14 replies to this topic

[whatface]

Hello,

About 3-5 days ago I noticed that spam was being sent from my email. It was also around this time when I noticed that the startup times on my computer had gotten slower. I ran a scan using Avast! and managed to remove some malware. I also scanned with Malwarebytes Anti-Malware and it couldn't find anything. However the startup times are still long so I suspect that my desktop could still be infected.

I have pasted/attached the requested logs below. Any assistance would be greatly appreicated. Thanks.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1
Run by Jason at 12:56:13 on 2012-07-29
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.61.1033.18.4094.1981 [GMT 10:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: COMODO Defense+ *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k regsvc
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\SysWOW64\conime.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB: Developer Tools: {1a6fe369-f28c-4ad9-a3e6-2bcb50807cf1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [AdobeBridge]
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
mRun: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
LSP: C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} - hxxp://nxcache.nexon.net/mabinogi/renderer/mabiweb.2010.5.03.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
TCP: Interfaces\{BF14688D-ABC9-4D80-8AEA-06B481F015F3} : NameServer = 10.11.12.1,212.159.11.150
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB-X64: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - No File
mRun-x64: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun-x64: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe
mRun-x64: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
AppInit_DLLs-X64: C:\Windows\SysWOW64\guard32.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\siuio95h.default\
FF - prefs.js: browser.startup.homepage - www.yahoo.com/
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll
FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll
FF - plugin: C:\ProgramData\id Software\QuakeLive\npquakezero.dll
FF - plugin: C:\Users\Jason\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys --> C:\Windows\system32\DRIVERS\cmdguard.sys [?]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys --> C:\Windows\system32\DRIVERS\cmdhlp.sys [?]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-5-12 44808]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-6-29 1262912]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-4-4 382272]
R2 vmci;VMware vmci;\??\C:\Windows\system32\drivers\vmci.sys --> C:\Windows\system32\drivers\vmci.sys [?]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-1-22 563760]
R2 WDBtnMgrSvc.exe;WD Drive Manager Service;C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [2009-6-26 119296]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 GEST Service;GEST Service for program management.;C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe [2009-2-12 68136]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-6-9 136176]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-7 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-9 250056]
S3 CamDrL64;Logitech QuickCam Pro 3000(PID_08B0);C:\Windows\system32\DRIVERS\CamDrL64.sys --> C:\Windows\system32\DRIVERS\CamDrL64.sys [?]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;E:\Dragon Age\bin_ship\daupdatersvc.service.exe [2009-12-16 25832]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2009-2-14 1038088]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-6-9 136176]
S3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\system32\DRIVERS\LVUSBS64.sys --> C:\Windows\system32\DRIVERS\LVUSBS64.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-27 113120]
S3 nmwcdcx64;Nokia USB Generic;C:\Windows\system32\drivers\ccdcmbox64.sys --> C:\Windows\system32\drivers\ccdcmbox64.sys [?]
S3 nmwcdx64;Nokia USB Phone Parent;C:\Windows\system32\drivers\ccdcmbx64.sys --> C:\Windows\system32\drivers\ccdcmbx64.sys [?]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-21 19968]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-12-4 89920]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-07-29 02:17:20 -------- d-----w- C:\ProgramData\Comodo
2012-07-29 02:17:05 -------- d-----w- C:\Program Files\COMODO
2012-07-29 01:06:06 -------- d-----w- C:\Users\Jason\AppData\Local\{8C330598-BC7E-47F3-AE5B-524207B2969F}
2012-07-29 01:05:56 -------- d-----w- C:\Users\Jason\AppData\Local\{A0F58596-64FD-47ED-8E1D-F48A028D45F7}
2012-07-28 04:00:02 -------- d-----w- C:\Users\Jason\AppData\Local\{AB672EE9-66E7-441D-956F-4CDC9C1DEDF1}
2012-07-28 03:59:51 -------- d-----w- C:\Users\Jason\AppData\Local\{DF3A5DA8-0F07-4C0D-A869-22ECFDCA8C4A}
2012-07-27 08:20:55 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6261DEF6-F7DC-4624-A1E5-CA0D66C2ACCB}\mpengine.dll
2012-07-27 08:16:36 -------- d-----w- C:\Users\Jason\AppData\Local\{8B687A59-4643-4D23-819D-F961243F3853}
2012-07-27 08:16:24 -------- d-----w- C:\Users\Jason\AppData\Local\{5A110C1A-9672-460F-A83D-E7966DFF8AFF}
2012-07-26 08:19:32 -------- d-----w- C:\Users\Jason\AppData\Local\{164D58B2-BC54-479E-ACCF-87E82FE68233}
2012-07-26 08:19:21 -------- d-----w- C:\Users\Jason\AppData\Local\{AC9CD2BD-74B9-44BF-BC32-68576A76D742}
2012-07-25 08:17:44 -------- d-----w- C:\Users\Jason\AppData\Local\{210936BD-BC52-465B-A90A-1BF8C3B879E2}
2012-07-25 08:17:32 -------- d-----w- C:\Users\Jason\AppData\Local\{B939E1AF-AF91-4298-897A-269A81205482}
2012-07-24 07:17:50 -------- d-----w- C:\Users\Jason\AppData\Local\{BDFF1358-CCE0-4938-A912-D1CD635E7BA9}
2012-07-24 07:17:39 -------- d-----w- C:\Users\Jason\AppData\Local\{BFED695D-AE3D-4AD2-BA0D-D3B27BB2541B}
2012-07-23 08:04:55 -------- d-----w- C:\Users\Jason\AppData\Local\{4794B32C-3191-4234-AC14-BB6D86D2B413}
2012-07-23 08:04:43 -------- d-----w- C:\Users\Jason\AppData\Local\{346C7DC2-8776-41A4-9DCE-C6746A334424}
2012-07-22 12:09:43 -------- d-----w- C:\Users\Jason\AppData\Local\{74FD8E43-D293-4BC7-A161-A90994EA1765}
2012-07-22 12:09:31 -------- d-----w- C:\Users\Jason\AppData\Local\{49609040-5864-4165-B6A0-319570C9A1F7}
2012-07-22 00:09:15 -------- d-----w- C:\Users\Jason\AppData\Local\{1226F52D-8988-478A-9059-27F5788906A8}
2012-07-22 00:08:58 -------- d-----w- C:\Users\Jason\AppData\Local\{8B7D702C-60A4-42F5-8E9C-F1B1C4BBD946}
2012-07-21 00:46:44 -------- d-----w- C:\Users\Jason\AppData\Local\{11D25D1C-B1E4-4E7E-AE44-66F2D503510D}
2012-07-21 00:46:33 -------- d-----w- C:\Users\Jason\AppData\Local\{0AD4A4E8-57B0-4D15-AD76-E8B592E93351}
2012-07-20 12:46:06 -------- d-----w- C:\Users\Jason\AppData\Local\{66B9B3A7-AE0D-4210-8186-285BFCD04CA4}
2012-07-20 12:45:53 -------- d-----w- C:\Users\Jason\AppData\Local\{FA97AA3B-EA8D-4BAC-95E2-E0D88DD7CCC9}
2012-07-20 00:45:38 -------- d-----w- C:\Users\Jason\AppData\Local\{4F54C401-62CD-44C8-9CFB-9B64DB897A34}
2012-07-20 00:45:26 -------- d-----w- C:\Users\Jason\AppData\Local\{4B2D5DD4-2595-463C-BDFB-8283354FCCF4}
2012-07-19 07:27:50 -------- d-----w- C:\Users\Jason\AppData\Local\{F71A8E0B-6A10-44F8-90C9-6E0684965488}
2012-07-19 07:27:39 -------- d-----w- C:\Users\Jason\AppData\Local\{C038F7E5-9130-49F9-9E1A-59407A937D13}
2012-07-18 08:59:40 -------- d-----w- C:\Users\Jason\AppData\Local\{4D9F6DD6-8A84-4032-9C07-88E3B33AFD26}
2012-07-18 08:59:17 -------- d-----w- C:\Users\Jason\AppData\Local\{F3840ABA-104A-4253-9F68-E5EE0F6A5248}
2012-07-17 10:01:44 -------- d-----w- C:\Users\Jason\AppData\Local\{F9D78697-F7C1-4F06-9051-9352CE5EC6BB}
2012-07-17 10:01:31 -------- d-----w- C:\Users\Jason\AppData\Local\{066A8974-3AA8-4C1C-BCE2-8DDD5A51DD3A}
2012-07-16 22:01:19 -------- d-----w- C:\Users\Jason\AppData\Local\{95F9BDB5-1FD5-4176-8C80-008085E86076}
2012-07-16 22:01:06 -------- d-----w- C:\Users\Jason\AppData\Local\{23159FEA-4F9D-4A0A-9DD8-6F2289264531}
2012-07-16 10:00:41 -------- d-----w- C:\Users\Jason\AppData\Local\{6F487267-B0F3-43B9-9606-3451C8049FEA}
2012-07-16 10:00:29 -------- d-----w- C:\Users\Jason\AppData\Local\{DBD701A7-BCA7-4E27-A511-5D5EBB749BAE}
2012-07-15 12:48:26 -------- d-----w- C:\Users\Jason\AppData\Local\{A4F4232A-6E8F-42FF-8205-7F5BB81A2B9E}
2012-07-15 12:48:13 -------- d-----w- C:\Users\Jason\AppData\Local\{D27B5768-52AF-4F85-95E6-5A229C699073}
2012-07-15 00:48:00 -------- d-----w- C:\Users\Jason\AppData\Local\{410DBC27-E598-4699-B496-94A051AABC41}
2012-07-15 00:47:49 -------- d-----w- C:\Users\Jason\AppData\Local\{C97D79CF-75AC-48AB-AD14-CA0795482715}
2012-07-14 12:47:24 -------- d-----w- C:\Users\Jason\AppData\Local\{3A23E1C7-D2FE-489A-9020-E899CA6F1DAA}
2012-07-14 12:47:13 -------- d-----w- C:\Users\Jason\AppData\Local\{BD4E662A-1A69-48CF-B7C4-EF94A67680DD}
2012-07-14 00:53:40 -------- d-----w- C:\Program Files (x86)\Microsoft XNA
2012-07-14 00:46:40 -------- d-----w- C:\Users\Jason\AppData\Local\{4A183CCC-1212-4249-B426-3DE416C1D0CE}
2012-07-14 00:46:29 -------- d-----w- C:\Users\Jason\AppData\Local\{1BC7E56B-79CF-4D90-BA14-604C0DDC2B49}
2012-07-13 09:00:57 -------- d-----w- C:\Users\Jason\AppData\Local\{5F60908C-A75C-4F26-86A7-C49DFA18061E}
2012-07-13 09:00:45 -------- d-----w- C:\Users\Jason\AppData\Local\{7D09ECF8-FEA4-4772-9704-E32E55CDBFCD}
2012-07-12 09:34:34 2769408 ----a-w- C:\Windows\System32\win32k.sys
2012-07-12 08:52:58 974848 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
2012-07-12 08:52:56 708608 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll
2012-07-12 08:52:22 1797120 ----a-w- C:\Windows\System32\msxml6.dll
2012-07-12 08:52:21 1869824 ----a-w- C:\Windows\System32\msxml3.dll
2012-07-12 08:52:21 1401856 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-07-12 08:52:21 1248768 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-07-12 08:51:48 516480 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-07-12 08:51:48 347136 ----a-w- C:\Windows\System32\schannel.dll
2012-07-12 08:51:48 278528 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-07-12 08:51:48 254464 ----a-w- C:\Windows\System32\ncrypt.dll
2012-07-12 08:51:48 204288 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-07-12 08:51:47 77312 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-07-12 08:42:56 -------- d-----w- C:\Users\Jason\AppData\Local\{127915E5-9F1F-4E3C-879C-7419C59CB0F6}
2012-07-12 08:42:43 -------- d-----w- C:\Users\Jason\AppData\Local\{8FBC14BC-B5AE-4C86-B5CF-9D8242008091}
2012-07-11 11:43:28 -------- d-----w- C:\Users\Jason\AppData\Local\{C1ED80A8-FF5A-4D0C-97F4-DE53D7FD842B}
2012-07-11 11:43:17 -------- d-----w- C:\Users\Jason\AppData\Local\{8354C3D3-46BA-4779-BEE0-D1F6FA9789EA}
2012-07-10 10:21:07 -------- d-----w- C:\af3e8974be320ed59df12484a71aa964
2012-07-10 10:15:39 -------- d-----w- C:\Users\Jason\AppData\Local\{596D0C97-672B-439C-8414-6996877B48F2}
2012-07-10 10:15:28 -------- d-----w- C:\Users\Jason\AppData\Local\{04585D03-5FBD-46DE-B8A7-D9D236589791}
2012-07-09 11:00:31 -------- d-----w- C:\Users\Jason\AppData\Local\{05A89411-1A35-49F8-8A79-418EACEA7F30}
2012-07-09 11:00:20 -------- d-----w- C:\Users\Jason\AppData\Local\{7CCA2F3D-DC3F-4C5D-AFF8-741152FE2A13}
2012-07-08 11:35:47 -------- d-----w- C:\Users\Jason\AppData\Local\{3CD08E61-5AE1-48A5-94EC-4C4F8AAFEF1D}
2012-07-08 11:35:35 -------- d-----w- C:\Users\Jason\AppData\Local\{C571DEA5-9D9A-4B44-A1A6-BA6DC06AFBF5}
2012-07-08 04:16:17 -------- d-----w- C:\Users\Jason\AppData\Local\etax2012
2012-07-08 04:14:57 -------- d-----w- C:\Program Files (x86)\etax2012
2012-07-07 23:35:23 -------- d-----w- C:\Users\Jason\AppData\Local\{F2D9691E-F109-4232-B14D-EAA0F3F351B0}
2012-07-07 23:35:11 -------- d-----w- C:\Users\Jason\AppData\Local\{29B3EC29-635B-4E79-93F8-5A36816C13CF}
2012-07-07 02:12:30 -------- d-----w- C:\Users\Jason\AppData\Local\{92B16EF3-E38B-44F4-BA67-8FFB9B82C04C}
2012-07-07 02:12:10 -------- d-----w- C:\Users\Jason\AppData\Local\{BA5E4680-424D-4D0A-B50C-855D3566148C}
2012-07-06 09:59:35 -------- d-----w- C:\Users\Jason\AppData\Local\{5AEDA521-195E-411C-A69E-BA6BC93E04DF}
2012-07-06 09:59:23 -------- d-----w- C:\Users\Jason\AppData\Local\{EA7A2900-E38E-4E90-8ED1-00F66F5FEA7D}
2012-07-05 10:00:39 -------- d-----w- C:\Users\Jason\AppData\Local\{5E353423-7E25-47D6-91F5-3F2EF14768E2}
2012-07-05 10:00:28 -------- d-----w- C:\Users\Jason\AppData\Local\{3E1BE410-A396-46F3-806D-1F0E048A4E35}
2012-07-04 08:57:19 -------- d-----w- C:\Users\Jason\AppData\Local\{F01E0919-CDF9-4A0B-A676-97892A844C2D}
2012-07-04 08:57:02 -------- d-----w- C:\Users\Jason\AppData\Local\{84CDA704-C789-4843-9689-C0C0B9408EE3}
2012-07-03 09:29:02 -------- d-----w- C:\Users\Jason\AppData\Local\{0EF56292-BEEB-487B-929D-0CCFA3C62C14}
2012-07-03 09:28:51 -------- d-----w- C:\Users\Jason\AppData\Local\{BE94AFDC-F339-41C1-AF50-D08605A8C014}
2012-07-02 09:31:56 -------- d-----w- C:\Users\Jason\AppData\Local\{C583E280-497F-46C7-A527-90F86A39DAFC}
2012-07-02 09:31:42 -------- d-----w- C:\Users\Jason\AppData\Local\{C3568691-FDF0-4896-9B19-5F7A5BB8C71C}
2012-07-01 01:07:37 -------- d-----w- C:\Users\Jason\AppData\Local\{4966E160-0AEC-4124-9A00-4A0E414F5165}
2012-07-01 01:07:25 -------- d-----w- C:\Users\Jason\AppData\Local\{0E3CBCBA-B30B-481B-9823-44903190A2D3}
2012-06-30 11:37:55 -------- d-----w- C:\Users\Jason\AppData\Local\{2C6E00FF-4863-4359-A626-F223F2667634}
2012-06-30 11:37:44 -------- d-----w- C:\Users\Jason\AppData\Local\{5DB5994A-AB24-43EC-B0A8-C0B6450D2329}
2012-06-29 23:37:03 -------- d-----w- C:\Users\Jason\AppData\Local\{F357AD00-C196-4E7F-8EC5-85086563EA8F}
2012-06-29 23:36:51 -------- d-----w- C:\Users\Jason\AppData\Local\{66AD6E9F-BDC8-4A0D-9F20-D780FB1484FF}
2012-06-29 09:56:18 889664 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-06-29 09:56:18 63296 ----a-w- C:\Windows\System32\nvshext.dll
2012-06-29 09:56:18 3149632 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-06-29 09:56:17 6122816 ----a-w- C:\Windows\System32\nvcpl.dll
2012-06-29 09:56:17 118080 ----a-w- C:\Windows\System32\nvmctray.dll
2012-06-29 09:54:38 68928 ----a-w- C:\Windows\System32\OpenCL.dll
2012-06-29 09:54:38 61248 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2012-06-29 09:54:27 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2012-06-29 09:48:56 -------- d-----w- C:\Users\Jason\AppData\Local\{15FC832F-5433-4127-BECB-9D45440F5877}
2012-06-29 09:48:26 -------- d-----w- C:\Users\Jason\AppData\Local\{4338123B-817E-4A2D-A2D7-7CDD7E8BF197}
.
==================== Find3M ====================
.
2012-07-29 02:23:19 24072 ----a-w- C:\Windows\gdrv.sys
2012-07-27 13:17:43 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-27 13:17:43 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-03 16:21:52 958400 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-07-03 16:21:52 71064 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-07-03 16:21:32 41224 ----a-w- C:\Windows\avastSS.scr
2012-07-03 03:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-30 05:17:38 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-06-30 05:17:38 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 22:12:13 88576 ----a-w- C:\Windows\SysWow64\wudriver.dll
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 05:19:42 171904 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2012-06-02 05:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 05:12:20 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe
2012-05-31 02:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-05-01 14:29:44 209920 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
.
============= FINISH: 12:56:56.34 ===============

