Jump to content

Ladyrogue

Honorary Members
  • Posts

    23
  • Joined

  • Last visited

Everything posted by Ladyrogue

  1. Thank you very much. Everything is still running fine and you've left me with a sense of accomplishment I appreciate all the time you spent with me. Bernice
  2. Okay, everything is cleaned up. I've left feedback and I was wondering if you missed my question up there... Now, I have one more question relating way back to one of your first posts to me. You said that once a computer had been infected with a backdoor it's considered compromised afterwards, even after cleaning it, as we did here. Do you personally feel that is true? I use this to play WoW on and would dislike to have my account compromised. I don't use this for any online banking, just gaming, and as soon as I realized it was infected I changed passwords, while on a clean computer. Bernice
  3. VERY helpful. Spent a lot of his time helping me. Very prompt, quick replies. Thank you so very much. Clarified when I didn't know what to do... REALLY pleased.

  4. Running fine.... and I am soooo very happy you spent this time helping me. Thank you so very much.
  5. Now, I have one more question relating way back to one of your first posts to me. You said that once a computer had been infected with a backdoor it's considered compromised afterwards, even after cleaning it, as we did here. Do you personally feel that is true? I don't use this for any online banking, just gaming, and as soon as I realized it was infected I changed passwords, while on a clean computer. Bernice
  6. Malwarebytes Anti-Malware (Trial) 1.62.0.1300 www.malwarebytes.org Database version: v2012.08.10.08 Windows 7 x64 NTFS Internet Explorer 8.0.7600.16385 Bernice :: BERNICE-PC [administrator] Protection: Enabled 8/10/2012 10:51:46 PM mbam-log-2012-08-10 (22-51-46).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 208934 Time elapsed: 28 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  7. RogueKiller V7.6.6 [08/10/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7600 ) 64 bits version Started in : Normal mode User: Bernice [Admin rights] Mode: Scan -- Date: 08/10/2012 22:48:09 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 2 ¤¤¤ [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD64 01AALS-00E8B SCSI Disk Device +++++ --- User --- [MBR] de56085bf42185de9de7ddf70a5ddde3 [bSP] f7e93078e80b07ffdd0bd575fae681f7 : Windows 7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 610378 Mo User = LL1 ... OK! Error reading LL2 MBR! +++++ PhysicalDrive1: USB2.0 Flash Disk USB Device +++++ --- User --- [MBR] e64970a9a28ec698d6f98018f36970b7 [bSP] 77941ca9d28c9f93d61142f8e2803fb7 : Standard MBR Code Partition table: 0 - [ACTIVE] FAT16 (0x06) [VISIBLE] Offset (sectors): 32 | Size: 123 Mo User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[3].txt >> RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt
  8. Scan result of Farbar Recovery Scan Tool Version: 09-08-2012 Ran by SYSTEM at 10-08-2012 22:34:35 Running from F:\ Windows 7 Home Premium (X64) OS Language: English(US) The current controlset is ControlSet001 ========================== Registry (Whitelisted) ============= HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7833120 2009-05-22] (Realtek Semiconductor) HKLM\...\Run: [skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-05-22] (Realtek Semiconductor Corp.) HKLM-x32\...\Run: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL [x] HKLM-x32\...\Run: [CTHelper] CTHELPER.EXE [x] HKLM-x32\...\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s [85160 2009-06-17] (Elaborate Bytes AG) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated) HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation) HKU\Bernice\...\Run: [DevconDefaultDB] C:\Windows\system32\readreg /PSCONV={NO} /FAIL=1 [x] HKU\Bernice\...\Run: [googletalk] C:\Users\Bernice\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart [3739648 2007-01-01] (Google) Tcpip\Parameters: [DhcpNameServer] 209.206.136.8 207.230.192.251 Startup: C:\Users\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.) ==================== Services (Whitelisted) ====== 2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [625184 2009-04-19] () 2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation) 3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe" [227232 2010-01-15] (McAfee, Inc.) 2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [207904 2009-04-19] () ========================== Drivers (Whitelisted) ============= 3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation) 3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-28] () 3 NVNET; C:\Windows\System32\DRIVERS\nvmf6264.sys [339360 2009-04-30] (NVIDIA Corporation) 3 catchme; \??\C:\ComboFix\catchme.sys [x] ========================== NetSvcs (Whitelisted) =========== ============ One Month Created Files and Folders ============== 2012-08-10 20:09 - 2012-08-10 20:09 - 00000000 ____D C:\FRST 2012-08-10 18:15 - 2012-08-10 18:15 - 00019205 ____A C:\ComboFix.txt 2012-08-10 17:49 - 2012-08-10 18:05 - 00000000 ____D C:\TDSSKiller_Quarantine 2012-08-10 17:45 - 2012-08-10 17:46 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\Bernice\Desktop\tdsskiller.exe 2012-08-10 17:41 - 2012-08-10 17:41 - 00001650 ____A C:\Users\Bernice\Desktop\RKreport[2].txt 2012-08-10 16:49 - 2012-08-10 18:15 - 00000000 ____D C:\Qoobox 2012-08-10 16:49 - 2012-08-10 16:59 - 00000000 ____D C:\Windows\erdnt 2012-08-10 16:49 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe 2012-08-10 16:49 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe 2012-08-10 16:49 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe 2012-08-10 16:49 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe 2012-08-10 16:49 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe 2012-08-10 16:49 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe 2012-08-10 16:49 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe 2012-08-10 16:49 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe 2012-08-10 16:43 - 2012-08-10 16:43 - 04728003 ____R (Swearware) C:\Users\Bernice\Desktop\ComboFix.exe 2012-08-10 15:47 - 2012-08-10 15:47 - 01439703 ____A (Farbar) C:\Users\Bernice\Downloads\FRST64.exe 2012-08-10 15:35 - 2012-08-10 15:35 - 00001753 ____A C:\Users\Bernice\Desktop\RKreport[1].txt 2012-08-10 15:34 - 2012-08-10 17:41 - 00000000 ____D C:\Users\Bernice\Desktop\RK_Quarantine 2012-08-10 15:33 - 2012-08-10 15:33 - 01558528 ____A C:\Users\Bernice\Desktop\RogueKiller.exe 2012-08-10 15:29 - 2012-08-10 15:28 - 00607260 ____R (Swearware) C:\Users\Bernice\Desktop\dds.com 2012-08-10 15:28 - 2012-08-10 15:27 - 00607260 ____R (Swearware) C:\Users\Bernice\Desktop\dds.scr 2012-08-10 05:13 - 2012-08-10 05:13 - 00001169 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2012-08-09 17:25 - 2012-08-09 17:25 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA% 2012-08-07 07:21 - 2012-08-07 07:21 - 00001580 ____A C:\Users\Bernice\Desktop\Peanut butter chicken.txt 2012-08-04 16:02 - 2012-08-04 16:02 - 01124103 ____A C:\Users\Bernice\Downloads\DBM-4.10.14-r7705-Core-and-Cataclysm-Mods.zip 2012-08-02 07:05 - 2012-08-02 07:05 - 02294253 ____A C:\Users\Bernice\Downloads\Grail-035.zip 2012-08-02 07:04 - 2012-08-02 07:04 - 00039092 ____A C:\Users\Bernice\Downloads\Wholly-021.zip 2012-07-28 09:31 - 2012-07-28 09:31 - 00165248 ____A (ArenaNet) C:\Users\Bernice\Downloads\GwSetup.exe 2012-07-24 19:28 - 2012-07-24 19:28 - 48351232 ____A C:\Users\Bernice\Downloads\calibre-0.8.61.msi 2012-07-24 05:52 - 2012-07-24 05:52 - 00000000 ____D C:\Windows\Sun ============ 3 Months Modified Files ======================== 2012-08-10 18:32 - 2010-12-20 15:44 - 01206317 ____A C:\Windows\WindowsUpdate.log 2012-08-10 18:20 - 2012-05-04 13:50 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2012-08-10 18:15 - 2012-08-10 18:15 - 00019205 ____A C:\ComboFix.txt 2012-08-10 18:14 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini 2012-08-10 17:58 - 2009-07-13 20:45 - 00015024 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2012-08-10 17:58 - 2009-07-13 20:45 - 00015024 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2012-08-10 17:56 - 2009-07-13 21:13 - 00726270 ____A C:\Windows\System32\PerfStringBackup.INI 2012-08-10 17:51 - 2009-07-13 21:08 - 00032652 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2012-08-10 17:51 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-08-10 17:51 - 2009-07-13 20:51 - 00040649 ____A C:\Windows\setupact.log 2012-08-10 17:46 - 2012-08-10 17:45 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\Bernice\Desktop\tdsskiller.exe 2012-08-10 17:41 - 2012-08-10 17:41 - 00001650 ____A C:\Users\Bernice\Desktop\RKreport[2].txt 2012-08-10 16:55 - 2011-02-07 16:24 - 00006556 ____A C:\Windows\PFRO.log 2012-08-10 16:43 - 2012-08-10 16:43 - 04728003 ____R (Swearware) C:\Users\Bernice\Desktop\ComboFix.exe 2012-08-10 15:47 - 2012-08-10 15:47 - 01439703 ____A (Farbar) C:\Users\Bernice\Downloads\FRST64.exe 2012-08-10 15:35 - 2012-08-10 15:35 - 00001753 ____A C:\Users\Bernice\Desktop\RKreport[1].txt 2012-08-10 15:33 - 2012-08-10 15:33 - 01558528 ____A C:\Users\Bernice\Desktop\RogueKiller.exe 2012-08-10 15:28 - 2012-08-10 15:29 - 00607260 ____R (Swearware) C:\Users\Bernice\Desktop\dds.com 2012-08-10 15:27 - 2012-08-10 15:28 - 00607260 ____R (Swearware) C:\Users\Bernice\Desktop\dds.scr 2012-08-10 05:13 - 2012-08-10 05:13 - 00001169 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2012-08-07 07:21 - 2012-08-07 07:21 - 00001580 ____A C:\Users\Bernice\Desktop\Peanut butter chicken.txt 2012-08-04 16:02 - 2012-08-04 16:02 - 01124103 ____A C:\Users\Bernice\Downloads\DBM-4.10.14-r7705-Core-and-Cataclysm-Mods.zip 2012-08-02 22:20 - 2012-05-04 13:50 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2012-08-02 22:20 - 2011-05-25 15:25 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2012-08-02 07:05 - 2012-08-02 07:05 - 02294253 ____A C:\Users\Bernice\Downloads\Grail-035.zip 2012-08-02 07:04 - 2012-08-02 07:04 - 00039092 ____A C:\Users\Bernice\Downloads\Wholly-021.zip 2012-07-28 09:31 - 2012-07-28 09:31 - 00165248 ____A (ArenaNet) C:\Users\Bernice\Downloads\GwSetup.exe 2012-07-24 19:31 - 2012-02-12 18:51 - 00001016 ____A C:\Users\Public\Desktop\calibre - E-book management.lnk 2012-07-24 19:28 - 2012-07-24 19:28 - 48351232 ____A C:\Users\Bernice\Downloads\calibre-0.8.61.msi 2012-07-10 23:18 - 2009-07-13 20:45 - 00289152 ____A C:\Windows\System32\FNTCACHE.DAT 2012-07-10 23:00 - 2010-12-20 16:26 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2012-07-10 20:59 - 2012-07-10 20:57 - 108835088 ____A C:\Users\Bernice\Downloads\PRS-T1_Updater_1.0.04.12210(1).exe 2012-07-05 06:21 - 2010-12-26 19:07 - 00540672 __ASH C:\Users\Bernice\Documents\Thumbs.db 2012-07-05 06:17 - 2012-07-05 06:17 - 00011761 ____A C:\Users\Bernice\Documents\Shea.odt 2012-07-03 09:46 - 2011-02-07 06:55 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-06-24 07:10 - 2012-06-24 07:10 - 47520256 ____A C:\Users\Bernice\Downloads\calibre-0.8.57.msi 2012-06-15 03:20 - 2012-06-15 03:19 - 47544304 ____A C:\Users\Bernice\Downloads\calibre-0.8.56.msi 2012-06-11 19:02 - 2012-07-10 23:02 - 03147264 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-06-08 21:30 - 2012-07-10 21:45 - 14165504 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll 2012-06-08 20:46 - 2012-07-10 21:45 - 12868608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2012-06-07 16:25 - 2012-06-07 16:25 - 01124103 ____A C:\Users\Bernice\Downloads\DBM-4.10.12-r7536-Core-and-Cataclysm-Mods.zip 2012-06-07 06:17 - 2012-06-07 06:17 - 00010075 ____A C:\Users\Bernice\Downloads\BittensSpellFlashLibrary-2.11.1.zip 2012-06-06 19:58 - 2012-06-06 19:58 - 00007862 ____A C:\Users\Bernice\Downloads\BittensSpellFlash_Priest-2.1.0.zip 2012-06-06 19:57 - 2012-06-06 19:57 - 00074891 ____A C:\Users\Bernice\Downloads\SpellFlash-5.162.zip 2012-06-05 21:50 - 2012-07-10 21:45 - 02003968 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll 2012-06-05 21:50 - 2012-07-10 21:45 - 01880064 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll 2012-06-05 21:09 - 2012-07-10 21:45 - 01389568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2012-06-05 21:09 - 2012-07-10 21:45 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2012-06-02 14:19 - 2012-06-21 17:49 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll 2012-06-02 14:19 - 2012-06-21 17:49 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll 2012-06-02 14:19 - 2012-06-21 17:49 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe 2012-06-02 14:19 - 2012-06-21 17:49 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll 2012-06-02 14:19 - 2012-06-21 17:49 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll 2012-06-02 14:15 - 2012-06-21 17:49 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll 2012-06-02 14:15 - 2012-06-21 17:49 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll 2012-06-02 11:19 - 2012-06-21 17:49 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll 2012-06-02 11:15 - 2012-06-21 17:49 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe 2012-06-01 21:38 - 2012-07-10 21:45 - 00152432 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys 2012-06-01 21:38 - 2012-07-10 21:45 - 00095088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys 2012-06-01 21:37 - 2012-07-10 21:45 - 00459216 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys 2012-06-01 21:27 - 2012-07-10 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll 2012-06-01 21:27 - 2012-07-10 21:45 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll 2012-06-01 20:48 - 2012-07-10 21:45 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2012-06-01 20:48 - 2012-07-10 21:45 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2012-06-01 20:47 - 2012-07-10 21:45 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2012-06-01 20:42 - 2012-07-10 21:45 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2012-05-31 08:25 - 2010-12-20 16:04 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe 2012-05-20 09:15 - 2012-05-20 09:15 - 04720082 ____A (Skylabs) C:\Users\Bernice\Downloads\OCTGN 3.0.1.6.exe 2012-05-14 19:56 - 2012-06-12 15:17 - 01197568 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-05-14 19:52 - 2012-06-12 15:17 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-05-14 19:08 - 2012-06-12 15:17 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2012-05-14 19:06 - 2012-06-12 15:17 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2012-05-14 08:57 - 2012-05-14 08:57 - 00001249 ____A C:\Users\Public\Desktop\Diablo III.lnk 2012-05-14 08:53 - 2012-05-14 08:53 - 32288896 ____A (Blizzard Entertainment) C:\Users\Bernice\Downloads\Diablo-III-Setup-enUS.exe 2012-05-14 06:24 - 2012-05-14 06:24 - 07336648 ____A (Blizzard Entertainment) C:\Users\Bernice\Downloads\Diablo-III-8370-enUS-Installer-downloader(1).exe ========================= Known DLLs (Whitelisted) ============ ========================= Bamital & volsnap Check ============ C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ========================= Memory info ====================== Percentage of memory in use: 14% Total physical RAM: 4094.55 MB Available physical RAM: 3494.01 MB Total Pagefile: 4092.7 MB Available Pagefile: 3484.54 MB Total Virtual: 8192 MB Available Virtual: 8191.9 MB ======================= Partitions ========================= 2 Drive c: () (Fixed) (Total:596.07 GB) (Free:457.34 GB) NTFS 4 Drive f: (FLASH DRIVE) (Removable) (Total:0.12 GB) (Free:0.12 GB) FAT 5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS 6 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)] Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 596 GB 0 B Disk 1 Online 123 MB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 100 MB 1024 KB Partition 2 Primary 596 GB 101 MB ================================================================================== Disk: 0 Partition 1 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 Y System Rese NTFS Partition 100 MB Healthy ================================================================================== Disk: 0 Partition 2 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C NTFS Partition 596 GB Healthy ================================================================================== Partitions of Disk 1: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 123 MB 16 KB ================================================================================== Disk: 1 Partition 1 Type : 06 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 F FLASH DRIVE FAT Removable 123 MB Healthy ================================================================================== Last Boot: 2012-08-06 20:59 ======================= End Of Log ========================== arbar Recovery Scan Tool Version: 09-08-2012 Ran by SYSTEM at 2012-08-10 22:38:43 Running from F:\ ================== Search: "services.exe" =================== C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB C:\Windows\System32\services.exe [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB C:\Windows\erdnt\cache64\services.exe [2012-08-10 16:59] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB C:\FRST\Quarantine\services.exe [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06 ====== End Of Search ====== I'm getting better at this... goes faster
