Jump to content


Photo
- - - - -

SVCHost infected


  • This topic is locked This topic is locked
23 replies to this topic

#1 Scavengre

Scavengre

    New Member

  • Members
  • Pip
  • 14 posts

Posted 09 August 2012 - 08:06 PM

Recently I went to open Adobe Illustrator and was hit with a BSOD.

PAGE_FAULT_IN_NONPAGED_AREA
Stop:0x00000050 ( 0xFFFFFA60F04CAC20, 0X0000000000000001, 0XFFFFFA8007D4A2E6, 0X0000000000000005)

Then my AVM software detected SVCHost infected.

Malwarebytes was ran offline (updated with current database) with all other protection disabled

*Malwarebytes Log*
Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.10.01

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 8.0.6001.19190
Blue :: BLUE-PC [administrator]

Protection: Disabled

8/9/2012 5:39:37 PM
mbam-log-2012-08-09 (17-39-37).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 245033
Time elapsed: 6 minute(s), 2 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\sp (TrojanProxy.Agent) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost|netsvc (TrojanProxy.Agent) -> Data: SPService^^ -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Computer Boots up REALLY slow, after rebooting Malwarebytes gives error dialog:

[Shell_NotifyIcon] Failed to perform desired action. Error Code: 0

Steve

#2 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,263 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 09 August 2012 - 08:28 PM

Welcome to the forum, please start at the link below:

http://forums.malwar...?showtopic=9573

Post back the 2 logs here.....DDS.txt and Attach.txt

<====><====><====><====><====><====><====><====>

Next.......

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.


Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#3 Scavengre

Scavengre

    New Member

  • Members
  • Pip
  • 14 posts

Posted 09 August 2012 - 08:40 PM

Online or offline? Or does it not matter with these?

#4 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,263 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 09 August 2012 - 08:43 PM

No it doesn't matter, MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#5 Scavengre

Scavengre

    New Member

  • Members
  • Pip
  • 14 posts

Posted 09 August 2012 - 09:01 PM

*DDS Log*

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.6001.19190 BrowserJavaVersion: 1.6.0_31
Run by Blue at 18:45:46 on 2012-08-09
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6142.3547 [GMT -7:00]
.
AV: STOPzilla! *Enabled/Outdated* {17032AB1-6644-0721-EEB5-A39B8B646009}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: STOPzilla! *Enabled/Outdated* {AC62CB55-407E-08AF-D405-98E9F0E32AB4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Program Files (x86)\STOPzilla!\SZServer.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\ASUS\EPU\EPU.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\Explorer.EXE
D:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe
C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Workspace\offSyncService.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
C:\Program Files (x86)\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
C:\Program Files (x86)\Dragon Age\tools\toolssql\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\atwtusb.exe
C:\Windows\system32\atwtusb.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\System32\WTMKM.exe
C:\Program Files (x86)\STOPzilla!\STOPzilla.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files (x86)\Workspace\workspaceupdate.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\Trillian\trillian.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\ASUS\TurboV\TurboV.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\msiexec.exe
c:\program files\windows defender\MpCmdRun.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\FirewallControlPanel.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\REGSVR32.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=fiber&cd=7.0unattached&bm=ho_central
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mWinlogon: Userinit=c:\windows\syswow64\userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - D:\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - D:\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
TB: {00000000-0000-0000-0000-000000000000} - No File
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB: {687578B9-7132-4A7A-80E4-30EE31099E03} - No File
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Starfield Updater] "C:\Program Files (x86)\Workspace\workspaceupdate.exe"
uRun: [AdobeBridge] "D:\Adobe\Adobe Bridge CS4\Bridge.exe" -stealth
mRun: [HDAudDeck] "C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" -r
mRun: [TurboV] "C:\Program Files\ASUS\TurboV\TurboV.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~2\Server\bin\VERSIO~2.EXE
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\Blue\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Trillian.lnk - C:\Program Files (x86)\Trillian\trillian.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{ACE086FD-E64E-4058-8B42-5DF7F25AC8C2} : DhcpNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - D:\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
TB-X64: {00000000-0000-0000-0000-000000000000} - No File
TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB-X64: {687578B9-7132-4A7A-80E4-30EE31099E03} - No File
mRun-x64: [HDAudDeck] "C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" -r
mRun-x64: [TurboV] "C:\Program Files\ASUS\TurboV\TurboV.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRun-x64: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~2\Server\bin\VERSIO~2.EXE
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Blue\AppData\Roaming\Mozilla\Firefox\Profiles\4wm73yo9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - uTorrentControl2 Customized Web Search
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\npdeployJava1.dll
FF - plugin: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\npdnu.dll
FF - plugin: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Virtual Earth 3D\npVE3D.dll
FF - plugin: C:\Users\Blue\AppData\Roaming\Mozilla\Firefox\Profiles\4wm73yo9.default\extensions\DeviceDetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - plugin: C:\Users\Blue\AppData\Roaming\Mozilla\plugins\npoff.dll
FF - plugin: C:\Users\Blue\AppData\Roaming\Mozilla\Plugins\npoff.dll
FF - plugin: C:\Users\Blue\AppData\Roaming\Mozilla\Plugins\npoff64.dll
FF - plugin: C:\Users\Blue\AppData\Roaming\Mozilla\plugins\npoff64.dll
FF - plugin: C:\Users\Blue\AppData\Roaming\Mozilla\plugins\npwbe.dll
FF - plugin: C:\Users\Blue\AppData\Roaming\Mozilla\Plugins\npwbe.dll
FF - plugin: C:\Users\Blue\AppData\Roaming\Mozilla\Plugins\npwbe64.dll
FF - plugin: C:\Users\Blue\AppData\Roaming\Mozilla\plugins\npwbe64.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: browser.sessionstore.resume_from_crash - false
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(yahoo.ytff.general.dontshowhpoffer, true
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 SBRE;SBRE;\??\C:\Windows\system32\drivers\SBREdrv.sys --> C:\Windows\system32\drivers\SBREdrv.sys [?]
R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;D:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-9-16 169312]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe [2008-8-15 86016]
R2 File Backup;File Backup Service;C:\Program Files (x86)\Workspace\offSyncService.exe [2012-5-17 1174824]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 IHA_MessageCenter;IHA_MessageCenter;C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2012-6-11 335888]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-8-9 655944]
R2 MSSQL$BWDATOOLSET;SQL Server (BWDATOOLSET);C:\Program Files (x86)\Dragon Age\tools\toolssql\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-5-8 2348352]
R2 PSI_SVC_2_x64;Protexis Licensing V2 x64;C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2010-11-30 336824]
R2 sbapifs;sbapifs;C:\Windows\system32\DRIVERS\sbapifs.sys --> C:\Windows\system32\DRIVERS\sbapifs.sys [?]
R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-4-9 3063968]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-2-29 382272]
R2 WTService;WTService;C:\Windows\System32\atwtusb.exe -s --> C:\Windows\System32\atwtusb.exe -s [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\system32\drivers\viahduaa.sys --> C:\Windows\system32\drivers\viahduaa.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-12-21 135664]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-4-5 158856]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-8-15 288112]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-5 250056]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832]
S3 ENTECH64;ENTECH64;\??\C:\Windows\system32\DRIVERS\ENTECH64.sys --> C:\Windows\system32\DRIVERS\ENTECH64.sys [?]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-6-30 1038088]
S3 FMS;Flash Media Server (FMS);C:\Program Files (x86)\Adobe\Flash Media Server 3.5\FMSMaster.exe [2009-11-4 2428928]
S3 FMSAdmin;Flash Media Administration Server;C:\Program Files (x86)\Adobe\Flash Media Server 3.5\FMSAdmin.exe [2009-11-4 2596864]
S3 FMSHttpd;FMSHttpd;C:\Program Files (x86)\Adobe\Flash Media Server 3.5\Apache2.2\bin\httpd.exe [2009-11-4 24635]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-12-21 135664]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-26 113120]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 PS3 Media Server;PS3 Media Server;C:\Program Files (x86)\PS3 Media Server\win32\service\wrapper.exe [2008-8-17 217088]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-10 89920]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-08-10 01:45:30 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CF6C1A3A-80ED-4ADB-8A92-AC9BBFB3ECEA}\offreg.dll
2012-08-10 00:39:03 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-08-10 00:28:57 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-10 00:10:01 74872 ----a-r- C:\Windows\System32\drivers\sbapifs.sys
2012-08-09 23:56:23 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CF6C1A3A-80ED-4ADB-8A92-AC9BBFB3ECEA}\mpengine.dll
2012-08-09 21:40:33 -------- d-----w- C:\Users\Blue\AppData\Roaming\Malwarebytes
2012-08-09 21:40:18 -------- d-----w- C:\ProgramData\Malwarebytes
2012-08-09 21:40:17 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-08-09 06:32:44 -------- d-----w- C:\ProgramData\ALM
2012-08-08 23:50:14 -------- d-----w- C:\temp
2012-08-08 23:48:21 -------- d-----w- C:\Users\Blue\AppData\Local\Trend Micro
2012-08-08 23:44:08 -------- d-----w- C:\ProgramData\Trend Micro
2012-08-08 23:43:34 -------- d-----w- C:\Program Files\Trend Micro
2012-08-08 23:10:12 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-08-08 18:27:37 -------- d-----w- C:\AdobeTemp
2012-08-07 15:29:12 23416 ----a-r- C:\Windows\SysWow64\SZIO5.dll
2012-08-07 15:29:02 546680 ----a-r- C:\Windows\SysWow64\SZComp5.dll
2012-08-07 15:28:56 497528 ----a-r- C:\Windows\SysWow64\SZBase5.dll
2012-07-17 15:36:16 29048 ----a-r- C:\Windows\SysWow64\IS3XDat5.dll
2012-07-17 15:36:16 231288 ----a-r- C:\Windows\SysWow64\IS3Win325.dll
2012-07-17 15:36:14 391032 ----a-r- C:\Windows\SysWow64\IS3UI5.dll
2012-07-17 15:36:12 100216 ----a-r- C:\Windows\SysWow64\IS3Svc5.dll
2012-07-17 15:36:06 132984 ----a-r- C:\Windows\SysWow64\IS3HTUI5.dll
2012-07-17 15:36:06 104312 ----a-r- C:\Windows\SysWow64\IS3Inet5.dll
2012-07-17 15:36:04 67448 ----a-r- C:\Windows\SysWow64\IS3Hks5.dll
2012-07-17 15:36:04 456568 ----a-r- C:\Windows\SysWow64\IS3DBA5.dll
2012-07-17 15:36:02 812920 ----a-r- C:\Windows\SysWow64\IS3Base5.dll
2012-07-14 21:51:35 -------- d-----w- C:\Users\Blue\AppData\Roaming\TechWizard
2012-07-14 21:49:20 260 ----a-w- C:\Windows\SysWow64\cmdVBS.vbs
2012-07-14 21:49:20 256 ----a-w- C:\Windows\SysWow64\MSIevent.bat
.
==================== Find3M ====================
.
2012-08-10 00:39:53 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-10 00:39:53 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-14 19:58:05 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2012-06-30 19:57:07 86584 ----a-w- C:\Windows\SysWow64\drivers\adfs.sys
2012-06-30 19:57:07 86584 ----a-w- C:\Windows\System32\drivers\adfs.sys
2012-05-31 19:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 18:46:25.38 ===============



