Sign in to follow this  
Followers 0
Aldiirn

I beleive I have a redirect virus/maybe something else too.

33 posts in this topic

Hello, im looking for help, I beleive I have a virus/malware. Im not sure of computer terms to well when it comes to that stuff, but just recently I have been having lots of trouble trying to go back on my IE Page (Win7) cause it will just redirect me to the same site im trying to leave no matter what is it. Basically canceling my back button.

As well as some strange IE explorer crash windows even when im not running IE at the time. As finally in my game my keybinds such as T-R will stop working and bring me out of game and r for example will run the "Run" program box.

Anyhow on to the directions that are given to receive help.

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by Dustin Bechtel at 20:16:27 on 2012-06-05

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8169.5563 [GMT -4:00]

.

AV: Webroot SecureAnywhere *Enabled/Updated* {9C0666FC-6C7D-3E97-3C40-0C6B33FC7401}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Webroot SecureAnywhere *Enabled/Updated* {27678718-4A47-3119-06F0-3719487B3EBC}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Program Files\Webroot\WRSA.exe

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Program Files\Intel\TurboBoost\TurboBoost.exe

C:\ExpressGateUtil\VAWinService.exe

C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Webroot\WRSA.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\ASUS\Splendid\ACMON.exe

C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe

C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

C:\Program Files\P4G\BatteryLife.exe

C:\Windows\SysWOW64\ACEngSvr.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe

C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\Asus\ATK Package\ATK Media\DMedia.exe

C:\Program Files (x86)\Asus\ATK Package\ATK Hotkey\HControlUser.exe

C:\Program Files (x86)\Asus\Wireless Console 3\wcourier.exe

C:\Windows\AsScrPro.exe

C:\Program Files (x86)\Asus\Wireless Console 3\WimaxConsole.exe

C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe

C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\DllHost.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Program Files (x86)\TERA\TERA-Launcher.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uDefault_Page_URL = hxxp://asus.msn.com

mStart Page = hxxp://asus.msn.com

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

uRun: [iSUSPM] "C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe" -scheduler

mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"

mRun: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"

mRun: [ATKMEDIA] "C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe"

mRun: [HControlUser] "C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe"

mRun: [Wireless Console 3] "C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe"

mRun: [ASUS Screen Saver Protector] "C:\Windows\AsScrPro.exe"

mRun: [THX TruStudio NB Settings] "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r

mRun: [updReg] "C:\Windows\UpdReg.EXE"

mRun: [CPMonitor] "C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe"

mRun: [sessionLogon] C:\ExpressGateUtil\SessionLogon.exe

mRun: [VAWinAgent] "C:\ExpressGateUtil\VAWinAgent.exe"

mRun: [FLxHCIm] "C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ASUSVI~1.LNK - C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe

uPolicies-explorer: NoViewOnDrive = 0 (0x0)

uPolicies-explorer: NoDevMgrUpdate = 0 (0x0)

uPolicies-explorer: NoWindowsUpdate = 0 (0x0)

uPolicies-system: NoDispAppearancePage = 0 (0x0)

uPolicies-system: NoDispSettingsPage = 0 (0x0)

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoViewOnDrive = 0 (0x0)

mPolicies-explorer: NoDevMgrUpdate = 0 (0x0)

mPolicies-explorer: NoWindowsUpdate = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: NoDispAppearancePage = 0 (0x0)

mPolicies-system: NoDispSettingsPage = 0 (0x0)

dPolicies-explorer: NoViewOnDrive = 0 (0x0)

dPolicies-explorer: NoDevMgrUpdate = 0 (0x0)

dPolicies-explorer: NoWindowsUpdate = 0 (0x0)

dPolicies-system: NoDispAppearancePage = 0 (0x0)

dPolicies-system: NoDispSettingsPage = 0 (0x0)

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

TCP: DhcpNameServer = 75.75.76.76 75.75.75.75

TCP: Interfaces\{4C7D2343-883F-4BB3-B69F-C9C31C7C2651} : DhcpNameServer = 75.75.76.76 75.75.75.75

TCP: Interfaces\{4C7D2343-883F-4BB3-B69F-C9C31C7C2651}\2454C4C4434393 : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{4C7D2343-883F-4BB3-B69F-C9C31C7C2651}\442547 : DhcpNameServer = 192.168.0.1

TCP: Interfaces\{4C7D2343-883F-4BB3-B69F-C9C31C7C2651}\4626573747 : DhcpNameServer = 10.0.0.1

TCP: Interfaces\{4C7D2343-883F-4BB3-B69F-C9C31C7C2651}\462657374723 : DhcpNameServer = 10.0.0.1

TCP: Interfaces\{4C7D2343-883F-4BB3-B69F-C9C31C7C2651}\E4544574541425D22343D274 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{4C7D2343-883F-4BB3-B69F-C9C31C7C2651}\F646E696B65673 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{97A60928-7EB4-4C21-A7BE-6581D121CA88} : DhcpNameServer = 192.168.2.1

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

mRun-x64: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"

mRun-x64: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"

mRun-x64: [ATKMEDIA] "C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe"

mRun-x64: [HControlUser] "C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe"

mRun-x64: [Wireless Console 3] "C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe"

mRun-x64: [ASUS Screen Saver Protector] "C:\Windows\AsScrPro.exe"

mRun-x64: [THX TruStudio NB Settings] "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r

mRun-x64: [updReg] "C:\Windows\UpdReg.EXE"

mRun-x64: [CPMonitor] "C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe"

mRun-x64: [sessionLogon] C:\ExpressGateUtil\SessionLogon.exe

mRun-x64: [VAWinAgent] "C:\ExpressGateUtil\VAWinAgent.exe"

mRun-x64: [FLxHCIm] "C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul

.

============= SERVICES / DRIVERS ===============

.

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R0 WRkrn;WRkrn;C:\Windows\system32\drivers\WRkrn.sys --> C:\Windows\system32\drivers\WRkrn.sys [?]

R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\Asus\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-7-26 17024]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\Asus\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]

R2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2010-9-1 408576]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-5-15 654408]

R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-6-28 2214504]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-5-20 378472]

R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]

R2 TurboBoost;Intel® Turbo Boost Technology Monitor;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-4-16 134928]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-5-4 2655768]

R2 VideAceWindowsService;VideAceWindowsService;C:\ExpressGateUtil\VAWinService.exe [2010-8-20 77312]

R2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2010-9-1 911872]

R2 WRSVC;WRSVC;C:\Program Files\Webroot\WRSA.exe [2012-1-19 679672]

R3 bpenum;bpenum;C:\Windows\system32\DRIVERS\bpenum.sys --> C:\Windows\system32\DRIVERS\bpenum.sys [?]

R3 bpmp;Intel® Centrino® WiMAX 6050 Series;C:\Windows\system32\DRIVERS\bpmp.sys --> C:\Windows\system32\DRIVERS\bpmp.sys [?]

R3 bpusb;bpusb;C:\Windows\system32\Drivers\bpusb.sys --> C:\Windows\system32\Drivers\bpusb.sys [?]

R3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;C:\Windows\system32\DRIVERS\FLxHCIc.sys --> C:\Windows\system32\DRIVERS\FLxHCIc.sys [?]

R3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;C:\Windows\system32\DRIVERS\FLxHCIh.sys --> C:\Windows\system32\DRIVERS\FLxHCIh.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 MBfilt;MBfilt;C:\Windows\system32\drivers\MBfilt64.sys --> C:\Windows\system32\drivers\MBfilt64.sys [?]

R3 MEIx64;Intel® Management Engine Interface ;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]

R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]

R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]

R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-5-4 79360]

S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-5-4 79360]

S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUVStor.sys --> C:\Windows\system32\Drivers\RtsUVStor.sys [?]

S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\system32\DRIVERS\SiSG664.sys --> C:\Windows\system32\DRIVERS\SiSG664.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-4-5 158856]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== File Associations ===============

.

inffile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1

inifile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1

JSEFile="%SystemRoot%\System32\WScript.exe" "%1" %*

txtfile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1

.

=============== Created Last 30 ================

.

2012-06-05 22:39:52 525792 ----a-w- C:\Windows\DIFxAPI.dll

2012-06-05 22:39:52 232272 ----a-w- C:\Windows\TmNSCIns.dll

2012-06-05 20:03:21 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{71E0F43A-3EF0-4243-9455-60E5731491BD}\mpengine.dll

2012-06-05 03:04:57 -------- d-----w- C:\Users\Dustin Bechtel\AppData\Local\{175B9192-B65E-4952-BB9C-C54A39233AA0}

2012-06-05 03:04:44 -------- d-----w- C:\Users\Dustin Bechtel\AppData\Local\{D030F1D4-3980-42B4-8457-F94D275FC996}

2012-06-04 15:04:19 -------- d-----w- C:\Users\Dustin Bechtel\AppData\Local\{D3F75D99-2C95-408B-AC19-B6387F19C7A7}

2012-06-04 15:04:09 -------- d-----w- C:\Users\Dustin Bechtel\AppData\Local\{4A760410-1E77-43E9-A607-1AE6293F0985}

2012-05-26 15:57:55 -------- d-----w- C:\Users\Dustin Bechtel\AppData\Local\{740E4385-6963-4433-9FA0-368359780958}

2012-05-25 19:55:08 -------- d-----w- C:\Users\Dustin Bechtel\AppData\Local\{28857E74-2D1D-4CEA-B11E-49281D97C9D3}

2012-05-25 19:54:57 -------- d-----w- C:\Users\Dustin Bechtel\AppData\Local\{FF8D2759-0862-4AF1-8459-2E085CBF7B3C}

2012-05-24 07:59:04 -------- d-----w- C:\Users\Dustin Bechtel\AppData\Local\{4B9D866D-0A5F-4E7E-9887-52077F9D342A}

2012-05-24 07:58:53 -------- d-----w- C:\Users\Dustin Bechtel\AppData\Local\{BBCE9CFB-70DD-4D4B-B8EB-72ADE51F5F87}

