780 4244 fvevol - ok
21:10:23.0805 4244 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\drivers\gagp30kx.sys
21:10:23.0808 4244 gagp30kx - ok
21:10:23.0908 4244 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll
21:10:23.0923 4244 gpsvc - ok
21:10:23.0999 4244 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
21:10:24.0001 4244 gusvc - ok
21:10:24.0024 4244 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
21:10:24.0025 4244 hcw85cir - ok
21:10:24.0083 4244 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys
21:10:24.0091 4244 HdAudAddService - ok
21:10:24.0167 4244 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\drivers\HDAudBus.sys
21:10:24.0170 4244 HDAudBus - ok
21:10:24.0205 4244 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\drivers\HidBatt.sys
21:10:24.0208 4244 HidBatt - ok
21:10:24.0235 4244 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\drivers\hidbth.sys
21:10:24.0237 4244 HidBth - ok
21:10:24.0252 4244 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\drivers\hidir.sys
21:10:24.0255 4244 HidIr - ok
21:10:24.0282 4244 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\system32\hidserv.dll
21:10:24.0285 4244 hidserv - ok
21:10:24.0331 4244 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys
21:10:24.0333 4244 HidUsb - ok
21:10:24.0385 4244 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll
21:10:24.0389 4244 hkmsvc - ok
21:10:24.0427 4244 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll
21:10:24.0433 4244 HomeGroupListener - ok
21:10:24.0482 4244 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll
21:10:24.0489 4244 HomeGroupProvider - ok
21:10:24.0508 4244 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys
21:10:24.0511 4244 HpSAMD - ok
21:10:24.0601 4244 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys
21:10:24.0610 4244 HTTP - ok
21:10:24.0620 4244 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys
21:10:24.0621 4244 hwpolicy - ok
21:10:24.0662 4244 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\drivers\i8042prt.sys
21:10:24.0664 4244 i8042prt - ok
21:10:24.0716 4244 iaStor (d469b77687e12fe43e344806740b624d) C:\windows\system32\drivers\iaStor.sys
21:10:24.0719 4244 iaStor - ok
21:10:24.0785 4244 IAStorDataMgrSvc (983fc69644ddf0486c8dfea262948d1a) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
21:10:24.0788 4244 IAStorDataMgrSvc - ok
21:10:24.0863 4244 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys
21:10:24.0871 4244 iaStorV - ok
21:10:24.0900 4244 iBtFltCoex (de9e40baee2e48fd1e3eb423074c014c) C:\windows\system32\DRIVERS\iBtFltCoex.sys
21:10:24.0901 4244 iBtFltCoex - ok
21:10:25.0024 4244 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:10:25.0033 4244 idsvc - ok
21:10:25.0087 4244 IDSVia64 - ok
21:10:25.0787 4244 igfx (6383899c5f964d71b0f96b81fbe59bb8) C:\windows\system32\DRIVERS\igdkmd64.sys
21:10:25.0977 4244 igfx - ok
21:10:26.0120 4244 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\drivers\iirsp.sys
21:10:26.0122 4244 iirsp - ok
21:10:26.0231 4244 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll
21:10:26.0246 4244 IKEEXT - ok
21:10:26.0530 4244 IntcAzAudAddService (c15a21b1e2291952424f361093734f95) C:\windows\system32\drivers\RTKVHD64.sys
21:10:26.0561 4244 IntcAzAudAddService - ok
21:10:26.0723 4244 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\windows\system32\DRIVERS\IntcDAud.sys
21:10:26.0732 4244 IntcDAud - ok
21:10:26.0750 4244 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys
21:10:26.0752 4244 intelide - ok
21:10:26.0778 4244 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\drivers\intelppm.sys
21:10:26.0780 4244 intelppm - ok
21:10:26.0826 4244 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll
21:10:26.0829 4244 IPBusEnum - ok
21:10:26.0872 4244 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys
21:10:26.0875 4244 IpFilterDriver - ok
21:10:26.0965 4244 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll
21:10:26.0979 4244 iphlpsvc - ok
21:10:26.0995 4244 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys
21:10:26.0996 4244 IPMIDRV - ok
21:10:27.0010 4244 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
21:10:27.0012 4244 IPNAT - ok
21:10:27.0049 4244 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
21:10:27.0050 4244 IRENUM - ok
21:10:27.0065 4244 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys
21:10:27.0066 4244 isapnp - ok
21:10:27.0112 4244 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys
21:10:27.0119 4244 iScsiPrt - ok
21:10:27.0137 4244 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
21:10:27.0138 4244 kbdclass - ok
21:10:27.0176 4244 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\DRIVERS\kbdhid.sys
21:10:27.0178 4244 kbdhid - ok
21:10:27.0213 4244 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
21:10:27.0214 4244 KeyIso - ok
21:10:27.0231 4244 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys
21:10:27.0233 4244 KSecDD - ok
21:10:27.0262 4244 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys
21:10:27.0265 4244 KSecPkg - ok
21:10:27.0286 4244 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
21:10:27.0287 4244 ksthunk - ok
21:10:27.0339 4244 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll
21:10:27.0346 4244 KtmRm - ok
21:10:27.0425 4244 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\system32\srvsvc.dll
21:10:27.0432 4244 LanmanServer - ok
21:10:27.0462 4244 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll
21:10:27.0466 4244 LanmanWorkstation - ok
21:10:27.0500 4244 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
21:10:27.0502 4244 lltdio - ok
21:10:27.0557 4244 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll
21:10:27.0563 4244 lltdsvc - ok
21:10:27.0589 4244 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll
21:10:27.0592 4244 lmhosts - ok
21:10:27.0686 4244 LMS (1584deeae5aa0e3fb045f3d0eac585ea) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
21:10:27.0690 4244 LMS - ok
21:10:27.0717 4244 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\drivers\lsi_fc.sys
21:10:27.0719 4244 LSI_FC - ok
21:10:27.0749 4244 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\drivers\lsi_sas.sys
21:10:27.0751 4244 LSI_SAS - ok
21:10:27.0776 4244 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\drivers\lsi_sas2.sys
21:10:27.0777 4244 LSI_SAS2 - ok
21:10:27.0811 4244 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\drivers\lsi_scsi.sys
21:10:27.0815 4244 LSI_SCSI - ok
21:10:27.0843 4244 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
21:10:27.0846 4244 luafv - ok
21:10:27.0888 4244 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\windows\system32\drivers\mbam.sys
21:10:27.0889 4244 MBAMProtector - ok
21:10:28.0011 4244 MBAMService (ba400ed640bca1eae5c727ae17c10207) D:\Programs\Malwarebytes' Anti-Malware\mbamservice.exe
21:10:28.0023 4244 MBAMService - ok
21:10:28.0063 4244 MBfilt (8ff2d95cba49b405c5de27039ff0bf35) C:\windows\system32\drivers\MBfilt64.sys
21:10:28.0066 4244 MBfilt - ok
21:10:28.0103 4244 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll
21:10:28.0106 4244 Mcx2Svc - ok
21:10:28.0147 4244 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\drivers\megasas.sys
21:10:28.0149 4244 megasas - ok
21:10:28.0254 4244 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\drivers\MegaSR.sys
21:10:28.0261 4244 MegaSR - ok
21:10:28.0314 4244 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\windows\system32\drivers\HECIx64.sys
21:10:28.0317 4244 MEIx64 - ok
21:10:28.0371 4244 MGHwCtrl - ok
21:10:28.0465 4244 Micro Star SCM (71c6748ee8de938532057ef10b4b7e44) C:\Program Files (x86)\S-Bar\MSIService.exe
21:10:28.0531 4244 Micro Star SCM - ok
21:10:28.0560 4244 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
21:10:28.0562 4244 MMCSS - ok
21:10:28.0579 4244 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
21:10:28.0580 4244 Modem - ok
21:10:28.0614 4244 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
21:10:28.0616 4244 monitor - ok
21:10:28.0640 4244 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
21:10:28.0642 4244 mouclass - ok
21:10:28.0679 4244 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
21:10:28.0681 4244 mouhid - ok
21:10:28.0708 4244 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys
21:10:28.0711 4244 mountmgr - ok
21:10:28.0755 4244 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:10:28.0758 4244 MozillaMaintenance - ok
21:10:28.0821 4244 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\windows\system32\DRIVERS\MpFilter.sys
21:10:28.0826 4244 MpFilter - ok
21:10:28.0876 4244 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys
21:10:28.0881 4244 mpio - ok
21:10:28.0902 4244 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
21:10:28.0905 4244 mpsdrv - ok
21:10:28.0995 4244 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll
21:10:29.0011 4244 MpsSvc - ok
21:10:29.0041 4244 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys
21:10:29.0043 4244 MRxDAV - ok
21:10:29.0071 4244 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys
21:10:29.0075 4244 mrxsmb - ok
21:10:29.0115 4244 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys
21:10:29.0120 4244 mrxsmb10 - ok
21:10:29.0151 4244 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys
21:10:29.0154 4244 mrxsmb20 - ok
21:10:29.0165 4244 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys
21:10:29.0167 4244 msahci - ok
21:10:29.0191 4244 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys
21:10:29.0194 4244 msdsm - ok
21:10:29.0230 4244 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe
21:10:29.0234 4244 MSDTC - ok
21:10:29.0256 4244 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
