Jump to content

TomSmith

Honorary Members
 View Profile  See their activity

  • Posts

    24

  • Joined

  • Last visited

Reputation

0 Neutral
  1. TomSmith
    I have done that. There doesn't seem to be any more problems.
  2. TomSmith
    It found nothing. Pc is clean now I suppose.
  3. TomSmith
    Computer is running fine now. I think it's fine now, thank you
  4. TomSmith
    Heres a new Malwarebytes log. Found nothing. Malwarebytes Anti-Malware (PRO) 1.61.0.1400 www.malwarebytes.org Database version: v2012.05.23.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 l :: L-PC [administrator] Protection: Enabled 23/05/2012 11:44:41 mbam-log-2012-05-23 (11-44-41).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 317941 Time elapsed: 55 minute(s), 20 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  5. TomSmith
    The survey sites have gone but the computer has gone slower than before. Also it now takes longer to boot up. Before was 10 - 15 secs average now it takes around nearly a minute. ComboFix 12-05-23.01 - l 23/05/2012 11:13:13.7.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3874.2364 [GMT 1:00] Running from: c:\users\l\Desktop\ComboFix.exe Command switches used :: c:\users\l\Desktop\CFScript.txt AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984} FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF} SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339} . . ((((((((((((((((((((((((( Files Created from 2012-04-23 to 2012-05-23 ))))))))))))))))))))))))))))))) . . 2012-05-23 10:21 . 2012-05-23 10:21 -------- d-----w- c:\users\Public\AppData\Local\temp 2012-05-23 10:21 . 2012-05-23 10:21 -------- d-----w- c:\users\Family\AppData\Local\temp 2012-05-23 10:21 . 2012-05-23 10:21 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-05-22 21:45 . 2012-05-22 21:45 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-05-22 21:45 . 2012-04-04 14:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-05-22 21:36 . 2012-05-22 21:36 -------- d-----w- c:\program files (x86)\Kaspersky Lab 2012-05-22 21:36 . 2012-05-23 10:24 -------- d-----w- c:\programdata\Kaspersky Lab 2012-05-22 21:00 . 2012-05-22 21:00 -------- d-s---w- c:\windows\SysWow64\Microsoft 2012-05-22 21:00 . 2012-05-23 10:23 -------- d-----w- c:\windows\system32\wbem\repository 2012-05-20 21:26 . 2012-05-20 21:26 -------- d-----w- c:\windows\en 2012-05-20 21:16 . 2012-05-20 21:16 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\ddeff91f1cd36cd01\DSETUP.dll 2012-05-20 21:16 . 2012-05-20 21:16 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\ddeff91f1cd36cd01\DXSETUP.exe 2012-05-20 21:16 . 2012-05-20 21:16 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\ddeff91f1cd36cd01\dsetup32.dll 2012-05-20 19:27 . 2012-05-20 19:27 165168 ----a-w- c:\windows\system32\drivers\kneps.sys 2012-05-18 21:11 . 2012-05-18 21:11 -------- d-----w- c:\programdata\Downloaded Installations 2012-05-18 21:10 . 2012-05-18 21:10 -------- d-----w- c:\program files (x86)\GFI Software 2012-05-18 20:05 . 2012-05-18 20:05 -------- d-----w- c:\users\l\AppData\Local\Babylon 2012-05-18 20:05 . 2012-05-18 20:05 -------- d-----w- c:\users\l\AppData\Roaming\Babylon 2012-05-16 20:20 . 2012-05-16 20:20 -------- d-----w- c:\users\l\AppData\Local\Mozilla 2012-05-15 21:54 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll 2012-05-15 21:54 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll 2012-05-15 21:54 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-15 21:54 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys 2012-05-15 21:54 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-05-15 21:54 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-05-15 21:47 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys 2012-05-15 21:40 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-05-15 21:16 . 2012-05-15 21:37 -------- d-----w- c:\users\l\AppData\Roaming\PPLive 2012-05-15 20:46 . 2012-05-15 21:29 -------- d-----w- c:\program files (x86)\Common Files\PPLiveNetwork 2012-05-15 20:39 . 2012-05-15 21:29 -------- d-----w- c:\users\l\AppData\Roaming\JPDesk 2012-05-12 20:43 . 2012-05-12 21:05 -------- d-----w- c:\windows\SysWow64\Adobe 2012-05-09 20:37 . 2012-05-09 20:37 -------- d-----w- c:\users\Family\AppData\Local\ESET 2012-05-08 20:51 . 2012-05-08 20:51 -------- d-----w- c:\users\l\AppData\Local\ESET 2012-05-08 19:21 . 2009-12-30 10:21 31800 ----a-w- c:\windows\system32\drivers\revoflt.sys 2012-05-08 19:21 . 2012-05-08 19:21 -------- d-----w- c:\program files\VS Revo Group 2012-05-07 21:17 . 2012-05-19 21:58 -------- d-----w- c:\users\l\VirtualBox VMs 2012-05-07 21:16 . 2012-05-19 21:58 -------- d-----w- c:\users\l\.VirtualBox 2012-05-07 21:15 . 2012-04-12 17:12 224048 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys 2012-05-07 21:15 . 2012-04-12 17:12 130864 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys 2012-05-07 21:15 . 2012-05-19 22:00 -------- dc----w- c:\windows\system32\DRVSTORE 2012-05-04 17:36 . 2012-05-04 17:36 -------- d-----w- c:\users\l\DoctorWeb 2012-05-02 19:55 . 2012-05-02 19:55 -------- d-----w- c:\users\l\AppData\Roaming\EurekaLog 2012-05-02 19:55 . 2012-05-22 22:24 -------- d-----w- c:\users\l\AppData\Local\CrashDumps 2012-05-02 09:58 . 2012-05-15 21:30 -------- d-----w- c:\users\Family\AppData\Roaming\AVG2012 2012-05-01 21:35 . 2012-05-15 21:30 -------- d-----w- c:\programdata\Norton 2012-05-01 21:35 . 2012-05-01 21:40 -------- d-----w- c:\users\l\AppData\Local\NPE 2012-05-01 19:36 . 2012-05-01 19:36 12872 ----a-w- c:\windows\system32\bootdelete.exe 2012-04-29 15:06 . 2004-03-08 22:00 131856 ----a-w- c:\windows\SysWow64\MSADODC.ocx 2012-04-29 15:06 . 2004-05-11 08:56 423784 ----a-w- c:\windows\SysWow64\XceedBkp.dll 2012-04-29 15:06 . 2003-11-19 12:59 512688 ----a-w- c:\windows\SysWow64\XceedCry.dll 2012-04-29 15:06 . 2002-03-12 13:36 431872 ----a-w- c:\windows\SysWow64\SSInput1.ocx 2012-04-29 15:06 . 2002-03-04 11:27 1140472 ----a-w- c:\windows\SysWow64\IGUltraGrid20.ocx 2012-04-29 15:06 . 2001-04-20 00:28 28672 ----a-w- c:\windows\SysWow64\systray.ocx 2012-04-29 15:06 . 2000-07-14 22:00 118784 ----a-w- c:\windows\SysWow64\msstdfmt.dll 2012-04-29 15:06 . 2004-01-09 09:54 188416 ----a-w- c:\windows\SysWow64\actsplash.ocx 2012-04-29 15:06 . 2000-07-15 04:00 101888 ----a-w- c:\windows\SysWow64\VB6STKIT.DLL 2012-04-29 15:06 . 2000-05-22 14:58 608448 ----a-w- c:\windows\SysWow64\comctl32.ocx 2012-04-29 15:06 . 2000-05-22 04:00 647872 ----a-w- c:\windows\SysWow64\MSCOMCT2.OCX 2012-04-27 20:46 . 2012-04-27 20:46 -------- d-----w- c:\program files\HitmanPro . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-05-04 17:35 . 2012-04-06 20:43 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-05-04 17:35 . 2012-02-29 22:51 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-05-04 17:35 . 2012-04-14 14:35 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2012-04-15 13:56 . 2012-04-15 13:56 16200 ----a-w- c:\windows\stinger.sys 2012-04-12 17:12 . 2012-04-12 17:12 147248 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys 2012-04-09 12:03 . 2012-04-09 12:03 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll 2012-04-09 12:03 . 2012-04-09 12:03 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll 2012-04-09 12:03 . 2012-04-09 12:03 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll 2012-03-11 20:13 . 2012-03-11 20:13 41200 ----a-w- c:\windows\system32\cmdcsr.dll 2012-03-11 20:13 . 2012-03-11 20:13 301224 ----a-w- c:\windows\SysWow64\guard32.dll 2012-03-08 17:50 . 2012-03-08 17:50 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll 2012-03-08 17:37 . 2012-03-08 17:37 302448 ----a-w- c:\windows\WLXPGSS.SCR 2012-03-06 23:15 . 2012-04-07 16:14 41184 ----a-w- c:\windows\avastSS.scr 2012-03-06 23:15 . 2012-04-07 16:14 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe 2012-03-02 21:55 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll 2012-03-02 21:55 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll 2012-03-01 21:37 . 2011-03-28 18:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2012-03-01 06:46 . 2012-04-10 21:36 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2012-03-01 06:38 . 2012-04-10 21:36 220672 ----a-w- c:\windows\system32\wintrust.dll 2012-03-01 06:33 . 2012-04-10 21:36 81408 ----a-w- c:\windows\system32\imagehlp.dll 2012-03-01 06:28 . 2012-04-10 21:36 5120 ----a-w- c:\windows\system32\wmi.dll 2012-03-01 05:37 . 2012-04-10 21:36 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-03-01 05:33 . 2012-04-10 21:36 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll 2012-03-01 05:29 . 2012-04-10 21:36 5120 ----a-w- c:\windows\SysWow64\wmi.dll 2012-02-28 06:39 . 2012-04-10 21:33 1188864 ----a-w- c:\windows\system32\wininet.dll 2012-02-28 05:38 . 2012-04-10 21:33 981504 ----a-w- c:\windows\SysWow64\wininet.dll 2012-02-28 04:31 . 2012-04-10 21:33 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2012-02-28 03:52 . 2012-04-10 21:33 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb . . ((((((((((((((((((((((((((((( SnapShot@2012-05-22_10.58.44 ))))))))))))))))))))))))))))))))))))))))) . + 2009-07-14 04:54 . 2012-05-22 18:37 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-07-14 04:54 . 2012-05-18 19:03 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-07-14 04:54 . 2012-05-18 19:03 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2012-05-22 18:37 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2012-05-22 18:37 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:54 . 2012-05-18 19:03 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2012-02-29 22:07 . 2012-05-23 10:25 50304 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-05-23 10:25 39476 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2012-02-29 22:00 . 2012-05-23 10:25 19570 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-202137972-4065337361-2662209299-1000_UserData.bin + 2009-07-14 05:30 . 2012-05-22 21:37 86016 c:\windows\system32\DriverStore\infpub.dat - 2009-07-14 05:30 . 2012-05-21 09:28 86016 c:\windows\system32\DriverStore\infpub.dat + 2012-02-29 21:49 . 2012-05-23 10:25 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2012-02-29 21:49 . 2012-05-22 10:28 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2012-02-29 21:49 . 2012-05-22 10:28 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2012-02-29 21:49 . 2012-05-23 10:25 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2012-05-23 10:25 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:54 . 2012-05-22 10:28 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2012-02-29 22:18 . 2012-05-22 10:58 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2012-02-29 22:18 . 2012-05-23 10:24 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-07-14 04:46 . 2012-05-21 12:28 91600 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat + 2009-07-14 04:46 . 2012-05-23 10:13 91600 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat + 2012-02-29 22:18 . 2012-05-23 10:24 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2012-02-29 22:18 . 2012-05-22 10:58 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2012-02-29 22:18 . 2012-05-23 10:24 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2012-02-29 22:18 . 2012-05-22 10:58 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2012-02-29 22:19 . 2012-05-23 10:25 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2012-02-29 22:19 . 2012-05-22 10:58 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2012-02-29 22:19 . 2012-05-22 10:58 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2012-02-29 22:19 . 2012-05-23 10:25 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2012-05-22 10:57 . 2012-05-22 10:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-05-23 10:22 . 2012-05-23 10:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-05-23 10:22 . 2012-05-23 10:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2012-05-22 10:57 . 2012-05-22 10:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2012-05-22 21:00 . 2012-05-22 21:00 262144 c:\windows\SysWOW64\config\TxR\NTUSER.DAT + 2012-05-22 21:00 . 2012-05-22 21:00 262144 c:\windows\SysWOW64\config\RegBack\NTUSER.DAT + 2012-05-22 21:00 . 2012-05-22 21:00 262144 c:\windows\SysWOW64\config\Journal\NTUSER.DAT + 2012-03-04 22:07 . 2012-05-22 12:49 243024 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin + 2009-07-14 05:30 . 2012-05-22 21:37 143360 c:\windows\system32\DriverStore\infstrng.dat - 2009-07-14 05:30 . 2012-05-21 09:28 143360 c:\windows\system32\DriverStore\infstrng.dat + 2009-07-14 05:30 . 2012-05-22 21:37 143360 c:\windows\system32\DriverStore\infstor.dat - 2009-07-14 05:30 . 2012-05-21 09:28 143360 c:\windows\system32\DriverStore\infstor.dat - 2012-05-21 09:29 . 2012-05-21 09:53 152233 c:\windows\system32\drivers\klin.dat + 2012-05-22 21:38 . 2012-05-22 21:38 152233 c:\windows\system32\drivers\klin.dat - 2012-05-21 09:27 . 2012-05-21 09:27 615728 c:\windows\system32\drivers\klif.sys + 2012-05-22 21:35 . 2012-05-22 21:35 615728 c:\windows\system32\drivers\klif.sys - 2012-05-21 09:29 . 2012-05-21 09:53 107177 c:\windows\system32\drivers\klick.dat + 2012-05-22 21:38 . 2012-05-22 21:38 107177 c:\windows\system32\drivers\klick.dat - 2009-07-14 05:12 . 2012-05-22 10:28 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat + 2009-07-14 05:12 . 2012-05-23 10:25 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat + 2012-03-30 19:50 . 2012-05-23 10:08 262144 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat - 2012-03-30 19:50 . 2012-05-21 21:19 262144 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat + 2009-07-14 05:01 . 2012-05-23 10:22 385004 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2009-07-14 05:01 . 2012-05-22 10:56 385004 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2009-07-14 04:45 . 2012-05-21 11:10 7150662 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat + 2009-07-14 04:45 . 2012-05-22 21:45 7150662 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat - 2012-03-01 22:20 . 2012-05-21 21:02 1568024 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-202137972-4065337361-2662209299-1000-12288.dat + 2012-03-01 22:20 . 