ijack1286

I believe that may have done it. Malwarebyte is not constantly detecting something anymore and no longer have the redirects! Thank you so much .

MiniToolBox by Farbar Version: 18-01-2012 Ran by Isaac (administrator) on 07-04-2012 at 13:54:31 Microsoft Windows 7 Home Premium Service Pack 1 (X64) Boot Mode: Normal *************************************************************************** ========================= Flush DNS: =================================== Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========================= IE Proxy Settings: ============================== Proxy is not enabled. No Proxy Server is set. "Reset IE Proxy Settings": IE Proxy Settings were reset. ========================= FF Proxy Settings: ============================== "network.proxy.no_proxies_on", "" "network.proxy.type", 0 "Reset FF Proxy Settings": Firefox Proxy settings were reset. ========================= Hosts content: ================================= 127.0.0.1 localhost ========================= IP Configuration: ================================ Atheros AR9285 Wireless Network Adapter = Wireless Network Connection (Connected) Atheros AR8152/8158 PCI-E Fast Ethernet Controller (NDIS 6.20) = Local Area Connection (Media disconnected) # ---------------------------------- # IPv4 Configuration # ---------------------------------- pushd interface ipv4 reset set global set subinterface interface=?3 subinterface=ethernet_6 mtu=1477 popd # End of IPv4 configuration Windows IP Configuration Host Name . . . . . . . . . . . . : Isaac-PC Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Broadcast IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No Wireless LAN adapter Wireless Network Connection: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Atheros AR9285 Wireless Network Adapter Physical Address. . . . . . . . . : 68-A3-C4-57-CF-EB DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::f0bc:cf23:7f34:ceeb%14(Preferred) IPv4 Address. . . . . . . . . . . : 192.168.1.100(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : Friday, April 06, 2012 5:19:35 PM Lease Expires . . . . . . . . . . : Sunday, April 08, 2012 1:08:08 PM Default Gateway . . . . . . . . . : 192.168.1.1 DHCP Server . . . . . . . . . . . : 192.168.1.1 DHCPv6 IAID . . . . . . . . . . . : 375956420 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-1B-54-24-B8-70-F4-07-A1-DE DNS Servers . . . . . . . . . . . : 24.205.224.36 24.205.192.61 68.116.46.115 NetBIOS over Tcpip. . . . . . . . : Enabled Ethernet adapter Local Area Connection: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Isaac Description . . . . . . . . . . . : Atheros AR8152/8158 PCI-E Fast Ethernet Controller (NDIS 6.20) Physical Address. . . . . . . . . : B8-70-F4-07-A1-DE DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Tunnel adapter isatap.{BCEA6C5C-A4EE-41C0-858B-79FB21955A32}: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter isatap.Isaac: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2 Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Teredo Tunneling Pseudo-Interface: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:28a2:3678:b47f:ecea(Preferred) Link-local IPv6 Address . . . . . : fe80::28a2:3678:b47f:ecea%15(Preferred) Default Gateway . . . . . . . . . : :: NetBIOS over Tcpip. . . . . . . . : Disabled Server: vip01snloca.snlo.ca.charter.com Address: 24.205.224.36 Name: google.com Addresses: 74.125.224.134 74.125.224.130 74.125.224.128 74.125.224.142 74.125.224.133 74.125.224.129 74.125.224.137 74.125.224.132 74.125.224.131 74.125.224.135 74.125.224.136 Pinging google.com [74.125.224.32] with 32 bytes of data: Reply from 74.125.224.32: bytes=32 time=13ms TTL=55 Reply from 74.125.224.32: bytes=32 time=23ms TTL=55 Ping statistics for 74.125.224.32: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 13ms, Maximum = 23ms, Average = 18ms Server: vip01snloca.snlo.ca.charter.com Address: 24.205.224.36 Name: yahoo.com Addresses: 98.139.183.24 209.191.122.70 72.30.38.140 Pinging yahoo.com [209.191.122.70] with 32 bytes of data: Reply from 209.191.122.70: bytes=32 time=60ms TTL=51 Reply from 209.191.122.70: bytes=32 time=65ms TTL=51 Ping statistics for 209.191.122.70: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 60ms, Maximum = 65ms, Average = 62ms Server: vip01snloca.snlo.ca.charter.com Address: 24.205.224.36 Name: bleepingcomputer.com Address: 208.43.87.2 Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data: Reply from 208.43.87.2: Destination host unreachable. Reply from 208.43.87.2: Destination host unreachable. Ping statistics for 208.43.87.2: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Pinging 127.0.0.1 with 32 bytes of data: Reply from 127.0.0.1: bytes=32 time=3ms TTL=128 Reply from 127.0.0.1: bytes=32 time=1ms TTL=128 Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 1ms, Maximum = 3ms, Average = 2ms =========================================================================== Interface List 14...68 a3 c4 57 cf eb ......Atheros AR9285 Wireless Network Adapter 12...b8 70 f4 07 a1 de ......Atheros AR8152/8158 PCI-E Fast Ethernet Controller (NDIS 6.20) 1...........................Software Loopback Interface 1 17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter 18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2 15...