Jump to content

fixingdunks

Members
  • Posts

    14
  • Joined

  • Last visited

Reputation

0 Neutral

Recent Profile Visitors

958 profile views
  1. I tried it but explorer warns that it is unsafe and doesn't give me an option to save, so I click run anyway and it says it's not a valid win32 file. When I look at it it's 0 bytes in size. I tried downloading it using Firefox on another computer and it shows up as a 0 byte file there too.
  2. I have notified Oscar that you are helping me. Here is the log from mbam-check.exe mbam-check result log version: 1.10.0.1000 Date Log Created: 06/15/12 Time Log Created: 15:57:38 64 bit Operating System Product Name: REG_SZ Windows Vista Home Premium Current Build Number: 6002 Current Version Number: 6.0 Current CSDVersion: Service Pack 2 Proxy Status: No proxy is Set Proxy Override: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ ProxyOverride REG_SZ *.local LAN Settings: ============= only 'Automatically detect settings' is selected SystemPartition: ================ HKEY_LOCAL_MACHINE\SYSTEM\Setup\ SystemPartition REG_SZ \Device\HarddiskVolume1 Balloon Tips Status: ==================== Enabled Time Format Settings: ===================== Should be: h:mm:ss tt AM PM : Currently: REG_SZ h:mm:ss tt REG_SZ AM REG_SZ PM REG_SZ : Language and Regional Settings: =============================== ACP: Language is English (United States) MACCP: Language is English (United States) OEMCP: Language is English (United States) Startup Folders for Error_Expanding_Variables Check: ==================================================== All Users Startup Folder Exists. Current User's Startup Folder Exists. Terminal Services Status for (null) entries in PM logs and GetUserToken errors: =============================================================================== TERMService: ============== Type : 32 State : 4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 SERVICE_EXIT_CODE : 0 CHECKPOINT : 0 WAIT_HINT : 0 TermService Start is set to: 2 (Automatic Startup) Compatibility Flag Settings (Any MBAM file listings should be removed): ======================================================================= HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers C:\Users\Owner\Desktop\AV\VBruntimes\vbrun60sp6.exeREG_SZ WINXPSP2 HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\appCompatFlags\Layers C:\Users\Owner\Desktop\AV\VBruntimes\vbrun60sp6.exeREG_SZ WINXPSP2 MBAM Startup Entries: ===================== Service and Driver Status: ========================== Can not open SC_HANDLE, Service not running for MBAMProtector Can not open SC_HANDLE, Service not running for MBAMService MBAMProtector Registry Values: ============================== MBAMService Registry Values: ============================ MBAM DLL's and Runtime Files: ============================= MBAM Registry Settings and License Info: ======================================== Context Menu Entries: ===================== MBAM Drivers: ============= Required Dependencies: ====================== fltmgr: ============== Type : 2 State : 4 (The service is running.) (STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN) WIN32_EXIT_CODE : 0 SERVICE_EXIT_CODE : 0 CHECKPOINT : 0 WAIT_HINT : 0 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr AttachWhenLoaded REG_DWORD 1 DisplayName REG_SZ FltMgr Group REG_SZ FSFilter Infrastructure ImagePath REG_EXPAND_SZ system32\drivers\fltmgr.sys Description REG_SZ File System Filter Manager Driver ErrorControl REG_DWORD 3 Start REG_DWORD 0 Tag REG_DWORD 1 Type REG_DWORD 2 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\FltMgr\Enum 0 REG_SZ Root\LEGACY_FLTMGR\0000 Count REG_DWORD 1 NextInstance REG_DWORD 1 C:\Windows\system32\drivers\fltmgr.sys File Size: 275432 BYTES FileVersion: 6.0.6002.18005 C:\Windows\SysWOW64\mscomctl.ocx File Size: 1070352 BYTES FileVersion: 6.1.98.33 C:\Windows\SysWOW64\olepro32.dll File Size: 88576 BYTES FileVersion: 6.0.6002.18005 List of MBAM Related Directories: ================================= 6C =============================================================== END OF FILE
  3. No - no registry cleaners. FYI - when I didn't hear from anyone on the forum I contacted support and received a reply from Oscar Rubio - ticket number #247352 I didn't respond or do anything with him since you responded before I responded to him. -FB
  4. Downloaded and ran mbam-clean, rebooted and disabled webroot AV. Downloaded latest mbam from cnet, ran as administrator - same install error comes up four times near the end of the install process - same as before... CoCreateInstance failed; code 0x80040154. Class not registered. then the error vbAccelerator SGrid II Cont... Run-time error '0' and Run-time error '372': Failed to load control 'vbalGrid' from vbalsgrid6.ocx. Your version of vbalsgrid6.ocx may be outdated. Make sure you are using the version of the control that was provided with your application. each come up twice, then the installation ends with no product installed, but a start-menu group is created and a program files folder is created. -FD
  5. I installed the MVB Common Controls, and then tried installing Malwarebytes but got the same errors I've been getting. Afterward, I ran the MBAM fix.bat file and it successfully did it's thing. I then tried launching MBAM but got the same errors.
  6. I created the MBAM Fix.bat file and ran it as administrator and got the message: RegSvr32 The Module "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll" failed to load. Make sure the binary is stored at the specified path or debug it to check for problems with the binary or dependent .DLL files. The specified module could not be found. And the the same message again when I click ok for the file "ssubtmr6.dll" and "vbalsgrid6.ocx" -FD
  7. When booting up the laptop to do the steps you suggested it got hung up after the login screen with a black screen and mouse cursor. I rebooted into safe mode and did the steps you listed. When aswMBR finished - the 'Fix' button was not active. Also - the 'Save Log' button didn't do anything - I took a screensnap of the display and can post it if you'd like - but there is no log. Also - the 'save as' button doesn't work in my browser (IE 9 - 64bit is the only one that runs) so I've had to use plain 'Save' and then rename the files after they've downloaded. I created the ARK folder and dowloaded a file named mek1i65o.exe, moved it to that folder and ran it as administrator, unchecked 'Registry' and started a scan. It finished and said Gmer found no changes, and there was nothing on the screen to copy and paste into notepad. I tried downloading OTL and saving it as Bravo.com - but since my 'Save As' button doesn't work in IE 9, I had to just save it and then move it to the desktop and rename it. It wouldn't give me an option to "Run as administrator" and as soon as it launched it gave me the same error message as before. I have since rebooted into normal mode and am trying all the above steps again. So far aswMBR did the same thing, I'm currently running GMER again as administrator with 'Registry' unchecked - it hasn't listed anything yet, but I'll let you know if it does. I'd really like to try downloading and installing the Visual Basic runtimes from here since that's what many of these error message seem related to: http://www.microsoft.com/downloads/details.aspx?FamilyId=7B9BA261-7A9C-43E7-9117-F673077FFB3C&displaylang=en Let me know if that's a bad idea. Thanks, -FD
  8. I imported the 2 registry entries, rebooted and downloaded OTH.scr and OTL.scr. I ran OTH and selected 'Kill All Processes' - though the screen never went blank. I then selected run OTL and got the error message "OTL has stopped working. A problem has caused the program to stop working correctly, Windows will close the program and notify you if a solution is available." FYI there is no option to "Run as Administrator" on .scr files like OTH and OTL. I had this same result when I tried running OTH and OTL prior to contacting the forum for help, as noted in the tile of the post. I used Viper Rescue, Kaspersky tool and Doctor Web on my own prior to contacting the forum based on comments read on various forums since their application appeared to fit my symptoms - but none of them found anything. I don't know when or how Norton was installed or removed, it wasn't done by me. Also - another round of Windows updates installed while I was rebooting.
  9. Here are the logs... 11:16:04.0326 0300 TDSS rootkit removing tool 2.7.37.0 May 23 2012 08:15:30 11:16:04.0810 0300 ============================================================ 11:16:04.0810 0300 Current date / time: 2012/06/13 11:16:04.0810 11:16:04.0810 0300 SystemInfo: 11:16:04.0810 0300 11:16:04.0810 0300 OS Version: 6.0.6002 ServicePack: 2.0 11:16:04.0810 0300 Product type: Workstation 11:16:04.0810 0300 ComputerName: OWNER-PC 11:16:04.0810 0300 UserName: Owner 11:16:04.0810 0300 Windows directory: C:\Windows 11:16:04.0810 0300 System windows directory: C:\Windows 11:16:04.0810 0300 Running under WOW64 11:16:04.0810 0300 Processor architecture: Intel x64 11:16:04.0810 0300 Number of processors: 2 11:16:04.0810 0300 Page size: 0x1000 11:16:04.0810 0300 Boot type: Normal boot 11:16:04.0810 0300 ============================================================ 11:16:05.0247 0300 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 11:16:05.0262 0300 ============================================================ 11:16:05.0262 0300 \Device\Harddisk0\DR0: 11:16:05.0262 0300 MBR partitions: 11:16:05.0262 0300 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x23B3BFC1 11:16:05.0262 0300 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x23B3C000, BlocksNum 0x18F1000 11:16:05.0262 0300 ============================================================ 11:16:05.0278 0300 C: <-> \Device\Harddisk0\DR0\Partition0 11:16:05.0325 0300 D: <-> \Device\Harddisk0\DR0\Partition1 11:16:05.0325 0300 ============================================================ 11:16:05.0325 0300 Initialize success 11:16:05.0325 0300 ============================================================ 11:16:07.0977 0312 ============================================================ 11:16:07.0977 0312 Scan started 11:16:07.0977 0312 Mode: Manual; 11:16:07.0977 0312 ============================================================ 11:16:08.0725 0312 30325359 (e656fe10d6d27794afa08136685a69e8) C:\Windows\system32\DRIVERS\30325359.sys 11:16:08.0725 0312 30325359 - ok 11:16:08.0772 0312 Accelerometer (60fbb29ccce48b4c3a6517caf42c3496) C:\Windows\system32\DRIVERS\Accelerometer.sys 11:16:08.0772 0312 Accelerometer - ok 11:16:08.0819 0312 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys 11:16:08.0835 0312 ACPI - ok 11:16:08.0991 0312 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys 11:16:09.0006 0312 adp94xx - ok 11:16:09.0037 0312 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys 11:16:09.0053 0312 adpahci - ok 11:16:09.0053 0312 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys 11:16:09.0069 0312 adpu160m - ok 11:16:09.0084 0312 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys 11:16:09.0084 0312 adpu320 - ok 11:16:09.0115 0312 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll 11:16:09.0115 0312 AeLookupSvc - ok 11:16:09.0209 0312 AESTFilters (7f66523a27754afcfecae2f5eb643a4a) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_bd5387da\AESTSr64.exe 11:16:09.0209 0312 AESTFilters - ok 11:16:09.0365 0312 AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys 11:16:09.0381 0312 AFD - ok 11:16:09.0427 0312 AgereModemAudio (8b0d8b5bafd4c9d57b41426bc68b32f9) C:\Windows\system32\agr64svc.exe 11:16:09.0427 0312 AgereModemAudio - ok 11:16:09.0537 0312 AgereSoftModem (6051b172930f3b2723d04c555f7ec55a) C:\Windows\system32\DRIVERS\agrsm64.sys 11:16:09.0568 0312 AgereSoftModem - ok 11:16:09.0646 0312 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys 11:16:09.0646 0312 agp440 - ok 11:16:09.0677 0312 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys 11:16:09.0677 0312 aic78xx - ok 11:16:09.0693 0312 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe 11:16:09.0693 0312 ALG - ok 11:16:09.0724 0312 aliide (e0ca5bb8e6c79533dc6b1da7361a201e) C:\Windows\system32\drivers\aliide.sys 11:16:09.0739 0312 