*RogueKiller Log*

RogueKiller V7.6.5 [08/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 64 bits version
Started in : Normal mode
User: Blue [Admin rights]
Mode: Scan -- Date: 08/09/2012 18:55:11

¤¤¤ Bad processes: 1 ¤¤¤
[SUSP PATH] c2c_service.exe -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 4 ¤¤¤
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
::1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG HD103UJ ATA Device +++++
--- User ---
[MBR] 9ad95bbe26b845c22155cee2f62bc4b4
[BSP] 638e5a80e020404c80f0c466e267f1f7 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 453868 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 929523712 | Size: 499999 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt

#6 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,263 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 09 August 2012 - 09:06 PM

Please make sure system restore is running and create a new restore point before continuing.
XP <===> Vista & W7

XP users > please back up the registry using ERUNT.

-----------------------------------------

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.


Posted Image

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

Posted Image

------------------------

Click the Start Scan button.

Posted Image

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue


Posted Image

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


Posted Image


--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#7 Scavengre

Scavengre

    New Member

  • Members
  • Pip
  • 14 posts

Posted 09 August 2012 - 09:21 PM

15 Items detected, All "Unasigned" do you want the log? No option for "Cure" was given

#8 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,263 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 09 August 2012 - 09:23 PM

Yes, post the log, MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#9 Scavengre