21:10:29.0258 4244 Msfs - ok
21:10:29.0280 4244 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
21:10:29.0282 4244 mshidkmdf - ok
21:10:29.0335 4244 MSI Foundation Service (87b9daf6d123ec06c19b41d5295441ad) C:\Program Files (x86)\MSI\MSI HOUSE\MSIFoundationService.exe
21:10:29.0359 4244 MSI Foundation Service - ok
21:10:29.0377 4244 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys
21:10:29.0379 4244 msisadrv - ok
21:10:29.0435 4244 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll
21:10:29.0441 4244 MSiSCSI - ok
21:10:29.0447 4244 msiserver - ok
21:10:29.0509 4244 MSI_MSIBIOS_010507 (192476c10371dc83243d67432b2cdcbf) C:\Program Files (x86)\MSI\Live Update 5\msibios64_100507.sys
21:10:29.0528 4244 MSI_MSIBIOS_010507 - ok
21:10:29.0554 4244 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
21:10:29.0557 4244 MSKSSRV - ok
21:10:29.0637 4244 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) C:\Program Files\Microsoft Security Client\MsMpEng.exe
21:10:29.0638 4244 MsMpSvc - ok
21:10:29.0688 4244 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
21:10:29.0691 4244 MSPCLOCK - ok
21:10:29.0698 4244 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
21:10:29.0701 4244 MSPQM - ok
21:10:29.0800 4244 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys
21:10:29.0809 4244 MsRPC - ok
21:10:29.0837 4244 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\drivers\mssmbios.sys
21:10:29.0838 4244 mssmbios - ok
21:10:29.0865 4244 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
21:10:29.0868 4244 MSTEE - ok
21:10:29.0876 4244 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\drivers\MTConfig.sys
21:10:29.0879 4244 MTConfig - ok
21:10:29.0909 4244 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
21:10:29.0912 4244 Mup - ok
21:10:29.0984 4244 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll
21:10:29.0998 4244 napagent - ok
21:10:30.0071 4244 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
21:10:30.0080 4244 NativeWifiP - ok
21:10:30.0215 4244 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\windows\system32\drivers\ndis.sys
21:10:30.0236 4244 NDIS - ok
21:10:30.0262 4244 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
21:10:30.0264 4244 NdisCap - ok
21:10:30.0309 4244 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
21:10:30.0312 4244 NdisTapi - ok
21:10:30.0328 4244 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys
21:10:30.0331 4244 Ndisuio - ok
21:10:30.0361 4244 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys
21:10:30.0366 4244 NdisWan - ok
21:10:30.0384 4244 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys
21:10:30.0387 4244 NDProxy - ok
21:10:30.0435 4244 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
21:10:30.0438 4244 NetBIOS - ok
21:10:30.0476 4244 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys
21:10:30.0482 4244 NetBT - ok
21:10:30.0526 4244 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
21:10:30.0529 4244 Netlogon - ok
21:10:30.0601 4244 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll
21:10:30.0611 4244 Netman - ok
21:10:30.0664 4244 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll
21:10:30.0677 4244 netprofm - ok
21:10:30.0776 4244 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:10:30.0781 4244 NetTcpPortSharing - ok
21:10:31.0511 4244 NETwNs64 (ac69618de5bcce8747c9ab0aae1003c1) C:\windows\system32\DRIVERS\NETwNs64.sys
21:10:31.0699 4244 NETwNs64 - ok
21:10:31.0829 4244 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\drivers\nfrd960.sys
21:10:31.0832 4244 nfrd960 - ok
21:10:31.0876 4244 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\windows\system32\DRIVERS\NisDrvWFP.sys
21:10:31.0879 4244 NisDrv - ok
21:10:31.0980 4244 NisSrv (10a43829a9e606af3eef25a1c1665923) C:\Program Files\Microsoft Security Client\NisSrv.exe
21:10:31.0987 4244 NisSrv - ok
21:10:32.0058 4244 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll
21:10:32.0068 4244 NlaSvc - ok
21:10:32.0130 4244 NOBU - ok
21:10:32.0162 4244 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
21:10:32.0164 4244 Npfs - ok
21:10:32.0197 4244 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll
21:10:32.0201 4244 nsi - ok
21:10:32.0226 4244 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
21:10:32.0228 4244 nsiproxy - ok
21:10:32.0386 4244 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys
21:10:32.0415 4244 Ntfs - ok
21:10:32.0494 4244 NTIOLib_1_0_4 (1b32c54b95121ab1683c7b83b2db4b96) C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys
21:10:32.0513 4244 NTIOLib_1_0_4 - ok
21:10:32.0647 4244 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
21:10:32.0650 4244 Null - ok
21:10:32.0682 4244 nusb3hub (01266516e6e88d183a2b58722eeb4443) C:\windows\system32\drivers\nusb3hub.sys
21:10:32.0686 4244 nusb3hub - ok
21:10:32.0721 4244 nusb3xhc (5ec04f55cc5f165f21752712437df638) C:\windows\system32\drivers\nusb3xhc.sys
21:10:32.0725 4244 nusb3xhc - ok
21:10:33.0780 4244 nvlddmkm (6b21520df0fe87df756ee4ee708f8461) C:\windows\system32\DRIVERS\nvlddmkm.sys
21:10:34.0048 4244 nvlddmkm - ok
21:10:34.0193 4244 nvpciflt (0eb18a2d6386be62afbf6bcfb5e0f0ec) C:\windows\system32\DRIVERS\nvpciflt.sys
21:10:34.0195 4244 nvpciflt - ok
21:10:34.0246 4244 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys
21:10:34.0250 4244 nvraid - ok
21:10:34.0281 4244 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys
21:10:34.0285 4244 nvstor - ok
21:10:34.0480 4244 nvsvc (5267b45236cb793df315bec491325b75) C:\windows\system32\nvvsvc.exe
21:10:34.0499 4244 nvsvc - ok
21:10:34.0774 4244 nvUpdatusService (bb7cb13633feb42130c897cdbbda273f) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
21:10:34.0791 4244 nvUpdatusService - ok
21:10:34.0928 4244 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys
21:10:34.0932 4244 nv_agp - ok
21:10:34.0944 4244 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys
21:10:34.0947 4244 ohci1394 - ok
21:10:35.0026 4244 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:10:35.0030 4244 ose - ok
21:10:35.0472 4244 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:10:35.0494 4244 osppsvc - ok
21:10:35.0633 4244 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
21:10:35.0642 4244 p2pimsvc - ok
21:10:35.0698 4244 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll
21:10:35.0706 4244 p2psvc - ok
21:10:35.0769 4244 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\drivers\parport.sys
21:10:35.0773 4244 Parport - ok
21:10:35.0796 4244 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\windows\system32\drivers\partmgr.sys
21:10:35.0800 4244 partmgr - ok
21:10:35.0841 4244 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll
21:10:35.0847 4244 PcaSvc - ok
21:10:35.0888 4244 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys
21:10:35.0892 4244 pci - ok
21:10:35.0909 4244 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys
21:10:35.0911 4244 pciide - ok
21:10:35.0948 4244 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\drivers\pcmcia.sys
21:10:35.0953 4244 pcmcia - ok
21:10:35.0980 4244 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
21:10:35.0983 4244 pcw - ok
21:10:36.0049 4244 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
21:10:36.0062 4244 PEAUTH - ok
21:10:36.0160 4244 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe
21:10:36.0164 4244 PerfHost - ok
21:10:36.0320 4244 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll
21:10:36.0343 4244 pla - ok
21:10:36.0407 4244 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll
21:10:36.0419 4244 PlugPlay - ok
21:10:36.0448 4244 PnkBstrA - ok
21:10:36.0485 4244 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll
21:10:36.0491 4244 PNRPAutoReg - ok
21:10:36.0546 4244 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll
21:10:36.0553 4244 PNRPsvc - ok
21:10:36.0631 4244 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll
21:10:36.0641 4244 PolicyAgent - ok
21:10:36.0677 4244 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll
21:10:36.0683 4244 Power - ok
21:10:36.0746 4244 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys
21:10:36.0749 4244 PptpMiniport - ok
21:10:36.0773 4244 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\drivers\processr.sys
21:10:36.0775 4244 Processor - ok
21:10:36.0819 4244 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\windows\system32\profsvc.dll
21:10:36.0825 4244 ProfSvc - ok
21:10:36.0858 4244 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
21:10:36.0860 4244 ProtectedStorage - ok
21:10:36.0918 4244 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys
21:10:36.0922 4244 Psched - ok
21:10:36.0988 4244 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\windows\system32\Drivers\PxHlpa64.sys
21:10:36.0991 4244 PxHlpa64 - ok
21:10:37.0139 4244 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\drivers\ql2300.sys
21:10:37.0158 4244 ql2300 - ok
21:10:37.0300 4244 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\drivers\ql40xx.sys
21:10:37.0305 4244 ql40xx - ok
21:10:37.0354 4244 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll
21:10:37.0363 4244 QWAVE - ok
21:10:37.0381 4244 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
21:10:37.0384 4244 QWAVEdrv - ok
21:10:37.0411 4244 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
21:10:37.0414 4244 RasAcd - ok
21:10:37.0450 4244 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
21:10:37.0453 4244 RasAgileVpn - ok
21:10:37.0490 4244 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll
21:10:37.0496 4244 RasAuto - ok
21:10:37.0524 4244 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys
21:10:37.0528 4244 Rasl2tp - ok