2012-05-22 21:42 1568024 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-202137972-4065337361-2662209299-1000-12288.dat + 2011-10-14 16:53 . 2011-10-14 16:53 4640256 c:\windows\Installer\724f0.msi . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2011-10-18 2319536] "ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2011-07-21 5716608] "ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624] "HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2011-04-24 202296] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-04 257696] R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x] R3 cphs;Intel® Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-02-14 276248] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x] R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-05-25 17536] S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x] S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-02 15416] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-20 2656280] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x] S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] . . Contents of the 'Scheduled Tasks' folder . 2012-05-22 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 17:35] . 2012-05-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-202137972-4065337361-2662209299-1000Core.job - c:\users\l\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-29 22:35] . 2012-05-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-202137972-4065337361-2662209299-1000UA.job - c:\users\l\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-29 22:35] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-02-14 170264] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-02-14 398616] "Persistence"="c:\windows\system32\igfxpers.exe" [2012-02-14 440600] . ------- Supplementary Scan ------- . uLocal Page = \blank.htm uStart Page = about:blank mStart Page = about:blank mLocal Page = c:\windows\SysWOW64\blank.htm IE: Add to Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: {{68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - TCP: DhcpNameServer = 192.168.0.1 . - - - - ORPHANS REMOVED - - - - . WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file) ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file) ShellIconOverlayIdentifiers-{152C96EB-288E-4EDC-B7C6-D21F8250ADF3} - (no file) ShellIconOverlayIdentifiers-{342DAA0B-D796-460D-8566-901E08A1CCAD} - (no file) ShellIconOverlayIdentifiers-{57595DAE-1AE1-4D97-A49E-67CBB53B52DF} - (no file) ShellIconOverlayIdentifiers-{33816773-98AE-4723-ADE0-EBE54C8B5A67} - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" "Key"="ActionsPane3" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office/smartdocuments/2003\0] "Key"="http://schemas.microsoft.com/office/smartdocuments/2003" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office/smartdocuments/2003\0\{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}\Alias] "0"="Microsoft Actions Pane 3" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe . ************************************************************************** . Completion time: 2012-05-23 11:31:48 - machine was rebooted ComboFix-quarantined-files.txt 2012-05-23 10:31 ComboFix2.txt 2012-05-22 11:05 . Pre-Run: 573,256,634,368 bytes free Post-Run: 575,566,311,424 bytes free . - - End Of File - - D4A1521135A5CBFE18101F4C6A707B15 aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-05-23 11:35:50 ----------------------------- 11:35:50.927 OS Version: Windows x64 6.1.7601 Service Pack 1 11:35:50.927 Number of processors: 4 586 0x2A07 11:35:50.927 ComputerName: L-PC UserName: l 11:35:52.830 Initialize success 11:36:01.271 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 11:36:01.287 Disk 0 Vendor: ST9640423AS 0001SDM1 Size: 610480MB BusType: 11 11:36:01.318 Disk 0 MBR read successfully 11:36:01.318 Disk 0 MBR scan 11:36:01.334 Disk 0 Windows 7 default MBR code 11:36:01.334 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 22003 MB offset 63 11:36:01.349 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 588476 MB offset 45062328 11:36:01.381 Disk 0 scanning C:\Windows\system32\drivers 11:36:10.647 Service scanning 11:36:18.697 Service KL1 C:\Windows\system32\DRIVERS\kl1.sys **LOCKED** 5 11:36:18.759 Service kl2 C:\Windows\system32\DRIVERS\kl2.sys **LOCKED** 5 11:36:18.853 Service KLIM6 C:\Windows\system32\DRIVERS\klim6.sys **LOCKED** 5 11:36:18.884 Service klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys **LOCKED** 5 11:36:32.347 Modules scanning 11:36:32.877 Disk 0 trace - called modules: 11:36:32.924 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 11:36:32.924 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004e0b060] 11:36:32.939 3 CLASSPNP.SYS[fffff880021a143f] -> nt!IofCallDriver -> [0xfffffa800479c0c0] 11:36:32.955 5 ACPI.sys[fffff88000f037a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80047a4680] 11:36:32.955 Scan finished successfully 11:38:21.375 Disk 0 MBR has been saved successfully to "C:\Users\l\Desktop\MBR.dat" 11:38:21.391 The log file has been saved successfully to "C:\Users\l\Desktop\aswMBR.txt" MBR.rar
  6. TomSmith
    I'll get that done tomorrow. Thanks for the help.
  7. TomSmith
    I do not have Mozilla Firefox, I uninstalled it ages ago. It happens to both IE and Google Chrome.
  8. TomSmith
    Things are running better now. PC is running smoother. I get the random survey sight after each hour or so. My router has been reset already. ComboFix 12-05-22.02 - l 22/05/2012 19:26:29.6.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3874.2565 [GMT 1:00] Running from: c:\users\l\Desktop\ComboFix.exe Command switches used :: c:\users\l\Desktop\CFScript.txt AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984} FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF} SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "c:\windows\System32\Drivers\mtqjxm.sys" "c:\windows\System32\Drivers\nckkof.sys" "c:\windows\System32\Drivers\rqkdql.sys" "c:\windows\System32\Drivers\zlnimc.sys" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_MTQJXM -------\Legacy_NCKKOF -------\Legacy_RQKDQL -------\Legacy_ZLNIMC -------\Service_mtqjxm -------\Service_nckkof -------\Service_rqkdql -------\Service_zlnimc . . ((((((((((((((((((((((((( Files Created from 2012-04-22 to 2012-05-22 ))))))))))))))))))))))))))))))) . . 2012-05-22 18:35 . 2012-05-22 18:35 -------- d-----w- c:\users\Public\AppData\Local\temp 2012-05-22 18:35 . 2012-05-22 18:35 -------- d-----w- c:\users\Family\AppData\Local\temp 2012-05-22 18:35 . 2012-05-22 18:35 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-05-21 21:04 . 2012-05-21 21:04 -------- d-----w- c:\programdata\HitmanPro 2012-05-21 09:32 . 2012-05-21 09:32 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-05-21 09:32 . 2012-04-04 14:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-05-21 09:28 . 2012-05-22 19:26 -------- d-----w- c:\programdata\Kaspersky Lab 2012-05-21 09:28 . 2012-05-21 09:28 -------- d-----w- c:\program files (x86)\Kaspersky Lab 2012-05-20 21:26 . 2012-05-20 21:26 -------- d-----w- c:\windows\en 2012-05-20 21:16 . 2012-05-20 21:16 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\ddeff91f1cd36cd01\DSETUP.dll 2012-05-20 21:16 . 2012-05-20 21:16 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\ddeff91f1cd36cd01\DXSETUP.exe 2012-05-20 21:16 . 2012-05-20 21:16 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\ddeff91f1cd36cd01\dsetup32.dll 2012-05-20 19:27 . 2012-05-20 19:27 165168 ----a-w- c:\windows\system32\drivers\kneps.sys 2012-05-18 21:11 . 2012-05-18 21:11 -------- d-----w- c:\programdata\Downloaded Installations 2012-05-18 21:10 . 2012-05-18 21:10 -------- d-----w- c:\program files (x86)\GFI Software 2012-05-18 20:05 . 2012-05-18 20:05 -------- d-----w- c:\users\l\AppData\Local\Babylon 2012-05-18 20:05 . 2012-05-18 20:05 -------- d-----w- c:\users\l\AppData\Roaming\Babylon 2012-05-16 20:20 . 2012-05-16 20:20 -------- d-----w- c:\users\l\AppData\Local\Mozilla 2012-05-15 21:54 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll 2012-05-15 21:54 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll 2012-05-15 21:54 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-15 21:54 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys 2012-05-15 21:54 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-05-15 21:54 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-05-15 21:47 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys 2012-05-15 21:40 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-05-15 21:16 . 2012-05-15 21:37 -------- d-----w- c:\users\l\AppData\Roaming\PPLive 2012-05-15 20:46 . 2012-05-15 21:29 -------- d-----w- c:\program files (x86)\Common Files\PPLiveNetwork 2012-05-15 20:39 . 2012-05-15 21:29 -------- d-----w- c:\users\l\AppData\Roaming\JPDesk 2012-05-12 20:43 . 2012-05-12 21:05 -------- d-----w- c:\windows\SysWow64\Adobe 2012-05-09 20:37 . 2012-05-09 20:37 -------- d-----w- c:\users\Family\AppData\Local\ESET 2012-05-08 20:51 . 2012-05-08 20:51 -------- d-----w- c:\users\l\AppData\Local\ESET 2012-05-08 19:21 . 2009-12-30 10:21 31800 ----a-w- c:\windows\system32\drivers\revoflt.sys 2012-05-08 19:21 . 2012-05-08 19:21 -------- d-----w- c:\program files\VS Revo Group 2012-05-07 21:17 . 2012-05-19 21:58 -------- d-----w- c:\users\l\VirtualBox VMs 2012-05-07 21:16 . 2012-05-19 21:58 -------- d-----w- c:\users\l\.VirtualBox 2012-05-07 21:15 . 2012-04-12 17:12 224048 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys 2012-05-07 21:15 . 2012-04-12 17:12 130864 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys 2012-05-07 21:15 . 2012-05-19 22:00 -------- dc----w- c:\windows\system32\DRVSTORE 2012-05-04 17:36 . 2012-05-04 17:36 -------- d-----w- c:\users\l\DoctorWeb 2012-05-02 19:55 . 2012-05-02 19:55 -------- d-----w- c:\users\l\AppData\Roaming\EurekaLog 2012-05-02 19:55 . 2012-05-21 14:37 -------- d-----w- c:\users\l\AppData\Local\CrashDumps 2012-05-02 09:58 . 2012-05-15 21:30 -------- d-----w- c:\users\Family\AppData\Roaming\AVG2012 2012-05-01 21:35 . 2012-05-15 21:30 -------- d-----w- c:\programdata\Norton 2012-05-01 21:35 . 2012-05-01 21:40 -------- d-----w- c:\users\l\AppData\Local\NPE 2012-05-01 19:36 . 2012-05-01 19:36 12872 ----a-w- c:\windows\system32\bootdelete.exe 2012-04-30 07:54 . 2012-04-30 07:54 38288 ----a-w- c:\windows\system32\drivers\EpfwLWF.sys 2012-04-29 15:06 . 2004-03-08 22:00 131856 ----a-w- c:\windows\SysWow64\MSADODC.ocx 2012-04-29 15:06 . 2004-05-11 08:56 423784 ----a-w- c:\windows\SysWow64\XceedBkp.dll 2012-04-29 15:06 . 2003-11-19 12:59 512688 ----a-w- c:\windows\SysWow64\XceedCry.dll 2012-04-29 15:06 . 2002-03-12 13:36 431872 ----a-w- c:\windows\SysWow64\SSInput1.ocx 2012-04-29 15:06 . 2002-03-04 11:27 1140472 ----a-w- c:\windows\SysWow64\IGUltraGrid20.ocx 2012-04-29 15:06 . 2001-04-20 00:28 28672 ----a-w- c:\windows\SysWow64\systray.ocx 2012-04-29 15:06 . 2000-07-14 22:00 118784 ----a-w- c:\windows\SysWow64\msstdfmt.dll 2012-04-29 15:06 . 2004-01-09 09:54 188416 ----a-w- c:\windows\SysWow64\actsplash.ocx 2012-04-29 15:06 . 2000-07-15 04:00 101888 ----a-w- c:\windows\SysWow64\VB6STKIT.DLL 2012-04-29 15:06 . 2000-05-22 14:58 608448 ----a-w- c:\windows\SysWow64\comctl32.ocx 2012-04-29 15:06 . 2000-05-22 04:00 647872 ----a-w- c:\windows\SysWow64\MSCOMCT2.OCX 2012-04-27 20:46 . 2012-04-27 20:46 -------- d-----w- c:\program files\HitmanPro 2012-04-22 21:22 . 2012-04-22 21:24 -------- d-----w- c:\users\l\AppData\Roaming\AVG . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-05-04 17:35 . 2012-04-06 20:43 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-05-04 17:35 . 2012-02-29 22:51 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-05-04 17:35 . 2012-04-14 14:35 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2012-04-15 13:56 . 2012-04-15 13:56 16200 ----a-w- c:\windows\stinger.sys 2012-04-12 17:12 . 2012-04-12 17:12 147248 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys 2012-04-09 12:03 . 2012-04-09 12:03 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll 2012-04-09 12:03 . 2012-04-09 12:03 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll 2012-04-09 12:03 . 2012-04-09 12:03 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll 2012-03-11 20:13 . 2012-03-11 20:13 577824 ----a-w- c:\windows\system32\drivers\cmdGuard.sys 2012-03-11 20:13 . 2012-03-11 20:13 43248 ----a-w- c:\windows\system32\drivers\cmdhlp.sys 2012-03-11 20:13 . 2012-03-11 20:13 22696 ----a-w- c:\windows\system32\drivers\cmderd.sys 2012-03-11 20:13 . 2012-03-11 20:13 41200 ----a-w- c:\windows\system32\cmdcsr.dll 2012-03-11 20:13 . 2012-03-11 20:13 301224 ----a-w- c:\windows\SysWow64\guard32.dll 2012-03-11 20:13 . 2012-03-11 20:13 389840 ----a-w- c:\windows\system32\guard64.dll 2012-03-08 17:50 . 2012-03-08 17:50 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll 2012-03-08 17:37 . 2012-03-08 17:37 302448 ----a-w- c:\windows\WLXPGSS.SCR 2012-03-06 23:15 . 2012-04-07 16:14 41184 ----a-w- c:\windows\avastSS.scr 2012-03-06 23:15 . 2012-04-07 16:14 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe 2012-03-02 21:55 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll 2012-03-02 21:55 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll 2012-03-01 21:37 . 2011-03-28 18:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2012-03-01 06:46 . 2012-04-10 21:36 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2012-03-01 06:38 . 2012-04-10 21:36 220672 ----a-w- c:\windows\system32\wintrust.dll 2012-03-01 06:33 . 2012-04-10 21:36 81408 ----a-w- c:\windows\system32\imagehlp.dll 2012-03-01 06:28 . 2012-04-10 21:36 5120 ----a-w- c:\windows\system32\wmi.dll 2012-03-01 05:37 . 2012-04-10 21:36 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-03-01 05:33 . 2012-04-10 21:36 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll 2012-03-01 05:29 . 2012-04-10 21:36 5120 ----a-w- c:\windows\SysWow64\wmi.dll 2012-02-28 06:39 . 2012-04-10 21:33 1188864 ----a-w- c:\windows\system32\wininet.dll 2012-02-28 05:38 . 2012-04-10 21:33 981504 ----a-w- c:\windows\SysWow64\wininet.dll 2012-02-28 04:31 . 2012-04-10 21:33 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2012-02-28 03:52 . 