Scavengre

    New Member

  • Members
  • Pip
  • 14 posts

Posted 09 August 2012 - 09:28 PM

*tdsskiller log*
19:13:05.0673 5960 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
19:13:06.0095 5960 ============================================================
19:13:06.0095 5960 Current date / time: 2012/08/09 19:13:06.0095
19:13:06.0095 5960 SystemInfo:
19:13:06.0095 5960
19:13:06.0095 5960 OS Version: 6.0.6002 ServicePack: 2.0
19:13:06.0095 5960 Product type: Workstation
19:13:06.0095 5960 ComputerName: BLUE-PC
19:13:06.0095 5960 UserName: Blue
19:13:06.0095 5960 Windows directory: C:\Windows
19:13:06.0095 5960 System windows directory: C:\Windows
19:13:06.0095 5960 Running under WOW64
19:13:06.0095 5960 Processor architecture: Intel x64
19:13:06.0095 5960 Number of processors: 4
19:13:06.0095 5960 Page size: 0x1000
19:13:06.0095 5960 Boot type: Normal boot
19:13:06.0095 5960 ============================================================
19:13:07.0171 5960 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:13:07.0171 5960 Drive \Device\Harddisk1\DR4 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:13:07.0187 5960 ============================================================
19:13:07.0187 5960 \Device\Harddisk0\DR0:
19:13:07.0187 5960 MBR partitions:
19:13:07.0187 5960 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x37676000
19:13:07.0187 5960 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x37676800, BlocksNum 0x3D08F800
19:13:07.0187 5960 \Device\Harddisk1\DR4:
19:13:07.0187 5960 MBR partitions:
19:13:07.0187 5960 \Device\Harddisk1\DR4\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x7E1FA80
19:13:07.0187 5960 \Device\Harddisk1\DR4\Partition1: MBR, Type 0x7, StartLBA 0x7E20000, BlocksNum 0xABF87F0
19:13:07.0187 5960 ============================================================
19:13:07.0218 5960 C: <-> \Device\Harddisk0\DR0\Partition1
19:13:07.0249 5960 D: <-> \Device\Harddisk0\DR0\Partition0
19:13:07.0265 5960 G: <-> \Device\Harddisk1\DR4\Partition0
19:13:07.0296 5960 H: <-> \Device\Harddisk1\DR4\Partition1
19:13:07.0296 5960 ============================================================
19:13:07.0296 5960 Initialize success
19:13:07.0296 5960 ============================================================
19:13:13.0645 5288 ============================================================
19:13:13.0645 5288 Scan started
19:13:13.0645 5288 Mode: Manual; SigCheck; TDLFS;
19:13:13.0645 5288 ============================================================
19:13:14.0191 5288 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
19:13:14.0269 5288 ACPI - ok
19:13:14.0300 5288 adfs (d44bcaf639e4e45307c2bc80715273d5) C:\Windows\system32\drivers\adfs.sys
19:13:14.0363 5288 adfs - ok
19:13:14.0487 5288 Adobe Version Cue CS4 (9444a3530c2e88b7ed96a566ff9ccc13) C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
19:13:14.0503 5288 Adobe Version Cue CS4 - ok
19:13:14.0550 5288 AdobeActiveFileMonitor7.0 (3fd8dc2c9735c2aa70155102cfb93eda) D:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
19:13:14.0565 5288 AdobeActiveFileMonitor7.0 - ok
19:13:14.0597 5288 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:13:14.0597 5288 AdobeARMservice - ok
19:13:14.0706 5288 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:13:14.0721 5288 AdobeFlashPlayerUpdateSvc - ok
19:13:14.0784 5288 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
19:13:14.0799 5288 adp94xx - ok
19:13:14.0815 5288 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
19:13:14.0831 5288 adpahci - ok
19:13:14.0846 5288 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
19:13:14.0846 5288 adpu160m - ok
19:13:14.0877 5288 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
19:13:14.0893 5288 adpu320 - ok
19:13:14.0924 5288 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll
19:13:14.0955 5288 AeLookupSvc - ok
19:13:15.0018 5288 AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys
19:13:15.0065 5288 AFD - ok
19:13:15.0111 5288 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
19:13:15.0111 5288 agp440 - ok
19:13:15.0127 5288 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
19:13:15.0127 5288 aic78xx - ok
19:13:15.0205 5288 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe
19:13:15.0314 5288 ALG - ok
19:13:15.0345 5288 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
19:13:15.0345 5288 aliide - ok
19:13:15.0377 5288 Alpham1 (b3e801135e0c81733542c14d9aa8120a) C:\Windows\system32\DRIVERS\Alpham164.sys
19:13:15.0408 5288 Alpham1 - ok
19:13:15.0423 5288 Alpham2 (6493983fedbc49d9112703ece9b251fe) C:\Windows\system32\DRIVERS\Alpham264.sys
19:13:15.0439 5288 Alpham2 - ok
19:13:15.0439 5288 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
19:13:15.0439 5288 amdide - ok
19:13:15.0455 5288 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
19:13:15.0470 5288 AmdK8 - ok
19:13:15.0517 5288 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll
19:13:15.0533 5288 Appinfo - ok
19:13:15.0735 5288 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
19:13:15.0751 5288 arc - ok
19:13:15.0751 5288 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
19:13:15.0767 5288 arcsas - ok
19:13:15.0813 5288 AsIO (8065a7659562005127673ac52898675f) C:\Windows\syswow64\drivers\AsIO.sys
19:13:15.0829 5288 AsIO - ok
19:13:15.0876 5288 AsSysCtrlService (edabc3fa8f941d2047da630e95e936c7) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe
19:13:15.0907 5288 AsSysCtrlService ( UnsignedFile.Multi.Generic ) - warning
19:13:15.0907 5288 AsSysCtrlService - detected UnsignedFile.Multi.Generic (1)
19:13:15.0923 5288 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
19:13:15.0954 5288 AsyncMac - ok
19:13:15.0969 5288 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
19:13:15.0985 5288 atapi - ok
19:13:15.0985 5288 AtiPcie (db0d3de15edc96e7529fc0d3f7760894) C:\Windows\system32\DRIVERS\AtiPcie.sys
19:13:15.0985 5288 AtiPcie - ok
19:13:16.0032 5288 AudioEndpointBuilder (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
19:13:16.0047 5288 AudioEndpointBuilder - ok
19:13:16.0047 5288 AudioSrv (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
19:13:16.0079 5288 AudioSrv - ok
19:13:16.0110 5288 Autodesk Licensing Service (17681266e789ba928cbed70dd58ee4b1) C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
19:13:16.0125 5288 Autodesk Licensing Service ( UnsignedFile.Multi.Generic ) - warning
19:13:16.0125 5288 Autodesk Licensing Service - detected UnsignedFile.Multi.Generic (1)
19:13:16.0188 5288 Automatic LiveUpdate Scheduler (2843669c89a00950195f51dbb5db0b8e) C:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe
19:13:16.0203 5288 Automatic LiveUpdate Scheduler - ok
19:13:16.0235 5288 BFE (ffb96c2589ffa60473ead78b39fbde29) C:\Windows\System32\bfe.dll
19:13:16.0281 5288 BFE - ok
19:13:16.0359 5288 BITS (6d316f4859634071cc25c4fd4589ad2c) C:\Windows\System32\qmgr.dll
19:13:16.0406 5288 BITS - ok
19:13:16.0422 5288 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
19:13:16.0453 5288 blbdrive - ok
19:13:16.0500 5288 Bonjour Service (3f56903e124e820aeece6d471583c6c1) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
19:13:16.0515 5288 Bonjour Service - ok
19:13:16.0531 5288 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
19:13:16.0562 5288 bowser - ok
19:13:16.0578 5288 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
19:13:16.0593 5288 BrFiltLo - ok
19:13:16.0593 5288 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
19:13:16.0609 5288 BrFiltUp - ok
19:13:16.0656 5288 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll
19:13:16.0703 5288 Browser - ok
19:13:16.0718 5288 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
19:13:16.0859 5288 Brserid - ok
19:13:16.0890 5288 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
19:13:16.0937 5288 BrSerWdm - ok
19:13:16.0968 5288 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
19:13:16.0999 5288 BrUsbMdm - ok
19:13:16.0999 5288 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
19:13:17.0030 5288 BrUsbSer - ok
19:13:17.0046 5288 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
19:13:17.0077 5288 BTHMODEM - ok
19:13:17.0093 5288 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
19:13:17.0108 5288 cdfs - ok
19:13:17.0139 5288 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
19:13:17.0155 5288 cdrom - ok
19:13:17.0171 5288 CertPropSvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
19:13:17.0202 5288 CertPropSvc - ok
19:13:17.0202 5288 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
19:13:17.0249 5288 circlass - ok
19:13:17.0280 5288 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
19:13:17.0295 5288 CLFS - ok
19:13:17.0373 5288 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:13:17.0373 5288 clr_optimization_v2.0.50727_32 - ok
19:13:17.0420 5288 clr_optimization_v2.0.50727_64 (ce07a466201096f021cd09d631b21540) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:13:17.0420 5288 clr_optimization_v2.0.50727_64 - ok
19:13:17.0498 5288 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:13:17.0498 5288 clr_optimization_v4.0.30319_32 - ok
19:13:17.0545 5288 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:13:17.0561 5288 clr_optimization_v4.0.30319_64 - ok
19:13:17.0576 5288 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
19:13:17.0576 5288 cmdide - ok
19:13:17.0576 5288 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
19:13:17.0592 5288 Compbatt - ok
19:13:17.0592 5288 COMSysApp - ok
19:13:17.0873 5288 cpuz130 - ok
19:13:17.0888 5288 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
19:13:17.0888 5288 crcdisk - ok
19:13:17.0935 5288 CryptSvc (18918613e63f387cde4d95ca7d49dcf7) C:\Windows\system32\cryptsvc.dll
19:13:17.0951 5288 CryptSvc - ok
19:13:17.0997 5288 DAUpdaterSvc (914a7156b0c0f10be645a02e13f576b2) C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
19:13:18.0013 5288 DAUpdaterSvc - ok
19:13:18.0060 5288 DcomLaunch (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
19:13:18.0107 5288 DcomLaunch - ok
19:13:18.0185 5288 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
19:13:18.0200 5288 DfsC - ok
19:13:18.0372 5288 DFSR (c647f468f7de343df8c143655c5557d4) C:\Windows\system32\DFSR.exe
19:13:18.0512 5288 DFSR - ok
19:13:18.0621 5288 Dhcp (3ed0321127ce70acdaabbf77e157c2a7) C:\Windows\System32\dhcpcsvc.dll
19:13:18.0637 5288 Dhcp - ok
19:13:18.0668 5288 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
19:13:18.0684 5288 disk - ok
19:13:18.0699 5288 Dnscache (06230f1b721494a6df8d47fd395bb1b0) C:\Windows\System32\dnsrslvr.dll
19:13:18.0715 5288 Dnscache - ok
19:13:18.0746 5288 dot3svc (1a7156dd1e850e9914e5e991e3225b94) C:\Windows\System32\dot3svc.dll
19:13:18.0762 5288 dot3svc - ok
19:13:18.0793 5288 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll
19:13:18.0809 5288 DPS - ok
19:13:18.0840 5288 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
19:13:18.0855 5288 drmkaud - ok
19:13:18.0933 5288 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
19:13:18.0949 5288 DXGKrnl - ok
19:13:18.0996 5288 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
19:13:19.0027 5288 E1G60 - ok
19:13:19.0058 5288 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll
19:13:19.0074 5288 EapHost - ok
19:13:19.0089 5288 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
19:13:19.0105 5288 Ecache - ok
19:13:19.0183 5288 ehRecvr (14ce384d2e27b64c256bda4dc39c312d) C:\Windows\ehome\ehRecvr.exe
19:13:19.0214 5288 ehRecvr - ok
19:13:19.0214 5288 ehSched (b93159c1313d66fdfbbe876f5189cd52) C:\Windows\ehome\ehsched.exe
19:13:19.0230 5288 ehSched - ok
19:13:19.0245 5288 ehstart (f5ee2527d74449868e3c3227a59bcd28) C:\Windows\ehome\ehstart.dll
19:13:19.0261 5288 ehstart - ok
19:13:19.0308 5288 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
19:13:19.0308 5288 elxstor - ok
19:13:19.0355 5288 EMDMgmt (a9b18b63a4fd6baab83326706d857fab) C:\Windows\system32\emdmgmt.dll
19:13:19.0386 5288 EMDMgmt - ok
19:13:19.0401 5288 ENTECH64 (12c061d9f9621be916d58191872ec281) C:\Windows\system32\DRIVERS\ENTECH64.sys
19:13:19.0401 5288 ENTECH64 - ok
19:13:19.0417 5288 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
19:13:19.0433 5288 ErrDev - ok
19:13:19.0526 5288 EventSystem (e12f22b73f153dece721cd45ec05b4af) C:\Windows\system32\es.dll
19:13:19.0557 5288 EventSystem - ok
19:13:19.0604 5288 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
19:13:19.0620 5288 exfat - ok
19:13:19.0651 5288 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
19:13:19.0682 5288 fastfat - ok
19:13:19.0682 5288 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
19:13:19.0713 5288 fdc - ok
19:13:19.0713 5288 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll
19:13:19.0729 5288 fdPHost - ok
19:13:19.0745 5288 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll
19:13:19.0791 5288 FDResPub - ok
19:13:19.0947 5288 File Backup (d9d2bfc887ac241e1a4bf019c325552c) C:\Program Files (x86)\Workspace\offSyncService.exe
19:13:19.0979 5288 File Backup - ok
19:13:19.0979 5288 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
19:13:19.0994 5288 FileInfo - ok
19:13:20.0025 5288 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
19:13:20.0057 5288 Filetrace - ok
19:13:20.0135 5288 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
19:13:20.0166 5288 FLEXnet Licensing Service - ok
19:13:20.0353 5288 FLEXnet Licensing Service 64 (1c3fb052a0bb72edaed90785c34d6eed) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
19:13:20.0384 5288 FLEXnet Licensing Service 64 - ok
19:13:20.0462 5288 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
19:13:20.0493 5288 flpydisk - ok
19:13:20.0525 5288 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
19:13:20.0525 5288 FltMgr - ok
19:13:20.0821 5288 FMS (8795fd92b624648dabe7b75129ef8002) C:\Program Files (x86)\Adobe\Flash Media Server 3.5\FMSMaster.exe
19:13:20.0961 5288 FMS ( UnsignedFile.Multi.Generic ) - warning
19:13:20.0961 5288 FMS - detected UnsignedFile.Multi.Generic (1)
19:13:21.0149 5288 FMSAdmin (2db70167c13f2339a63e694291fd1bfd) C:\Program Files (x86)\Adobe\Flash Media Server 3.5\FMSAdmin.exe
19:13:21.0211 5288 FMSAdmin ( UnsignedFile.Multi.Generic ) - warning
19:13:21.0211 5288 FMSAdmin - detected UnsignedFile.Multi.Generic (1)
19:13:21.0507 5288 FMSHttpd (8881574868e648689b7aa88a88716e17) C:\Program Files (x86)\Adobe\Flash Media Server 3.5\Apache2.2\bin\httpd.exe
19:13:21.0523 5288 FMSHttpd ( UnsignedFile.Multi.Generic ) - warning
19:13:21.0523 5288 FMSHttpd - detected UnsignedFile.Multi.Generic (1)
19:13:21.0617 5288 FontCache (be1c5bd1ca7ed015bc6fa1ae67e592c8) C:\Windows\system32\FntCache.dll
19:13:21.0648 5288 FontCache - ok
19:13:21.0741 5288 FontCache3.0.0.0 (bc5b0be5af3510b0fd8c140ee42c6d3e) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:13:21.0741 5288 FontCache3.0.0.0 - ok
19:13:21.0788 5288 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
19:13:21.0819 5288 Fs_Rec - ok
19:13:21.0851 5288 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
19:13:21.0866 5288 gagp30kx - ok
19:13:21.0913 5288 gpsvc (a0e1b575ba8f504968cd40c0faeb2384) C:\Windows\System32\gpsvc.dll
19:13:21.0944 5288 gpsvc - ok
19:13:21.0991 5288 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:13:22.0007 5288 gupdate - ok
19:13:22.0007 5288 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:13:22.0007 5288 gupdatem - ok
19:13:22.0053 5288 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
19:13:22.0085 5288 HdAudAddService - ok
19:13:22.0365 5288 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:13:22.0397 5288 HDAudBus - ok
19:13:22.0475 5288 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
19:13:22.0521 5288 HidBth - ok
19:13:22.0537 5288 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
19:13:22.0568 5288 HidIr - ok
19:13:22.0631 5288 hidserv (59361d38a297755d46a540e450202b2a) C:\Windows\system32\hidserv.dll
19:13:22.0646 5288 hidserv - ok
19:13:22.0662 5288 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
19:13:22.0677 5288 HidUsb - ok
19:13:22.0724 5288 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll
19:13:22.0755 5288 hkmsvc - ok
19:13:22.0787 5288 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
19:13:22.0787 5288 HpCISSs - ok
19:13:22.0849 5288 hpqcxs08 (ce0fcec4d4d860f36d972759b11eaf0f) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
19:13:22.0865 5288 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
19:13:22.0865 5288 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
19:13:22.0896 5288 hpqddsvc (7da3211ac63edd90b8eca1ca1abfd43b) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
19:13:22.0896 5288 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
19:13:22.0896 5288 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
19:13:22.0943 5288 HPSLPSVC (298a6890a7ac415dabb35047d168f13b) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
19:13:22.0958 5288 HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
19:13:22.0958 5288 HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
19:13:23.0067 5288 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
19:13:23.0099 5288 HTTP - ok
19:13:23.0099 5288 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
19:13:23.0114 5288 i2omp - ok
19:13:23.0130 5288 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
19:13:23.0145 5288 i8042prt - ok
19:13:23.0255 5288 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
19:13:23.0270 5288 iaStorV - ok
19:13:23.0348 5288 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
19:13:23.0364 5288 IDriverT ( UnsignedFile.Multi.Generic ) - warning
19:13:23.0364 5288 IDriverT - detected UnsignedFile.Multi.Generic (1)
19:13:23.0473 5288 idsvc (749f5f8cedca70f2a512945325fc489d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:13:23.0489 5288 idsvc - ok
19:13:23.0582 5288 IHA_MessageCenter (5cab9d1ab5c9384d28dff89dbe7a72bb) C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
19:13:23.0613 5288 IHA_MessageCenter ( UnsignedFile.Multi.Generic ) - warning
19:13:23.0613 5288 IHA_MessageCenter - detected UnsignedFile.Multi.Generic (1)
19:13:23.0660 5288 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
19:13:23.0660 5288 iirsp - ok
19:13:23.0707 5288 IKEEXT (0c9ea6e654e7b0471741e343a6c671af) C:\Windows\System32\ikeext.dll
19:13:23.0723 5288 IKEEXT - ok
19:13:23.0738 5288 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
19:13:23.0738 5288 intelide - ok
19:13:23.0754 5288 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
19:13:23.0769 5288 intelppm - ok
19:13:23.0816 5288 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll
19:13:23.0832 5288 IPBusEnum - ok
19:13:23.0879 5288 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:13:23.0894 5288 IpFilterDriver - ok
19:13:23.0957 5288 iphlpsvc (bf0dbfa9792c5c14fa00f61c75116c1b) C:\Windows\System32\iphlpsvc.dll
19:13:23.0972 5288 iphlpsvc - ok
19:13:23.0972 5288 IpInIp - ok
19:13:24.0050 5288 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
19:13:24.0066 5288 IPMIDRV - ok
19:13:24.0081 5288 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
19:13:24.0128 5288 IPNAT - ok
19:13:24.0128 5288 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
19:13:24.0144 5288 IRENUM - ok
19:13:24.0300 5288 is3srv (8598e4a12eaa945b35365dd2750b9777) C:\Windows\syswow64\drivers\is3srv64.sys
19:13:24.0300 5288 is3srv - ok
19:13:24.0300 5288 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
19:13:24.0315 5288 isapnp - ok
19:13:24.0347 5288 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
19:13:24.0362 5288 iScsiPrt - ok
19:13:24.0378 5288 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
19:13:24.0378 5288 iteatapi - ok
19:13:24.0393 5288 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
19:13:24.0393 5288 iteraid - ok
19:13:24.0409 5288 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
19:13:24.0409 5288 kbdclass - ok
19:13:24.0425 5288 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
19:13:24.0440 5288 kbdhid - ok
19:13:24.0487 5288 KeyIso (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
19:13:24.0518 5288 KeyIso - ok
19:13:24.0565 5288 KSecDD (2758d174604f597bbc8a217ff667913d) C:\Windows\system32\Drivers\ksecdd.sys
19:13:24.0581 5288 KSecDD - ok
19:13:24.0643 5288 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
19:13:24.0659 5288 ksthunk - ok
19:13:24.0690 5288 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll
19:13:24.0721 5288 KtmRm - ok
19:13:24.0768 5288 L1E (3e3d1d8dcb2ca53463d34252e99465d3) C:\Windows\system32\DRIVERS\L1E60x64.sys
19:13:24.0783 5288 L1E - ok
19:13:24.0830 5288 LanmanServer (50c7a3cb427e9bb5ed0708a669956ab5) C:\Windows\system32\srvsvc.dll
19:13:24.0846 5288 LanmanServer - ok
19:13:24.0877 5288 LanmanWorkstation (caf86fc1388be1e470f1a7b43e348adb) C:\Windows\System32\wkssvc.dll
19:13:24.0908 5288 LanmanWorkstation - ok
19:13:25.0080 5288 LBTServ (7772dfab22611050b79504e671b06e6e) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
19:13:25.0095 5288 LBTServ - ok
19:13:25.0127 5288 LHidFilt (241f2648adf090e2a10095bd6d6f5dcb) C:\Windows\system32\DRIVERS\LHidFilt.Sys
19:13:25.0127 5288 LHidFilt - ok
19:13:25.0345 5288 LiveUpdate (36375738dc0b3cd1f764268008e74fdf) C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_4.EXE
19:13:25.0423 5288 LiveUpdate - ok
19:13:25.0548 5288 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
19:13:25.0579 5288 lltdio - ok
19:13:25.0610 5288 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll
19:13:25.0626 5288 lltdsvc - ok
19:13:25.0641 5288 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll
19:13:25.0688 5288 lmhosts - ok
19:13:25.0704 5288 LMouFilt (342ed5a4b3326014438f36d22d803737) C:\Windows\system32\DRIVERS\LMouFilt.Sys
19:13:25.0704 5288 LMouFilt - ok
19:13:25.0751 5288 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
19:13:25.0766 5288 LSI_FC - ok
19:13:25.0782 5288 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
19:13:25.0782 5288 LSI_SAS - ok
19:13:25.0797 5288 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
19:13:25.0797 5288 LSI_SCSI - ok
19:13:25.0813 5288 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
19:13:25.0829 5288 luafv - ok
19:13:25.0875 5288 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys
19:13:25.0891 5288 MBAMProtector - ok
19:13:25.0985 5288 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
19:13:26.0000 5288 MBAMService - ok
19:13:26.0031 5288 Mcx2Svc (76a58df02bd4ea29f189b82d0bef17f8) C:\Windows\system32\Mcx2Svc.dll
19:13:26.0047 5288 Mcx2Svc - ok
19:13:26.0063 5288 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
19:13:26.0063 5288 megasas - ok
19:13:26.0078 5288 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
19:13:26.0094 5288 MegaSR - ok
19:13:26.0172 5288 mi-raysat_3dsmax9_32 (aa0c4a2c33ce075df2c272d678734991) C:\Program Files (x86)\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
19:13:26.0172 5288 mi-raysat_3dsmax9_32 ( UnsignedFile.Multi.Generic ) - warning
19:13:26.0172 5288 mi-raysat_3dsmax9_32 - detected UnsignedFile.Multi.Generic (1)
19:13:26.0187 5288 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
19:13:26.0203 5288 MMCSS - ok
19:13:26.0219 5288 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
19:13:26.0265 5288 Modem - ok
19:13:26.0312 5288 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
19:13:26.0328 5288 monitor - ok
19:13:26.0359 5288 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
19:13:26.0359 5288 mouclass - ok
19:13:26.0390 5288 moufiltr (21b7acea1bb49c3371dd5427bf309d6a) C:\Windows\system32\DRIVERS\moufiltr.sys
19:13:26.0406 5288 moufiltr - ok
19:13:26.0421 5288 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
19:13:26.0453 5288 mouhid - ok
19:13:26.0453 5288 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
19:13:26.0468 5288 MountMgr - ok
19:13:26.0499 5288 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
19:13:26.0515 5288 MozillaMaintenance - ok
19:13:26.0531 5288 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
19:13:26.0546 5288 mpio - ok
19:13:26.0562 5288 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
19:13:26.0577 5288 mpsdrv - ok
19:13:26.0609 5288 MpsSvc (897e3baf68ba406a61682ae39c83900c) C:\Windows\system32\mpssvc.dll
19:13:26.0640 5288 MpsSvc - ok
19:13:26.0655 5288 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
19:13:26.0655 5288 Mraid35x - ok
19:13:26.0702 5288 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
19:13:26.0718 5288 MRxDAV - ok
19:13:26.0733 5288 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:13:26.0765 5288 mrxsmb - ok
19:13:26.0811 5288 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:13:26.0827 5288 mrxsmb10 - ok
19:13:26.0827 5288 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:13:26.0843 5288 mrxsmb20 - ok
19:13:26.0843 5288 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
19:13:26.0858 5288 msahci - ok
19:13:26.0874 5288 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
19:13:26.0874 5288 msdsm - ok
19:13:26.0905 5288 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe
19:13:26.0921 5288 MSDTC - ok
19:13:26.0952 5288 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
19:13:26.0967 5288 Msfs - ok
19:13:26.0983 5288 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
19:13:26.0983 5288 msisadrv - ok
19:13:27.0030 5288 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll
19:13:27.0061 5288 MSiSCSI - ok
19:13:27.0061 5288 msiserver - ok
19:13:27.0077 5288 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
19:13:27.0092 5288 MSKSSRV - ok
19:13:27.0108 5288 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
19:13:27.0123 5288 MSPCLOCK - ok
19:13:27.0139 5288 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
19:13:27.0155 5288 MSPQM - ok
19:13:27.0186 5288 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
19:13:27.0201 5288 MsRPC - ok
19:13:27.0217 5288 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
19:13:27.0217 5288 mssmbios - ok
19:13:27.0264 5288 MSSQL$BWDATOOLSET - ok
19:13:27.0279 5288 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe
19:13:27.0295 5288 MSSQLServerADHelper - ok
19:13:27.0295 5288 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
19:13:27.0311 5288 MSTEE - ok
19:13:27.0373 5288 MTsensor (6936198f2cc25b39cf5262436c80df46) C:\Windows\system32\DRIVERS\ASACPI.sys
19:13:27.0389 5288 MTsensor - ok
19:13:27.0529 5288 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
19:13:27.0529 5288 Mup - ok
19:13:27.0607 5288 napagent (a5b10c845e7538c60c0f5d87a57cb3f5) C:\Windows\system32\qagentRT.dll
19:13:27.0623 5288 napagent - ok
19:13:27.0654 5288 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
19:13:27.0669 5288 NativeWifiP - ok
19:13:27.0701 5288 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
19:13:27.0716 5288 NDIS - ok
19:13:27.0716 5288 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
19:13:27.0732 5288 NdisTapi - ok
19:13:27.0810 5288 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
19:13:27.0825 5288 Ndisuio - ok
19:13:27.0872 5288 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
19:13:27.0888 5288 NdisWan - ok
19:13:27.0903 5288 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
19:13:27.0919 5288 NDProxy - ok
19:13:27.0950 5288 Net Driver HPZ12 (bd94210175c488f18add3e189ee9304c) C:\Windows\system32\HPZinw12.dll
19:13:27.0950 5288 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
19:13:27.0950 5288 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
19:13:27.0966 5288 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
19:13:27.0981 5288 NetBIOS - ok
19:13:28.0013 5288 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
19:13:28.0028 5288 netbt - ok
19:13:28.0044 5288 Netlogon (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
19:13:28.0059 5288 Netlogon - ok
19:13:28.0091 5288 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll
19:13:28.0122 5288 Netman - ok
19:13:28.0169 5288 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll
19:13:28.0200 5288 netprofm - ok
19:13:28.0247 5288 NetTcpPortSharing (74751dda198165947fd7454d83f49825) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:13:28.0262 5288 NetTcpPortSharing - ok
19:13:28.0262 5288 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
19:13:28.0262 5288 nfrd960 - ok
19:13:28.0309 5288 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll
19:13:28.0340 5288 NlaSvc - ok
19:13:28.0356 5288 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
19:13:28.0371 5288 Npfs - ok
19:13:28.0403 5288 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll
19:13:28.0418 5288 nsi - ok
19:13:28.0434 5288 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
19:13:28.0465 5288 nsiproxy - ok
19:13:28.0543 5288 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
19:13:28.0559 5288 Ntfs - ok
19:13:28.0699 5288 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
19:13:28.0715 5288 Null - ok
19:13:29.0339 5288 nvlddmkm (0eb204639119370f5f8f2871fbf4e14b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:13:29.0822 5288 nvlddmkm - ok
19:13:29.0947 5288 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
19:13:29.0947 5288 nvraid - ok
19:13:29.0963 5288 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
19:13:29.0963 5288 nvstor - ok
19:13:30.0025 5288 nvsvc (32ff8ee6dcee5c0cb91ff892fb1ca364) C:\Windows\system32\nvvsvc.exe
19:13:30.0041 5288 nvsvc - ok
19:13:30.0181 5288 nvUpdatusService (bd012dc22c78be1071bc21eb125d782f) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
19:13:30.0228 5288 nvUpdatusService - ok
19:13:30.0259 5288 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
19:13:30.0275 5288 nv_agp - ok
19:13:30.0275 5288 NwlnkFlt - ok
19:13:30.0275 5288 NwlnkFwd - ok
19:13:30.0384 5288 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
19:13:30.0415 5288 ohci1394 - ok
19:13:30.0477 5288 p2pimsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
19:13:30.0509 5288 p2pimsvc - ok
19:13:30.0524 5288 p2psvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
19:13:30.0540 5288 p2psvc - ok
19:13:30.0571 5288 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
19:13:30.0602 5288 Parport - ok
19:13:30.0680 5288 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
19:13:30.0680 5288 partmgr - ok
19:13:30.0758 5288 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll
19:13:30.0774 5288 PcaSvc - ok
19:13:30.0789 5288 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
19:13:30.0805 5288 pci - ok
19:13:30.0836 5288 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys
19:13:30.0836 5288 pciide - ok
19:13:30.0852 5288 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
19:13:30.0852 5288 pcmcia - ok
19:13:30.0883 5288 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
19:13:30.0930 5288 PEAUTH - ok
19:13:31.0008 5288 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe
19:13:31.0023 5288 PerfHost - ok
19:13:31.0164 5288 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll
19:13:31.0195 5288 pla - ok
19:13:31.0242 5288 PlugPlay (fe6b0f59215c9fd9f9d26539c58c8b82) C:\Windows\system32\umpnpmgr.dll
19:13:31.0257 5288 PlugPlay - ok
19:13:31.0304 5288 Pml Driver HPZ12 (7fe2afb17d91cf39843d6766ea31cfc7) C:\Windows\system32\HPZipm12.dll
19:13:31.0304 5288 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
19:13:31.0304 5288 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
19:13:31.0304 5288 PnkBstrA - ok
19:13:31.0367 5288 PNRPAutoReg (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
19:13:31.0382 5288 PNRPAutoReg - ok
19:13:31.0398 5288 PNRPsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
19:13:31.0413 5288 PNRPsvc - ok
19:13:31.0491 5288 PolicyAgent (89a5560671c2d8b4a4b51f3e1aa069d8) C:\Windows\System32\ipsecsvc.dll
19:13:31.0523 5288 PolicyAgent - ok
19:13:31.0585 5288 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
19:13:31.0601 5288 PptpMiniport - ok
19:13:31.0663 5288 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\DRIVERS\processr.sys
19:13:31.0694 5288 Processor - ok
19:13:31.0741 5288 ProfSvc (e058ce4fc2449d8bfa14739c83b7ff2a) C:\Windows\system32\profsvc.dll
19:13:31.0757 5288 ProfSvc - ok
19:13:31.0788 5288 ProtectedStorage (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
19:13:31.0803 5288 ProtectedStorage - ok
19:13:31.0913 5288 PS3 Media Server (eb21a4f28e4135498b3ce981883a0a44) C:\Program Files (x86)\PS3 Media Server\win32\service\wrapper.exe