2012-05-23 19:58:39 -------- d-----w- C:\Users\Dustin Bechtel\AppData\Local\{7CBB3534-406F-4AD2-9F96-86FA33372892}

2012-05-23 19:58:28 -------- d-----w- C:\Users\Dustin Bechtel\AppData\Local\{D9979375-3A49-42BC-98FB-FCA77EF3E538}

2012-05-23 03:57:26 -------- d-----w- C:\Users\Dustin Bechtel\AppData\Local\{D7D9A862-1C60-4033-971B-6565C88D81DA}

2012-05-23 03:57:15 -------- d-----w- C:\Users\Dustin Bechtel\AppData\Local\{8DAF1C3E-BC87-41EA-8BF0-FA43240E11A5}

2012-05-22 16:04:07 -------- d-----w- C:\Program Files (x86)\Diablo III

2012-05-22 15:57:02 -------- d-----w- C:\Users\Dustin Bechtel\AppData\Local\{2E7536BF-BC00-4D83-A351-3607A78172A9}

2012-05-22 03:56:37 -------- d-----w- C:\Users\Dustin Bechtel\AppData\Local\{8AD694EB-A45B-4E41-83F6-D278CB7E9C1B}

2012-05-21 15:56:12 -------- d-----w- C:\Users\Dustin Bechtel\AppData\Local\{B7D51571-E1D0-4C75-B9B7-5B1EF409DE80}

2012-05-21 15:56:01 -------- d-----w- C:\Users\Dustin Bechtel\AppData\Local\{200032E7-9085-414D-9B4D-C26DA7E1D995}

2012-05-20 18:32:32 -------- d-----w- C:\Users\Dustin Bechtel\AppData\Local\{079D35DA-375B-43F9-94A4-AFE9819DC994}

2012-05-20 18:32:21 -------- d-----w- C:\Users\Dustin Bechtel\AppData\Local\{BF5B2589-28EA-456D-85ED-339B081106E7}

2012-05-19 19:56:41 -------- d-----w- C:\Users\Dustin Bechtel\AppData\Local\{C653E35B-4348-4871-94A8-D16E372932FD}

2012-05-19 19:56:29 -------- d-----w- C:\Users\Dustin Bechtel\AppData\Local\{AEA40108-2A37-4FF2-B95C-D000036C867A}

2012-05-19 07:56:03 -------- d-----w- C:\Users\Dustin Bechtel\AppData\Local\{8892C9D2-C4A4-4B21-8F5D-F98CE385A6EB}

2012-05-18 19:55:38 -------- d-----w- C:\Users\Dustin Bechtel\AppData\Local\{BD97989E-A18D-4FB1-9B74-A8D7EF44B61A}

2012-05-18 19:55:27 -------- d-----w- C:\Users\Dustin Bechtel\AppData\Local\{25095519-7778-468F-A5B6-C1795DB20DF7}

2012-05-17 16:21:25 -------- d-----w- C:\Users\Dustin Bechtel\AppData\Local\{D71376A1-01C5-4596-B8FC-043F84ACFFF5}

2012-05-17 16:21:14 -------- d-----w- C:\Users\Dustin Bechtel\AppData\Local\{E778567B-0694-4E7C-9E20-762CA214DBDB}

2012-05-14 20:16:15 -------- d-----w- C:\Users\Dustin Bechtel\AppData\Local\{0FE0F7E4-D0AC-46E2-86D1-89175A8C019D}

2012-05-14 20:16:00 -------- d-----w- C:\Users\Dustin Bechtel\AppData\Local\{ACB38188-5EA1-47B8-9525-938B4A38C109}

2012-05-08 20:06:40 -------- d-----w- C:\Windows\SysWow64\RTCOM

2012-05-08 20:05:53 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe

2012-05-07 18:04:40 -------- d-----w- C:\Users\Dustin Bechtel\AppData\Local\{AAB5CC41-055F-452F-9F8A-50FA9B378E1E}

2012-05-07 18:04:28 -------- d-----w- C:\Users\Dustin Bechtel\AppData\Local\{ACC7036D-C73D-4DA4-9FFC-5E6E59794053}

2012-05-07 10:49:59 -------- d-----w- C:\ProgramData\Creative Labs

2012-05-07 06:04:14 -------- d-----w- C:\Users\Dustin Bechtel\AppData\Local\{2E61D311-B2EA-42FB-9583-83D0325102FC}

2012-05-07 06:04:03 -------- d-----w- C:\Users\Dustin Bechtel\AppData\Local\{EE5CA248-86D4-4F89-B399-51B13A9A8494}

.

==================== Find3M ====================

.

2012-06-05 23:16:24 45056 ----a-w- C:\Windows\System32\acovcnt.exe

2012-05-18 07:04:50 148216 ----a-w- C:\Windows\SysWow64\WRusr.dll

2012-05-18 07:04:50 112720 ----a-w- C:\Windows\System32\drivers\WRkrn.sys

2012-05-18 07:04:50 100824 ----a-w- C:\Windows\System32\WRusr.dll

2012-04-04 19:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-03-31 06:05:57 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-03-31 04:39:37 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-03-31 04:39:37 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-03-31 03:10:03 3146240 ----a-w- C:\Windows\System32\win32k.sys

2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2012-03-27 21:03:36 4015592 ----a-w- C:\Windows\System32\drivers\RTKVHD64.sys

2012-03-20 14:47:20 3608680 ----a-w- C:\Windows\System32\RtkAPO64.dll

2012-03-19 23:01:20 102504 ----a-w- C:\Windows\System32\RCoInstII64.dll

2012-03-17 07:58:57 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys

2012-03-16 20:25:58 2670696 ----a-w- C:\Windows\System32\RtPgEx64.dll

2012-03-13 15:21:10 1251432 ----a-w- C:\Windows\System32\RTCOM64.dll

2012-03-08 22:50:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll

2012-03-08 22:40:52 48488 ----a-w- C:\Windows\System32\drivers\fssfltr.sys

2012-03-08 22:37:20 302448 ----a-w- C:\Windows\WLXPGSS.SCR

2012-03-08 15:47:24 108640 ----a-w- C:\Windows\System32\AERTAR64.dll

2012-03-08 15:47:08 202336 ----a-w- C:\Windows\System32\AERTAC64.dll

.

============= FINISH: 20:16:45.61 ===============

AND

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 6/11/2011 9:09:37 PM

System Uptime: 6/5/2012 7:15:33 PM (1 hours ago)

.

Motherboard: ASUSTeK Computer Inc. | | G73Sw

Processor: Intel® Core i7-2630QM CPU @ 2.00GHz | CPU 1 | 2001/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 677 GiB total, 508.203 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP140: 5/18/2012 7:13:15 AM - Windows Update

RP141: 5/22/2012 2:53:25 AM - Windows Update

RP142: 5/23/2012 4:07:27 PM - Windows Backup

RP143: 5/25/2012 5:22:43 AM - Windows Update

RP144: 5/29/2012 5:39:32 PM - Windows Update

RP145: 5/30/2012 2:38:11 PM - Windows Backup

RP146: 6/4/2012 12:31:28 AM - Windows Update

RP147: 6/5/2012 6:31:13 PM - Configured Power2Go

RP148: 6/5/2012 6:38:33 PM - Configured LabelPrint

RP149: 6/5/2012 6:49:01 PM - Removed Fresco Logic USB3.0 Host Controller

RP150: 6/5/2012 6:49:31 PM - Removed Fresco Logic USB3.0 Host Controller

RP151: 6/5/2012 6:51:28 PM - Removed Fresco Logic USB3.0 Host Controller

.

==== Installed Programs ======================

.

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

ASUS AI Recovery

ASUS Live Update

ASUS SmartLogon

ASUS Splendid Video Enhancement Technology

ASUS Virtual Camera

Asus_G73_Screensaver

AsusVibe2.0

ATK Package

Best Buy pc app

D3DX10

Diablo III

DirectX 9 Runtime

Divinity II - The Dragon Knight Saga

DriverFinder

ExpressGate Cloud

Intel® Control Center

Intel® Management Engine Components

Java Auto Updater

Java 6 Update 30

Junk Mail filter update

Malwarebytes Anti-Malware version 1.61.0.1400

Mesh Runtime

Messenger Companion

Microsoft Games for Windows - LIVE Redistributable

Microsoft Games for Windows Marketplace

Microsoft Office 2010

Microsoft Office Click-to-Run 2010

Microsoft Office Starter 2010 - English

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP3 Parser (KB973685)

Nexon Game Manager

Nuance PDF Reader

NVIDIA 3D Vision Controller Driver

NVIDIA PhysX

NVIDIA Stereoscopic 3D Driver

Pando Media Booster

Realtek Ethernet Controller Driver For Windows 7

Realtek High Definition Audio Driver

Realtek USB 2.0 Reader Driver

RIFT

Roxio AACS Certificate

Roxio Activation Module

Roxio CinePlayer

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Skype™ 5.9

Star Wars: The Old Republic

Steam

System Requirements Lab

TERA

THX TruStudio

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Ventrilo Client

Warhammer® 40,000™: Dawn of War® II

Webroot SecureAnywhere

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Messenger Companion Core

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

WinFlash

Wireless Console 3

World of Warcraft

World of Warcraft Beta

.

==== Event Viewer Messages From Past Week ========

.

6/5/2012 10:51:05 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {000C101C-0000-0000-C000-000000000046} and APPID {000C101C-0000-0000-C000-000000000046} to the user DustinBechtel\Dustin Bechtel SID (S-1-5-21-1637223077-1823268894-3705665849-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.

5/29/2012 12:11:13 AM, Error: Service Control Manager [7031] - The WRSVC service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

.

==== End Of File ===========================

I hope I did not miss anything, and thanks in advance.

Share this post


Link to post
Share on other sites

Welcome to the forum. These infections have proven to be very difficult to remove lately, I'll do my best to help you.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system (don't run any other options, they're not all bad!)

Post back the report.