  9. ComboFix 12-08-09.01 - Bernice 08/10/2012 22:10:04.2.2 - x64 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4095.2861 [GMT -4:00] Running from: c:\users\Bernice\Desktop\ComboFix.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-07-11 to 2012-08-11 ))))))))))))))))))))))))))))))) . . 2012-08-11 04:09 . 2012-08-11 04:09 -------- d-----w- C:\FRST 2012-08-11 02:14 . 2012-08-11 02:14 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-08-11 02:14 . 2012-08-11 02:14 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2012-08-10 01:25 . 2012-08-10 01:25 -------- d-sh--w- c:\windows\SysWow64\%APPDATA% 2012-08-07 07:16 . 2012-08-07 07:16 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B033D555-B4ED-4EDC-9523-66351C4A87D4}\offreg.dll 2012-08-07 07:15 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B033D555-B4ED-4EDC-9523-66351C4A87D4}\mpengine.dll 2012-07-24 13:52 . 2012-07-24 13:52 -------- d-----w- c:\windows\Sun . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-03 06:20 . 2012-05-04 21:50 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-08-03 06:20 . 2011-05-25 23:25 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-11 07:00 . 2010-12-21 00:26 59701280 ----a-w- c:\windows\system32\MRT.exe 2012-07-03 17:46 . 2011-02-07 14:55 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-12 03:02 . 2012-07-11 07:02 3147264 ----a-w- c:\windows\system32\win32k.sys 2012-06-09 05:30 . 2012-07-11 05:45 14165504 ----a-w- c:\windows\system32\shell32.dll 2012-06-06 05:50 . 2012-07-11 05:45 2003968 ----a-w- c:\windows\system32\msxml6.dll 2012-06-06 05:50 . 2012-07-11 05:45 1880064 ----a-w- c:\windows\system32\msxml3.dll 2012-06-06 05:09 . 2012-07-11 05:45 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll 2012-06-06 05:09 . 2012-07-11 05:45 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll 2012-06-02 22:19 . 2012-06-22 01:49 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-02 22:19 . 2012-06-22 01:49 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 22:19 . 2012-06-22 01:49 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 22:19 . 2012-06-22 01:49 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 22:19 . 2012-06-22 01:49 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 22:15 . 2012-06-22 01:49 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:15 . 2012-06-22 01:49 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 19:19 . 2012-06-22 01:49 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 19:15 . 2012-06-22 01:49 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-02 05:38 . 2012-07-11 05:45 95088 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-06-02 05:38 . 2012-07-11 05:45 152432 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2012-06-02 05:37 . 2012-07-11 05:45 459216 ----a-w- c:\windows\system32\drivers\cng.sys 2012-06-02 05:27 . 2012-07-11 05:45 340992 ----a-w- c:\windows\system32\schannel.dll 2012-06-02 05:27 . 2012-07-11 05:45 307200 ----a-w- c:\windows\system32\ncrypt.dll 2012-06-02 04:48 . 2012-07-11 05:45 22016 ----a-w- c:\windows\SysWow64\secur32.dll 2012-06-02 04:48 . 2012-07-11 05:45 225280 ----a-w- c:\windows\SysWow64\schannel.dll 2012-06-02 04:47 . 2012-07-11 05:45 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll 2012-06-02 04:42 . 2012-07-11 05:45 96768 ----a-w- c:\windows\SysWow64\sspicli.dll 2012-05-31 16:25 . 2010-12-21 00:04 279656 ------w- c:\windows\system32\MpSigStub.exe 2012-05-15 03:56 . 2012-06-12 23:17 1197568 ----a-w- c:\windows\system32\wininet.dll 2012-05-15 03:52 . 2012-06-12 23:17 64512 ----a-w- c:\windows\system32\jsproxy.dll 2012-05-15 03:08 . 2012-06-12 23:17 981504 ----a-w- c:\windows\SysWow64\wininet.dll . . ((((((((((((((((((((((((((((( SnapShot@2012-08-11_00.56.29 ))))))))))))))))))))))))))))))))))))))))) . + 2012-07-18 00:27 . 2012-08-11 01:37 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat - 2012-07-18 00:27 . 2012-08-11 00:38 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat - 2012-07-18 00:27 . 2012-08-11 00:38 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat + 2012-07-18 00:27 . 2012-08-11 01:37 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat + 2010-12-21 00:10 . 2012-08-11 01:53 27862 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-08-11 01:53 37674 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2010-12-21 00:01 . 2012-08-11 01:53 10384 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3792743543-1171466682-3431947034-1001_UserData.bin - 2010-12-21 15:42 . 2012-08-10 01:15 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-12-21 15:42 . 2012-08-11 00:59 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-12-21 15:42 . 2012-08-10 01:15 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2010-12-21 15:42 . 2012-08-11 00:59 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2012-08-10 01:15 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2012-08-11 00:59 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2010-12-20 23:52 . 2012-08-11 00:56 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-12-20 23:52 . 2012-08-11 01:52 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-12-20 23:52 . 2012-08-11 01:52 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2010-12-20 23:52 . 2012-08-11 00:56 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2010-12-20 23:52 . 2012-08-11 00:56 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-12-20 23:52 . 2012-08-11 01:52 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-12-20 23:52 . 2012-08-11 02:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-12-20 23:52 . 2012-08-11 00:56 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-12-20 23:52 . 2012-08-11 02:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2010-12-20 23:52 . 2012-08-11 00:56 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2011-01-02 21:17 . 2012-08-10 13:21 4152 c:\windows\system32\wdi\ERCQueuedResolutions.dat + 2011-01-02 21:17 . 2012-08-11 01:35 4152 c:\windows\system32\wdi\ERCQueuedResolutions.dat + 2012-08-11 01:51 . 2012-08-11 01:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-08-11 00:56 . 2012-08-11 00:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2012-08-11 01:51 . 2012-08-11 01:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2009-07-14 04:54 . 2012-08-11 01:37 245760 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-07-14 04:54 . 2012-08-11 00:57 245760 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:54 . 2012-08-11 01:37 933888 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 02:36 . 2012-08-11 01:56 624162 c:\windows\system32\perfh009.dat - 2009-07-14 02:36 . 2012-08-11 00:41 624162 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2012-08-11 01:56 106538 c:\windows\system32\perfc009.dat - 2009-07-14 02:36 . 2012-08-11 00:41 106538 c:\windows\system32\perfc009.dat - 2009-07-14 05:01 . 2012-08-11 00:55 274392 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2012-08-11 01:51 274392 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2009-07-14 04:54 . 2012-08-11 00:57 2637824 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2012-08-11 01:37 2637824 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 02:34 . 2012-08-10 01:28 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT + 2009-07-14 02:34 . 2012-08-11 02:04 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT + 2011-03-09 08:16 . 2012-08-11 01:51 39228664 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3792743543-1171466682-3431947034-1001-8192.dat - 2011-03-09 08:16 . 2012-08-11 00:55 39228664 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3792743543-1171466682-3431947034-1001-8192.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DevconDefaultDB"="c:\windows\system32\readreg" [X] "googletalk"="c:\users\Bernice\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "AsioThk32Reg"="CTASIO.DLL" [2010-03-19 47104] "CTHelper"="CTHELPER.EXE" [2010-03-19 19456] "VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-03 250056] R3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.SYS [2010-03-19 158808] R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-12-21 79360] R3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.SYS [2010-03-19 706648] R3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\System32\drivers\CTERFXFX.SYS [2010-03-19 141912] R3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.SYS [2010-03-19 141912] R3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.SYS [2010-03-19 681048] R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-20 113120] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-21 1255736] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2010-11-09 21992] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256] S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\System32\drivers\COMMONFX.SYS [2010-03-19 158808] S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\System32\drivers\CTAUDFX.SYS [2010-03-19 706648] S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\System32\drivers\CTSBLFX.SYS [2010-03-19 681048] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - 27524474 *Deregistered* - 27524474 . Contents of the 'Scheduled Tasks' folder . 2012-08-11 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-04 06:20] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-05-23 7833120] "Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-05-23 1833504] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 LSP: %SYSTEMROOT%\system32\nvLsp.dll TCP: DhcpNameServer = 209.206.136.8 207.230.192.251 FF - ProfilePath - c:\users\Bernice\AppData\Roaming\Mozilla\Firefox\Profiles\r60pnj1e.default\ FF - prefs.js: browser.startup.homepage - about:blank FF - user.js: yahoo.ytff.general.dontshowhpoffer - true . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-08-10 22:15:32 ComboFix-quarantined-files.txt 2012-08-11 02:15 ComboFix2.txt 2012-08-11 01:00 . Pre-Run: 491,014,553,600 bytes free Post-Run: 490,952,941,568 bytes free . - - End Of File - - EC280633042C5C0D78E4F0DB9A9CFD2C
  10. I don't see an option on here to attach files, so I'm sorry, but gonna paste again, as I have done all along. 22:03:58.0968 2352 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32 22:03:59.0482 2352 ============================================================ 22:03:59.0482 2352 Current date / time: 2012/08/10 22:03:59.0482 22:03:59.0482 2352 SystemInfo: 22:03:59.0482 2352 22:03:59.0482 2352 OS Version: 6.1.7600 ServicePack: 0.0 22:03:59.0482 2352 Product type: Workstation 22:03:59.0482 2352 ComputerName: BERNICE-PC 22:03:59.0482 2352 UserName: Bernice 22:03:59.0482 2352 Windows directory: C:\Windows 22:03:59.0482 2352 System windows directory: C:\Windows 22:03:59.0482 2352 Running under WOW64 22:03:59.0482 2352 Processor architecture: Intel x64 22:03:59.0482 2352 Number of processors: 2 22:03:59.0482 2352 Page size: 0x1000 22:03:59.0482 2352 Boot type: Normal boot 22:03:59.0482 2352 ============================================================ 22:04:00.0262 2352 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x14301, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040 22:04:00.0262 2352 Drive \Device\Harddisk1\DR1 - Size: 0x7B60000 (0.12 Gb), SectorSize: 0x200, Cylinders: 0xF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 22:04:00.0262 2352 ============================================================ 22:04:00.0262 2352 \Device\Harddisk0\DR0: 22:04:00.0262 2352 MBR partitions: 22:04:00.0262 2352 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 22:04:00.0262 2352 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x4A825000 22:04:00.0262 2352 \Device\Harddisk1\DR1: 22:04:00.0262 2352 MBR partitions: 22:04:00.0262 2352 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x3DAE0 22:04:00.0262 2352 ============================================================ 22:04:00.0294 2352 C: <-> \Device\Harddisk0\DR0\Partition1 22:04:00.0294 2352 ============================================================ 22:04:00.0294 2352 Initialize success 22:04:00.0294 2352 ============================================================ 22:04:07.0594 2140 ============================================================ 22:04:07.0594 2140 Scan started 22:04:07.0594 2140 Mode: Manual; SigCheck; TDLFS; 22:04:07.0594 2140 ============================================================ 22:04:08.0125 2140 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys 22:04:08.0218 2140 1394ohci - ok 22:04:08.0250 2140 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys 22:04:08.0265 2140 ACPI - ok 22:04:08.0265 2140 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys 22:04:08.0328 2140 AcpiPmi - ok 22:04:08.0390 2140 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 22:04:08.0406 2140 AdobeARMservice - ok 22:04:08.0499 2140 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 22:04:08.0515 2140 AdobeFlashPlayerUpdateSvc - ok 22:04:08.0562 2140 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 22:04:08.0577 2140 adp94xx - ok 22:04:08.0624 2140 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 22:04:08.0624 2140 adpahci - ok 22:04:08.0640 2140 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 22:04:08.0655 2140 adpu320 - ok 22:04:08.0671 2140 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll 22:04:08.0780 2140 AeLookupSvc - ok 22:04:08.0827 2140 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys 22:04:08.0874 2140 AFD - ok 22:04:08.0889 2140 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys 22:04:08.0905 2140 agp440 - ok 22:04:08.0920 2140 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe 22:04:08.0967 2140 ALG - ok 22:04:08.0983 2140 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys 22:04:08.0983 2140 aliide - ok 22:04:08.0998 2140 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys 22:04:08.0998 2140 amdide - ok 22:04:09.0014 2140 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 22:04:09.0045 2140 AmdK8 - ok 22:04:09.0045 2140 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 22:04:09.0061 2140 AmdPPM - ok 22:04:09.0092 2140 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys 22:04:09.0108 2140 amdsata - ok 22:04:09.0123 2140 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 22:04:09.0139 2140 amdsbs - ok 22:04:09.0154 2140 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys 22:04:09.0154 2140 amdxata - ok 22:04:09.0186 2140 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys 22:04:09.0232 2140 AppID - ok 22:04:09.0248 2140 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll 22:04:09.0279 2140 AppIDSvc - ok 22:04:09.0295 2140 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll 22:04:09.0310 2140 Appinfo - ok 22:04:09.0342 2140 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 22:04:09.0342 2140 arc - ok 22:04:09.0357 2140 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 22:04:09.0373 2140 arcsas - ok 22:04:09.0373 2140 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 22:04:09.0404 2140 AsyncMac - ok 22:04:09.0420 2140 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys 22:04:09.0435 2140 atapi - ok 22:04:09.0466 2140 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll 22:04:09.0498 2140 AudioEndpointBuilder - ok 22:04:09.0513 2140 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll 22:04:09.0544 2140 AudioSrv - ok 22:04:09.0560 2140 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll 22:04:09.0576 2140 AxInstSV - ok 22:04:09.0622 2140 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 22:04:09.0654 2140 b06bdrv - ok 22:04:09.0685 2140 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 22:04:09.0716 2140 b57nd60a - ok 22:04:09.0747 2140 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll 22:04:09.0778 2140 BDESVC - ok 22:04:09.0778 2140 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 22:04:09.0825 2140 Beep - ok 22:04:09.0856 2140 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll 22:04:09.0903 2140 BFE - ok 22:04:09.0919 2140 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 22:04:09.0950 2140 blbdrive - ok 22:04:09.0966 2140 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys 22:04:09.0981 2140 bowser - ok 22:04:09.0997 2140 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 22:04:10.0012 2140 BrFiltLo - ok 22:04:10.0012 2140 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 22:04:10.0028 2140 BrFiltUp - ok 22:04:10.0153 2140 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys 22:04:10.0184 2140 BridgeMP - ok 22:04:10.0215 2140 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll 22:04:10.0246 2140 Browser - ok 22:04:10.0262 2140 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 22:04:10.0293 2140 Brserid - ok 22:04:10.0309 2140 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 22:04:10.0324 2140 BrSerWdm - ok 22:04:10.0324 2140 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 22:04:10.0340 2140 BrUsbMdm - ok 22:04:10.0340 2140 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 22:04:10.0371 2140 BrUsbSer - ok 22:04:10.0387 2140 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 22:04:10.0402 2140 BTHMODEM - ok 22:04:10.0434 2140 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll 22:04:10.0465 2140 bthserv - ok 22:04:10.0465 2140 catchme - ok 22:04:10.0480 2140 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 22:04:10.0512 2140 cdfs - ok 22:04:10.0543 2140 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys 22:04:10.0558 2140 cdrom - ok 22:04:10.0574 2140 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll 22:04:10.0605 2140 CertPropSvc - ok 22:04:10.0621 2140 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 22:04:10.0636 2140 circlass - ok 22:04:10.0652 2140 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 22:04:10.0668 2140 CLFS - ok 22:04:10.0714 2140 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 22:04:10.0730 2140 clr_optimization_v2.0.50727_32 - ok 22:04:10.0777 2140 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 22:04:10.0792 2140 clr_optimization_v2.0.50727_64 - ok 22:04:10.0839 2140 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 22:04:10.0839 2140 clr_optimization_v4.0.30319_32 - ok 22:04:10.0870 2140 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 22:04:10.0870 2140 clr_optimization_v4.0.30319_64 - ok 22:04:10.0902 2140 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 22:04:10.0917 2140 CmBatt - ok 22:04:10.0933 2140 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys 22:04:10.0948 2140 cmdide - ok 22:04:10.0980 2140 CNG (ca7720b73446fddec5c69519c1174c98) C:\Windows\system32\Drivers\cng.sys 22:04:10.0995 2140 CNG - ok 22:04:11.0026 2140 COMMONFX (f38acff40e9edc2b3476edd724cea4a0) C:\Windows\system32\drivers\COMMONFX.SYS 22:04:11.0042 2140 COMMONFX - ok 22:04:11.0042 2140 COMMONFX.SYS (f38acff40e9edc2b3476edd724cea4a0) C:\Windows\System32\drivers\COMMONFX.SYS 22:04:11.0042 2140 COMMONFX.SYS - ok 22:04:11.0058 2140 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 22:04:11.0073 2140 Compbatt - ok 22:04:11.0073 2140 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys 22:04:11.0104 2140 CompositeBus - ok 22:04:11.0104 2140 COMSysApp - ok 22:04:11.0136 2140 cpuz135 (262969a3fab32b9e17e63e2d17a57744) C:\Windows\system32\drivers\cpuz135_x64.sys 22:04:11.0136 2140 cpuz135 - ok 22:04:11.0151 2140 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 22:04:11.0167 2140 crcdisk - ok 22:04:11.0198 2140 Creative Audio Engine Licensing Service (c0ead9f8ab83d41ff07303c75589c2b8) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe 22:04:11.0214 2140 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - warning 22:04:11.0214 2140 Creative Audio Engine Licensing Service - detected UnsignedFile.Multi.Generic (1) 22:04:11.0245 2140 CryptSvc (f02786b66375292e58c8777082d4396d) C:\Windows\system32\cryptsvc.dll 22:04:11.0276 2140 CryptSvc - ok 22:04:11.0307 2140 ctac32k (095c566746217cd1482ede40a70d87d2) C:\Windows\system32\drivers\ctac32k.sys 22:04:11.0323 2140 ctac32k - ok 22:04:11.0370 2140 ctaud2k (157e2196fccd002a2edf3b06df7b0c9a) C:\Windows\system32\drivers\ctaud2k.sys 22:04:11.0385 2140 ctaud2k - ok 22:04:11.0416 2140 CTAUDFX (17979ee857e930cbfdf24a12e89d77a1) C:\Windows\system32\drivers\CTAUDFX.SYS 22:04:11.0432 2140 CTAUDFX - ok 22:04:11.0432 2140 CTAUDFX.SYS (17979ee857e930cbfdf24a12e89d77a1) C:\Windows\System32\drivers\CTAUDFX.SYS 22:04:11.0448 2140 CTAUDFX.SYS - ok 22:04:11.0479 2140 CTAudSvcService (5ce3d0e1d1b3832ee052cfc442eee0fa) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe 22:04:11.0494 2140 CTAudSvcService ( UnsignedFile.Multi.Generic ) - warning 22:04:11.0494 2140 CTAudSvcService - detected UnsignedFile.Multi.Generic (1) 22:04:11.0510 2140 CTERFXFX (fe3eae37536c02d087e5c5d339663779) C:\Windows\system32\drivers\CTERFXFX.SYS 22:04:11.0526 2140 CTERFXFX - ok 22:04:11.0526 2140 CTERFXFX.SYS (fe3eae37536c02d087e5c5d339663779) C:\Windows\System32\drivers\CTERFXFX.SYS 22:04:11.0541 2140 CTERFXFX.SYS - ok 22:04:11.0541 2140 ctprxy2k (4e4fdab4a7cf5af56e3fa1fe35e8ad3c) C:\Windows\system32\drivers\ctprxy2k.sys 22:04:11.0557 2140 ctprxy2k - ok 22:04:11.0588 2140 CTSBLFX (4a7de2e30b2b9253933a157401ec76d5) C:\Windows\system32\drivers\CTSBLFX.SYS 22:04:11.0604 2140 CTSBLFX - ok 22:04:11.0604 2140 CTSBLFX.SYS (4a7de2e30b2b9253933a157401ec76d5) C:\Windows\System32\drivers\CTSBLFX.SYS 22:04:11.0619 2140 CTSBLFX.SYS - ok 22:04:11.0635 2140 ctsfm2k (065ade032a044d518ab1407d3586b7d5) C:\Windows\system32\drivers\ctsfm2k.sys 22:04:11.0650 2140 ctsfm2k - ok 22:04:11.0697 2140 DAUpdaterSvc (80861969541971176e005d2c09dae851) C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe 22:04:11.0697 2140 DAUpdaterSvc - ok 22:04:11.0744 2140 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll 22:04:11.0775 2140 DcomLaunch - ok 22:04:11.0822 2140 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll 22:04:11.0853 2140 defragsvc - ok 22:04:11.0869 2140 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys 22:04:11.0916 2140 DfsC - ok 22:04:11.0947 2140 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll 22:04:11.0994 2140 Dhcp - ok 22:04:11.0994 2140 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 22:04:12.0040 2140 discache - ok 22:04:12.0056 2140 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 22:04:12.0072 2140 Disk - ok 22:04:12.0103 2140 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll 22:04:12.0118 2140 Dnscache - ok 22:04:12.0150 2140 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll 22:04:12.0181 2140 dot3svc - ok 22:04:12.0196 2140 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll 22:04:12.0228 2140 DPS - ok 22:04:12.0259 2140 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 22:04:12.0274 2140 drmkaud - ok 22:04:12.0337 2140 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys 22:04:12.0352 2140 DXGKrnl - ok 22:04:12.0368 2140 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll 22:04:12.0399 2140 EapHost - ok 22:04:12.0571 2140 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 22:04:12.0633 2140 ebdrv - ok 22:04:12.0711 2140 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe 22:04:12.0742 2140 EFS - ok 22:04:12.0805 2140 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe 22:04:12.0820 2140 ehRecvr - ok 22:04:12.0852 2140 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe 22:04:12.0852 2140 ehSched - ok 22:04:12.0898 2140 ElbyCDIO (9a47ac3dfcf81d30922cdaaf1c2d579f) C:\Windows\system32\Drivers\ElbyCDIO.sys 22:04:12.0914 2140 ElbyCDIO - ok 22:04:12.0945 2140 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 22:04:12.0976 2140 elxstor - ok 22:04:12.0992 2140 emupia (f380ff5d6d80cecc6dbbc15569757613) C:\Windows\system32\drivers\emupia2k.sys 22:04:13.0008 2140 emupia - ok 22:04:13.0008 2140 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys 22:04:13.0039 2140 ErrDev - ok 22:04:13.0070 2140 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll 22:04:13.0101 2140 EventSystem - ok 22:04:13.0132 2140 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 22:04:13.0148 2140 exfat - ok 22:04:13.0179 2140 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 22:04:13.0210 2140 fastfat - ok 22:04:13.0273 2140 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe 22:04:13.0320 2140 Fax - ok 22:04:13.0335 2140 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 22:04:13.0351 2140 fdc - ok 22:04:13.0366 2140 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll 22:04:13.0382 2140 fdPHost - ok 22:04:13.0398 2140 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll 22:04:13.0429 2140 FDResPub - ok 22:04:13.0460 2140 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 22:04:13.0460 2140 FileInfo - ok 22:04:13.0476 2140 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 22:04:13.0507 2140 Filetrace - ok 22:04:13.0522 2140 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 22:04:13.0538 2140 flpydisk - ok 22:04:13.0554 2140 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys 22:04:13.0569 2140 FltMgr - ok 22:04:13.0632 2140 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll 22:04:13.0678 2140 FontCache - ok 22:04:13.0725 2140 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 22:04:13.0741 2140 FontCache3.0.0.0 - ok 22:04:13.0834 2140 ForceWare Intelligent Application Manager (IAM) (a9ff65ea14e4cabfcc1bb8ece111a249) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe 22:04:13.0850 2140 ForceWare Intelligent Application Manager (IAM) - ok 22:04:13.0897 2140 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 22:04:13.0912 2140 FsDepends - ok 22:04:13.0928 2140 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys 22:04:13.0944 2140 Fs_Rec - ok 22:04:13.0975 2140 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys 22:04:13.0990 2140 fvevol - ok 22:04:13.0990 2140 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 22:04:14.0006 2140 gagp30kx - ok 22:04:14.0068 2140 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll 22:04:14.0100 2140 gpsvc - ok 22:04:14.0146 2140 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe 22:04:14.0146 2140 gusvc - ok 22:04:14.0224 2140 ha10kx2k (82b68f585110ae8500a6d23623ae1f74) C:\Windows\system32\drivers\ha10kx2k.sys 22:04:14.0256 2140 ha10kx2k - ok 22:04:14.0318 2140 hap16v2k (83f647f9ace9192556f758e528024f68) C:\Windows\system32\drivers\hap16v2k.sys 22:04:14.0334 2140 hap16v2k - ok 22:04:14.0349 2140 hap17v2k (e815d29361de89d24c8dbe3e5a7006c9) C:\Windows\system32\drivers\hap17v2k.sys 22:04:14.0365 2140 hap17v2k - ok 22:04:14.0380 2140 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 22:04:14.0412 2140 hcw85cir - ok 22:04:14.0458 2140 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys 22:04:14.0474 2140 HdAudAddService - ok 22:04:14.0505 2140 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys 22:04:14.0521 2140 HDAudBus - ok 22:04:14.0521 2140 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 22:04:14.0536 2140 HidBatt - ok 22:04:14.0568 2140 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 22:04:14.0583 2140 HidBth - ok 22:04:14.0599 2140 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 22:04:14.0614 2140 HidIr - ok 22:04:14.0646 2140 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll 22:04:14.0677 2140 hidserv - ok 22:04:14.0677 2140 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys 22:04:14.0708 2140 HidUsb - ok 22:04:14.0724 2140 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll 22:04:14.0755 2140 hkmsvc - ok 22:04:14.0770 2140 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll 22:04:14.0802 2140 HomeGroupListener - ok 22:04:14.0817 2140 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll 22:04:14.0848 2140 HomeGroupProvider - ok 22:04:14.0864 2140 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys 22:04:14.0880 2140 HpSAMD - ok 22:04:14.0958 2140 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys 22:04:14.0989 2140 HTTP - ok 22:04:15.0004 2140 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys 22:04:15.0004 2140 hwpolicy - ok 22:04:15.0036 2140 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys 22:04:15.0051 2140 i8042prt - ok 22:04:15.0082 2140 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys 22:04:15.0098 2140 iaStorV - ok 22:04:15.0192 2140 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 22:04:15.0207 2140 idsvc - ok 22:04:15.0223 2140 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 22:04:15.0223 2140 iirsp - ok 22:04:15.0301 2140 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll 22:04:15.0348 2140 IKEEXT - ok 22:04:15.0441 2140 IntcAzAudAddService (d42d651676883181400e22957a7e0b1e) C:\Windows\system32\drivers\RTKVHD64.sys 22:04:15.0457 2140 IntcAzAudAddService - ok 22:04:15.0519 2140 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys 22:04:15.0535 2140 intelide - ok 22:04:15.0550 2140 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 22:04:15.0566 2140 intelppm - ok 22:04:15.0582 2140 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll 22:04:15.0613 2140 IPBusEnum - ok 22:04:15.0628 2140 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys 22:04:15.0660 2140 IpFilterDriver - ok 22:04:15.0722 2140 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll 22:04:15.0753 2140 iphlpsvc - ok 22:04:15.0769 2140 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys 22:04:15.0784 2140 IPMIDRV - ok 22:04:15.0800 2140 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 22:04:15.0831 2140 IPNAT - ok 22:04:15.0862 2140 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 22:04:15.0862 2140 IRENUM - ok 22:04:15.0878 2140 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys 22:04:15.0894 2140 isapnp - ok 22:04:15.0925 2140 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys 22:04:15.0940 2140 iScsiPrt - ok 22:04:15.0956 2140 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys 22:04:15.0956 2140 kbdclass - ok 22:04:15.0987 2140 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys 22:04:16.0003 2140 kbdhid - ok 22:04:16.0034 2140 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe 22:04:16.0050 2140 KeyIso - ok 22:04:16.0081 2140 KSecDD (4f4b5fde429416877de7143044582eb5) C:\Windows\system32\Drivers\ksecdd.sys 22:04:16.0081 2140 KSecDD - ok 22:04:16.0096 2140 KSecPkg (6f40465a44ecdc1731befafec5bdd03c) C:\Windows\system32\Drivers\ksecpkg.sys 22:04:16.0112 2140 KSecPkg - ok 22:04:16.0128 2140 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 22:04:16.0159 2140 ksthunk - ok 22:04:16.0174 2140 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll 22:04:16.0221 2140 KtmRm - ok 22:04:16.0252 2140 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll 22:04:16.0268 2140 LanmanServer - ok 22:04:16.0299 2140 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll 22:04:16.0346 2140 LanmanWorkstation - ok 22:04:16.0377 2140 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 22:04:16.0393 2140 lltdio - ok 22:04:16.0424 2140 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll 22:04:16.0455 2140 lltdsvc - ok 22:04:16.0455 2140 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll 22:04:16.0486 2140 lmhosts - ok 22:04:16.0518 2140 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 22:04:16.0518 2140 LSI_FC - ok 22:04:16.0533 2140 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 22:04:16.0533 2140 LSI_SAS - ok 22:04:16.0549 2140 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 22:04:16.0549 2140 LSI_SAS2 - ok 22:04:16.0564 2140 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 22:04:16.0580 2140 LSI_SCSI - ok 22:04:16.0596 2140 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 22:04:16.0627 2140 luafv - ok 22:04:16.0642 2140 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys 22:04:16.0642 2140 MBAMProtector - ok 22:04:16.0705 2140 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 22:04:16.0720 2140 MBAMService - ok 22:04:16.0752 2140 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe 22:04:16.0767 2140 McComponentHostService - ok 22:04:16.0783 2140 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll 22:04:16.0814 2140 Mcx2Svc - ok 22:04:16.0830 2140 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 22:04:16.0830 2140 megasas - ok 22:04:16.0861 2140 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 22:04:16.0861 2140 MegaSR - ok 22:04:16.0892 2140 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 22:04:16.0923 2140 MMCSS - ok 22:04:16.0939 2140 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 22:04:16.0954 2140 Modem - ok 22:04:16.0986 2140 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 22:04:17.0001 2140 monitor - ok 22:04:17.0017 2140 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 22:04:17.0032 2140 mouclass - ok 22:04:17.0048 2140 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 22:04:17.0064 2140 mouhid - ok 22:04:17.0079 2140 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys 22:04:17.0095 2140 mountmgr - ok 22:04:17.0142 2140 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 22:04:17.0142 2140 MozillaMaintenance - ok 22:04:17.0157 2140 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys 22:04:17.0173 2140 mpio - ok 22:04:17.0188 2140 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 22:04:17.0204 2140 mpsdrv - ok 22:04:17.0266 2140 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll 22:04:17.0313 2140 MpsSvc - ok 22:04:17.0329 2140 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys 22:04:17.0344 2140 MRxDAV - ok 22:04:17.0376 2140 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys 22:04:17.0391 2140 mrxsmb - ok 22:04:17.0422 2140 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys 22:04:17.0438 2140 mrxsmb10 - ok 22:04:17.0454 2140 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys 22:04:17.0485 2140 mrxsmb20 - ok 22:04:17.0500 2140 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys 22:04:17.0516 2140 msahci - ok 22:04:17.0532 2140 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys 22:04:17.0532 2140 msdsm - ok 22:04:17.0547 2140 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe 22:04:17.0578 2140 MSDTC - ok 22:04:17.0594 2140 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 22:04:17.0625 2140 Msfs - ok 22:04:17.0625 2140 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 22:04:17.0672 2140 mshidkmdf - ok 22:04:17.0688 2140 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys 22:04:17.0688 2140 msisadrv - ok 22:04:17.0719 2140 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll 22:04:17.0734 2140 MSiSCSI - ok 22:04:17.0734 2140 msiserver - ok 22:04:17.0750 2140 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 22:04:17.0781 2140 MSKSSRV - ok 22:04:17.0797 2140 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 22:04:17.0828 2140 MSPCLOCK - ok 22:04:17.0828 2140 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 22:04:17.0859 2140 MSPQM - ok 22:04:17.0890 2140 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys 22:04:17.0906 2140 MsRPC - ok 22:04:17.0922 2140 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys 22:04:17.0922 2140 mssmbios - ok 22:04:17.0937 2140 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 22:04:17.0984 2140 MSTEE - ok 22:04:17.0984 2140 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 22:04:18.0000 2140 MTConfig - ok 22:04:18.0031 2140 MTsensor (03b7145c889603537e9ffeabb1ad1089) C:\Windows\system32\DRIVERS\ASACPI.sys 22:04:18.0062 2140 MTsensor - ok 22:04:18.0078 2140 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 22:04:18.0093 2140 Mup - ok 22:04:18.0124 2140 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll 22:04:18.0171 2140 napagent - ok 22:04:18.0202 2140 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 22:04:18.0234 2140 NativeWifiP - ok 22:04:18.0280 2140 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys 22:04:18.0312 2140 NDIS - ok 22:04:18.0327 2140 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 22:04:18.0358 2140 NdisCap - ok 22:04:18.0358 2140 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 22:04:18.0390 2140 NdisTapi - ok 22:04:18.0405 2140 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys 22:04:18.0421 2140 Ndisuio - ok 22:04:18.0436 2140 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys 22:04:18.0468 2140 NdisWan - ok 22:04:18.0468 2140 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys 22:04:18.0499 2140 NDProxy - ok 22:04:18.0514 2140 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 22:04:18.0561 2140 NetBIOS - ok 22:04:18.0577 2140 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys 22:04:18.0624 2140 NetBT - ok 22:04:18.0639 2140 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe 22:04:18.0655 2140 Netlogon - ok 22:04:18.0686 2140 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll 22:04:18.0717 2140 Netman - ok 22:04:18.0748 2140 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll 22:04:18.0795 2140 netprofm - ok 22:04:18.0842 2140 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 22:04:18.0842 2140 NetTcpPortSharing - ok 22:04:18.0858 2140 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 22:04:18.0858 2140 nfrd960 - ok 22:04:18.0889 2140 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll 22:04:18.0920 2140 NlaSvc - ok 22:04:18.0936 2140 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 22:04:18.0967 2140 Npfs - ok 22:04:18.0967 2140 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll 22:04:18.0998 2140 nsi - ok 22:04:19.0014 2140 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 22:04:19.0029 2140 nsiproxy - ok 22:04:19.0092 2140 nSvcIp (c04f5def37e55f6a34428b050f44d3d6) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe 22:04:19.0107 2140 nSvcIp - ok 22:04:19.0185 2140 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys 22:04:19.0232 2140 Ntfs - ok 22:04:19.0310 2140 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 22:04:19.0341 2140 Null - ok 22:04:19.0388 2140 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys 22:04:19.0419 2140 NVENETFD - ok 22:04:19.0981 2140 nvlddmkm (bbe872a814b00798c2d568d46c42a71b) C:\Windows\system32\DRIVERS\nvlddmkm.sys 22:04:20.0121 2140 nvlddmkm - ok 22:04:20.0199 2140 NVNET (956a1f47826514c1ea0c295fe13c7377) C:\Windows\system32\DRIVERS\nvmf6264.sys 22:04:20.0215 2140 NVNET - ok 22:04:20.0230 2140 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys 22:04:20.0246 2140 nvraid - ok 22:04:20.0262 2140 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys 22:04:20.0277 2140 nvstor - ok 22:04:20.0293 2140 nvstor64 (7c7eef51979658ce15bbc04f96a77d56) C:\Windows\system32\DRIVERS\nvstor64.sys 22:04:20.0293 2140 nvstor64 - ok 22:04:20.0371 2140 NVSvc (0393e59488c67f704336f3ff06e2b7bd) C:\Windows\system32\nvvsvc.exe 22:04:20.0386 2140 NVSvc - ok 22:04:20.0402 2140 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys 22:04:20.0418 2140 nv_agp - ok 22:04:20.0418 2140 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys 22:04:20.0449 2140 ohci1394 - ok 22:04:20.0464 2140 ossrv (85ea378116e2c4385993ba5124536ffc) C:\Windows\system32\drivers\ctoss2k.sys 22:04:20.0464 2140 ossrv - ok 22:04:20.0511 2140 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 22:04:20.0527 2140 p2pimsvc - ok 22:04:20.0558 2140 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll 22:04:20.0574 2140 p2psvc - ok 22:04:20.0589 2140 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 22:04:20.0605 2140 Parport - ok 22:04:20.0636 2140 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys 22:04:20.0636 2140 partmgr - ok 22:04:20.0652 2140 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll 22:04:20.0683 2140 PcaSvc - ok 22:04:20.0683 2140 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys 22:04:20.0698 2140 pci - ok 22:04:20.0714 2140 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys 22:04:20.0714 2140 pciide - ok 22:04:20.0745 2140 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 22:04:20.0745 2140 pcmcia - ok 22:04:20.0761 2140 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 22:04:20.0776 2140 pcw - ok 22:04:20.0808 2140 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 22:04:20.0854 2140 PEAUTH - ok 22:04:20.0917 2140 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe 22:04:20.0932 2140 PerfHost - ok 22:04:21.0010 2140 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll 22:04:21.0057 2140 pla - ok 22:04:21.0088 2140 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll 22:04:21.0120 2140 PlugPlay - ok 22:04:21.0135 2140 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll 22:04:21.0151 2140 PNRPAutoReg - ok 22:04:21.0166 2140 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 