19:13:31.0944 5288 PS3 Media Server ( UnsignedFile.Multi.Generic ) - warning
19:13:31.0944 5288 PS3 Media Server - detected UnsignedFile.Multi.Generic (1)
19:13:31.0959 5288 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
19:13:31.0975 5288 PSched - ok
19:13:32.0069 5288 PSI_SVC_2_x64 (788cb65d49d1162c5ee6814afe5b0a70) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
19:13:32.0069 5288 PSI_SVC_2_x64 - ok
19:13:32.0100 5288 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
19:13:32.0100 5288 PxHlpa64 - ok
19:13:32.0162 5288 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
19:13:32.0193 5288 ql2300 - ok
19:13:32.0225 5288 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
19:13:32.0240 5288 ql40xx - ok
19:13:32.0271 5288 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll
19:13:32.0287 5288 QWAVE - ok
19:13:32.0287 5288 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
19:13:32.0303 5288 QWAVEdrv - ok
19:13:32.0334 5288 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
19:13:32.0365 5288 RasAcd - ok
19:13:32.0427 5288 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll
19:13:32.0443 5288 RasAuto - ok
19:13:32.0474 5288 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:13:32.0490 5288 Rasl2tp - ok
19:13:32.0505 5288 RasMan (3ad83e4046c43be510de681588acb8af) C:\Windows\System32\rasmans.dll
19:13:32.0521 5288 RasMan - ok
19:13:32.0552 5288 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
19:13:32.0568 5288 RasPppoe - ok
19:13:32.0646 5288 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
19:13:32.0661 5288 RasSstp - ok
19:13:32.0693 5288 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
19:13:32.0708 5288 rdbss - ok
19:13:32.0708 5288 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:13:32.0724 5288 RDPCDD - ok
19:13:32.0755 5288 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
19:13:32.0771 5288 rdpdr - ok
19:13:32.0786 5288 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
19:13:32.0802 5288 RDPENCDD - ok
19:13:32.0833 5288 RDPWD (5c141fc457f1ac833664789235aca673) C:\Windows\system32\drivers\RDPWD.sys
19:13:32.0849 5288 RDPWD - ok
19:13:32.0864 5288 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll
19:13:32.0895 5288 RemoteAccess - ok
19:13:32.0911 5288 RemoteRegistry (44b9d8ec2f3ef3a0efb00857af70d861) C:\Windows\system32\regsvc.dll
19:13:32.0927 5288 RemoteRegistry - ok
19:13:32.0942 5288 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe
19:13:32.0958 5288 RpcLocator - ok
19:13:33.0020 5288 RpcSs (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
19:13:33.0036 5288 RpcSs - ok
19:13:33.0051 5288 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
19:13:33.0083 5288 rspndr - ok
19:13:33.0129 5288 SamSs (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
19:13:33.0129 5288 SamSs - ok
19:13:33.0161 5288 sbapifs (6e342316e72f4b6fa39c99e06373a1a3) C:\Windows\system32\DRIVERS\sbapifs.sys
19:13:33.0161 5288 sbapifs - ok
19:13:33.0176 5288 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
19:13:33.0192 5288 sbp2port - ok
19:13:33.0223 5288 SBRE (9aceb2a2362fc87a3825963e61ba9076) C:\Windows\system32\drivers\SBREdrv.sys
19:13:33.0223 5288 SBRE - ok
19:13:33.0239 5288 SCardSvr (fd1cdcf108d5ef3366f00d18b70fb89b) C:\Windows\System32\SCardSvr.dll
19:13:33.0254 5288 SCardSvr - ok
19:13:33.0363 5288 Schedule (0f838c811ad295d2a4489b9993096c63) C:\Windows\system32\schedsvc.dll
19:13:33.0410 5288 Schedule - ok
19:13:33.0426 5288 SCPolicySvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
19:13:33.0457 5288 SCPolicySvc - ok
19:13:33.0519 5288 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll
19:13:33.0535 5288 SDRSVC - ok
19:13:33.0551 5288 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
19:13:33.0582 5288 secdrv - ok
19:13:33.0597 5288 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll
19:13:33.0613 5288 seclogon - ok
19:13:33.0629 5288 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\System32\sens.dll
19:13:33.0644 5288 SENS - ok
19:13:33.0660 5288 Serenum (2449316316411d65bd2c761a6ffb2ce2) C:\Windows\system32\DRIVERS\serenum.sys
19:13:33.0675 5288 Serenum - ok
19:13:33.0707 5288 Serial (4b438170be2fc8e0bd35ee87a960f84f) C:\Windows\system32\DRIVERS\serial.sys
19:13:33.0722 5288 Serial - ok
19:13:33.0738 5288 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
19:13:33.0753 5288 sermouse - ok
19:13:33.0769 5288 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll
19:13:33.0800 5288 SessionEnv - ok
19:13:33.0800 5288 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
19:13:33.0831 5288 sffdisk - ok
19:13:33.0831 5288 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
19:13:33.0878 5288 sffp_mmc - ok
19:13:33.0878 5288 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
19:13:33.0909 5288 sffp_sd - ok
19:13:33.0909 5288 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
19:13:33.0941 5288 sfloppy - ok
19:13:33.0987 5288 SharedAccess (4c5aee179da7e1ee9a9ccb9da289af34) C:\Windows\System32\ipnathlp.dll
19:13:34.0034 5288 SharedAccess - ok
19:13:34.0112 5288 ShellHWDetection (56793271ecdedd350c5add305603e963) C:\Windows\System32\shsvcs.dll
19:13:34.0128 5288 ShellHWDetection - ok
19:13:34.0128 5288 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
19:13:34.0143 5288 SiSRaid2 - ok
19:13:34.0159 5288 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
19:13:34.0159 5288 SiSRaid4 - ok
19:13:34.0362 5288 Skype C2C Service (192d93ee7ae6a3c599c96cd8d736e914) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
19:13:34.0424 5288 Skype C2C Service - ok
19:13:34.0565 5288 SkypeUpdate (68ea68d03bf58389fe6ad2b38fad798c) C:\Program Files (x86)\Skype\Updater\Updater.exe
19:13:34.0565 5288 SkypeUpdate - ok
19:13:34.0736 5288 slsvc (a9a27a8e257b45a604fdad4f26fe7241) C:\Windows\system32\SLsvc.exe
19:13:34.0799 5288 slsvc - ok
19:13:34.0861 5288 SLUINotify (fd74b4b7c2088e390a30c85a896fc3af) C:\Windows\system32\SLUINotify.dll
19:13:34.0892 5288 SLUINotify - ok
19:13:34.0955 5288 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
19:13:34.0970 5288 Smb - ok
19:13:34.0986 5288 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe
19:13:35.0001 5288 SNMPTRAP - ok
19:13:35.0017 5288 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
19:13:35.0017 5288 spldr - ok
19:13:35.0048 5288 Spooler (f66ff751e7efc816d266977939ef5dc3) C:\Windows\System32\spoolsv.exe
19:13:35.0079 5288 Spooler - ok
19:13:35.0126 5288 SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
19:13:35.0126 5288 SQLBrowser - ok
19:13:35.0157 5288 SQLWriter (3c432a96363097870995e2a3c8b66abd) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
19:13:35.0157 5288 SQLWriter - ok
19:13:35.0189 5288 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
19:13:35.0220 5288 srv - ok
19:13:35.0267 5288 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
19:13:35.0282 5288 srv2 - ok
19:13:35.0313 5288 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
19:13:35.0313 5288 srvnet - ok
19:13:35.0329 5288 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll
19:13:35.0360 5288 SSDPSRV - ok
19:13:35.0360 5288 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll
19:13:35.0391 5288 SstpSvc - ok
19:13:35.0423 5288 Steam Client Service - ok
19:13:35.0469 5288 Stereo Service (fc0a58529a02b1eed55ddc58696b7908) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
19:13:35.0469 5288 Stereo Service - ok
19:13:35.0501 5288 StillCam (14b4db4381e4a55f570d8bb699b791d6) C:\Windows\system32\DRIVERS\serscan.sys
19:13:35.0516 5288 StillCam - ok
19:13:35.0579 5288 stisvc (15825c1fbfb8779992cb65087f316af5) C:\Windows\System32\wiaservc.dll
19:13:35.0594 5288 stisvc - ok
19:13:35.0594 5288 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
19:13:35.0594 5288 swenum - ok
19:13:35.0672 5288 swprv (6de37f4de19d4efd9c48c43addbc949a) C:\Windows\System32\swprv.dll
19:13:35.0688 5288 swprv - ok
19:13:35.0735 5288 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
19:13:35.0735 5288 Symc8xx - ok
19:13:35.0750 5288 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
19:13:35.0750 5288 Sym_hi - ok
19:13:35.0766 5288 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
19:13:35.0766 5288 Sym_u3 - ok
19:13:35.0828 5288 SysMain (92d7a8b0f87b036f17d25885937897a6) C:\Windows\system32\sysmain.dll
19:13:35.0875 5288 SysMain - ok
19:13:35.0984 5288 szkg5 (8598e4a12eaa945b35365dd2750b9777) C:\Windows\syswow64\DRIVERS\szkg64.sys
19:13:35.0984 5288 szkg5 - ok
19:13:36.0062 5288 szserver (67f86bef497c02a765ab439495599717) C:\Program Files (x86)\STOPzilla!\SZServer.exe
19:13:36.0078 5288 szserver - ok
19:13:36.0187 5288 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll
19:13:36.0203 5288 TabletInputService - ok
19:13:36.0249 5288 TapiSrv (cc2562b4d55e0b6a4758c65407f63b79) C:\Windows\System32\tapisrv.dll
19:13:36.0265 5288 TapiSrv - ok
19:13:36.0296 5288 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll
19:13:36.0359 5288 TBS - ok
19:13:36.0483 5288 Tcpip (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\drivers\tcpip.sys
19:13:36.0515 5288 Tcpip - ok
19:13:36.0624 5288 Tcpip6 (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\DRIVERS\tcpip.sys
19:13:36.0655 5288 Tcpip6 - ok
19:13:36.0873 5288 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
19:13:36.0889 5288 tcpipreg - ok
19:13:36.0920 5288 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
19:13:36.0951 5288 TDPIPE - ok
19:13:36.0998 5288 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
19:13:37.0014 5288 TDTCP - ok
19:13:37.0029 5288 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
19:13:37.0045 5288 tdx - ok
19:13:37.0092 5288 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
19:13:37.0092 5288 TermDD - ok
19:13:37.0170 5288 TermService (5cdd30bc217082dac71a9878d9bfd566) C:\Windows\System32\termsrv.dll
19:13:37.0185 5288 TermService - ok
19:13:37.0217 5288 Themes (56793271ecdedd350c5add305603e963) C:\Windows\system32\shsvcs.dll
19:13:37.0232 5288 Themes - ok
19:13:37.0248 5288 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
19:13:37.0263 5288 THREADORDER - ok
19:13:37.0295 5288 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll
19:13:37.0326 5288 TrkWks - ok
19:13:37.0419 5288 TrustedInstaller (66328b08ef5a9305d8ede36b93930369) C:\Windows\servicing\TrustedInstaller.exe
19:13:37.0451 5288 TrustedInstaller - ok
19:13:37.0451 5288 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:13:37.0482 5288 tssecsrv - ok
19:13:37.0482 5288 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
19:13:37.0544 5288 tunmp - ok
19:13:37.0560 5288 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
19:13:37.0560 5288 tunnel - ok
19:13:37.0607 5288 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
19:13:37.0607 5288 uagp35 - ok