21:10:37.0580 4244 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll
21:10:37.0590 4244 RasMan - ok
21:10:37.0638 4244 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
21:10:37.0641 4244 RasPppoe - ok
21:10:37.0665 4244 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
21:10:37.0668 4244 RasSstp - ok
21:10:37.0713 4244 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys
21:10:37.0720 4244 rdbss - ok
21:10:37.0751 4244 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\drivers\rdpbus.sys
21:10:37.0753 4244 rdpbus - ok
21:10:37.0781 4244 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
21:10:37.0783 4244 RDPCDD - ok
21:10:37.0801 4244 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
21:10:37.0803 4244 RDPENCDD - ok
21:10:37.0820 4244 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
21:10:37.0822 4244 RDPREFMP - ok
21:10:37.0869 4244 RDPWD (6d76e6433574b058adcb0c50df834492) C:\windows\system32\drivers\RDPWD.sys
21:10:37.0875 4244 RDPWD - ok
21:10:37.0944 4244 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys
21:10:37.0950 4244 rdyboost - ok
21:10:37.0985 4244 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll
21:10:37.0990 4244 RemoteAccess - ok
21:10:38.0041 4244 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll
21:10:38.0048 4244 RemoteRegistry - ok
21:10:38.0093 4244 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\windows\system32\DRIVERS\rfcomm.sys
21:10:38.0097 4244 RFCOMM - ok
21:10:38.0127 4244 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll
21:10:38.0130 4244 RpcEptMapper - ok
21:10:38.0160 4244 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe
21:10:38.0163 4244 RpcLocator - ok
21:10:38.0235 4244 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll
21:10:38.0247 4244 RpcSs - ok
21:10:38.0288 4244 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
21:10:38.0292 4244 rspndr - ok
21:10:38.0358 4244 RSUSBVSTOR (ce0a1d8a59410e698140821e4e69da0d) C:\windows\System32\Drivers\RtsUVStor.sys
21:10:38.0365 4244 RSUSBVSTOR - ok
21:10:38.0424 4244 RTL8167 (16d4e350420baa7e63e16e3fc033e1f5) C:\windows\system32\DRIVERS\Rt64win7.sys
21:10:38.0432 4244 RTL8167 - ok
21:10:38.0470 4244 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
21:10:38.0473 4244 SamSs - ok
21:10:38.0513 4244 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys
21:10:38.0516 4244 sbp2port - ok
21:10:38.0562 4244 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll
21:10:38.0570 4244 SCardSvr - ok
21:10:38.0585 4244 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys
21:10:38.0588 4244 scfilter - ok
21:10:38.0700 4244 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll
21:10:38.0719 4244 Schedule - ok
21:10:38.0811 4244 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll
21:10:38.0814 4244 SCPolicySvc - ok
21:10:38.0860 4244 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll
21:10:38.0867 4244 SDRSVC - ok
21:10:38.0929 4244 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
21:10:38.0932 4244 secdrv - ok
21:10:38.0963 4244 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll
21:10:38.0968 4244 seclogon - ok
21:10:38.0988 4244 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\System32\sens.dll
21:10:38.0993 4244 SENS - ok
21:10:39.0028 4244 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll
21:10:39.0034 4244 SensrSvc - ok
21:10:39.0067 4244 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\drivers\serenum.sys
21:10:39.0070 4244 Serenum - ok
21:10:39.0098 4244 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\drivers\serial.sys
21:10:39.0102 4244 Serial - ok
21:10:39.0126 4244 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\drivers\sermouse.sys
21:10:39.0128 4244 sermouse - ok
21:10:39.0170 4244 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll
21:10:39.0174 4244 SessionEnv - ok
21:10:39.0191 4244 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys
21:10:39.0193 4244 sffdisk - ok
21:10:39.0209 4244 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys
21:10:39.0210 4244 sffp_mmc - ok
21:10:39.0215 4244 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys
21:10:39.0217 4244 sffp_sd - ok
21:10:39.0222 4244 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\drivers\sfloppy.sys
21:10:39.0224 4244 sfloppy - ok
21:10:39.0295 4244 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\windows\system32\DRIVERS\Sftfslh.sys
21:10:39.0307 4244 Sftfs - ok
21:10:39.0417 4244 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
21:10:39.0428 4244 sftlist - ok
21:10:39.0461 4244 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\windows\system32\DRIVERS\Sftplaylh.sys
21:10:39.0466 4244 Sftplay - ok
21:10:39.0478 4244 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\windows\system32\DRIVERS\Sftredirlh.sys
21:10:39.0480 4244 Sftredir - ok
21:10:39.0507 4244 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\windows\system32\DRIVERS\Sftvollh.sys
21:10:39.0509 4244 Sftvol - ok
21:10:39.0568 4244 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
21:10:39.0574 4244 sftvsa - ok
21:10:39.0672 4244 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll
21:10:39.0682 4244 SharedAccess - ok
21:10:39.0741 4244 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll
21:10:39.0752 4244 ShellHWDetection - ok
21:10:39.0790 4244 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\drivers\SiSRaid2.sys
21:10:39.0793 4244 SiSRaid2 - ok
21:10:39.0814 4244 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\drivers\sisraid4.sys
21:10:39.0818 4244 SiSRaid4 - ok
21:10:39.0857 4244 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe
21:10:39.0861 4244 SkypeUpdate - ok
21:10:39.0904 4244 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
21:10:39.0907 4244 Smb - ok
21:10:39.0949 4244 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe
21:10:39.0954 4244 SNMPTRAP - ok
21:10:39.0990 4244 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
21:10:39.0992 4244 spldr - ok
21:10:40.0073 4244 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe
21:10:40.0088 4244 Spooler - ok
21:10:40.0391 4244 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe
21:10:40.0459 4244 sppsvc - ok
21:10:40.0576 4244 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll
21:10:40.0583 4244 sppuinotify - ok
21:10:40.0618 4244 SRTSPX - ok
21:10:40.0691 4244 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys
21:10:40.0700 4244 srv - ok
21:10:40.0749 4244 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys
21:10:40.0757 4244 srv2 - ok
21:10:40.0793 4244 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys
21:10:40.0797 4244 srvnet - ok
21:10:40.0850 4244 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll
21:10:40.0857 4244 SSDPSRV - ok
21:10:40.0882 4244 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll
21:10:40.0886 4244 SstpSvc - ok
21:10:40.0936 4244 Steam Client Service - ok
21:10:40.0981 4244 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\drivers\stexstor.sys
21:10:40.0983 4244 stexstor - ok
21:10:41.0074 4244 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll
21:10:41.0088 4244 stisvc - ok
21:10:41.0114 4244 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\drivers\swenum.sys
21:10:41.0116 4244 swenum - ok
21:10:41.0280 4244 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
21:10:41.0290 4244 SwitchBoard - ok
21:10:41.0371 4244 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll
21:10:41.0384 4244 swprv - ok
21:10:41.0397 4244 SymDS - ok
21:10:41.0405 4244 SymEFA - ok
21:10:41.0415 4244 SymEvent - ok
21:10:41.0588 4244 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll
21:10:41.0609 4244 SysMain - ok
21:10:41.0758 4244 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll
21:10:41.0764 4244 TabletInputService - ok
21:10:42.0368 4244 TabletServicePen (5f5ac85de73fd25ad36bf591185ec009) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
21:10:42.0393 4244 TabletServicePen - ok
21:10:42.0528 4244 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll
21:10:42.0539 4244 TapiSrv - ok
21:10:42.0566 4244 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll
21:10:42.0568 4244 TBS - ok
21:10:42.0807 4244 Tcpip (fc62769e7bff2896035aeed399108162) C:\windows\system32\drivers\tcpip.sys
21:10:42.0830 4244 Tcpip - ok
21:10:43.0110 4244 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\windows\system32\DRIVERS\tcpip.sys
21:10:43.0124 4244 TCPIP6 - ok
21:10:43.0268 4244 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys
21:10:43.0271 4244 tcpipreg - ok
21:10:43.0298 4244 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
21:10:43.0301 4244 TDPIPE - ok
21:10:43.0323 4244 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys
21:10:43.0325 4244 TDTCP - ok
21:10:43.0355 4244 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys
21:10:43.0359 4244 tdx - ok
21:10:43.0403 4244 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\drivers\termdd.sys
21:10:43.0406 4244 TermDD - ok
21:10:43.0499 4244 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll
21:10:43.0513 4244 TermService - ok
21:10:43.0529 4244 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll
21:10:43.0533 4244 Themes - ok
21:10:43.0561 4244 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll
21:10:43.0563 4244 THREADORDER - ok
21:10:43.0719 4244 TouchServicePen (7446e9d669a3b747bc4d11a82f69a5ed) C:\Program Files\Tablet\Pen\Pen_TouchService.exe
21:10:43.0725 4244 TouchServicePen - ok
21:10:43.0770 4244 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll
21:10:43.0776 4244 TrkWks - ok
21:10:43.0840 4244 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe
21:10:43.0845 4244 TrustedInstaller - ok
21:10:43.0916 4244 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys
21:10:43.0919 4244 tssecsrv - ok
21:10:43.0940 4244 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys
21:10:43.0943 4244 TsUsbFlt - ok
21:10:43.0952 4244 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\windows\system32\drivers\TsUsbGD.sys
21:10:43.0955 4244 TsUsbGD - ok
21:10:43.0990 4244 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys
21:10:43.0994 4244 tunnel - ok
21:10:44.0028 4244 TurboB (48743b69ea47c020a792d8649f753f44) C:\windows\system32\DRIVERS\TurboB.sys
21:10:44.0048 4244 TurboB - ok
21:10:44.0109 4244 TurboBoost (759f59e3ea3802ff23f93dcdb6fe9171) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
21:10:44.0142 4244 TurboBoost - ok
21:10:44.0180 4244 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\drivers\uagp35.sys
21:10:44.0182 4244 uagp35 - ok
21:10:44.0225 4244 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys
21:10:44.0230 4244 udfs - ok
21:10:44.0257 4244 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe
21:10:44.0260 4244 UI0Detect - ok
21:10:44.0297 4244 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys
21:10:44.0299 4244 uliagpkx - ok
21:10:44.0333 4244 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\DRIVERS\umbus.sys
21:10:44.0335 4244 umbus - ok
21:10:44.0360 4244 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\drivers\umpass.sys
21:10:44.0361 4244 UmPass - ok
21:10:44.0626 4244 UNS (fc43877b4625f6eb773c98233eb625c5) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
21:10:44.0647 4244 UNS - ok
21:10:44.0798 4244 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll
21:10:44.0807 4244 upnphost - ok
21:10:44.0877 4244 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys
21:10:44.0880 4244 usbccgp - ok
21:10:44.0918 4244 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys
21:10:44.0921 4244 usbcir - ok
21:10:44.0952 4244 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\drivers\usbehci.sys
21:10:44.0955 4244 usbehci - ok
21:10:45.0016 4244 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\drivers\usbhub.sys
21:10:45.0024 4244 usbhub - ok
21:10:45.0057 4244 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys
21:10:45.0060 4244 usbohci - ok
21:10:45.0070 4244 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\drivers\usbprint.sys
21:10:45.0073 4244 usbprint - ok
21:10:45.0095 4244 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS
21:10:45.0097 4244 USBSTOR - ok
21:10:45.0122 4244 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys
21:10:45.0125 4244 usbuhci - ok
21:10:45.0171 4244 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys
21:10:45.0176 4244 usbvideo - ok
21:10:45.0207 4244 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll
21:10:45.0211 4244 UxSms - ok
21:10:45.0248 4244 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe
21:10:45.0251 4244 VaultSvc - ok
21:10:45.0280 4244 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys
21:10:45.0283 4244 vdrvroot - ok
21:10:45.0364 4244 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe
21:10:45.0376 4244 vds - ok
21:10:45.0414 4244 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
21:10:45.0416 4244 vga - ok
21:10:45.0441 4244 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
21:10:45.0444 4244 VgaSave - ok
21:10:45.0469 4244 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys
21:10:45.0474 4244 vhdmp - ok
21:10:45.0491 4244 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys
21:10:45.0493 4244 viaide - ok
21:10:45.0522 4244 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys
21:10:45.0525 4244 volmgr - ok
21:10:45.0570 4244 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys
21:10:45.0577 4244 volmgrx - ok
21:10:45.0627 4244 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys
21:10:45.0633 4244 volsnap - ok
21:10:45.0680 4244 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\drivers\vsmraid.sys
21:10:45.0685 4244 vsmraid - ok
21:10:45.0848 4244 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe
21:10:45.0869 4244 VSS - ok
21:10:46.0002 4244 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
21:10:46.0005 4244 vwifibus - ok
21:10:46.0041 4244 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
21:10:46.0044 4244 vwififlt - ok
21:10:46.0100 4244 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll
21:10:46.0111 4244 W32Time - ok
21:10:46.0166 4244 wacmoumonitor (43ce14e1e17da81ea71dfe686805ed07) C:\windows\system32\DRIVERS\wacmoumonitor.sys
21:10:46.0168 4244 wacmoumonitor - ok
21:10:46.0226 4244 wacommousefilter (e04d43c7d1641e95d35cae6086c7e350) C:\windows\system32\DRIVERS\wacommousefilter.sys
21:10:46.0229 4244 wacommousefilter - ok
21:10:46.0274 4244 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\drivers\wacompen.sys
21:10:46.0277 4244 WacomPen - ok
21:10:46.0333 4244 wacomvhid (ec1ceb237e365330c1fcfc4876aa0ac0) C:\windows\system32\DRIVERS\wacomvhid.sys
21:10:46.0336 4244 wacomvhid - ok
21:10:46.0386 4244 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
21:10:46.0389 4244 WANARP - ok
21:10:46.0396 4244 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys
21:10:46.0398 4244 Wanarpv6 - ok
21:10:46.0524 4244 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe
21:10:46.0545 4244 WatAdminSvc - ok
21:10:46.0702 4244 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe
21:10:46.0724 4244 wbengine - ok
21:10:46.0953 4244 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll
21:10:46.0959 4244 WbioSrvc - ok
21:10:47.0004 4244 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll
21:10:47.0012 4244 wcncsvc - ok
21:10:47.0019 4244 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll
21:10:47.0024 4244 WcsPlugInService - ok
21:10:47.0074 4244 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\drivers\wd.sys
21:10:47.0076 4244 Wd - ok
21:10:47.0152 4244 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
21:10:47.0167 4244 Wdf01000 - ok
21:10:47.0194 4244 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
21:10:47.0200 4244 WdiServiceHost - ok
21:10:47.0206 4244 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll
21:10:47.0211 4244 WdiSystemHost - ok
21:10:47.0258 4244 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll
21:10:47.0265 4244 WebClient - ok
21:10:47.0305 4244 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll
21:10:47.0311 4244 Wecsvc - ok
21:10:47.0341 4244 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll
21:10:47.0345 4244 wercplsupport - ok
21:10:47.0383 4244 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll
21:10:47.0387 4244 WerSvc - ok
21:10:47.0445 4244 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
21:10:47.0448 4244 WfpLwf - ok
21:10:47.0486 4244 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
21:10:47.0488 4244 WIMMount - ok
21:10:47.0527 4244 WinDefend - ok
21:10:47.0540 4244 WinHttpAutoProxySvc - ok
21:10:47.0609 4244 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll
21:10:47.0615 4244 Winmgmt - ok
21:10:47.0819 4244 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll
21:10:47.0844 4244 WinRM - ok
21:10:48.0053 4244 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll
21:10:48.0071 4244 Wlansvc - ok
21:10:48.0161 4244 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
21:10:48.0164 4244 wlcrasvc - ok
21:10:48.0421 4244 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:10:48.0446 4244 wlidsvc - ok
21:10:48.0594 4244 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys
21:10:48.0597 4244 WmiAcpi - ok
21:10:48.0670 4244 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe
21:10:48.0676 4244 wmiApSrv - ok
21:10:48.0730 4244 WMPNetworkSvc - ok
21:10:48.0755 4244 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll
21:10:48.0761 4244 WPCSvc - ok
21:10:48.0787 4244 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll
21:10:48.0792 4244 WPDBusEnum - ok
21:10:48.0820 4244 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
21:10:48.0823 4244 ws2ifsl - ok
21:10:48.0854 4244 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\System32\wscsvc.dll
21:10:48.0860 4244 wscsvc - ok
21:10:48.0865 4244 WSearch - ok
21:10:49.0086 4244 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\windows\system32\wuaueng.dll
21:10:49.0111 4244 wuauserv - ok
21:10:49.0263 4244 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys
21:10:49.0267 4244 WudfPf - ok
21:10:49.0322 4244 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys
21:10:49.0327 4244 WUDFRd - ok
21:10:49.0360 4244 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll
21:10:49.0365 4244 wudfsvc - ok
21:10:49.0407 4244 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll
21:10:49.0415 4244 WwanSvc - ok
21:10:49.0473 4244 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
21:10:49.0563 4244 \Device\Harddisk0\DR0 - ok
21:10:49.0590 4244 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR4
21:10:49.0595 4244 \Device\Harddisk1\DR4 - ok
21:10:49.0608 4244 Boot (0x1200) (bd52c63ec00eaaf46e7fe967a31fe603) \Device\Harddisk0\DR0\Partition0
21:10:49.0610 4244 \Device\Harddisk0\DR0\Partition0 - ok
21:10:49.0627 4244 Boot (0x1200) (e020ab22ff25f70be409c9c00f7deb61) \Device\Harddisk0\DR0\Partition1
21:10:49.0630 4244 \Device\Harddisk0\DR0\Partition1 - ok
21:10:49.0635 4244 Boot (0x1200) (7a53f04814ce23c67344185075b7128a) \Device\Harddisk1\DR4\Partition0
21:10:49.0638 4244 \Device\Harddisk1\DR4\Partition0 - ok
21:10:49.0639 4244 ============================================================
21:10:49.0639 4244 Scan finished
21:10:49.0639 4244 ============================================================
21:10:49.0660 4124 Detected object count: 0
21:10:49.0660 4124 Actual detected object count: 0
21:11:34.0896 5268 Deinitialize success