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface =========================================================================== IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.100 25 127.0.0.0 255.0.0.0 On-link 127.0.0.1 306 127.0.0.1 255.255.255.255 On-link 127.0.0.1 306 127.255.255.255 255.255.255.255 On-link 127.0.0.1 306 192.168.1.0 255.255.255.0 On-link 192.168.1.100 281 192.168.1.100 255.255.255.255 On-link 192.168.1.100 281 192.168.1.255 255.255.255.255 On-link 192.168.1.100 281 224.0.0.0 240.0.0.0 On-link 127.0.0.1 306 224.0.0.0 240.0.0.0 On-link 192.168.1.100 281 255.255.255.255 255.255.255.255 On-link 127.0.0.1 306 255.255.255.255 255.255.255.255 On-link 192.168.1.100 281 =========================================================================== Persistent Routes: None IPv6 Route Table =========================================================================== Active Routes: If Metric Network Destination Gateway 15 58 ::/0 On-link 1 306 ::1/128 On-link 15 58 2001::/32 On-link 15 306 2001:0:4137:9e76:28a2:3678:b47f:ecea/128 On-link 14 281 fe80::/64 On-link 15 306 fe80::/64 On-link 15 306 fe80::28a2:3678:b47f:ecea/128 On-link 14 281 fe80::f0bc:cf23:7f34:ceeb/128 On-link 1 306 ff00::/8 On-link 15 306 ff00::/8 On-link 14 281 ff00::/8 On-link =========================================================================== Persistent Routes: None ========================= Winsock entries ===================================== Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation) Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation) Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation) Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation) Catalog5 05 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation) Catalog5 06 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.) Catalog5 07 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.) Catalog5 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog5 09 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation) Catalog5 10 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation) x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation) x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation) x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation) x64-Catalog5 05 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation) x64-Catalog5 06 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.) x64-Catalog5 07 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [170880] (Microsoft Corp.) x64-Catalog5 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog5 09 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation) x64-Catalog5 10 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.) x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 11 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) ========================= Event log errors: =============================== Application errors: ================== Error: (04/06/2012 10:18:48 PM) (Source: Application Hang) (User: ) Description: The program chrome.exe version 18.0.1025.151 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 127c Start Time: 01cd14542a505cbe Termination Time: 5 Application Path: C:\Users\Isaac\AppData\Local\Google\Chrome\Application\chrome.exe Report Id: 1d7bbb7f-8071-11e1-b40f-b870f407a1de Error: (04/06/2012 01:57:59 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 1108 Error: (04/06/2012 01:57:59 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 1108 Error: (04/06/2012 01:57:59 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (04/06/2012 00:58:16 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 3432 Error: (04/06/2012 00:58:16 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 3432 Error: (04/06/2012 00:58:16 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (04/06/2012 00:58:15 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 2434 Error: (04/06/2012 00:58:15 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 2434 Error: (04/06/2012 00:58:15 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second System errors: ============= Error: (04/06/2012 03:15:27 PM) (Source: Microsoft Antimalware) (User: ) Description: %%860 Real-Time Protection feature has encountered an error and failed. Feature: %%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842 Error: (04/06/2012 03:14:47 PM) (Source: Service Control Manager) (User: ) Description: The McAfee SiteAdvisor Service service failed to start due to the following error: %%2 Error: (04/06/2012 02:14:58 PM) (Source: Service Control Manager) (User: ) Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (04/06/2012 02:14:25 PM) (Source: Application Popup) (User: ) Description: \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error: (04/06/2012 02:11:44 PM) (Source: Service Control Manager) (User: ) Description: The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. Error: (04/05/2012 09:49:24 PM) (Source: Service Control Manager) (User: ) Description: The Steam Client Service service failed to start due to the following error: %%1053 Error: (04/05/2012 09:49:24 PM) (Source: Service Control Manager) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect. Error: (04/02/2012 07:07:01 PM) (Source: Microsoft Antimalware) (User: ) Description: %%860 Real-Time Protection feature has encountered an error and failed. Feature: %%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842 Error: (04/02/2012 07:06:32 PM) (Source: Service Control Manager) (User: ) Description: The McAfee SiteAdvisor Service service failed to start due to the following error: %%2 Error: (04/02/2012 06:22:38 PM) (Source: Service Control Manager) (User: ) Description: The McAfee SiteAdvisor Service service failed to start due to the following error: %%2 Microsoft Office Sessions: ========================= Error: (04/06/2012 10:18:48 PM) (Source: Application Hang)(User: ) Description: chrome.exe18.0.1025.151127c01cd14542a505cbe5C:\Users\Isaac\AppData\Local\Google\Chrome\Application\chrome.exe1d7bbb7f-8071-11e1-b40f-b870f407a1de Error: (04/06/2012 01:57:59 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 1108 Error: (04/06/2012 01:57:59 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledEvent 1108 Error: (04/06/2012 01:57:59 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (04/06/2012 00:58:16 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 3432 Error: (04/06/2012 00:58:16 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledEvent 3432 Error: (04/06/2012 00:58:16 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (04/06/2012 00:58:15 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 2434 Error: (04/06/2012 00:58:15 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledEvent 2434 Error: (04/06/2012 00:58:15 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: Continuously busy for more than a second =========================== Installed Programs ============================ µTorrent (Version: 3.1.3) Adobe Flash Player 11 Plugin 64-bit (Version: 11.2.202.228) Adobe Reader X (10.1.2) (Version: 10.1.2) Apple Application Support (Version: 2.1.7) Apple Mobile Device Support (Version: 5.1.1.4) Apple Software Update (Version: 2.1.3.127) Atheros Client Installation Program (Version: 7.0) Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (Version: 1.0.0.36) Audiosurf Awakening: The Dreamless Castle Bandisoft MPEG-1 Decoder Beat Hazard Big Fish Games: Game Manager (Version: 3.0.1.60) Bonjour (Version: 3.0.0.10) Borderlands Combined Community Codec Pack 2010-10-10 (Version: 2010.10.10.0) Conexant HD Audio (Version: 8.54.1.0) D3DX10 (Version: 15.4.2368.0902) DC Universe Online Defense Grid: The Awakening Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Digilent Software (Version: 1.0.189) DragonNest Dropbox (Version: 1.2.52) Dungeon Defenders e-Sword (Version: 10.00.0007) Energy Management (Version: 6.0.1.5) Flyff (Version: Flyff) Foxit Phantom (Version: 2.2.0225) GOM Player (Version: 2.1.28.5039) GOMTV Streamer (Version: 1.0.0.26) Google Chrome (Version: 18.0.1025.151) Guitar Pro 6 Intel® Control Center (Version: 1.2.1.1007) Intel® Management Engine Components (Version: 7.0.0.1144) Intel® Processor Graphics (Version: 8.15.10.2279) Intel® Rapid Storage Technology (Version: 10.1.2.1004) IrfanView (remove only) (Version: 4.32) iTunes (Version: 10.6.0.40) Java Auto Updater (Version: 2.0.7.1) Java 6 Update 31 (Version: 6.0.310) Junk Mail filter update (Version: 15.4.3502.0922) League of Legends (Version: 1.3) Lenovo Bluetooth with Enhanced Data Rate Software (Version: 6.3.0.7400) Lenovo DirectShare (Version: 1.0.1.38) Lenovo EasyCamera (Version: 1.10.1209.1) Lenovo EE Boot Optimizer (Version: 0.0.1.5) Lenovo Games Console (Version: 0.38.389.2) Lenovo OneKey Recovery (Version: 7.0.1628) Lenovo YouCam (Version: 3.1.3728) LG USB Modem driver LTspice IV Magic: The Gathering — Duels of the Planeswalkers 2012 Magicka Malwarebytes Anti-Malware version 1.60.1.1000 (Version: 1.60.1.1000) Mesh Runtime (Version: 15.4.5722.2) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft Antimalware (Version: 3.0.8402.2) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft IntelliType Pro 8.2 (Version: 8.20.469.0) Microsoft Office 2010 (Version: 14.0.4763.1000) Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office File Validation Add-In (Version: 14.0.5130.5003) Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000) Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000) Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000) Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000) Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Security Client (Version: 2.1.1116.0) Microsoft Security Essentials (Version: 2.1.1116.0) Microsoft Silverlight (Version: 4.1.10111.0) Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (Version: 9.0.30411) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161) MobileMe Control Panel (Version: 3.1.6.0) Mozilla Firefox 11.0 (x86 en-US) (Version: 11.0) MSVCRT (Version: 15.4.2862.0708) MSVCRT_amd64 (Version: 15.4.2862.0708) Nexon Game Manager Novarm DipTrace (Version: 2.2) ooVoo (Version: 2.2.4.25) OrCAD 16.5 Lite (Version: 16.50.001) Pando Media Booster (Version: 2.6.0.1) Pangya (Ntreev SG Interactive) PDFZilla V1.2.9 Peggle Deluxe Peggle Nights Plants vs. Zombies: Game of the Year Portal Power2Go (Version: 5.6.0.7108) QuickTime (Version: 7.71.80.42) Realtek USB 2.0 Reader Driver (Version: 6.1.7600.10001) Recettear: An Item Shop's Tale Skype™ 5.5 (Version: 5.5.124) StarCraft II (Version: 1.4.2.20141) Steam (Version: 1.0.0.0) Super Meat Boy Synaptics Pointing Device Driver (Version: 15.2.6.0) Team Fortress 2 TERA (Version: 1.30) Terraria TextPad 5 (Version: 5.4.2) Torchlight Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1) Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553092) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition Update for Microsoft Outlook Social Connector (KB2583935) UserGuide (Version: 1.0.0.6) Veetle TV (Version: 0.9.19) Ventrilo Client (Version: 3.0.8) VeriFace (Version: 4.0.0.1224) VLC media player 1.1.11 (Version: 1.1.11) VVVVVV Winamp (Version: 5.621 ) Winamp Detector Plug-in (Version: 1.0.0.1) Windows