19:13:37.0653 5288 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
19:13:37.0669 5288 udfs - ok
19:13:37.0669 5288 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe
19:13:37.0700 5288 UI0Detect - ok
19:13:37.0700 5288 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
19:13:37.0716 5288 uliagpkx - ok
19:13:37.0731 5288 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
19:13:37.0747 5288 uliahci - ok
19:13:37.0763 5288 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
19:13:37.0763 5288 UlSata - ok
19:13:37.0778 5288 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
19:13:37.0794 5288 ulsata2 - ok
19:13:37.0809 5288 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
19:13:37.0841 5288 umbus - ok
19:13:37.0841 5288 UMPass (01abe05c401e70795b43a8933b44831e) C:\Windows\system32\DRIVERS\umpass.sys
19:13:37.0872 5288 UMPass - ok
19:13:37.0887 5288 upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll
19:13:37.0919 5288 upnphost - ok
19:13:37.0981 5288 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys
19:13:37.0997 5288 usbaudio - ok
19:13:38.0012 5288 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
19:13:38.0043 5288 usbccgp - ok
19:13:38.0059 5288 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
19:13:38.0090 5288 usbcir - ok
19:13:38.0199 5288 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
19:13:38.0215 5288 usbehci - ok
19:13:38.0246 5288 usbfilter (db07f39cb6f36b46ea681e754a0ec588) C:\Windows\system32\DRIVERS\usbfilter.sys
19:13:38.0246 5288 usbfilter - ok
19:13:38.0277 5288 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
19:13:38.0293 5288 usbhub - ok
19:13:38.0309 5288 usbohci (e406b003a354776d317762694956b0fc) C:\Windows\system32\DRIVERS\usbohci.sys
19:13:38.0324 5288 usbohci - ok
19:13:38.0324 5288 usbprint (acfee697af477021bb3ec78c5431fed2) C:\Windows\system32\drivers\usbprint.sys
19:13:38.0355 5288 usbprint - ok
19:13:38.0371 5288 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:13:38.0387 5288 USBSTOR - ok
19:13:38.0387 5288 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
19:13:38.0418 5288 usbuhci - ok
19:13:38.0433 5288 UxSms (d76e231e4850bb3f88a3d9a78df191e3) C:\Windows\System32\uxsms.dll
19:13:38.0449 5288 UxSms - ok
19:13:38.0496 5288 vds (294945381dfa7ce58cecf0a9896af327) C:\Windows\System32\vds.exe
19:13:38.0511 5288 vds - ok
19:13:38.0511 5288 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
19:13:38.0543 5288 vga - ok
19:13:38.0543 5288 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
19:13:38.0574 5288 VgaSave - ok
19:13:38.0589 5288 vhidmini (c2c95d62c90ca809240112b41c1765f2) C:\Windows\system32\DRIVERS\walvhid.sys
19:13:38.0621 5288 vhidmini - ok
19:13:38.0683 5288 VIAHdAudAddService (4a441cef86dd95692984fce11d8fd530) C:\Windows\system32\drivers\viahduaa.sys
19:13:38.0777 5288 VIAHdAudAddService - ok
19:13:38.0777 5288 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
19:13:38.0792 5288 viaide - ok
19:13:38.0792 5288 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
19:13:38.0792 5288 volmgr - ok
19:13:38.0823 5288 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
19:13:38.0839 5288 volmgrx - ok
19:13:38.0901 5288 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
19:13:38.0917 5288 volsnap - ok
19:13:38.0933 5288 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
19:13:38.0933 5288 vsmraid - ok
19:13:39.0011 5288 VSS (b75232dad33bfd95bf6f0a3e6bff51e1) C:\Windows\system32\vssvc.exe
19:13:39.0042 5288 VSS - ok
19:13:39.0182 5288 W32Time (f14a7de2ea41883e250892e1e5230a9a) C:\Windows\system32\w32time.dll
19:13:39.0198 5288 W32Time - ok
19:13:39.0213 5288 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
19:13:39.0245 5288 WacomPen - ok
19:13:39.0338 5288 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
19:13:39.0354 5288 Wanarp - ok
19:13:39.0354 5288 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
19:13:39.0369 5288 Wanarpv6 - ok
19:13:39.0401 5288 wcncsvc (b4e4c37d0aa6100090a53213ee2bf1c1) C:\Windows\System32\wcncsvc.dll
19:13:39.0416 5288 wcncsvc - ok
19:13:39.0479 5288 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll
19:13:39.0494 5288 WcsPlugInService - ok
19:13:39.0494 5288 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
19:13:39.0510 5288 Wd - ok
19:13:39.0557 5288 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
19:13:39.0588 5288 Wdf01000 - ok
19:13:39.0603 5288 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
19:13:39.0635 5288 WdiServiceHost - ok
19:13:39.0635 5288 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
19:13:39.0650 5288 WdiSystemHost - ok
19:13:39.0713 5288 WebClient (3e6d05381cf35f75ebb055544a8ed9ac) C:\Windows\System32\webclnt.dll
19:13:39.0728 5288 WebClient - ok
19:13:39.0759 5288 Wecsvc (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll
19:13:39.0775 5288 Wecsvc - ok
19:13:39.0822 5288 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll
19:13:39.0853 5288 wercplsupport - ok
19:13:39.0869 5288 WerSvc (66b9ecebc46683f47edc06333c075fef) C:\Windows\System32\WerSvc.dll
19:13:39.0884 5288 WerSvc - ok
19:13:39.0915 5288 WinDefend - ok
19:13:39.0915 5288 WinHttpAutoProxySvc - ok
19:13:39.0962 5288 Winmgmt (d2e7296ed1bd26d8db2799770c077a02) C:\Windows\system32\wbem\WMIsvc.dll
19:13:39.0978 5288 Winmgmt - ok
19:13:40.0118 5288 WinRM (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll
19:13:40.0149 5288 WinRM - ok
19:13:40.0290 5288 Wlansvc (ec339c8115e91baed835957e9a677f16) C:\Windows\System32\wlansvc.dll
19:13:40.0337 5288 Wlansvc - ok
19:13:40.0368 5288 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
19:13:40.0383 5288 WmiAcpi - ok
19:13:40.0461 5288 wmiApSrv (21fa389e65a852698b6a1341f36ee02d) C:\Windows\system32\wbem\WmiApSrv.exe
19:13:40.0477 5288 wmiApSrv - ok
19:13:40.0477 5288 WMPNetworkSvc - ok
19:13:40.0508 5288 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll
19:13:40.0524 5288 WPCSvc - ok
19:13:40.0555 5288 WPDBusEnum (490a18b4e4d53dc10879deaa8e8b70d9) C:\Windows\system32\wpdbusenum.dll
19:13:40.0571 5288 WPDBusEnum - ok
19:13:40.0602 5288 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
19:13:40.0617 5288 WpdUsb - ok
19:13:40.0742 5288 WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
19:13:40.0758 5288 WPFFontCache_v0400 - ok
19:13:40.0758 5288 WPRO_40_1340 - ok
19:13:40.0773 5288 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
19:13:40.0789 5288 ws2ifsl - ok
19:13:40.0820 5288 wscsvc (9ea3e6d0ef7a5c2b9181961052a4b01a) C:\Windows\System32\wscsvc.dll
19:13:40.0836 5288 wscsvc - ok
19:13:40.0836 5288 WSearch - ok
19:13:40.0836 5288 WTService - ok
19:13:41.0039 5288 wuauserv (fb3796754fe00f0bdc87a36f164a5f4d) C:\Windows\system32\wuaueng.dll
19:13:41.0085 5288 wuauserv - ok
19:13:41.0210 5288 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:13:41.0241 5288 WUDFRd - ok
19:13:41.0257 5288 wudfsvc (6cbd51ff913c851d56ed9dc7f2a27dde) C:\Windows\System32\WUDFSvc.dll
19:13:41.0288 5288 wudfsvc - ok
19:13:41.0304 5288 xusb21 (38f55d07b1d3391065c40ec065f984e2) C:\Windows\system32\DRIVERS\xusb21.sys
19:13:41.0319 5288 xusb21 - ok
19:13:41.0413 5288 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
19:13:41.0429 5288 YahooAUService - ok
19:13:41.0475 5288 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
19:13:41.0787 5288 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
19:13:41.0787 5288 \Device\Harddisk0\DR0 - detected TDSS File System (1)
19:13:41.0819 5288 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR4
19:13:42.0489 5288 \Device\Harddisk1\DR4 - ok
19:13:42.0505 5288 Boot (0x1200) (2f103581a4010648c7d6a790f2dc42e4) \Device\Harddisk0\DR0\Partition0
19:13:42.0521 5288 \Device\Harddisk0\DR0\Partition0 - ok
19:13:42.0521 5288 Boot (0x1200) (424ec361e96ec87e3f8bf7c2fd5b45b2) \Device\Harddisk0\DR0\Partition1
19:13:42.0521 5288 \Device\Harddisk0\DR0\Partition1 - ok
19:13:42.0521 5288 Boot (0x1200) (905ff5c8808d549532c4f558f0d43674) \Device\Harddisk1\DR4\Partition0
19:13:42.0521 5288 \Device\Harddisk1\DR4\Partition0 - ok
19:13:42.0536 5288 Boot (0x1200) (eab693952dfc164a5355ceef9f082bde) \Device\Harddisk1\DR4\Partition1
19:13:42.0552 5288 \Device\Harddisk1\DR4\Partition1 - ok
19:13:42.0552 5288 ============================================================
19:13:42.0552 5288 Scan finished
19:13:42.0552 5288 ============================================================
19:13:42.0552 4028 Detected object count: 15
19:13:42.0552 4028 Actual detected object count: 15
19:14:23.0580 4028 AsSysCtrlService ( UnsignedFile.Multi.Generic ) - skipped by user
19:14:23.0580 4028 AsSysCtrlService ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:14:23.0580 4028 Autodesk Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
19:14:23.0580 4028 Autodesk Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:14:23.0580 4028 FMS ( UnsignedFile.Multi.Generic ) - skipped by user
19:14:23.0580 4028 FMS ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:14:23.0580 4028 FMSAdmin ( UnsignedFile.Multi.Generic ) - skipped by user
19:14:23.0580 4028 FMSAdmin ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:14:23.0595 4028 FMSHttpd ( UnsignedFile.Multi.Generic ) - skipped by user
19:14:23.0595 4028 FMSHttpd ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:14:23.0595 4028 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
19:14:23.0595 4028 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:14:23.0595 4028 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:14:23.0595 4028 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:14:23.0595 4028 HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
19:14:23.0595 4028 HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:14:23.0595 4028 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
19:14:23.0595 4028 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:14:23.0595 4028 IHA_MessageCenter ( UnsignedFile.Multi.Generic ) - skipped by user
19:14:23.0595 4028 IHA_MessageCenter ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:14:23.0595 4028 mi-raysat_3dsmax9_32 ( UnsignedFile.Multi.Generic ) - skipped by user
19:14:23.0595 4028 mi-raysat_3dsmax9_32 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:14:23.0595 4028 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
19:14:23.0595 4028 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:14:23.0595 4028 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
19:14:23.0595 4028 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:14:23.0595 4028 PS3 Media Server ( UnsignedFile.Multi.Generic ) - skipped by user
19:14:23.0595 4028 PS3 Media Server ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:14:23.0595 4028 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
19:14:23.0595 4028 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