MrC

Share this post


Link to post
Share on other sites

Thank you for your time Mr.C Here are results

RogueKiller V7.5.4 [06/07/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: Dustin Bechtel [Admin rights]

Mode: Scan -- Date: 06/07/2012 14:04:25

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 6 ¤¤¤

[sUSP PATH] Best Buy pc app.lnk @Default : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> FOUND

[sUSP PATH] Best Buy pc app.lnk @Default User : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> FOUND

[sUSP PATH] Best Buy pc app.lnk @UpdatusUser : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> FOUND

[] HKCR\[...]\InprocServer32 : () -> ACCESS DENIED

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9750420AS +++++

--- User ---

[MBR] 4f4bd665ff46c263e84119abadf61f5d

[bSP] 6fe1c81a55733c3ca19f8cc11417786a : Windows 7 MBR Code

Partition table:

0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 63 | Size: 22003 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 45062325 | Size: 693400 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

Share this post


Link to post
Share on other sites

OK, run RogueKiller again and click Scan

When the scan completes > click on the Registry tab

Put a check next to all of these and uncheck the rest:

[] HKCR\[...]\InprocServer32 : () -> ACCESS DENIED

Now click Delete on the right hand column.

-------------------------

Next......

Please make sure system restore is running and create a new restore point before continuing.

XP <===> Vista & W7

XP users > please back up the registry using ERUNT.

-----------------------------------------

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

tdss_1.jpg

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

tdss_2.jpg

------------------------

Click the Start Scan button.

tdss_3.jpg

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

tdss_4.jpg

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

tdss_5.jpg

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

Share this post


Link to post
Share on other sites

I am a bit confused Mr.C, I rescan roguekiller click on the registy and im looking at 5 things which at automatically checked, but none of the 5 match what you quoted. So am I suppose to delete the 5 or did your quote mess up?

Share this post


Link to post
Share on other sites

Oh Mr.C I just realized that only 5/6 of the things show on roguekiller for check/uncheck and delete.. and it so happens to be the ONE thing that isnt showing up in that list of 5 is the thing you quoted. Sorry for confusion, so what do I do at that point?

Share this post


Link to post
Share on other sites

Close out RogueKiller for now and run TDSSKiller, MrC

Share this post


Link to post
Share on other sites

15:36:19.0343 6284 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16

15:36:19.0633 6284 ============================================================

15:36:19.0633 6284 Current date / time: 2012/06/07 15:36:19.0633

15:36:19.0633 6284 SystemInfo:

15:36:19.0633 6284

15:36:19.0633 6284 OS Version: 6.1.7601 ServicePack: 1.0

15:36:19.0633 6284 Product type: Workstation

15:36:19.0633 6284 ComputerName: DUSTINBECHTEL

15:36:19.0633 6284 UserName: Dustin Bechtel

15:36:19.0633 6284 Windows directory: C:\Windows

15:36:19.0633 6284 System windows directory: C:\Windows

15:36:19.0633 6284 Running under WOW64

15:36:19.0633 6284 Processor architecture: Intel x64

15:36:19.0633 6284 Number of processors: 8

15:36:19.0633 6284 Page size: 0x1000

15:36:19.0633 6284 Boot type: Normal boot

15:36:19.0633 6284 ============================================================

15:36:20.0673 6284 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

15:36:20.0683 6284 ============================================================

15:36:20.0683 6284 \Device\Harddisk0\DR0:

15:36:20.0683 6284 MBR partitions:

15:36:20.0683 6284 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2AF98B5, BlocksNum 0x54A4C63B

15:36:20.0683 6284 ============================================================

15:36:20.0763 6284 C: <-> \Device\Harddisk0\DR0\Partition0

15:36:20.0763 6284 ============================================================

15:36:20.0763 6284 Initialize success

15:36:20.0763 6284 ============================================================

15:36:46.0163 6560 ============================================================

15:36:46.0163 6560 Scan started

15:36:46.0163 6560 Mode: Manual; SigCheck; TDLFS;

15:36:46.0163 6560 ============================================================

15:36:46.0393 6560 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

15:36:47.0403 6560 1394ohci - ok

15:36:47.0443 6560 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

15:36:47.0463 6560 ACPI - ok

15:36:47.0493 6560 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

15:36:47.0563 6560 AcpiPmi - ok

15:36:47.0613 6560 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

15:36:47.0633 6560 adp94xx - ok

15:36:47.0663 6560 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

15:36:47.0673 6560 adpahci - ok

15:36:47.0693 6560 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

15:36:47.0703 6560 adpu320 - ok

15:36:47.0723 6560 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

15:36:47.0843 6560 AeLookupSvc - ok

15:36:47.0913 6560 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

15:36:47.0943 6560 AFD - ok

15:36:47.0973 6560 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

15:36:47.0993 6560 agp440 - ok

15:36:48.0013 6560 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

15:36:48.0043 6560 ALG - ok

15:36:48.0073 6560 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

15:36:48.0073 6560 aliide - ok

15:36:48.0083 6560 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

15:36:48.0093 6560 amdide - ok

15:36:48.0123 6560 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

15:36:48.0173 6560 AmdK8 - ok

15:36:48.0193 6560 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

15:36:48.0223 6560 AmdPPM - ok

15:36:48.0263 6560 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

15:36:48.0273 6560 amdsata - ok

15:36:48.0283 6560 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

15:36:48.0293 6560 amdsbs - ok

15:36:48.0313 6560 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

15:36:48.0323 6560 amdxata - ok

15:36:48.0363 6560 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

15:36:48.0503 6560 AppID - ok

15:36:48.0523 6560 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

15:36:48.0573 6560 AppIDSvc - ok

15:36:48.0603 6560 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

15:36:48.0643 6560 Appinfo - ok

15:36:48.0673 6560 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

15:36:48.0693 6560 arc - ok

15:36:48.0693 6560 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

15:36:48.0703 6560 arcsas - ok

15:36:48.0753 6560 ASLDRService (18e5c2f937f9deb8c282df66a3761925) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

15:36:48.0773 6560 ASLDRService - ok

15:36:48.0783 6560 ASMMAP64 (4c016fd76ed5c05e84ca8cab77993961) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys

15:36:48.0793 6560 ASMMAP64 - ok

15:36:48.0813 6560 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

15:36:48.0853 6560 AsyncMac - ok

15:36:48.0883 6560 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

15:36:48.0893 6560 atapi - ok

15:36:48.0953 6560 athr (e857eee6b92aaa473ebb3465add8f7e7) C:\Windows\system32\DRIVERS\athrx.sys

15:36:49.0053 6560 athr - ok

15:36:49.0093 6560 ATKGFNEXSrv (7910158929571214a959d5a6d16dd9c0) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

15:36:49.0103 6560 ATKGFNEXSrv - ok

15:36:49.0133 6560 ATKWMIACPIIO (1f7238a37389ed92e9d8eee975cabd54) C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys

15:36:49.0143 6560 ATKWMIACPIIO - ok

15:36:49.0243 6560 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

15:36:49.0313 6560 AudioEndpointBuilder - ok

15:36:49.0313 6560 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

15:36:49.0353 6560 AudioSrv - ok

15:36:49.0413 6560 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

15:36:49.0493 6560 AxInstSV - ok

15:36:49.0563 6560 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

15:36:49.0593 6560 b06bdrv - ok

15:36:49.0633 6560 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

15:36:49.0653 6560 b57nd60a - ok

15:36:49.0693 6560 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

15:36:49.0723 6560 BDESVC - ok

15:36:49.0733 6560 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

15:36:49.0763 6560 Beep - ok

15:36:49.0833 6560 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll

15:36:49.0893 6560 BFE - ok

15:36:49.0933 6560 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll

15:36:49.0993 6560 BITS - ok

15:36:50.0043 6560 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

15:36:50.0063 6560 blbdrive - ok

15:36:50.0103 6560 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

15:36:50.0123 6560 bowser - ok

15:36:50.0143 6560 bpenum (f46dd257fad7d2d097ef32e72220a06c) C:\Windows\system32\DRIVERS\bpenum.sys

15:36:50.0183 6560 bpenum - ok

15:36:50.0203 6560 bpmp (e82060aed0f28ed8909f2b07fa276185) C:\Windows\system32\DRIVERS\bpmp.sys

15:36:50.0233 6560 bpmp - ok

15:36:50.0243 6560 bpusb (fc6313a5a45c1ae53d0491f0057d5a4d) C:\Windows\system32\Drivers\bpusb.sys

15:36:50.0273 6560 bpusb - ok

15:36:50.0303 6560 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

15:36:50.0333 6560 BrFiltLo - ok

15:36:50.0343 6560 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

15:36:50.0363 6560 BrFiltUp - ok

15:36:50.0403 6560 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

15:36:50.0453 6560 Browser - ok

15:36:50.0473 6560 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

15:36:50.0513 6560 Brserid - ok

15:36:50.0513 6560 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

15:36:50.0543 6560 BrSerWdm - ok

15:36:50.0553 6560 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

15:36:50.0593 6560 BrUsbMdm - ok

15:36:50.0603 6560 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

15:36:50.0643 6560 BrUsbSer - ok

15:36:50.0653 6560 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

15:36:50.0683 6560 BTHMODEM - ok

15:36:50.0733 6560 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

15:36:50.0773 6560 bthserv - ok

15:36:50.0813 6560 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

15:36:50.0863 6560 cdfs - ok

15:36:50.0913 6560 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys

15:36:50.0923 6560 cdrom - ok

15:36:50.0973 6560 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

15:36:51.0023 6560 CertPropSvc - ok

15:36:51.0053 6560 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

15:36:51.0073 6560 circlass - ok

15:36:51.0113 6560 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

15:36:51.0123 6560 CLFS - ok

15:36:51.0193 6560 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

15:36:51.0203 6560 clr_optimization_v2.0.50727_32 - ok

15:36:51.0243 6560 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

15:36:51.0263 6560 clr_optimization_v2.0.50727_64 - ok

15:36:51.0333 6560 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

15:36:51.0343 6560 clr_optimization_v4.0.30319_32 - ok

15:36:51.0373 6560 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

15:36:51.0383 6560 clr_optimization_v4.0.30319_64 - ok

15:36:51.0413 6560 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

15:36:51.0433 6560 CmBatt - ok

15:36:51.0463 6560 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

15:36:51.0473 6560 cmdide - ok

15:36:51.0523 6560 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

15:36:51.0583 6560 CNG - ok

15:36:51.0613 6560 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

15:36:51.0623 6560 Compbatt - ok

15:36:51.0653 6560 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

15:36:51.0683 6560 CompositeBus - ok

15:36:51.0693 6560 COMSysApp - ok

15:36:51.0703 6560 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

15:36:51.0723 6560 crcdisk - ok

15:36:51.0773 6560 Creative ALchemy AL6 Licensing Service (c8bd651e13895b93ed9ec5b4f1df42bc) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe

15:36:51.0783 6560 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - warning

15:36:51.0783 6560 Creative ALchemy AL6 Licensing Service - detected UnsignedFile.Multi.Generic (1)

15:36:51.0803 6560 Creative Audio Engine Licensing Service (c0ead9f8ab83d41ff07303c75589c2b8) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe

15:36:51.0813 6560 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - warning

15:36:51.0813 6560 Creative Audio Engine Licensing Service - detected UnsignedFile.Multi.Generic (1)

15:36:51.0863 6560 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll

15:36:51.0903 6560 CryptSvc - ok

15:36:51.0983 6560 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

15:36:52.0003 6560 cvhsvc - ok

15:36:52.0053 6560 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

15:36:52.0113 6560 DcomLaunch - ok

15:36:52.0153 6560 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

15:36:52.0193 6560 defragsvc - ok

15:36:52.0243 6560 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

15:36:52.0293 6560 DfsC - ok

15:36:52.0323 6560 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

15:36:52.0363 6560 Dhcp - ok

15:36:52.0393 6560 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

15:36:52.0423 6560 discache - ok

15:36:52.0433 6560 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

15:36:52.0443 6560 Disk - ok

15:36:52.0503 6560 DMAgent (c4aebbeb530706b45b7916161a1f525d) C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe

15:36:52.0523 6560 DMAgent ( UnsignedFile.Multi.Generic ) - warning

15:36:52.0523 6560 DMAgent - detected UnsignedFile.Multi.Generic (1)

15:36:52.0563 6560 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

15:36:52.0603 6560 Dnscache - ok

15:36:52.0643 6560 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

15:36:52.0683 6560 dot3svc - ok

15:36:52.0703 6560 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

15:36:52.0743 6560 DPS - ok

15:36:52.0783 6560 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

15:36:52.0803 6560 drmkaud - ok

15:36:52.0873 6560 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

15:36:52.0893 6560 DXGKrnl - ok

15:36:52.0953 6560 EagleX64 - ok

15:36:52.0983 6560 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

15:36:53.0033 6560 EapHost - ok

15:36:53.0153 6560 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

15:36:53.0253 6560 ebdrv - ok

15:36:53.0333 6560 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

15:36:53.0373 6560 EFS - ok

15:36:53.0453 6560 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

15:36:53.0513 6560 ehRecvr - ok

15:36:53.0543 6560 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

15:36:53.0563 6560 ehSched - ok

15:36:53.0613 6560 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

15:36:53.0633 6560 elxstor - ok

15:36:53.0663 6560 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

15:36:53.0683 6560 ErrDev - ok

15:36:53.0733 6560 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

15:36:53.0783 6560 EventSystem - ok

15:36:53.0813 6560 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

15:36:53.0853 6560 exfat - ok

15:36:53.0893 6560 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

15:36:53.0933 6560 fastfat - ok

15:36:53.0993 6560 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

15:36:54.0053 6560 Fax - ok

15:36:54.0073 6560 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

15:36:54.0103 6560 fdc - ok

15:36:54.0113 6560 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

15:36:54.0153 6560 fdPHost - ok

15:36:54.0163 6560 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

15:36:54.0213 6560 FDResPub - ok

15:36:54.0233 6560 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

15:36:54.0243 6560 FileInfo - ok

15:36:54.0253 6560 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

15:36:54.0293 6560 Filetrace - ok

15:36:54.0323 6560 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

15:36:54.0343 6560 flpydisk - ok

15:36:54.0383 6560 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

15:36:54.0403 6560 FltMgr - ok

15:36:54.0443 6560 FLxHCIc (d0adbcf2a5316d23ef67dfaa02d5d544) C:\Windows\system32\DRIVERS\FLxHCIc.sys

15:36:54.0483 6560 FLxHCIc - ok

15:36:54.0523 6560 FLxHCIh (f9b6db9727ad2f14ecf84e43eb5279f7) C:\Windows\system32\DRIVERS\FLxHCIh.sys

15:36:54.0553 6560 FLxHCIh - ok

15:36:54.0613 6560 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

15:36:54.0693 6560 FontCache - ok

15:36:54.0743 6560 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

15:36:54.0753 6560 FontCache3.0.0.0 - ok

15:36:54.0773 6560 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

15:36:54.0793 6560 FsDepends - ok

15:36:54.0833 6560 fssfltr (07da62c960ddccc2d35836aeab4fc578) C:\Windows\system32\DRIVERS\fssfltr.sys

15:36:54.0843 6560 fssfltr - ok

15:36:54.0953 6560 fsssvc (28ddeeec44e988657b732cf404d504cb) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe

15:36:55.0003 6560 fsssvc - ok

15:36:55.0113 6560 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys

15:36:55.0123 6560 Fs_Rec - ok

15:36:55.0163 6560 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

15:36:55.0173 6560 fvevol - ok

15:36:55.0203 6560 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

15:36:55.0223 6560 gagp30kx - ok

15:36:55.0283 6560 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

15:36:55.0343 6560 gpsvc - ok

15:36:55.0363 6560 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

15:36:55.0403 6560 hcw85cir - ok

15:36:55.0453 6560 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

15:36:55.0473 6560 HdAudAddService - ok

15:36:55.0503 6560 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

15:36:55.0533 6560 HDAudBus - ok

15:36:55.0553 6560 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

15:36:55.0573 6560 HidBatt - ok

15:36:55.0583 6560 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

15:36:55.0613 6560 HidBth - ok

15:36:55.0633 6560 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

15:36:55.0643 6560 HidIr - ok

15:36:55.0673 6560 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll

15:36:55.0723 6560 hidserv - ok

15:36:55.0773 6560 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

15:36:55.0783 6560 HidUsb - ok

15:36:55.0823 6560 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

15:36:55.0863 6560 hkmsvc - ok

15:36:55.0913 6560 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

15:36:55.0953 6560 HomeGroupListener - ok

15:36:55.0983 6560 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

15:36:56.0003 6560 HomeGroupProvider - ok

15:36:56.0023 6560 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

15:36:56.0033 6560 HpSAMD - ok

15:36:56.0103 6560 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

15:36:56.0143 6560 HTTP - ok

15:36:56.0173 6560 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

15:36:56.0183 6560 hwpolicy - ok

15:36:56.0223 6560 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

15:36:56.0243 6560 i8042prt - ok

15:36:56.0273 6560 iaStor (f7ce9be72edac499b713eca6dae5d26f) C:\Windows\system32\DRIVERS\iaStor.sys

15:36:56.0283 6560 iaStor - ok

15:36:56.0353 6560 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

15:36:56.0363 6560 iaStorV - ok

15:36:56.0463 6560 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

15:36:56.0493 6560 idsvc - ok

15:36:56.0523 6560 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

15:36:56.0543 6560 iirsp - ok

15:36:56.0593 6560 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

15:36:56.0643 6560 IKEEXT - ok

15:36:56.0803 6560 IntcAzAudAddService (5f6a3ea5bd7ca861863a3a06cecc115c) C:\Windows\system32\drivers\RTKVHD64.sys

15:36:56.0863 6560 IntcAzAudAddService - ok

15:36:56.0973 6560 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

15:36:56.0983 6560 intelide - ok

15:36:57.0013 6560 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

15:36:57.0023 6560 intelppm - ok

15:36:57.0053 6560 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

15:36:57.0103 6560 IPBusEnum - ok

15:36:57.0133 6560 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

15:36:57.0173 6560 IpFilterDriver - ok

15:36:57.0233 6560 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll

15:36:57.0293 6560 iphlpsvc - ok

15:36:57.0333 6560 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

15:36:57.0353 6560 IPMIDRV - ok

15:36:57.0373 6560 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

15:36:57.0413 6560 IPNAT - ok

15:36:57.0443 6560 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

15:36:57.0463 6560 IRENUM - ok

15:36:57.0483 6560 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

15:36:57.0493 6560 isapnp - ok

15:36:57.0533 6560 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

15:36:57.0553 6560 iScsiPrt - ok

15:36:57.0563 6560 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

15:36:57.0573 6560 kbdclass - ok

15:36:57.0583 6560 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys

15:36:57.0603 6560 kbdhid - ok

15:36:57.0643 6560 kbfiltr (e63ef8c3271d014f14e2469ce75fecb4) C:\Windows\system32\DRIVERS\kbfiltr.sys

15:36:57.0643 6560 kbfiltr - ok

15:36:57.0683 6560 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

15:36:57.0693 6560 KeyIso - ok

15:36:57.0713 6560 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

15:36:57.0723 6560 KSecDD - ok

15:36:57.0743 6560 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

15:36:57.0753 6560 KSecPkg - ok

15:36:57.0773 6560 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

15:36:57.0813 6560 ksthunk - ok

15:36:57.0843 6560 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

15:36:57.0893 6560 KtmRm - ok

15:36:57.0943 6560 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll

15:36:57.0993 6560 LanmanServer - ok

15:36:58.0043 6560 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

15:36:58.0083 6560 LanmanWorkstation - ok

15:36:58.0123 6560 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

15:36:58.0163 6560 lltdio - ok

15:36:58.0203 6560 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

15:36:58.0243 6560 lltdsvc - ok

15:36:58.0263 6560 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

15:36:58.0293 6560 lmhosts - ok

15:36:58.0363 6560 LMS (0803906d607a9b83184447b75b60ecc2) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