Attached Files

•  Attach.txt   17.76K   8 downloads

[MrCharlie]

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

[whatface]

Here is the report as requested:

RogueKiller V7.6.4 [07/17/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User: Jason [Admin rights]
Mode: Scan -- Date: 07/31/2012 18:21:01

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 7 ¤¤¤
[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{BF14688D-ABC9-4D80-8AEA-06B481F015F3} : NameServer (10.11.12.1,212.159.11.150) -> FOUND
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{BF14688D-ABC9-4D80-8AEA-06B481F015F3} : NameServer (10.11.12.1,212.159.11.150) -> FOUND
[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{BF14688D-ABC9-4D80-8AEA-06B481F015F3} : NameServer (10.11.12.1,212.159.11.150) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowRun (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD800BB-75FJA1 ATA Device +++++
--- User ---
[MBR] bf781d186d76378c2d9af9f64032a413
[BSP] f0531316a6163d16f4ba254ab3fe3bf4 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 80325 | Size: 76253 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: SAMSUNG SP2014N ATA Device +++++
--- User ---
[MBR] 56b825a85331379820885d2c2d8e1a1f
[BSP] a1234a9bb8e65a9ffc3a7188a433490d : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 190779 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: ST31000333AS ATA Device +++++
--- User ---
[MBR] 1786bb8d94b607d97d0774ae9ce05473
[BSP] 23d364e7a25b0f97d8028aeb5f648622 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953866 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive3: ST31000333AS ATA Device +++++
--- User ---
[MBR] 7de9077362275d50f9ec724b1e3f3b9c
[BSP] cde988cbde45292da386da5a14c8f75c : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt

[MrCharlie]

Not much showing, lets run some scans..........

Please make sure system restore is running and create a new restore point before continuing.
XP <===> Vista & W7

XP users > please back up the registry using ERUNT.

-----------------------------------------

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.



-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.



------------------------

Click the Start Scan button.



-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue




----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.