Driver Package - Lenovo (ACPIVPC) System (12/02/2010 6.1.0.1) (Version: 12/02/2010 6.1.0.1) Windows Live Communications Platform (Version: 15.4.3502.0922) Windows Live Essentials (Version: 15.4.3502.0922) Windows Live ID Sign-in Assistant (Version: 7.250.4225.0) Windows Live Installer (Version: 15.4.3502.0922) Windows Live Language Selector (Version: 15.4.3502.0922) Windows Live Mail (Version: 15.4.3502.0922) Windows Live Mesh (Version: 15.4.3502.0922) Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2) Windows Live Messenger (Version: 15.4.3502.0922) Windows Live MIME IFilter (Version: 15.4.3502.0922) Windows Live Movie Maker (Version: 15.4.3502.0922) Windows Live Photo Common (Version: 15.4.3502.0922) Windows Live Photo Gallery (Version: 15.4.3502.0922) Windows Live PIMT Platform (Version: 15.4.3502.0922) Windows Live Remote Client (Version: 15.4.5722.2) Windows Live Remote Client Resources (Version: 15.4.5722.2) Windows Live Remote Service (Version: 15.4.5722.2) Windows Live Remote Service Resources (Version: 15.4.5722.2) Windows Live SOXE (Version: 15.4.3502.0922) Windows Live SOXE Definitions (Version: 15.4.3502.0922) Windows Live UX Platform (Version: 15.4.3502.0922) Windows Live UX Platform Language Pack (Version: 15.4.3502.0922) Windows Live Writer (Version: 15.4.3502.0922) Windows Live Writer Resources (Version: 15.4.3502.0922) WinPcap 4.1.1 (Version: 4.1.0.1753) WinRAR 4.00 (32-bit) (Version: 4.00.0) Worms Reloaded Xilinx ISE Design Suite 13.4 (C:\Xilinx\13.4\ISE_DS) ========================= Devices: ================================ Name: Broadcom Bluetooth 2.1 USB Description: Broadcom Bluetooth 2.1 USB Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974} Manufacturer: Broadcom Service: BTHUSB Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ========================= Memory info: =================================== Percentage of memory in use: 49% Total physical RAM: 4039.86 MB Available physical RAM: 2023.88 MB Total Pagefile: 8077.91 MB Available Pagefile: 5757.53 MB Total Virtual: 4095.88 MB Available Virtual: 3959.89 MB ========================= Partitions: ===================================== 1 Drive c: () (Fixed) (Total:421.81 GB) (Free:84.33 GB) NTFS 2 Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:26.89 GB) NTFS ========================= Users: ======================================== User accounts for \\ISAAC-PC Administrator Guest Isaac ========================= Minidump Files ================================== No minidump file found **** End of log ****

ComboFix 12-04-06.03 - Isaac 04/06/2012 14:06:44.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4040.2325 [GMT -7:00] Running from: c:\users\Isaac\Downloads\ComboFix.exe AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\Install.exe c:\windows\s.bat . . ((((((((((((((((((((((((( Files Created from 2012-03-06 to 2012-04-06 ))))))))))))))))))))))))))))))) . . 2012-04-06 21:14 . 2012-04-06 21:14 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-04-06 19:46 . 2012-04-06 19:46 -------- d-----w- C:\RatSim 2012-04-06 16:55 . 2012-04-06 16:55 -------- d-s---w- c:\windows\SysWow64\Microsoft 2012-04-06 02:12 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{BA7C6298-F346-4601-8007-15EB99B103AD}\mpengine.dll 2012-04-05 22:28 . 2012-04-05 22:28 -------- d-----w- C:\OrCAD 2012-04-05 22:26 . 2012-04-05 22:26 -------- d-----w- C:\SPB_Data 2012-04-05 18:48 . 2012-04-05 18:48 -------- d-----w- c:\users\Isaac\AppData\Local\Adobe 2012-04-03 23:10 . 2012-04-03 23:10 -------- d-----w- c:\program files (x86)\Common Files\Adobe 2012-04-02 19:05 . 2012-04-02 19:05 -------- d-----w- c:\users\Isaac\DoctorWeb 2012-04-02 08:16 . 2012-04-02 08:16 -------- d-----w- c:\program files (x86)\Common Files\Java 2012-04-02 08:04 . 2012-04-03 02:06 -------- d-----w- c:\program files (x86)\PC Tools Security 2012-03-30 19:32 . 2012-03-30 19:32 -------- d-----w- c:\users\Isaac\AppData\Local\ElevatedDiagnostics 2012-03-29 07:58 . 2012-03-29 07:58 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-03-29 07:49 . 2012-03-29 07:49 -------- d-----w- c:\users\Isaac\AppData\Roaming\Malwarebytes 2012-03-29 07:48 . 2012-03-29 07:48 -------- d-----w- c:\programdata\Malwarebytes 2012-03-29 07:48 . 2012-03-29 07:48 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-03-29 07:48 . 2011-12-10 22:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-03-24 23:05 . 2012-03-24 23:05 -------- d-----w- c:\program files\Linksys 2012-03-24 22:56 . 2012-04-06 16:56 -------- d-----w- c:\programdata\Pure Networks 2012-03-23 06:25 . 2012-03-23 06:25 -------- d-----w- c:\users\Public\Games 2012-03-23 06:24 . 2012-03-23 06:26 -------- d-----w- c:\users\Isaac\AppData\Local\TERA 2012-03-19 04:18 . 2012-03-19 04:19 -------- d-----w- c:\users\Isaac\AppData\Roaming\Ventrilo 2012-03-19 04:18 . 2012-03-19 04:18 -------- d-----w- c:\program files (x86)\Ventrilo 2012-03-19 04:17 . 2012-03-19 04:17 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard 2012-03-15 10:03 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-03-15 10:03 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-03-15 10:03 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-03-14 15:43 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys 2012-03-14 15:43 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll 2012-03-14 15:43 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll 2012-03-14 15:38 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll 2012-03-14 15:38 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll 2012-03-14 15:38 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-03-14 15:38 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys 2012-03-14 15:37 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll 2012-03-14 15:37 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-03-14 15:37 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-03-10 00:44 . 