#10 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,263 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 09 August 2012 - 09:34 PM

Run TDSSKiller again and just delete this one:

9:14:23.0595 4028 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
19:14:23.0595 4028 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip


~~~~~~~~~~~~~

Then.........

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

Gone for tonight...be back tomorrow am, MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#11 Scavengre

Scavengre

    New Member

  • Members
  • Pip
  • 14 posts

Posted 09 August 2012 - 10:25 PM

*ComboFix Log*
ComboFix 12-08-09.01 - Blue 08/09/2012 19:47:58.1.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6142.3420 [GMT -7:00]
Running from: c:\users\Blue\Desktop\ComboFix.exe
AV: STOPzilla! *Disabled/Outdated* {17032AB1-6644-0721-EEB5-A39B8B646009}
SP: STOPzilla! *Disabled/Outdated* {AC62CB55-407E-08AF-D405-98E9F0E32AB4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\D74DBDC444.sys
c:\users\Blue\AppData\Local\assembly\tmp
c:\users\Blue\AppData\Roaming\Microsoft\Windows\Recent\Aquaria.url
c:\users\Blue\AppData\Roaming\Microsoft\Windows\Recent\Dungeons of Dredmor.url
c:\windows\SysWow64\SETEF10.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-07-10 to 2012-08-10 )))))))))))))))))))))))))))))))
.
.
2012-08-10 03:09 . 2012-08-10 03:15 -------- d-----w- c:\users\Blue\AppData\Local\Temp
2012-08-10 03:06 . 2012-08-10 03:06 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-08-10 00:39 . 2012-07-03 20:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-10 00:28 . 2012-08-10 02:40 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-10 00:10 . 2012-01-12 16:28 74872 ----a-r- c:\windows\system32\drivers\sbapifs.sys
2012-08-09 23:56 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CF6C1A3A-80ED-4ADB-8A92-AC9BBFB3ECEA}\mpengine.dll
2012-08-09 21:40 . 2012-08-09 21:40 -------- d-----w- c:\users\Blue\AppData\Roaming\Malwarebytes
2012-08-09 21:40 . 2012-08-09 21:40 -------- d-----w- c:\programdata\Malwarebytes
2012-08-09 21:40 . 2012-08-10 00:39 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-09 06:32 . 2012-08-09 06:32 -------- d-----w- c:\programdata\ALM
2012-08-08 23:50 . 2012-08-08 23:50 -------- d-----w- C:\temp
2012-08-08 23:48 . 2012-08-08 23:48 -------- d-----w- c:\users\Blue\AppData\Local\Trend Micro
2012-08-08 23:44 . 2012-08-08 23:57 -------- d-----w- c:\programdata\Trend Micro
2012-08-08 23:43 . 2012-08-08 23:43 -------- d-----w- c:\program files\Trend Micro
2012-08-08 23:10 . 2012-08-09 07:46 -------- d-----w- c:\program files (x86)\Trend Micro
2012-08-08 18:27 . 2012-08-08 18:54 -------- d-----w- C:\AdobeTemp
2012-08-07 15:29 . 2012-08-07 15:29 23416 ----a-r- c:\windows\SysWow64\SZIO5.dll
2012-08-07 15:29 . 2012-08-07 15:29 546680 ----a-r- c:\windows\SysWow64\SZComp5.dll
2012-08-07 15:28 . 2012-08-07 15:28 497528 ----a-r- c:\windows\SysWow64\SZBase5.dll
2012-07-17 15:36 . 2012-07-17 15:36 29048 ----a-r- c:\windows\SysWow64\IS3XDat5.dll
2012-07-17 15:36 . 2012-07-17 15:36 231288 ----a-r- c:\windows\SysWow64\IS3Win325.dll
2012-07-17 15:36 . 2012-07-17 15:36 391032 ----a-r- c:\windows\SysWow64\IS3UI5.dll
2012-07-17 15:36 . 2012-07-17 15:36 100216 ----a-r- c:\windows\SysWow64\IS3Svc5.dll
2012-07-17 15:36 . 2012-07-17 15:36 132984 ----a-r- c:\windows\SysWow64\IS3HTUI5.dll
2012-07-17 15:36 . 2012-07-17 15:36 104312 ----a-r- c:\windows\SysWow64\IS3Inet5.dll
2012-07-17 15:36 . 2012-07-17 15:36 67448 ----a-r- c:\windows\SysWow64\IS3Hks5.dll
2012-07-17 15:36 . 2012-07-17 15:36 456568 ----a-r- c:\windows\SysWow64\IS3DBA5.dll
2012-07-17 15:36 . 2012-07-17 15:36 812920 ----a-r- c:\windows\SysWow64\IS3Base5.dll
2012-07-14 21:51 . 2012-07-14 21:53 -------- d-----w- c:\users\Blue\AppData\Roaming\TechWizard
2012-07-14 21:49 . 2012-07-14 21:49 260 ----a-w- c:\windows\SysWow64\cmdVBS.vbs
2012-07-14 21:49 . 2012-07-14 21:49 256 ----a-w- c:\windows\SysWow64\MSIevent.bat
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-10 00:39 . 2012-04-05 17:48 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-10 00:39 . 2011-05-22 17:27 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-14 19:58 . 2012-06-12 23:50 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-06-30 19:57 . 2008-08-14 14:57 86584 ----a-w- c:\windows\SysWow64\drivers\adfs.sys
2012-06-30 19:57 . 2008-06-27 14:51 86584 ----a-w- c:\windows\system32\drivers\adfs.sys
2012-06-28 01:07 . 2012-06-28 01:07 677136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-06-12 23:50 . 2012-06-12 23:50 53248 ----a-r- c:\users\Blue\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-05-31 19:25 . 2009-10-22 20:15 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Blue\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Blue\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Blue\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Blue\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-08-09 1353080]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-05-03 17355912]
"Starfield Updater"="c:\program files (x86)\Workspace\workspaceupdate.exe" [2012-06-29 34496]
"AdobeBridge"="d:\adobe\Adobe Bridge CS4\Bridge.exe" [2008-08-29 13145448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2008-12-30 17713152]
"TurboV"="c:\program files\ASUS\TurboV\TurboV.exe" [2009-01-03 5381632]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2012-06-30 611712]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
c:\users\Blue\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Trillian.lnk - c:\program files (x86)\Trillian\trillian.exe [2012-7-27 2088400]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2012-06-30 288112]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-10 250056]
S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;d:\program files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 169312]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 00:39]
.
2012-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-21 21:48]
.
2012-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-21 21:48]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Blue\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Blue\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Blue\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Blue\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\off0]
@="{8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5}"
[HKEY_CLASSES_ROOT\CLSID\{8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5}]
2012-06-29 16:02 1308432 ----a-w- c:\program files (x86)\Workspace\offsyncext64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\off1]
@="{8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5}"
[HKEY_CLASSES_ROOT\CLSID\{8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5}]
2012-06-29 16:02 1308432 ----a-w- c:\program files (x86)\Workspace\offsyncext64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MacroKeyManager"="WTMKM.exe" [2009-11-04 6103784]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2010-06-22 253288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\acaptuser64.dll
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
oracleorahome90agent
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=fiber&cd=7.0unattached&bm=ho_central
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
TCP: DhcpNameServer = 192.168.1.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Blue\AppData\Roaming\Mozilla\Firefox\Profiles\4wm73yo9.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - uTorrentControl2 Customized Web Search
FF - user.js: yahoo.homepage.dontask - true
FF - user.js: browser.sessionstore.resume_from_crash - false
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(yahoo.ytff.general.dontshowhpoffer, true
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
URLSearchHooks-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)
HKLM-Run-(Default) - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files (x86)\DivX\DivXCodecUninstall.exe
AddRemove-{8ADFC4160D694100B5B8A22DE9DCABD9} - c:\program files (x86)\DivX\DivXPlayerUninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2352975200-1827147773-36085273-1000\Software\SecuROM\License information*]
"datasecu"=hex:de,e5,1a,e2,41,8f,71,f9,cb,81,3b,8f,81,91,18,bb,ec,06,84,60,89,
fc,e4,45,60,98,df,81,4f,35,44,32,b4,90,cd,42,0b,0a,93,99,c4,af,03,07,eb,cf,\
"rkeysecu"=hex:ea,1b,ce,8d,bb,25,7d,63,d6,3d,38,67,66,f2,25,ba
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\04\01\1e\1344?"
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files\ASUS\EPU\EPU.exe
c:\program files (x86)\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe
c:\program files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Workspace\offSyncService.exe
c:\program files (x86)\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe
c:\program files (x86)\Dragon Age\tools\toolssql\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Completion time: 2012-08-09 20:22:07 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-10 03:22
.
Pre-Run: 226,197,213,184 bytes free
Post-Run: 226,189,844,480 bytes free
.
- - End Of File - - 721C15E12E8566FF2DC33EAD1EB7FF23

#12 Scavengre

Scavengre

    New Member

  • Members
  • Pip
  • 14 posts

Posted 09 August 2012 - 10:46 PM

BTW MrCharlie, Thank you for your help with this, its been most appreciated




-Steve

#13 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,263 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 10 August 2012 - 07:09 AM

Please Update and run a Quick Scan with MBAM, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#14 Scavengre

Scavengre

    New Member

  • Members
  • Pip
  • 14 posts

Posted 10 August 2012 - 10:25 AM

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.10.01

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 8.0.6001.19190
Blue :: BLUE-PC [administrator]

Protection: Disabled

8/10/2012 8:14:32 AM
mbam-log-2012-08-10 (08-14-32).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 248071
Time elapsed: 5 minute(s), 57 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



Looks clean

#15 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,263 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 10 August 2012 - 10:35 AM

How is it?? MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#16 Scavengre

Scavengre

    New Member

  • Members
  • Pip
  • 14 posts

Posted 10 August 2012 - 10:58 AM

seems to be running fine. Heavy resource programs are initializing quickly and functioning well. No adverse effects noticable

#17 Scavengre

Scavengre

    New Member

  • Members
  • Pip
  • 14 posts

Posted 10 August 2012 - 11:08 AM

Ran FutureMark (Benchmark Software to task my PC) and rebooted to verify startup.

#18 MrCharlie

MrCharlie

    Forum Deity

  • Experts
  • PipPipPipPipPipPip
  • 28,263 posts
  • Gender:Male
  • Location:So. Plainfield, New Jersey, USA

Posted 10 August 2012 - 11:15 AM

Great Posted Image

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

Posted Image

Then hit enter.
This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall)

---------------------------------

Please download OTL from one of the links below: (you may already have OTL on the system)
http://oldtimer.geekstogo.com/OTL.exe
http://oldtimer.geekstogo.com/OTL.com
http://www.itxassoci...T-Tools/OTL.exe

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, etc....

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Malware Removal Expert


Posted Image


I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Posted Image Thanks MrC & crew

#19 Scavengre

Scavengre

    New Member

  • Members
  • Pip
  • 14 posts

Posted 10 August 2012 - 11:27 AM

Thanks, would it be wise of me to pack them up into a Zip to keep for future reference?

#20 Scavengre

Scavengre

    New Member

  • Members
  • Pip
  • 14 posts

Posted 10 August 2012 - 11:29 AM

Nevermind, I just realized that I have them on a thumb drive so I can just archive them there




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users