aliide - ok 11:16:09.0739 0312 amdide (7034f8d1b9703d711d3f92c95deb377d) C:\Windows\system32\drivers\amdide.sys 11:16:09.0739 0312 amdide - ok 11:16:09.0755 0312 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys 11:16:09.0755 0312 AmdK8 - ok 11:16:09.0802 0312 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll 11:16:09.0802 0312 Appinfo - ok 11:16:09.0895 0312 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 11:16:09.0895 0312 Apple Mobile Device - ok 11:16:09.0927 0312 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys 11:16:09.0927 0312 arc - ok 11:16:09.0958 0312 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys 11:16:09.0958 0312 arcsas - ok 11:16:09.0973 0312 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys 11:16:09.0973 0312 AsyncMac - ok 11:16:09.0989 0312 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys 11:16:09.0989 0312 atapi - ok 11:16:10.0067 0312 AudioEndpointBuilder (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll 11:16:10.0067 0312 AudioEndpointBuilder - ok 11:16:10.0067 0312 AudioSrv (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll 11:16:10.0083 0312 AudioSrv - ok 11:16:10.0223 0312 BCM43XX (a4815907b039121d8d9221695cdc35f7) C:\Windows\system32\DRIVERS\bcmwl664.sys 11:16:10.0239 0312 BCM43XX - ok 11:16:10.0753 0312 Beep - ok 11:16:10.0894 0312 BFE (ffb96c2589ffa60473ead78b39fbde29) C:\Windows\System32\bfe.dll 11:16:10.0941 0312 BFE - ok 11:16:11.0081 0312 BITS (6d316f4859634071cc25c4fd4589ad2c) C:\Windows\system32\qmgr.dll 11:16:11.0143 0312 BITS - ok 11:16:11.0206 0312 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys 11:16:11.0206 0312 blbdrive - ok 11:16:11.0315 0312 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe 11:16:11.0346 0312 Bonjour Service - ok 11:16:11.0409 0312 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys 11:16:11.0409 0312 bowser - ok 11:16:11.0455 0312 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys 11:16:11.0455 0312 BrFiltLo - ok 11:16:11.0471 0312 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys 11:16:11.0471 0312 BrFiltUp - ok 11:16:11.0502 0312 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll 11:16:11.0502 0312 Browser - ok 11:16:11.0533 0312 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys 11:16:11.0533 0312 Brserid - ok 11:16:11.0549 0312 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys 11:16:11.0549 0312 BrSerWdm - ok 11:16:11.0565 0312 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys 11:16:11.0565 0312 BrUsbMdm - ok 11:16:11.0580 0312 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys 11:16:11.0580 0312 BrUsbSer - ok 11:16:11.0596 0312 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys 11:16:11.0596 0312 BTHMODEM - ok 11:16:11.0611 0312 catchme - ok 11:16:11.0627 0312 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys 11:16:11.0627 0312 cdfs - ok 11:16:11.0658 0312 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys 11:16:11.0674 0312 cdrom - ok 11:16:11.0705 0312 CertPropSvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll 11:16:11.0705 0312 CertPropSvc - ok 11:16:11.0721 0312 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\DRIVERS\circlass.sys 11:16:11.0721 0312 circlass - ok 11:16:11.0767 0312 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys 11:16:11.0767 0312 CLFS - ok 11:16:11.0830 0312 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 11:16:11.0830 0312 clr_optimization_v2.0.50727_32 - ok 11:16:11.0892 0312 clr_optimization_v2.0.50727_64 (ce07a466201096f021cd09d631b21540) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 11:16:11.0892 0312 clr_optimization_v2.0.50727_64 - ok 11:16:12.0033 0312 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 11:16:12.0033 0312 clr_optimization_v4.0.30319_32 - ok 11:16:12.0111 0312 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 11:16:12.0126 0312 clr_optimization_v4.0.30319_64 - ok 11:16:12.0142 0312 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys 11:16:12.0142 0312 CmBatt - ok 11:16:12.0157 0312 cmdide (8c6aa24c1d7273a02284588426ab8ce3) C:\Windows\system32\drivers\cmdide.sys 11:16:12.0157 0312 cmdide - ok 11:16:12.0360 0312 Com4QLBEx (7795f8cebc284a426b53f541e538695f) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe 11:16:12.0360 0312 Com4QLBEx - ok 11:16:12.0407 0312 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys 11:16:12.0407 0312 Compbatt - ok 11:16:12.0423 0312 COMSysApp - ok 11:16:12.0423 0312 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys 11:16:12.0423 0312 crcdisk - ok 11:16:12.0501 0312 CryptSvc (18918613e63f387cde4d95ca7d49dcf7) C:\Windows\system32\cryptsvc.dll 11:16:12.0501 0312 CryptSvc - ok 11:16:12.0672 0312 DcomLaunch (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll 11:16:12.0688 0312 DcomLaunch - ok 11:16:12.0766 0312 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys 11:16:12.0766 0312 DfsC - ok 11:16:13.0047 0312 DFSR (c647f468f7de343df8c143655c5557d4) C:\Windows\system32\DFSR.exe 11:16:13.0156 0312 DFSR - ok 11:16:13.0343 0312 Dhcp (3ed0321127ce70acdaabbf77e157c2a7) C:\Windows\System32\dhcpcsvc.dll 11:16:13.0359 0312 Dhcp - ok 11:16:13.0468 0312 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys 11:16:13.0468 0312 disk - ok 11:16:13.0577 0312 Dnscache (06230f1b721494a6df8d47fd395bb1b0) C:\Windows\System32\dnsrslvr.dll 11:16:13.0593 0312 Dnscache - ok 11:16:13.0639 0312 dot3svc (1a7156dd1e850e9914e5e991e3225b94) C:\Windows\System32\dot3svc.dll 11:16:13.0655 0312 dot3svc - ok 11:16:13.0702 0312 Dot4 (74c02b1717740c3b8039539e23e4b53f) C:\Windows\system32\DRIVERS\Dot4.sys 11:16:13.0702 0312 Dot4 - ok 11:16:13.0733 0312 Dot4Print (08321d1860235bf42cf2854234337aea) C:\Windows\system32\DRIVERS\Dot4Prt.sys 11:16:13.0733 0312 Dot4Print - ok 11:16:13.0764 0312 dot4usb (4adccf0124f2b6911d3786a5d0e779e5) C:\Windows\system32\DRIVERS\dot4usb.sys 11:16:13.0764 0312 dot4usb - ok 11:16:13.0795 0312 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll 11:16:13.0811 0312 DPS - ok 11:16:13.0842 0312 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys 11:16:13.0842 0312 drmkaud - ok 11:16:13.0967 0312 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys 11:16:13.0967 0312 DXGKrnl - ok 11:16:14.0061 0312 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys 11:16:14.0076 0312 E1G60 - ok 11:16:14.0107 0312 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll 11:16:14.0107 0312 EapHost - ok 11:16:14.0154 0312 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys 11:16:14.0154 0312 Ecache - ok 11:16:14.0201 0312 ehRecvr (14ce384d2e27b64c256bda4dc39c312d) C:\Windows\ehome\ehRecvr.exe 11:16:14.0232 0312 ehRecvr - ok 11:16:14.0263 0312 ehSched (b93159c1313d66fdfbbe876f5189cd52) C:\Windows\ehome\ehsched.exe 11:16:14.0263 0312 ehSched - ok 11:16:14.0279 0312 ehstart (f5ee2527d74449868e3c3227a59bcd28) C:\Windows\ehome\ehstart.dll 11:16:14.0295 0312 ehstart - ok 11:16:14.0326 0312 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys 11:16:14.0341 0312 elxstor - ok 11:16:14.0404 0312 EMDMgmt (a9b18b63a4fd6baab83326706d857fab) C:\Windows\system32\emdmgmt.dll 11:16:14.0404 0312 EMDMgmt - ok 11:16:14.0451 0312 enecir (f218a3a27ed6592c0e22ec3595554447) C:\Windows\system32\DRIVERS\enecir.sys 11:16:14.0451 0312 enecir - ok 11:16:14.0466 0312 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys 11:16:14.0466 0312 ErrDev - ok 11:16:14.0544 0312 EventSystem (e12f22b73f153dece721cd45ec05b4af) C:\Windows\system32\es.dll 11:16:14.0544 0312 EventSystem - ok 11:16:14.0622 0312 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys 11:16:14.0622 0312 exfat - ok 11:16:14.0685 0312 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys 11:16:14.0700 0312 fastfat - ok 11:16:14.0731 0312 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys 11:16:14.0731 0312 fdc - ok 11:16:14.0747 0312 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll 11:16:14.0747 0312 fdPHost - ok 11:16:14.0763 0312 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll 11:16:14.0763 0312 FDResPub - ok 11:16:14.0778 0312 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys 11:16:14.0778 0312 FileInfo - ok 11:16:14.0794 0312 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys 11:16:14.0794 0312 Filetrace - ok 11:16:14.0809 0312 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys 11:16:14.0809 0312 flpydisk - ok 11:16:14.0841 0312 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys 11:16:14.0841 0312 FltMgr - ok 11:16:15.0043 0312 FontCache (be1c5bd1ca7ed015bc6fa1ae67e592c8) C:\Windows\system32\FntCache.dll 11:16:15.0075 0312 FontCache - ok 11:16:15.0168 0312 FontCache3.0.0.0 (bc5b0be5af3510b0fd8c140ee42c6d3e) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 11:16:15.0168 0312 FontCache3.0.0.0 - ok 11:16:15.0277 0312 Fs_Rec (5779b86cd8b32519fbecb136394d946a) C:\Windows\system32\drivers\Fs_Rec.sys 11:16:15.0277 0312 Fs_Rec - ok 11:16:15.0309 0312 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys 11:16:15.0309 0312 gagp30kx - ok 11:16:15.0699 0312 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe 11:16:15.0745 0312 GamesAppService - ok 11:16:15.0777 0312 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 11:16:15.0777 0312 GEARAspiWDM - ok 11:16:15.0933 0312 gpsvc (a0e1b575ba8f504968cd40c0faeb2384) C:\Windows\System32\gpsvc.dll 11:16:16.0042 0312 gpsvc - ok 11:16:16.0089 0312 GSRestartSvc - ok 11:16:16.0198 0312 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 11:16:16.0213 0312 gupdate - ok 11:16:16.0229 0312 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 11:16:16.0229 0312 gupdatem - ok 11:16:16.0323 0312 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe 11:16:16.0354 0312 gusvc - ok 11:16:16.0401 0312 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys 11:16:16.0432 0312 HdAudAddService - ok 11:16:16.0635 0312 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys 11:16:16.0666 0312 HDAudBus - ok 11:16:16.0681 0312 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys 11:16:16.0681 0312 HidBth - ok 11:16:16.0728 0312 HidIr (5f47839455d01ff6403b008d481a6f5b) C:\Windows\system32\DRIVERS\hidir.sys 11:16:16.0728 0312 HidIr - ok 11:16:16.0853 0312 hidserv (59361d38a297755d46a540e450202b2a) C:\Windows\System32\hidserv.dll 11:16:16.0869 0312 hidserv - ok 11:16:16.0900 0312 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys 11:16:16.0900 0312 HidUsb - ok 11:16:16.0931 0312 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll 11:16:16.0947 0312 hkmsvc - ok 11:16:17.0181 0312 HP Health Check Service (a19b0bb5a7eb6df2dd4a0711d36955ee) c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe 11:16:17.0181 0312 HP Health Check Service - ok 11:16:17.0352 0312 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys 11:16:17.0352 0312 HpCISSs - ok 11:16:17.0461 0312 hpdskflt (4a435ca815a54639ca09ddf75d751ebc) C:\Windows\system32\DRIVERS\hpdskflt.sys 11:16:17.0461 0312 hpdskflt - ok 11:16:17.0742 0312 hpqcxs08 (fcb563b0a23643e5f80b6ff1e60f610f) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll 11:16:17.0742 0312 hpqcxs08 - ok 11:16:17.0867 0312 hpqddsvc (25e443e27165c652723a92d9bdfd4649) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll 11:16:17.0898 0312 hpqddsvc - ok 11:16:18.0117 0312 HpqKbFiltr (0ecc54fd34d6a089c300846b011e81d6) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys 11:16:18.0117 0312 HpqKbFiltr - ok 11:16:18.0366 0312 hpqwmiex (1665c7121a026df10c903db9bc5e9d43) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe 11:16:18.0429 0312 hpqwmiex - ok 11:16:18.0600 0312 hpsrv (6bf024ea61d7894bf4af0b10a90b546e) C:\Windows\system32\Hpservice.exe 11:16:18.0600 0312 hpsrv - ok 11:16:18.0850 0312 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys 11:16:18.0897 0312 HTTP - ok 11:16:18.0959 0312 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys 11:16:18.0959 0312 i2omp - ok 11:16:18.0990 0312 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys 11:16:19.0006 0312 i8042prt - ok 11:16:19.0287 0312 IAANTMON (cb686f44bf955ea02520710a56874fa4) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe 11:16:19.0302 0312 IAANTMON - ok 11:16:19.0443 0312 iaStor (8d58627fef3f8767665d9f4dc91cbd97) C:\Windows\system32\DRIVERS\iaStor.sys 11:16:19.0443 0312 iaStor - ok 11:16:19.0521 0312 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys 11:16:19.0521 0312 iaStorV - ok 11:16:19.0630 0312 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe 11:16:19.0630 0312 IDriverT - ok 11:16:19.0833 0312 idsvc (749f5f8cedca70f2a512945325fc489d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 11:16:19.0973 0312 idsvc - ok 11:16:21.0237 0312 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys 11:16:21.0486 0312 igfx - ok 11:16:21.0658 0312 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys 11:16:21.0658 0312 iirsp - ok 11:16:21.0736 0312 IKEEXT (0c9ea6e654e7b0471741e343a6c671af) C:\Windows\System32\ikeext.dll 11:16:21.0783 0312 IKEEXT - ok 11:16:21.0876 0312 IntcHdmiAddService (dea2ab452b4fa773187369c4b6517320) C:\Windows\system32\drivers\IntcHdmi.sys 11:16:21.0876 0312 IntcHdmiAddService - ok 11:16:21.0939 0312 intelide (475490caf376e55e6e8b37bbdfeb2e81) C:\Windows\system32\drivers\intelide.sys 11:16:21.0939 0312 intelide - ok 11:16:21.0954 0312 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys 11:16:21.0954 0312 intelppm - ok 11:16:21.0985 0312 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll 11:16:21.0985 0312 IPBusEnum - ok 11:16:22.0126 0312 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys 11:16:22.0126 0312 IpFilterDriver - ok 11:16:22.0188 0312 iphlpsvc (bf0dbfa9792c5c14fa00f61c75116c1b) C:\Windows\System32\iphlpsvc.dll 11:16:22.0235 0312 iphlpsvc - ok 11:16:22.0235 0312 IpInIp - ok 11:16:22.0297 0312 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys 11:16:22.0297 0312 IPMIDRV - ok 11:16:22.0344 0312 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys 11:16:22.0344 0312 IPNAT - ok 11:16:22.0500 0312 iPod Service (46d249f9db7844cc01050a9345f0f61b) C:\Program Files\iPod\bin\iPodService.exe 11:16:22.0516 0312 iPod Service - ok 11:16:22.0563 0312 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys 11:16:22.0563 0312 IRENUM - ok 11:16:22.0609 0312 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys 11:16:22.0609 0312 isapnp - ok 11:16:22.0656 0312 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys 11:16:22.0656 0312 iScsiPrt - ok 11:16:22.0687 0312 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys 11:16:22.0687 0312 iteatapi - ok 11:16:22.0703 0312 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys 11:16:22.0719 0312 iteraid - ok 11:16:22.0719 0312 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys 11:16:22.0719 0312 kbdclass - ok 11:16:22.0750 0312 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys 11:16:22.0750 0312 kbdhid - ok 11:16:22.0765 0312 KeyIso (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe 11:16:22.0765 0312 KeyIso - ok 11:16:22.0812 0312 KSecDD (2758d174604f597bbc8a217ff667913d) C:\Windows\system32\Drivers\ksecdd.sys 11:16:22.0828 0312 KSecDD - ok 11:16:22.0859 0312 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys 11:16:22.0859 0312 ksthunk - ok 11:16:22.0921 0312 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll 11:16:22.0968 0312 KtmRm - ok 11:16:23.0062 0312 LanmanServer (50c7a3cb427e9bb5ed0708a669956ab5) C:\Windows\System32\srvsvc.dll 11:16:23.0093 0312 LanmanServer - ok 11:16:23.0124 0312 LanmanWorkstation (caf86fc1388be1e470f1a7b43e348adb) C:\Windows\System32\wkssvc.dll 11:16:23.0140 0312 LanmanWorkstation - ok 11:16:23.0218 0312 LightScribeService (abf90fc5a127f481219b873c1b8dfc1c) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe 11:16:23.0218 0312 LightScribeService - ok 11:16:23.0296 0312 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys 11:16:23.0296 0312 lltdio - ok 11:16:23.0327 0312 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll 11:16:23.0358 0312 lltdsvc - ok 11:16:23.0405 0312 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll 11:16:23.0405 0312 lmhosts - ok 11:16:23.0436 0312 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys 11:16:23.0436 0312 LSI_FC - ok 11:16:23.0499 0312 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys 11:16:23.0499 0312 LSI_SAS - ok 11:16:23.0530 0312 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys 11:16:23.0530 0312 LSI_SCSI - ok 11:16:23.0530 0312 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys 11:16:23.0530 0312 luafv - ok 11:16:23.0561 0312 Mcx2Svc (76a58df02bd4ea29f189b82d0bef17f8) C:\Windows\system32\Mcx2Svc.dll 11:16:23.0561 0312 Mcx2Svc - ok 11:16:23.0577 0312 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys 11:16:23.0577 0312 megasas - ok 11:16:23.0639 0312 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys 11:16:23.0639 0312 MegaSR - ok 11:16:23.0670 0312 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll 11:16:23.0670 0312 MMCSS - ok 11:16:23.0686 0312 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys 11:16:23.0686 0312 Modem - ok 11:16:23.0701 0312 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys 11:16:23.0701 0312 monitor - ok 11:16:23.0717 0312 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys 11:16:23.0717 0312 mouclass - ok 11:16:23.0733 0312 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys 11:16:23.0733 0312 mouhid - ok 11:16:23.0748 0312 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys 11:16:23.0764 0312 MountMgr - ok 11:16:23.0779 0312 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys 11:16:23.0779 0312 mpio - ok 11:16:23.0811 0312 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys 11:16:23.0826 0312 mpsdrv - ok 11:16:23.0889 0312 MpsSvc (897e3baf68ba406a61682ae39c83900c) C:\Windows\system32\mpssvc.dll 11:16:23.0904 0312 MpsSvc - ok 11:16:23.0935 0312 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys 11:16:23.0935 0312 Mraid35x - ok 11:16:23.0967 0312 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys 11:16:23.0967 0312 MRxDAV - ok 11:16:24.0029 0312 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys 11:16:24.0029 0312 mrxsmb - ok 11:16:24.0076 0312 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys 11:16:24.0091 0312 mrxsmb10 - ok 11:16:24.0091 0312 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys 11:16:24.0091 0312 mrxsmb20 - ok 11:16:24.0154 0312 msahci (aa459f2ab3ab603c357ff117cae3d818) C:\Windows\system32\drivers\msahci.sys 11:16:24.0154 0312 msahci - ok 11:16:24.0185 0312 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys 11:16:24.0201 0312 msdsm - ok 11:16:24.0294 0312 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe 11:16:24.0310 0312 MSDTC - ok 11:16:24.0372 0312 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys 11:16:24.0372 0312 Msfs - ok 11:16:24.0388 0312 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys 11:16:24.0388 0312 msisadrv - ok 11:16:24.0435 0312 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll 11:16:24.0466 0312 MSiSCSI - ok 11:16:24.0481 0312 msiserver - ok 11:16:24.0497 0312 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys 11:16:24.0497 0312 MSKSSRV - ok 11:16:24.0497 0312 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys 11:16:24.0513 0312 MSPCLOCK - ok 11:16:24.0528 0312 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys 11:16:24.0528 0312 MSPQM - ok 11:16:24.0575 0312 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys 11:16:24.0575 0312 MsRPC - ok 11:16:24.0622 0312 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys 11:16:24.0622 0312 mssmbios - ok 11:16:24.0637 0312 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys 11:16:24.0637 0312 MSTEE - ok 11:16:24.0653 0312 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys 11:16:24.0669 0312 Mup - ok 11:16:24.0731 0312 napagent (a5b10c845e7538c60c0f5d87a57cb3f5) C:\Windows\system32\qagentRT.dll 11:16:24.0793 0312 napagent - ok 11:16:24.0887 0312 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys 11:16:24.0903 0312 NativeWifiP - ok 11:16:24.0918 0312 NAVENG - ok 11:16:24.0918 0312 NAVEX15 - ok 11:16:25.0027 0312 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys 11:16:25.0043 0312 NDIS - ok 11:16:25.0090 0312 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys 11:16:25.0090 0312 NdisTapi - ok 11:16:25.0105 0312 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys 11:16:25.0105 0312 Ndisuio - ok 11:16:25.0137 0312 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys 11:16:25.0152 0312 NdisWan - ok 11:16:25.0168 0312 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys 11:16:25.0168 0312 NDProxy - ok 11:16:25.0215 0312 Net Driver HPZ12 (bd94210175c488f18add3e189ee9304c) C:\Windows\system32\HPZinw12.dll 11:16:25.0215 0312 Net Driver HPZ12 - ok 11:16:25.0277 0312 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys 11:16:25.0277 0312 NetBIOS - ok 11:16:25.0324 0312 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys 11:16:25.0339 0312 netbt - ok 11:16:25.0355 0312 Netlogon (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe 11:16:25.0355 0312 Netlogon - ok 11:16:25.0417 0312 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll 11:16:25.0433 0312 Netman - ok 11:16:25.0495 0312 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll 11:16:25.0527 0312 netprofm - ok 11:16:25.0651 0312 NetTcpPortSharing (74751dda198165947fd7454d83f49825) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 11:16:25.0651 0312 NetTcpPortSharing - ok 11:16:25.0979 0312 NETw3v64 (c86984aee87900c1eeb6942ede3bf4b6) C:\Windows\system32\DRIVERS\NETw3v64.sys 11:16:26.0119 0312 NETw3v64 - ok 11:16:26.0275 0312 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys 11:16:26.0275 0312 nfrd960 - ok 11:16:26.0307 0312 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll 11:16:26.0353 0312 NlaSvc - ok 11:16:26.0369 0312 Norton Internet Security - ok 11:16:26.0400 0312 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys 11:16:26.0400 0312 Npfs - ok 11:16:26.0447 0312 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll 11:16:26.0447 0312 nsi - ok 11:16:26.0463 0312 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys 11:16:26.0463 0312 nsiproxy - ok 11:16:26.0587 0312 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys 11:16:26.0650 0312 Ntfs - ok 11:16:26.0884 0312 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys 11:16:26.0884 0312 Null - ok 11:16:26.0915 0312 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys 11:16:26.0915 0312 nvraid - ok 11:16:26.0977 0312 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys 11:16:26.0977 0312 nvstor - ok 11:16:26.0993 0312 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys 11:16:27.0009 0312 nv_agp - ok 11:16:27.0009 0312 NwlnkFlt - ok 11:16:27.0009 0312 NwlnkFwd - ok 11:16:27.0165 0312 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 11:16:27.0196 0312 odserv - ok 11:16:27.0274 0312 ohci1394 (1b30103fde512915a9214b108b6e7a9c) C:\Windows\system32\DRIVERS\ohci1394.sys 11:16:27.0274 0312 ohci1394 - ok 11:16:27.0305 0312 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 11:16:27.0321 0312 ose - ok 11:16:27.0430 0312 p2pimsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll 11:16:27.0461 0312 p2pimsvc - ok 11:16:27.0461 0312 p2psvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll 11:16:27.0477 0312 p2psvc - ok 11:16:27.0523 0312 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys 11:16:27.0523 0312 Parport - ok 11:16:27.0601 0312 partmgr (b43751085e2abe389da466bc62a4b987) C:\Windows\system32\drivers\partmgr.sys 11:16:27.0601 0312 partmgr - ok 11:16:27.0648 0312 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll 11:16:27.0648 0312 PcaSvc - ok 11:16:27.0695 0312 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys 11:16:27.0695 0312 pci - ok 11:16:27.0742 0312 pciide (15e5c3f89a3452efbda3b39816dbc4ee) C:\Windows\system32\drivers\pciide.sys 11:16:27.0742 0312 pciide - ok 11:16:27.0882 0312 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys 11:16:27.0882 0312 pcmcia - ok 11:16:28.0007 0312 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys 11:16:28.0023 0312 PEAUTH - ok 11:16:28.0163 0312 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe 11:16:28.0163 0312 PerfHost - ok 11:16:28.0413 0312 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll 11:16:28.0444 0312 pla - ok 11:16:28.0522 0312 PlugPlay (fe6b0f59215c9fd9f9d26539c58c8b82) C:\Windows\system32\umpnpmgr.dll 11:16:28.0553 0312 PlugPlay - ok 11:16:28.0631 0312 Pml Driver HPZ12 (7fe2afb17d91cf39843d6766ea31cfc7) C:\Windows\system32\HPZipm12.dll 11:16:28.0631 0312 Pml Driver HPZ12 - ok 11:16:28.0725 