22:04:21.0182 2140 PNRPsvc - ok 22:04:21.0229 2140 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll 22:04:21.0260 2140 PolicyAgent - ok 22:04:21.0291 2140 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll 22:04:21.0322 2140 Power - ok 22:04:21.0369 2140 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys 22:04:21.0400 2140 PptpMiniport - ok 22:04:21.0416 2140 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 22:04:21.0432 2140 Processor - ok 22:04:21.0463 2140 ProfSvc (97293447431311c06703368ad0f6c4be) C:\Windows\system32\profsvc.dll 22:04:21.0494 2140 ProfSvc - ok 22:04:21.0525 2140 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe 22:04:21.0541 2140 ProtectedStorage - ok 22:04:21.0556 2140 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys 22:04:21.0572 2140 Psched - ok 22:04:21.0650 2140 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 22:04:21.0681 2140 ql2300 - ok 22:04:21.0759 2140 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 22:04:21.0759 2140 ql40xx - ok 22:04:21.0790 2140 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll 22:04:21.0806 2140 QWAVE - ok 22:04:21.0822 2140 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 22:04:21.0837 2140 QWAVEdrv - ok 22:04:21.0853 2140 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 22:04:21.0868 2140 RasAcd - ok 22:04:21.0900 2140 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 22:04:21.0946 2140 RasAgileVpn - ok 22:04:21.0962 2140 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll 22:04:22.0009 2140 RasAuto - ok 22:04:22.0024 2140 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys 22:04:22.0056 2140 Rasl2tp - ok 22:04:22.0087 2140 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll 22:04:22.0118 2140 RasMan - ok 22:04:22.0134 2140 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 22:04:22.0165 2140 RasPppoe - ok 22:04:22.0180 2140 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 22:04:22.0212 2140 RasSstp - ok 22:04:22.0243 2140 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys 22:04:22.0274 2140 rdbss - ok 22:04:22.0290 2140 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 22:04:22.0305 2140 rdpbus - ok 22:04:22.0321 2140 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 22:04:22.0336 2140 RDPCDD - ok 22:04:22.0352 2140 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 22:04:22.0383 2140 RDPENCDD - ok 22:04:22.0399 2140 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 22:04:22.0430 2140 RDPREFMP - ok 22:04:22.0446 2140 RDPWD (447de7e3dea39d422c1504f245b668b1) C:\Windows\system32\drivers\RDPWD.sys 22:04:22.0477 2140 RDPWD - ok 22:04:22.0492 2140 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys 22:04:22.0508 2140 rdyboost - ok 22:04:22.0539 2140 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll 22:04:22.0570 2140 RemoteAccess - ok 22:04:22.0602 2140 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll 22:04:22.0633 2140 RemoteRegistry - ok 22:04:22.0648 2140 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll 22:04:22.0680 2140 RpcEptMapper - ok 22:04:22.0695 2140 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe 22:04:22.0711 2140 RpcLocator - ok 22:04:22.0742 2140 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll 22:04:22.0773 2140 RpcSs - ok 22:04:22.0789 2140 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 22:04:22.0820 2140 rspndr - ok 22:04:22.0851 2140 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe 22:04:22.0867 2140 SamSs - ok 22:04:22.0867 2140 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys 22:04:22.0882 2140 sbp2port - ok 22:04:22.0898 2140 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll 22:04:22.0945 2140 SCardSvr - ok 22:04:22.0960 2140 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys 22:04:22.0992 2140 scfilter - ok 22:04:23.0070 2140 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll 22:04:23.0101 2140 Schedule - ok 22:04:23.0116 2140 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll 22:04:23.0148 2140 SCPolicySvc - ok 22:04:23.0163 2140 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll 22:04:23.0194 2140 SDRSVC - ok 22:04:23.0226 2140 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 22:04:23.0257 2140 secdrv - ok 22:04:23.0272 2140 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll 22:04:23.0304 2140 seclogon - ok 22:04:23.0319 2140 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll 22:04:23.0350 2140 SENS - ok 22:04:23.0366 2140 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll 22:04:23.0382 2140 SensrSvc - ok 22:04:23.0397 2140 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 22:04:23.0413 2140 Serenum - ok 22:04:23.0444 2140 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 22:04:23.0460 2140 Serial - ok 22:04:23.0475 2140 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 22:04:23.0475 2140 sermouse - ok 22:04:23.0491 2140 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll 22:04:23.0522 2140 SessionEnv - ok 22:04:23.0538 2140 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys 22:04:23.0553 2140 sffdisk - ok 22:04:23.0553 2140 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys 22:04:23.0569 2140 sffp_mmc - ok 22:04:23.0584 2140 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys 22:04:23.0584 2140 sffp_sd - ok 22:04:23.0600 2140 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 22:04:23.0616 2140 sfloppy - ok 22:04:23.0662 2140 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll 22:04:23.0709 2140 SharedAccess - ok 22:04:23.0740 2140 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll 22:04:23.0772 2140 ShellHWDetection - ok 22:04:23.0787 2140 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 22:04:23.0787 2140 SiSRaid2 - ok 22:04:23.0803 2140 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 22:04:23.0818 2140 SiSRaid4 - ok 22:04:23.0834 2140 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 22:04:23.0850 2140 Smb - ok 22:04:23.0881 2140 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe 22:04:23.0896 2140 SNMPTRAP - ok 22:04:23.0912 2140 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 22:04:23.0928 2140 spldr - ok 22:04:23.0959 2140 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe 22:04:24.0006 2140 Spooler - ok 22:04:24.0162 2140 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe 22:04:24.0224 2140 sppsvc - ok 22:04:24.0286 2140 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll 22:04:24.0333 2140 sppuinotify - ok 22:04:24.0380 2140 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys 22:04:24.0411 2140 srv - ok 22:04:24.0442 2140 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys 22:04:24.0458 2140 srv2 - ok 22:04:24.0458 2140 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys 22:04:24.0489 2140 srvnet - ok 22:04:24.0520 2140 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll 22:04:24.0552 2140 SSDPSRV - ok 22:04:24.0567 2140 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll 22:04:24.0598 2140 SstpSvc - ok 22:04:24.0645 2140 Stereo Service (8d01686ae82b466f4cd074f31f2942ca) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe 22:04:24.0661 2140 Stereo Service - ok 22:04:24.0661 2140 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 22:04:24.0676 2140 stexstor - ok 22:04:24.0723 2140 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll 22:04:24.0754 2140 stisvc - ok 22:04:24.0754 2140 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys 22:04:24.0770 2140 swenum - ok 22:04:24.0801 2140 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll 22:04:24.0848 2140 swprv - ok 22:04:24.0926 2140 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll 22:04:24.0973 2140 SysMain - ok 22:04:25.0035 2140 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll 22:04:25.0051 2140 TabletInputService - ok 22:04:25.0066 2140 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll 22:04:25.0098 2140 TapiSrv - ok 22:04:25.0113 2140 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll 22:04:25.0144 2140 TBS - ok 22:04:25.0269 2140 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys 22:04:25.0300 2140 Tcpip - ok 22:04:25.0410 2140 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys 22:04:25.0441 2140 TCPIP6 - ok 22:04:25.0488 2140 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys 22:04:25.0503 2140 tcpipreg - ok 22:04:25.0534 2140 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 22:04:25.0534 2140 TDPIPE - ok 22:04:25.0550 2140 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys 22:04:25.0581 2140 TDTCP - ok 22:04:25.0581 2140 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys 22:04:25.0628 2140 tdx - ok 22:04:25.0628 2140 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys 22:04:25.0644 2140 TermDD - ok 22:04:25.0690 2140 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll 22:04:25.0737 2140 TermService - ok 22:04:25.0753 2140 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll 22:04:25.0784 2140 Themes - ok 22:04:25.0800 2140 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 22:04:25.0831 2140 THREADORDER - ok 22:04:25.0846 2140 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll 22:04:25.0862 2140 TrkWks - ok 22:04:25.0893 2140 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe 22:04:25.0909 2140 TrustedInstaller - ok 22:04:25.0909 2140 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys 22:04:25.0956 2140 tssecsrv - ok 22:04:25.0987 2140 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys 22:04:26.0018 2140 tunnel - ok 22:04:26.0034 2140 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 22:04:26.0049 2140 uagp35 - ok 22:04:26.0080 2140 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys 22:04:26.0112 2140 udfs - ok 22:04:26.0127 2140 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe 22:04:26.0143 2140 UI0Detect - ok 22:04:26.0158 2140 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys 22:04:26.0158 2140 uliagpkx - ok 22:04:26.0190 2140 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys 22:04:26.0205 2140 umbus - ok 22:04:26.0205 2140 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 22:04:26.0221 2140 UmPass - ok 22:04:26.0236 2140 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll 22:04:26.0283 2140 upnphost - ok 22:04:26.0314 2140 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\drivers\usbccgp.sys 22:04:26.0346 2140 usbccgp - ok 22:04:26.0361 2140 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys 22:04:26.0377 2140 usbcir - ok 22:04:26.0392 2140 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys 22:04:26.0408 2140 usbehci - ok 22:04:26.0439 2140 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys 22:04:26.0439 2140 usbhub - ok 22:04:26.0470 2140 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\DRIVERS\usbohci.sys 22:04:26.0486 2140 usbohci - ok 22:04:26.0486 2140 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 22:04:26.0502 2140 usbprint - ok 22:04:26.0517 2140 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS 22:04:26.0548 2140 USBSTOR - ok 22:04:26.0564 2140 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys 22:04:26.0580 2140 usbuhci - ok 22:04:26.0580 2140 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll 22:04:26.0611 2140 UxSms - ok 22:04:26.0642 2140 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe 22:04:26.0658 2140 VaultSvc - ok 22:04:26.0689 2140 VClone (84bb306b7863883018d7f3eb0c453bd5) C:\Windows\system32\DRIVERS\VClone.sys 22:04:26.0704 2140 VClone - ok 22:04:26.0704 2140 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys 22:04:26.0720 2140 vdrvroot - ok 22:04:26.0767 2140 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe 22:04:26.0798 2140 vds - ok 22:04:26.0814 2140 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 22:04:26.0829 2140 vga - ok 22:04:26.0829 2140 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 22:04:26.0860 2140 VgaSave - ok 22:04:26.0876 2140 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys 22:04:26.0892 2140 vhdmp - ok 22:04:26.0907 2140 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys 22:04:26.0907 2140 viaide - ok 22:04:26.0923 2140 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys 22:04:26.0938 2140 volmgr - ok 22:04:26.0954 2140 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys 22:04:26.0970 2140 volmgrx - ok 22:04:27.0001 2140 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys 22:04:27.0016 2140 volsnap - ok 22:04:27.0032 2140 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 22:04:27.0048 2140 vsmraid - ok 22:04:27.0110 2140 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe 22:04:27.0157 2140 VSS - ok 22:04:27.0250 2140 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys 22:04:27.0266 2140 vwifibus - ok 22:04:27.0297 2140 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll 22:04:27.0328 2140 W32Time - ok 22:04:27.0328 2140 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 22:04:27.0344 2140 WacomPen - ok 22:04:27.0360 2140 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys 22:04:27.0391 2140 WANARP - ok 22:04:27.0391 2140 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys 22:04:27.0422 2140 Wanarpv6 - ok 22:04:27.0500 2140 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe 22:04:27.0531 2140 WatAdminSvc - ok 22:04:27.0609 2140 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe 22:04:27.0656 2140 wbengine - ok 22:04:27.0703 2140 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll 22:04:27.0718 2140 WbioSrvc - ok 22:04:27.0750 2140 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll 22:04:27.0781 2140 wcncsvc - ok 22:04:27.0781 2140 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll 22:04:27.0796 2140 WcsPlugInService - ok 22:04:27.0828 2140 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 22:04:27.0843 2140 Wd - ok 22:04:27.0874 2140 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 22:04:27.0906 2140 Wdf01000 - ok 22:04:27.0937 2140 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 22:04:27.0952 2140 WdiServiceHost - ok 22:04:27.0952 2140 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 22:04:27.0968 2140 WdiSystemHost - ok 22:04:27.0999 2140 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll 22:04:28.0015 2140 WebClient - ok 22:04:28.0046 2140 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll 22:04:28.0077 2140 Wecsvc - ok 22:04:28.0077 2140 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll 22:04:28.0124 2140 wercplsupport - ok 22:04:28.0140 2140 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll 22:04:28.0171 2140 WerSvc - ok 22:04:28.0186 2140 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 22:04:28.0202 2140 WfpLwf - ok 22:04:28.0218 2140 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 22:04:28.0218 2140 WIMMount - ok 22:04:28.0233 2140 WinDefend - ok 22:04:28.0233 2140 WinHttpAutoProxySvc - ok 22:04:28.0296 2140 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll 22:04:28.0311 2140 Winmgmt - ok 22:04:28.0420 2140 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll 22:04:28.0483 2140 WinRM - ok 22:04:28.0592 2140 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll 22:04:28.0639 2140 Wlansvc - ok 22:04:28.0654 2140 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys 22:04:28.0654 2140 WmiAcpi - ok 22:04:28.0686 2140 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe 22:04:28.0701 2140 wmiApSrv - ok 22:04:28.0717 2140 WMPNetworkSvc - ok 22:04:28.0732 2140 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll 22:04:28.0748 2140 WPCSvc - ok 22:04:28.0748 2140 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll 22:04:28.0764 2140 WPDBusEnum - ok 22:04:28.0779 2140 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 22:04:28.0810 2140 ws2ifsl - ok 22:04:28.0826 2140 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\system32\wscsvc.dll 22:04:28.0873 2140 wscsvc - ok 22:04:28.0873 2140 WSearch - ok 22:04:29.0013 2140 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll 22:04:29.0060 2140 wuauserv - ok 22:04:29.0138 2140 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys 22:04:29.0154 2140 WudfPf - ok 22:04:29.0185 2140 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys 22:04:29.0216 2140 WUDFRd - ok 22:04:29.0232 2140 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll 22:04:29.0263 2140 wudfsvc - ok 22:04:29.0278 2140 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll 22:04:29.0294 2140 WwanSvc - ok 22:04:29.0325 2140 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 22:04:29.0528 2140 \Device\Harddisk0\DR0 ( TDSS File System ) - warning 22:04:29.0528 2140 \Device\Harddisk0\DR0 - detected TDSS File System (1) 22:04:29.0528 2140 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk1\DR1 22:04:31.0338 2140 \Device\Harddisk1\DR1 - ok 22:04:31.0338 2140 Boot (0x1200) (e528edaff4cf373d91acd231b0efee17) \Device\Harddisk0\DR0\Partition0 22:04:31.0338 2140 \Device\Harddisk0\DR0\Partition0 - ok 22:04:31.0338 2140 Boot (0x1200) (a07ea1c78792c2271933de3d95aa78e1) \Device\Harddisk0\DR0\Partition1 22:04:31.0338 2140 \Device\Harddisk0\DR0\Partition1 - ok 22:04:31.0353 2140 Boot (0x1200) (15f9c330526e34cbeabcddef13a60174) \Device\Harddisk1\DR1\Partition0 22:04:31.0353 2140 \Device\Harddisk1\DR1\Partition0 - ok 22:04:31.0353 2140 ============================================================ 22:04:31.0353 2140 Scan finished 22:04:31.0353 2140 ============================================================ 22:04:31.0353 1404 Detected object count: 3 22:04:31.0353 1404 Actual detected object count: 3 22:05:00.0073 1404 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user 22:05:00.0073 1404 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:05:00.0073 1404 CTAudSvcService ( UnsignedFile.Multi.Generic ) - skipped by user 22:05:00.0073 1404 CTAudSvcService ( UnsignedFile.Multi.Generic ) - User select action: Skip 22:05:00.0120 1404 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine 22:05:00.0120 1404 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine 22:05:00.0120 1404 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine 22:05:00.0135 1404 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine 22:05:00.0135 1404 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine 22:05:00.0151 1404 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine 22:05:00.0151 1404 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine 22:05:00.0151 1404 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine 22:05:00.0151 1404 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine 22:05:00.0151 1404 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine 22:05:00.0151 1404 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine 22:05:00.0151 1404 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine 22:05:00.0151 1404 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine 22:05:00.0151 1404 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine 22:05:00.0166 1404 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine 22:05:00.0166 1404 \Device\Harddisk0\DR0\TDLFS - deleted 22:05:00.0166 1404 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete
  11. And my java updater notification keeps telling me it wants to update, but I'm suspicious of it as well... Is it okay to allow it to do so?