--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

[whatface]

Thank you for your continued support MrCharlie. I have scanned and pasted the report below:

22:38:33.0424 3228 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
22:38:34.0515 3228 ============================================================
22:38:34.0515 3228 Current date / time: 2012/07/31 22:38:34.0515
22:38:34.0515 3228 SystemInfo:
22:38:34.0515 3228
22:38:34.0515 3228 OS Version: 6.0.6002 ServicePack: 2.0
22:38:34.0515 3228 Product type: Workstation
22:38:34.0515 3228 ComputerName: JASON-PC
22:38:34.0516 3228 UserName: Jason
22:38:34.0516 3228 Windows directory: C:\Windows
22:38:34.0516 3228 System windows directory: C:\Windows
22:38:34.0516 3228 Running under WOW64
22:38:34.0516 3228 Processor architecture: Intel x64
22:38:34.0516 3228 Number of processors: 4
22:38:34.0516 3228 Page size: 0x1000
22:38:34.0516 3228 Boot type: Normal boot
22:38:34.0516 3228 ============================================================
22:38:36.0443 3228 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:38:36.0444 3228 Drive \Device\Harddisk1\DR1 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:38:36.0470 3228 Drive \Device\Harddisk2\DR2 - Size: 0xE8E0CADE00 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:38:36.0510 3228 Drive \Device\Harddisk3\DR3 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:38:36.0549 3228 ============================================================
22:38:36.0549 3228 \Device\Harddisk0\DR0:
22:38:36.0549 3228 MBR partitions:
22:38:36.0549 3228 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x94EEEB9
22:38:36.0549 3228 \Device\Harddisk1\DR1:
22:38:36.0549 3228 MBR partitions:
22:38:36.0549 3228 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1749DD82
22:38:36.0549 3228 \Device\Harddisk2\DR2:
22:38:36.0549 3228 MBR partitions:
22:38:36.0549 3228 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705000
22:38:36.0549 3228 \Device\Harddisk3\DR3:
22:38:36.0549 3228 MBR partitions:
22:38:36.0549 3228 \Device\Harddisk3\DR3\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
22:38:36.0549 3228 ============================================================
22:38:36.0598 3228 C: <-> \Device\Harddisk2\DR2\Partition0
22:38:36.0649 3228 F: <-> \Device\Harddisk0\DR0\Partition0
22:38:36.0795 3228 E: <-> \Device\Harddisk3\DR3\Partition0
22:38:36.0915 3228 G: <-> \Device\Harddisk1\DR1\Partition0
22:38:36.0916 3228 ============================================================
22:38:36.0916 3228 Initialize success
22:38:36.0916 3228 ============================================================
22:39:14.0876 5952 ============================================================
22:39:14.0876 5952 Scan started
22:39:14.0876 5952 Mode: Manual; SigCheck; TDLFS;
22:39:14.0876 5952 ============================================================
22:39:16.0172 5952 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
22:39:16.0461 5952 ACPI - ok
22:39:16.0516 5952 adfs (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys
22:39:16.0545 5952 adfs - ok
22:39:16.0688 5952 AdobeFlashPlayerUpdateSvc (6c40d5ed8951ab7b90d08af655224ee4) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:39:16.0707 5952 AdobeFlashPlayerUpdateSvc - ok
22:39:16.0780 5952 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
22:39:16.0810 5952 adp94xx - ok
22:39:16.0837 5952 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
22:39:16.0862 5952 adpahci - ok
22:39:16.0892 5952 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
22:39:16.0912 5952 adpu160m - ok
22:39:16.0930 5952 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
22:39:16.0951 5952 adpu320 - ok
22:39:16.0999 5952 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll
22:39:17.0135 5952 AeLookupSvc - ok
22:39:17.0186 5952 AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys
22:39:17.0241 5952 AFD - ok
22:39:17.0302 5952 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
22:39:17.0321 5952 agp440 - ok
22:39:17.0371 5952 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
22:39:17.0392 5952 aic78xx - ok
22:39:17.0403 5952 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe
22:39:17.0461 5952 ALG - ok
22:39:17.0478 5952 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
22:39:17.0495 5952 aliide - ok
22:39:17.0503 5952 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
22:39:17.0521 5952 amdide - ok
22:39:17.0562 5952 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
22:39:17.0608 5952 AmdK8 - ok
22:39:17.0651 5952 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll
22:39:17.0691 5952 Appinfo - ok
22:39:17.0803 5952 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:39:17.0814 5952 Apple Mobile Device - ok
22:39:17.0833 5952 AppMgmt (3da98c07b18a676180fe7eed924d1673) C:\Windows\System32\appmgmts.dll
22:39:17.0909 5952 AppMgmt - ok
22:39:17.0928 5952 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
22:39:17.0948 5952 arc - ok
22:39:17.0957 5952 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
22:39:17.0977 5952 arcsas - ok
22:39:18.0086 5952 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
22:39:18.0106 5952 aspnet_state - ok
22:39:18.0153 5952 aswFsBlk (df59b8e8df0bd2e0e303778a3806a17d) C:\Windows\system32\drivers\aswFsBlk.sys
22:39:18.0170 5952 aswFsBlk - ok
22:39:18.0232 5952 aswMonFlt (f8e6ab4f876feff69250f2e0c29ef004) C:\Windows\system32\drivers\aswMonFlt.sys
22:39:18.0249 5952 aswMonFlt - ok
22:39:18.0298 5952 aswRdr (8047968ed077344c10b3bb81643f4c79) C:\Windows\system32\drivers\aswRdr.sys
22:39:18.0314 5952 aswRdr - ok
22:39:18.0383 5952 aswSnx (f06e230e1e8ca9437a6474b7b551cd37) C:\Windows\system32\drivers\aswSnx.sys
22:39:18.0438 5952 aswSnx - ok
22:39:18.0462 5952 aswSP (3610ca74a69e380424f0452dec5c1317) C:\Windows\system32\drivers\aswSP.sys
22:39:18.0508 5952 aswSP - ok
22:39:18.0534 5952 aswTdi (87de3e31cb0091d22351349869324065) C:\Windows\system32\drivers\aswTdi.sys
22:39:18.0551 5952 aswTdi - ok
22:39:18.0567 5952 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
22:39:18.0636 5952 AsyncMac - ok
22:39:18.0669 5952 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
22:39:18.0687 5952 atapi - ok
22:39:18.0762 5952 atksgt (fc0e8778c000291caf60eb88c011e931) C:\Windows\system32\DRIVERS\atksgt.sys
22:39:18.0784 5952 atksgt - ok
22:39:18.0848 5952 AudioEndpointBuilder (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
22:39:18.0916 5952 AudioEndpointBuilder - ok
22:39:18.0921 5952 AudioSrv (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
22:39:18.0958 5952 AudioSrv - ok
22:39:19.0026 5952 avast! Antivirus (2f7c0f3e39c45e0127fb78b2f18a41f3) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
22:39:19.0042 5952 avast! Antivirus - ok
22:39:19.0110 5952 BFE (ffb96c2589ffa60473ead78b39fbde29) C:\Windows\System32\bfe.dll
22:39:19.0217 5952 BFE - ok
22:39:19.0291 5952 BITS (6d316f4859634071cc25c4fd4589ad2c) C:\Windows\System32\qmgr.dll
22:39:19.0399 5952 BITS - ok
22:39:19.0452 5952 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
22:39:19.0493 5952 blbdrive - ok
22:39:19.0550 5952 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
22:39:19.0577 5952 Bonjour Service - ok
22:39:19.0626 5952 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
22:39:19.0664 5952 bowser - ok
22:39:19.0692 5952 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
22:39:19.0744 5952 BrFiltLo - ok
22:39:19.0766 5952 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
22:39:19.0817 5952 BrFiltUp - ok
22:39:19.0863 5952 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll
22:39:19.0917 5952 Browser - ok
22:39:19.0967 5952 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
22:39:20.0037 5952 Brserid - ok
22:39:20.0056 5952 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
22:39:20.0113 5952 BrSerWdm - ok
22:39:20.0133 5952 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
22:39:20.0201 5952 BrUsbMdm - ok
22:39:20.0228 5952 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
22:39:20.0293 5952 BrUsbSer - ok
22:39:20.0321 5952 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
22:39:20.0376 5952 BTHMODEM - ok
22:39:21.0026 5952 CamDrL64 (6e1641724439e18ce55adee2d347aa19) C:\Windows\system32\DRIVERS\CamDrL64.sys
22:39:21.0092 5952 CamDrL64 - ok
22:39:21.0115 5952 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
22:39:21.0164 5952 cdfs - ok
22:39:21.0225 5952 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
22:39:21.0301 5952 cdrom - ok
22:39:21.0353 5952 CertPropSvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
22:39:21.0408 5952 CertPropSvc - ok
22:39:21.0440 5952 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
22:39:21.0519 5952 circlass - ok
22:39:21.0564 5952 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
22:39:21.0610 5952 CLFS - ok
22:39:21.0693 5952 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:39:21.0715 5952 clr_optimization_v2.0.50727_32 - ok
22:39:21.0782 5952 clr_optimization_v2.0.50727_64 (ce07a466201096f021cd09d631b21540) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:39:21.0800 5952 clr_optimization_v2.0.50727_64 - ok
22:39:21.0870 5952 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:39:21.0913 5952 clr_optimization_v4.0.30319_32 - ok
22:39:21.0950 5952 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:39:21.0980 5952 clr_optimization_v4.0.30319_64 - ok
22:39:22.0197 5952 cmdAgent (cee48ccc4d561ddb19c72f9fb55d28d5) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
22:39:22.0267 5952 cmdAgent - ok
22:39:22.0403 5952 cmdGuard (98e9ac5f001ab92fd05de5db04621fea) C:\Windows\system32\DRIVERS\cmdguard.sys
22:39:22.0422 5952 cmdGuard - ok
22:39:22.0435 5952 cmdHlp (ba0e1a71d4a05f5dcdbce2070b934b5a) C:\Windows\system32\DRIVERS\cmdhlp.sys
22:39:22.0447 5952 cmdHlp - ok
22:39:22.0473 5952 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
22:39:22.0485 5952 cmdide - ok
22:39:22.0508 5952 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
22:39:22.0521 5952 Compbatt - ok
22:39:22.0523 5952 COMSysApp - ok
22:39:22.0528 5952 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
22:39:22.0541 5952 crcdisk - ok
22:39:22.0608 5952 CryptSvc (62740b9d2a137e8ced41a9e4239a7a31) C:\Windows\system32\cryptsvc.dll
22:39:22.0672 5952 CryptSvc - ok
22:39:22.0732 5952 CSC (f60f50c8ed3fcbe358430b95fe27d09c) C:\Windows\system32\drivers\csc.sys
22:39:22.0789 5952 CSC - ok
22:39:22.0860 5952 CscService (1b5f256d31836ed2ba60b3a6c800200c) C:\Windows\System32\cscsvc.dll
22:39:22.0923 5952 CscService - ok
22:39:23.0028 5952 DAUpdaterSvc (914a7156b0c0f10be645a02e13f576b2) E:\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