0312 PNRPAutoReg (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll 11:16:28.0725 0312 PNRPAutoReg - ok 11:16:28.0740 0312 PNRPsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll 11:16:28.0740 0312 PNRPsvc - ok 11:16:28.0818 0312 PolicyAgent (89a5560671c2d8b4a4b51f3e1aa069d8) C:\Windows\System32\ipsecsvc.dll 11:16:28.0865 0312 PolicyAgent - ok 11:16:28.0943 0312 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys 11:16:28.0943 0312 PptpMiniport - ok 11:16:28.0990 0312 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys 11:16:28.0990 0312 Processor - ok 11:16:29.0021 0312 ProfSvc (e058ce4fc2449d8bfa14739c83b7ff2a) C:\Windows\system32\profsvc.dll 11:16:29.0037 0312 ProfSvc - ok 11:16:29.0068 0312 ProtectedStorage (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe 11:16:29.0068 0312 ProtectedStorage - ok 11:16:29.0146 0312 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys 11:16:29.0146 0312 PSched - ok 11:16:29.0239 0312 PxHlpa64 (46851bc18322da70f3f2299a1007c479) C:\Windows\system32\Drivers\PxHlpa64.sys 11:16:29.0239 0312 PxHlpa64 - ok 11:16:29.0395 0312 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys 11:16:29.0427 0312 ql2300 - ok 11:16:29.0505 0312 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys 11:16:29.0505 0312 ql40xx - ok 11:16:29.0551 0312 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll 11:16:29.0583 0312 QWAVE - ok 11:16:29.0629 0312 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys 11:16:29.0645 0312 QWAVEdrv - ok 11:16:29.0676 0312 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys 11:16:29.0676 0312 RasAcd - ok 11:16:29.0692 0312 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll 11:16:29.0707 0312 RasAuto - ok 11:16:29.0739 0312 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys 11:16:29.0739 0312 Rasl2tp - ok 11:16:29.0770 0312 RasMan (3ad83e4046c43be510de681588acb8af) C:\Windows\System32\rasmans.dll 11:16:29.0770 0312 RasMan - ok 11:16:29.0801 0312 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys 11:16:29.0801 0312 RasPppoe - ok 11:16:29.0848 0312 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys 11:16:29.0863 0312 RasSstp - ok 11:16:29.0895 0312 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys 11:16:29.0941 0312 rdbss - ok 11:16:30.0019 0312 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys 11:16:30.0019 0312 RDPCDD - ok 11:16:30.0097 0312 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys 11:16:30.0175 0312 rdpdr - ok 11:16:30.0175 0312 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys 11:16:30.0175 0312 RDPENCDD - ok 11:16:30.0253 0312 RDPWD (5c141fc457f1ac833664789235aca673) C:\Windows\system32\drivers\RDPWD.sys 11:16:30.0269 0312 RDPWD - ok 11:16:30.0425 0312 Recovery Service for Windows (d5f08cc3d19b1c7f49619b9dad43c0ce) C:\Program Files (x86)\SMINST\BLService.exe 11:16:30.0441 0312 Recovery Service for Windows - ok 11:16:30.0503 0312 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll 11:16:30.0503 0312 RemoteAccess - ok 11:16:30.0565 0312 RemoteRegistry (44b9d8ec2f3ef3a0efb00857af70d861) C:\Windows\system32\regsvc.dll 11:16:30.0565 0312 RemoteRegistry - ok 11:16:30.0690 0312 RichVideo (805ae1f90c64758d19aaa001cf8cba12) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe 11:16:30.0721 0312 RichVideo - ok 11:16:30.0768 0312 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe 11:16:30.0784 0312 RpcLocator - ok 11:16:30.0862 0312 RpcSs (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll 11:16:30.0862 0312 RpcSs - ok 11:16:30.0971 0312 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys 11:16:30.0971 0312 rspndr - ok 11:16:31.0049 0312 RTL8169 (af7074e1d6a8a66204067ee8b2a8327a) C:\Windows\system32\DRIVERS\Rtlh64.sys 11:16:31.0049 0312 RTL8169 - ok 11:16:31.0111 0312 RTSTOR (aa3987386cf7d9005c42bc974634bd56) C:\Windows\system32\drivers\RTSTOR64.SYS 11:16:31.0111 0312 RTSTOR - ok 11:16:31.0158 0312 SamSs (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe 11:16:31.0158 0312 SamSs - ok 11:16:31.0189 0312 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys 11:16:31.0189 0312 sbp2port - ok 11:16:31.0236 0312 SBRE (7e07d2a5b910c71d6474e9aa0eaa1825) C:\Windows\system32\drivers\SBREdrv.sys 11:16:31.0236 0312 SBRE - ok 11:16:31.0267 0312 SCardSvr (fd1cdcf108d5ef3366f00d18b70fb89b) C:\Windows\System32\SCardSvr.dll 11:16:31.0314 0312 SCardSvr - ok 11:16:31.0486 0312 Schedule (0f838c811ad295d2a4489b9993096c63) C:\Windows\system32\schedsvc.dll 11:16:31.0533 0312 Schedule - ok 11:16:31.0579 0312 SCPolicySvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll 11:16:31.0579 0312 SCPolicySvc - ok 11:16:31.0611 0312 sdbus (b42ee50f7d24f837f925332eb349eca5) C:\Windows\system32\DRIVERS\sdbus.sys 11:16:31.0611 0312 sdbus - ok 11:16:31.0642 0312 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll 11:16:31.0657 0312 SDRSVC - ok 11:16:31.0704 0312 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 11:16:31.0704 0312 secdrv - ok 11:16:31.0720 0312 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll 11:16:31.0720 0312 seclogon - ok 11:16:31.0751 0312 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\system32\sens.dll 11:16:31.0751 0312 SENS - ok 11:16:31.0798 0312 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys 11:16:31.0798 0312 Serenum - ok 11:16:31.0813 0312 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys 11:16:31.0813 0312 Serial - ok 11:16:31.0876 0312 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys 11:16:31.0876 0312 sermouse - ok 11:16:31.0938 0312 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll 11:16:31.0938 0312 SessionEnv - ok 11:16:31.0985 0312 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys 11:16:31.0985 0312 sffdisk - ok 11:16:32.0001 0312 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys 11:16:32.0001 0312 sffp_mmc - ok 11:16:32.0032 0312 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys 11:16:32.0032 0312 sffp_sd - ok 11:16:32.0047 0312 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys 11:16:32.0047 0312 sfloppy - ok 11:16:32.0094 0312 SharedAccess (4c5aee179da7e1ee9a9ccb9da289af34) C:\Windows\System32\ipnathlp.dll 11:16:32.0110 0312 SharedAccess - ok 11:16:32.0219 0312 ShellHWDetection (56793271ecdedd350c5add305603e963) C:\Windows\System32\shsvcs.dll 11:16:32.0281 0312 ShellHWDetection - ok 11:16:32.0328 0312 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys 11:16:32.0328 0312 SiSRaid2 - ok 11:16:32.0344 0312 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys 11:16:32.0344 0312 SiSRaid4 - ok 11:16:32.0593 0312 slsvc (a9a27a8e257b45a604fdad4f26fe7241) C:\Windows\system32\SLsvc.exe 11:16:32.0671 0312 slsvc - ok 11:16:32.0827 0312 SLUINotify (fd74b4b7c2088e390a30c85a896fc3af) C:\Windows\system32\SLUINotify.dll 11:16:32.0827 0312 SLUINotify - ok 11:16:32.0890 0312 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys 11:16:32.0890 0312 Smb - ok 11:16:32.0937 0312 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe 11:16:32.0937 0312 SNMPTRAP - ok 11:16:33.0046 0312 Sony SCSI Helper Service (3bb48f7e33c2b76184ddf233000c09cd) C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe 11:16:33.0046 0312 Sony SCSI Helper Service - ok 11:16:33.0108 0312 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys 11:16:33.0108 0312 spldr - ok 11:16:33.0171 0312 Spooler (f66ff751e7efc816d266977939ef5dc3) C:\Windows\System32\spoolsv.exe 11:16:33.0202 0312 Spooler - ok 11:16:33.0202 0312 SRTSP - ok 11:16:33.0217 0312 SRTSPX - ok 11:16:33.0311 0312 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys 11:16:33.0342 0312 srv - ok 11:16:33.0389 0312 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys 11:16:33.0405 0312 srv2 - ok 11:16:33.0483 0312 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys 11:16:33.0498 0312 srvnet - ok 11:16:33.0545 0312 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll 11:16:33.0576 0312 SSDPSRV - ok 11:16:33.0654 0312 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll 11:16:33.0670 0312 SstpSvc - ok 11:16:33.0748 0312 STacSV (3fb66e86ba667d627a613e1d677469b0) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_bd5387da\STacSV64.exe 11:16:33.0795 0312 STacSV - ok 11:16:33.0857 0312 STHDA (e01797a54f8a61512b7e590fde6d1988) C:\Windows\system32\DRIVERS\stwrt64.sys 11:16:33.0904 0312 STHDA - ok 11:16:33.0982 0312 stisvc (15825c1fbfb8779992cb65087f316af5) C:\Windows\System32\wiaservc.dll 11:16:34.0029 0312 stisvc - ok 11:16:34.0091 0312 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys 11:16:34.0091 0312 swenum - ok 11:16:34.0153 0312 swprv (6de37f4de19d4efd9c48c43addbc949a) C:\Windows\System32\swprv.dll 11:16:34.0200 0312 swprv - ok 11:16:34.0263 0312 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys 11:16:34.0263 0312 Symc8xx - ok 11:16:34.0263 0312 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys 11:16:34.0263 0312 Sym_hi - ok 11:16:34.0325 0312 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys 11:16:34.0325 0312 Sym_u3 - ok 11:16:34.0356 0312 SynTP (c851305e2bcfce8aaa53342f912ddd7f) C:\Windows\system32\DRIVERS\SynTP.sys 11:16:34.0356 0312 SynTP - ok 11:16:34.0512 0312 SysMain (92d7a8b0f87b036f17d25885937897a6) C:\Windows\system32\sysmain.dll 11:16:34.0528 0312 SysMain - ok 11:16:34.0575 0312 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll 11:16:34.0575 0312 TabletInputService - ok 11:16:34.0621 0312 TapiSrv (cc2562b4d55e0b6a4758c65407f63b79) C:\Windows\System32\tapisrv.dll 11:16:34.0668 0312 TapiSrv - ok 11:16:34.0731 0312 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll 11:16:34.0731 0312 TBS - ok 11:16:34.0902 0312 Tcpip (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\drivers\tcpip.sys 11:16:35.0011 0312 Tcpip - ok 11:16:35.0277 0312 Tcpip6 (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\DRIVERS\tcpip.sys 11:16:35.0277 0312 Tcpip6 - ok 11:16:35.0495 0312 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys 11:16:35.0495 0312 tcpipreg - ok 11:16:35.0511 0312 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys 11:16:35.0511 0312 TDPIPE - ok 11:16:35.0526 0312 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys 11:16:35.0526 0312 TDTCP - ok 11:16:35.0557 0312 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys 11:16:35.0557 0312 tdx - ok 11:16:35.0667 0312 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys 11:16:35.0667 0312 TermDD - ok 11:16:35.0760 0312 TermService (5cdd30bc217082dac71a9878d9bfd566) C:\Windows\System32\termsrv.dll 11:16:35.0823 0312 TermService - ok 11:16:35.0901 0312 Themes (56793271ecdedd350c5add305603e963) C:\Windows\system32\shsvcs.dll 11:16:35.0901 0312 Themes - ok 11:16:36.0010 0312 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll 11:16:36.0010 0312 THREADORDER - ok 11:16:36.0025 0312 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll 11:16:36.0025 0312 TrkWks - ok 11:16:36.0088 0312 TrustedInstaller (66328b08ef5a9305d8ede36b93930369) C:\Windows\servicing\TrustedInstaller.exe 11:16:36.0088 0312 TrustedInstaller - ok 11:16:36.0135 0312 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys 11:16:36.0135 0312 tssecsrv - ok 11:16:36.0181 0312 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys 11:16:36.0181 0312 tunmp - ok 11:16:36.0228 0312 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys 11:16:36.0228 0312 tunnel - ok 11:16:36.0259 0312 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys 11:16:36.0259 0312 uagp35 - ok 11:16:36.0322 0312 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys 11:16:36.0322 0312 udfs - ok 11:16:36.0400 0312 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe 11:16:36.0400 0312 UI0Detect - ok 11:16:36.0415 0312 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys 11:16:36.0415 0312 uliagpkx - ok 11:16:36.0509 0312 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys 11:16:36.0509 0312 uliahci - ok 11:16:36.0587 0312 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys 11:16:36.0587 0312 UlSata - ok 11:16:36.0634 0312 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys 11:16:36.0634 0312 ulsata2 - ok 11:16:36.0696 0312 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys 11:16:36.0696 0312 umbus - ok 11:16:36.0727 0312 upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll 11:16:36.0790 0312 upnphost - ok 11:16:36.0821 0312 