  12. 21:47:32.0416 0268 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32 21:47:32.0900 0268 ============================================================ 21:47:32.0900 0268 Current date / time: 2012/08/10 21:47:32.0900 21:47:32.0900 0268 SystemInfo: 21:47:32.0900 0268 21:47:32.0900 0268 OS Version: 6.1.7600 ServicePack: 0.0 21:47:32.0900 0268 Product type: Workstation 21:47:32.0900 0268 ComputerName: BERNICE-PC 21:47:32.0900 0268 UserName: Bernice 21:47:32.0900 0268 Windows directory: C:\Windows 21:47:32.0900 0268 System windows directory: C:\Windows 21:47:32.0900 0268 Running under WOW64 21:47:32.0900 0268 Processor architecture: Intel x64 21:47:32.0900 0268 Number of processors: 2 21:47:32.0900 0268 Page size: 0x1000 21:47:32.0900 0268 Boot type: Normal boot 21:47:32.0900 0268 ============================================================ 21:47:33.0571 0268 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x14301, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040 21:47:33.0571 0268 Drive \Device\Harddisk1\DR1 - Size: 0x7B60000 (0.12 Gb), SectorSize: 0x200, Cylinders: 0xF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 21:47:33.0571 0268 ============================================================ 21:47:33.0571 0268 \Device\Harddisk0\DR0: 21:47:33.0571 0268 MBR partitions: 21:47:33.0571 0268 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 21:47:33.0571 0268 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x4A825000 21:47:33.0571 0268 \Device\Harddisk1\DR1: 21:47:33.0571 0268 MBR partitions: 21:47:33.0571 0268 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x3DAE0 21:47:33.0571 0268 ============================================================ 21:47:33.0586 0268 C: <-> \Device\Harddisk0\DR0\Partition1 21:47:33.0586 0268 ============================================================ 21:47:33.0586 0268 Initialize success 21:47:33.0586 0268 ============================================================ 21:47:55.0598 3348 ============================================================ 21:47:55.0598 3348 Scan started 21:47:55.0598 3348 Mode: Manual; TDLFS; 21:47:55.0598 3348 ============================================================ 21:47:56.0113 3348 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys 21:47:56.0113 3348 1394ohci - ok 21:47:56.0144 3348 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys 21:47:56.0144 3348 ACPI - ok 21:47:56.0159 3348 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys 21:47:56.0159 3348 AcpiPmi - ok 21:47:56.0222 3348 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 21:47:56.0222 3348 AdobeARMservice - ok 21:47:56.0331 3348 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 21:47:56.0331 3348 AdobeFlashPlayerUpdateSvc - ok 21:47:56.0378 3348 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 21:47:56.0378 3348 adp94xx - ok 21:47:56.0409 3348 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 21:47:56.0409 3348 adpahci - ok 21:47:56.0425 3348 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 21:47:56.0425 3348 adpu320 - ok 21:47:56.0456 3348 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll 21:47:56.0456 3348 AeLookupSvc - ok 21:47:56.0503 3348 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys 21:47:56.0518 3348 AFD - ok 21:47:56.0534 3348 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys 21:47:56.0534 3348 agp440 - ok 21:47:56.0534 3348 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe 21:47:56.0549 3348 ALG - ok 21:47:56.0549 3348 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys 21:47:56.0549 3348 aliide - ok 21:47:56.0565 3348 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys 21:47:56.0565 3348 amdide - ok 21:47:56.0581 3348 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 21:47:56.0581 3348 AmdK8 - ok 21:47:56.0581 3348 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 21:47:56.0581 3348 AmdPPM - ok 21:47:56.0596 3348 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys 21:47:56.0596 3348 amdsata - ok 21:47:56.0627 3348 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 21:47:56.0627 3348 amdsbs - ok 21:47:56.0643 3348 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys 21:47:56.0643 3348 amdxata - ok 21:47:56.0659 3348 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys 21:47:56.0659 3348 AppID - ok 21:47:56.0705 3348 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll 21:47:56.0705 3348 AppIDSvc - ok 21:47:56.0783 3348 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll 21:47:56.0783 3348 Appinfo - ok 21:47:56.0799 3348 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 21:47:56.0799 3348 arc - ok 21:47:56.0815 3348 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 21:47:56.0815 3348 arcsas - ok 21:47:56.0830 3348 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 21:47:56.0830 3348 AsyncMac - ok 21:47:56.0893 3348 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys 21:47:56.0893 3348 atapi - ok 21:47:56.0939 3348 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll 21:47:56.0939 3348 AudioEndpointBuilder - ok 21:47:56.0939 3348 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll 21:47:56.0955 3348 AudioSrv - ok 21:47:56.0986 3348 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll 21:47:56.0986 3348 AxInstSV - ok 21:47:57.0017 3348 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 21:47:57.0017 3348 b06bdrv - ok 21:47:57.0033 3348 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 21:47:57.0033 3348 b57nd60a - ok 21:47:57.0064 3348 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll 21:47:57.0064 3348 BDESVC - ok 21:47:57.0080 3348 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 21:47:57.0080 3348 Beep - ok 21:47:57.0127 3348 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll 21:47:57.0127 3348 BFE - ok 21:47:57.0142 3348 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 21:47:57.0142 3348 blbdrive - ok 21:47:57.0173 3348 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys 21:47:57.0173 3348 bowser - ok 21:47:57.0173 3348 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 21:47:57.0173 3348 BrFiltLo - ok 21:47:57.0189 3348 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 21:47:57.0189 3348 BrFiltUp - ok 21:47:57.0205 3348 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys 21:47:57.0205 3348 BridgeMP - ok 21:47:57.0236 3348 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll 21:47:57.0236 3348 Browser - ok 21:47:57.0251 3348 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 21:47:57.0251 3348 Brserid - ok 21:47:57.0267 3348 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 21:47:57.0267 3348 BrSerWdm - ok 21:47:57.0267 3348 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 21:47:57.0267 3348 BrUsbMdm - ok 21:47:57.0267 3348 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 21:47:57.0267 3348 BrUsbSer - ok 21:47:57.0298 3348 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 21:47:57.0298 3348 BTHMODEM - ok 21:47:57.0314 3348 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll 21:47:57.0314 3348 bthserv - ok 21:47:57.0314 3348 catchme - ok 21:47:57.0345 3348 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 21:47:57.0345 3348 cdfs - ok 21:47:57.0376 3348 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys 21:47:57.0376 3348 cdrom - ok 21:47:57.0407 3348 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll 21:47:57.0407 3348 CertPropSvc - ok 21:47:57.0407 3348 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 21:47:57.0407 3348 circlass - ok 21:47:57.0439 3348 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 21:47:57.0439 3348 CLFS - ok 21:47:57.0485 3348 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 21:47:57.0485 3348 clr_optimization_v2.0.50727_32 - ok 21:47:57.0532 3348 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 21:47:57.0548 3348 clr_optimization_v2.0.50727_64 - ok 21:47:57.0595 3348 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 21:47:57.0595 3348 clr_optimization_v4.0.30319_32 - ok 21:47:57.0626 3348 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 21:47:57.0626 3348 clr_optimization_v4.0.30319_64 - ok 21:47:57.0641 3348 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 21:47:57.0641 3348 CmBatt - ok 21:47:57.0657 3348 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys 21:47:57.0657 3348 cmdide - ok 21:47:57.0688 3348 CNG (ca7720b73446fddec5c69519c1174c98) C:\Windows\system32\Drivers\cng.sys 21:47:57.0688 3348 CNG - ok 21:47:57.0719 3348 COMMONFX (f38acff40e9edc2b3476edd724cea4a0) C:\Windows\system32\drivers\COMMONFX.SYS 21:47:57.0719 3348 COMMONFX - ok 21:47:57.0719 3348 COMMONFX.SYS (f38acff40e9edc2b3476edd724cea4a0) C:\Windows\System32\drivers\COMMONFX.SYS 21:47:57.0719 3348 COMMONFX.SYS - ok 21:47:57.0719 3348 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 21:47:57.0735 3348 Compbatt - ok 21:47:57.0751 3348 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys 21:47:57.0751 3348 CompositeBus - ok 21:47:57.0751 3348 COMSysApp - ok 21:47:57.0782 3348 cpuz135 (262969a3fab32b9e17e63e2d17a57744) C:\Windows\system32\drivers\cpuz135_x64.sys 21:47:57.0782 3348 cpuz135 - ok 21:47:57.0797 3348 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 21:47:57.0797 3348 crcdisk - ok 21:47:57.0829 3348 Creative Audio Engine Licensing Service (c0ead9f8ab83d41ff07303c75589c2b8) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe 21:47:57.0829 3348 Creative Audio Engine Licensing Service - ok 21:47:57.0860 3348 CryptSvc (f02786b66375292e58c8777082d4396d) C:\Windows\system32\cryptsvc.dll 21:47:57.0860 3348 CryptSvc - ok 21:47:57.0907 3348 ctac32k (095c566746217cd1482ede40a70d87d2) C:\Windows\system32\drivers\ctac32k.sys 21:47:57.0907 3348 ctac32k - ok 21:47:57.0953 3348 ctaud2k (157e2196fccd002a2edf3b06df7b0c9a) C:\Windows\system32\drivers\ctaud2k.sys 21:47:57.0953 3348 ctaud2k - ok 21:47:58.0047 3348 CTAUDFX (17979ee857e930cbfdf24a12e89d77a1) C:\Windows\system32\drivers\CTAUDFX.SYS 21:47:58.0047 3348 CTAUDFX - ok 21:47:58.0047 3348 CTAUDFX.SYS (17979ee857e930cbfdf24a12e89d77a1) C:\Windows\System32\drivers\CTAUDFX.SYS 21:47:58.0063 3348 CTAUDFX.SYS - ok 21:47:58.0109 3348 CTAudSvcService (5ce3d0e1d1b3832ee052cfc442eee0fa) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe 21:47:58.0109 3348 CTAudSvcService - ok 21:47:58.0125 3348 CTERFXFX (fe3eae37536c02d087e5c5d339663779) C:\Windows\system32\drivers\CTERFXFX.SYS 21:47:58.0125 3348 CTERFXFX - ok 21:47:58.0125 3348 CTERFXFX.SYS (fe3eae37536c02d087e5c5d339663779) C:\Windows\System32\drivers\CTERFXFX.SYS 21:47:58.0125 3348 CTERFXFX.SYS - ok 21:47:58.0141 3348 ctprxy2k (4e4fdab4a7cf5af56e3fa1fe35e8ad3c) C:\Windows\system32\drivers\ctprxy2k.sys 21:47:58.0141 3348 ctprxy2k - ok 21:47:58.0172 3348 CTSBLFX (4a7de2e30b2b9253933a157401ec76d5) C:\Windows\system32\drivers\CTSBLFX.SYS 21:47:58.0172 3348 CTSBLFX - ok 21:47:58.0172 3348 CTSBLFX.SYS (4a7de2e30b2b9253933a157401ec76d5) C:\Windows\System32\drivers\CTSBLFX.SYS 21:47:58.0187 3348 CTSBLFX.SYS - ok 21:47:58.0203 3348 ctsfm2k (065ade032a044d518ab1407d3586b7d5) C:\Windows\system32\drivers\ctsfm2k.sys 21:47:58.0203 3348 ctsfm2k - ok 21:47:58.0250 3348 DAUpdaterSvc (80861969541971176e005d2c09dae851) C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe 21:47:58.0250 3348 DAUpdaterSvc - ok 21:47:58.0297 3348 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll 21:47:58.0297 3348 DcomLaunch - ok 21:47:58.0328 3348 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll 21:47:58.0328 3348 defragsvc - ok 21:47:58.0359 3348 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys 21:47:58.0359 3348 DfsC - ok 21:47:58.0390 3348 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll 21:47:58.0390 3348 Dhcp - ok 21:47:58.0406 3348 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 21:47:58.0406 3348 discache - ok 21:47:58.0421 3348 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 21:47:58.0421 3348 Disk - ok 21:47:58.0453 3348 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll 21:47:58.0453 3348 Dnscache - ok 21:47:58.0484 3348 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll 21:47:58.0484 3348 dot3svc - ok 21:47:58.0499 3348 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll 21:47:58.0499 3348 DPS - ok 21:47:58.0531 3348 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 21:47:58.0531 3348 drmkaud - ok 21:47:58.0593 3348 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys 21:47:58.0609 3348 DXGKrnl - ok 21:47:58.0624 3348 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll 21:47:58.0624 3348 EapHost - ok 21:47:58.0765 3348 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 21:47:58.0780 3348 ebdrv - ok 21:47:58.0889 3348 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe 21:47:58.0889 3348 EFS - ok 21:47:58.0952 3348 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe 21:47:58.0952 3348 ehRecvr - ok 21:47:58.0967 3348 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe 21:47:58.0967 3348 ehSched - ok 21:47:59.0030 3348 ElbyCDIO (9a47ac3dfcf81d30922cdaaf1c2d579f) C:\Windows\system32\Drivers\ElbyCDIO.sys 21:47:59.0030 3348 ElbyCDIO - ok 21:47:59.0061 3348 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 21:47:59.0061 3348 elxstor - ok 21:47:59.0092 3348 emupia (f380ff5d6d80cecc6dbbc15569757613) C:\Windows\system32\drivers\emupia2k.sys 21:47:59.0092 3348 emupia - ok 21:47:59.0108 3348 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys 21:47:59.0108 3348 ErrDev - ok 21:47:59.0139 3348 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll 21:47:59.0139 3348 EventSystem - ok 21:47:59.0155 3348 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 21:47:59.0155 3348 exfat - ok 21:47:59.0186 3348 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 21:47:59.0186 3348 fastfat - ok 21:47:59.0233 3348 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe 21:47:59.0248 3348 Fax - ok 21:47:59.0264 3348 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 21:47:59.0264 3348 fdc - ok 21:47:59.0279 3348 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll 21:47:59.0279 3348 fdPHost - ok 21:47:59.0295 3348 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll 21:47:59.0295 3348 FDResPub - ok 21:47:59.0311 3348 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 21:47:59.0311 3348 FileInfo - ok 21:47:59.0326 3348 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 21:47:59.0326 3348 Filetrace - ok 21:47:59.0326 3348 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 21:47:59.0326 3348 flpydisk - ok 21:47:59.0357 3348 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys 21:47:59.0357 3348 FltMgr - ok 21:47:59.0420 3348 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll 21:47:59.0451 3348 FontCache - ok 21:47:59.0513 3348 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 21:47:59.0513 3348 FontCache3.0.0.0 - ok 21:47:59.0607 3348 ForceWare Intelligent Application Manager (IAM) (a9ff65ea14e4cabfcc1bb8ece111a249) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe 21:47:59.0607 3348 ForceWare Intelligent Application Manager (IAM) - ok 21:47:59.0654 3348 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 21:47:59.0654 3348 FsDepends - ok 21:47:59.0716 3348 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys 21:47:59.0732 3348 Fs_Rec - ok 21:47:59.0763 3348 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys 21:47:59.0763 3348 fvevol - ok 21:47:59.0779 3348 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 21:47:59.0779 3348 gagp30kx - ok 21:47:59.0825 3348 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll 21:47:59.0841 3348 gpsvc - ok 21:47:59.0888 3348 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe 21:47:59.0888 3348 gusvc - ok 21:47:59.0966 3348 ha10kx2k (82b68f585110ae8500a6d23623ae1f74) C:\Windows\system32\drivers\ha10kx2k.sys 21:47:59.0966 3348 ha10kx2k - ok 21:48:00.0044 3348 hap16v2k (83f647f9ace9192556f758e528024f68) C:\Windows\system32\drivers\hap16v2k.sys 21:48:00.0044 3348 hap16v2k - ok 21:48:00.0075 3348 hap17v2k (e815d29361de89d24c8dbe3e5a7006c9) C:\Windows\system32\drivers\hap17v2k.sys 21:48:00.0075 3348 hap17v2k - ok 21:48:00.0091 3348 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 21:48:00.0091 3348 hcw85cir - ok 21:48:00.0122 3348 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys 21:48:00.0122 3348 HdAudAddService - ok 21:48:00.0153 3348 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys 21:48:00.0153 3348 HDAudBus - ok 21:48:00.0153 3348 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 21:48:00.0153 3348 HidBatt - ok 21:48:00.0169 3348 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 21:48:00.0169 3348 HidBth - ok 21:48:00.0184 3348 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 21:48:00.0184 3348 HidIr - ok 21:48:00.0184 3348 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll 21:48:00.0184 3348 hidserv - ok 21:48:00.0215 3348 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys 21:48:00.0215 3348 HidUsb - ok 21:48:00.0215 3348 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll 21:48:00.0215 3348 hkmsvc - ok 21:48:00.0231 3348 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll 21:48:00.0247 3348 HomeGroupListener - ok 21:48:00.0262 3348 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll 21:48:00.0262 3348 HomeGroupProvider - ok 21:48:00.0293 3348 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys 21:48:00.0293 3348 HpSAMD - ok 21:48:00.0356 3348 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys 21:48:00.0356 3348 HTTP - ok 21:48:00.0371 3348 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys 21:48:00.0371 3348 hwpolicy - ok 21:48:00.0387 3348 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys 21:48:00.0387 3348 i8042prt - ok 21:48:00.0434 3348 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys 21:48:00.0434 3348 iaStorV - ok 21:48:00.0512 3348 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 21:48:00.0512 3348 idsvc - ok 21:48:00.0527 3348 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 21:48:00.0527 3348 iirsp - ok 21:48:00.0574 3348 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll 21:48:00.0590 3348 IKEEXT - ok 21:48:00.0683 3348 IntcAzAudAddService (d42d651676883181400e22957a7e0b1e) C:\Windows\system32\drivers\RTKVHD64.sys 21:48:00.0699 3348 IntcAzAudAddService - ok 21:48:00.0761 3348 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys 21:48:00.0761 3348 intelide - ok 21:48:00.0793 3348 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 21:48:00.0793 3348 intelppm - ok 21:48:00.0793 3348 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll 21:48:00.0808 3348 IPBusEnum - ok 21:48:00.0824 3348 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys 21:48:00.0824 3348 IpFilterDriver - ok 21:48:00.0871 3348 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll 21:48:00.0871 3348 iphlpsvc - ok 21:48:00.0886 3348 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys 21:48:00.0886 3348 IPMIDRV - ok 21:48:00.0902 3348 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 21:48:00.0902 3348 IPNAT - ok 21:48:00.0917 3348 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 21:48:00.0917 3348 IRENUM - ok 21:48:00.0949 3348 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys 21:48:00.0949 3348 isapnp - ok 21:48:00.0964 3348 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys 21:48:00.0964 3348 iScsiPrt - ok 21:48:00.0980 3348 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys 21:48:00.0995 3348 kbdclass - ok 21:48:00.0995 3348 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys 21:48:00.0995 3348 kbdhid - ok 21:48:01.0027 3348 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe 21:48:01.0027 3348 KeyIso - ok 21:48:01.0058 3348 KSecDD (4f4b5fde429416877de7143044582eb5) C:\Windows\system32\Drivers\ksecdd.sys 21:48:01.0073 3348 KSecDD - ok 21:48:01.0073 3348 KSecPkg (6f40465a44ecdc1731befafec5bdd03c) C:\Windows\system32\Drivers\ksecpkg.sys 21:48:01.0073 3348 KSecPkg - ok 21:48:01.0089 3348 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 21:48:01.0089 3348 ksthunk - ok 21:48:01.0120 3348 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll 21:48:01.0136 3348 KtmRm - ok 21:48:01.0229 3348 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll 21:48:01.0245 3348 LanmanServer - ok 21:48:01.0292 3348 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll 21:48:01.0292 3348 LanmanWorkstation - ok 21:48:01.0307 3348 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 21:48:01.0307 3348 lltdio - ok 21:48:01.0323 3348 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll 21:48:01.0323 3348 lltdsvc - ok 21:48:01.0339 3348 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll 21:48:01.0339 3348 lmhosts - ok 