#4
Elise

Posted 30 April 2012 - 08:59 AM

Forum Deity

Experts
8,720 posts

Gender:Female
Location:Romania

Hi again,

COMBOFIX
---------------
Please download ComboFix from one of these locations:

Bleepingcomputer

ForoSpyware

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
Double click on Combofix.exe and follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

regards, Elise

If I am helping you and I haven't replied within 24 hours, please feel free to send me a PM.

#5
Mike12345

Posted 01 May 2012 - 03:55 AM

New Member

Members
8 posts

Hello agian,
Ran combofix, as requested here is the .txt

P.S. On the ((other deletions)) part of the log, did it removed those two files ?

Log:

ComboFix 12-05-01.01 - user 01/05/2012 16:43:47.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.60.1033.18.8099.5762 [GMT 8:00]
Running from: c:\users\user\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\FD.dll
c:\windows\system32\ICON.ico
.
.
((((((((((((((((((((((((( Files Created from 2012-04-01 to 2012-05-01 )))))))))))))))))))))))))))))))
.
.
2012-05-01 08:47 . 2012-05-01 08:47 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-05-01 08:47 . 2012-05-01 08:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-30 16:16 . 2012-04-30 16:16 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8E7A6A19-2126-41F1-B2A3-FAB1E1D02C60}\offreg.dll
2012-04-30 11:13 . 2012-04-12 17:46 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8E7A6A19-2126-41F1-B2A3-FAB1E1D02C60}\mpengine.dll
2012-04-29 11:29 . 2012-04-29 11:29 16200 ----a-w- c:\windows\stinger.sys
2012-04-29 11:29 . 2012-04-29 11:35 -------- d-----w- c:\program files (x86)\stinger
2012-04-29 07:07 . 2012-04-29 07:07 -------- d-----w- c:\programdata\Microsoft Help
2012-04-28 17:21 . 2012-04-12 17:46 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-04-28 11:34 . 2012-04-28 11:40 -------- d-----w- c:\programdata\SecTaskMan
2012-04-27 17:27 . 2012-04-27 17:27 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4D2FEE4A-8194-41F3-B6AD-0EB2CE34012A}\gapaengine.dll
2012-04-27 17:09 . 2012-04-27 17:09 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-04-27 17:09 . 2012-04-27 17:09 -------- d-----w- c:\program files\Microsoft Security Client
2012-04-27 13:57 . 2012-04-27 13:57 -------- d-----w- c:\programdata\Malwarebytes
2012-04-27 13:57 . 2012-04-04 07:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-27 12:07 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EA1D8ADE-94B9-492A-B696-DE7F5DAD4B41}\mpengine.dll
2012-04-26 09:04 . 2012-04-26 09:04 -------- d-----w- c:\program files (x86)\Google
2012-04-25 19:19 . 2012-04-25 19:19 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-04-25 04:27 . 2012-04-26 00:31 -------- d-----w- c:\programdata\VirtualizedApplications
2012-04-25 01:51 . 2012-04-25 19:00 -------- d-----w- c:\program files (x86)\Microsoft Application Virtualization Client
2012-04-22 11:29 . 2012-04-22 11:29 -------- d-----w- c:\program files (x86)\Space International
2012-04-18 12:14 . 2012-04-19 18:05 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-04-18 12:10 . 2012-04-18 12:11 -------- d-----w- c:\program files (x86)\Origin
2012-04-18 12:00 . 2012-04-18 12:00 -------- d-----w- c:\program files (x86)\Battlelog Web Plugins
2012-04-18 11:57 . 2012-04-18 11:57 -------- d-----w- c:\programdata\EA Core
2012-04-18 11:57 . 2012-04-19 12:06 -------- d-----w- c:\programdata\EA Logs
2012-04-18 11:55 . 2012-04-19 18:05 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-04-18 11:55 . 2012-04-19 18:04 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-04-18 11:55 . 2012-04-18 12:18 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-04-16 12:03 . 2012-04-16 12:03 -------- d-----w- c:\programdata\XSettings
2012-04-16 06:24 . 2012-04-17 15:48 -------- d-----w- c:\program files (x86)\Origin Games
2012-04-16 06:24 . 2012-04-18 12:12 -------- d-----w- c:\programdata\Origin
2012-04-16 06:22 . 2012-04-18 11:57 -------- d-----w- c:\programdata\Electronic Arts
2012-04-14 12:22 . 2012-04-14 12:22 -------- d-----w- c:\windows\SysWow64\Wat
2012-04-14 12:22 . 2012-04-14 12:22 -------- d-----w- c:\windows\system32\Wat
2012-04-13 19:05 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-13 19:05 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-13 19:05 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-13 19:01 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-13 19:01 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-13 19:01 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-13 19:01 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-13 19:01 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-13 19:01 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-13 19:01 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-13 10:15 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2012-04-13 10:15 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-04-13 10:14 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-04-13 10:14 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-04-13 10:11 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-04-13 10:11 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-04-13 10:11 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-04-13 10:09 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-04-13 10:09 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-04-13 09:43 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2012-04-13 09:43 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2012-04-13 09:34 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-04-13 09:33 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll
2012-04-13 09:23 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-04-13 09:23 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-04-13 09:22 . 2011-03-12 12:08 1465344 ----a-w- c:\windows\system32\XpsPrint.dll
2012-04-13 09:22 . 2011-03-12 11:23 870912 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2012-04-13 09:01 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-04-13 08:19 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-04-13 08:19 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-04-13 08:19 . 2011-02-23 04:55 90624 ----a-w- c:\windows\system32\drivers\bowser.sys
2012-04-13 08:17 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2012-04-13 08:17 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2012-04-13 08:09 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-04-13 08:09 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-04-13 05:44 . 2010-10-26 21:42 749936 ------w- c:\windows\system32\Pen_Touch_Tablet.dll
2012-04-13 05:44 . 2010-10-26 21:42 642928 ------w- c:\windows\SysWow64\Pen_Touch_Tablet.dll
2012-04-13 05:44 . 2012-04-13 05:44 -------- d-----w- c:\program files (x86)\TabletPlugins
2012-04-13 05:44 . 2010-10-11 19:19 18288 ----a-w- c:\windows\system32\drivers\wacmoumonitor.sys
2012-04-13 05:44 . 2010-10-11 19:19 12848 ----a-w- c:\windows\system32\drivers\wacommousefilter.sys
2012-04-13 05:44 . 2010-10-11 19:19 16168 ----a-w- c:\windows\system32\drivers\wacomvhid.sys
2012-04-13 05:44 . 2010-10-26 21:42 600432 ------w- c:\windows\system32\Wintab32.dll
2012-04-13 05:44 . 2010-10-26 21:42 506736 ------w- c:\windows\SysWow64\Wintab32.dll
2012-04-13 05:43 . 2010-10-26 21:42 756592 ------w- c:\windows\system32\Pen_Tablet.dll
2012-04-13 05:43 . 2010-10-26 21:42 650096 ------w- c:\windows\SysWow64\Pen_Tablet.dll
2012-04-13 05:43 . 2012-04-13 05:44 -------- d-----w- c:\program files\Tablet
2012-04-12 13:31 . 2012-04-14 17:31 8741536 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-12 13:09 . 2012-04-12 13:09 -------- d-----w- c:\programdata\McAfee