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys 11:16:36.0821 0312 USBAAPL64 - ok 11:16:36.0868 0312 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys 11:16:36.0868 0312 usbccgp - ok 11:16:36.0899 0312 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys 11:16:36.0899 0312 usbcir - ok 11:16:36.0946 0312 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys 11:16:36.0946 0312 usbehci - ok 11:16:36.0977 0312 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys 11:16:36.0977 0312 usbhub - ok 11:16:37.0008 0312 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys 11:16:37.0008 0312 usbohci - ok 11:16:37.0039 0312 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys 11:16:37.0039 0312 usbprint - ok 11:16:37.0086 0312 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys 11:16:37.0086 0312 usbscan - ok 11:16:37.0102 0312 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS 11:16:37.0102 0312 USBSTOR - ok 11:16:37.0117 0312 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys 11:16:37.0117 0312 usbuhci - ok 11:16:37.0164 0312 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys 11:16:37.0180 0312 usbvideo - ok 11:16:37.0211 0312 UxSms (d76e231e4850bb3f88a3d9a78df191e3) C:\Windows\System32\uxsms.dll 11:16:37.0211 0312 UxSms - ok 11:16:37.0258 0312 vds (294945381dfa7ce58cecf0a9896af327) C:\Windows\System32\vds.exe 11:16:37.0305 0312 vds - ok 11:16:37.0336 0312 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys 11:16:37.0336 0312 vga - ok 11:16:37.0367 0312 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys 11:16:37.0367 0312 VgaSave - ok 11:16:37.0367 0312 viaide (4f964e6828156f0ef3fa8d3a9a7895de) C:\Windows\system32\drivers\viaide.sys 11:16:37.0367 0312 viaide - ok 11:16:37.0445 0312 Viewpoint Manager Service (5f974fde801c73952770736becde11e7) C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe 11:16:37.0445 0312 Viewpoint Manager Service - ok 11:16:37.0476 0312 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys 11:16:37.0476 0312 volmgr - ok 11:16:37.0539 0312 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys 11:16:37.0539 0312 volmgrx - ok 11:16:37.0585 0312 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys 11:16:37.0585 0312 volsnap - ok 11:16:37.0648 0312 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys 11:16:37.0648 0312 vsmraid - ok 11:16:37.0866 0312 VSS (b75232dad33bfd95bf6f0a3e6bff51e1) C:\Windows\system32\vssvc.exe 11:16:37.0929 0312 VSS - ok 11:16:38.0100 0312 W32Time (f14a7de2ea41883e250892e1e5230a9a) C:\Windows\system32\w32time.dll 11:16:38.0131 0312 W32Time - ok 11:16:38.0209 0312 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys 11:16:38.0209 0312 WacomPen - ok 11:16:38.0241 0312 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys 11:16:38.0256 0312 Wanarp - ok 11:16:38.0256 0312 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys 11:16:38.0256 0312 Wanarpv6 - ok 11:16:38.0350 0312 wcncsvc (b4e4c37d0aa6100090a53213ee2bf1c1) C:\Windows\System32\wcncsvc.dll 11:16:38.0365 0312 wcncsvc - ok 11:16:38.0443 0312 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll 11:16:38.0443 0312 WcsPlugInService - ok 11:16:38.0475 0312 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys 11:16:38.0475 0312 Wd - ok 11:16:38.0584 0312 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys 11:16:38.0631 0312 Wdf01000 - ok 11:16:38.0646 0312 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll 11:16:38.0646 0312 WdiServiceHost - ok 11:16:38.0662 0312 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll 11:16:38.0662 0312 WdiSystemHost - ok 11:16:38.0740 0312 WebClient (3e6d05381cf35f75ebb055544a8ed9ac) C:\Windows\System32\webclnt.dll 11:16:38.0787 0312 WebClient - ok 11:16:38.0865 0312 Wecsvc (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll 11:16:38.0896 0312 Wecsvc - ok 11:16:38.0974 0312 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll 11:16:38.0974 0312 wercplsupport - ok 11:16:38.0989 0312 WerSvc (66b9ecebc46683f47edc06333c075fef) C:\Windows\System32\WerSvc.dll 11:16:39.0005 0312 WerSvc - ok 11:16:39.0067 0312 WinDefend - ok 11:16:39.0083 0312 WinHttpAutoProxySvc - ok 11:16:39.0177 0312 Winmgmt (d2e7296ed1bd26d8db2799770c077a02) C:\Windows\system32\wbem\WMIsvc.dll 11:16:39.0208 0312 Winmgmt - ok 11:16:39.0411 0312 WinRM (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll 11:16:39.0535 0312 WinRM - ok 11:16:40.0113 0312 Wlansvc (ec339c8115e91baed835957e9a677f16) C:\Windows\System32\wlansvc.dll 11:16:40.0144 0312 Wlansvc - ok 11:16:40.0206 0312 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys 11:16:40.0206 0312 WmiAcpi - ok 11:16:40.0331 0312 wmiApSrv (21fa389e65a852698b6a1341f36ee02d) C:\Windows\system32\wbem\WmiApSrv.exe 11:16:40.0378 0312 wmiApSrv - ok 11:16:40.0409 0312 WMPNetworkSvc - ok 11:16:40.0440 0312 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll 11:16:40.0440 0312 WPCSvc - ok 11:16:40.0518 0312 WPDBusEnum (490a18b4e4d53dc10879deaa8e8b70d9) C:\Windows\system32\wpdbusenum.dll 11:16:40.0518 0312 WPDBusEnum - ok 11:16:40.0596 0312 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys 11:16:40.0596 0312 WpdUsb - ok 11:16:40.0846 0312 WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe 11:16:40.0908 0312 WPFFontCache_v0400 - ok 11:16:41.0017 0312 WRkrn (517d7ec4178a49162e6576b143608bd0) C:\Windows\system32\drivers\WRkrn.sys 11:16:41.0017 0312 WRkrn - ok 11:16:41.0189 0312 WRSVC (87e02e094ea37680c9dbc394db0de1d7) C:\Program Files (x86)\Webroot\WRSA.exe 11:16:41.0189 0312 WRSVC - ok 11:16:41.0220 0312 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys 11:16:41.0220 0312 ws2ifsl - ok 11:16:41.0251 0312 wscsvc (9ea3e6d0ef7a5c2b9181961052a4b01a) C:\Windows\system32\wscsvc.dll 11:16:41.0251 0312 wscsvc - ok 11:16:41.0251 0312 WSearch - ok 11:16:41.0517 0312 wuauserv (fb3796754fe00f0bdc87a36f164a5f4d) C:\Windows\system32\wuaueng.dll 11:16:41.0548 0312 wuauserv - ok 11:16:41.0797 0312 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys 11:16:41.0797 0312 WUDFRd - ok 11:16:41.0829 0312 wudfsvc (6cbd51ff913c851d56ed9dc7f2a27dde) C:\Windows\System32\WUDFSvc.dll 11:16:41.0829 0312 wudfsvc - ok 11:16:41.0875 0312 yukonx64 (07f7285220307aafb755d890295f0f9a) C:\Windows\system32\DRIVERS\yk60x64.sys 11:16:41.0891 0312 yukonx64 - ok 11:16:42.0016 0312 {55662437-DA8C-40c0-AADA-2C816A897A49} (15cc7077d2dc28776cd430ecabbffd66) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl 11:16:42.0016 0312 {55662437-DA8C-40c0-AADA-2C816A897A49} - ok 11:16:42.0047 0312 MBR (0x1B8) (5c86adec17b739c437e145e3b3fc2e6d) \Device\Harddisk0\DR0 11:16:42.0172 0312 \Device\Harddisk0\DR0 - ok 11:16:42.0172 0312 Boot (0x1200) (cead4ce2578bee1165dd63076e3b8c55) \Device\Harddisk0\DR0\Partition0 11:16:42.0187 0312 \Device\Harddisk0\DR0\Partition0 - ok 11:16:42.0187 0312 Boot (0x1200) (b5154feb072145f60cec3fbc5997922c) \Device\Harddisk0\DR0\Partition1 11:16:42.0187 0312 \Device\Harddisk0\DR0\Partition1 - ok 11:16:42.0187 0312 ============================================================ 11:16:42.0187 0312 Scan finished 11:16:42.0187 0312 ============================================================ 11:16:42.0203 4068 Detected object count: 0 11:16:42.0203 4068 Actual detected object count: 0 ComboFix 12-06-13.02 - Owner 06/13/2012 11:33:38.2.2 - x64 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3998.2373 [GMT -5:00] Running from: c:\users\Owner\Desktop\ComboFix.exe AV: Webroot SecureAnywhere *Disabled/Updated* {9C0666FC-6C7D-3E97-3C40-0C6B33FC7401} SP: Webroot SecureAnywhere *Disabled/Updated* {27678718-4A47-3119-06F0-3719487B3EBC} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Owner\Desktop\svchost.exe . . ((((((((((((((((((((((((( Files Created from 2012-05-13 to 2012-06-13 ))))))))))))))))))))))))))))))) . . 2012-06-13 16:41 . 2012-06-13 16:44 -------- d-----w- c:\users\Owner\AppData\Local\temp 2012-06-13 16:41 . 2012-06-13 16:41 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-06-11 17:43 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7D802869-86DD-42FE-879F-51F0220A66AE}\mpengine.dll 2012-06-08 20:43 . 2012-06-08 21:35 -------- d-----w- c:\program files (x86)\stinger 2012-06-08 20:40 . 2012-06-08 20:41 -------- d-----w- c:\program files (x86)\ERUNT 2012-06-04 15:19 . 2011-06-21 04:09 200976 ----a-w- c:\windows\SysWow64\drivers\tmcomm.sys 2012-06-01 07:38 . 2012-06-01 07:39 -------- d-----w- c:\users\Owner\AppData\Roaming\QuickScan 2012-05-29 10:36 . 2006-11-02 11:16 15872 ----a-w- c:\windows\system32\regsvr32.exe 2012-05-29 09:51 . 2010-11-09 19:56 49752 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2012-05-29 09:51 . 2010-11-09 19:56 27472 ----a-w- c:\windows\system32\sbbd.exe 2012-05-29 09:51 . 2012-05-29 11:31 -------- d-----w- C:\VIPRERESCUE 2012-05-29 08:15 . 2012-05-29 08:15 -------- d-----w- c:\programdata\Kaspersky Lab 2012-05-29 08:14 . 2012-05-29 16:22 460888 ----a-w- c:\windows\system32\drivers\30325359.sys 2012-05-29 03:16 . 2006-11-02 11:16 15872 ----a-w- c:\windows\system32\regsvr32 - Copy.exe 2012-05-27 12:06 . 2012-05-27 12:06 -------- d-----w- C:\2d60feddd76d8a4825375d30422f 2012-05-27 05:10 . 2012-05-27 05:10 -------- d-----w- c:\users\Owner\DoctorWeb 2012-05-26 23:13 . 2012-05-26 23:13 -------- d-----w- c:\users\Owner\AppData\Roaming\Webroot 2012-05-26 23:13 . 2009-11-06 20:19 1563008 ----a-w- c:\windows\WRSetup.dll 2012-05-26 23:13 . 2012-05-26 23:13 -------- d-----w- c:\programdata\Webroot 2012-05-24 02:52 . 2012-03-01 14:46 219648 ----a-w- c:\windows\SysWow64\d3d10_1core.dll 2012-05-24 02:52 . 2012-02-29 14:40 2002944 ----a-w- c:\windows\system32\d3d10warp.dll 2012-05-24 02:52 . 2012-02-29 14:08 1172480 ----a-w- c:\windows\SysWow64\d3d10warp.dll 2012-05-24 02:52 . 2012-02-29 14:06 1556480 ----a-w- c:\windows\system32\DWrite.dll 2012-05-24 02:52 . 2012-02-29 13:41 1069056 ----a-w- c:\windows\SysWow64\DWrite.dll 2012-05-24 02:52 . 2012-03-01 15:39 327680 ----a-w- c:\windows\system32\d3d10_1core.dll 2012-05-24 02:52 . 2012-03-01 15:39 196096 ----a-w- c:\windows\system32\d3d10_1.dll 2012-05-24 02:52 . 2012-03-01 14:46 160768 ----a-w- c:\windows\SysWow64\d3d10_1.dll 2012-05-24 02:52 . 2012-02-29 14:09 834048 ----a-w- c:\windows\system32\d2d1.dll 2012-05-24 02:52 . 2012-02-29 13:44 683008 ----a-w- c:\windows\SysWow64\d2d1.dll 2012-05-24 02:52 . 2012-03-20 23:34 72576 ----a-w- c:\windows\system32\drivers\partmgr.sys 2012-05-24 02:52 . 2012-04-03 08:22 4699520 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-24 02:52 . 2012-04-02 13:59 2766848 ----a-w- c:\windows\system32\win32k.sys 2012-05-14 18:42 . 2012-05-14 18:42 -------- d-----w- c:\users\Owner\AppData\Roaming\U3 . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-08 20:35 . 2011-12-23 19:34 148664 ----a-w- c:\windows\SysWow64\WRusr.dll 2012-06-08 20:35 . 2011-12-23 19:34 112656 ----a-w- c:\windows\system32\drivers\WRkrn.sys 2012-06-08 20:35 . 2011-12-23 19:34 101808 ----a-w- c:\windows\system32\WRusr.dll . . ((((((((((((((((((((((((((((( SnapShot@2012-05-29_09.14.11 ))))))))))))))))))))))))))))))))))))))))) . + 2008-01-21 02:23 . 2012-06-13 16:44 64608 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-06-04 22:43 . 2012-06-13 16:44 16086 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1239566945-2903228210-17697430-1000_UserData.bin - 2009-03-28 08:10 . 2012-04-30 05:07 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-03-28 08:10 . 2012-06-11 17:26 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-03-28 08:10 . 2012-04-30 05:07 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-03-28 08:10 . 2012-06-11 17:26 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-03-28 08:10 . 2012-04-30 05:07 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-03-28 08:10 . 2012-06-11 17:26 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2012-06-08 15:30 . 2012-06-08 15:30 9560 c:\windows\system32\networklist\icons\{E385592E-ADB8-4E79-B2FF-CAF57E53346C}_48.bin + 2012-06-08 15:30 . 2012-06-08 15:30 4280 c:\windows\system32\networklist\icons\{E385592E-ADB8-4E79-B2FF-CAF57E53346C}_32.bin + 2012-06-08 15:30 . 2012-06-08 15:30 2456 c:\windows\system32\networklist\icons\{E385592E-ADB8-4E79-B2FF-CAF57E53346C}_24.bin + 2012-06-08 20:34 . 2012-06-08 20:34 9560 c:\windows\system32\networklist\icons\{D9876D4A-7570-485A-A28D-3E7794516345}_48.bin + 2012-06-08 20:34 . 