22:39:23.0046 5952 DAUpdaterSvc - ok
22:39:23.0113 5952 DcomLaunch (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
22:39:23.0206 5952 DcomLaunch - ok
22:39:23.0277 5952 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
22:39:23.0316 5952 DfsC - ok
22:39:23.0427 5952 DFSR (c647f468f7de343df8c143655c5557d4) C:\Windows\system32\DFSR.exe
22:39:23.0578 5952 DFSR - ok
22:39:23.0702 5952 Dhcp (3ed0321127ce70acdaabbf77e157c2a7) C:\Windows\System32\dhcpcsvc.dll
22:39:23.0753 5952 Dhcp - ok
22:39:23.0798 5952 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
22:39:23.0818 5952 disk - ok
22:39:23.0876 5952 Dnscache (06230f1b721494a6df8d47fd395bb1b0) C:\Windows\System32\dnsrslvr.dll
22:39:23.0937 5952 Dnscache - ok
22:39:23.0972 5952 dot3svc (1a7156dd1e850e9914e5e991e3225b94) C:\Windows\System32\dot3svc.dll
22:39:24.0024 5952 dot3svc - ok
22:39:24.0071 5952 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll
22:39:24.0136 5952 DPS - ok
22:39:24.0184 5952 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
22:39:24.0231 5952 drmkaud - ok
22:39:24.0258 5952 dump_wmimmc - ok
22:39:24.0336 5952 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
22:39:24.0379 5952 DXGKrnl - ok
22:39:24.0412 5952 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
22:39:24.0469 5952 E1G60 - ok
22:39:24.0484 5952 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll
22:39:24.0549 5952 EapHost - ok
22:39:24.0611 5952 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
22:39:24.0633 5952 Ecache - ok
22:39:24.0688 5952 ehRecvr (14ce384d2e27b64c256bda4dc39c312d) C:\Windows\ehome\ehRecvr.exe
22:39:24.0737 5952 ehRecvr - ok
22:39:24.0767 5952 ehSched (b93159c1313d66fdfbbe876f5189cd52) C:\Windows\ehome\ehsched.exe
22:39:24.0817 5952 ehSched - ok
22:39:24.0833 5952 ehstart (f5ee2527d74449868e3c3227a59bcd28) C:\Windows\ehome\ehstart.dll
22:39:24.0873 5952 ehstart - ok
22:39:24.0899 5952 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
22:39:24.0926 5952 elxstor - ok
22:39:24.0976 5952 EMDMgmt (a9b18b63a4fd6baab83326706d857fab) C:\Windows\system32\emdmgmt.dll
22:39:25.0040 5952 EMDMgmt - ok
22:39:25.0057 5952 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
22:39:25.0117 5952 ErrDev - ok
22:39:25.0178 5952 EventSystem (e12f22b73f153dece721cd45ec05b4af) C:\Windows\system32\es.dll
22:39:25.0232 5952 EventSystem - ok
22:39:25.0271 5952 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
22:39:25.0289 5952 exfat - ok
22:39:25.0313 5952 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
22:39:25.0363 5952 fastfat - ok
22:39:25.0411 5952 Fax (989a776a2ff32a148fcf15c44058b129) C:\Windows\system32\fxssvc.exe
22:39:25.0454 5952 Fax - ok
22:39:25.0474 5952 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
22:39:25.0520 5952 fdc - ok
22:39:25.0527 5952 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll
22:39:25.0577 5952 fdPHost - ok
22:39:25.0584 5952 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll
22:39:25.0653 5952 FDResPub - ok
22:39:25.0660 5952 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
22:39:25.0673 5952 FileInfo - ok
22:39:25.0692 5952 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
22:39:25.0743 5952 Filetrace - ok
22:39:25.0821 5952 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
22:39:25.0858 5952 FLEXnet Licensing Service - ok
22:39:25.0954 5952 FLEXnet Licensing Service 64 (1c3fb052a0bb72edaed90785c34d6eed) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
22:39:25.0992 5952 FLEXnet Licensing Service 64 - ok
22:39:26.0077 5952 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
22:39:26.0118 5952 flpydisk - ok
22:39:26.0158 5952 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
22:39:26.0182 5952 FltMgr - ok
22:39:26.0291 5952 FontCache (be1c5bd1ca7ed015bc6fa1ae67e592c8) C:\Windows\system32\FntCache.dll
22:39:26.0365 5952 FontCache - ok
22:39:26.0438 5952 FontCache3.0.0.0 (bc5b0be5af3510b0fd8c140ee42c6d3e) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:39:26.0455 5952 FontCache3.0.0.0 - ok
22:39:26.0478 5952 Fs_Rec (5779b86cd8b32519fbecb136394d946a) C:\Windows\system32\drivers\Fs_Rec.sys
22:39:26.0517 5952 Fs_Rec - ok
22:39:26.0564 5952 FTDIBUS (ed07200cff78facfb66ebb0b89f503a4) C:\Windows\system32\drivers\ftdibus.sys
22:39:26.0580 5952 FTDIBUS - ok
22:39:26.0593 5952 FTSER2K (9980e7584484a009e77e9bfa14c0c18a) C:\Windows\system32\drivers\ftser2k.sys
22:39:26.0609 5952 FTSER2K - ok
22:39:26.0634 5952 fvevol (849e38db7d829962d0233a0a252b60c3) C:\Windows\system32\DRIVERS\fvevol.sys
22:39:26.0656 5952 fvevol - ok
22:39:26.0682 5952 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
22:39:26.0722 5952 gagp30kx - ok
22:39:26.0754 5952 gdrv (6275303610285b57361f03a375062fba) C:\Windows\gdrv.sys
22:39:26.0770 5952 gdrv - ok
22:39:26.0811 5952 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:39:26.0825 5952 GEARAspiWDM - ok
22:39:26.0888 5952 GEST Service (20438b962021f0ea729020ed5a148d4c) C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe
22:39:26.0904 5952 GEST Service - ok
22:39:26.0963 5952 gpsvc (a0e1b575ba8f504968cd40c0faeb2384) C:\Windows\System32\gpsvc.dll
22:39:27.0027 5952 gpsvc - ok
22:39:27.0099 5952 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:39:27.0131 5952 gupdate - ok
22:39:27.0148 5952 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:39:27.0164 5952 gupdatem - ok
22:39:27.0202 5952 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
22:39:27.0221 5952 gusvc - ok
22:39:27.0275 5952 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
22:39:27.0293 5952 hamachi - ok
22:39:27.0326 5952 hcmon (b93b24f258441820e575c7983ba47313) C:\Windows\system32\drivers\hcmon.sys
22:39:27.0341 5952 hcmon - ok
22:39:27.0410 5952 HdAudAddService (68e732382b32417ff61fd663259b4b09) C:\Windows\system32\drivers\HdAudio.sys
22:39:27.0436 5952 HdAudAddService - ok
22:39:27.0488 5952 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
22:39:27.0561 5952 HDAudBus - ok
22:39:27.0590 5952 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
22:39:27.0650 5952 HidBth - ok
22:39:27.0659 5952 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
22:39:27.0724 5952 HidIr - ok
22:39:27.0771 5952 hidserv (59361d38a297755d46a540e450202b2a) C:\Windows\system32\hidserv.dll
22:39:27.0827 5952 hidserv - ok
22:39:27.0849 5952 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
22:39:27.0888 5952 HidUsb - ok
22:39:27.0915 5952 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll
22:39:27.0962 5952 hkmsvc - ok
22:39:27.0997 5952 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
22:39:28.0010 5952 HpCISSs - ok
22:39:28.0057 5952 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
22:39:28.0132 5952 HTTP - ok
22:39:28.0145 5952 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
22:39:28.0163 5952 i2omp - ok
22:39:28.0187 5952 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
22:39:28.0220 5952 i8042prt - ok
22:39:28.0243 5952 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
22:39:28.0266 5952 iaStorV - ok
22:39:28.0392 5952 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
22:39:28.0422 5952 IDriverT ( UnsignedFile.Multi.Generic ) - warning
22:39:28.0422 5952 IDriverT - detected UnsignedFile.Multi.Generic (1)
22:39:28.0494 5952 idsvc (749f5f8cedca70f2a512945325fc489d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:39:28.0549 5952 idsvc - ok
22:39:28.0589 5952 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
22:39:28.0606 5952 iirsp - ok
22:39:28.0650 5952 IKEEXT (0c9ea6e654e7b0471741e343a6c671af) C:\Windows\System32\ikeext.dll
22:39:28.0712 5952 IKEEXT - ok
22:39:28.0761 5952 inspect (1d942e294a72a2a9ec527b327ae4f4bd) C:\Windows\system32\DRIVERS\inspect.sys
22:39:28.0777 5952 inspect - ok
22:39:28.0866 5952 IntcAzAudAddService (4630ad36cbfe2c5f4d96d95be7597585) C:\Windows\system32\drivers\RTKVHD64.sys
22:39:28.0937 5952 IntcAzAudAddService - ok
22:39:29.0033 5952 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
22:39:29.0051 5952 intelide - ok
22:39:29.0075 5952 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
22:39:29.0115 5952 intelppm - ok
22:39:29.0142 5952 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll
22:39:29.0213 5952 IPBusEnum - ok
22:39:29.0263 5952 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:39:29.0307 5952 IpFilterDriver - ok
22:39:29.0335 5952 iphlpsvc (bf0dbfa9792c5c14fa00f61c75116c1b) C:\Windows\System32\iphlpsvc.dll
22:39:29.0376 5952 iphlpsvc - ok
22:39:29.0379 5952 IpInIp - ok
22:39:29.0413 5952 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
22:39:29.0472 5952 IPMIDRV - ok
22:39:29.0498 5952 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
22:39:29.0556 5952 IPNAT - ok
22:39:29.0667 5952 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe
22:39:29.0706 5952 iPod Service - ok
22:39:29.0727 5952 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
22:39:29.0761 5952 IRENUM - ok
22:39:29.0798 5952 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
22:39:29.0811 5952 isapnp - ok
22:39:29.0831 5952 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
22:39:29.0862 5952 iScsiPrt - ok
22:39:29.0877 5952 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
22:39:29.0890 5952 iteatapi - ok
22:39:29.0921 5952 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
22:39:29.0934 5952 iteraid - ok
22:39:29.0958 5952 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
22:39:29.0971 5952 kbdclass - ok
22:39:29.0995 5952 kbdhid (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\drivers\kbdhid.sys
22:39:30.0054 5952 kbdhid - ok
22:39:30.0083 5952 KeyIso (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
22:39:30.0127 5952 KeyIso - ok
22:39:30.0176 5952 KSecDD (88956ad9fa510848ad176777a6c6c1f5) C:\Windows\system32\Drivers\ksecdd.sys
22:39:30.0206 5952 KSecDD - ok
22:39:30.0229 5952 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
22:39:30.0271 5952 ksthunk - ok
22:39:30.0299 5952 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll
22:39:30.0370 5952 KtmRm - ok
22:39:30.0422 5952 LanmanServer (50c7a3cb427e9bb5ed0708a669956ab5) C:\Windows\system32\srvsvc.dll
22:39:30.0464 5952 LanmanServer - ok
22:39:30.0525 5952 LanmanWorkstation (caf86fc1388be1e470f1a7b43e348adb) C:\Windows\System32\wkssvc.dll
22:39:30.0579 5952 LanmanWorkstation - ok
22:39:30.0638 5952 lirsgt (156ab2e56dc3ca0b582e3362e07cded7) C:\Windows\system32\DRIVERS\lirsgt.sys
22:39:30.0654 5952 lirsgt - ok
22:39:30.0666 5952 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
22:39:30.0715 5952 lltdio - ok