21:48:01.0370 3348 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 21:48:01.0370 3348 LSI_FC - ok 21:48:01.0385 3348 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 21:48:01.0385 3348 LSI_SAS - ok 21:48:01.0385 3348 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 21:48:01.0385 3348 LSI_SAS2 - ok 21:48:01.0401 3348 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 21:48:01.0401 3348 LSI_SCSI - ok 21:48:01.0417 3348 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 21:48:01.0417 3348 luafv - ok 21:48:01.0432 3348 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys 21:48:01.0432 3348 MBAMProtector - ok 21:48:01.0495 3348 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 21:48:01.0495 3348 MBAMService - ok 21:48:01.0557 3348 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe 21:48:01.0557 3348 McComponentHostService - ok 21:48:01.0588 3348 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll 21:48:01.0588 3348 Mcx2Svc - ok 21:48:01.0588 3348 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 21:48:01.0588 3348 megasas - ok 21:48:01.0619 3348 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 21:48:01.0619 3348 MegaSR - ok 21:48:01.0635 3348 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 21:48:01.0635 3348 MMCSS - ok 21:48:01.0651 3348 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 21:48:01.0651 3348 Modem - ok 21:48:01.0666 3348 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 21:48:01.0666 3348 monitor - ok 21:48:01.0666 3348 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 21:48:01.0666 3348 mouclass - ok 21:48:01.0682 3348 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 21:48:01.0682 3348 mouhid - ok 21:48:01.0697 3348 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys 21:48:01.0697 3348 mountmgr - ok 21:48:01.0760 3348 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 21:48:01.0760 3348 MozillaMaintenance - ok 21:48:01.0822 3348 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys 21:48:01.0822 3348 mpio - ok 21:48:01.0838 3348 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 21:48:01.0838 3348 mpsdrv - ok 21:48:01.0900 3348 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll 21:48:01.0900 3348 MpsSvc - ok 21:48:01.0916 3348 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys 21:48:01.0916 3348 MRxDAV - ok 21:48:01.0947 3348 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys 21:48:01.0947 3348 mrxsmb - ok 21:48:01.0978 3348 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys 21:48:01.0978 3348 mrxsmb10 - ok 21:48:01.0994 3348 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys 21:48:01.0994 3348 mrxsmb20 - ok 21:48:02.0009 3348 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys 21:48:02.0009 3348 msahci - ok 21:48:02.0025 3348 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys 21:48:02.0025 3348 msdsm - ok 21:48:02.0041 3348 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe 21:48:02.0041 3348 MSDTC - ok 21:48:02.0056 3348 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 21:48:02.0056 3348 Msfs - ok 21:48:02.0056 3348 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 21:48:02.0056 3348 mshidkmdf - ok 21:48:02.0072 3348 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys 21:48:02.0072 3348 msisadrv - ok 21:48:02.0103 3348 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll 21:48:02.0103 3348 MSiSCSI - ok 21:48:02.0103 3348 msiserver - ok 21:48:02.0119 3348 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 21:48:02.0119 3348 MSKSSRV - ok 21:48:02.0134 3348 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 21:48:02.0134 3348 MSPCLOCK - ok 21:48:02.0134 3348 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 21:48:02.0134 3348 MSPQM - ok 21:48:02.0165 3348 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys 21:48:02.0165 3348 MsRPC - ok 21:48:02.0181 3348 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys 21:48:02.0181 3348 mssmbios - ok 21:48:02.0197 3348 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 21:48:02.0197 3348 MSTEE - ok 21:48:02.0197 3348 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 21:48:02.0197 3348 MTConfig - ok 21:48:02.0228 3348 MTsensor (03b7145c889603537e9ffeabb1ad1089) C:\Windows\system32\DRIVERS\ASACPI.sys 21:48:02.0228 3348 MTsensor - ok 21:48:02.0259 3348 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 21:48:02.0259 3348 Mup - ok 21:48:02.0275 3348 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll 21:48:02.0290 3348 napagent - ok 21:48:02.0306 3348 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 21:48:02.0321 3348 NativeWifiP - ok 21:48:02.0384 3348 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys 21:48:02.0384 3348 NDIS - ok 21:48:02.0399 3348 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 21:48:02.0399 3348 NdisCap - ok 21:48:02.0399 3348 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 21:48:02.0399 3348 NdisTapi - ok 21:48:02.0415 3348 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys 21:48:02.0415 3348 Ndisuio - ok 21:48:02.0462 3348 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys 21:48:02.0462 3348 NdisWan - ok 21:48:02.0477 3348 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys 21:48:02.0477 3348 NDProxy - ok 21:48:02.0493 3348 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 21:48:02.0493 3348 NetBIOS - ok 21:48:02.0509 3348 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys 21:48:02.0509 3348 NetBT - ok 21:48:02.0540 3348 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe 21:48:02.0540 3348 Netlogon - ok 21:48:02.0587 3348 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll 21:48:02.0587 3348 Netman - ok 21:48:02.0618 3348 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll 21:48:02.0618 3348 netprofm - ok 21:48:02.0680 3348 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 21:48:02.0680 3348 NetTcpPortSharing - ok 21:48:02.0696 3348 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 21:48:02.0696 3348 nfrd960 - ok 21:48:02.0711 3348 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll 21:48:02.0711 3348 NlaSvc - ok 21:48:02.0727 3348 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 21:48:02.0727 3348 Npfs - ok 21:48:02.0727 3348 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll 21:48:02.0727 3348 nsi - ok 21:48:02.0743 3348 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 21:48:02.0743 3348 nsiproxy - ok 21:48:02.0805 3348 nSvcIp (c04f5def37e55f6a34428b050f44d3d6) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe 21:48:02.0821 3348 nSvcIp - ok 21:48:02.0899 3348 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys 21:48:02.0914 3348 Ntfs - ok 21:48:02.0992 3348 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 21:48:02.0992 3348 Null - ok 21:48:03.0039 3348 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys 21:48:03.0039 3348 NVENETFD - ok 21:48:03.0601 3348 nvlddmkm (bbe872a814b00798c2d568d46c42a71b) C:\Windows\system32\DRIVERS\nvlddmkm.sys 21:48:03.0647 3348 nvlddmkm - ok 21:48:03.0710 3348 NVNET (956a1f47826514c1ea0c295fe13c7377) C:\Windows\system32\DRIVERS\nvmf6264.sys 21:48:03.0710 3348 NVNET - ok 21:48:03.0741 3348 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys 21:48:03.0741 3348 nvraid - ok 21:48:03.0757 3348 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys 21:48:03.0772 3348 nvstor - ok 21:48:03.0788 3348 nvstor64 (7c7eef51979658ce15bbc04f96a77d56) C:\Windows\system32\DRIVERS\nvstor64.sys 21:48:03.0788 3348 nvstor64 - ok 21:48:03.0850 3348 NVSvc (0393e59488c67f704336f3ff06e2b7bd) C:\Windows\system32\nvvsvc.exe 21:48:03.0850 3348 NVSvc - ok 21:48:03.0881 3348 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys 21:48:03.0881 3348 nv_agp - ok 21:48:03.0897 3348 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys 21:48:03.0897 3348 ohci1394 - ok 21:48:03.0913 3348 ossrv (85ea378116e2c4385993ba5124536ffc) C:\Windows\system32\drivers\ctoss2k.sys 21:48:03.0913 3348 ossrv - ok 21:48:03.0944 3348 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 21:48:03.0959 3348 p2pimsvc - ok 21:48:03.0991 3348 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll 21:48:03.0991 3348 p2psvc - ok 21:48:04.0006 3348 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 21:48:04.0006 3348 Parport - ok 21:48:04.0037 3348 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys 21:48:04.0037 3348 partmgr - ok 21:48:04.0053 3348 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll 21:48:04.0069 3348 PcaSvc - ok 21:48:04.0069 3348 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys 21:48:04.0069 3348 pci - ok 21:48:04.0084 3348 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys 21:48:04.0084 3348 pciide - ok 21:48:04.0115 3348 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 21:48:04.0115 3348 pcmcia - ok 21:48:04.0131 3348 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 21:48:04.0131 3348 pcw - ok 21:48:04.0162 3348 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 21:48:04.0178 3348 PEAUTH - ok 21:48:04.0225 3348 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe 21:48:04.0225 3348 PerfHost - ok 21:48:04.0303 3348 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll 21:48:04.0318 3348 pla - ok 21:48:04.0349 3348 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll 21:48:04.0349 3348 PlugPlay - ok 21:48:04.0365 3348 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll 21:48:04.0365 3348 PNRPAutoReg - ok 21:48:04.0381 3348 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 21:48:04.0381 3348 PNRPsvc - ok 21:48:04.0427 3348 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll 21:48:04.0427 3348 PolicyAgent - ok 21:48:04.0459 3348 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll 21:48:04.0459 3348 Power - ok 21:48:04.0505 3348 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys 21:48:04.0505 3348 PptpMiniport - ok 21:48:04.0505 3348 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 21:48:04.0505 3348 Processor - ok 21:48:04.0537 3348 ProfSvc (97293447431311c06703368ad0f6c4be) C:\Windows\system32\profsvc.dll 21:48:04.0552 3348 ProfSvc - ok 21:48:04.0568 3348 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe 21:48:04.0568 3348 ProtectedStorage - ok 21:48:04.0583 3348 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys 21:48:04.0583 3348 Psched - ok 21:48:04.0661 3348 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 21:48:04.0661 3348 ql2300 - ok 21:48:04.0739 3348 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 21:48:04.0739 3348 ql40xx - ok 21:48:04.0755 3348 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll 21:48:04.0755 3348 QWAVE - ok 21:48:04.0771 3348 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 21:48:04.0771 3348 QWAVEdrv - ok 21:48:04.0786 3348 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 21:48:04.0786 3348 RasAcd - ok 21:48:04.0802 3348 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 21:48:04.0802 3348 RasAgileVpn - ok 21:48:04.0817 3348 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll 21:48:04.0817 3348 RasAuto - ok 21:48:04.0833 3348 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys 21:48:04.0833 3348 Rasl2tp - ok 21:48:04.0864 3348 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll 21:48:04.0864 3348 RasMan - ok 21:48:04.0880 3348 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 21:48:04.0880 3348 RasPppoe - ok 21:48:04.0895 3348 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 21:48:04.0895 3348 RasSstp - ok 21:48:04.0911 3348 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys 21:48:04.0911 3348 rdbss - ok 21:48:04.0927 3348 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 21:48:04.0927 3348 rdpbus - ok 21:48:04.0942 3348 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 21:48:04.0942 3348 RDPCDD - ok 21:48:04.0958 3348 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 21:48:04.0958 3348 RDPENCDD - ok 21:48:04.0973 3348 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 21:48:04.0973 3348 RDPREFMP - ok 21:48:04.0989 3348 RDPWD (447de7e3dea39d422c1504f245b668b1) C:\Windows\system32\drivers\RDPWD.sys 21:48:04.0989 3348 RDPWD - ok 21:48:05.0020 3348 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys 21:48:05.0020 3348 rdyboost - ok 21:48:05.0051 3348 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll 21:48:05.0051 3348 RemoteAccess - ok 21:48:05.0067 3348 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll 21:48:05.0067 3348 RemoteRegistry - ok 21:48:05.0083 3348 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll 21:48:05.0083 3348 RpcEptMapper - ok 21:48:05.0098 3348 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe 21:48:05.0098 3348 RpcLocator - ok 21:48:05.0161 3348 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll 21:48:05.0161 3348 RpcSs - ok 21:48:05.0176 3348 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 21:48:05.0176 3348 rspndr - ok 21:48:05.0207 3348 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe 21:48:05.0207 3348 SamSs - ok 21:48:05.0207 3348 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys 21:48:05.0223 3348 sbp2port - ok 21:48:05.0239 3348 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll 21:48:05.0239 3348 SCardSvr - ok 21:48:05.0254 3348 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys 21:48:05.0254 3348 scfilter - ok 21:48:05.0317 3348 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll 21:48:05.0332 3348 Schedule - ok 21:48:05.0363 3348 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll 21:48:05.0363 3348 SCPolicySvc - ok 21:48:05.0379 3348 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll 21:48:05.0379 3348 SDRSVC - ok 21:48:05.0410 3348 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 21:48:05.0410 3348 secdrv - ok 21:48:05.0426 3348 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll 21:48:05.0426 3348 seclogon - ok 21:48:05.0426 3348 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll 21:48:05.0441 3348 SENS - ok 21:48:05.0441 3348 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll 21:48:05.0441 3348 SensrSvc - ok 21:48:05.0473 3348 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 21:48:05.0473 3348 Serenum - ok 21:48:05.0504 3348 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 21:48:05.0504 3348 Serial - ok 21:48:05.0504 3348 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 21:48:05.0504 3348 sermouse - ok 21:48:05.0535 3348 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll 21:48:05.0535 3348 SessionEnv - ok 21:48:05.0535 3348 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys 21:48:05.0535 3348 sffdisk - ok 21:48:05.0551 3348 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys 21:48:05.0551 3348 sffp_mmc - ok 21:48:05.0566 3348 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys 21:48:05.0566 3348 sffp_sd - ok 21:48:05.0566 3348 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 21:48:05.0566 3348 sfloppy - ok 21:48:05.0613 3348 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll 21:48:05.0613 3348 SharedAccess - ok 21:48:05.0644 3348 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll 21:48:05.0644 3348 ShellHWDetection - ok 21:48:05.0660 3348 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 21:48:05.0660 3348 SiSRaid2 - ok 21:48:05.0675 3348 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 21:48:05.0675 3348 SiSRaid4 - ok 21:48:05.0691 3348 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 21:48:05.0691 3348 Smb - ok 21:48:05.0738 3348 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe 21:48:05.0738 3348 SNMPTRAP - ok 21:48:05.0753 3348 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 21:48:05.0753 3348 spldr - ok 21:48:05.0785 3348 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe 21:48:05.0800 3348 Spooler - ok 21:48:05.0972 3348 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe 21:48:06.0003 3348 sppsvc - ok 21:48:06.0065 3348 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll 21:48:06.0065 3348 sppuinotify - ok 21:48:06.0112 3348 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys 21:48:06.0128 3348 srv - ok 21:48:06.0143 3348 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys 21:48:06.0143 3348 srv2 - ok 21:48:06.0159 3348 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys 21:48:06.0159 3348 srvnet - ok 21:48:06.0206 3348 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll 21:48:06.0206 3348 SSDPSRV - ok 21:48:06.0221 3348 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll 21:48:06.0221 3348 SstpSvc - ok 21:48:06.0284 3348 Stereo Service (8d01686ae82b466f4cd074f31f2942ca) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe 21:48:06.0284 3348 Stereo Service - ok 21:48:06.0299 3348 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 21:48:06.0299 3348 stexstor - ok 21:48:06.0331 3348 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll 21:48:06.0346 3348 stisvc - ok 21:48:06.0362 3348 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys 21:48:06.0362 3348 swenum - ok 21:48:06.0393 3348 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll 21:48:06.0409 3348 swprv - ok 21:48:06.0487 3348 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll 21:48:06.0518 3348 SysMain - ok 21:48:06.0565 3348 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll 21:48:06.0580 3348 TabletInputService - ok 21:48:06.0596 3348 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll 21:48:06.0611 3348 TapiSrv - ok 21:48:06.0611 3348 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll 21:48:06.0627 3348 TBS - ok 21:48:06.0736 3348 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys 21:48:06.0752 3348 Tcpip - ok 21:48:07.0001 3348 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys 21:48:07.0017 3348 TCPIP6 - ok 21:48:07.0048 3348 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys 21:48:07.0048 3348 tcpipreg - ok 21:48:07.0064 3348 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 21:48:07.0064 3348 TDPIPE - ok 21:48:07.0095 3348 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys 21:48:07.0095 3348 TDTCP - ok 21:48:07.0111 3348 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys 21:48:07.0111 3348 tdx - ok 21:48:07.0111 3348 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys 21:48:07.0111 3348 TermDD - ok 21:48:07.0173 3348 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll 21:48:07.0189 3348 TermService - ok 21:48:07.0189 3348 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll 21:48:07.0189 3348 Themes - ok 21:48:07.0220 3348 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 21:48:07.0220 3348 THREADORDER - ok 21:48:07.0220 3348 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll 21:48:07.0235 3348 TrkWks - ok 21:48:07.0251 3348 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe 21:48:07.0251 3348 TrustedInstaller - ok 21:48:07.0267 3348 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys 21:48:07.0267 3348 tssecsrv - ok 21:48:07.0298 3348 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys 21:48:07.0298 3348 tunnel - ok 21:48:07.0313 3348 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 21:48:07.0313 3348 uagp35 - ok 21:48:07.0345 3348 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys 21:48:07.0345 3348 udfs - ok 21:48:07.0360 3348 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe 21:48:07.0360 3348 UI0Detect - ok 21:48:07.0376 3348 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys 21:48:07.0376 3348 uliagpkx - ok 21:48:07.0391 3348 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys 21:48:07.0391 3348 umbus - ok 21:48:07.0407 3348 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 21:48:07.0407 3348 UmPass - ok 21:48:07.0438 3348 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll 21:48:07.0438 3348 upnphost - ok 21:48:07.0469 3348 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\drivers\usbccgp.sys 21:48:07.0469 3348 usbccgp - ok 21:48:07.0469 3348 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys 21:48:07.0469 3348 usbcir - ok 21:48:07.0501 3348 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys 21:48:07.0501 3348 usbehci - ok 21:48:07.0532 3348 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys 21:48:07.0532 3348 usbhub - ok 21:48:07.0532 3348 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\DRIVERS\usbohci.sys 21:48:07.0532 3348 usbohci - ok 21:48:07.0547 3348 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 21:48:07.0547 3348 usbprint - ok 21:48:07.0563 3348 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS 21:48:07.0563 3348 USBSTOR - ok 21:48:07.0579 3348 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys 21:48:07.0579 3348 usbuhci - ok 21:48:07.0579 3348 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll 21:48:07.0579 3348 UxSms - ok 21:48:07.0610 3348 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe 21:48:07.0610 3348 VaultSvc - ok 21:48:07.0641 3348 VClone (84bb306b7863883018d7f3eb0c453bd5) C:\Windows\system32\DRIVERS\VClone.sys 21:48:07.0641 3348 VClone - ok 21:48:07.0641 3348 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys 21:48:07.0641 3348 vdrvroot - ok 21:48:07.0672 3348 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe 21:48:07.0688 3348 vds - ok 21:48:07.0719 3348 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 21:48:07.0719 3348 vga - ok 21:48:07.0719 3348 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 21:48:07.0719 3348 VgaSave - ok 21:48:07.0750 3348 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys 21:48:07.0750 3348 vhdmp - ok 21:48:07.0766 3348 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys 21:48:07.0766 3348 viaide - ok 21:48:07.0766 3348 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys 21:48:07.0781 3348 volmgr - ok 21:48:07.0797 3348 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys 21:48:07.0797 3348 volmgrx - ok 21:48:07.0828 3348 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys 21:48:07.0828 3348 volsnap - ok 21:48:07.0844 3348 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 21:48:07.0844 3348 vsmraid - ok 21:48:07.0922 3348 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe 21:48:07.0937 3348 VSS - ok 21:48:08.0015 3348 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys 21:48:08.0015 3348 vwifibus - ok 21:48:08.0047 3348 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll 21:48:08.0062 3348 W32Time - ok 21:48:08.0062 3348 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 21:48:08.0062 3348 WacomPen - ok 21:48:08.0093 3348 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys 21:48:08.0093 3348 WANARP - ok 21:48:08.0093 3348 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys 21:48:08.0093 3348 Wanarpv6 - ok 21:48:08.0187 3348 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe 21:48:08.0203 3348 WatAdminSvc - ok 21:48:08.0281 3348 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe 21:48:08.0296 3348 wbengine - ok 21:48:08.0343 3348 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll 21:48:08.0343 3348 WbioSrvc - ok 21:48:08.0374 3348 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll 21:48:08.0390 3348 wcncsvc - ok 21:48:08.0390 3348 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll 21:48:08.0390 3348 WcsPlugInService - ok 21:48:08.0405 3348 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 21:48:08.0405 3348 Wd - ok 21:48:08.0452 3348 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 21:48:08.0452 3348 Wdf01000 - ok 21:48:08.0452 3348 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 21:48:08.0468 3348 WdiServiceHost - ok 21:48:08.0468 3348 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 21:48:08.0468 3348 WdiSystemHost - ok 21:48:08.0499 3348 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll 21:48:08.0499 3348 WebClient - ok 21:48:08.0515 3348 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll 21:48:08.0515 3348 Wecsvc - ok 21:48:08.0530 3348 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll 21:48:08.0546 3348 wercplsupport - ok 21:48:08.0546 3348 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll 21:48:08.0546 3348 WerSvc - ok 21:48:08.0561 3348 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 21:48:08.0561 3348 WfpLwf - ok 21:48:08.0577 3348 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 21:48:08.0577 3348 WIMMount - ok 21:48:08.0593 3348 WinDefend - ok 21:48:08.0593 3348 WinHttpAutoProxySvc - ok 21:48:08.0639 3348 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll 21:48:08.0639 3348 Winmgmt - ok 21:48:08.0749 3348 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll 21:48:08.0780 3348 WinRM - ok 21:48:08.0920 3348 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll 21:48:08.0936 3348 Wlansvc - ok 21:48:08.0936 3348 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys 21:48:08.0936 3348 WmiAcpi - ok 21:48:08.0967 3348 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe 21:48:08.0967 3348 wmiApSrv - ok 21:48:08.0983 3348 WMPNetworkSvc - ok 21:48:08.0998 3348 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll 21:48:08.0998 3348 WPCSvc - ok 21:48:08.0998 3348 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll 21:48:09.0014 3348 WPDBusEnum - ok 21:48:09.0014 3348 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 21:48:09.0014 3348 ws2ifsl - ok 21:48:09.0045 3348 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\system32\wscsvc.dll 21:48:09.0045 3348 wscsvc - ok 21:48:09.0045 3348 WSearch - ok 21:48:09.0185 3348 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll 21:48:09.0217 3348 wuauserv - ok 21:48:09.0279 3348 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys 21:48:09.0279 3348 WudfPf - ok 21:48:09.0310 3348 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys 21:48:09.0310 3348 WUDFRd - ok 21:48:09.0326 3348 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll 21:48:09.0326 3348 wudfsvc - ok 21:48:09.0357 3348 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll 21:48:09.0357 3348 WwanSvc - ok 21:48:09.0357 3348 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 21:48:09.0388 3348 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected 21:48:09.0388 3348 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0) 21:48:09.0404 3348 \Device\Harddisk0\DR0 ( TDSS File System ) - warning 21:48:09.0404 3348 \Device\Harddisk0\DR0 - detected TDSS File System (1) 21:48:09.0419 3348 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk1\DR1 21:48:11.0213 3348 \Device\Harddisk1\DR1 - ok 21:48:11.0213 3348 Boot (0x1200) (e528edaff4cf373d91acd231b0efee17) \Device\Harddisk0\DR0\Partition0 21:48:11.0213 3348 \Device\Harddisk0\DR0\Partition0 - ok 21:48:11.0229 3348 Boot (0x1200) (a07ea1c78792c2271933de3d95aa78e1) \Device\Harddisk0\DR0\Partition1 21:48:11.0229 3348 \Device\Harddisk0\DR0\Partition1 - ok 21:48:11.0229 3348 Boot (0x1200) (15f9c330526e34cbeabcddef13a60174) \Device\Harddisk1\DR1\Partition0 21:48:11.0229 3348 \Device\Harddisk1\DR1\Partition0 - ok 21:48:11.0229 3348 ============================================================ 21:48:11.0229 3348 Scan finished 21:48:11.0229 3348 ============================================================ 21:48:11.0245 3268 Detected object count: 2 21:48:11.0245 3268 Actual detected object count: 2 21:49:49.0348 3268 \Device\Harddisk0\DR0\# - copied to quarantine 21:49:49.0348 3268 \Device\Harddisk0\DR0 - copied to quarantine 21:49:49.0379 3268 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine 21:49:49.0379 3268 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine 21:49:49.0379 3268 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine 21:49:49.0379 3268 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine 21:49:49.0394 3268 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine 21:49:49.0394 3268 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine 21:49:49.0394 3268 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine 21:49:49.0394 3268 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine 21:49:49.0394 3268 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine 21:49:49.0394 3268 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine 21:49:49.0410 3268 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine 21:49:49.0410 3268 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine 21:49:49.0410 3268 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine 21:49:49.0410 3268 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine 21:49:49.0410 3268 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine 21:49:49.0441 3268 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot 21:49:49.0441 3268 \Device\Harddisk0\DR0 - ok 21:49:55.0026 3268 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure 21:49:55.0026 3268 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user 21:49:55.0026 3268 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip 21:50:57.0988 5068 Deinitialize success
  13. RogueKiller V7.6.6 [08/10/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7600 ) 64 bits version Started in : Normal mode User: Bernice [Admin rights] Mode: Scan -- Date: 08/10/2012 19:35:09 ¤¤¤ Bad processes: 1 ¤¤¤ [sVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc] ¤¤¤ Registry Entries: 2 ¤¤¤ [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ [ZeroAccess][FILE] @ : c:\windows\installer\{1f47eb10-4447-ed96-c74a-469d77c68f8d}\@ --> FOUND [ZeroAccess][FOLDER] U : c:\windows\installer\{1f47eb10-4447-ed96-c74a-469d77c68f8d}\U --> FOUND [ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_32\desktop.ini --> FOUND [ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_64\desktop.ini --> FOUND [susp.ASLR][ASLR WIPED-OFF] services.exe : c:\windows\system32\services.exe --> FOUND ¤¤¤ Driver: [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ZeroAccess ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD64 01AALS-00E8B SCSI Disk Device +++++ --- User --- [MBR] de56085bf42185de9de7ddf70a5ddde3 [bSP] f7e93078e80b07ffdd0bd575fae681f7 : Windows 7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 610378 Mo User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[1].txt >> RKreport[1].txt
  14. Malwarebytes Anti-Malware (Trial) 1.62.0.1300 www.malwarebytes.org Database version: v2012.08.10.08 Windows 7 x64 NTFS Internet Explorer 8.0.7600.16385 Bernice :: BERNICE-PC [administrator] Protection: Enabled 8/10/2012 9:31:03 PM mbam-log-2012-08-10 (21-31-03).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 208968 Time elapsed: 1 minute(s), 28 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot. (end) Still one left
  15. Malwarebytes Anti-Malware (Trial) 1.62.0.1300 www.malwarebytes.org Database version: v2012.08.10.08 Windows 7 x64 NTFS Internet Explorer 8.0.7600.16385 Bernice :: BERNICE-PC [administrator] Protection: Disabled 8/10/2012 9:25:32 PM mbam-log-2012-08-10 (21-25-32).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 209025 Time elapsed: 59 second(s) Memory Processes Detected: 1 C:\Windows\svchost.exe (Trojan.Agent) -> 3760 -> Delete on reboot. Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot. (end) Seems to be running okay currently, but it found two objects as you will see here. Want me to reboot as it requests?
  16. This seems to be a big log! ComboFix 12-08-09.01 - Bernice 08/10/2012 20:51:04.1.2 - x64 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4095.2961 [GMT -4:00] Running from: c:\users\Bernice\Desktop\ComboFix.exe SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\Install.exe c:\users\Bernice\AppData\Local\assembly\tmp c:\windows\svchost.exe . . ((((((((((((((((((((((((( Files Created from 2012-07-11 to 2012-08-11 ))))))))))))))))))))))))))))))) . . 2012-08-11 04:09 . 2012-08-11 04:09 -------- d-----w- C:\FRST 2012-08-10 01:25 . 2012-08-10 01:25 -------- d-sh--w- c:\windows\SysWow64\%APPDATA% 2012-08-07 07:16 . 2012-08-07 07:16 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B033D555-B4ED-4EDC-9523-66351C4A87D4}\offreg.dll 2012-08-07 07:15 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B033D555-B4ED-4EDC-9523-66351C4A87D4}\mpengine.dll 2012-07-24 13:52 . 2012-07-24 13:52 -------- d-----w- c:\windows\Sun . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-03 06:20 . 2012-05-04 21:50 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-08-03 06:20 . 2011-05-25 23:25 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-11 07:00 . 2010-12-21 00:26 59701280 ----a-w- c:\windows\system32\MRT.exe 2012-07-03 17:46 . 2011-02-07 14:55 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-12 03:02 . 2012-07-11 07:02 3147264 ----a-w- c:\windows\system32\win32k.sys 2012-06-09 05:30 . 2012-07-11 05:45 14165504 ----a-w- c:\windows\system32\shell32.dll 2012-06-06 05:50 . 2012-07-11 05:45 2003968 ----a-w- c:\windows\system32\msxml6.dll 2012-06-06 05:50 . 2012-07-11 05:45 1880064 ----a-w- c:\windows\system32\msxml3.dll 2012-06-06 05:09 . 2012-07-11 05:45 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll 2012-06-06 05:09 . 2012-07-11 05:45 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll 2012-06-02 22:19 . 2012-06-22 01:49 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-02 22:19 . 2012-06-22 01:49 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 22:19 . 2012-06-22 01:49 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 22:19 . 2012-06-22 01:49 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 22:19 . 2012-06-22 01:49 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 22:15 . 2012-06-22 01:49 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:15 . 2012-06-22 01:49 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 19:19 . 2012-06-22 01:49 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 19:15 . 2012-06-22 01:49 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-02 05:38 . 2012-07-11 05:45 95088 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-06-02 05:38 . 2012-07-11 05:45 152432 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2012-06-02 05:37 . 2012-07-11 05:45 459216 ----a-w- c:\windows\system32\drivers\cng.sys 2012-06-02 05:27 . 2012-07-11 05:45 340992 ----a-w- c:\windows\system32\schannel.dll 2012-06-02 05:27 . 2012-07-11 05:45 307200 ----a-w- c:\windows\system32\ncrypt.dll 2012-06-02 04:48 . 2012-07-11 05:45 22016 ----a-w- c:\windows\SysWow64\secur32.dll 2012-06-02 04:48 . 2012-07-11 05:45 225280 ----a-w- c:\windows\SysWow64\schannel.dll 2012-06-02 04:47 . 2012-07-11 05:45 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll 2012-06-02 04:42 . 2012-07-11 05:45 96768 ----a-w- c:\windows\SysWow64\sspicli.dll 2012-05-31 16:25 . 2010-12-21 00:04 279656 ------w- c:\windows\system32\MpSigStub.exe 2012-05-15 03:56 . 2012-06-12 23:17 1197568 ----a-w- c:\windows\system32\wininet.dll 2012-05-15 03:52 . 2012-06-12 23:17 64512 ----a-w- c:\windows\system32\jsproxy.dll 2012-05-15 03:08 . 2012-06-12 23:17 981504 ----a-w- c:\windows\SysWow64\wininet.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DevconDefaultDB"="c:\windows\system32\readreg" [X] "googletalk"="c:\users\Bernice\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "AsioThk32Reg"="CTASIO.DLL" [2010-03-19 47104] "CTHelper"="CTHELPER.EXE" [2010-03-19 19456] "VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-03 250056] R3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.SYS [2010-03-19 158808] R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-12-21 79360] R3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.SYS [2010-03-19 706648] R3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\System32\drivers\CTERFXFX.SYS [2010-03-19 141912] R3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.SYS [2010-03-19 141912] R3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.SYS [2010-03-19 681048] R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-20 113120] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-21 1255736] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2010-11-09 21992] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256] S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\System32\drivers\COMMONFX.SYS [2010-03-19 158808] S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\System32\drivers\CTAUDFX.SYS [2010-03-19 706648] S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\System32\drivers\CTSBLFX.SYS [2010-03-19 681048] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . Contents of the 'Scheduled Tasks' folder . 2012-08-10 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-04 06:20] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-05-23 7833120] "Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-05-23 1833504] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 LSP: %SYSTEMROOT%\system32\nvLsp.dll TCP: DhcpNameServer = 209.206.136.8 207.230.192.251 FF - ProfilePath - c:\users\Bernice\AppData\Roaming\Mozilla\Firefox\Profiles\r60pnj1e.default\ FF - prefs.js: browser.startup.homepage - about:blank FF - user.js: yahoo.ytff.general.dontshowhpoffer - true . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKCU-Run-Spotify - c:\users\Bernice\AppData\Roaming\Spotify\Spotify.exe Wow6432Node-HKCU-Run-NCsoft - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe c:\\.\globalroot\systemroot\svchost.exe . ************************************************************************** . Completion time: 2012-08-10 21:00:50 - machine was rebooted ComboFix-quarantined-files.txt 2012-08-11 01:00 . Pre-Run: 490,335,031,296 bytes free Post-Run: 491,265,798,144 bytes free . - - End Of File - - E8A22271CE4C9D386D1655660B59D12A
  17. Okay, I assume we're getting closer to "Fixed" Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 09-08-2012 Ran by SYSTEM at 2012-08-10 20:36:26 Run:1 Running from F:\ ============================================== C:\Windows\Installer\{1f47eb10-4447-ed96-c74a-469d77c68f8d} moved successfully. C:\Windows\assembly\GAC_32\Desktop.ini moved successfully. C:\Windows\assembly\GAC_64\Desktop.ini moved successfully. C:\Windows\System32\services.exe moved successfully. C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe ==== End of Fixlog ====
  18. Okay, I did as you said. One hitch, I typed Exit into the search box, and hit enter, causing it to scan again and write FRST.txt again, After the Search.txt... I don't know if that would change the results you're looking for or not. Scan result of Farbar Recovery Scan Tool Version: 09-08-2012 Ran by SYSTEM at 10-08-2012 20:15:30 Running from F:\ Windows 7 Home Premium (X64) OS Language: English(US) The current controlset is ControlSet001 ========================== Registry (Whitelisted) ============= HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7833120 2009-05-22] (Realtek Semiconductor) HKLM\...\Run: [skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-05-22] (Realtek Semiconductor Corp.) HKLM-x32\...\Run: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL [x] HKLM-x32\...\Run: [CTHelper] CTHELPER.EXE [x] HKLM-x32\...\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s [85160 2009-06-17] (Elaborate Bytes AG) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated) HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation) HKU\Bernice\...\Run: [DevconDefaultDB] C:\Windows\system32\readreg /PSCONV={NO} /FAIL=1 [x] HKU\Bernice\...\Run: [spotify] "C:\Users\Bernice\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart [x] HKU\Bernice\...\Run: [googletalk] C:\Users\Bernice\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart [3739648 2007-01-01] (Google) HKU\Bernice\...