2012-06-08 20:34 4280 c:\windows\system32\networklist\icons\{D9876D4A-7570-485A-A28D-3E7794516345}_32.bin + 2012-06-08 20:34 . 2012-06-08 20:34 2456 c:\windows\system32\networklist\icons\{D9876D4A-7570-485A-A28D-3E7794516345}_24.bin + 2012-06-13 16:43 . 2012-06-13 16:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-05-29 09:12 . 2012-05-29 09:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-06-13 16:43 . 2012-06-13 16:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2012-05-29 09:12 . 2012-05-29 09:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2006-11-02 15:45 . 2012-06-13 16:44 104414 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin - 2006-11-02 12:46 . 2012-05-29 08:49 604752 c:\windows\system32\perfh009.dat + 2006-11-02 12:46 . 2012-06-13 16:09 604752 c:\windows\system32\perfh009.dat - 2006-11-02 12:46 . 2012-05-29 08:49 104420 c:\windows\system32\perfc009.dat + 2006-11-02 12:46 . 2012-06-13 16:09 104420 c:\windows\system32\perfc009.dat + 2009-03-28 09:03 . 2012-06-13 16:41 132120 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat - 2011-02-15 05:49 . 2012-05-29 09:03 294328 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2011-02-15 05:49 . 2012-06-13 16:41 294328 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2012-03-17 05:19 . 2012-06-01 07:45 760818 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1239566945-2903228210-17697430-1000-8192.dat - 2012-03-17 05:19 . 2012-05-29 09:03 760818 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1239566945-2903228210-17697430-1000-8192.dat + 2012-05-27 04:08 . 2012-06-01 07:45 621888 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1239566945-2903228210-17697430-1000-12288.dat + 2012-06-08 20:41 . 2012-06-08 20:41 212992 c:\windows\ERDNT\6-8-2012\Users\00000002\NTUSER.DAT + 2012-06-08 20:41 . 2012-06-08 20:41 221184 c:\windows\ERDNT\6-8-2012\Users\00000001\NTUSER.DAT + 2012-06-08 20:41 . 2005-10-20 17:02 163328 c:\windows\ERDNT\6-8-2012\ERDNT.EXE + 2012-04-04 17:38 . 2012-04-04 17:38 787560 c:\windows\Downloaded Program Files\qsax64.dll + 2012-03-17 05:19 . 2012-06-13 16:41 4956158 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1239566945-2903228210-17697430-1000-4096.dat + 2012-06-08 20:41 . 2012-06-08 20:41 2682880 c:\windows\ERDNT\6-8-2012\Users\00000004\UsrClass.dat + 2012-06-08 20:41 . 2012-06-08 20:41 2777088 c:\windows\ERDNT\6-8-2012\Users\00000003\NTUSER.DAT + 2006-11-02 12:33 . 2012-06-05 11:10 11010048 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT - 2006-11-02 12:33 . 2012-05-24 08:20 11010048 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "WRSVC"="c:\program files (x86)\Webroot\WRSA.exe" [2012-06-08 684240] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920] . c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ PMB Media Check Tool.lnk - c:\program files (x86)\Sony\Sony Picture Utility\PMBCore\SPUVolumeWatcher.exe [2010-1-4 333088] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520] Nikon Monitor.lnk - c:\program files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . S0 30325359;30325359;c:\windows\system32\DRIVERS\30325359.sys [x] S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_bd5387da\AESTSr64.exe [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2008-06-09 17:14 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder . 2012-06-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 10:02] . 2012-06-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 10:02] . 2012-06-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1239566945-2903228210-17697430-1000Core.job - c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-18 22:12] . 2012-06-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1239566945-2903228210-17697430-1000UA.job - c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-18 22:12] . 2012-06-05 c:\windows\Tasks\HPCeeScheduleForOwner.job - c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2008-10-18 18:34] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1584184] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2008-09-11 441344] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-06-20 1533736] "SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2008-09-23 912688] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 415256] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 161304] "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-15 178712] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 386584] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com/ mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local TCP: DhcpNameServer = 75.75.76.76 75.75.75.75 CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security] "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files (x86)\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}] "ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}] @Denied: (A 2) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0] @="Shockwave Flash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}] @Denied: (A 2) (Everyone) @="" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0] @="FlashBroker" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes] "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe c:\program files (x86)\SMINST\BLService.exe c:\program files (x86)\CyberLink\Shared files\RichVideo.exe c:\program files (x86)\Viewpoint\Common\ViewpointService.exe c:\program files (x86)\Apple Software Update\SoftwareUpdate.exe c:\windows\SysWOW64\WerFault.exe . ************************************************************************** . Completion time: 2012-06-13 11:55:06 - machine was rebooted ComboFix-quarantined-files.txt 2012-06-13 16:55 ComboFix2.txt 2012-05-29 09:20 . Pre-Run: 224,509,976,576 bytes free Post-Run: 225,001,283,584 bytes free . - - End Of File - - 8D379AC7CB27FAC2B836BC2F20A3470C
  10. Oh - and I did not install Webroot, the owner of the computer said it came with the computer, so I believe it's been on there since the beginning.
  11. I ran the mbam-cleaner, rebooted, disabled webroot and attempted to install mbam, however I get the same error during the end of the installation: CoCreateInstance failed; code 0x80040154. Class not registered. I click 'ok' to the error message several times and the installation continues. After I click 'Finish' I get the error: vbAccelerator SGrid II Cont... Run-time error '0' and Run-time error '372': Failed to load control 'vbalGrid' from vbalsgrid6.ocx. Your version of vbalsgrid6.ocx may be outdated. Make sure you are using the version of the control that was provided with your application. I will then have a Malwarebytes folder in my start menu - but it is empty. I get the same results whether I do all the above steps in safe mode or normal mode. Do I need to reload the Visual Basic runtimes? I have seen that suggested as a possible solution to that error. Also FYI - during the reboot - some Windows updates installed.
  12. Hello Maurice - thank you for helping me. I am doing all of this in Safe Mode since I have the most functionality that way, though I still occaisionally cannot save files from within Notepad or Word for some reason. I received some errors while installing ERUNT - but it did appear to run and copy the registry successfully. Also - I cannot run OTL - either by itself or from within OTH - so I do not have log files from that. Here are the log files I DO have: . DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK Internet Explorer: 9.0.8112.16421 Run by Owner at 10:31:11 on 2012-06-08 . ============== Running Processes =============== . . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb uInternet Settings,ProxyOverride = *.local BHO: {0347C33E-8762-4905-BF09-768834316C61} - No File BHO: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - No File BHO: {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - No File BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7} - No File BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - No File BHO: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - No File TB: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File EB: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File uRun: [Google Update] "C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe" /c mRun: [WRSVC] "C:\Program Files (x86)\Webroot\WRSA.exe" -ul mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRunOnce: [Malwarebytes Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1) mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - C:\PROGRA~2\Java\JRE16~1.0_0\bin\ssv.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab TCP: DhcpNameServer = 75.75.76.76 75.75.75.75 TCP: Interfaces\{BF2B7E1C-4CBB-4573-820F-DEACE4CF0C32} : DhcpNameServer = 75.75.76.76 75.75.75.75 TCP: Interfaces\{D60A79CC-F68E-427C-A22E-DBBA7946D7F1} : DhcpNameServer = 168.94.0.14 168.94.0.15 mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe" BHO-X64: {0347C33E-8762-4905-BF09-768834316C61} - No File BHO-X64: HP Print Enhancer - No File BHO-X64: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - No File BHO-X64: AcroIEHelperStub - No File BHO-X64: {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - No File BHO-X64: Skype add-on (mastermind) - No File BHO-X64: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File BHO-X64: {AA58ED58-01DD-4d91-8333-CF10577473F7} - No File BHO-X64: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - No File BHO-X64: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - No File BHO-X64: HP Smart BHO Class - No File TB-X64: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File mRun-x64: [WRSVC] "C:\Program Files (x86)\Webroot\WRSA.exe" -ul mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRunOnce-x64: [Malwarebytes Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent . ============= SERVICES / DRIVERS =============== . R? {55662437-DA8C-40c0-AADA-2C816A897A49};{55662437-DA8C-40c0-AADA-2C816A897A49} R? AESTFilters;Andrea ST Filters Service R? clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64 R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86 R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64 R? Com4QLBEx;Com4QLBEx R? FontCache;Windows Font Cache Service R? GamesAppService;GamesAppService R? GSRestartSvc;GSRestartSvc R? gupdate;Google Update Service (gupdate) R? gupdatem;Google Update Service (gupdatem) R? hpsrv;HP Service R? IntcHdmiAddService;Intel® High Definition Audio HDMI R? NETw3v64;Intel® PRO/Wireless 3945ABG Adapter Driver for Windows Vista 64 Bit R? Norton Internet Security;Norton Internet Security R? PerfHost;Performance Counter DLL Host R? Recovery Service for Windows;Recovery Service for Windows R? USBAAPL64;Apple Mobile USB Driver R? Viewpoint Manager Service;Viewpoint Manager Service R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0 R? WRSVC;WRSVC R? yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller S? 30325359;30325359 S? enecir;ENE CIR Receiver S? PxHlpa64;PxHlpa64 S? SBRE;SBRE S? WRkrn;WRkrn . =============== File Associations =============== . JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %* . =============== Created Last 30 ================ . 