22:39:30.0749 5952 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll
22:39:30.0808 5952 lltdsvc - ok
22:39:30.0827 5952 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll
22:39:30.0869 5952 lmhosts - ok
22:39:30.0895 5952 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
22:39:30.0915 5952 LSI_FC - ok
22:39:30.0940 5952 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
22:39:30.0959 5952 LSI_SAS - ok
22:39:31.0001 5952 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
22:39:31.0023 5952 LSI_SCSI - ok
22:39:31.0048 5952 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
22:39:31.0110 5952 luafv - ok
22:39:31.0157 5952 LVUSBS64 (9761370ffb533cf6e4a7176f4baa3ba9) C:\Windows\system32\DRIVERS\LVUSBS64.sys
22:39:31.0173 5952 LVUSBS64 - ok
22:39:31.0201 5952 Mcx2Svc (76a58df02bd4ea29f189b82d0bef17f8) C:\Windows\system32\Mcx2Svc.dll
22:39:31.0262 5952 Mcx2Svc - ok
22:39:31.0295 5952 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
22:39:31.0313 5952 megasas - ok
22:39:31.0343 5952 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
22:39:31.0372 5952 MegaSR - ok
22:39:31.0396 5952 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
22:39:31.0440 5952 MMCSS - ok
22:39:31.0463 5952 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
22:39:31.0513 5952 Modem - ok
22:39:31.0551 5952 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
22:39:31.0607 5952 monitor - ok
22:39:31.0631 5952 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
22:39:31.0651 5952 mouclass - ok
22:39:31.0699 5952 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
22:39:31.0761 5952 mouhid - ok
22:39:31.0770 5952 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
22:39:31.0789 5952 MountMgr - ok
22:39:31.0910 5952 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:39:31.0929 5952 MozillaMaintenance - ok
22:39:31.0977 5952 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
22:39:31.0997 5952 mpio - ok
22:39:32.0013 5952 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
22:39:32.0046 5952 mpsdrv - ok
22:39:32.0099 5952 MpsSvc (897e3baf68ba406a61682ae39c83900c) C:\Windows\system32\mpssvc.dll
22:39:32.0175 5952 MpsSvc - ok
22:39:32.0188 5952 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
22:39:32.0205 5952 Mraid35x - ok
22:39:32.0228 5952 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
22:39:32.0258 5952 MRxDAV - ok
22:39:32.0296 5952 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:39:32.0329 5952 mrxsmb - ok
22:39:32.0358 5952 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:39:32.0410 5952 mrxsmb10 - ok
22:39:32.0433 5952 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:39:32.0466 5952 mrxsmb20 - ok
22:39:32.0479 5952 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
22:39:32.0497 5952 msahci - ok
22:39:32.0523 5952 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
22:39:32.0544 5952 msdsm - ok
22:39:32.0582 5952 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe
22:39:32.0628 5952 MSDTC - ok
22:39:32.0652 5952 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
22:39:32.0683 5952 Msfs - ok
22:39:32.0730 5952 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
22:39:32.0742 5952 msisadrv - ok
22:39:32.0776 5952 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll
22:39:32.0826 5952 MSiSCSI - ok
22:39:32.0829 5952 msiserver - ok
22:39:32.0869 5952 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
22:39:32.0905 5952 MSKSSRV - ok
22:39:32.0917 5952 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
22:39:32.0959 5952 MSPCLOCK - ok
22:39:32.0977 5952 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
22:39:33.0025 5952 MSPQM - ok
22:39:33.0062 5952 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
22:39:33.0080 5952 MsRPC - ok
22:39:33.0085 5952 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
22:39:33.0098 5952 mssmbios - ok
22:39:33.0138 5952 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
22:39:33.0213 5952 MSTEE - ok
22:39:33.0233 5952 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
22:39:33.0251 5952 Mup - ok
22:39:33.0293 5952 napagent (a5b10c845e7538c60c0f5d87a57cb3f5) C:\Windows\system32\qagentRT.dll
22:39:33.0345 5952 napagent - ok
22:39:33.0401 5952 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
22:39:33.0420 5952 NativeWifiP - ok
22:39:33.0532 5952 NBService (87a00faedd703d8d2bdcb29ce5eeea6b) C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
22:39:33.0598 5952 NBService ( UnsignedFile.Multi.Generic ) - warning
22:39:33.0598 5952 NBService - detected UnsignedFile.Multi.Generic (1)
22:39:33.0650 5952 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
22:39:33.0685 5952 NDIS - ok
22:39:33.0709 5952 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
22:39:33.0741 5952 NdisTapi - ok
22:39:33.0763 5952 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
22:39:33.0813 5952 Ndisuio - ok
22:39:33.0850 5952 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
22:39:33.0895 5952 NdisWan - ok
22:39:33.0907 5952 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
22:39:33.0939 5952 NDProxy - ok
22:39:33.0946 5952 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
22:39:34.0004 5952 NetBIOS - ok
22:39:34.0030 5952 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
22:39:34.0066 5952 netbt - ok
22:39:34.0075 5952 Netlogon (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
22:39:34.0118 5952 Netlogon - ok
22:39:34.0165 5952 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll
22:39:34.0226 5952 Netman - ok
22:39:34.0318 5952 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:39:34.0365 5952 NetMsmqActivator - ok
22:39:34.0368 5952 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:39:34.0385 5952 NetPipeActivator - ok
22:39:34.0441 5952 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll
22:39:34.0488 5952 netprofm - ok
22:39:34.0493 5952 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:39:34.0509 5952 NetTcpActivator - ok
22:39:34.0513 5952 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
22:39:34.0531 5952 NetTcpPortSharing - ok
22:39:34.0550 5952 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
22:39:34.0562 5952 nfrd960 - ok
22:39:34.0588 5952 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll
22:39:34.0621 5952 NlaSvc - ok
22:39:34.0644 5952 nmwcdcx64 (41a5ec6cfbe45e5d62eafae348ea62ff) C:\Windows\system32\drivers\ccdcmbox64.sys
22:39:34.0683 5952 nmwcdcx64 - ok
22:39:34.0736 5952 nmwcdx64 (b246c3bb25d49c127cf202bd7e0ea2e8) C:\Windows\system32\drivers\ccdcmbx64.sys
22:39:34.0772 5952 nmwcdx64 - ok
22:39:34.0790 5952 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
22:39:34.0814 5952 Npfs - ok
22:39:34.0817 5952 npggsvc - ok
22:39:34.0820 5952 NPPTNT2 - ok
22:39:34.0842 5952 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll
22:39:34.0903 5952 nsi - ok
22:39:34.0925 5952 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
22:39:34.0983 5952 nsiproxy - ok
22:39:35.0060 5952 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
22:39:35.0133 5952 Ntfs - ok
22:39:35.0207 5952 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
22:39:35.0263 5952 Null - ok
22:39:35.0321 5952 NVHDA (8d4aac74b571fc356560e5b308955e93) C:\Windows\system32\drivers\nvhda64v.sys
22:39:35.0341 5952 NVHDA - ok
22:39:35.0773 5952 nvlddmkm (11b62a15d62b08860baf887a189a9705) C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:39:36.0298 5952 nvlddmkm - ok
22:39:36.0372 5952 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
22:39:36.0392 5952 nvraid - ok
22:39:36.0418 5952 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
22:39:36.0438 5952 nvstor - ok
22:39:36.0505 5952 nvsvc (69707e58a10450ec04026d1f75473ed5) C:\Windows\system32\nvvsvc.exe
22:39:36.0571 5952 nvsvc - ok
22:39:36.0688 5952 nvUpdatusService (1896053055658cd13fa1109838ad2eef) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
22:39:36.0750 5952 nvUpdatusService - ok
22:39:36.0819 5952 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
22:39:36.0839 5952 nv_agp - ok
22:39:36.0842 5952 NwlnkFlt - ok
22:39:36.0847 5952 NwlnkFwd - ok
22:39:36.0965 5952 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:39:36.0991 5952 odserv - ok
22:39:37.0039 5952 ohci1394 (7b58953e2f263421fdbb09a192712a85) C:\Windows\system32\drivers\ohci1394.sys
22:39:37.0103 5952 ohci1394 - ok
22:39:37.0137 5952 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:39:37.0156 5952 ose - ok
22:39:37.0338 5952 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:39:37.0540 5952 osppsvc - ok
22:39:37.0626 5952 p2pimsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
22:39:37.0698 5952 p2pimsvc - ok
22:39:37.0705 5952 p2psvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
22:39:37.0739 5952 p2psvc - ok
22:39:37.0798 5952 Parport (4c6a7fd04ddf4db88791048382e3edb1) C:\Windows\system32\DRIVERS\parport.sys
22:39:37.0859 5952 Parport - ok
22:39:37.0897 5952 partmgr (b43751085e2abe389da466bc62a4b987) C:\Windows\system32\drivers\partmgr.sys
22:39:37.0917 5952 partmgr - ok
22:39:37.0936 5952 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll
22:39:37.0960 5952 PcaSvc - ok
22:39:37.0988 5952 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
22:39:38.0029 5952 pci - ok
22:39:38.0074 5952 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys
22:39:38.0093 5952 pciide - ok
22:39:38.0128 5952 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
22:39:38.0149 5952 pcmcia - ok
22:39:38.0189 5952 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
22:39:38.0294 5952 PEAUTH - ok
22:39:38.0353 5952 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe
22:39:38.0412 5952 PerfHost - ok
22:39:38.0476 5952 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll
22:39:38.0591 5952 pla - ok
22:39:38.0653 5952 PlugPlay (fe6b0f59215c9fd9f9d26539c58c8b82) C:\Windows\system32\umpnpmgr.dll
22:39:38.0726 5952 PlugPlay - ok
22:39:38.0730 5952 PnkBstrA - ok
22:39:38.0791 5952 PNRPAutoReg (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
22:39:38.0839 5952 PNRPAutoReg - ok
22:39:38.0847 5952 PNRPsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
22:39:38.0897 5952 PNRPsvc - ok
22:39:38.0944 5952 PolicyAgent (89a5560671c2d8b4a4b51f3e1aa069d8) C:\Windows\System32\ipsecsvc.dll
22:39:39.0016 5952 PolicyAgent - ok
22:39:39.0098 5952 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
22:39:39.0133 5952 PptpMiniport - ok
22:39:39.0157 5952 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
22:39:39.0202 5952 Processor - ok
22:39:39.0241 5952 ProfSvc (e058ce4fc2449d8bfa14739c83b7ff2a) C:\Windows\system32\profsvc.dll
22:39:39.0277 5952 ProfSvc - ok