2012-04-12 13:09 . 2012-04-14 17:31 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-12 13:09 . 2012-04-14 17:31 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-12 13:08 . 2012-04-12 13:08 -------- d-----w- c:\windows\system32\Macromed
2012-04-12 12:37 . 2012-04-30 13:01 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2012-04-12 12:27 . 2012-04-12 12:27 -------- d-----w- c:\users\Public\msi
2012-04-12 10:24 . 2012-04-12 10:24 -------- d-----w- c:\program files (x86)\My Company Name
2012-04-12 10:24 . 2012-04-12 10:24 -------- d-----w- c:\program files (x86)\Common Files\Sonic Shared
2012-04-12 10:24 . 2012-04-12 10:24 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine
2012-04-12 10:24 . 2009-07-08 19:00 55280 ------w- c:\windows\system32\drivers\PxHlpa64.sys
2012-04-12 10:24 . 2009-06-22 19:00 10224 ------w- c:\windows\system32\drivers\cdralw2k.sys
2012-04-12 10:24 . 2009-06-22 19:00 10224 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2012-04-12 10:09 . 2012-04-12 10:09 -------- d-----w- c:\program files\CCleaner
2012-04-12 10:00 . 2012-04-12 10:00 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-04-12 10:00 . 2012-04-12 10:00 -------- d-----r- c:\program files (x86)\Skype
2012-04-12 10:00 . 2012-04-12 10:00 -------- d-----w- c:\programdata\Skype
2012-04-12 09:31 . 2012-04-21 11:51 -------- d-----w- c:\program files (x86)\Common Files\Steam
2012-04-12 09:29 . 2012-04-12 09:29 -------- d-----w- c:\programdata\Media Center Programs
2012-04-12 09:21 . 2012-04-12 09:21 -------- d-sh--w- c:\windows\ftpcache
2012-04-12 09:09 . 2012-04-12 09:18 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2012-04-12 09:04 . 2012-04-12 10:27 -------- d-----w- c:\program files\Common Files\Adobe
2012-04-12 09:03 . 2012-04-12 09:03 -------- d-----w- c:\program files (x86)\Adobe Media Player
2012-04-12 09:02 . 2012-04-12 09:02 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2012-04-12 09:00 . 2012-04-12 10:26 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-04-12 08:27 . 2012-04-12 08:27 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-04-12 08:26 . 2012-04-12 09:20 -------- d-----w- c:\programdata\DAEMON Tools Lite
2012-04-12 08:13 . 2012-04-12 08:13 -------- d-----w- c:\program files (x86)\Ask.com
2012-04-12 08:13 . 2012-04-12 08:13 -------- d-----w- c:\program files (x86)\Foxit Software
2012-04-12 08:00 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-12 08:00 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-12 08:00 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-12 08:00 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-04-12 08:00 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-04-12 08:00 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-12 08:00 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-04-12 05:58 . 2012-04-12 05:58 -------- d-----w- c:\programdata\Nuance
2012-04-12 05:58 . 2012-04-12 05:58 -------- d-----w- c:\programdata\ScanSoft
2012-04-12 05:58 . 2012-04-12 05:58 -------- d-----w- c:\programdata\FLEXnet
2012-04-12 05:58 . 2012-04-12 05:58 -------- d-----w- c:\program files (x86)\Nuance
2012-04-12 05:57 . 2012-04-12 05:57 6 ----a-w- c:\windows\silentOnce.tmp
2012-04-12 05:54 . 2012-04-13 05:45 -------- d-----w- c:\users\user
2012-04-12 05:53 . 2012-04-12 05:53 -------- d-----w- C:\Recovery
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-12 07:55 . 2011-03-29 02:36 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\SysWow64\GPhotos.scr
2012-03-20 12:44 . 2012-03-20 12:44 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-20 12:44 . 2012-03-20 12:44 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files (x86)\Windows Sidebar\sidebar.exe" [2010-11-21 1174016]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-02-29 17148552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-01-13 283160]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-04-15 113288]
"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" [2010-11-18 1351680]
"NortonOnlineBackup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-03-06 1112920]
"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-21 406992]
"Live Update 5"="c:\program files (x86)\MSI\Live Update 5\BootStartLiveupdate.exe" [2012-01-30 315392]
"Malwarebytes' Anti-Malware"="d:\programs\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Intel® Turbo Boost Technology Monitor 2.0.lnk - c:\program files\Intel\TurboBoost\SignalIslandUi.exe [2010-10-8 198656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 253088]
R3 AMPPALP;Intel® Centrino® Bluetooth 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [x]
R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [x]
R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 AMPPALR3;Intel® Centrino® Bluetooth 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-04-21 1136640]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-03-30 923984]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-03-30 1001808]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-04-21 134928]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S3 AMPPAL;Intel® Centrino® Bluetooth 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [x]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-03-30 1321296]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 29361461
*Deregistered* - 29361461
*Deregistered* - BHDrvx64
*Deregistered* - NAVENG
*Deregistered* - NAVEX15
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 17:31]
.
2012-04-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1067800367-404388841-926343989-1001Core.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-29 11:37]
.
2012-05-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1067800367-404388841-926343989-1001UA.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-29 11:37]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-04 11780712]
"THXCfg64"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-03-30 10372368]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-20 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-20 392472]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.ask.com/?l=dis&o=101702
mStart Page = hxxp://msi.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = 202.171.34.234:3124
uInternet Settings,ProxyOverride = 192.168.1.1;<local>
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\g88fwusm.default\
FF - prefs.js: browser.startup.homepage - www.google.com
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-05-01 16:49:08
ComboFix-quarantined-files.txt 2012-05-01 08:49
.
Pre-Run: 26,413,187,072 bytes free
Post-Run: 26,299,207,680 bytes free
.
- - End Of File - - F6E324B03ED2B872E8B5ED809F0B36C3

#6
Elise

Posted 01 May 2012 - 04:03 AM

Forum Deity

Experts
8,720 posts

Gender:Female
Location:Romania

It looks like you use a proxy server in Malaysia, is this something you have set yourself?

regards, Elise

If I am helping you and I haven't replied within 24 hours, please feel free to send me a PM.

#7
Mike12345

Posted 01 May 2012 - 04:23 AM

New Member

Members
8 posts

No, i never set it up, nor I really know how to set it.

#8
Elise

Posted 01 May 2012 - 04:31 AM

Forum Deity

Experts
8,720 posts

Gender:Female
Location:Romania

In that case lets remove it. Let me know afterwards how things are running.

CF-SCRIPT
-------------
We need to execute a CF-script.

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Click Start > Run and in the box that opens type notepad and press enter. Copy/paste the text in the codebox below into it:

DDS::
uInternet Settings,ProxyServer = 202.171.34.234:3124

Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

regards, Elise

If I am helping you and I haven't replied within 24 hours, please feel free to send me a PM.