15:36:58.0373 6560 LMS - ok

15:36:58.0433 6560 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

15:36:58.0443 6560 LSI_FC - ok

15:36:58.0463 6560 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

15:36:58.0473 6560 LSI_SAS - ok

15:36:58.0483 6560 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

15:36:58.0503 6560 LSI_SAS2 - ok

15:36:58.0513 6560 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

15:36:58.0523 6560 LSI_SCSI - ok

15:36:58.0533 6560 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

15:36:58.0573 6560 luafv - ok

15:36:58.0653 6560 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys

15:36:58.0653 6560 MBAMProtector - ok

15:36:58.0743 6560 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

15:36:58.0763 6560 MBAMService - ok

15:36:58.0813 6560 MBfilt (8ff2d95cba49b405c5de27039ff0bf35) C:\Windows\system32\drivers\MBfilt64.sys

15:36:58.0813 6560 MBfilt - ok

15:36:58.0843 6560 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

15:36:58.0873 6560 Mcx2Svc - ok

15:36:58.0893 6560 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

15:36:58.0903 6560 megasas - ok

15:36:58.0963 6560 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

15:36:58.0983 6560 MegaSR - ok

15:36:59.0013 6560 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys

15:36:59.0023 6560 MEIx64 - ok

15:36:59.0043 6560 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

15:36:59.0083 6560 MMCSS - ok

15:36:59.0103 6560 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

15:36:59.0143 6560 Modem - ok

15:36:59.0153 6560 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

15:36:59.0183 6560 monitor - ok

15:36:59.0223 6560 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

15:36:59.0223 6560 mouclass - ok

15:36:59.0243 6560 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

15:36:59.0263 6560 mouhid - ok

15:36:59.0313 6560 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

15:36:59.0313 6560 mountmgr - ok

15:36:59.0363 6560 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

15:36:59.0373 6560 mpio - ok

15:36:59.0383 6560 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

15:36:59.0423 6560 mpsdrv - ok

15:36:59.0473 6560 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll

15:36:59.0543 6560 MpsSvc - ok

15:36:59.0573 6560 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

15:36:59.0603 6560 MRxDAV - ok

15:36:59.0633 6560 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

15:36:59.0673 6560 mrxsmb - ok

15:36:59.0703 6560 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

15:36:59.0733 6560 mrxsmb10 - ok

15:36:59.0743 6560 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

15:36:59.0753 6560 mrxsmb20 - ok

15:36:59.0793 6560 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

15:36:59.0803 6560 msahci - ok

15:36:59.0823 6560 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

15:36:59.0833 6560 msdsm - ok

15:36:59.0863 6560 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

15:36:59.0893 6560 MSDTC - ok

15:36:59.0913 6560 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

15:36:59.0943 6560 Msfs - ok

15:36:59.0963 6560 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

15:37:00.0013 6560 mshidkmdf - ok

15:37:00.0033 6560 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

15:37:00.0043 6560 msisadrv - ok

15:37:00.0083 6560 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

15:37:00.0123 6560 MSiSCSI - ok

15:37:00.0123 6560 msiserver - ok

15:37:00.0143 6560 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

15:37:00.0183 6560 MSKSSRV - ok

15:37:00.0203 6560 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

15:37:00.0243 6560 MSPCLOCK - ok

15:37:00.0263 6560 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

15:37:00.0313 6560 MSPQM - ok

15:37:00.0343 6560 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

15:37:00.0363 6560 MsRPC - ok

15:37:00.0403 6560 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

15:37:00.0413 6560 mssmbios - ok

15:37:00.0433 6560 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

15:37:00.0473 6560 MSTEE - ok

15:37:00.0493 6560 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

15:37:00.0503 6560 MTConfig - ok

15:37:00.0523 6560 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

15:37:00.0533 6560 Mup - ok

15:37:00.0573 6560 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

15:37:00.0623 6560 napagent - ok

15:37:00.0663 6560 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

15:37:00.0693 6560 NativeWifiP - ok

15:37:00.0773 6560 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

15:37:00.0813 6560 NDIS - ok

15:37:00.0833 6560 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

15:37:00.0873 6560 NdisCap - ok

15:37:00.0893 6560 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

15:37:00.0933 6560 NdisTapi - ok

15:37:00.0963 6560 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

15:37:01.0003 6560 Ndisuio - ok

15:37:01.0033 6560 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

15:37:01.0073 6560 NdisWan - ok

15:37:01.0103 6560 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

15:37:01.0133 6560 NDProxy - ok

15:37:01.0163 6560 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

15:37:01.0203 6560 NetBIOS - ok

15:37:01.0243 6560 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

15:37:01.0273 6560 NetBT - ok

15:37:01.0303 6560 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

15:37:01.0313 6560 Netlogon - ok

15:37:01.0353 6560 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

15:37:01.0403 6560 Netman - ok

15:37:01.0433 6560 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

15:37:01.0483 6560 netprofm - ok

15:37:01.0553 6560 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

15:37:01.0573 6560 NetTcpPortSharing - ok

15:37:01.0823 6560 NETwNs64 (eb43840babf5589e33186d094de7381d) C:\Windows\system32\DRIVERS\NETwNs64.sys

15:37:02.0033 6560 NETwNs64 - ok

15:37:02.0123 6560 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

15:37:02.0143 6560 nfrd960 - ok

15:37:02.0183 6560 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

15:37:02.0233 6560 NlaSvc - ok

15:37:02.0253 6560 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

15:37:02.0283 6560 Npfs - ok

15:37:02.0303 6560 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

15:37:02.0343 6560 nsi - ok

15:37:02.0363 6560 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

15:37:02.0393 6560 nsiproxy - ok

15:37:02.0473 6560 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

15:37:02.0533 6560 Ntfs - ok

15:37:02.0603 6560 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

15:37:02.0643 6560 Null - ok

15:37:02.0683 6560 NVHDA (960e39a54e525df58cb29193147dffa1) C:\Windows\system32\drivers\nvhda64v.sys

15:37:02.0693 6560 NVHDA - ok

15:37:03.0123 6560 nvlddmkm (b34e9bfbd9c61048ef6281c3e7ec210a) C:\Windows\system32\DRIVERS\nvlddmkm.sys

15:37:03.0283 6560 nvlddmkm - ok

15:37:03.0393 6560 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

15:37:03.0403 6560 nvraid - ok

15:37:03.0443 6560 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

15:37:03.0453 6560 nvstor - ok

15:37:03.0523 6560 nvsvc (dfda089bb2cd0ff7e789e2ef6ba1e4ba) C:\Windows\system32\nvvsvc.exe

15:37:03.0553 6560 nvsvc - ok

15:37:03.0693 6560 nvUpdatusService (e7818cd4fb51284c948d68a7a85a69b8) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