2012-04-10 21:33 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb . . ((((((((((((((((((((((((((((( SnapShot@2012-05-22_10.58.44 ))))))))))))))))))))))))))))))))))))))))) . - 2009-07-14 04:54 . 2012-05-18 19:03 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:54 . 2012-05-22 18:37 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:54 . 2012-05-22 18:37 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2012-05-18 19:03 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2012-05-18 19:03 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2012-05-22 18:37 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 05:10 . 2012-05-22 10:59 39226 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-05-22 18:21 39226 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2012-02-29 22:00 . 2012-05-22 18:21 19554 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-202137972-4065337361-2662209299-1000_UserData.bin + 2012-02-29 21:49 . 2012-05-22 19:07 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2012-02-29 21:49 . 2012-05-22 10:28 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2012-02-29 21:49 . 2012-05-22 19:07 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2012-02-29 21:49 . 2012-05-22 10:28 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2012-05-22 19:07 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:54 . 2012-05-22 10:28 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2012-02-29 22:18 . 2012-05-22 18:39 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2012-02-29 22:18 . 2012-05-22 10:58 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2012-02-29 22:18 . 2012-05-22 10:58 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2012-02-29 22:18 . 2012-05-22 18:39 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2012-02-29 22:18 . 2012-05-22 10:58 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2012-02-29 22:18 . 2012-05-22 18:39 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2012-02-29 22:19 . 2012-05-22 19:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2012-02-29 22:19 . 2012-05-22 10:58 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2012-02-29 22:19 . 2012-05-22 19:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2012-02-29 22:19 . 2012-05-22 10:58 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2012-05-22 10:57 . 2012-05-22 10:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-05-22 18:37 . 2012-05-22 18:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-05-22 10:57 . 2012-05-22 10:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2012-05-22 18:37 . 2012-05-22 18:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2012-03-04 22:07 . 2012-05-22 12:49 243024 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin + 2009-07-14 05:12 . 2012-05-22 18:39 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat - 2009-07-14 05:12 . 2012-05-22 10:28 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat + 2012-03-30 19:50 . 2012-05-22 18:32 262144 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat - 2012-03-30 19:50 . 2012-05-21 21:19 262144 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat + 2009-07-14 05:01 . 2012-05-22 18:36 385004 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2009-07-14 05:01 . 2012-05-22 10:56 385004 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2011-10-18 2319536] "ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2011-07-21 5716608] "ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624] "HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2011-04-24 202296] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-04 257696] R3 bdsandbox;bdsandbox;c:\windows\system32\drivers\bdsandbox.sys [x] R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x] R3 cphs;Intel® Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-02-14 276248] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x] R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-05-25 17536] S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x] S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-02 15416] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-20 2656280] S3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys [x] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x] S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] . . Contents of the 'Scheduled Tasks' folder . 2012-05-22 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 17:35] . 2012-05-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-202137972-4065337361-2662209299-1000Core.job - c:\users\l\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-29 22:35] . 2012-05-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-202137972-4065337361-2662209299-1000UA.job - c:\users\l\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-29 22:35] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-02-14 170264] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-02-14 398616] "Persistence"="c:\windows\system32\igfxpers.exe" [2012-02-14 440600] "combofix"="c:\combofix\CF1056.3XE" [2010-11-20 345088] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=c:\windows\System32\guard64.dll . ------- Supplementary Scan ------- . uLocal Page = \blank.htm uStart Page = hxxp://www.google.co.uk/ mStart Page = about:blank mLocal Page = c:\windows\SysWOW64\blank.htm IE: Add to Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: {{68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - TCP: DhcpNameServer = 192.168.0.1 . - - - - ORPHANS REMOVED - - - - . WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file) ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file) ShellIconOverlayIdentifiers-{152C96EB-288E-4EDC-B7C6-D21F8250ADF3} - (no file) ShellIconOverlayIdentifiers-{342DAA0B-D796-460D-8566-901E08A1CCAD} - (no file) ShellIconOverlayIdentifiers-{57595DAE-1AE1-4D97-A49E-67CBB53B52DF} - (no file) ShellIconOverlayIdentifiers-{33816773-98AE-4723-ADE0-EBE54C8B5A67} - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" "Key"="ActionsPane3" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office/smartdocuments/2003\0] "Key"="http://schemas.microsoft.com/office/smartdocuments/2003" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office/smartdocuments/2003\0\{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}\Alias] "0"="Microsoft Actions Pane 3" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe c:\users\l\AppData\Local\Google\Chrome\Application\chrome.exe c:\users\l\AppData\Local\Google\Chrome\Application\chrome.exe c:\users\l\AppData\Local\Google\Chrome\Application\chrome.exe c:\users\l\AppData\Local\Google\Chrome\Application\chrome.exe c:\users\l\AppData\Local\Google\Chrome\Application\chrome.exe c:\users\l\AppData\Local\Google\Chrome\Application\chrome.exe c:\users\l\AppData\Local\Google\Chrome\Application\chrome.exe c:\users\l\AppData\Local\Google\Chrome\Application\chrome.exe c:\users\l\AppData\Local\Google\Chrome\Application\chrome.exe c:\windows\SysWOW64\rundll32.exe c:\users\l\AppData\Local\Google\Chrome\Application\chrome.exe c:\users\l\AppData\Local\Google\Chrome\Application\chrome.exe c:\users\l\AppData\Local\Google\Chrome\Application\chrome.exe . ************************************************************************** . Completion time: 2012-05-22 20:33:19 - machine was rebooted ComboFix-quarantined-files.txt 2012-05-22 19:33 ComboFix2.txt 2012-05-22 11:05 . Pre-Run: 573,787,475,968 bytes free Post-Run: 573,234,409,472 bytes free . - - End Of File - - E97982A4251C151B1118E95C89055734
  9. TomSmith
    Results of screen317's Security Check version 0.99.34 Windows 7 x64 (UAC is disabled!) Internet Explorer 8 Out of date! `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Disabled! Kaspersky Internet Security 2012 WMI entry may not exist for antivirus; attempting automatic update. ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes Anti-Malware version 1.61.0.1400 ```````````````````````````````` Process Check: objlist.exe by Laurent Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Kaspersky Lab Kaspersky Internet Security 2012 avp.exe ``````````End of Log````````````
  10. TomSmith
    Comp is running better. I still think a few more checks are needed though. 11:43:40.0447 4700 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16 11:43:40.0712 4700 ============================================================ 11:43:40.0712 4700 Current date / time: 2012/05/22 11:43:40.0712 11:43:40.0712 4700 SystemInfo: 11:43:40.0712 4700 11:43:40.0712 4700 OS Version: 6.1.7601 ServicePack: 1.0 11:43:40.0712 4700 Product type: Workstation 11:43:40.0712 4700 ComputerName: L-PC 11:43:40.0712 4700 UserName: l 11:43:40.0712 4700 Windows directory: C:\Windows 11:43:40.0712 4700 System windows directory: C:\Windows 11:43:40.0712 4700 Running under WOW64 11:43:40.0712 4700 Processor architecture: Intel x64 11:43:40.0712 4700 Number of processors: 4 11:43:40.0712 4700 Page size: 0x1000 11:43:40.0712 4700 Boot type: Normal boot 11:43:40.0712 4700 ============================================================ 11:43:43.0629 4700 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 11:43:43.0660 4700 ============================================================ 11:43:43.0660 4700 \Device\Harddisk0\DR0: 11:43:43.0660 4700 MBR partitions: 11:43:43.0660 4700 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2AF98B8, BlocksNum 0x47D5E1F8 11:43:43.0660 4700 ============================================================ 11:43:43.0676 4700 C: <-> \Device\Harddisk0\DR0\Partition0 11:43:43.0676 4700 ============================================================ 11:43:43.0676 4700 Initialize success 11:43:43.0676 4700 ============================================================ 11:43:45.0252 2080 ============================================================ 11:43:45.0252 2080 Scan started 11:43:45.0252 2080 Mode: Manual; 11:43:45.0252 2080 ============================================================ 11:43:47.0467 2080 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys 11:43:47.0482 2080 1394ohci - ok 11:43:47.0560 2080 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 11:43:47.0576 2080 ACPI - ok 11:43:47.0623 2080 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 11:43:47.0623 2080 AcpiPmi - ok 11:43:47.0763 2080 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 11:43:47.0763 2080 AdobeFlashPlayerUpdateSvc - ok 11:43:47.0841 2080 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 11:43:47.0872 2080 adp94xx - ok 11:43:47.0888 2080 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 11:43:47.0919 2080 adpahci - ok 11:43:47.0935 2080 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 11:43:47.0950 2080 adpu320 - ok 11:43:47.0982 2080 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll 11:43:47.0997 2080 AeLookupSvc - ok 11:43:48.0075 2080 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys 11:43:48.0091 2080 AFD - ok 11:43:48.0138 2080 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 11:43:48.0153 2080 agp440 - ok 11:43:48.0184 2080 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe 11:43:48.0184 2080 ALG - ok 11:43:48.0200 2080 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 11:43:48.0216 2080 aliide - ok 11:43:48.0247 2080 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 11:43:48.0247 2080 amdide - ok 11:43:48.0294 2080 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 11:43:48.0294 2080 AmdK8 - ok 11:43:48.0309 2080 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 11:43:48.0309 2080 AmdPPM - ok 11:43:48.0356 2080 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys 11:43:48.0372 2080 amdsata - ok 11:43:48.0403 2080 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 11:43:48.0418 2080 amdsbs - ok 11:43:48.0450 2080 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys 11:43:48.0450 2080 amdxata - ok 11:43:48.0496 2080 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 11:43:48.0496 2080 AppID - ok 11:43:48.0528 2080 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll 11:43:48.0528 2080 AppIDSvc - ok 11:43:48.0590 2080 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll 11:43:48.0590 2080 Appinfo - ok 11:43:48.0668 2080 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 11:43:48.0668 2080 arc - ok 11:43:48.0684 2080 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 11:43:48.0684 2080 arcsas - ok 11:43:48.0808 2080 ASLDRService (18e5c2f937f9deb8c282df66a3761925) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe 11:43:48.0808 2080 ASLDRService - ok 11:43:48.0840 2080 ASMMAP64 (4c016fd76ed5c05e84ca8cab77993961) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys 11:43:48.0840 2080 ASMMAP64 - ok 11:43:48.0855 2080 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 11:43:48.0855 2080 AsyncMac - ok 11:43:48.0886 2080 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 11:43:48.0886 2080 atapi - ok 11:43:49.0042 2080 athr (a5e770426d18f8ef332a593f3289da91) C:\Windows\system32\DRIVERS\athrx.sys 11:43:49.0261 2080 athr - ok 11:43:49.0386 2080 ATKGFNEXSrv (7910158929571214a959d5a6d16dd9c0) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe 11:43:49.0386 2080 ATKGFNEXSrv - ok 11:43:49.0417 2080 ATKWMIACPIIO (ac31727f9946e9009480708e4d1b9986) C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys 11:43:49.0417 2080 ATKWMIACPIIO - ok 11:43:49.0588 2080 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 11:43:49.0635 2080 AudioEndpointBuilder - ok 11:43:49.0651 2080 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 11:43:49.0651 2080 AudioSrv - ok 11:43:49.0729 2080 avchv (4c6bcc638798abe1f70afca70d889c3f) C:\Windows\system32\DRIVERS\avchv.sys 11:43:49.0744 2080 avchv - ok 11:43:49.0963 2080 AVP (2718dc27571bd1e37813f5759d2dc118) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe 11:43:49.0978 2080 AVP - ok 11:43:50.0025 2080 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll 11:43:50.0025 2080 AxInstSV - ok 11:43:50.0103 2080 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 11:43:50.0119 2080 b06bdrv - ok 11:43:50.0181 2080 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 11:43:50.0197 2080 b57nd60a - ok 11:43:50.0275 2080 