\Run: [NCsoft] [x] Tcpip\Parameters: [DhcpNameServer] 209.206.136.8 207.230.192.251 Startup: C:\Users\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.) ==================== Services (Whitelisted) ====== 2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [625184 2009-04-19] () 2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation) 3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe" [227232 2010-01-15] (McAfee, Inc.) 2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [207904 2009-04-19] () ========================== Drivers (Whitelisted) ============= 3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation) 3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-28] () 3 NVNET; C:\Windows\System32\DRIVERS\nvmf6264.sys [339360 2009-04-30] (NVIDIA Corporation) ========================== NetSvcs (Whitelisted) =========== ============ One Month Created Files and Folders ============== 2012-08-10 15:47 - 2012-08-10 15:47 - 01439703 ____A (Farbar) C:\Users\Bernice\Downloads\FRST64.exe 2012-08-10 15:35 - 2012-08-10 15:35 - 00001753 ____A C:\Users\Bernice\Desktop\RKreport[1].txt 2012-08-10 15:34 - 2012-08-10 15:35 - 00000000 ____D C:\Users\Bernice\Desktop\RK_Quarantine 2012-08-10 15:33 - 2012-08-10 15:33 - 01558528 ____A C:\Users\Bernice\Desktop\RogueKiller.exe 2012-08-10 15:29 - 2012-08-10 15:28 - 00607260 ____R (Swearware) C:\Users\Bernice\Desktop\dds.com 2012-08-10 15:28 - 2012-08-10 15:27 - 00607260 ____R (Swearware) C:\Users\Bernice\Desktop\dds.scr 2012-08-10 05:13 - 2012-08-10 05:13 - 00001169 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2012-08-09 17:25 - 2012-08-09 17:25 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA% 2012-08-07 07:21 - 2012-08-07 07:21 - 00001580 ____A C:\Users\Bernice\Desktop\Peanut butter chicken.txt 2012-08-04 16:02 - 2012-08-04 16:02 - 01124103 ____A C:\Users\Bernice\Downloads\DBM-4.10.14-r7705-Core-and-Cataclysm-Mods.zip 2012-08-02 07:05 - 2012-08-02 07:05 - 02294253 ____A C:\Users\Bernice\Downloads\Grail-035.zip 2012-08-02 07:04 - 2012-08-02 07:04 - 00039092 ____A C:\Users\Bernice\Downloads\Wholly-021.zip 2012-07-28 09:31 - 2012-07-28 09:31 - 00165248 ____A (ArenaNet) C:\Users\Bernice\Downloads\GwSetup.exe 2012-07-24 19:28 - 2012-07-24 19:28 - 48351232 ____A C:\Users\Bernice\Downloads\calibre-0.8.61.msi 2012-07-24 05:52 - 2012-07-24 05:52 - 00000000 ____D C:\Windows\Sun ============ 3 Months Modified Files ======================== 2012-08-10 16:04 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-08-10 16:04 - 2009-07-13 20:51 - 00040313 ____A C:\Windows\setupact.log 2012-08-10 16:03 - 2009-07-13 20:45 - 00015024 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2012-08-10 16:03 - 2009-07-13 20:45 - 00015024 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2012-08-10 15:50 - 2010-12-20 15:44 - 01158100 ____A C:\Windows\WindowsUpdate.log 2012-08-10 15:48 - 2009-07-13 21:13 - 00726270 ____A C:\Windows\System32\PerfStringBackup.INI 2012-08-10 15:47 - 2012-08-10 15:47 - 01439703 ____A (Farbar) C:\Users\Bernice\Downloads\FRST64.exe 2012-08-10 15:35 - 2012-08-10 15:35 - 00001753 ____A C:\Users\Bernice\Desktop\RKreport[1].txt 2012-08-10 15:33 - 2012-08-10 15:33 - 01558528 ____A C:\Users\Bernice\Desktop\RogueKiller.exe 2012-08-10 15:28 - 2012-08-10 15:29 - 00607260 ____R (Swearware) C:\Users\Bernice\Desktop\dds.com 2012-08-10 15:27 - 2012-08-10 15:28 - 00607260 ____R (Swearware) C:\Users\Bernice\Desktop\dds.scr 2012-08-10 15:20 - 2012-05-04 13:50 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2012-08-10 11:49 - 2011-02-07 16:24 - 00006004 ____A C:\Windows\PFRO.log 2012-08-10 05:13 - 2012-08-10 05:13 - 00001169 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2012-08-07 07:21 - 2012-08-07 07:21 - 00001580 ____A C:\Users\Bernice\Desktop\Peanut butter chicken.txt 2012-08-04 16:02 - 2012-08-04 16:02 - 01124103 ____A C:\Users\Bernice\Downloads\DBM-4.10.14-r7705-Core-and-Cataclysm-Mods.zip 2012-08-02 22:20 - 2012-05-04 13:50 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2012-08-02 22:20 - 2011-05-25 15:25 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2012-08-02 07:05 - 2012-08-02 07:05 - 02294253 ____A C:\Users\Bernice\Downloads\Grail-035.zip 2012-08-02 07:04 - 2012-08-02 07:04 - 00039092 ____A C:\Users\Bernice\Downloads\Wholly-021.zip 2012-07-28 09:31 - 2012-07-28 09:31 - 00165248 ____A (ArenaNet) C:\Users\Bernice\Downloads\GwSetup.exe 2012-07-24 19:31 - 2012-02-12 18:51 - 00001016 ____A C:\Users\Public\Desktop\calibre - E-book management.lnk 2012-07-24 19:28 - 2012-07-24 19:28 - 48351232 ____A C:\Users\Bernice\Downloads\calibre-0.8.61.msi 2012-07-10 23:18 - 2009-07-13 20:45 - 00289152 ____A C:\Windows\System32\FNTCACHE.DAT 2012-07-10 23:00 - 2010-12-20 16:26 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2012-07-10 20:59 - 2012-07-10 20:57 - 108835088 ____A C:\Users\Bernice\Downloads\PRS-T1_Updater_1.0.04.12210(1).exe 2012-07-05 06:21 - 2010-12-26 19:07 - 00540672 __ASH C:\Users\Bernice\Documents\Thumbs.db 2012-07-05 06:17 - 2012-07-05 06:17 - 00011761 ____A C:\Users\Bernice\Documents\Shea.odt 2012-07-03 09:46 - 2011-02-07 06:55 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-06-24 07:10 - 2012-06-24 07:10 - 47520256 ____A C:\Users\Bernice\Downloads\calibre-0.8.57.msi 2012-06-15 03:20 - 2012-06-15 03:19 - 47544304 ____A C:\Users\Bernice\Downloads\calibre-0.8.56.msi 2012-06-11 19:02 - 2012-07-10 23:02 - 03147264 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-06-08 21:30 - 2012-07-10 21:45 - 14165504 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll 2012-06-08 20:46 - 2012-07-10 21:45 - 12868608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2012-06-07 16:25 - 2012-06-07 16:25 - 01124103 ____A C:\Users\Bernice\Downloads\DBM-4.10.12-r7536-Core-and-Cataclysm-Mods.zip 2012-06-07 06:17 - 2012-06-07 06:17 - 00010075 ____A C:\Users\Bernice\Downloads\BittensSpellFlashLibrary-2.11.1.zip 2012-06-06 19:58 - 2012-06-06 19:58 - 00007862 ____A C:\Users\Bernice\Downloads\BittensSpellFlash_Priest-2.1.0.zip 2012-06-06 19:57 - 2012-06-06 19:57 - 00074891 ____A C:\Users\Bernice\Downloads\SpellFlash-5.162.zip 2012-06-05 21:50 - 2012-07-10 21:45 - 02003968 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll 2012-06-05 21:50 - 2012-07-10 21:45 - 01880064 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll 2012-06-05 21:09 - 2012-07-10 21:45 - 01389568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2012-06-05 21:09 - 2012-07-10 21:45 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2012-06-02 14:19 - 2012-06-21 17:49 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll 2012-06-02 14:19 - 2012-06-21 17:49 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll 2012-06-02 14:19 - 2012-06-21 17:49 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe 2012-06-02 14:19 - 2012-06-21 17:49 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll 2012-06-02 14:19 - 2012-06-21 17:49 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll 2012-06-02 14:15 - 2012-06-21 17:49 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll 2012-06-02 14:15 - 2012-06-21 17:49 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll 2012-06-02 11:19 - 2012-06-21 17:49 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll 2012-06-02 11:15 - 2012-06-21 17:49 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe 2012-06-01 21:38 - 2012-07-10 21:45 - 00152432 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys 2012-06-01 21:38 - 2012-07-10 21:45 - 00095088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys 2012-06-01 21:37 - 2012-07-10 21:45 - 00459216 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys 2012-06-01 21:27 - 2012-07-10 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll 2012-06-01 21:27 - 2012-07-10 21:45 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll 2012-06-01 20:48 - 2012-07-10 21:45 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2012-06-01 20:48 - 2012-07-10 21:45 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2012-06-01 20:47 - 2012-07-10 21:45 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2012-06-01 20:42 - 2012-07-10 21:45 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2012-05-31 08:25 - 2010-12-20 16:04 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe 2012-05-20 09:15 - 2012-05-20 09:15 - 04720082 ____A (Skylabs) C:\Users\Bernice\Downloads\OCTGN 3.0.1.6.exe 2012-05-14 19:56 - 2012-06-12 15:17 - 01197568 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-05-14 19:52 - 2012-06-12 15:17 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-05-14 19:08 - 2012-06-12 15:17 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2012-05-14 19:06 - 2012-06-12 15:17 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2012-05-14 08:57 - 2012-05-14 08:57 - 00001249 ____A C:\Users\Public\Desktop\Diablo III.lnk 2012-05-14 08:53 - 2012-05-14 08:53 - 32288896 ____A (Blizzard Entertainment) C:\Users\Bernice\Downloads\Diablo-III-Setup-enUS.exe 2012-05-14 06:24 - 2012-05-14 06:24 - 07336648 ____A (Blizzard Entertainment) C:\Users\Bernice\Downloads\Diablo-III-8370-enUS-Installer-downloader(1).exe ZeroAccess: C:\Windows\Installer\{1f47eb10-4447-ed96-c74a-469d77c68f8d} C:\Windows\Installer\{1f47eb10-4447-ed96-c74a-469d77c68f8d}\@ C:\Windows\Installer\{1f47eb10-4447-ed96-c74a-469d77c68f8d}\U C:\Windows\Installer\{1f47eb10-4447-ed96-c74a-469d77c68f8d}\U\00000004.@ C:\Windows\Installer\{1f47eb10-4447-ed96-c74a-469d77c68f8d}\U\80000000.@ C:\Windows\Installer\{1f47eb10-4447-ed96-c74a-469d77c68f8d}\U\80000064.@ ZeroAccess: C:\Windows\assembly\GAC_32\Desktop.ini ZeroAccess: C:\Windows\assembly\GAC_64\Desktop.ini ========================= Known DLLs (Whitelisted) ============ ========================= Bamital & volsnap Check ============ C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!. C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ========================= Memory info ====================== Percentage of memory in use: 17% Total physical RAM: 4094.55 MB Available physical RAM: 3373.75 MB Total Pagefile: 4092.7 MB Available Pagefile: 3452.85 MB Total Virtual: 8192 MB Available Virtual: 8191.9 MB ======================= Partitions ========================= 2 Drive c: () (Fixed) (Total:596.07 GB) (Free:456.06 GB) NTFS 4 Drive f: (FLASH DRIVE) (Removable) (Total:0.12 GB) (Free:0.12 GB) FAT 5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS 6 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)] Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 596 GB 0 B Disk 1 Online 123 MB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 100 MB 1024 KB Partition 2 Primary 596 GB 101 MB ================================================================================== Disk: 0 Partition 1 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 Y System Rese NTFS Partition 100 MB Healthy ================================================================================== Disk: 0 Partition 2 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C NTFS Partition 596 GB Healthy ================================================================================== Partitions of Disk 1: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 123 MB 16 KB ================================================================================== Disk: 1 Partition 1 Type : 06 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 F FLASH DRIVE FAT Removable 123 MB Healthy ================================================================================== Last Boot: 2012-08-06 20:59 ======================= End Of Log ========================== And Farbar Recovery Scan Tool Version: 09-08-2012 Ran by SYSTEM at 2012-08-10 20:13:58 Running from F:\ ================== Search: "services.exe" =================== C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB C:\Windows\System32\services.exe [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06 ====== End Of Search ======
  19. That did help. I will be a bit. Doing the rest of what you told me to do now... I appreciate your helpfulness.
  20. I'm confused as to how to make a restore point.... When I clicked on "System Restore" to get options it was going to roll back to a prior point.... Can you assist me with the first part of your directions? I've copied the 64 bit version to a flash drive, so I guess I got a BIT ahead of myself, but then noticed your first directions and stopped until you have a chance to clarify.
  21. Thank you very much for the timely reply. . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_31 Run by Bernice at 19:31:50 on 2012-08-10 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4095.2492 [GMT -4:00] . SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\System32\spoolsv.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Users\Bernice\AppData\Roaming\Google\Google Talk\googletalk.exe C:\Windows\SysWOW64\CtHelper.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe -netsvcs C:\Windows\system32\conhost.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\taskmgr.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe C:\Windows\notepad.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . mWinlogon: Userinit=userinit.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll uRun: [DevconDefaultDB] C:\Windows\system32\readreg /PSCONV={NO} /FAIL=1 uRun: [spotify] "C:\Users\Bernice\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart uRun: [googletalk] C:\Users\Bernice\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart uRun: [NCsoft] mRun: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL mRun: [CTHelper] CTHELPER.EXE mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200 LSP: %SYSTEMROOT%\system32\nvLsp.dll LSP: mswsock.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPID.cab TCP: DhcpNameServer = 209.206.136.8 207.230.192.251 TCP: Interfaces\{62798B1D-B62C-43FE-91AD-343A086A0FE9} : DhcpNameServer = 209.206.136.8 207.230.192.251 BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll mRun-x64: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL mRun-x64: [CTHelper] CTHELPER.EXE mRun-x64: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRunOnce-x64: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Bernice\AppData\Roaming\Mozilla\Firefox\Profiles\r60pnj1e.default\ FF - prefs.js: browser.startup.homepage - about:blank FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll FF - plugin: C:\Program Files\Mozilla Firefox\plugins\np_gp.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll . ---- FIREFOX POLICIES ---- FF - user.js: yahoo.ytff.general.dontshowhpoffer - true ============= SERVICES / DRIVERS =============== . R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928] R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-2-7 655944] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256] R3 COMMONFX.SYS;COMMONFX.SYS;C:\Windows\system32\drivers\COMMONFX.SYS --> C:\Windows\system32\drivers\COMMONFX.SYS [?] R3 CTAUDFX.SYS;CTAUDFX.SYS;C:\Windows\system32\drivers\CTAUDFX.SYS --> C:\Windows\system32\drivers\CTAUDFX.SYS [?] R3 CTSBLFX.SYS;CTSBLFX.SYS;C:\Windows\system32\drivers\CTSBLFX.SYS --> C:\Windows\system32\drivers\CTSBLFX.SYS [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-4 250056] S3 COMMONFX;COMMONFX;C:\Windows\system32\drivers\COMMONFX.SYS --> C:\Windows\system32\drivers\COMMONFX.SYS [?] S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-12-20 79360] S3 CTAUDFX;CTAUDFX;C:\Windows\system32\drivers\CTAUDFX.SYS --> C:\Windows\system32\drivers\CTAUDFX.SYS [?] S3 CTERFXFX.SYS;CTERFXFX.SYS;C:\Windows\system32\drivers\CTERFXFX.SYS --> C:\Windows\system32\drivers\CTERFXFX.SYS [?] S3 CTERFXFX;CTERFXFX;C:\Windows\system32\drivers\CTERFXFX.SYS --> C:\Windows\system32\drivers\CTERFXFX.SYS [?] S3 CTSBLFX;CTSBLFX;C:\Windows\system32\drivers\CTSBLFX.SYS --> C:\Windows\system32\drivers\CTSBLFX.SYS [?] S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe [2011-2-19 25832] S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232] S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-28 113120] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] . =============== Created Last 30 ================ . 2012-08-10 22:59:31 20480 ------w- C:\Windows\svchost.exe 2012-08-10 01:25:38 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA% 2012-08-07 07:16:06 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B033D555-B4ED-4EDC-9523-66351C4A87D4}\offreg.dll 2012-08-07 07:15:08 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B033D555-B4ED-4EDC-9523-66351C4A87D4}\mpengine.dll . ==================== Find3M ==================== . 2012-08-03 06:20:13 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-08-03 06:20:13 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-07-03 17:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-06-12 03:02:52 3147264 ----a-w- C:\Windows\System32\win32k.sys 2012-06-06 05:50:50 2003968 ----a-w- C:\Windows\System32\msxml6.dll 2012-06-06 05:50:50 1880064 ----a-w- C:\Windows\System32\msxml3.dll 2012-06-06 05:09:46 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll 2012-06-06 05:09:46 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll 2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll 2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll 2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe 2012-06-02 05:38:26 95088 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2012-06-02 05:38:24 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2012-06-02 05:37:45 459216 ----a-w- C:\Windows\System32\drivers\cng.sys 2012-06-02 05:27:02 340992 ----a-w- C:\Windows\System32\schannel.dll 2012-06-02 05:27:00 307200 ----a-w- C:\Windows\System32\ncrypt.dll 2012-06-02 04:48:39 22016 ----a-w- C:\Windows\SysWow64\secur32.dll 2012-06-02 04:48:35 225280 ----a-w- C:\Windows\SysWow64\schannel.dll 2012-06-02 04:47:31 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll 2012-06-02 04:42:51 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll 2012-05-31 16:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe 2012-05-15 03:56:59 1197568 ----a-w- C:\Windows\System32\wininet.dll 2012-05-15 03:08:48 981504 ----a-w- C:\Windows\SysWow64\wininet.dll . ============= FINISH: 19:32:19.71 =============== And . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 12/20/2010 6:52:34 PM System Uptime: 8/10/2012 6:58:16 PM (1 hours ago) . Motherboard: ASUSTeK Computer INC. | | P5N-D Processor: Intel® Core2 Duo CPU E6850 @ 3.00GHz | Socket 775 | 3000/333mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 596 GiB total, 454.926 GiB free. D: is CDROM () E: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: Description: Device ID: PCI\VEN_1102&DEV_7003&SUBSYS_00401102&REV_04\4&14591D7E&0&3180 Manufacturer: Name: PNP Device ID: PCI\VEN_1102&DEV_7003&SUBSYS_00401102&REV_04\4&14591D7E&0&3180 Service: . ==== System Restore Points =================== . RP243: 7/17/2012 5:22:19 AM - Windows Update RP245: 7/17/2012 8:39:22 PM - Windows Defender Checkpoint RP246: 7/24/2012 3:17:58 AM - Windows Update RP247: 7/24/2012 11:30:24 PM - Installed calibre RP248: 7/31/2012 3:14:11 AM - Windows Update RP249: 8/7/2012 3:14:23 AM - Windows Update . ==== Installed Programs ====================== . Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.3) calibre City of Heroes CoffeeCup Free FTP Coupon Printer for Windows Creative Audio Console Creative Software AutoUpdate Diablo III Dragon Age: Origins GIMP 2.6.11 Google Talk (remove only) Hoyle Card Games 5 Java Auto Updater Java 6 Update 31 Malwarebytes Anti-Malware version 1.62.0.1300 McAfee Security Scan Plus Microsoft Silverlight Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 mIRC Mozilla Firefox 14.0.1 (x86 en-US) Mozilla Maintenance Service Mumble 1.2.3 NCsoft Launcher NVIDIA ForceWare Network Access Manager NVIDIA PhysX NVIDIA Stereoscopic 3D Driver OpenAL OpenOffice.org 3.2 PDF to ePub Converter 2.2.3 Pegasus Mail Pegasus Mail HTML Renderer 2.4.0.3 PhotoFiltre Picasa 3 Realtek High Definition Audio Driver Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Ventrilo Client VirtualCloneDrive World of Warcraft Beta Yahoo! Messenger . ==== Event Viewer Messages From Past Week ======== . 8/10/2012 6:59:40 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891 8/10/2012 6:59:40 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891 . ==== End Of File =========================== RogueKiller V7.6.6 [08/10/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7600 ) 64 bits version Started in : Normal mode User: Bernice [Admin rights] Mode: Scan -- Date: 08/10/2012 19:35:09 ¤¤¤ Bad processes: 1 ¤¤¤ [sVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc] ¤¤¤ Registry Entries: 2 ¤¤¤ [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ [ZeroAccess][FILE] @ : c:\windows\installer\{1f47eb10-4447-ed96-c74a-469d77c68f8d}\@ --> FOUND [ZeroAccess][FOLDER] U : c:\windows\installer\{1f47eb10-4447-ed96-c74a-469d77c68f8d}\U --> FOUND [ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_32\desktop.ini --> FOUND [ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_64\desktop.ini --> FOUND [susp.ASLR][ASLR WIPED-OFF] services.exe : c:\windows\system32\services.exe --> FOUND ¤¤¤ Driver: [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ZeroAccess ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD64 01AALS-00E8B SCSI Disk Device +++++ --- User --- [MBR] de56085bf42185de9de7ddf70a5ddde3 [bSP] f7e93078e80b07ffdd0bd575fae681f7 : Windows 7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 610378 Mo User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[1].txt >> RKreport[1].txt I hope I did all this correctly, Bernice
  22. I'm having difficulties removing these... This is the log when I finish with Malwarebytes Anti-malware Malwarebytes Anti-Malware (Trial) 1.62.0.1300 www.malwarebytes.org Database version: v2012.08.10.08 Windows 7 x64 NTFS Internet Explorer 8.0.7600.16385 Bernice :: BERNICE-PC [administrator] Protection: Enabled 8/10/2012 7:00:04 PM mbam-log-2012-08-10 (19-00-04).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 206292 Time elapsed: 2 minute(s), 54 second(s) Memory Processes Detected: 1 C:\Windows\svchost.exe (Trojan.Agent) -> 2760 -> Delete on reboot. Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 4 C:\Windows\Installer\{1f47eb10-4447-ed96-c74a-469d77c68f8d}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully. C:\Windows\Installer\{1f47eb10-4447-ed96-c74a-469d77c68f8d}\U\000000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully. C:\Windows\Installer\{1f47eb10-4447-ed96-c74a-469d77c68f8d}\U\80000032.@ (Rootkit.0Access) -> Quarantined and deleted successfully. C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot. (end)
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.