15:37:03.0773 6560 nvUpdatusService - ok

15:37:03.0873 6560 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

15:37:03.0893 6560 nv_agp - ok

15:37:03.0923 6560 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

15:37:03.0943 6560 ohci1394 - ok

15:37:04.0013 6560 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

15:37:04.0023 6560 ose - ok

15:37:04.0243 6560 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

15:37:04.0393 6560 osppsvc - ok

15:37:04.0473 6560 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

15:37:04.0513 6560 p2pimsvc - ok

15:37:04.0543 6560 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

15:37:04.0563 6560 p2psvc - ok

15:37:04.0593 6560 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

15:37:04.0613 6560 Parport - ok

15:37:04.0653 6560 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys

15:37:04.0663 6560 partmgr - ok

15:37:04.0683 6560 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

15:37:04.0703 6560 PcaSvc - ok

15:37:04.0743 6560 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

15:37:04.0753 6560 pci - ok

15:37:04.0783 6560 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

15:37:04.0793 6560 pciide - ok

15:37:04.0813 6560 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

15:37:04.0833 6560 pcmcia - ok

15:37:04.0843 6560 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

15:37:04.0853 6560 pcw - ok

15:37:04.0883 6560 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

15:37:04.0953 6560 PEAUTH - ok

15:37:05.0013 6560 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

15:37:05.0043 6560 PerfHost - ok

15:37:05.0133 6560 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

15:37:05.0213 6560 pla - ok

15:37:05.0263 6560 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

15:37:05.0313 6560 PlugPlay - ok

15:37:05.0333 6560 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

15:37:05.0353 6560 PNRPAutoReg - ok

15:37:05.0383 6560 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

15:37:05.0403 6560 PNRPsvc - ok

15:37:05.0453 6560 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

15:37:05.0513 6560 PolicyAgent - ok

15:37:05.0543 6560 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

15:37:05.0583 6560 Power - ok

15:37:05.0653 6560 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

15:37:05.0693 6560 PptpMiniport - ok

15:37:05.0713 6560 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

15:37:05.0743 6560 Processor - ok

15:37:05.0783 6560 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll

15:37:05.0833 6560 ProfSvc - ok

15:37:05.0863 6560 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

15:37:05.0873 6560 ProtectedStorage - ok

15:37:05.0913 6560 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

15:37:05.0943 6560 Psched - ok

15:37:05.0973 6560 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys

15:37:05.0983 6560 PxHlpa64 - ok

15:37:06.0063 6560 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

15:37:06.0113 6560 ql2300 - ok

15:37:06.0203 6560 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

15:37:06.0223 6560 ql40xx - ok

15:37:06.0253 6560 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

15:37:06.0273 6560 QWAVE - ok

15:37:06.0283 6560 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

15:37:06.0313 6560 QWAVEdrv - ok

15:37:06.0333 6560 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

15:37:06.0363 6560 RasAcd - ok

15:37:06.0393 6560 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

15:37:06.0433 6560 RasAgileVpn - ok

15:37:06.0443 6560 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

15:37:06.0483 6560 RasAuto - ok

15:37:06.0523 6560 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

15:37:06.0563 6560 Rasl2tp - ok

15:37:06.0603 6560 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

15:37:06.0633 6560 RasMan - ok

15:37:06.0653 6560 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

15:37:06.0703 6560 RasPppoe - ok

15:37:06.0723 6560 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

15:37:06.0763 6560 RasSstp - ok

15:37:06.0793 6560 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

15:37:06.0823 6560 rdbss - ok

15:37:06.0833 6560 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

15:37:06.0863 6560 rdpbus - ok

15:37:06.0893 6560 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

15:37:06.0933 6560 RDPCDD - ok

15:37:06.0943 6560 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

15:37:06.0983 6560 RDPENCDD - ok

15:37:07.0013 6560 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

15:37:07.0043 6560 RDPREFMP - ok

15:37:07.0073 6560 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys

15:37:07.0103 6560 RDPWD - ok

15:37:07.0143 6560 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

15:37:07.0153 6560 rdyboost - ok

15:37:07.0173 6560 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

15:37:07.0213 6560 RemoteAccess - ok

15:37:07.0243 6560 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

15:37:07.0283 6560 RemoteRegistry - ok

15:37:07.0303 6560 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

15:37:07.0343 6560 RpcEptMapper - ok

15:37:07.0363 6560 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

15:37:07.0383 6560 RpcLocator - ok

15:37:07.0433 6560 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

15:37:07.0473 6560 RpcSs - ok

15:37:07.0493 6560 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

15:37:07.0543 6560 rspndr - ok

15:37:07.0593 6560 RSUSBVSTOR (e57fac2cdb73f06586ed2ed310b80932) C:\Windows\system32\Drivers\RtsUVStor.sys

15:37:07.0603 6560 RSUSBVSTOR - ok

15:37:07.0623 6560 RTL8167 (20a466b9ea2bd828c0ec723f99b8cfe7) C:\Windows\system32\DRIVERS\Rt64win7.sys

15:37:07.0633 6560 RTL8167 - ok

15:37:07.0663 6560 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

15:37:07.0673 6560 SamSs - ok

15:37:07.0703 6560 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

15:37:07.0713 6560 sbp2port - ok

15:37:07.0743 6560 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

15:37:07.0773 6560 SCardSvr - ok

15:37:07.0803 6560 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

15:37:07.0843 6560 scfilter - ok

15:37:07.0903 6560 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

15:37:07.0973 6560 Schedule - ok

15:37:08.0003 6560 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

15:37:08.0033 6560 SCPolicySvc - ok

15:37:08.0043 6560 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

15:37:08.0073 6560 SDRSVC - ok

15:37:08.0123 6560 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

15:37:08.0153 6560 secdrv - ok

15:37:08.0183 6560 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

15:37:08.0233 6560 seclogon - ok

15:37:08.0253 6560 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll

15:37:08.0303 6560 SENS - ok

15:37:08.0303 6560 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

15:37:08.0323 6560 SensrSvc - ok

15:37:08.0353 6560 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

15:37:08.0373 6560 Serenum - ok

15:37:08.0413 6560 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

15:37:08.0433 6560 Serial - ok

15:37:08.0453 6560 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

15:37:08.0483 6560 sermouse - ok

15:37:08.0513 6560 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

15:37:08.0563 6560 SessionEnv - ok

15:37:08.0593 6560 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

15:37:08.0633 6560 sffdisk - ok

15:37:08.0643 6560 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

15:37:08.0663 6560 sffp_mmc - ok

15:37:08.0663 6560 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

15:37:08.0693 6560 sffp_sd - ok

15:37:08.0713 6560 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

15:37:08.0733 6560 sfloppy - ok

15:37:08.0783 6560 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys

15:37:08.0803 6560 Sftfs - ok

15:37:08.0883 6560 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

15:37:08.0893 6560 sftlist - ok

15:37:08.0933 6560 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys

15:37:08.0943 6560 Sftplay - ok

15:37:08.0953 6560 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys

15:37:08.0963 6560 Sftredir - ok

15:37:08.0993 6560 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys

15:37:09.0003 6560 Sftvol - ok

15:37:09.0023 6560 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

15:37:09.0033 6560 sftvsa - ok

15:37:09.0063 6560 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

15:37:09.0103 6560 SharedAccess - ok

15:37:09.0153 6560 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

15:37:09.0203 6560 ShellHWDetection - ok

15:37:09.0253 6560 SiSGbeLH (1bc348cf6baa90ec8e533ef6e6a69933) C:\Windows\system32\DRIVERS\SiSG664.sys

15:37:09.0273 6560 SiSGbeLH - ok

15:37:09.0293 6560 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

15:37:09.0303 6560 SiSRaid2 - ok

15:37:09.0323 6560 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

15:37:09.0343 6560 SiSRaid4 - ok

15:37:09.0423 6560 SkypeUpdate (68ea68d03bf58389fe6ad2b38fad798c) C:\Program Files (x86)\Skype\Updater\Updater.exe

15:37:09.0453 6560 SkypeUpdate - ok

15:37:09.0473 6560 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

15:37:09.0513 6560 Smb - ok

15:37:09.0553 6560 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

15:37:09.0583 6560 SNMPTRAP - ok

15:37:09.0603 6560 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

15:37:09.0613 6560 spldr - ok

15:37:09.0653 6560 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

15:37:09.0703 6560 Spooler - ok

15:37:09.0843 6560 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

15:37:09.0963 6560 sppsvc - ok

15:37:10.0053 6560 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

15:37:10.0093 6560 sppuinotify - ok

15:37:10.0143 6560 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

15:37:10.0183 6560 srv - ok

15:37:10.0213 6560 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

15:37:10.0243 6560 srv2 - ok

15:37:10.0263 6560 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

15:37:10.0283 6560 srvnet - ok

15:37:10.0323 6560 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

15:37:10.0373 6560 SSDPSRV - ok

15:37:10.0393 6560 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

15:37:10.0423 6560 SstpSvc - ok

15:37:10.0493 6560 Steam Client Service - ok

15:37:10.0553 6560 Stereo Service (6086b60f2e36d06a063cb07ed0524332) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

15:37:10.0563 6560 Stereo Service - ok

15:37:10.0583 6560 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

15:37:10.0603 6560 stexstor - ok

15:37:10.0723 6560 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

15:37:10.0763 6560 stisvc - ok

15:37:10.0793 6560 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

15:37:10.0803 6560 swenum - ok

15:37:10.0833 6560 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

15:37:10.0903 6560 swprv - ok

15:37:10.0963 6560 SynTP (bc642d540aedf9a253c74d10c848ebd2) C:\Windows\system32\DRIVERS\SynTP.sys

15:37:10.0983 6560 SynTP - ok

15:37:11.0133 6560 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

15:37:11.0213 6560 SysMain - ok

15:37:11.0283 6560 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

15:37:11.0303 6560 TabletInputService - ok

15:37:11.0323 6560 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

15:37:11.0373 6560 TapiSrv - ok

15:37:11.0393 6560 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

15:37:11.0423 6560 TBS - ok

15:37:11.0543 6560 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys

15:37:11.0623 6560 Tcpip - ok

15:37:11.0733 6560 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys

15:37:11.0763 6560 TCPIP6 - ok

15:37:11.0863 6560 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

15:37:11.0903 6560 tcpipreg - ok

15:37:11.0923 6560 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

15:37:11.0953 6560 TDPIPE - ok

15:37:11.0983 6560 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

15:37:12.0013 6560 TDTCP - ok

15:37:12.0053 6560 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

15:37:12.0083 6560 tdx - ok

15:37:12.0123 6560 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

15:37:12.0133 6560 TermDD - ok

15:37:12.0163 6560 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

15:37:12.0223 6560 TermService - ok

15:37:12.0243 6560 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

15:37:12.0283 6560 Themes - ok

15:37:12.0303 6560 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

15:37:12.0333 6560 THREADORDER - ok

15:37:12.0343 6560 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

15:37:12.0373 6560 TrkWks - ok

15:37:12.0423 6560 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

15:37:12.0463 6560 TrustedInstaller - ok

15:37:12.0503 6560 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

15:37:12.0553 6560 tssecsrv - ok

15:37:12.0613 6560 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

15:37:12.0643 6560 TsUsbFlt - ok

15:37:12.0683 6560 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

15:37:12.0743 6560 tunnel - ok

15:37:12.0763 6560 TurboB (b355581a9da34c92e2dbafa410d2f829) C:\Windows\system32\DRIVERS\TurboB.sys

15:37:12.0773 6560 TurboB - ok

15:37:12.0823 6560 TurboBoost (6564e84b1522c12ea1c3a181ed03276f) C:\Program Files\Intel\TurboBoost\TurboBoost.exe

15:37:12.0833 6560 TurboBoost - ok

15:37:12.0853 6560 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

15:37:12.0873 6560 uagp35 - ok

15:37:12.0913 6560 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

15:37:12.0943 6560 udfs - ok

15:37:12.0983 6560 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

15:37:13.0003 6560 UI0Detect - ok

15:37:13.0033 6560 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

15:37:13.0053 6560 uliagpkx - ok

15:37:13.0103 6560 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys

15:37:13.0113 6560 umbus - ok

15:37:13.0143 6560 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

15:37:13.0163 6560 UmPass - ok

15:37:13.0303 6560 UNS (eb79c6c91a99930015ef29ae7fa802d1) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