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll 11:43:50.0290 2080 BDESVC - ok 11:43:50.0322 2080 bdsandbox (31571d77c6186ad228f52ee4ebdf8ee9) C:\Windows\system32\drivers\bdsandbox.sys 11:43:50.0337 2080 bdsandbox - ok 11:43:50.0337 2080 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 11:43:50.0353 2080 Beep - ok 11:43:50.0446 2080 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll 11:43:50.0478 2080 BFE - ok 11:43:50.0571 2080 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll 11:43:50.0618 2080 BITS - ok 11:43:50.0680 2080 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 11:43:50.0696 2080 blbdrive - ok 11:43:50.0743 2080 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 11:43:50.0743 2080 bowser - ok 11:43:50.0774 2080 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 11:43:50.0774 2080 BrFiltLo - ok 11:43:50.0774 2080 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 11:43:50.0790 2080 BrFiltUp - ok 11:43:50.0836 2080 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys 11:43:50.0852 2080 BridgeMP - ok 11:43:50.0883 2080 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll 11:43:50.0883 2080 Browser - ok 11:43:50.0930 2080 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 11:43:50.0930 2080 Brserid - ok 11:43:50.0946 2080 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 11:43:50.0961 2080 BrSerWdm - ok 11:43:50.0977 2080 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 11:43:50.0977 2080 BrUsbMdm - ok 11:43:50.0992 2080 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 11:43:50.0992 2080 BrUsbSer - ok 11:43:51.0070 2080 BtFilter (0f4c980b9612abdb25bcabf0c660c058) C:\Windows\system32\DRIVERS\btfilter.sys 11:43:51.0070 2080 BtFilter - ok 11:43:51.0102 2080 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 11:43:51.0117 2080 BTHMODEM - ok 11:43:51.0164 2080 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys 11:43:51.0180 2080 BTHPORT - ok 11:43:51.0242 2080 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll 11:43:51.0242 2080 bthserv - ok 11:43:51.0273 2080 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys 11:43:51.0273 2080 BTHUSB - ok 11:43:51.0320 2080 catchme - ok 11:43:51.0367 2080 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 11:43:51.0367 2080 cdfs - ok 11:43:51.0429 2080 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys 11:43:51.0445 2080 cdrom - ok 11:43:51.0507 2080 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 11:43:51.0523 2080 CertPropSvc - ok 11:43:51.0554 2080 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 11:43:51.0570 2080 circlass - ok 11:43:51.0632 2080 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 11:43:51.0632 2080 CLFS - ok 11:43:51.0710 2080 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 11:43:51.0710 2080 clr_optimization_v2.0.50727_32 - ok 11:43:51.0757 2080 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 11:43:51.0757 2080 clr_optimization_v2.0.50727_64 - ok 11:43:51.0850 2080 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 11:43:51.0866 2080 clr_optimization_v4.0.30319_32 - ok 11:43:51.0928 2080 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 11:43:51.0928 2080 clr_optimization_v4.0.30319_64 - ok 11:43:51.0975 2080 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 11:43:51.0991 2080 CmBatt - ok 11:43:52.0006 2080 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 11:43:52.0022 2080 cmdide - ok 11:43:52.0084 2080 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys 11:43:52.0100 2080 CNG - ok 11:43:52.0162 2080 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 11:43:52.0178 2080 Compbatt - ok 11:43:52.0240 2080 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys 11:43:52.0256 2080 CompositeBus - ok 11:43:52.0287 2080 COMSysApp - ok 11:43:52.0521 2080 cphs (df3e8c2c443d3618260dff5705ce2df5) C:\Windows\SysWow64\IntelCpHeciSvc.exe 11:43:52.0521 2080 cphs - ok 11:43:52.0552 2080 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 11:43:52.0568 2080 crcdisk - ok 11:43:52.0646 2080 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll 11:43:52.0662 2080 CryptSvc - ok 11:43:52.0740 2080 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 11:43:52.0755 2080 DcomLaunch - ok 11:43:52.0802 2080 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll 11:43:52.0818 2080 defragsvc - ok 11:43:52.0864 2080 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 11:43:52.0864 2080 DfsC - ok 11:43:52.0927 2080 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll 11:43:52.0942 2080 Dhcp - ok 11:43:52.0974 2080 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 11:43:52.0974 2080 discache - ok 11:43:53.0005 2080 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 11:43:53.0005 2080 Disk - ok 11:43:53.0036 2080 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll 11:43:53.0052 2080 Dnscache - ok 11:43:53.0083 2080 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll 11:43:53.0098 2080 dot3svc - ok 11:43:53.0145 2080 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll 11:43:53.0161 2080 DPS - ok 11:43:53.0192 2080 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 11:43:53.0208 2080 drmkaud - ok 11:43:53.0286 2080 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 11:43:53.0317 2080 DXGKrnl - ok 11:43:53.0364 2080 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll 11:43:53.0379 2080 EapHost - ok 11:43:53.0535 2080 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 11:43:53.0676 2080 ebdrv - ok 11:43:53.0816 2080 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe 11:43:53.0816 2080 EFS - ok 11:43:53.0910 2080 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe 11:43:53.0925 2080 ehRecvr - ok 11:43:53.0972 2080 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe 11:43:53.0972 2080 ehSched - ok 11:43:54.0050 2080 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 11:43:54.0081 2080 elxstor - ok 11:43:54.0112 2080 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 11:43:54.0128 2080 ErrDev - ok 11:43:54.0206 2080 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll 11:43:54.0222 2080 EventSystem - ok 11:43:54.0284 2080 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 11:43:54.0284 2080 exfat - ok 11:43:54.0315 2080 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 11:43:54.0315 2080 fastfat - ok 11:43:54.0393 2080 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe 11:43:54.0440 2080 Fax - ok 11:43:54.0440 2080 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 11:43:54.0456 2080 fdc - ok 11:43:54.0502 2080 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll 11:43:54.0502 2080 fdPHost - ok 11:43:54.0518 2080 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll 11:43:54.0518 2080 FDResPub - ok 11:43:54.0534 2080 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 11:43:54.0549 2080 FileInfo - ok 11:43:54.0565 2080 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 11:43:54.0565 2080 Filetrace - ok 11:43:54.0580 2080 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 11:43:54.0580 2080 flpydisk - ok 11:43:54.0627 2080 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 11:43:54.0643 2080 FltMgr - ok 11:43:54.0721 2080 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll 11:43:54.0768 2080 FontCache - ok 11:43:54.0846 2080 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 11:43:54.0846 2080 FontCache3.0.0.0 - ok 11:43:54.0892 2080 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 11:43:54.0892 2080 FsDepends - ok 11:43:54.0924 2080 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys 11:43:54.0924 2080 Fs_Rec - ok 11:43:54.0986 2080 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 11:43:54.0986 2080 fvevol - ok 11:43:55.0033 2080 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 11:43:55.0033 2080 gagp30kx - ok 11:43:55.0111 2080 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll 11:43:55.0158 2080 gpsvc - ok 11:43:55.0189 2080 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 11:43:55.0189 2080 hcw85cir - ok 11:43:55.0267 2080 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys 11:43:55.0283 2080 HdAudAddService - ok 11:43:55.0329 2080 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys 11:43:55.0329 2080 HDAudBus - ok 11:43:55.0345 2080 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 11:43:55.0345 2080 HidBatt - ok 11:43:55.0376 2080 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 11:43:55.0407 2080 HidBth - ok 11:43:55.0423 2080 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 11:43:55.0423 2080 HidIr - ok 11:43:55.0485 2080 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll 11:43:55.0485 2080 hidserv - ok 11:43:55.0532 2080 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys 11:43:55.0548 2080 HidUsb - ok 11:43:55.0595 2080 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll 11:43:55.0595 2080 hkmsvc - ok 11:43:55.0673 2080 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll 11:43:55.0673 2080 HomeGroupListener - ok 11:43:55.0719 2080 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll 11:43:55.0735 2080 HomeGroupProvider - ok 11:43:55.0782 2080 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 11:43:55.0782 2080 HpSAMD - ok 11:43:55.0875 2080 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 11:43:55.0907 2080 HTTP - ok 11:43:55.0953 2080 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 11:43:55.0953 2080 hwpolicy - ok 11:43:56.0016 2080 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys 11:43:56.0016 2080 i8042prt - ok 11:43:56.0094 2080 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys 11:43:56.0125 2080 iaStorV - ok 11:43:56.0234 2080 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 11:43:56.0250 2080 idsvc - ok 11:43:57.0045 2080 igfx (276ee9cdab16c50e1df0e4cefa882f5f) C:\Windows\system32\DRIVERS\igdkmd64.sys 11:43:57.0529 2080 igfx - ok 11:43:58.0106 2080 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 11:43:58.0106 2080 iirsp - ok 11:43:58.0184 2080 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll 11:43:58.0215 2080 IKEEXT - ok 11:43:58.0278 2080 IntcAzAudAddService - ok 11:43:58.0325 2080 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys 11:43:58.0340 2080 IntcDAud - ok 11:43:58.0371 2080 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 11:43:58.0371 2080 intelide - ok 11:43:58.0387 2080 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 11:43:58.0387 2080 intelppm - ok 11:43:58.0434 2080 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll 11:43:58.0449 2080 IPBusEnum - ok 11:43:58.0481 2080 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 11:43:58.0481 2080 IpFilterDriver - ok 11:43:58.0574 2080 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll 11:43:58.0590 2080 iphlpsvc - ok 11:43:58.0637 2080 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 11:43:58.0637 2080 IPMIDRV - ok 11:43:58.0683 2080 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 11:43:58.0683 2080 IPNAT - ok 11:43:58.0699 2080 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 11:43:58.0699 2080 IRENUM - ok 11:43:58.0715 2080 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 11:43:58.0730 2080 isapnp - ok 11:43:58.0746 2080 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 11:43:58.0761 2080 iScsiPrt - ok 11:43:58.0808 2080 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys 11:43:58.0808 2080 kbdclass - ok 11:43:58.0839 2080 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys 11:43:58.0855 2080 kbdhid - ok 11:43:58.0886 2080 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 11:43:58.0886 2080 KeyIso - ok 11:43:58.0980 2080 KL1 (e656fe10d6d27794afa08136685a69e8) C:\Windows\system32\DRIVERS\kl1.sys 11:43:59.0011 2080 KL1 - ok 11:43:59.0011 2080 kl2 (d865dd8b0448e3f963d68c04c532858f) C:\Windows\system32\DRIVERS\kl2.sys 11:43:59.0027 2080 kl2 - ok 11:43:59.0105 2080 KLIF (c7d4f357c482dd37e2b05f34093b7b0c) C:\Windows\system32\DRIVERS\klif.sys 11:43:59.0136 2080 KLIF - ok 11:43:59.0198 2080 KLIM6 (89fb5a33d7171b6d84f5eb721d5055e1) C:\Windows\system32\DRIVERS\klim6.sys 11:43:59.0198 2080 KLIM6 - ok 11:43:59.0245 2080 klmouflt (9468d07e91ba136d82415f5dfc1fe168) C:\Windows\system32\DRIVERS\klmouflt.sys 11:43:59.0245 2080 klmouflt - ok 11:43:59.0292 2080 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys 11:43:59.0292 2080 KSecDD - ok 11:43:59.0323 2080 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys 11:43:59.0339 2080 KSecPkg - ok 11:43:59.0385 2080 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 11:43:59.0385 2080 ksthunk - ok 11:43:59.0432 2080 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll 11:43:59.0448 2080 KtmRm - ok 11:43:59.0510 2080 L1C (655a5d8e80869781cce23760ada7e695) C:\Windows\system32\DRIVERS\L1C62x64.sys 11:43:59.0510 2080 L1C - ok 11:43:59.0604 2080 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll 11:43:59.0619 2080 LanmanServer - ok 11:43:59.0682 2080 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll 11:43:59.0682 2080 LanmanWorkstation - ok 11:43:59.0760 2080 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 11:43:59.0760 2080 lltdio - ok 11:43:59.0791 2080 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll 11:43:59.0807 2080 lltdsvc - ok 11:43:59.0853 2080 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll 11:43:59.0853 2080 lmhosts - ok 11:43:59.0963 2080 LMS (7f32d4c47a50e7223491e8fb9359907d) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe 11:43:59.0978 2080 LMS - ok 11:44:00.0025 2080 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 11:44:00.0041 2080 LSI_FC - ok 11:44:00.0056 2080 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 11:44:00.0072 2080 LSI_SAS - ok 11:44:00.0087 2080 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 11:44:00.0087 2080 LSI_SAS2 - ok 11:44:00.0103 2080 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 11:44:00.0103 2080 LSI_SCSI - ok 11:44:00.0165 2080 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 11:44:00.0181 2080 luafv - ok 11:44:00.0212 2080 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys 11:44:00.0228 2080 MBAMProtector - ok 11:44:00.0306 2080 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 11:44:00.0321 