#9
Mike12345

Posted 01 May 2012 - 04:46 AM

New Member

Members
8 posts

Here you go,

I must say, that after running combofix the first time, Internet speed increase drasticaly. If possible, I would like to know what was removed and if any malware/viruses were actually detected. Thank you

Log:

ComboFix 12-05-01.01 - user 01/05/2012 17:39:28.2.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.60.1033.18.8099.5638 [GMT 8:00]
Running from: c:\users\user\Downloads\ComboFix.exe
Command switches used :: c:\users\user\Downloads\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-04-01 to 2012-05-01 )))))))))))))))))))))))))))))))
.
.
2012-05-01 09:42 . 2012-05-01 09:42 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-05-01 09:42 . 2012-05-01 09:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-01 09:37 . 2012-05-01 09:37 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D61F3B96-27EB-406C-B434-39AEB6AF1E75}\offreg.dll
2012-05-01 08:49 . 2012-04-12 17:46 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D61F3B96-27EB-406C-B434-39AEB6AF1E75}\mpengine.dll
2012-04-29 11:29 . 2012-04-29 11:29 16200 ----a-w- c:\windows\stinger.sys
2012-04-29 11:29 . 2012-04-29 11:35 -------- d-----w- c:\program files (x86)\stinger
2012-04-29 07:07 . 2012-04-29 07:07 -------- d-----w- c:\programdata\Microsoft Help
2012-04-28 17:21 . 2012-04-12 17:46 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-04-28 11:34 . 2012-04-28 11:40 -------- d-----w- c:\programdata\SecTaskMan
2012-04-27 17:27 . 2012-04-27 17:27 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4D2FEE4A-8194-41F3-B6AD-0EB2CE34012A}\gapaengine.dll
2012-04-27 17:09 . 2012-04-27 17:09 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-04-27 17:09 . 2012-04-27 17:09 -------- d-----w- c:\program files\Microsoft Security Client
2012-04-27 13:57 . 2012-04-27 13:57 -------- d-----w- c:\programdata\Malwarebytes
2012-04-27 13:57 . 2012-04-04 07:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-27 12:07 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{EA1D8ADE-94B9-492A-B696-DE7F5DAD4B41}\mpengine.dll
2012-04-26 09:04 . 2012-04-26 09:04 -------- d-----w- c:\program files (x86)\Google
2012-04-25 19:19 . 2012-04-25 19:19 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-04-25 04:27 . 2012-04-26 00:31 -------- d-----w- c:\programdata\VirtualizedApplications
2012-04-25 01:51 . 2012-04-25 19:00 -------- d-----w- c:\program files (x86)\Microsoft Application Virtualization Client
2012-04-22 11:29 . 2012-04-22 11:29 -------- d-----w- c:\program files (x86)\Space International
2012-04-18 12:14 . 2012-04-19 18:05 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-04-18 12:10 . 2012-04-18 12:11 -------- d-----w- c:\program files (x86)\Origin
2012-04-18 12:00 . 2012-04-18 12:00 -------- d-----w- c:\program files (x86)\Battlelog Web Plugins
2012-04-18 11:57 . 2012-04-18 11:57 -------- d-----w- c:\programdata\EA Core
2012-04-18 11:57 . 2012-04-19 12:06 -------- d-----w- c:\programdata\EA Logs
2012-04-18 11:55 . 2012-04-19 18:05 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-04-18 11:55 . 2012-04-19 18:04 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-04-18 11:55 . 2012-04-18 12:18 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-04-16 12:03 . 2012-04-16 12:03 -------- d-----w- c:\programdata\XSettings
2012-04-16 06:24 . 2012-04-17 15:48 -------- d-----w- c:\program files (x86)\Origin Games
2012-04-16 06:24 . 2012-04-18 12:12 -------- d-----w- c:\programdata\Origin
2012-04-16 06:22 . 2012-04-18 11:57 -------- d-----w- c:\programdata\Electronic Arts
2012-04-14 12:22 . 2012-04-14 12:22 -------- d-----w- c:\windows\SysWow64\Wat
2012-04-14 12:22 . 2012-04-14 12:22 -------- d-----w- c:\windows\system32\Wat
2012-04-13 19:05 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-13 19:05 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-13 19:05 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-13 19:01 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-13 19:01 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-13 19:01 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-13 19:01 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-13 19:01 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-13 19:01 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-13 19:01 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-13 10:15 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2012-04-13 10:15 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-04-13 10:14 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-04-13 10:14 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-04-13 10:11 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-04-13 10:11 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-04-13 10:11 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-04-13 10:09 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-04-13 10:09 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-04-13 09:43 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2012-04-13 09:43 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2012-04-13 09:34 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-04-13 09:33 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll
2012-04-13 09:23 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-04-13 09:23 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-04-13 09:22 . 2011-03-12 12:08 1465344 ----a-w- c:\windows\system32\XpsPrint.dll
2012-04-13 09:22 . 2011-03-12 11:23 870912 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2012-04-13 09:01 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-04-13 08:19 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-04-13 08:19 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-04-13 08:19 . 2011-02-23 04:55 90624 ----a-w- c:\windows\system32\drivers\bowser.sys
2012-04-13 08:17 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2012-04-13 08:17 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2012-04-13 08:09 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-04-13 08:09 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-04-13 05:44 . 2010-10-26 21:42 749936 ------w- c:\windows\system32\Pen_Touch_Tablet.dll
2012-04-13 05:44 . 2010-10-26 21:42 642928 ------w- c:\windows\SysWow64\Pen_Touch_Tablet.dll
2012-04-13 05:44 . 2012-04-13 05:44 -------- d-----w- c:\program files (x86)\TabletPlugins
2012-04-13 05:44 . 2010-10-11 19:19 18288 ----a-w- c:\windows\system32\drivers\wacmoumonitor.sys
2012-04-13 05:44 . 2010-10-11 19:19 12848 ----a-w- c:\windows\system32\drivers\wacommousefilter.sys
2012-04-13 05:44 . 2010-10-11 19:19 16168 ----a-w- c:\windows\system32\drivers\wacomvhid.sys
2012-04-13 05:44 . 2010-10-26 21:42 600432 ------w- c:\windows\system32\Wintab32.dll
2012-04-13 05:44 . 2010-10-26 21:42 506736 ------w- c:\windows\SysWow64\Wintab32.dll
2012-04-13 05:43 . 2010-10-26 21:42 756592 ------w- c:\windows\system32\Pen_Tablet.dll
2012-04-13 05:43 . 2010-10-26 21:42 650096 ------w- c:\windows\SysWow64\Pen_Tablet.dll
2012-04-13 05:43 . 2012-04-13 05:44 -------- d-----w- c:\program files\Tablet
2012-04-12 13:31 . 2012-04-14 17:31 8741536 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-12 13:09 . 2012-04-12 13:09 -------- d-----w- c:\programdata\McAfee
2012-04-12 13:09 . 2012-04-14 17:31 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-12 13:09 . 2012-04-14 17:31 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-12 13:08 . 2012-04-12 13:08 -------- d-----w- c:\windows\system32\Macromed
2012-04-12 12:37 . 2012-04-30 13:01 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2012-04-12 12:27 . 2012-04-12 12:27 -------- d-----w- c:\users\Public\msi
2012-04-12 10:24 . 2012-04-12 10:24 -------- d-----w- c:\program files (x86)\My Company Name
2012-04-12 10:24 . 2012-04-12 10:24 -------- d-----w- c:\program files (x86)\Common Files\Sonic Shared
2012-04-12 10:24 . 2012-04-12 10:24 -------- d-----w- c:\program files (x86)\Common Files\PX Storage Engine
2012-04-12 10:24 . 2009-07-08 19:00 55280 ------w- c:\windows\system32\drivers\PxHlpa64.sys
2012-04-12 10:24 . 2009-06-22 19:00 10224 ------w- c:\windows\system32\drivers\cdralw2k.sys
2012-04-12 10:24 . 2009-06-22 19:00 10224 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2012-04-12 10:09 . 2012-04-12 10:09 -------- d-----w- c:\program files\CCleaner
2012-04-12 10:00 . 2012-04-12 10:00 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-04-12 10:00 . 2012-04-12 10:00 -------- d-----r- c:\program files (x86)\Skype
2012-04-12 10:00 . 2012-04-12 10:00 -------- d-----w- c:\programdata\Skype
2012-04-12 09:31 . 2012-04-21 11:51 -------- d-----w- c:\program files (x86)\Common Files\Steam
2012-04-12 09:29 . 2012-04-12 09:29 -------- d-----w- c:\programdata\Media Center Programs
2012-04-12 09:21 . 2012-04-12 09:21 -------- d-sh--w- c:\windows\ftpcache
2012-04-12 09:09 . 2012-04-12 09:18 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2012-04-12 09:04 . 2012-04-12 10:27 -------- d-----w- c:\program files\Common Files\Adobe
2012-04-12 09:03 . 2012-04-12 09:03 -------- d-----w- c:\program files (x86)\Adobe Media Player
2012-04-12 09:02 . 2012-04-12 09:02 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2012-04-12 09:00 . 2012-04-12 10:26 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-04-12 08:27 . 2012-04-12 08:27 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-04-12 08:26 . 2012-04-12 09:20 -------- d-----w- c:\programdata\DAEMON Tools Lite
2012-04-12 08:13 . 2012-04-12 08:13 -------- d-----w- c:\program files (x86)\Ask.com
2012-04-12 08:13 . 2012-04-12 08:13 -------- d-----w- c:\program files (x86)\Foxit Software
2012-04-12 08:00 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-04-12 08:00 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-04-12 08:00 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-04-12 08:00 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-04-12 08:00 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-04-12 08:00 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-12 08:00 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-04-12 05:58 . 2012-04-12 05:58 -------- d-----w- c:\programdata\Nuance
2012-04-12 05:58 . 2012-04-12 05:58 -------- d-----w- c:\programdata\ScanSoft
2012-04-12 05:58 . 2012-04-12 05:58 -------- d-----w- c:\programdata\FLEXnet
2012-04-12 05:58 . 2012-04-12 05:58 -------- d-----w- c:\program files (x86)\Nuance
2012-04-12 05:57 . 2012-04-12 05:57 6 ----a-w- c:\windows\silentOnce.tmp
2012-04-12 05:54 . 2012-04-13 05:45 -------- d-----w- c:\users\user
2012-04-12 05:53 . 2012-04-12 05:53 -------- d-----w- C:\Recovery
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-12 07:55 . 2011-03-29 02:36 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\SysWow64\GPhotos.scr
2012-03-20 12:44 . 2012-03-20 12:44 98688 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-03-20 12:44 . 2012-03-20 12:44 203888 ----a-w- c:\windows\system32\drivers\MpFilter.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files (x86)\Windows Sidebar\sidebar.exe" [2010-11-21 1174016]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-02-29 17148552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-01-13 283160]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-04-15 113288]
"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" [2010-11-18 1351680]
"NortonOnlineBackup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-03-06 1112920]
"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-21 406992]
"Live Update 5"="c:\program files (x86)\MSI\Live Update 5\BootStartLiveupdate.exe" [2012-01-30 315392]
"Malwarebytes' Anti-Malware"="d:\programs\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Intel® Turbo Boost Technology Monitor 2.0.lnk - c:\program files\Intel\TurboBoost\SignalIslandUi.exe [2010-10-8 198656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-14 253088]
R3 AMPPALP;Intel® Centrino® Bluetooth 3.0 + High Speed Protocol;c:\windows\system32\DRIVERS\amppal.sys [x]
R3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [x]
R3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 AMPPALR3;Intel® Centrino® Bluetooth 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-04-21 1136640]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-03-30 923984]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-03-30 1001808]
S2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-04-21 134928]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S3 AMPPAL;Intel® Centrino® Bluetooth 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [x]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-03-30 1321296]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 29361461
*Deregistered* - 29361461
*Deregistered* - BHDrvx64
*Deregistered* - NAVENG
*Deregistered* - NAVEX15
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 17:31]
.
2012-04-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1067800367-404388841-926343989-1001Core.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-29 11:37]
.
2012-05-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1067800367-404388841-926343989-1001UA.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-29 11:37]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-04 11780712]
"THXCfg64"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-03-30 10372368]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-20 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-20 392472]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.ask.com/?l=dis&o=101702
mStart Page = hxxp://msi.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 192.168.1.1;<local>
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\g88fwusm.default\
FF - prefs.js: browser.startup.homepage - www.google.com
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-05-01 17:43:27
ComboFix-quarantined-files.txt 2012-05-01 09:43
ComboFix2.txt 2012-05-01 08:49
.
Pre-Run: 26,347,622,400 bytes free
Post-Run: 26,294,251,520 bytes free
.
- - End Of File - - 7513C0D0C60BCFC3A3E91F8F10912E0E