2012-06-05 09:21:26 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FE1CA08A-17FF-4480-8F38-CB73D10BF0BC}\mpengine.dll 2012-06-04 15:19:03 200976 ----a-w- C:\Windows\SysWow64\drivers\tmcomm.sys 2012-06-01 07:55:46 -------- d-----w- C:\Users\Owner\AppData\Roaming\Malwarebytes 2012-06-01 07:52:39 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-06-01 07:52:39 -------- d-----w- C:\ProgramData\Malwarebytes 2012-06-01 07:52:39 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-06-01 07:38:42 -------- d-----w- C:\Users\Owner\AppData\Roaming\QuickScan 2012-05-29 10:36:37 15872 ----a-w- C:\Windows\System32\regsvr32.exe 2012-05-29 09:51:26 49752 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys 2012-05-29 09:51:26 27472 ----a-w- C:\Windows\System32\sbbd.exe 2012-05-29 09:51:19 -------- d-----w- C:\VIPRERESCUE 2012-05-29 09:20:50 -------- d-----w- C:\Users\Owner\AppData\Local\temp 2012-05-29 08:48:47 98816 ----a-w- C:\Windows\sed.exe 2012-05-29 08:48:47 518144 ----a-w- C:\Windows\SWREG.exe 2012-05-29 08:48:47 256000 ----a-w- C:\Windows\PEV.exe 2012-05-29 08:48:47 208896 ----a-w- C:\Windows\MBR.exe 2012-05-29 08:15:30 -------- d-----w- C:\ProgramData\Kaspersky Lab 2012-05-29 08:14:54 460888 ----a-w- C:\Windows\System32\drivers\30325359.sys 2012-05-29 03:37:18 -------- d-----w- C:\Windows\pss 2012-05-29 03:16:59 15872 ----a-w- C:\Windows\System32\regsvr32 - Copy.exe 2012-05-27 12:06:11 -------- d-----w- C:\2d60feddd76d8a4825375d30422f 2012-05-27 05:10:09 -------- d-----w- C:\Users\Owner\DoctorWeb 2012-05-26 23:13:52 1563008 ----a-w- C:\Windows\WRSetup.dll 2012-05-26 23:13:52 -------- d-----w- C:\Users\Owner\AppData\Roaming\Webroot 2012-05-26 23:13:51 -------- d-----w- C:\ProgramData\Webroot 2012-05-24 02:52:59 219648 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll 2012-05-24 02:52:59 2002944 ----a-w- C:\Windows\System32\d3d10warp.dll 2012-05-24 02:52:59 1556480 ----a-w- C:\Windows\System32\DWrite.dll 2012-05-24 02:52:59 1172480 ----a-w- C:\Windows\SysWow64\d3d10warp.dll 2012-05-24 02:52:59 1069056 ----a-w- C:\Windows\SysWow64\DWrite.dll 2012-05-24 02:52:58 834048 ----a-w- C:\Windows\System32\d2d1.dll 2012-05-24 02:52:58 683008 ----a-w- C:\Windows\SysWow64\d2d1.dll 2012-05-24 02:52:58 327680 ----a-w- C:\Windows\System32\d3d10_1core.dll 2012-05-24 02:52:58 196096 ----a-w- C:\Windows\System32\d3d10_1.dll 2012-05-24 02:52:58 160768 ----a-w- C:\Windows\SysWow64\d3d10_1.dll 2012-05-24 02:52:57 72576 ----a-w- C:\Windows\System32\drivers\partmgr.sys 2012-05-24 02:52:47 4699520 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-05-24 02:52:47 2766848 ----a-w- C:\Windows\System32\win32k.sys . ==================== Find3M ==================== . 2012-05-24 02:40:04 148216 ----a-w- C:\Windows\SysWow64\WRusr.dll 2012-05-24 02:40:04 112720 ----a-w- C:\Windows\System32\drivers\WRkrn.sys 2012-05-24 02:40:04 100824 ----a-w- C:\Windows\System32\WRusr.dll 2012-03-30 12:45:03 1423744 ----a-w- C:\Windows\System32\drivers\tcpip.sys . ============= FINISH: 10:32:43.38 =============== . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) 1600 1600_Help 1600Trb Acrobat.com Activation Assistant for the 2007 Microsoft Office suites ActiveCheck component for HP Active Support Library Adobe AIR Adobe Flash Player 11 ActiveX Adobe Reader 9.4.6 AIM 7 AIM Toolbar AIO_CDB_ProductContext AIO_CDB_Software AIO_Scan Apple Application Support Apple Software Update ArcSoft Panorama Maker 4 Ask.com Toolbar Audacity 1.2.6 BufferChm Compatibility Pack for the 2007 Office system Copy CustomerResearchQFolder CyberLink DVD Suite Destinations DeviceManagementQFolder DocProc DocProcQFolder Download Updater (AOL LLC) ESU for Microsoft Vista eSupportQFolder Fax Geek Squad 24 Hour Computer Support Google Gmail Notifier Google Talk Plugin Google Toolbar for Internet Explorer Google Update Helper Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) HP Active Support Library HP Customer Experience Enhancements HP Doc Viewer HP Help and Support HP MediaSmart DVD HP MediaSmart Music/Photo/Video HP MediaSmart TV HP MediaSmart Webcam HP MULTIPLE MODEM INSTALLER for VISTA HP Photosmart Essential HP Product Assistant HP Quick Launch Buttons 6.40 H2 HP Total Care Advisor HP Update HP User Guides 0128 HP Wireless Assistant HPAsset component for HP Active Support Library HPProductAssistant HPSSupply HPTCSSetup IDT Audio Java 6 Update 7 Juno Preloader LabelPrint LightScribe System Software 1.14.17.1 Malwarebytes Anti-Malware version 1.61.0.1400 MarketResearch Microsoft Live Search Toolbar Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Excel MUI (English) 2007 Microsoft Office Home and Student 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft VC9 runtime libraries Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Works Mozilla Firefox 12.0 (x86 en-US) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP2 and SOAP Toolkit 3.0 muvee Reveal My HP Games NetZero Preloader Nikon Message Center Nikon Transfer Power2Go PowerDirector Primo QuickTime Reader Library by Sony Realtek 8169 8168 8101E 8102E Ethernet Driver Realtek USB 2.0 Card Reader Runtime Scan Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Skype web features SkypeT 4.2 Slingbox - Watch Your TV Anywhere SlingPlayer SmartWebPrinting SolutionCenter Sony Picture Utility Spelling Dictionaries Support For Adobe Reader 9 SPORE Creature Creator Trial Edition Status Toolbox TrayApp UnloadSupport Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Update Installer for WildTangent Games App Viewpoint Media Player WebReg Webroot SecureAnywhere WildTangent Games App (HP Games) . ==== End Of File =========================== McAfee® Labs Stinger Version 10.2.0.666 built on Jun 8 2012 Copyright © 2012 McAfee, Inc. All Rights Reserved. Virus data file v1000.0000 created on Jun 8 2012. Ready to scan for 4451 viruses, trojans and variants. Scan initiated on Fri Jun 08 16:32:39 2012 Rootkit scan result : Not Scanned Master Boot Record(s):....1 Possibly Infected:.............0 Boot Sector(s):.................2 Possibly Infected: ............0 Number of clean files: 10209 ComboFix 12-05-28.05 - Owner 05/29/2012 3:52.1.2 - x64 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3998.2120 [GMT -5:00] Running from: c:\users\Owner\Desktop\AV\cbf.exe AV: Webroot SecureAnywhere *Disabled/Updated* {9C0666FC-6C7D-3E97-3C40-0C6B33FC7401} SP: Webroot SecureAnywhere *Disabled/Updated* {27678718-4A47-3119-06F0-3719487B3EBC} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\SymUpdate.exe c:\users\Owner\AppData\Local\Temp\9592052\8444950.exe c:\users\Owner\AppData\Local\Temp\9592052\advdis.ppl c:\users\Owner\AppData\Local\Temp\9592052\avlib.ppl c:\users\Owner\AppData\Local\Temp\9592052\avpgs.ppl c:\users\Owner\AppData\Local\Temp\9592052\avpgui.ppl c:\users\Owner\AppData\Local\Temp\9592052\avs.ppl c:\users\Owner\AppData\Local\Temp\9592052\avspm.ppl c:\users\Owner\AppData\Local\Temp\9592052\avzkrnl.dll c:\users\Owner\AppData\Local\Temp\9592052\avzscan.ppl c:\users\Owner\AppData\Local\Temp\9592052\base64.ppl c:\users\Owner\AppData\Local\Temp\9592052\base64p.ppl c:\users\Owner\AppData\Local\Temp\9592052\basegui.ppl c:\users\Owner\AppData\Local\Temp\9592052\bases\arkmon.kdl c:\users\Owner\AppData\Local\Temp\9592052\bases\avengine.dll c:\users\Owner\AppData\Local\Temp\9592052\bases\avpcure.kdl c:\users\Owner\AppData\Local\Temp\9592052\bases\kavbase.kdl c:\users\Owner\AppData\Local\Temp\9592052\bases\kavsys.kdl c:\users\Owner\AppData\Local\Temp\9592052\bases\kjim.kdl c:\users\Owner\AppData\Local\Temp\9592052\bases\klavemu.kdl c:\users\Owner\AppData\Local\Temp\9592052\bases\mark.kdl c:\users\Owner\AppData\Local\Temp\9592052\bases\pbs.kdl c:\users\Owner\AppData\Local\Temp\9592052\bases\qscan.kdl c:\users\Owner\AppData\Local\Temp\9592052\bases\vlns.kdl c:\users\Owner\AppData\Local\Temp\9592052\bl.ppl c:\users\Owner\AppData\Local\Temp\9592052\btdisk.ppl c:\users\Owner\AppData\Local\Temp\9592052\btimages.ppl c:\users\Owner\AppData\Local\Temp\9592052\buffer.ppl c:\users\Owner\AppData\Local\Temp\9592052\clldr.dll c:\users\Owner\AppData\Local\Temp\9592052\crpthlpr.ppl c:\users\Owner\AppData\Local\Temp\9592052\dbghelp.dll c:\users\Owner\AppData\Local\Temp\9592052\deflate.ppl c:\users\Owner\AppData\Local\Temp\9592052\diffs.dll c:\users\Owner\AppData\Local\Temp\9592052\dmap.ppl c:\users\Owner\AppData\Local\Temp\9592052\dtreg.ppl c:\users\Owner\AppData\Local\Temp\9592052\filemap.ppl c:\users\Owner\AppData\Local\Temp\9592052\fsdrvplg.ppl c:\users\Owner\AppData\Local\Temp\9592052\fssync.dll c:\users\Owner\AppData\Local\Temp\9592052\hashmd5.ppl c:\users\Owner\AppData\Local\Temp\9592052\hashsha1.ppl c:\users\Owner\AppData\Local\Temp\9592052\icheck3.ppl c:\users\Owner\AppData\Local\Temp\9592052\inflate.ppl c:\users\Owner\AppData\Local\Temp\9592052\inifile.ppl c:\users\Owner\AppData\Local\Temp\9592052\kldw.exe c:\users\Owner\AppData\Local\Temp\9592052\klsrlsvc.ppl c:\users\Owner\AppData\Local\Temp\9592052\mailmsg.ppl c:\users\Owner\AppData\Local\Temp\9592052\mdb.ppl c:\users\Owner\AppData\Local\Temp\9592052\mdmap.ppl c:\users\Owner\AppData\Local\Temp\9592052\memmng.dll c:\users\Owner\AppData\Local\Temp\9592052\memmodsc.ppl c:\users\Owner\AppData\Local\Temp\9592052\memscan.ppl c:\users\Owner\AppData\Local\Temp\9592052\minizip.ppl c:\users\Owner\AppData\Local\Temp\9592052\mkavio.ppl c:\users\Owner\AppData\Local\Temp\9592052\msoe.ppl c:\users\Owner\AppData\Local\Temp\9592052\msvcm80.dll c:\users\Owner\AppData\Local\Temp\9592052\msvcp80.dll c:\users\Owner\AppData\Local\Temp\9592052\msvcr80.dll c:\users\Owner\AppData\Local\Temp\9592052\ndetect.ppl c:\users\Owner\AppData\Local\Temp\9592052\netdtls.ppl c:\users\Owner\AppData\Local\Temp\9592052\nfio.ppl c:\users\Owner\AppData\Local\Temp\9592052\ntfsstrm.ppl c:\users\Owner\AppData\Local\Temp\9592052\ods.ppl c:\users\Owner\AppData\Local\Temp\9592052\params.ppl c:\users\Owner\AppData\Local\Temp\9592052\passdmap.ppl c:\users\Owner\AppData\Local\Temp\9592052\prloader.dll c:\users\Owner\AppData\Local\Temp\9592052\procmon.ppl c:\users\Owner\AppData\Local\Temp\9592052\propmap.ppl c:\users\Owner\AppData\Local\Temp\9592052\proxydet.ppl c:\users\Owner\AppData\Local\Temp\9592052\prremote.dll c:\users\Owner\AppData\Local\Temp\9592052\prseqio.ppl c:\users\Owner\AppData\Local\Temp\9592052\prtransp.ppl c:\users\Owner\AppData\Local\Temp\9592052\prutil.ppl c:\users\Owner\AppData\Local\Temp\9592052\pxstub.ppl c:\users\Owner\AppData\Local\Temp\9592052\qb.ppl c:\users\Owner\AppData\Local\Temp\9592052\quantum.ppl c:\users\Owner\AppData\Local\Temp\9592052\regmap.ppl c:\users\Owner\AppData\Local\Temp\9592052\report.ppl c:\users\Owner\AppData\Local\Temp\9592052\reportdb.ppl c:\users\Owner\AppData\Local\Temp\9592052\resip.ppl c:\users\Owner\AppData\Local\Temp\9592052\schedule.ppl c:\users\Owner\AppData\Local\Temp\9592052\sfdb.ppl c:\users\Owner\AppData\Local\Temp\9592052\stat.ppl c:\users\Owner\AppData\Local\Temp\9592052\stdcomp.ppl c:\users\Owner\AppData\Local\Temp\9592052\stenum2.ppl c:\users\Owner\AppData\Local\Temp\9592052\superio.ppl c:\users\Owner\AppData\Local\Temp\9592052\syswatch.ppl c:\users\Owner\AppData\Local\Temp\9592052\thpimpl.ppl c:\users\Owner\AppData\Local\Temp\9592052\timer.ppl c:\users\Owner\AppData\Local\Temp\9592052\tm.ppl c:\users\Owner\AppData\Local\Temp\9592052\uniarc.ppl c:\users\Owner\AppData\Local\Temp\9592052\updater.dll c:\users\Owner\AppData\Local\Temp\9592052\urlflt.ppl c:\users\Owner\AppData\Local\Temp\9592052\ushata.dll c:\users\Owner\AppData\Local\Temp\9592052\volenum.ppl c:\users\Owner\AppData\Local\Temp\9592052\wdiskio.ppl c:\users\Owner\AppData\Local\Temp\9592052\winreg.ppl c:\users\Owner\AppData\Local\Temp\9592052\wmihlpr.ppl c:\users\Owner\AppData\Local\Temp\9592052\x64\wmi64.exe c:\users\Owner\AppData\Local\Temp\9592052\xorio.ppl . . ((((((((((((((((((((((((( Files Created from 2012-04-28 to 2012-05-29 ))))))))))))))))))))))))))))))) . . 2012-05-29 10:36 . 2006-11-02 11:16 15872 ----a-w- c:\windows\system32\regsvr32.exe 2012-05-29 09:03 . 2012-05-29 09:03 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-05-29 08:15 . 2012-05-29 08:15 -------- d-----w- c:\programdata\Kaspersky Lab 2012-05-29 08:14 . 2012-05-29 16:22 460888 ----a-w- c:\windows\system32\drivers\30325359.sys 2012-05-29 03:16 . 2006-11-02 11:16 15872 ----a-w- c:\windows\system32\regsvr32 - Copy.exe 2012-05-29 03:12 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1A216C18-F9B8-4B45-B4EE-7C5287BC8D85}\mpengine.dll 2012-05-27 16:13 . 2012-05-27 16:20 -------- d-----w- c:\program files (x86)\Mwb 2012-05-27 12:06 . 2012-05-27 12:06 -------- d-----w- C:\2d60feddd76d8a4825375d30422f 2012-05-27 05:34 . 2012-05-27 05:34 -------- d-----w- c:\users\Owner\AppData\Roaming\Malwarebytes 2012-05-27 05:10 . 2012-05-27 05:10 -------- d-----w- c:\users\Owner\DoctorWeb 2012-05-27 04:48 . 2012-05-27 04:48 -------- d-----w- c:\programdata\Malwarebytes 2012-05-27 04:48 . 2012-05-27 05:33 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-05-27 04:48 . 2012-04-04 20:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-05-26 23:13 . 2012-05-26 23:13 -------- d-----w- c:\users\Owner\AppData\Roaming\Webroot 2012-05-26 23:13 . 2009-11-06 20:19 1563008 ----a-w- c:\windows\WRSetup.dll 2012-05-26 23:13 . 2012-05-26 23:13 -------- d-----w- c:\programdata\Webroot 2012-05-24 02:52 . 2012-03-01 14:46 219648 ----a-w- c:\windows\SysWow64\d3d10_1core.dll 2012-05-24 02:52 . 