2080 MBAMService - ok 11:44:00.0384 2080 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll 11:44:00.0384 2080 Mcx2Svc - ok 11:44:00.0415 2080 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 11:44:00.0415 2080 megasas - ok 11:44:00.0462 2080 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 11:44:00.0462 2080 MegaSR - ok 11:44:00.0524 2080 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys 11:44:00.0524 2080 MEIx64 - ok 11:44:00.0727 2080 Microsoft SharePoint Workspace Audit Service - ok 11:44:00.0774 2080 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 11:44:00.0774 2080 MMCSS - ok 11:44:00.0805 2080 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 11:44:00.0821 2080 Modem - ok 11:44:00.0836 2080 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 11:44:00.0836 2080 monitor - ok 11:44:00.0883 2080 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 11:44:00.0883 2080 mouclass - ok 11:44:00.0914 2080 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 11:44:00.0914 2080 mouhid - ok 11:44:00.0977 2080 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 11:44:00.0977 2080 mountmgr - ok 11:44:01.0023 2080 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 11:44:01.0039 2080 mpio - ok 11:44:01.0055 2080 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 11:44:01.0055 2080 mpsdrv - ok 11:44:01.0117 2080 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll 11:44:01.0164 2080 MpsSvc - ok 11:44:01.0211 2080 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 11:44:01.0211 2080 MRxDAV - ok 11:44:01.0273 2080 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys 11:44:01.0273 2080 mrxsmb - ok 11:44:01.0320 2080 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys 11:44:01.0335 2080 mrxsmb10 - ok 11:44:01.0367 2080 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 11:44:01.0367 2080 mrxsmb20 - ok 11:44:01.0413 2080 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 11:44:01.0429 2080 msahci - ok 11:44:01.0460 2080 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 11:44:01.0460 2080 msdsm - ok 11:44:01.0507 2080 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe 11:44:01.0523 2080 MSDTC - ok 11:44:01.0569 2080 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 11:44:01.0569 2080 Msfs - ok 11:44:01.0601 2080 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 11:44:01.0601 2080 mshidkmdf - ok 11:44:01.0632 2080 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 11:44:01.0632 2080 msisadrv - ok 11:44:01.0679 2080 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll 11:44:01.0694 2080 MSiSCSI - ok 11:44:01.0694 2080 msiserver - ok 11:44:01.0741 2080 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 11:44:01.0741 2080 MSKSSRV - ok 11:44:01.0757 2080 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 11:44:01.0757 2080 MSPCLOCK - ok 11:44:01.0757 2080 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 11:44:01.0757 2080 MSPQM - ok 11:44:01.0819 2080 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 11:44:01.0819 2080 MsRPC - ok 11:44:01.0850 2080 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys 11:44:01.0866 2080 mssmbios - ok 11:44:01.0881 2080 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 11:44:01.0881 2080 MSTEE - ok 11:44:01.0897 2080 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 11:44:01.0897 2080 MTConfig - ok 11:44:01.0944 2080 mtqjxm - ok 11:44:01.0959 2080 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 11:44:01.0959 2080 Mup - ok 11:44:02.0053 2080 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll 11:44:02.0069 2080 napagent - ok 11:44:02.0147 2080 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 11:44:02.0147 2080 NativeWifiP - ok 11:44:02.0162 2080 nckkof - ok 11:44:02.0256 2080 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys 11:44:02.0303 2080 NDIS - ok 11:44:02.0349 2080 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 11:44:02.0349 2080 NdisCap - ok 11:44:02.0365 2080 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 11:44:02.0365 2080 NdisTapi - ok 11:44:02.0427 2080 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 11:44:02.0427 2080 Ndisuio - ok 11:44:02.0474 2080 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 11:44:02.0490 2080 NdisWan - ok 11:44:02.0505 2080 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 11:44:02.0505 2080 NDProxy - ok 11:44:02.0537 2080 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 11:44:02.0552 2080 NetBIOS - ok 11:44:02.0599 2080 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 11:44:02.0615 2080 NetBT - ok 11:44:02.0646 2080 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 11:44:02.0646 2080 Netlogon - ok 11:44:02.0708 2080 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll 11:44:02.0724 2080 Netman - ok 11:44:02.0755 2080 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll 11:44:02.0786 2080 netprofm - ok 11:44:02.0864 2080 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 11:44:02.0864 2080 NetTcpPortSharing - ok 11:44:02.0911 2080 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 11:44:02.0911 2080 nfrd960 - ok 11:44:03.0207 2080 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll 11:44:03.0223 2080 NlaSvc - ok 11:44:03.0239 2080 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 11:44:03.0239 2080 Npfs - ok 11:44:03.0270 2080 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll 11:44:03.0301 2080 nsi - ok 11:44:03.0317 2080 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 11:44:03.0332 2080 nsiproxy - ok 11:44:03.0441 2080 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys 11:44:03.0504 2080 Ntfs - ok 11:44:03.0644 2080 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 11:44:03.0660 2080 Null - ok 11:44:03.0707 2080 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys 11:44:03.0722 2080 nvraid - ok 11:44:03.0769 2080 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys 11:44:03.0785 2080 nvstor - ok 11:44:03.0831 2080 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 11:44:03.0831 2080 nv_agp - ok 11:44:03.0878 2080 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 11:44:03.0894 2080 ohci1394 - ok 11:44:04.0003 2080 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 11:44:04.0003 2080 ose - ok 11:44:04.0299 2080 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 11:44:04.0377 2080 osppsvc - ok 11:44:04.0518 2080 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 11:44:04.0533 2080 p2pimsvc - ok 11:44:04.0580 2080 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll 11:44:04.0596 2080 p2psvc - ok 11:44:04.0643 2080 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 11:44:04.0658 2080 Parport - ok 11:44:04.0689 2080 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys 11:44:04.0689 2080 partmgr - ok 11:44:04.0705 2080 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll 11:44:04.0721 2080 PcaSvc - ok 11:44:04.0783 2080 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 11:44:04.0799 2080 pci - ok 11:44:04.0830 2080 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 11:44:04.0830 2080 pciide - ok 11:44:04.0861 2080 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 11:44:04.0877 2080 pcmcia - ok 11:44:04.0877 2080 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 11:44:04.0892 2080 pcw - ok 11:44:04.0955 2080 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 11:44:04.0970 2080 PEAUTH - ok 11:44:05.0095 2080 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe 11:44:05.0095 2080 PerfHost - ok 11:44:05.0204 2080 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll 11:44:05.0267 2080 pla - ok 11:44:05.0329 2080 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll 11:44:05.0345 2080 PlugPlay - ok 11:44:05.0391 2080 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll 11:44:05.0391 2080 PNRPAutoReg - ok 11:44:05.0438 2080 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 11:44:05.0454 2080 PNRPsvc - ok 11:44:05.0516 2080 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll 11:44:05.0532 2080 PolicyAgent - ok 11:44:05.0594 2080 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll 11:44:05.0610 2080 Power - ok 11:44:05.0688 2080 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 11:44:05.0688 2080 PptpMiniport - ok 11:44:05.0719 2080 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 11:44:05.0719 2080 Processor - ok 11:44:05.0766 2080 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll 11:44:05.0781 2080 ProfSvc - ok 11:44:05.0797 2080 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 11:44:05.0813 2080 ProtectedStorage - ok 11:44:05.0828 2080 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 11:44:05.0844 2080 Psched - ok 11:44:05.0937 2080 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 11:44:06.0047 2080 ql2300 - ok 11:44:06.0187 2080 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 11:44:06.0203 2080 ql40xx - ok 11:44:06.0234 2080 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll 11:44:06.0249 2080 QWAVE - ok 11:44:06.0265 2080 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 11:44:06.0265 2080 QWAVEdrv - ok 11:44:06.0281 2080 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 11:44:06.0281 2080 RasAcd - ok 11:44:06.0312 2080 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 11:44:06.0327 2080 RasAgileVpn - ok 11:44:06.0359 2080 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll 11:44:06.0359 2080 RasAuto - ok 11:44:06.0405 2080 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 11:44:06.0421 2080 Rasl2tp - ok 11:44:06.0452 2080 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll 11:44:06.0468 2080 RasMan - ok 11:44:06.0483 2080 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 11:44:06.0483 2080 RasPppoe - ok 11:44:06.0499 2080 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 11:44:06.0515 2080 RasSstp - ok 11:44:06.0561 2080 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 11:44:06.0577 2080 rdbss - ok 11:44:06.0577 2080 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 11:44:06.0577 2080 rdpbus - ok 11:44:06.0608 2080 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 11:44:06.0608 2080 RDPCDD - ok 11:44:06.0624 2080 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 11:44:06.0624 2080 RDPENCDD - ok 11:44:06.0639 2080 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 11:44:06.0639 2080 RDPREFMP - ok 11:44:06.0717 2080 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys 11:44:06.0733 2080 RDPWD - ok 11:44:06.0749 2080 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 11:44:06.0764 2080 rdyboost - ok 11:44:06.0811 2080 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll 11:44:06.0811 2080 RemoteAccess - ok 11:44:06.0858 2080 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll 11:44:06.0873 2080 RemoteRegistry - ok 11:44:06.0905 2080 Revoflt (9c3ac71a9934b884fac567a8807e9c4d) C:\Windows\system32\DRIVERS\revoflt.sys 11:44:06.0920 2080 Revoflt - ok 11:44:06.0967 2080 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll 11:44:06.0967 2080 RpcEptMapper - ok 11:44:07.0014 2080 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe 11:44:07.0014 2080 RpcLocator - ok 11:44:07.0061 2080 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 11:44:07.0076 2080 RpcSs - ok 11:44:07.0123 2080 rqkdql - ok 11:44:07.0170 2080 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 11:44:07.0170 2080 rspndr - ok 11:44:07.0201 2080 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 11:44:07.0201 2080 SamSs - ok 11:44:07.0248 2080 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 11:44:07.0248 2080 sbp2port - ok 11:44:07.0295 2080 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll 11:44:07.0310 2080 SCardSvr - ok 11:44:07.0341 2080 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 11:44:07.0357 2080 scfilter - ok 11:44:07.0435 2080 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll 11:44:07.0482 2080 Schedule - ok 11:44:07.0529 2080 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 11:44:07.0529 2080 SCPolicySvc - ok 11:44:07.0575 2080 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll 11:44:07.0591 2080 SDRSVC - ok 11:44:07.0653 2080 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 11:44:07.0653 2080 secdrv - ok 11:44:07.0669 2080 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll 11:44:07.0669 2080 seclogon - ok 11:44:07.0716 2080 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll 11:44:07.0731 2080 SENS - ok 11:44:07.0731 2080 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll 11:44:07.0747 2080 SensrSvc - ok 11:44:07.0747 2080 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 11:44:07.0763 2080 Serenum - ok 11:44:07.0778 2080 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 11:44:07.0794 2080 Serial - ok 11:44:07.0887 2080 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 11:44:07.0903 2080 sermouse - ok 11:44:07.0950 2080 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll 11:44:07.0965 2080 SessionEnv - ok 11:44:07.0997 2080 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 11:44:07.0997 2080 sffdisk - ok 11:44:08.0012 2080 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 11:44:08.0028 2080 sffp_mmc - ok 11:44:08.0028 2080 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys 11:44:08.0028 2080 sffp_sd - ok 11:44:08.0059 2080 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 11:44:08.0059 2080 sfloppy - ok 11:44:08.0121 2080 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll 11:44:08.0137 2080 SharedAccess - ok 11:44:08.0184 2080 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll 11:44:08.0199 2080 ShellHWDetection - ok 11:44:08.0231 2080 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 11:44:08.0246 2080 SiSRaid2 - ok 11:44:08.0262 2080 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 11:44:08.0262 2080 SiSRaid4 - ok 11:44:08.0293 2080 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 11:44:08.0293 2080 Smb - ok 11:44:08.0371 2080 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe 11:44:08.0371 2080 SNMPTRAP - ok 11:44:08.0387 2080 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 11:44:08.0387 2080 spldr - ok 