#10
Elise

Posted 01 May 2012 - 05:16 AM

Forum Deity

Experts
8,720 posts

Gender:Female
Location:Romania

Combofix resets quite some settings, which most likely caused the increase, as real malware wan't found except for those two files.

P2P WARNING
-------------------
Going over your logs I noticed that you have uTorrent installed.

Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall uTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.

Please launch MBAM, update it and run a full scan. Post me the resulting log.

regards, Elise

If I am helping you and I haven't replied within 24 hours, please feel free to send me a PM.

#11
Mike12345

Posted 01 May 2012 - 07:08 AM

New Member

Members
8 posts

Here, I think the Combofix fixed the problem some how ( my guess). Thank you for your help, much appreciented.

Log:

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.01.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
user :: USER-MSI [administrator]

Protection: Disabled

1/5/2012 7:28:38 PM
mbam-log-2012-05-01 (19-28-38).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 358598
Time elapsed: 38 minute(s), 18 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#12
Elise

Posted 01 May 2012 - 07:40 AM

Forum Deity

Experts
8,720 posts

Gender:Female
Location:Romania

Its good to hear that!

Lets run one last scan to double check.

ESET ONLINE SCANNER
----------------------------
I'd like us to scan your machine with ESET OnlineScan

Hold down Control and click on this link to open ESET OnlineScan in a new window.
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
- Double click on the
  icon on your desktop.
Check "YES, I accept the Terms of Use."
Click the Start button.
Accept any security warnings from your browser.
Under scan settings, check "Scan Archives" and "Remove found threats"
Click Advanced settings and select the following:
- Scan potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth technology
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, click List Threats
Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Click the Back button.
Click the Finish button.

regards, Elise

If I am helping you and I haven't replied within 24 hours, please feel free to send me a PM.

#13
Mike12345

Posted 01 May 2012 - 10:18 AM

New Member

Members
8 posts

Hello agian,

It found 3 threats and removed them ( a B.keygen something) but after finishing it throwed me to a 'download trial or buy the product 'screen, and i couldn't save the logs.

#14
Elise

Posted 01 May 2012 - 10:30 AM

Forum Deity

Experts
8,720 posts

Gender:Female
Location:Romania

No problem.

ALL CLEAN
--------------
Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it clean

Please do the following to remove the remaining programs from your PC:

Delete the tools used during the disinfection:
- Click start > run and type combofix /uninstall, press enter. This will remove Combofix from your computer.

Please read these advices, in order to prevent reinfecting your PC:

Install and update the following programs regularly:
- an outbound firewall. If you are connected to the internet through a router, you are already behind a hardware firewall and as such you do not need an extra software firewall.
  A comprehensive tutorial and a list of possible firewalls can be found here.
- an AntiVirus Software
  It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
- an Anti-Spyware program
  Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
  SUPERAntiSpyware is another good scanner with high detection and removal rates.
  Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
- Spyware Blaster
  A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
Keep Windows (and your other Microsoft software) up to date!
I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.
Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!
Keep your other software up to date as well
Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.
Stay up to date!
The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.

Some more links you might find of interest:

Miekies' prevention suggestions
So How did I get infected?
Microsoft - 'Security at home'
Calendar of Updates: See which updates have been released.
How to backup your Data with Cobian Backup:because you never know, when your harddisk might fail :wink:
Commonly Used Freeware Replacements: a nice list of freeware programs in all categories, that are regarded as useful by the users of this forum.
osalt: Find (free) open source alternatives to known commercial software.

Please reply to this topic if you have read the above information. If your computer is working fine, this topic will be closed afterwards.

regards, Elise

If I am helping you and I haven't replied within 24 hours, please feel free to send me a PM.

#15
Mike12345

Posted 01 May 2012 - 10:35 AM

New Member

Members
8 posts

Thank you Elise,
I really appreciate your help

. Have a good day.

Sincerly,
Mike

#16
Elise

Posted 01 May 2012 - 11:22 AM

Forum Deity

Experts
8,720 posts

Gender:Female
Location:Romania

You are most welcome Mike!

I will request this topic to be closed.

regards, Elise

If I am helping you and I haven't replied within 24 hours, please feel free to send me a PM.

#17
LDTate

Posted 01 May 2012 - 12:03 PM

Forum Deity

Moderators
20,060 posts

Gender:Male
Location:Missouri, USA

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Larry Tate
Consumer Support Specialist

Back to Resolved HijackThis Logs · Next Unread Topic →

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

Malwarebytes

Slow Internet/Browser Speeds