2012-03-10 00:44 -------- d-----w- c:\program files\iPod 2012-03-10 00:44 . 2012-03-10 00:45 -------- d-----w- c:\program files\iTunes 2012-03-10 00:44 . 2012-03-10 00:45 -------- d-----w- c:\program files (x86)\iTunes 2012-03-10 00:29 . 2012-03-10 00:29 -------- d-----w- c:\program files\Microsoft IntelliType Pro 2012-03-09 05:46 . 2012-03-09 05:46 -------- d-----w- c:\users\Isaac\AppData\Roaming\Boomzap 2012-03-09 05:44 . 2012-03-09 05:45 -------- d-----w- c:\program files (x86)\Awakening - The Dreamless Castle 2012-03-09 05:42 . 2012-03-09 05:42 -------- d-----w- c:\programdata\Big Fish Games 2012-03-09 05:42 . 2012-03-09 05:42 -------- d-----w- c:\program files (x86)\bfgclient 2012-03-09 05:42 . 2012-03-09 14:43 -------- d-----w- C:\BigFishGamesCache . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-04-02 08:16 . 2011-09-29 23:37 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-03-29 07:58 . 2011-12-25 03:04 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-03-14 03:27 . 2011-05-27 18:31 8669240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-02-11 01:45 . 2012-02-11 01:45 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F52BB44D-065B-49FA-A18D-4009FC328F5A}\gapaengine.dll 2012-01-31 12:44 . 2011-05-27 17:36 279656 ------w- c:\windows\system32\MpSigStub.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 94208 ----a-w- c:\users\Isaac\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 94208 ----a-w- c:\users\Isaac\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 94208 ----a-w- c:\users\Isaac\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-01-12 283160] "UpdateP2GShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2010-07-26 222504] "YouCam Mirage"="c:\program files (x86)\Lenovo\YouCam\YCMMirage.exe" [2011-01-28 136488] "UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504] "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656] "WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-07-11 74752] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-07 421736] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] . c:\users\Isaac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Isaac\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216] OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "mixer2"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [x] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 253600] R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [x] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x] R3 dump_wmimmc;dump_wmimmc;c:\program files\Gpotato\Flyff\GameGuard\dump_wmimmc.sys [x] R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x] R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880] R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-28 288272] R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys [x] S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys [x] S1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-12 13336] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360] S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-21 2656280] S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [x] S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x] S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x] S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] S3 SPUVCbv;SPUVCb Driver Service;c:\windows\system32\Drivers\usbvideo.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - 00476473 *Deregistered* - 00476473 *Deregistered* - pnarp *Deregistered* - purendis . Contents of the 'Scheduled Tasks' folder . 2012-04-06 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 07:58] . 2012-04-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1978627538-4216834353-2571826296-1000Core.job - c:\users\Isaac\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-27 08:04] . 2012-04-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1978627538-4216834353-2571826296-1000UA.job - c:\users\Isaac\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-27 08:04] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 97792 ----a-w- c:\users\Isaac\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 97792 ----a-w- c:\users\Isaac\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 97792 ----a-w- c:\users\Isaac\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 97792 ----a-w- c:\users\Isaac\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc] @="{771C7324-DA80-49D3-8017-753B0AF60951}" [HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}] 2011-03-23 07:23 1508192 ----a-w- c:\windows\System32\IcnOvrly.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-09-01 167704] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-09-01 392472] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-09-01 416024] "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-11 1873256] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uStart Page = hxxp://lenovo.msn.com uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://lenovo.msn.com mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: Send image to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com TCP: DhcpNameServer = 129.65.16.254 129.65.21.254 FF - ProfilePath - c:\users\Isaac\AppData\Roaming\Mozilla\Firefox\Profiles\rni0klpa.default\ FF - prefs.js: network.proxy.type - 0 FF - user.js: general.useragent.extra.brc - . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) HKLM_Wow6432Node-ActiveSetup-OrCAD_16.5 - c:\orcad\OrCAD_16.5_Lite\tools\ConfigUtility\CheckOrCAD165.vbs Toolbar-Locked - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1978627538-4216834353-2571826296-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{CF025F21-4089-4FD3-C2CB-8F14F2CC0F31}*] "hagboebbcabmbjjb"=hex:61,61,00,00 "iackmoefjidiigjdhl"=hex:6b,61,67,6e,6c,62,6f,6d,6c,6b,67,6f,70,6b,62,64,6a,67, 6c,64,68,6e,00,05 "haijcmhlmflnieap"=hex:6b,61,67,6e,6c,62,6f,6d,6c,6b,67,6f,70,6b,62,64,6a,67, 6c,64,68,6e,00,05 "hagboebbmapfaodo"=hex:61,61,00,00 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-04-06 14:16:59 ComboFix-quarantined-files.txt 2012-04-06 21:16 . Pre-Run: 91,117,817,856 bytes free Post-Run: 91,137,916,928 bytes free . - - End Of File - - 9111BC0049C47D511B1EF45A72BB5DA3

. UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 5/27/2011 12:57:46 AM System Uptime: 4/5/2012 2:02:48 AM (31 hours ago) . Motherboard: LENOVO | | Base Board Product Name Processor: Intel® Core i5-2410M CPU @ 2.30GHz | CPU1 | 2301/1333mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 422 GiB total, 85.198 GiB free. D: is FIXED (NTFS) - 29 GiB total, 26.886 GiB free. F: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974} Description: Broadcom Bluetooth 2.1 USB Device ID: USB\VID_0489&PID_E00D\EC55F9EA3C23 Manufacturer: Broadcom Name: Broadcom Bluetooth 2.1 USB PNP Device ID: USB\VID_0489&PID_E00D\EC55F9EA3C23 Service: BTHUSB . ==== System Restore Points =================== . RP157: 3/30/2012 9:44:49 AM - Windows Update RP158: 4/2/2012 1:14:25 AM - Installed Java 6 Update 31 RP159: 4/3/2012 9:44:56 AM - Windows Update RP160: 4/5/2012 3:28:19 PM - Installed OrCAD 16.5 Lite . ==== Installed Programs ====================== . Adobe Reader X (10.1.2) Apple Application Support Apple Software Update Atheros Client Installation Program Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver Audiosurf Awakening: The Dreamless Castle Bandisoft MPEG-1 Decoder Beat Hazard Big Fish Games: Game Manager Borderlands Cheat Engine 6.1 Cisco Network Magic Combined Community Codec Pack 2010-10-10 D3DX10 DC Universe Online Defense Grid: The Awakening Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Digilent Software DragonNest Dropbox Dungeon Defenders e-Sword Energy Management Flyff Foxit Phantom GOM Player GOMTV Streamer Google Chrome Guitar Pro 6 Intel® Control Center Intel® Management Engine Components Intel® Processor Graphics Intel® Rapid Storage Technology IrfanView (remove only) Java Auto Updater Java 6 Update 31 Junk Mail filter update League of Legends Lenovo DirectShare Lenovo EasyCamera Lenovo Games Console Lenovo OneKey Recovery Lenovo YouCam LG USB Modem driver LTspice IV Magic: The Gathering — Duels of the Planeswalkers 2012 Magicka Malwarebytes Anti-Malware version 1.60.1.1000 Mesh Runtime Microsoft Office 2010 Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office File Validation Add-In Microsoft Office Groove MUI (English) 2010 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Word MUI (English) 2010 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Mozilla Firefox 11.0 (x86 en-US) MSVCRT MSVCRT_amd64 Network Magic Nexon Game Manager Novarm DipTrace ooVoo OrCAD 16.5 Lite Pando Media Booster Pangya (Ntreev SG Interactive) PDFZilla V1.2.9 Peggle Deluxe Peggle Nights Plants vs. Zombies: Game of the Year Portal Power2Go Pure Networks Platform QuickTime Realtek USB 2.0 Reader Driver Recettear: An Item Shop's Tale Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition Security Update for Microsoft SharePoint Workspace 2010 (KB2566445) Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition Skype™ 5.5 StarCraft II Steam Super Meat Boy Team Fortress 2 TERA Terraria TextPad 5 Torchlight Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553092) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition Update for Microsoft Outlook Social Connector (KB2583935) UserGuide Veetle TV Ventrilo Client VeriFace VLC media player 1.1.11 VVVVVV Winamp Winamp Detector Plug-in Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources WinPcap 4.1.1 WinRAR 4.00 (32-bit) Worms Reloaded . ==== Event Viewer Messages From Past Week ======== . 4/5/2012 9:49:24 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect. 4/5/2012 9:49:24 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 4/2/2012 7:07:01 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection. 4/2/2012 7:06:32 PM, Error: Service Control Manager [7000] - The McAfee SiteAdvisor Service service failed to start due to the following error: The system cannot find the file specified. 