11:44:08.0449 2080 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe 11:44:08.0480 2080 Spooler - ok 11:44:08.0683 2080 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe 11:44:08.0792 2080 sppsvc - ok 11:44:08.0964 2080 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll 11:44:08.0964 2080 sppuinotify - ok 11:44:09.0042 2080 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys 11:44:09.0057 2080 srv - ok 11:44:09.0089 2080 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys 11:44:09.0104 2080 srv2 - ok 11:44:09.0135 2080 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys 11:44:09.0135 2080 srvnet - ok 11:44:09.0182 2080 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll 11:44:09.0198 2080 SSDPSRV - ok 11:44:09.0213 2080 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll 11:44:09.0213 2080 SstpSvc - ok 11:44:09.0260 2080 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 11:44:09.0276 2080 stexstor - ok 11:44:09.0853 2080 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll 11:44:09.0884 2080 stisvc - ok 11:44:09.0915 2080 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys 11:44:09.0931 2080 swenum - ok 11:44:09.0962 2080 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll 11:44:09.0993 2080 swprv - ok 11:44:10.0103 2080 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll 11:44:10.0149 2080 SysMain - ok 11:44:10.0290 2080 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll 11:44:10.0290 2080 TabletInputService - ok 11:44:10.0337 2080 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll 11:44:10.0352 2080 TapiSrv - ok 11:44:10.0415 2080 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll 11:44:10.0493 2080 TBS - ok 11:44:15.0438 2080 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys 11:44:15.0516 2080 Tcpip - ok 11:44:16.0920 2080 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys 11:44:16.0951 2080 TCPIP6 - ok 11:44:17.0107 2080 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 11:44:17.0107 2080 tcpipreg - ok 11:44:17.0154 2080 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 11:44:17.0154 2080 TDPIPE - ok 11:44:17.0185 2080 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys 11:44:17.0201 2080 TDTCP - ok 11:44:17.0247 2080 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 11:44:17.0247 2080 tdx - ok 11:44:17.0294 2080 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys 11:44:17.0294 2080 TermDD - ok 11:44:17.0357 2080 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll 11:44:17.0388 2080 TermService - ok 11:44:17.0419 2080 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll 11:44:17.0419 2080 Themes - ok 11:44:17.0450 2080 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 11:44:17.0450 2080 THREADORDER - ok 11:44:17.0481 2080 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll 11:44:17.0481 2080 TrkWks - ok 11:44:17.0559 2080 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe 11:44:17.0559 2080 TrustedInstaller - ok 11:44:17.0606 2080 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 11:44:17.0606 2080 tssecsrv - ok 11:44:17.0653 2080 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 11:44:17.0653 2080 TsUsbFlt - ok 11:44:17.0700 2080 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 11:44:17.0700 2080 tunnel - ok 11:44:17.0731 2080 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 11:44:17.0747 2080 uagp35 - ok 11:44:17.0778 2080 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 11:44:17.0793 2080 udfs - ok 11:44:17.0840 2080 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe 11:44:17.0840 2080 UI0Detect - ok 11:44:17.0903 2080 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 11:44:17.0903 2080 uliagpkx - ok 11:44:17.0934 2080 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys 11:44:17.0934 2080 umbus - ok 11:44:17.0965 2080 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 11:44:17.0965 2080 UmPass - ok 11:44:18.0230 2080 UNS (2c16648a12999ae69a9ebf41974b0ba2) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe 11:44:18.0261 2080 UNS - ok 11:44:18.0402 2080 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll 11:44:18.0433 2080 upnphost - ok 11:44:18.0495 2080 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys 11:44:18.0495 2080 usbccgp - ok 11:44:18.0558 2080 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 11:44:18.0558 2080 usbcir - ok 11:44:18.0573 2080 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys 11:44:18.0573 2080 usbehci - ok 11:44:18.0636 2080 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys 11:44:18.0651 2080 usbhub - ok 11:44:18.0667 2080 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys 11:44:18.0667 2080 usbohci - ok 11:44:18.0714 2080 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 11:44:18.0714 2080 usbprint - ok 11:44:18.0745 2080 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS 11:44:18.0745 2080 USBSTOR - ok 11:44:18.0776 2080 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys 11:44:18.0776 2080 usbuhci - ok 11:44:18.0823 2080 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys 11:44:18.0823 2080 usbvideo - ok 11:44:18.0885 2080 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll 11:44:18.0885 2080 UxSms - ok 11:44:18.0948 2080 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 11:44:18.0948 2080 VaultSvc - ok 11:44:18.0979 2080 VBoxNetAdp (e705a3a384e7569fa2f1a3a29bdc5240) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys 11:44:18.0995 2080 VBoxNetAdp - ok 11:44:19.0026 2080 VBoxNetFlt - ok 11:44:19.0088 2080 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 11:44:19.0088 2080 vdrvroot - ok 11:44:19.0166 2080 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe 11:44:19.0182 2080 vds - ok 11:44:19.0229 2080 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 11:44:19.0229 2080 vga - ok 11:44:19.0244 2080 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 11:44:19.0244 2080 VgaSave - ok 11:44:19.0291 2080 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 11:44:19.0307 2080 vhdmp - ok 11:44:19.0338 2080 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 11:44:19.0338 2080 viaide - ok 11:44:19.0353 2080 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 11:44:19.0369 2080 volmgr - ok 11:44:19.0431 2080 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 11:44:19.0447 2080 volmgrx - ok 11:44:19.0494 2080 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 11:44:19.0509 2080 volsnap - ok 11:44:19.0556 2080 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 11:44:19.0572 2080 vsmraid - ok 11:44:19.0665 2080 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe 11:44:19.0759 2080 VSS - ok 11:44:19.0931 2080 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys 11:44:19.0931 2080 vwifibus - ok 11:44:19.0962 2080 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 11:44:19.0962 2080 vwififlt - ok 11:44:20.0009 2080 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll 11:44:20.0024 2080 W32Time - ok 11:44:20.0040 2080 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 11:44:20.0040 2080 WacomPen - ok 11:44:20.0102 2080 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 11:44:20.0102 2080 WANARP - ok 11:44:20.0102 2080 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 11:44:20.0102 2080 Wanarpv6 - ok 11:44:20.0211 2080 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe 11:44:20.0367 2080 WatAdminSvc - ok 11:44:20.0477 2080 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe 11:44:20.0586 2080 wbengine - ok 11:44:20.0726 2080 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll 11:44:20.0742 2080 WbioSrvc - ok 11:44:20.0789 2080 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll 11:44:20.0804 2080 wcncsvc - ok 11:44:20.0835 2080 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll 11:44:20.0835 2080 WcsPlugInService - ok 11:44:20.0867 2080 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 11:44:20.0882 2080 Wd - ok 11:44:20.0945 2080 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 11:44:20.0976 2080 Wdf01000 - ok 11:44:21.0007 2080 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 11:44:21.0007 2080 WdiServiceHost - ok 11:44:21.0023 2080 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 11:44:21.0023 2080 WdiSystemHost - ok 11:44:21.0054 2080 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll 11:44:21.0069 2080 WebClient - ok 11:44:21.0101 2080 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll 11:44:21.0101 2080 Wecsvc - ok 11:44:21.0147 2080 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll 11:44:21.0163 2080 wercplsupport - ok 11:44:21.0210 2080 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll 11:44:21.0210 2080 WerSvc - ok 11:44:21.0272 2080 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 11:44:21.0272 2080 WfpLwf - ok 11:44:21.0272 2080 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 11:44:21.0288 2080 WIMMount - ok 11:44:21.0335 2080 WinDefend - ok 11:44:21.0335 2080 WinHttpAutoProxySvc - ok 11:44:21.0413 2080 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll 11:44:21.0413 2080 Winmgmt - ok 11:44:21.0553 2080 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll 11:44:21.0631 2080 WinRM - ok 11:44:21.0834 2080 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll 11:44:21.0865 2080 Wlansvc - ok 11:44:22.0083 2080 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 11:44:22.0115 2080 wlidsvc - ok 11:44:22.0239 2080 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys 11:44:22.0255 2080 WmiAcpi - ok 11:44:22.0317 2080 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe 11:44:22.0333 2080 wmiApSrv - ok 11:44:22.0380 2080 WMPNetworkSvc - ok 11:44:22.0411 2080 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll 11:44:22.0411 2080 WPCSvc - ok 11:44:22.0473 2080 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll 11:44:22.0473 2080 WPDBusEnum - ok 11:44:22.0505 2080 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 11:44:22.0505 2080 ws2ifsl - ok 11:44:22.0551 2080 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll 11:44:22.0567 2080 wscsvc - ok 11:44:22.0567 2080 WSearch - ok 11:44:22.0723 2080 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll 11:44:22.0832 2080 wuauserv - ok 11:44:22.0988 2080 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 11:44:22.0988 2080 WudfPf - ok 11:44:23.0051 2080 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 11:44:23.0066 2080 WUDFRd - ok 11:44:23.0129 2080 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll 11:44:23.0129 2080 wudfsvc - ok 11:44:23.0191 2080 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll 11:44:23.0191 2080 WwanSvc - ok 11:44:23.0238 2080 zlnimc - ok 11:44:23.0285 2080 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 11:44:23.0565 2080 \Device\Harddisk0\DR0 - ok 11:44:23.0581 2080 Boot (0x1200) (34b22effe637c363c323d0f3b2978508) \Device\Harddisk0\DR0\Partition0 11:44:23.0581 2080 \Device\Harddisk0\DR0\Partition0 - ok 11:44:23.0581 2080 ============================================================ 11:44:23.0581 2080 Scan finished 11:44:23.0581 2080 ============================================================ 11:44:23.0597 2944 Detected object count: 0 11:44:23.0597 2944 Actual detected object count: 0 11:44:27.0403 4944 Deinitialize success ComboFix 12-05-22.01 - l 22/05/2012 11:47:21.5.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3874.2363 [GMT 1:00] Running from: c:\users\l\Desktop\ComboFix.exe AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984} FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF} SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Family\Desktop\PatchUp_Plus ½ÇÇà.lnk c:\windows\Install . . ((((((((((((((((((((((((( Files Created from 2012-04-22 to 2012-05-22 ))))))))))))))))))))))))))))))) . . 2012-05-22 10:56 . 2012-05-22 10:56 -------- d-----w- c:\users\Public\AppData\Local\temp 2012-05-22 10:56 . 2012-05-22 10:56 -------- d-----w- c:\users\Family\AppData\Local\temp 2012-05-22 10:56 . 2012-05-22 10:56 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-05-21 21:04 . 2012-05-21 21:04 -------- d-----w- c:\programdata\HitmanPro 2012-05-21 09:32 . 2012-05-21 09:32 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-05-21 09:32 . 2012-04-04 14:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-05-21 09:28 . 2012-05-22 10:57 -------- d-----w- c:\programdata\Kaspersky Lab 2012-05-21 09:28 . 2012-05-21 09:28 -------- d-----w- c:\program files (x86)\Kaspersky Lab 2012-05-20 21:26 . 2012-05-20 21:26 -------- d-----w- c:\windows\en 2012-05-20 21:16 . 2012-05-20 21:16 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\ddeff91f1cd36cd01\DSETUP.dll 2012-05-20 21:16 . 2012-05-20 21:16 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\ddeff91f1cd36cd01\DXSETUP.exe 2012-05-20 21:16 . 2012-05-20 21:16 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\ddeff91f1cd36cd01\dsetup32.dll 2012-05-20 19:27 . 2012-05-20 19:27 165168 ----a-w- c:\windows\system32\drivers\kneps.sys 2012-05-18 21:11 . 2012-05-18 21:11 -------- d-----w- c:\programdata\Downloaded Installations 2012-05-18 21:10 . 2012-05-18 21:10 -------- d-----w- c:\program files (x86)\GFI Software 2012-05-18 20:05 . 2012-05-18 20:05 -------- d-----w- c:\users\l\AppData\Local\Babylon 2012-05-18 20:05 . 2012-05-18 20:05 -------- d-----w- c:\users\l\AppData\Roaming\Babylon 2012-05-16 20:20 . 2012-05-16 20:20 -------- d-----w- c:\users\l\AppData\Local\Mozilla 2012-05-15 21:54 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll 2012-05-15 21:54 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll 2012-05-15 21:54 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-15 21:54 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys 2012-05-15 21:54 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-05-15 21:54 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-05-15 21:47 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys 2012-05-15 21:40 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-05-15 21:16 . 2012-05-15 21:37 -------- d-----w- c:\users\l\AppData\Roaming\PPLive 2012-05-15 20:46 . 2012-05-15 21:29 -------- d-----w- c:\program files (x86)\Common Files\PPLiveNetwork 2012-05-15 20:39 . 