15:37:13.0393 6560 UNS - ok

15:37:13.0493 6560 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

15:37:13.0543 6560 upnphost - ok

15:37:13.0593 6560 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys

15:37:13.0623 6560 usbaudio - ok

15:37:13.0673 6560 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

15:37:13.0693 6560 usbccgp - ok

15:37:13.0723 6560 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

15:37:13.0733 6560 usbcir - ok

15:37:13.0753 6560 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys

15:37:13.0763 6560 usbehci - ok

15:37:13.0793 6560 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

15:37:13.0803 6560 usbhub - ok

15:37:13.0843 6560 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

15:37:13.0863 6560 usbohci - ok

15:37:13.0883 6560 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

15:37:13.0903 6560 usbprint - ok

15:37:13.0923 6560 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS

15:37:13.0953 6560 USBSTOR - ok

15:37:13.0973 6560 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

15:37:14.0003 6560 usbuhci - ok

15:37:14.0053 6560 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys

15:37:14.0073 6560 usbvideo - ok

15:37:14.0093 6560 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

15:37:14.0133 6560 UxSms - ok

15:37:14.0163 6560 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

15:37:14.0173 6560 VaultSvc - ok

15:37:14.0203 6560 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

15:37:14.0213 6560 vdrvroot - ok

15:37:14.0263 6560 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

15:37:14.0313 6560 vds - ok

15:37:14.0323 6560 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

15:37:14.0333 6560 vga - ok

15:37:14.0343 6560 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

15:37:14.0383 6560 VgaSave - ok

15:37:14.0403 6560 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

15:37:14.0423 6560 vhdmp - ok

15:37:14.0433 6560 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

15:37:14.0443 6560 viaide - ok

15:37:14.0493 6560 VideAceWindowsService (0adf410187b71c9b855721c8d59cec7a) C:\ExpressGateUtil\VAWinService.exe

15:37:14.0503 6560 VideAceWindowsService ( UnsignedFile.Multi.Generic ) - warning

15:37:14.0503 6560 VideAceWindowsService - detected UnsignedFile.Multi.Generic (1)

15:37:14.0523 6560 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

15:37:14.0533 6560 volmgr - ok

15:37:14.0573 6560 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

15:37:14.0593 6560 volmgrx - ok

15:37:14.0613 6560 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

15:37:14.0623 6560 volsnap - ok

15:37:14.0653 6560 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

15:37:14.0673 6560 vsmraid - ok

15:37:14.0743 6560 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

15:37:14.0823 6560 VSS - ok

15:37:14.0903 6560 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

15:37:14.0923 6560 vwifibus - ok

15:37:14.0943 6560 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

15:37:14.0963 6560 vwififlt - ok

15:37:14.0983 6560 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys

15:37:14.0993 6560 vwifimp - ok

15:37:15.0033 6560 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

15:37:15.0073 6560 W32Time - ok

15:37:15.0103 6560 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

15:37:15.0123 6560 WacomPen - ok

15:37:15.0163 6560 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

15:37:15.0203 6560 WANARP - ok

15:37:15.0223 6560 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

15:37:15.0243 6560 Wanarpv6 - ok

15:37:15.0343 6560 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

15:37:15.0383 6560 WatAdminSvc - ok

15:37:15.0463 6560 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

15:37:15.0523 6560 wbengine - ok

15:37:15.0603 6560 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

15:37:15.0623 6560 WbioSrvc - ok

15:37:15.0663 6560 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

15:37:15.0703 6560 wcncsvc - ok

15:37:15.0723 6560 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

15:37:15.0743 6560 WcsPlugInService - ok

15:37:15.0863 6560 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

15:37:15.0873 6560 Wd - ok

15:37:15.0923 6560 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

15:37:15.0953 6560 Wdf01000 - ok

15:37:15.0973 6560 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

15:37:16.0033 6560 WdiServiceHost - ok

15:37:16.0033 6560 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

15:37:16.0043 6560 WdiSystemHost - ok

15:37:16.0093 6560 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

15:37:16.0113 6560 WebClient - ok

15:37:16.0163 6560 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

15:37:16.0193 6560 Wecsvc - ok

15:37:16.0223 6560 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

15:37:16.0273 6560 wercplsupport - ok

15:37:16.0303 6560 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

15:37:16.0343 6560 WerSvc - ok

15:37:16.0383 6560 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

15:37:16.0413 6560 WfpLwf - ok

15:37:16.0513 6560 WiMAXAppSrv (f3c522691316a24328a7b58b0a86028d) C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe

15:37:16.0543 6560 WiMAXAppSrv ( UnsignedFile.Multi.Generic ) - warning

15:37:16.0543 6560 WiMAXAppSrv - detected UnsignedFile.Multi.Generic (1)

15:37:16.0583 6560 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys

15:37:16.0593 6560 WimFltr - ok

15:37:16.0613 6560 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

15:37:16.0623 6560 WIMMount - ok

15:37:16.0663 6560 WinDefend - ok

15:37:16.0663 6560 WinHttpAutoProxySvc - ok

15:37:16.0713 6560 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

15:37:16.0743 6560 Winmgmt - ok

15:37:16.0843 6560 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

15:37:16.0943 6560 WinRM - ok

15:37:17.0053 6560 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

15:37:17.0093 6560 Wlansvc - ok

15:37:17.0183 6560 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

15:37:17.0193 6560 wlcrasvc - ok

15:37:17.0353 6560 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

15:37:17.0433 6560 wlidsvc - ok

15:37:17.0533 6560 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

15:37:17.0553 6560 WmiAcpi - ok

15:37:17.0603 6560 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

15:37:17.0623 6560 wmiApSrv - ok

15:37:17.0663 6560 WMPNetworkSvc - ok

15:37:17.0683 6560 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

15:37:17.0703 6560 WPCSvc - ok

15:37:17.0733 6560 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

15:37:17.0753 6560 WPDBusEnum - ok

15:37:17.0823 6560 WRkrn (37335ce3a5df673c03abb64b6df1456e) C:\Windows\system32\drivers\WRkrn.sys

15:37:17.0833 6560 WRkrn - ok

15:37:17.0943 6560 WRSVC (784a12feeda1b5dfcef38d4769b1904a) C:\Program Files\Webroot\WRSA.exe

15:37:17.0953 6560 WRSVC - ok

15:37:17.0973 6560 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

15:37:18.0013 6560 ws2ifsl - ok

15:37:18.0033 6560 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll

15:37:18.0073 6560 wscsvc - ok

15:37:18.0073 6560 WSearch - ok

15:37:18.0173 6560 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll

15:37:18.0273 6560 wuauserv - ok

15:37:18.0383 6560 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

15:37:18.0423 6560 WudfPf - ok

15:37:18.0463 6560 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

15:37:18.0503 6560 WUDFRd - ok

15:37:18.0533 6560 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

15:37:18.0563 6560 wudfsvc - ok

15:37:18.0583 6560 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

15:37:18.0613 6560 WwanSvc - ok

15:37:18.0663 6560 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

15:37:19.0083 6560 \Device\Harddisk0\DR0 - ok

15:37:19.0083 6560 Boot (0x1200) (e576322af891f9efd16ce8de647055fc) \Device\Harddisk0\DR0\Partition0

15:37:19.0083 6560 \Device\Harddisk0\DR0\Partition0 - ok

15:37:19.0083 6560 ============================================================

15:37:19.0083 6560 Scan finished

15:37:19.0083 6560 ============================================================

15:37:19.0093 6552 Detected object count: 5

15:37:19.0093 6552 Actual detected object count: 5

15:37:59.0723 6552 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user

15:37:59.0723 6552 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:37:59.0723 6552 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user

15:37:59.0723 6552 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:37:59.0723 6552 DMAgent ( UnsignedFile.Multi.Generic ) - skipped by user

15:37:59.0723 6552 DMAgent ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:37:59.0723 6552 VideAceWindowsService ( UnsignedFile.Multi.Generic ) - skipped by user

15:37:59.0723 6552 VideAceWindowsService ( UnsignedFile.Multi.Generic ) - User select action: Skip

15:37:59.0723 6552 WiMAXAppSrv ( UnsignedFile.Multi.Generic ) - skipped by user

15:37:59.0723 6552 WiMAXAppSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip

Share this post


Link to post
Share on other sites

OK, that scan was clean.....

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Share this post


Link to post
Share on other sites

I did have to reboot from the illegal operation message, but the next reboot was abit slow with loading applications and all.. Is that normal, it is usually lightning quick. Anyhow here is the results

ComboFix 12-06-07.03 - Dustin Bechtel 06/07/2012 16:40:01.1.8 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8169.6435 [GMT -4:00]

Running from: c:\users\Dustin Bechtel\Desktop\ComboFix.exe

AV: Webroot SecureAnywhere *Enabled/Updated* {9C0666FC-6C7D-3E97-3C40-0C6B33FC7401}

SP: Webroot SecureAnywhere *Enabled/Updated* {27678718-4A47-3119-06F0-3719487B3EBC}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\Install.exe

c:\users\Dustin Bechtel\AppData\Local\assembly\tmp

c:\users\Dustin Bechtel\AppData\Roaming\Microsoft\Windows\Recent\Divinity II - Dragon Knight Saga.url

.

.

((((((((((((((((((((((((( Files Created from 2012-05-07 to 2012-06-07 )))))))))))))))))))))))))))))))

.

.