4/2/2012 5:53:48 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 4/2/2012 5:53:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 4/2/2012 5:53:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 4/2/2012 5:53:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 4/2/2012 5:53:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 4/2/2012 5:53:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 4/2/2012 5:53:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 4/2/2012 5:53:22 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BPntDrv DfsC discache MpFilter NetBIOS NetBT nsiproxy PCTSD Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf 4/2/2012 5:53:22 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 4/2/2012 5:53:22 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 4/2/2012 5:53:22 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 4/2/2012 5:53:22 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 4/2/2012 5:53:22 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 4/2/2012 5:53:22 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning. 4/2/2012 5:53:22 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 4/2/2012 5:53:22 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 4/2/2012 5:53:22 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 3/30/2012 3:23:15 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection. 3/30/2012 3:19:59 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 3/30/2012 3:08:58 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 3/30/2012 3:06:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service iPod Service with arguments "" in order to run the server: {063D34A4-BF84-4B8D-B699-E8CA06504DDE} 3/30/2012 12:00:12 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BPntDrv discache MpFilter spldr Wanarpv6 . ==== End Of File ===========================

. DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31 Run by Isaac at 9:51:26 on 2012-04-06 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4040.2017 [GMT -7:00] . AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\windows\system32\wininit.exe C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\svchost.exe -k RPCSS c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\svchost.exe -k NetworkService C:\windows\System32\spoolsv.exe C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe C:\windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe C:\windows\system32\taskhost.exe C:\windows\Explorer.EXE c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe C:\Program Files (x86)\Winamp\winampa.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Windows Media Player\wmpnetwk.exe C:\windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files\iPod\bin\iPodService.exe C:\windows\system32\DllHost.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\windows\system32\SearchIndexer.exe C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\Users\Isaac\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\windows\system32\svchost.exe -k SDRSVC C:\windows\system32\taskhost.exe C:\Users\Isaac\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Isaac\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Isaac\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Isaac\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Isaac\AppData\Local\Google\Chrome\Application\chrome.exe C:\windows\SysWOW64\rundll32.exe C:\Users\Isaac\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Isaac\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Isaac\AppData\Local\Google\Chrome\Application\chrome.exe C:\windows\system32\wbem\wmiprvse.exe C:\windows\servicing\TrustedInstaller.exe C:\Users\Isaac\AppData\Local\Google\Chrome\Application\chrome.exe C:\windows\system32\DllHost.exe C:\windows\system32\DllHost.exe C:\windows\SysWOW64\cmd.exe C:\windows\system32\conhost.exe C:\windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://lenovo.msn.com mStart Page = hxxp://lenovo.msn.com uInternet Settings,ProxyOverride = *.local mWinlogon: Userinit=userinit.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll uRun: [Google Update] "C:\Users\Isaac\AppData\Local\Google\Update\GoogleUpdate.exe" /c mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun: [updateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0" mRun: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe" mRun: [updatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery" mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" mRun: [nmapp] "C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" StartupFolder: C:\Users\Isaac\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Isaac\AppData\Roaming\Dropbox\bin\Dropbox.exe StartupFolder: C:\Users\Isaac\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: Send image to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm IE: Send page to &Bluetooth Device... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab TCP: DhcpNameServer = 24.205.224.36 24.205.192.61 68.116.46.115 TCP: Interfaces\{4DFDA558-14AD-4D2E-9F7D-598306404A19} : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{BCEA6C5C-A4EE-41C0-858B-79FB21955A32} : DhcpNameServer = 24.205.224.36 24.205.192.61 68.116.46.115 TCP: Interfaces\{BCEA6C5C-A4EE-41C0-858B-79FB21955A32}\44F6E6470235475616C602D4970294E6475627E65647 : DhcpNameServer = 24.205.224.36 24.205.192.61 68.116.46.115 TCP: Interfaces\{BCEA6C5C-A4EE-41C0-858B-79FB21955A32}\C6F6C6775747 : DhcpNameServer = 192.168.1.1 24.205.224.36 24.205.192.61 TCP: Interfaces\{BCEA6C5C-A4EE-41C0-858B-79FB21955A32}\D4F63686561647F6 : DhcpNameServer = 24.205.224.36 24.205.192.61 68.116.46.115 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL mASetup: OrCAD_16.5 - C:\OrCAD\OrCAD_16.5_Lite\tools\ConfigUtility\CheckOrCAD165.vbs BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO-X64: Yontoo Layers: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll BHO-X64: Yontoo Layers - No File mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun-x64: [updateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0" mRun-x64: [YouCam Mirage] "C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe" mRun-x64: [updatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery" mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" mRun-x64: [nmapp] "C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Isaac\AppData\Roaming\Mozilla\Firefox\Profiles\rni0klpa.default\ FF - prefs.js: network.proxy.type - 0 FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npvsharetvplg.