22:39:39.0295 5952 ProtectedStorage (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
22:39:39.0316 5952 ProtectedStorage - ok
22:39:39.0359 5952 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
22:39:39.0392 5952 PSched - ok
22:39:39.0461 5952 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
22:39:39.0531 5952 ql2300 - ok
22:39:39.0556 5952 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
22:39:39.0575 5952 ql40xx - ok
22:39:39.0610 5952 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll
22:39:39.0645 5952 QWAVE - ok
22:39:39.0659 5952 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
22:39:39.0708 5952 QWAVEdrv - ok
22:39:39.0729 5952 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
22:39:39.0786 5952 RasAcd - ok
22:39:39.0810 5952 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll
22:39:39.0894 5952 RasAuto - ok
22:39:39.0928 5952 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:39:39.0968 5952 Rasl2tp - ok
22:39:39.0992 5952 RasMan (3ad83e4046c43be510de681588acb8af) C:\Windows\System32\rasmans.dll
22:39:40.0064 5952 RasMan - ok
22:39:40.0098 5952 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
22:39:40.0131 5952 RasPppoe - ok
22:39:40.0194 5952 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
22:39:40.0216 5952 RasSstp - ok
22:39:40.0264 5952 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
22:39:40.0301 5952 rdbss - ok
22:39:40.0321 5952 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:39:40.0361 5952 RDPCDD - ok
22:39:40.0390 5952 rdpdr (ae23e79b13feb62939e2ca1189e71735) C:\Windows\system32\DRIVERS\rdpdr.sys
22:39:40.0447 5952 rdpdr - ok
22:39:40.0451 5952 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
22:39:40.0506 5952 RDPENCDD - ok
22:39:40.0551 5952 RDPWD (ae4bd9e1c33d351d8e607fc81f15160c) C:\Windows\system32\drivers\RDPWD.sys
22:39:40.0590 5952 RDPWD - ok
22:39:40.0637 5952 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll
22:39:40.0697 5952 RemoteAccess - ok
22:39:40.0731 5952 RemoteRegistry (44b9d8ec2f3ef3a0efb00857af70d861) C:\Windows\system32\regsvc.dll
22:39:40.0782 5952 RemoteRegistry - ok
22:39:40.0806 5952 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe
22:39:40.0834 5952 RpcLocator - ok
22:39:40.0868 5952 RpcSs (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
22:39:40.0913 5952 RpcSs - ok
22:39:40.0935 5952 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
22:39:40.0977 5952 rspndr - ok
22:39:41.0004 5952 RTL8169 (faeeed5a8949e6ba611a7b738ad28cee) C:\Windows\system32\DRIVERS\Rtlh64.sys
22:39:41.0029 5952 RTL8169 - ok
22:39:41.0044 5952 SamSs (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
22:39:41.0065 5952 SamSs - ok
22:39:41.0089 5952 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
22:39:41.0107 5952 sbp2port - ok
22:39:41.0140 5952 SCardSvr (fd1cdcf108d5ef3366f00d18b70fb89b) C:\Windows\System32\SCardSvr.dll
22:39:41.0193 5952 SCardSvr - ok
22:39:41.0248 5952 Schedule (0f838c811ad295d2a4489b9993096c63) C:\Windows\system32\schedsvc.dll
22:39:41.0311 5952 Schedule - ok
22:39:41.0345 5952 SCPolicySvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
22:39:41.0376 5952 SCPolicySvc - ok
22:39:41.0400 5952 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll
22:39:41.0444 5952 SDRSVC - ok
22:39:41.0469 5952 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
22:39:41.0528 5952 secdrv - ok
22:39:41.0539 5952 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll
22:39:41.0583 5952 seclogon - ok
22:39:41.0595 5952 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\System32\sens.dll
22:39:41.0643 5952 SENS - ok
22:39:41.0666 5952 Serenum (2449316316411d65bd2c761a6ffb2ce2) C:\Windows\system32\DRIVERS\serenum.sys
22:39:41.0696 5952 Serenum - ok
22:39:41.0707 5952 Serial (4b438170be2fc8e0bd35ee87a960f84f) C:\Windows\system32\DRIVERS\serial.sys
22:39:41.0754 5952 Serial - ok
22:39:41.0770 5952 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
22:39:41.0810 5952 sermouse - ok
22:39:41.0842 5952 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll
22:39:41.0892 5952 SessionEnv - ok
22:39:41.0914 5952 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
22:39:41.0975 5952 sffdisk - ok
22:39:41.0990 5952 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
22:39:42.0041 5952 sffp_mmc - ok
22:39:42.0050 5952 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
22:39:42.0091 5952 sffp_sd - ok
22:39:42.0100 5952 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
22:39:42.0153 5952 sfloppy - ok
22:39:42.0191 5952 SharedAccess (4c5aee179da7e1ee9a9ccb9da289af34) C:\Windows\System32\ipnathlp.dll
22:39:42.0228 5952 SharedAccess - ok
22:39:42.0278 5952 ShellHWDetection (56793271ecdedd350c5add305603e963) C:\Windows\System32\shsvcs.dll
22:39:42.0298 5952 ShellHWDetection - ok
22:39:42.0322 5952 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
22:39:42.0335 5952 SiSRaid2 - ok
22:39:42.0349 5952 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
22:39:42.0363 5952 SiSRaid4 - ok
22:39:42.0416 5952 SkypeUpdate (ddaa5f4a6b958fc313ebd02dd925752f) C:\Program Files (x86)\Skype\Updater\Updater.exe
22:39:42.0429 5952 SkypeUpdate - ok
22:39:42.0530 5952 slsvc (a9a27a8e257b45a604fdad4f26fe7241) C:\Windows\system32\SLsvc.exe
22:39:42.0694 5952 slsvc - ok
22:39:42.0813 5952 SLUINotify (fd74b4b7c2088e390a30c85a896fc3af) C:\Windows\system32\SLUINotify.dll
22:39:42.0863 5952 SLUINotify - ok
22:39:42.0922 5952 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
22:39:42.0955 5952 Smb - ok
22:39:42.0979 5952 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe
22:39:43.0017 5952 SNMPTRAP - ok
22:39:43.0068 5952 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
22:39:43.0086 5952 spldr - ok
22:39:43.0129 5952 Spooler (f66ff751e7efc816d266977939ef5dc3) C:\Windows\System32\spoolsv.exe
22:39:43.0163 5952 Spooler - ok
22:39:43.0241 5952 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
22:39:43.0241 5952 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
22:39:43.0243 5952 sptd ( LockedFile.Multi.Generic ) - warning
22:39:43.0243 5952 sptd - detected LockedFile.Multi.Generic (1)
22:39:43.0289 5952 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
22:39:43.0348 5952 srv - ok
22:39:43.0414 5952 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
22:39:43.0452 5952 srv2 - ok
22:39:43.0489 5952 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
22:39:43.0511 5952 srvnet - ok
22:39:43.0524 5952 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll
22:39:43.0571 5952 SSDPSRV - ok
22:39:43.0618 5952 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll
22:39:43.0643 5952 SstpSvc - ok
22:39:43.0710 5952 Steam Client Service - ok
22:39:43.0806 5952 Stereo Service (e41837b8f2228be202bd582242a4e810) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
22:39:43.0831 5952 Stereo Service - ok
22:39:43.0888 5952 stisvc (15825c1fbfb8779992cb65087f316af5) C:\Windows\System32\wiaservc.dll
22:39:43.0958 5952 stisvc - ok
22:39:44.0025 5952 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
22:39:44.0042 5952 swenum - ok
22:39:44.0098 5952 swprv (6de37f4de19d4efd9c48c43addbc949a) C:\Windows\System32\swprv.dll
22:39:44.0153 5952 swprv - ok
22:39:44.0192 5952 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
22:39:44.0209 5952 Symc8xx - ok
22:39:44.0220 5952 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
22:39:44.0237 5952 Sym_hi - ok
22:39:44.0250 5952 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
22:39:44.0267 5952 Sym_u3 - ok
22:39:44.0322 5952 SysMain (92d7a8b0f87b036f17d25885937897a6) C:\Windows\system32\sysmain.dll
22:39:44.0406 5952 SysMain - ok
22:39:44.0443 5952 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll
22:39:44.0489 5952 TabletInputService - ok
22:39:44.0533 5952 TapiSrv (cc2562b4d55e0b6a4758c65407f63b79) C:\Windows\System32\tapisrv.dll
22:39:44.0582 5952 TapiSrv - ok
22:39:44.0602 5952 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll
22:39:44.0666 5952 TBS - ok
22:39:44.0755 5952 Tcpip (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\drivers\tcpip.sys
22:39:44.0846 5952 Tcpip - ok
22:39:44.0956 5952 Tcpip6 (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\DRIVERS\tcpip.sys
22:39:45.0029 5952 Tcpip6 - ok
22:39:45.0110 5952 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
22:39:45.0131 5952 tcpipreg - ok
22:39:45.0156 5952 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
22:39:45.0212 5952 TDPIPE - ok
22:39:45.0230 5952 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
22:39:45.0283 5952 TDTCP - ok
22:39:45.0322 5952 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
22:39:45.0374 5952 tdx - ok
22:39:45.0405 5952 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
22:39:45.0426 5952 TermDD - ok
22:39:45.0476 5952 TermService (5cdd30bc217082dac71a9878d9bfd566) C:\Windows\System32\termsrv.dll
22:39:45.0553 5952 TermService - ok
22:39:45.0597 5952 Themes (56793271ecdedd350c5add305603e963) C:\Windows\system32\shsvcs.dll
22:39:45.0622 5952 Themes - ok
22:39:45.0643 5952 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
22:39:45.0685 5952 THREADORDER - ok
22:39:45.0707 5952 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll
22:39:45.0772 5952 TrkWks - ok
22:39:45.0814 5952 TrustedInstaller (ac6ff1df22ed90bad6417ee5a4c6e2f0) C:\Windows\servicing\TrustedInstaller.exe
22:39:45.0854 5952 TrustedInstaller - ok
22:39:45.0876 5952 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:39:45.0918 5952 tssecsrv - ok
22:39:45.0941 5952 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
22:39:45.0969 5952 tunmp - ok
22:39:45.0992 5952 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
22:39:46.0021 5952 tunnel - ok
22:39:46.0045 5952 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
22:39:46.0064 5952 uagp35 - ok
22:39:46.0103 5952 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
22:39:46.0140 5952 udfs - ok
22:39:46.0217 5952 ufad-ws60 (3f2d08b07cf67cb37e669a93e59a508c) C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe
22:39:46.0236 5952 ufad-ws60 - ok
22:39:46.0251 5952 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe
22:39:46.0315 5952 UI0Detect - ok
22:39:46.0333 5952 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
22:39:46.0351 5952 uliagpkx - ok
22:39:46.0372 5952 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
22:39:46.0395 5952 uliahci - ok
22:39:46.0410 5952 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
22:39:46.0427 5952 UlSata - ok
22:39:46.0452 5952 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
22:39:46.0468 5952 ulsata2 - ok