2012-02-29 14:40 2002944 ----a-w- c:\windows\system32\d3d10warp.dll 2012-05-24 02:52 . 2012-02-29 14:08 1172480 ----a-w- c:\windows\SysWow64\d3d10warp.dll 2012-05-24 02:52 . 2012-02-29 14:06 1556480 ----a-w- c:\windows\system32\DWrite.dll 2012-05-24 02:52 . 2012-02-29 13:41 1069056 ----a-w- c:\windows\SysWow64\DWrite.dll 2012-05-24 02:52 . 2012-03-01 15:39 327680 ----a-w- c:\windows\system32\d3d10_1core.dll 2012-05-24 02:52 . 2012-03-01 15:39 196096 ----a-w- c:\windows\system32\d3d10_1.dll 2012-05-24 02:52 . 2012-03-01 14:46 160768 ----a-w- c:\windows\SysWow64\d3d10_1.dll 2012-05-24 02:52 . 2012-02-29 14:09 834048 ----a-w- c:\windows\system32\d2d1.dll 2012-05-24 02:52 . 2012-02-29 13:44 683008 ----a-w- c:\windows\SysWow64\d2d1.dll 2012-05-24 02:52 . 2012-03-20 23:34 72576 ----a-w- c:\windows\system32\drivers\partmgr.sys 2012-05-24 02:52 . 2012-04-03 08:22 4699520 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-24 02:52 . 2012-04-02 13:59 2766848 ----a-w- c:\windows\system32\win32k.sys 2012-05-14 18:42 . 2012-05-14 18:42 -------- d-----w- c:\users\Owner\AppData\Roaming\U3 . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-05-24 02:40 . 2011-12-23 19:34 148216 ----a-w- c:\windows\SysWow64\WRusr.dll 2012-05-24 02:40 . 2011-12-23 19:34 112720 ----a-w- c:\windows\system32\drivers\WRkrn.sys 2012-05-24 02:40 . 2011-12-23 19:34 100824 ----a-w- c:\windows\system32\WRusr.dll 2012-02-29 15:37 . 2012-04-15 08:03 5632 ----a-w- c:\windows\system32\wmi.dll 2012-02-29 15:37 . 2012-04-15 08:03 219136 ----a-w- c:\windows\system32\wintrust.dll 2012-02-29 15:35 . 2012-04-15 08:03 78848 ----a-w- c:\windows\system32\imagehlp.dll 2012-02-29 15:11 . 2012-04-15 08:03 5120 ----a-w- c:\windows\SysWow64\wmi.dll 2012-02-29 15:11 . 2012-04-15 08:03 172032 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-02-29 15:09 . 2012-04-15 08:03 157696 ----a-w- c:\windows\SysWow64\imagehlp.dll 2012-02-29 13:52 . 2012-04-15 08:03 16384 ----a-w- c:\windows\system32\drivers\fs_rec.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "WRSVC"="c:\program files (x86)\Webroot\WRSA.exe" [2012-05-24 679672] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . S0 30325359;30325359;c:\windows\system32\DRIVERS\30325359.sys [x] S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_bd5387da\AESTSr64.exe [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2008-06-09 17:14 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe . Contents of the 'Scheduled Tasks' folder . 2012-05-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 10:02] . 2012-05-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-31 10:02] . 2012-05-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1239566945-2903228210-17697430-1000Core.job - c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-18 22:12] . 2012-05-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1239566945-2903228210-17697430-1000UA.job - c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2011-07-18 22:12] . 2012-05-29 c:\windows\Tasks\HPCeeScheduleForOwner.job - c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2008-10-18 18:34] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com/ mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local TCP: DhcpNameServer = 192.168.2.1 CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) AddRemove-Mozilla Firefox 12.0 (x86 en-US) - c:\program files (x86)\Mozilla Firefox\uninstall\helper.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security] "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files (x86)\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}] "ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}] @Denied: (A 2) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0] @="Shockwave Flash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}] @Denied: (A 2) (Everyone) @="" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0] @="FlashBroker" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes] "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe c:\program files (x86)\Viewpoint\Common\ViewpointService.exe . ************************************************************************** . Completion time: 2012-05-29 04:20:27 - machine was rebooted ComboFix-quarantined-files.txt 2012-05-29 09:20 . Pre-Run: 177,453,735,936 bytes free Post-Run: 185,663,840,256 bytes free . - - End Of File - - 97BCD445D462F0221EC0FC6347490178
  13. Hello, I'm attempting to help a family member rid their computer of what appears to be a nasty virus. Internet Explorer 32bit won't run (but 64 bit will - mostly) I can't get Malwarebytes to install - even using Chameleon and all the other suggestions contained in the FAQ. The computer has Webroot Security AntiVirus running on it but so far it hasn't helped much. I have tried installing with that disabled, and in safe mode, but I keep getting messages like: "CoCreate install failed ; code 0x80040154. Class not registered" during the installation (even with Chameleon.) It will appear to install anyway, but when I try to run it I get "vbAccelerator SGrid II Cont... Run-time error '0'" and "Run-time error '372' Failed to load control 'vbalGrid' from vbalsgrid6.ocx." I have tried running the mbam cleaner, and I have tried creating the "MBAM Fix.bat" as suggested in the FAQ - but the above error messages persist. I have also tried tdskill, rkill which didn't seem to do anything. I also ran combofix which did find and fix some things, but the above symptoms still persisted. I'm afraid I've taken this as far as I can without getting some assistance. Any help would be GREATLY appreciated. -FixingDunks . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by Owner at 3:12:19 on 2012-06-01 . ============== Running Processes =============== . C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Google\Update\GoogleUpdate.exe C:\Users\Owner\Desktop\AV\dds.com C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb uInternet Settings,ProxyOverride = *.local BHO: {0347C33E-8762-4905-BF09-768834316C61} - No File BHO: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - No File BHO: {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - No File BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7} - No File BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - No File BHO: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - No File TB: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File EB: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File mRun: [WRSVC] "C:\Program Files (x86)\Webroot\WRSA.exe" -ul mRunOnce: [Malwarebytes Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1) mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - C:\PROGRA~2\Java\JRE16~1.0_0\bin\ssv.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab TCP: DhcpNameServer = 192.168.2.1 TCP: Interfaces\{BF2B7E1C-4CBB-4573-820F-DEACE4CF0C32} : DhcpNameServer = 192.168.2.1 TCP: Interfaces\{D60A79CC-F68E-427C-A22E-DBBA7946D7F1} : DhcpNameServer = 168.94.0.14 168.94.0.15 mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe" BHO-X64: {0347C33E-8762-4905-BF09-768834316C61} - No File BHO-X64: HP Print Enhancer - No File BHO-X64: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - No File BHO-X64: AcroIEHelperStub - No File BHO-X64: {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - No File BHO-X64: Skype add-on (mastermind) - No File BHO-X64: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File BHO-X64: {AA58ED58-01DD-4d91-8333-CF10577473F7} - No File BHO-X64: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - No File BHO-X64: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - No File BHO-X64: HP Smart BHO Class - No File TB-X64: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No File TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File mRun-x64: [WRSVC] "C:\Program Files (x86)\Webroot\WRSA.exe" -ul mRunOnce-x64: [Malwarebytes Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent . ============= SERVICES / DRIVERS =============== . R? clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64 R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86 R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64 R? Com4QLBEx;Com4QLBEx R? GamesAppService;GamesAppService R? GSRestartSvc;GSRestartSvc R? gupdatem;Google Update Service (gupdatem) R? NETw3v64;Intel® PRO/Wireless 3945ABG Adapter Driver for Windows Vista 64 Bit R? Norton Internet Security;Norton Internet Security R? PerfHost;Performance Counter DLL Host R? Recovery Service for Windows;Recovery Service for Windows R? USBAAPL64;Apple Mobile USB Driver R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0 R? WRSVC;WRSVC R? yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller S? {55662437-DA8C-40c0-AADA-2C816A897A49};{55662437-DA8C-40c0-AADA-2C816A897A49} S? 30325359;30325359 S? AESTFilters;Andrea ST Filters Service S? enecir;ENE CIR Receiver S? FontCache;Windows Font Cache Service S? gupdate;Google Update Service (gupdate) S? hpsrv;HP Service S? IntcHdmiAddService;Intel® High Definition Audio HDMI S? PxHlpa64;PxHlpa64 S? SBRE;SBRE S? Viewpoint Manager Service;Viewpoint Manager Service S? WRkrn;WRkrn . =============== File Associations =============== . JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %* . =============== Created Last 30 ================ . 2012-06-01 07:55:46 -------- d-----w- C:\Users\Owner\AppData\Roaming\Malwarebytes 2012-06-01 07:52:39 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-06-01 07:52:39 -------- d-----w- C:\ProgramData\Malwarebytes 2012-06-01 07:52:39 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-06-01 07:38:42 -------- d-----w- C:\Users\Owner\AppData\Roaming\QuickScan 2012-06-01 03:15:36 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E2D11CC5-CE7B-4F54-BFC6-CACCDBDFE0B5}\mpengine.dll 2012-05-29 10:36:37 15872 ----a-w- C:\Windows\System32\regsvr32.exe 2012-05-29 09:51:26 49752 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys 2012-05-29 09:51:26 27472 ----a-w- C:\Windows\System32\sbbd.exe 2012-05-29 09:51:19 -------- d-----w- C:\VIPRERESCUE 2012-05-29 09:20:50 -------- d-----w- C:\Users\Owner\AppData\Local\temp 2012-05-29 08:48:47 98816 ----a-w- C:\Windows\sed.exe 2012-05-29 08:48:47 518144 ----a-w- C:\Windows\SWREG.exe 2012-05-29 08:48:47 256000 ----a-w- C:\Windows\PEV.exe 2012-05-29 08:48:47 208896 ----a-w- C:\Windows\MBR.exe 2012-05-29 08:15:30 -------- d-----w- C:\ProgramData\Kaspersky Lab 2012-05-29 08:14:54 460888 ----a-w- C:\Windows\System32\drivers\30325359.sys 2012-05-29 03:37:18 -------- d-----w- C:\Windows\pss 2012-05-29 03:16:59 15872 ----a-w- C:\Windows\System32\regsvr32 - Copy.exe 2012-05-27 12:06:11 -------- d-----w- C:\2d60feddd76d8a4825375d30422f 2012-05-27 05:10:09 -------- d-----w- C:\Users\Owner\DoctorWeb 2012-05-26 23:13:52 1563008 ----a-w- C:\Windows\WRSetup.dll 2012-05-26 23:13:52 -------- d-----w- C:\Users\Owner\AppData\Roaming\Webroot 2012-05-26 23:13:51 -------- d-----w- C:\ProgramData\Webroot 2012-05-24 02:52:59 219648 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll 2012-05-24 02:52:59 2002944 ----a-w- C:\Windows\System32\d3d10warp.dll 2012-05-24 02:52:59 1556480 ----a-w- C:\Windows\System32\DWrite.dll 2012-05-24 02:52:59 1172480 ----a-w- C:\Windows\SysWow64\d3d10warp.dll 2012-05-24 02:52:59 1069056 ----a-w- C:\Windows\SysWow64\DWrite.dll 2012-05-24 02:52:58 834048 ----a-w- C:\Windows\System32\d2d1.dll 2012-05-24 02:52:58 683008 ----a-w- C:\Windows\SysWow64\d2d1.dll 2012-05-24 02:52:58 327680 ----a-w- C:\Windows\System32\d3d10_1core.dll 2012-05-24 02:52:58 196096 ----a-w- C:\Windows\System32\d3d10_1.dll 2012-05-24 02:52:58 160768 ----a-w- C:\Windows\SysWow64\d3d10_1.dll 2012-05-24 02:52:57 72576 ----a-w- C:\Windows\System32\drivers\partmgr.sys 2012-05-24 02:52:47 4699520 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-05-24 02:52:47 2766848 ----a-w- C:\Windows\System32\win32k.sys . ==================== Find3M ==================== . 2012-05-24 02:40:04 148216 ----a-w- C:\Windows\SysWow64\WRusr.dll 2012-05-24 02:40:04 112720 ----a-w- C:\Windows\System32\drivers\WRkrn.sys 2012-05-24 02:40:04 100824 ----a-w- C:\Windows\System32\WRusr.dll 2012-03-30 12:45:03 1423744 ----a-w- C:\Windows\System32\drivers\tcpip.sys . ============= FINISH: 3:12:35.91 =============== attach.txt DDS.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.