2012-06-07 20:43 . 2012-06-07 20:43 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-06-07 20:43 . 2012-06-07 20:43 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-06-05 20:03 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{71E0F43A-3EF0-4243-9455-60E5731491BD}\mpengine.dll

2012-05-22 16:04 . 2012-06-06 19:25 -------- d-----w- c:\program files (x86)\Diablo III

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-07 20:45 . 2011-05-04 12:30 45056 ----a-w- c:\windows\system32\acovcnt.exe

2012-05-18 07:04 . 2012-01-20 00:41 100824 ----a-w- c:\windows\system32\WRusr.dll

2012-05-18 07:04 . 2012-01-20 00:41 148216 ----a-w- c:\windows\SysWow64\WRusr.dll

2012-05-18 07:04 . 2012-01-20 00:41 112720 ----a-w- c:\windows\system32\drivers\WRkrn.sys

2012-04-04 19:56 . 2012-01-19 06:25 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-03-27 21:03 . 2012-05-08 20:06 4015592 ----a-w- c:\windows\system32\drivers\RTKVHD64.sys

2012-03-20 14:47 . 2012-05-08 20:06 3608680 ----a-w- c:\windows\system32\RtkAPO64.dll

2012-03-19 23:01 . 2012-05-08 20:06 102504 ----a-w- c:\windows\system32\RCoInstII64.dll

2012-03-16 20:25 . 2012-05-08 20:06 2670696 ----a-w- c:\windows\system32\RtPgEx64.dll

2012-03-13 15:21 . 2012-05-08 20:06 1251432 ----a-w- c:\windows\system32\RTCOM64.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2009-05-05 222496]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]

"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]

"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]

"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]

"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2011-05-04 3058304]

"THX TruStudio NB Settings"="c:\program files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" [2010-09-08 905216]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]

"CPMonitor"="c:\program files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe" [2010-10-15 84464]

"FLxHCIm"="c:\program files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe" [2010-11-19 37888]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

"WRSVC"="c:\program files\Webroot\WRSA.exe" [2012-05-18 679672]

.

c:\users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-10-26 9216]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

AsusVibeLauncher.lnk - c:\program files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2011-5-4 548528]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2010-10-26 9216]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]

"NoDevMgrUpdate"= 0 (0x0)

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoDevMgrUpdate"= 0 (0x0)

.

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoDevMgrUpdate"= 0 (0x0)

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-05-04 79360]

R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-05-04 79360]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [x]

R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-04-05 158856]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]

S0 WRkrn;WRkrn;c:\windows\System32\drivers\WRkrn.sys [x]

S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]

S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2010-09-01 408576]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-21 2214504]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-21 378472]

S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]

S2 TurboBoost;Intel® Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-04-16 134928]

S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-06 2655768]

S2 VideAceWindowsService;VideAceWindowsService;c:\expressgateutil\VAWinService.exe [2010-08-21 77312]

S2 WiMAXAppSrv;Intel® PROSet/Wireless WiMAX Service;c:\program files\Intel\WiMAX\Bin\AppSrv.exe [2010-09-01 911872]

S2 WRSVC;WRSVC;c:\program files\Webroot\WRSA.exe [2012-05-18 679672]

S3 bpenum;bpenum;c:\windows\system32\DRIVERS\bpenum.sys [x]

S3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [x]

S3 bpusb;bpusb;c:\windows\system32\Drivers\bpusb.sys [x]

S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys [x]

S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [x]

S3 MEIx64;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [x]

S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IntelWirelessWiMAX"="c:\program files\Intel\WiMAX\Bin\WiMAXCU.exe" [2010-09-01 1449984]

"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]

"THXCfg64"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-03-27 12459112]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com/

mStart Page = hxxp://asus.msn.com

mLocal Page = c:\windows\SysWOW64\blank.htm

TCP: DhcpNameServer = 75.75.76.76 75.75.75.75

.

.

------- File Associations -------

.

inifile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1

JSEFile="%SystemRoot%\System32\WScript.exe" "%1" %*

txtfile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKLM-Run-CLMLServer - c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe

Wow6432Node-HKLM-Run-SessionLogon - c:\expressgateutil\SessionLogon.exe

Wow6432Node-HKLM-Run-VAWinAgent - c:\expressgateutil\VAWinAgent.exe

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

HKLM-Run-SynAsusAcpi - c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exe

HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{A8864317-E18B-4292-99D9-E6E65AB905D3}"=hex:51,66,7a,6c,4c,1d,38,12,79,40,95,

ac,b9,af,fc,07,e6,cf,a5,a6,5f,e7,41,c7

"{1CA1377B-DC1D-4A52-9585-6E06050FAC53}"=hex:51,66,7a,6c,4c,1d,38,12,15,34,b2,

18,2f,92,3c,0f,ea,93,2d,46,00,51,e8,47

"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,

94,30,02,d1,0f,f1,da,12,24,73,56,27,d2

"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,

9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d

"{BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC}"=hex:51,66,7a,6c,4c,1d,38,12,93,b9,bf,

bf,6c,b4,17,05,f4,25,43,ab,9a,4d,90,b8

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:54,d5,7d,9e,5b,37,cc,01

.

[HKEY_USERS\S-1-5-21-1637223077-1823268894-3705665849-1000\Software\SecuROM\License information*]

"datasecu"=hex:65,2a,e9,99,4b,1f,e7,73,7c,01,90,73,3d,67,3e,e8,46,19,97,65,8e,

98,aa,b1,48,1d,66,9a,e5,e2,39,06,d5,b7,c7,47,ab,a1,36,12,81,cc,82,a5,d4,0c,\

"rkeysecu"=hex:41,3a,11,b4,07,49,01,d4,17,0e,19,94,fa,38,5e,ba

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

c:\program files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe

c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe

c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe

c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe

c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe

c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

.

**************************************************************************

.

Completion time: 2012-06-07 16:48:59 - machine was rebooted

ComboFix-quarantined-files.txt 2012-06-07 20:48

.

Pre-Run: 543,536,623,616 bytes free

Post-Run: 543,282,716,672 bytes free

.

- - End Of File - - 5805335CDF234E80C93EEE1FEC579A80

Share this post


Link to post
Share on other sites

Please Update and run a Quick Scan with MBAM, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how it is, MrC

Share this post


Link to post
Share on other sites

My computer was opening applications like game launchers and such pretty slow compared to normal, bet I opened the same game launcher a few times and it got faster.. Then I opened numerous diffrent games/launchers and it seemed to get back to normal load speed. Im not sure exactly what that means.. Should I test a reboot and see how fast/slow it loads things?

Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org

Database version: v2012.06.05.06

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Dustin Bechtel :: DUSTINBECHTEL [administrator]

6/7/2012 5:03:04 PM

mbam-log-2012-06-07 (17-03-04).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 230564

Time elapsed: 2 minute(s), 12 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Share this post


Link to post
Share on other sites

Yes, reboot.

What about the redirects, are they gone??? MrC

Share this post


Link to post
Share on other sites

Okay I rebooted the computer and it loaded up normal in terms of speed. Applications are closer to normal but still a bit slow, might be the connection to internet.

The redirect problem where I couldnt hit the back page button seems work fine now. I can succesfully press the back button unhindered without it redirecting itself back to the same site im trying to leave.

Was the game minimizing when I hit R(for reload as example) and opening a "Run" program type box normal? I cant test this till I actually play some games or not.. Just wondering if it was a setting I somehow activated.

And off that last question wondering if games connection freezing up for long periods of time is normal. (Reason I ask is because I have the top connection you can buy for homes with comcast as my ISP)

Share this post


Link to post
Share on other sites
Was the game minimizing when I hit R(for reload as example) and opening a "Run" program type box normal? I cant test this till I actually play some games or not.. Just wondering if it was a setting I somehow activated.

And off that last question wondering if games connection freezing up for long periods of time is normal. (Reason I ask is because I have the top connection you can buy for homes with comcast as my ISP)

I'm really not familiar with that, you have to try it and see.

--------------------------

If it's OK...a little clean up to do:

Please Uninstall ComboFix:

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

---------------------------------

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

-----------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Share this post


Link to post
Share on other sites

Mr.C I was going in to make system restore point on my W7 and systempropertiesprotection.exe is asking to make changes to my computer when im trying to get into the System Protection tab of the system menu. What is this and why is it asking for permission to make changes ?

Share this post


Link to post
Share on other sites

If you uninstall ComboFix, that will create a new restore point, try it, MrC

Share this post


Link to post
Share on other sites

I did uninstall combofix the way you instructed it took a bit of time.. even tried to run again (ended the process) but after a bit of waiting it said combofix succesfully uninstalled. That doesnt answer what is that asking permission ? I cant seem to bypass it to just check my restore points.

Share this post


Link to post
Share on other sites

I came to the conclusion that is the normal program for windows, although im not sure why it needs permission now on every system click that requires changing.. Im hoping nothing is messed up, is that possible after combofix?

Please let me know if you have any thoughts on that..

But thanks for your time, I understand your spending your personal time to help me. It means alot to users like me.

Share this post


Link to post
Share on other sites

I have W7 but really don't use it...I mainly use XP pro.

Run RogueKiller again and post the log.............

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system (don't run any other options, they're not all bad!)

Post back the report.

MrC

Share this post


Link to post
Share on other sites

Ah, sorry I dont mean to keep sucking up your time. I see that there is a few bestbuy things in there, can I safely remove those? I made a diffrent user account with adminstrative rights because and it solved the systempropertiesprotection.exe thing. (And this Bestbuy thing post it self in my taskbar, startup and desktop, dont want that) Although I dont know how to run CMD with adminstration rights so I can do the sfc /scannow command that windows support suggest.

RogueKiller V7.5.4 [06/07/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: Dustin Bechtel [Admin rights]

Mode: Scan -- Date: 06/07/2012 19:30:02

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 6 ¤¤¤

[sUSP PATH] Best Buy pc app.lnk @Default : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> FOUND

[sUSP PATH] Best Buy pc app.lnk @Default User : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> FOUND

[sUSP PATH] Best Buy pc app.lnk @UpdatusUser : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> FOUND

[] HKCR\[...]\InprocServer32 : () -> ACCESS DENIED

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9750420AS +++++

--- User ---

[MBR] 4f4bd665ff46c263e84119abadf61f5d

[bSP] 6fe1c81a55733c3ca19f8cc11417786a : Windows 7 MBR Code

Partition table:

0 - [XXXXXX] FAT32-LBA (0x1c) [HIDDEN!] Offset (sectors): 63 | Size: 22003 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 45062325 | Size: 693400 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

Share this post


Link to post
Share on other sites

Under the Registry tab put a check next to this one and uncheck the rest

Then click delete on the right hand column:

[] HKCR\[...]\InprocServer32 : () -> ACCESS DENIED

MrC

Share this post


Link to post
Share on other sites

Why does

[] HKCR\[...]\InprocServer32 : () -> ACCESS DENIED

Not show up in the rogue killer window, but show up in the result notepad?

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  
Followers 0

  • Recently Browsing   0 members

    No registered users viewing this page.