2012-05-15 21:29 -------- d-----w- c:\users\l\AppData\Roaming\JPDesk 2012-05-12 20:43 . 2012-05-12 21:05 -------- d-----w- c:\windows\SysWow64\Adobe 2012-05-09 20:37 . 2012-05-09 20:37 -------- d-----w- c:\users\Family\AppData\Local\ESET 2012-05-08 20:51 . 2012-05-08 20:51 -------- d-----w- c:\users\l\AppData\Local\ESET 2012-05-08 19:21 . 2009-12-30 10:21 31800 ----a-w- c:\windows\system32\drivers\revoflt.sys 2012-05-08 19:21 . 2012-05-08 19:21 -------- d-----w- c:\program files\VS Revo Group 2012-05-07 21:17 . 2012-05-19 21:58 -------- d-----w- c:\users\l\VirtualBox VMs 2012-05-07 21:16 . 2012-05-19 21:58 -------- d-----w- c:\users\l\.VirtualBox 2012-05-07 21:15 . 2012-04-12 17:12 224048 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys 2012-05-07 21:15 . 2012-04-12 17:12 130864 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys 2012-05-07 21:15 . 2012-05-19 22:00 -------- dc----w- c:\windows\system32\DRVSTORE 2012-05-04 17:36 . 2012-05-04 17:36 -------- d-----w- c:\users\l\DoctorWeb 2012-05-02 19:55 . 2012-05-02 19:55 -------- d-----w- c:\users\l\AppData\Roaming\EurekaLog 2012-05-02 19:55 . 2012-05-21 14:37 -------- d-----w- c:\users\l\AppData\Local\CrashDumps 2012-05-02 09:58 . 2012-05-15 21:30 -------- d-----w- c:\users\Family\AppData\Roaming\AVG2012 2012-05-01 21:35 . 2012-05-15 21:30 -------- d-----w- c:\programdata\Norton 2012-05-01 21:35 . 2012-05-01 21:40 -------- d-----w- c:\users\l\AppData\Local\NPE 2012-05-01 19:36 . 2012-05-01 19:36 12872 ----a-w- c:\windows\system32\bootdelete.exe 2012-04-30 07:54 . 2012-04-30 07:54 38288 ----a-w- c:\windows\system32\drivers\EpfwLWF.sys 2012-04-29 15:06 . 2004-03-08 22:00 131856 ----a-w- c:\windows\SysWow64\MSADODC.ocx 2012-04-29 15:06 . 2004-05-11 08:56 423784 ----a-w- c:\windows\SysWow64\XceedBkp.dll 2012-04-29 15:06 . 2003-11-19 12:59 512688 ----a-w- c:\windows\SysWow64\XceedCry.dll 2012-04-29 15:06 . 2002-03-12 13:36 431872 ----a-w- c:\windows\SysWow64\SSInput1.ocx 2012-04-29 15:06 . 2002-03-04 11:27 1140472 ----a-w- c:\windows\SysWow64\IGUltraGrid20.ocx 2012-04-29 15:06 . 2001-04-20 00:28 28672 ----a-w- c:\windows\SysWow64\systray.ocx 2012-04-29 15:06 . 2000-07-14 22:00 118784 ----a-w- c:\windows\SysWow64\msstdfmt.dll 2012-04-29 15:06 . 2004-01-09 09:54 188416 ----a-w- c:\windows\SysWow64\actsplash.ocx 2012-04-29 15:06 . 2000-07-15 04:00 101888 ----a-w- c:\windows\SysWow64\VB6STKIT.DLL 2012-04-29 15:06 . 2000-05-22 14:58 608448 ----a-w- c:\windows\SysWow64\comctl32.ocx 2012-04-29 15:06 . 2000-05-22 04:00 647872 ----a-w- c:\windows\SysWow64\MSCOMCT2.OCX 2012-04-27 20:46 . 2012-04-27 20:46 -------- d-----w- c:\program files\HitmanPro 2012-04-22 21:22 . 2012-04-22 21:24 -------- d-----w- c:\users\l\AppData\Roaming\AVG . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-05-04 17:35 . 2012-04-06 20:43 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-05-04 17:35 . 2012-02-29 22:51 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-05-04 17:35 . 2012-04-14 14:35 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2012-04-15 13:56 . 2012-04-15 13:56 16200 ----a-w- c:\windows\stinger.sys 2012-04-12 17:12 . 2012-04-12 17:12 147248 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys 2012-04-09 12:03 . 2012-04-09 12:03 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll 2012-04-09 12:03 . 2012-04-09 12:03 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll 2012-04-09 12:03 . 2012-04-09 12:03 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll 2012-03-11 20:13 . 2012-03-11 20:13 577824 ----a-w- c:\windows\system32\drivers\cmdGuard.sys 2012-03-11 20:13 . 2012-03-11 20:13 43248 ----a-w- c:\windows\system32\drivers\cmdhlp.sys 2012-03-11 20:13 . 2012-03-11 20:13 22696 ----a-w- c:\windows\system32\drivers\cmderd.sys 2012-03-11 20:13 . 2012-03-11 20:13 41200 ----a-w- c:\windows\system32\cmdcsr.dll 2012-03-11 20:13 . 2012-03-11 20:13 301224 ----a-w- c:\windows\SysWow64\guard32.dll 2012-03-11 20:13 . 2012-03-11 20:13 389840 ----a-w- c:\windows\system32\guard64.dll 2012-03-08 17:50 . 2012-03-08 17:50 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll 2012-03-08 17:37 . 2012-03-08 17:37 302448 ----a-w- c:\windows\WLXPGSS.SCR 2012-03-06 23:15 . 2012-04-07 16:14 41184 ----a-w- c:\windows\avastSS.scr 2012-03-06 23:15 . 2012-04-07 16:14 201352 ----a-w- c:\windows\SysWow64\aswBoot.exe 2012-03-02 21:55 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll 2012-03-02 21:55 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll 2012-03-01 21:37 . 2011-03-28 18:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2012-03-01 06:46 . 2012-04-10 21:36 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2012-03-01 06:38 . 2012-04-10 21:36 220672 ----a-w- c:\windows\system32\wintrust.dll 2012-03-01 06:33 . 2012-04-10 21:36 81408 ----a-w- c:\windows\system32\imagehlp.dll 2012-03-01 06:28 . 2012-04-10 21:36 5120 ----a-w- c:\windows\system32\wmi.dll 2012-03-01 05:37 . 2012-04-10 21:36 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-03-01 05:33 . 2012-04-10 21:36 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll 2012-03-01 05:29 . 2012-04-10 21:36 5120 ----a-w- c:\windows\SysWow64\wmi.dll 2012-02-28 06:39 . 2012-04-10 21:33 1188864 ----a-w- c:\windows\system32\wininet.dll 2012-02-28 05:38 . 2012-04-10 21:33 981504 ----a-w- c:\windows\SysWow64\wininet.dll 2012-02-28 04:31 . 2012-04-10 21:33 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2012-02-28 03:52 . 2012-04-10 21:33 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2011-10-18 2319536] "ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2011-07-21 5716608] "ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624] "HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2011-04-24 202296] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 . R0 mtqjxm;mtqjxm; [x] R0 nckkof;nckkof; [x] R0 rqkdql;rqkdql; [x] R0 zlnimc;zlnimc; [x] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-04 257696] R3 bdsandbox;bdsandbox;c:\windows\system32\drivers\bdsandbox.sys [x] R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x] R3 cphs;Intel® Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-02-14 276248] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184] R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x] R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-05-25 17536] S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x] S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-02 15416] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-20 2656280] S3 avchv;avchv Function Driver;c:\windows\system32\DRIVERS\avchv.sys [x] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x] S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] . . Contents of the 'Scheduled Tasks' folder . 2012-05-22 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 17:35] . 2012-05-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-202137972-4065337361-2662209299-1000Core.job - c:\users\l\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-29 22:35] . 2012-05-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-202137972-4065337361-2662209299-1000UA.job - c:\users\l\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-29 22:35] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-02-14 170264] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-02-14 398616] "Persistence"="c:\windows\system32\igfxpers.exe" [2012-02-14 440600] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=c:\windows\System32\guard64.dll . ------- Supplementary Scan ------- . uLocal Page = \blank.htm uStart Page = hxxp://www.google.co.uk/ mStart Page = about:blank mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: {{68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - TCP: DhcpNameServer = 192.168.0.1 . - - - - ORPHANS REMOVED - - - - . WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file) ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file) ShellIconOverlayIdentifiers-{152C96EB-288E-4EDC-B7C6-D21F8250ADF3} - (no file) ShellIconOverlayIdentifiers-{342DAA0B-D796-460D-8566-901E08A1CCAD} - (no file) ShellIconOverlayIdentifiers-{57595DAE-1AE1-4D97-A49E-67CBB53B52DF} - (no file) ShellIconOverlayIdentifiers-{33816773-98AE-4723-ADE0-EBE54C8B5A67} - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" "Key"="ActionsPane3" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office/smartdocuments/2003\0] "Key"="http://schemas.microsoft.com/office/smartdocuments/2003" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Solutions\http://schemas.microsoft.com/office/smartdocuments/2003\0\{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}\Alias] "0"="Microsoft Actions Pane 3" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe . ************************************************************************** . Completion time: 2012-05-22 12:05:04 - machine was rebooted ComboFix-quarantined-files.txt 2012-05-22 11:05 . Pre-Run: 574,500,401,152 bytes free Post-Run: 574,071,533,568 bytes free . - - End Of File - - 38C8978AF93416603D6846F0DBBAEDB9
  11. TomSmith
    I went away and my protection somehow got disabled. I have lost all my mbam logs. It removed something by the term of "VaccineScan". Computer is randomly going to some survey sites and I fear it's infected. . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 8.0.7601.17514 Run by l at 22:27:11 on 2012-05-21 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3874.2210 [GMT 1:00] . AV: Kaspersky Internet Security *Disabled/Outdated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984} SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\taskhost.exe C:\Windows\System32\rundll32.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Users\l\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\l\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\l\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\l\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\l\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\l\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\l\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\l\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtblfs.exe C:\Users\l\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\l\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\SysWOW64\rundll32.exe C:\Users\l\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uLocal Page = \blank.htm uStart Page = hxxp://www.google.co.uk/ mStart Page = about:blank BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll {e7df6bff-55a5-4eb7-a673-4ed3e9456d39} uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray dRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: DhcpNameServer = 192.168.0.1 TCP: Interfaces\{E770E0E5-94C4-4017-9506-3E59BBEB4F26} : DhcpNameServer = 192.168.0.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL BHO-X64: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll BHO-X64: IEVkbdBHO - No File BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll BHO-X64: link filter bho - No File mRun-x64: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe mRun-x64: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun-x64: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL . ============= SERVICES / DRIVERS =============== . R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-5-25 17536] R1 kl2;kl2;C:\Windows\system32\DRIVERS\kl2.sys --> C:\Windows\system32\DRIVERS\kl2.sys [?] R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys --> C:\Windows\system32\DRIVERS\klim6.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416] R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [2011-4-24 202296] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-5-21 654408] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-3-1 2656280] R3 avchv;avchv Function Driver;C:\Windows\system32\DRIVERS\avchv.sys --> C:\Windows\system32\DRIVERS\avchv.sys [?] R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?] R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\system32\DRIVERS\klmouflt.sys --> C:\Windows\system32\DRIVERS\klmouflt.sys [?] R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-6 257696] S3 bdsandbox;bdsandbox;\??\C:\Windows\system32\drivers\bdsandbox.sys --> C:\Windows\system32\drivers\bdsandbox.sys [?] S3 BtFilter;BtFilter;C:\Windows\system32\DRIVERS\btfilter.sys --> C:\Windows\system32\DRIVERS\btfilter.sys [?] S3 cphs;Intel® Content Protection HECI Service;C:\Windows\SysWOW64\IntelCpHeciSvc.exe [2012-2-14 276248] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-3-25 30969208] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 Revoflt;Revoflt;C:\Windows\system32\DRIVERS\revoflt.sys --> C:\Windows\system32\DRIVERS\revoflt.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] . =============== Created Last 30 ================ . 