22:39:46.0478 5952 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
22:39:46.0508 5952 umbus - ok
22:39:46.0522 5952 UmRdpService (dc5e34f189b827199b9cc8481c648269) C:\Windows\System32\umrdp.dll
22:39:46.0560 5952 UmRdpService - ok
22:39:46.0592 5952 upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll
22:39:46.0657 5952 upnphost - ok
22:39:46.0711 5952 upperdev (5462f35baf43f64cf6557cba79bf00ec) C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
22:39:46.0752 5952 upperdev - ok
22:39:46.0803 5952 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
22:39:46.0842 5952 USBAAPL64 - ok
22:39:46.0897 5952 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys
22:39:46.0948 5952 usbaudio - ok
22:39:47.0002 5952 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
22:39:47.0042 5952 usbccgp - ok
22:39:47.0058 5952 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
22:39:47.0118 5952 usbcir - ok
22:39:47.0144 5952 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
22:39:47.0176 5952 usbehci - ok
22:39:47.0196 5952 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
22:39:47.0254 5952 usbhub - ok
22:39:47.0270 5952 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
22:39:47.0330 5952 usbohci - ok
22:39:47.0368 5952 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
22:39:47.0399 5952 usbprint - ok
22:39:47.0446 5952 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
22:39:47.0487 5952 usbscan - ok
22:39:47.0504 5952 usbser (f7386007fb19e7685fc7b298560aa81f) C:\Windows\system32\drivers\usbser.sys
22:39:47.0543 5952 usbser - ok
22:39:47.0558 5952 UsbserFilt (f8ab6d4f8badfbcb51ed14cac982cd10) C:\Windows\system32\DRIVERS\usbser_lowerfltx64j.sys
22:39:47.0578 5952 UsbserFilt - ok
22:39:47.0603 5952 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:39:47.0626 5952 USBSTOR - ok
22:39:47.0644 5952 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
22:39:47.0671 5952 usbuhci - ok
22:39:47.0717 5952 UxSms (d76e231e4850bb3f88a3d9a78df191e3) C:\Windows\System32\uxsms.dll
22:39:47.0767 5952 UxSms - ok
22:39:47.0815 5952 vds (294945381dfa7ce58cecf0a9896af327) C:\Windows\System32\vds.exe
22:39:47.0885 5952 vds - ok
22:39:47.0909 5952 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
22:39:47.0950 5952 vga - ok
22:39:47.0970 5952 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
22:39:48.0010 5952 VgaSave - ok
22:39:48.0030 5952 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
22:39:48.0046 5952 viaide - ok
22:39:48.0137 5952 VMAuthdService (caa6f68bb4c1dbe554b4607ca1acaab5) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
22:39:48.0153 5952 VMAuthdService - ok
22:39:48.0173 5952 vmci (9bc38986a8f0e85f27cc18a196808f52) C:\Windows\system32\drivers\vmci.sys
22:39:48.0189 5952 vmci - ok
22:39:48.0242 5952 vmkbd (ac9dc0f511c56125483a5fb385d0bc80) C:\Windows\system32\drivers\VMkbd.sys
22:39:48.0257 5952 vmkbd - ok
22:39:48.0303 5952 VMnetAdapter (9d54f1339e78c95bf3d9939ebcb66378) C:\Windows\system32\DRIVERS\vmnetadapter.sys
22:39:48.0318 5952 VMnetAdapter - ok
22:39:48.0370 5952 VMnetBridge (fb54ef3aa613d2832fd3812e7cb2fc75) C:\Windows\system32\DRIVERS\vmnetbridge.sys
22:39:48.0387 5952 VMnetBridge - ok
22:39:48.0392 5952 VMnetDHCP - ok
22:39:48.0403 5952 VMnetuserif (b4686ed49494a4264e867a7938fad24b) C:\Windows\system32\drivers\vmnetuserif.sys
22:39:48.0418 5952 VMnetuserif - ok
22:39:48.0434 5952 VMparport (b5cae805fcca38f35e6874c2dae0beb8) C:\Windows\system32\drivers\VMparport.sys
22:39:48.0449 5952 VMparport - ok
22:39:48.0497 5952 vmusb (415b167695c4b5960a13098622ef3d80) C:\Windows\system32\Drivers\vmusb.sys
22:39:48.0512 5952 vmusb - ok
22:39:48.0599 5952 VMUSBArbService (f38f5e1d9dec6cd1955a91ab141a88fb) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
22:39:48.0645 5952 VMUSBArbService - ok
22:39:48.0651 5952 VMware NAT Service - ok
22:39:48.0684 5952 vmx86 (4b4987b8850de542f23621b881b10342) C:\Windows\system32\drivers\vmx86.sys
22:39:48.0701 5952 vmx86 - ok
22:39:48.0720 5952 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
22:39:48.0740 5952 volmgr - ok
22:39:48.0790 5952 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
22:39:48.0818 5952 volmgrx - ok
22:39:48.0840 5952 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
22:39:48.0864 5952 volsnap - ok
22:39:48.0894 5952 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
22:39:48.0915 5952 vsmraid - ok
22:39:48.0983 5952 VSS (b75232dad33bfd95bf6f0a3e6bff51e1) C:\Windows\system32\vssvc.exe
22:39:49.0080 5952 VSS - ok
22:39:49.0164 5952 vstor2-ws60 (69f57e89e6ebc5012d210527af005a70) C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys
22:39:49.0179 5952 vstor2-ws60 - ok
22:39:49.0308 5952 W32Time (f14a7de2ea41883e250892e1e5230a9a) C:\Windows\system32\w32time.dll
22:39:49.0386 5952 W32Time - ok
22:39:49.0448 5952 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
22:39:49.0527 5952 WacomPen - ok
22:39:49.0546 5952 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
22:39:49.0596 5952 Wanarp - ok
22:39:49.0600 5952 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
22:39:49.0633 5952 Wanarpv6 - ok
22:39:49.0673 5952 wbengine (48eee289df9e4989128b2283f3eeacc6) C:\Windows\system32\wbengine.exe
22:39:49.0730 5952 wbengine - ok
22:39:49.0754 5952 wcncsvc (b4e4c37d0aa6100090a53213ee2bf1c1) C:\Windows\System32\wcncsvc.dll
22:39:49.0789 5952 wcncsvc - ok
22:39:49.0812 5952 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll
22:39:49.0863 5952 WcsPlugInService - ok
22:39:49.0880 5952 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
22:39:49.0898 5952 Wd - ok
22:39:49.0977 5952 WDBtnMgrSvc.exe (7b8cdbdeb84da1a0c8897728beba80b8) C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe
22:39:50.0005 5952 WDBtnMgrSvc.exe ( UnsignedFile.Multi.Generic ) - warning
22:39:50.0005 5952 WDBtnMgrSvc.exe - detected UnsignedFile.Multi.Generic (1)
22:39:50.0054 5952 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
22:39:50.0093 5952 Wdf01000 - ok
22:39:50.0114 5952 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
22:39:50.0179 5952 WdiServiceHost - ok
22:39:50.0183 5952 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
22:39:50.0227 5952 WdiSystemHost - ok
22:39:50.0253 5952 WebClient (3e6d05381cf35f75ebb055544a8ed9ac) C:\Windows\System32\webclnt.dll
22:39:50.0315 5952 WebClient - ok
22:39:50.0353 5952 Wecsvc (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll
22:39:50.0380 5952 Wecsvc - ok
22:39:50.0394 5952 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll
22:39:50.0449 5952 wercplsupport - ok
22:39:50.0477 5952 WerSvc (66b9ecebc46683f47edc06333c075fef) C:\Windows\System32\WerSvc.dll
22:39:50.0537 5952 WerSvc - ok
22:39:50.0609 5952 WinDefend - ok
22:39:50.0619 5952 WinHttpAutoProxySvc - ok
22:39:50.0693 5952 Winmgmt (d2e7296ed1bd26d8db2799770c077a02) C:\Windows\system32\wbem\WMIsvc.dll
22:39:50.0735 5952 Winmgmt - ok
22:39:50.0829 5952 WinRM (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll
22:39:50.0935 5952 WinRM - ok
22:39:51.0069 5952 Wlansvc (ec339c8115e91baed835957e9a677f16) C:\Windows\System32\wlansvc.dll
22:39:51.0106 5952 Wlansvc - ok
22:39:51.0262 5952 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:39:51.0504 5952 wlidsvc - ok
22:39:51.0615 5952 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
22:39:51.0658 5952 WmiAcpi - ok
22:39:51.0738 5952 wmiApSrv (21fa389e65a852698b6a1341f36ee02d) C:\Windows\system32\wbem\WmiApSrv.exe
22:39:51.0803 5952 wmiApSrv - ok
22:39:51.0859 5952 WMPNetworkSvc - ok
22:39:51.0899 5952 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll
22:39:51.0925 5952 WPCSvc - ok
22:39:51.0944 5952 WPDBusEnum (490a18b4e4d53dc10879deaa8e8b70d9) C:\Windows\system32\wpdbusenum.dll
22:39:51.0989 5952 WPDBusEnum - ok
22:39:52.0013 5952 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
22:39:52.0055 5952 WpdUsb - ok
22:39:52.0167 5952 WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
22:39:52.0208 5952 WPFFontCache_v0400 - ok
22:39:52.0242 5952 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
22:39:52.0287 5952 ws2ifsl - ok
22:39:52.0329 5952 wscsvc (9ea3e6d0ef7a5c2b9181961052a4b01a) C:\Windows\System32\wscsvc.dll
22:39:52.0354 5952 wscsvc - ok
22:39:52.0359 5952 WSearch - ok
22:39:52.0447 5952 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
22:39:52.0591 5952 wuauserv - ok
22:39:52.0695 5952 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:39:52.0755 5952 WUDFRd - ok
22:39:52.0788 5952 wudfsvc (6cbd51ff913c851d56ed9dc7f2a27dde) C:\Windows\System32\WUDFSvc.dll
22:39:52.0850 5952 wudfsvc - ok
22:39:52.0897 5952 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
22:39:53.0419 5952 \Device\Harddisk0\DR0 - ok
22:39:53.0421 5952 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
22:39:53.0479 5952 \Device\Harddisk1\DR1 - ok
22:39:53.0495 5952 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk2\DR2
22:39:53.0726 5952 \Device\Harddisk2\DR2 - ok
22:39:53.0729 5952 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk3\DR3
22:39:53.0833 5952 \Device\Harddisk3\DR3 - ok
22:39:53.0864 5952 Boot (0x1200) (98ffb3766f22a4239831a28197fd7cbb) \Device\Harddisk0\DR0\Partition0
22:39:53.0865 5952 \Device\Harddisk0\DR0\Partition0 - ok
22:39:53.0868 5952 Boot (0x1200) (7589cf3100a2f9b0c570392e5de9f6a3) \Device\Harddisk1\DR1\Partition0
22:39:53.0869 5952 \Device\Harddisk1\DR1\Partition0 - ok
22:39:53.0872 5952 Boot (0x1200) (bdf7484911ec6092448d3ac8d8904bdb) \Device\Harddisk2\DR2\Partition0
22:39:53.0874 5952 \Device\Harddisk2\DR2\Partition0 - ok
22:39:53.0899 5952 Boot (0x1200) (a245c910d618fba0d6f630dda49b80fd) \Device\Harddisk3\DR3\Partition0
22:39:53.0902 5952 \Device\Harddisk3\DR3\Partition0 - ok
22:39:53.0902 5952 ============================================================
22:39:53.0902 5952 Scan finished
22:39:53.0902 5952 ============================================================
22:39:53.0911 3812 Detected object count: 4
22:39:53.0911 3812 Actual detected object count: 4
22:53:30.0668 3812 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
22:53:30.0668 3812 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:53:30.0670 3812 NBService ( UnsignedFile.Multi.Generic ) - skipped by user
22:53:30.0670 3812 NBService ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:53:30.0671 3812 sptd ( LockedFile.Multi.Generic ) - skipped by user
22:53:30.0671 3812 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
22:53:30.0672 3812 WDBtnMgrSvc.exe ( UnsignedFile.Multi.Generic ) - skipped by user
22:53:30.0672 3812 WDBtnMgrSvc.exe ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:53:35.0761 6044 Deinitialize success