2012-05-21 21:04:31 -------- d-----w- C:\ProgramData\HitmanPro 2012-05-21 09:36:48 -------- d-----w- C:\Users\l\AppData\Local\{709070B3-FA88-47AB-8369-986E6EC9E8A6} 2012-05-21 09:36:35 -------- d-----w- C:\Users\l\AppData\Local\{7BD65069-B8D1-4736-A532-EE2662023EE1} 2012-05-21 09:32:12 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-05-21 09:32:12 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-05-21 09:28:00 -------- d-----w- C:\ProgramData\Kaspersky Lab 2012-05-21 09:28:00 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab 2012-05-20 21:31:25 -------- d-----w- C:\Users\l\AppData\Local\{B89E09E7-7B2E-4EAB-AEF9-CD55E2BC64DB} 2012-05-20 21:31:11 -------- d-----w- C:\Users\l\AppData\Local\{42611BBA-B4B5-4451-BE0E-8D1C75CA7CCC} 2012-05-20 21:26:29 -------- d-----w- C:\Windows\en 2012-05-20 21:16:48 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ddeff91f1cd36cd01\DSETUP.dll 2012-05-20 21:16:48 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ddeff91f1cd36cd01\DXSETUP.exe 2012-05-20 21:16:48 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\ddeff91f1cd36cd01\dsetup32.dll 2012-05-20 19:27:00 165168 ----a-w- C:\Windows\System32\drivers\kneps.sys 2012-05-18 21:11:28 -------- d-----w- C:\ProgramData\Downloaded Installations 2012-05-18 21:10:54 -------- d-----w- C:\Program Files (x86)\GFI Software 2012-05-18 20:05:19 -------- d-----w- C:\Users\l\AppData\Local\Babylon 2012-05-18 20:05:16 -------- d-----w- C:\Users\l\AppData\Roaming\Babylon 2012-05-18 19:48:51 -------- d-----w- C:\Users\l\AppData\Local\{10374A68-16B4-433D-994B-EB4590202A6F} 2012-05-16 20:20:07 -------- d-----w- C:\Users\l\AppData\Local\Mozilla 2012-05-15 21:54:34 1544704 ----a-w- C:\Windows\System32\DWrite.dll 2012-05-15 21:54:33 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll 2012-05-15 21:54:24 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-05-15 21:54:21 3146240 ----a-w- C:\Windows\System32\win32k.sys 2012-05-15 21:54:19 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-05-15 21:54:18 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-05-15 21:47:13 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys 2012-05-15 21:40:45 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2012-05-15 21:16:31 -------- d-----w- C:\Users\l\AppData\Roaming\PPLive 2012-05-15 20:46:53 -------- d-----w- C:\Program Files (x86)\Common Files\PPLiveNetwork 2012-05-15 20:39:52 -------- d-----w- C:\Users\l\AppData\Roaming\JPDesk 2012-05-12 20:43:36 -------- d-----w- C:\Windows\SysWow64\Adobe 2012-05-08 20:51:16 -------- d-----w- C:\Users\l\AppData\Roaming\ESET 2012-05-08 20:51:16 -------- d-----w- C:\Users\l\AppData\Local\ESET 2012-05-08 19:21:21 31800 ----a-w- C:\Windows\System32\drivers\revoflt.sys 2012-05-08 19:21:18 -------- d-----w- C:\Program Files\VS Revo Group 2012-05-07 21:17:43 -------- d-----w- C:\Users\l\VirtualBox VMs 2012-05-07 21:16:38 -------- d-----w- C:\Users\l\.VirtualBox 2012-05-07 21:15:27 224048 ----a-w- C:\Windows\System32\drivers\VBoxDrv.sys 2012-05-07 21:15:10 130864 ----a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys 2012-05-04 17:36:16 -------- d-----w- C:\Users\l\DoctorWeb 2012-05-02 19:55:14 -------- d-----w- C:\Users\l\AppData\Roaming\EurekaLog 2012-05-02 19:55:09 -------- d-----w- C:\Users\l\AppData\Local\CrashDumps 2012-05-01 21:35:58 -------- d-----w- C:\Users\l\AppData\Local\NPE 2012-05-01 21:35:58 -------- d-----w- C:\ProgramData\Norton 2012-05-01 19:36:13 12872 ----a-w- C:\Windows\System32\bootdelete.exe 2012-04-30 07:54:32 38288 ----a-w- C:\Windows\System32\drivers\EpfwLWF.sys 2012-04-29 15:06:06 131856 ----a-w- C:\Windows\SysWow64\MSADODC.ocx 2012-04-29 15:06:05 512688 ----a-w- C:\Windows\SysWow64\XceedCry.dll 2012-04-29 15:06:05 431872 ----a-w- C:\Windows\SysWow64\SSInput1.ocx 2012-04-29 15:06:05 423784 ----a-w- C:\Windows\SysWow64\XceedBkp.dll 2012-04-29 15:06:05 28672 ----a-w- C:\Windows\SysWow64\systray.ocx 2012-04-29 15:06:05 118784 ----a-w- C:\Windows\SysWow64\msstdfmt.dll 2012-04-29 15:06:05 1140472 ----a-w- C:\Windows\SysWow64\IGUltraGrid20.ocx 2012-04-29 15:06:04 647872 ----a-w- C:\Windows\SysWow64\MSCOMCT2.OCX 2012-04-29 15:06:04 608448 ----a-w- C:\Windows\SysWow64\comctl32.ocx 2012-04-29 15:06:04 188416 ----a-w- C:\Windows\SysWow64\actsplash.ocx 2012-04-29 15:06:04 101888 ----a-w- C:\Windows\SysWow64\VB6STKIT.DLL 2012-04-27 20:46:27 -------- d-----w- C:\Program Files\HitmanPro 2012-04-22 21:22:45 -------- d-----w- C:\Users\l\AppData\Roaming\AVG . ==================== Find3M ==================== . 2012-05-04 17:35:31 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-05-04 17:35:31 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-05-04 17:35:10 8769696 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe 2012-04-15 13:56:53 16200 ----a-w- C:\Windows\stinger.sys 2012-04-12 17:12:56 147248 ----a-w- C:\Windows\System32\drivers\VBoxNetAdp.sys 2012-04-09 12:03:38 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll 2012-04-09 12:03:38 1700352 ----a-w- C:\Windows\SysWow64\gdiplus.dll 2012-04-09 12:03:38 1060864 ----a-w- C:\Windows\SysWow64\mfc71.dll 2012-03-11 20:13:42 577824 ----a-w- C:\Windows\System32\drivers\cmdGuard.sys 2012-03-11 20:13:42 43248 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys 2012-03-11 20:13:40 22696 ----a-w- C:\Windows\System32\drivers\cmderd.sys 2012-03-11 20:13:22 41200 ----a-w- C:\Windows\System32\cmdcsr.dll 2012-03-11 20:13:20 301224 ----a-w- C:\Windows\SysWow64\guard32.dll 2012-03-11 20:13:18 389840 ----a-w- C:\Windows\System32\guard64.dll 2012-03-08 17:50:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll 2012-03-08 17:37:20 302448 ----a-w- C:\Windows\WLXPGSS.SCR 2012-03-06 23:15:19 41184 ----a-w- C:\Windows\avastSS.scr 2012-03-02 21:55:31 175616 ----a-w- C:\Windows\System32\msclmd.dll 2012-03-02 21:55:31 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll 2012-03-01 06:46:16 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys 2012-03-01 06:38:27 220672 ----a-w- C:\Windows\System32\wintrust.dll 2012-03-01 06:33:50 81408 ----a-w- C:\Windows\System32\imagehlp.dll 2012-03-01 06:28:47 5120 ----a-w- C:\Windows\System32\wmi.dll 2012-03-01 05:37:41 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll 2012-03-01 05:33:23 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll 2012-03-01 05:29:16 5120 ----a-w- C:\Windows\SysWow64\wmi.dll 2012-02-28 06:39:37 1188864 ----a-w- C:\Windows\System32\wininet.dll 2012-02-28 05:38:52 981504 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-02-28 04:31:38 1638912 ----a-w- C:\Windows\System32\mshtml.tlb 2012-02-28 03:52:27 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb . ============= FINISH: 22:30:52.15 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 29/02/2012 21:50:39 System Uptime: 21/05/2012 22:02:27 (0 hours ago) . Motherboard: ASUSTeK Computer Inc. | | K53E Processor: Intel® Core i3-2310M CPU @ 2.10GHz | CPU 1 | 798/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 575 GiB total, 534.111 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: Description: SM Bus Controller Device ID: PCI\VEN_8086&DEV_1C22&SUBSYS_11471043&REV_05\3&11583659&0&FB Manufacturer: Name: SM Bus Controller PNP Device ID: PCI\VEN_8086&DEV_1C22&SUBSYS_11471043&REV_05\3&11583659&0&FB Service: . Class GUID: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974} Description: Bluetooth Module Device ID: USB\VID_13D3&PID_3304\6&9E5B1B7&0&1 Manufacturer: Atheros Communications Name: Bluetooth Module PNP Device ID: USB\VID_13D3&PID_3304\6&9E5B1B7&0&1 Service: BTHUSB . ==== System Restore Points =================== . RP135: 16/05/2012 21:23:18 - Revo Uninstaller Pro's restore point - Mozilla Firefox 12.0 (x86 en-US) RP137: 18/05/2012 21:28:40 - Revo Uninstaller Pro's restore point - Babylon toolbar on IE RP139: 18/05/2012 21:30:05 - Revo Uninstaller Pro's restore point - Atrise Lutcurve 1.5.3 RP141: 18/05/2012 21:53:27 - Revo Uninstaller Pro's restore point - AVG 2012 RP142: 18/05/2012 21:54:46 - Removed AVG 2012 RP143: 18/05/2012 22:00:09 - Removed AVG 2012 RP144: 19/05/2012 20:52:35 - Installed Oracle VM VirtualBox 4.1.14 RP145: 19/05/2012 22:58:38 - Removed Oracle VM VirtualBox 4.1.14 RP146: 20/05/2012 12:25:15 - Installed ESET Smart Security RP148: 20/05/2012 15:12:20 - Revo Uninstaller Pro's restore point - ESET Smart Security RP149: 20/05/2012 15:13:21 - Removed ESET Smart Security RP150: 20/05/2012 20:20:18 - Device Driver Package Install: Kaspersky Lab Network Service RP151: 20/05/2012 22:17:01 - Windows Live Essentials RP152: 20/05/2012 22:18:57 - Installed DirectX RP153: 20/05/2012 22:19:37 - Installed DirectX RP154: 20/05/2012 22:20:48 - WLSetup RP156: 20/05/2012 22:38:50 - Revo Uninstaller Pro's restore point - Kaspersky Internet Security 2013 Beta RP158: 20/05/2012 22:43:19 - Revo Uninstaller Pro's restore point - Google Chrome . ==== Installed Programs ====================== . Adobe Shockwave Player 11.6 Alcor Micro USB Card Reader ASUS LifeFrame3 Atheros Driver Installation Program ATK Package Build Your Own Net Dream (remove only) D3DX10 Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Google Chrome Intel® Management Engine Components Intel® Processor Graphics K-Lite Codec Pack 8.6.0 (Basic) Kaspersky Internet Security 2012 Malwarebytes Anti-Malware version 1.61.0.1400 Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Groove MUI (English) 2010 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Word MUI (English) 2010 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 MSVCRT Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition Security Update for Microsoft SharePoint Workspace 2010 (KB2566445) Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition Sonic Focus SopCast 3.5.0 swMSM Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553092) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition Veetle TV Visual Studio 2008 x64 Redistributables Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Messenger Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack WinFlash Wireless Console 3 . ==== Event Viewer Messages From Past Week ======== . 21/05/2012 22:29:06, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Kaspersky Anti-Virus Service service, but this action failed with the following error: An instance of the service is already running. 21/05/2012 22:28:55, Error: Service Control Manager [7031] - The Kaspersky Anti-Virus Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. 21/05/2012 22:03:50, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running. 21/05/2012 22:03:19, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. 21/05/2012 22:03:19, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535. 21/05/2012 22:03:03, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: mtqjxm nckkof rqkdql zlnimc 21/05/2012 22:02:55, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found. 21/05/2012 22:02:49, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded. 21/05/2012 08:10:13, Error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s). 20/05/2012 22:40:25, Error: Service Control Manager [7034] - The Kaspersky Anti-Virus Service service terminated unexpectedly. It has done this 1 time(s). 20/05/2012 22:35:37, Error: Microsoft-Windows-HttpEvent [15005] - Unable to bind to the underlying transport for [::]:2869. The IP Listen-Only list may contain a reference to an interface which may not exist on this machine. The data field contains the error number. 20/05/2012 21:14:31, Error: Microsoft-Windows-WMPNSS-Service [14353] - A media delivery engine with ID '0' was not initialized due to error '0x80070005' when adding the URL 'http://+:10243/WMPNSSv4/1460252906/'. Restart your computer, and then restart the WMPNetworkSvc service. If the problem persists, reinstall Windows Media Player if possible. 20/05/2012 21:14:31, Error: Microsoft-Windows-WMPNSS-Service [14349] - A new media server was not initialized because the Windows Media Delivery Engine did not initialize due to error '0x80070005'. Restart your computer, and then restart the WMPNetworkSvc service. If the problem persists, reinstall Windows Media Player if possible. 20/05/2012 21:14:31, Error: Microsoft-Windows-HttpEvent [15005] - Unable to bind to the underlying transport for [::]:10243. The IP Listen-Only list may contain a reference to an interface which may not exist on this machine. The data field contains the error number. 20/05/2012 21:14:26, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891 20/05/2012 21:14:26, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891 20/05/2012 21:14:26, Error: Microsoft-Windows-HttpEvent [15005] - Unable to bind to the underlying transport for [::]:5357. The IP Listen-Only list may contain a reference to an interface which may not exist on this machine. The data field contains the error number. 20/05/2012 15:29:31, Error: Service Control Manager [7000] - The SASDIFSV service failed to start due to the following error: Cannot create a file when that file already exists. 20/05/2012 12:29:18, Error: Service Control Manager [7030] - The ESET Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 20/05/2012 12:19:34, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect. 20/05/2012 12:19:34, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 20/05/2012 12:19:20, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 19/05/2012 22:41:09, Error: bowser [8003] - The master browser has received a server announcement from the computer DON-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{92573831-2570-4C59-ADF1-1A14ED76B4B8}. The master browser is stopping or an election is being forced. 18/05/2012 20:56:52, Error: bowser [8003] - The master browser has received a server announcement from the computer SHAZIABEGUM-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{E770E0E5-94C4-4017-9506-3E59BBEB4F26}. The master browser is stopping or an election is being forced. 16/05/2012 19:23:43, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: mtqjxm nckkof rqkdql 15/05/2012 23:16:30, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070020: Security Update for Microsoft .NET Framework 3.5.1 on Windows 7 and Windows Server 2008 R2 SP1 for x64-based Systems (KB2604115). 15/05/2012 22:44:09, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AVGIDSHA mtqjxm nckkof rqkdql 15/05/2012 22:32:50, Error: Service Control Manager [7034] - The AVGIDSAgent service terminated unexpectedly. It has done this 1 time(s). 15/05/2012 22:32:10, Error: Service Control Manager [7024] - The AVG WatchDog service terminated with service-specific error %%-536805315. 15/05/2012 22:21:42, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 15/05/2012 22:07:30, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.0.104. The computer with the IP address 192.168.0.103 did not allow the name to be claimed by this computer. . ==== End Of File ===========================
  12. TomSmith
    Thanks for your help. Everything has worked fine. This topic can be closed now.
  13. TomSmith
    Yes there are no errors now. Could I have advice of clean up on the software that we have used.
  14. TomSmith
    I have attached the file. UpdateHistory.txt
  15. TomSmith
    Malwarebytes Anti-Malware (PRO) 1.61.0.1400 www.malwarebytes.org Database version: v2012.04.15.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 l :: L-PC [administrator] Protection: Disabled 15/04/2012 15:04:32 mbam-log-2012-04-15 (15-04-32).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 306233 Time elapsed: 36 minute(s), 53 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.