[MrCharlie]

That scan was clean, please do this........

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

[whatface]

Here is the ComboFix log as requested:


ComboFix 12-07-31.03 - Jason 02/08/2012 18:40:06.1.4 - x64
Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.61.1033.18.4094.2267 [GMT 10:00]
Running from: c:\users\Jason\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: COMODO Firewall *Disabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\Jason\AppData\Roaming\.#
c:\users\Jason\Documents\~WRL0005.tmp
c:\users\Jason\Documents\~WRL4094.tmp
c:\windows\apppatch\AppLoc.exe
c:\windows\apppatch\AppLocA.exe
c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
c:\windows\apppatch\unins000.dat
c:\windows\apppatch\unins000.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-02 to 2012-08-02 )))))))))))))))))))))))))))))))
.
.
2012-08-02 08:52 . 2012-08-02 08:52 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-08-02 08:52 . 2012-08-02 08:52 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-08-02 08:52 . 2012-08-02 08:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-31 12:54 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D90EDCF2-D3D7-45F4-837C-9C54DDDC4783}\mpengine.dll
2012-07-29 02:17 . 2012-07-29 02:24 -------- d-----w- c:\programdata\Comodo
2012-07-29 02:17 . 2012-07-29 02:17 -------- d-----w- c:\program files\COMODO
2012-07-14 00:53 . 2012-07-14 00:53 -------- d-----w- c:\program files (x86)\Microsoft XNA
2012-07-12 09:34 . 2012-06-13 13:58 2769408 ----a-w- c:\windows\system32\win32k.sys
2012-07-12 08:52 . 2012-06-05 16:22 974848 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2012-07-12 08:52 . 2012-06-05 16:47 708608 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2012-07-12 08:52 . 2012-06-05 16:22 1797120 ----a-w- c:\windows\system32\msxml6.dll
2012-07-12 08:52 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-07-12 08:52 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-07-12 08:52 . 2012-06-05 16:22 1869824 ----a-w- c:\windows\system32\msxml3.dll
2012-07-12 08:51 . 2012-06-04 15:29 516480 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-12 08:51 . 2012-06-02 00:22 347136 ----a-w- c:\windows\system32\schannel.dll
2012-07-12 08:51 . 2012-06-02 00:22 254464 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-12 08:51 . 2012-06-02 00:04 278528 ----a-w- c:\windows\SysWow64\schannel.dll
2012-07-12 08:51 . 2012-06-02 00:03 204288 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-07-12 08:51 . 2012-06-02 00:05 77312 ----a-w- c:\windows\SysWow64\secur32.dll
2012-07-12 08:45 . 2012-06-08 17:59 12899840 ----a-w- c:\windows\system32\shell32.dll
2012-07-10 10:21 . 2012-07-10 10:21 -------- d-----w- C:\af3e8974be320ed59df12484a71aa964
2012-07-08 04:16 . 2012-07-08 04:16 -------- d-----w- c:\users\Jason\AppData\Local\etax2012
2012-07-08 04:14 . 2012-07-08 04:15 -------- d-----w- c:\program files (x86)\etax2012
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-02 08:17 . 2009-02-12 10:05 24072 ----a-w- c:\windows\gdrv.sys
2012-07-27 13:17 . 2012-04-09 00:49 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-27 13:17 . 2011-05-17 00:38 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 09:39 . 2006-11-02 12:35 59701280 ----a-w- c:\windows\system32\mrt.exe
2012-07-03 16:21 . 2011-05-27 05:13 958400 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-03 16:21 . 2010-05-12 01:25 355856 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-07-03 16:21 . 2010-05-12 01:25 44272 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-07-03 16:21 . 2010-05-12 01:24 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-07-03 16:21 . 2010-05-12 01:24 71064 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-07-03 16:21 . 2010-05-12 01:25 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-07-03 16:21 . 2010-06-29 05:14 41224 ----a-w- c:\windows\avastSS.scr
2012-07-03 16:21 . 2010-05-12 01:24 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-07-03 16:21 . 2011-01-16 00:57 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-07-03 03:46 . 2011-05-05 10:43 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-30 05:17 . 2009-02-19 06:05 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-06-30 05:17 . 2009-02-13 09:24 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-06-02 22:19 . 2012-06-22 10:41 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 10:42 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-22 10:42 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 10:42 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 10:41 35864 ----a-w- c:\windows\SysWow64\wups.dll
2012-06-02 22:19 . 2012-06-22 10:41 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-22 10:41 577048 ----a-w- c:\windows\SysWow64\wuapi.dll
2012-06-02 22:15 . 2012-06-22 10:42 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-22 10:41 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 22:12 . 2012-06-22 10:41 88576 ----a-w- c:\windows\SysWow64\wudriver.dll
2012-06-02 05:19 . 2012-06-22 10:41 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 05:19 . 2012-06-22 10:41 171904 ----a-w- c:\windows\SysWow64\wuwebv.dll
2012-06-02 05:15 . 2012-06-22 10:41 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 05:12 . 2012-06-22 10:41 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2012-05-31 02:25 . 2010-05-07 04:52 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Jason\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Jason\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 94208 ----a-w- c:\users\Jason\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-04-26 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-13 611712]
"WD Drive Manager"="c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2009-06-26 480768]
"vmware-tray"="c:\program files (x86)\VMware\VMware Workstation\vmware-tray.exe" [2010-01-22 129584]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-01 843712]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-07-03 4273976]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-27 250056]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 13:17]
.
2012-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-09 07:37]
.
2012-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-09 07:37]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 133400 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Jason\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Jason\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Jason\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-15 00:32 97792 ----a-w- c:\users\Jason\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2008-10-13 6566432]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2008-10-13 1833504]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 9569096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\guard64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files (x86)\VMware\VMware Workstation\vsocklib.dll
TCP: Interfaces\{BF14688D-ABC9-4D80-8AEA-06B481F015F3}: NameServer = 10.11.12.1,212.159.11.150
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\siuio95h.default\
FF - prefs.js: browser.startup.homepage - www.yahoo.com/
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-{9143B17E-BBDE-4EA7-A4E3-20D384D9C8A5}_is1 - c:\windows\AppPatch\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\VMware, Inc.\VMnetLibSaved\VMnetBridge]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-08-02 18:57:12
ComboFix-quarantined-files.txt 2012-08-02 08:57
.
Pre-Run: 668,132,282,368 bytes free
Post-Run: 669,500,407,808 bytes free
.
- - End Of File - - 3036941D78E53CE598395E85747BA869

[MrCharlie]

Quote

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: COMODO Firewall *Disabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

It looks like you have Avast, Comodo and Defender running, this is no good.
You only should have one anti-virus program running on the machine.

-----------------------------

Please do this...........

Download TFC to your desktop
Close any open windows.
Double click the TFC icon to run the program
TFC will close all open programs itself in order to run,
Click the Start button to begin the process.
Allow TFC to run uninterrupted.
The program should not take long to finish it's job
Once its finished it should automatically reboot your machine,
if it doesn't, manually reboot to ensure a complete clean

-----------------------------

Please Update and run a Quick Scan with MBAM, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

[whatface]

Windows Defender is usually disabled when I have Avast! running. Looks like it enabled itself when I turned off Avast. As for COMODO, I use it as a firewall but did not realise it came with an AV. Shall I just disable COMODO Defense+ ?

[MrCharlie]

Yes, MrC

[whatface]

Done and requested and scanned with MBAM. After running TFC, I noticed a $RECYCLE.BIN folder in my E: drive with some hidden folders in it. Is it safe to remove?

The startup times seem to be the same, but now that I think about it, it has been like that even before I had the malware problem. Applications seem to be loading faster after the welcome screen though. Other than that, my PC works perfectly fine and I haven't encountered any problems so far.

Here is the MBAM log:


Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.03.02

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Jason :: JASON-PC [administrator]

3/08/2012 6:51:52 PM
mbam-log-2012-08-03 (18-51-52).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 239680
Time elapsed: 7 minute(s), 1 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

[MrCharlie]

Great > here's some links on slow computers:

http://www.malwarere...nningslowly.php
http://users.telenet...owcomputer.html
http://forums.malwar...showtopic=81990

-----------------------------

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /



Then hit enter.
This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall)

---------------------------------

Please download OTL from one of the links below: (you may already have OTL on the system)
http://oldtimer.geekstogo.com/OTL.exe
http://oldtimer.geekstogo.com/OTL.com

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, etc....

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

[whatface]

Thank you for your time and assistance MrC. I appreciate it. I can now have a peace of mind knowing that there probably isn't anything nasty on my system, and my PC seems to be running a tad faster as the result of the cleanup.

One thing though, I tried downloading OTL from http://oldtimer.geekstogo.com/OTL.exe and http://oldtimer.geekstogo.com/OTL.com but it looks like the links are down. I'm guessing they're just down temporarily?

[LDTate]

Link is working now.

[LDTate]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!