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll FF - plugin: C:\Users\Isaac\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll . ---- FIREFOX POLICIES ---- . FF - user.js: general.useragent.extra.brc - . ============= SERVICES / DRIVERS =============== . R0 fbfmon;fbfmon;C:\windows\system32\drivers\fbfmon.sys --> C:\windows\system32\drivers\fbfmon.sys [?] R0 LHDmgr;LHDmgr;C:\windows\system32\DRIVERS\LhdX64.sys --> C:\windows\system32\DRIVERS\LhdX64.sys [?] R1 BPntDrv;BPntDrv;C:\windows\system32\drivers\BPntDrv.sys --> C:\windows\system32\drivers\BPntDrv.sys [?] R1 MpFilter;Microsoft Malware Protection Driver;C:\windows\system32\DRIVERS\MpFilter.sys --> C:\windows\system32\DRIVERS\MpFilter.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-3-22 13336] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-3-29 652360] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-3-23 2656280] R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\system32\DRIVERS\AcpiVpc.sys --> C:\windows\system32\DRIVERS\AcpiVpc.sys [?] R3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\system32\DRIVERS\clwvd.sys --> C:\windows\system32\DRIVERS\clwvd.sys [?] R3 IntcDAud;Intel® Display Audio;C:\windows\system32\DRIVERS\IntcDAud.sys --> C:\windows\system32\DRIVERS\IntcDAud.sys [?] R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\system32\DRIVERS\L1C62x64.sys --> C:\windows\system32\DRIVERS\L1C62x64.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\windows\system32\drivers\mbam.sys --> C:\windows\system32\drivers\mbam.sys [?] R3 MEIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?] R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\windows\system32\DRIVERS\MpNWMon.sys --> C:\windows\system32\DRIVERS\MpNWMon.sys [?] R3 NisDrv;Microsoft Network Inspection System;C:\windows\system32\DRIVERS\NisDrvWFP.sys --> C:\windows\system32\DRIVERS\NisDrvWFP.sys [?] R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272] R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] R3 SPUVCbv;SPUVCb Driver Service;C:\windows\system32\Drivers\usbvideo.sys --> C:\windows\system32\Drivers\usbvideo.sys [?] S2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe --> c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [?] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-3-29 253600] S3 BTWAMPFL;BTWAMPFL;C:\windows\system32\DRIVERS\btwampfl.sys --> C:\windows\system32\DRIVERS\btwampfl.sys [?] S3 btwl2cap;Bluetooth L2CAP Service;C:\windows\system32\DRIVERS\btwl2cap.sys --> C:\windows\system32\DRIVERS\btwl2cap.sys [?] S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\windows\system32\DRIVERS\k57nd60a.sys --> C:\windows\system32\DRIVERS\k57nd60a.sys [?] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880] S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\windows\system32\DRIVERS\netw5v64.sys --> C:\windows\system32\DRIVERS\netw5v64.sys [?] S3 npggsvc;nProtect GameGuard Service;C:\windows\system32\GameMon.des -service --> C:\windows\system32\GameMon.des -service [?] S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUVStor.sys --> C:\windows\system32\Drivers\RtsUVStor.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?] S3 wsvd;wsvd;C:\windows\system32\DRIVERS\wsvd.sys --> C:\windows\system32\DRIVERS\wsvd.sys [?] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2012-04-06 02:12:46 8669240 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{BA7C6298-F346-4601-8007-15EB99B103AD}\mpengine.dll 2012-04-05 22:28:51 -------- d-----w- C:\OrCAD 2012-04-05 22:26:46 -------- d-----w- C:\SPB_Data 2012-04-05 18:48:31 -------- d-----w- C:\Users\Isaac\AppData\Local\Adobe 2012-04-02 19:05:00 -------- d-----w- C:\Users\Isaac\DoctorWeb 2012-04-02 08:04:37 -------- d-----w- C:\Program Files (x86)\PC Tools Security 2012-03-30 19:32:31 -------- d-----w- C:\Users\Isaac\AppData\Local\ElevatedDiagnostics 2012-03-29 07:58:28 418464 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe 2012-03-29 07:49:03 -------- d-----w- C:\Users\Isaac\AppData\Roaming\Malwarebytes 2012-03-29 07:48:53 -------- d-----w- C:\ProgramData\Malwarebytes 2012-03-29 07:48:52 23152 ----a-w- C:\windows\System32\drivers\mbam.sys 2012-03-29 07:48:52 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-03-25 05:09:48 -------- d-----w- C:\Program Files (x86)\Pure Networks 2012-03-25 05:06:57 -------- d-----w- C:\Program Files (x86)\Common Files\Pure Networks Shared 2012-03-24 23:05:20 -------- d-----w- C:\Program Files\Linksys 2012-03-24 22:57:01 33328 ----a-w- C:\windows\System32\drivers\pnarp.sys 2012-03-24 22:56:56 35376 ----a-w- C:\windows\System32\drivers\purendis.sys 2012-03-24 22:56:01 -------- d-----w- C:\ProgramData\Pure Networks 2012-03-23 06:24:55 -------- d-----w- C:\Users\Isaac\AppData\Local\TERA 2012-03-19 04:18:27 -------- d-----w- C:\Program Files (x86)\Ventrilo 2012-03-19 04:17:20 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard 2012-03-15 10:03:54 5559152 ----a-w- C:\windows\System32\ntoskrnl.exe 2012-03-15 10:03:53 3968368 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe 2012-03-15 10:03:53 3913584 ----a-w- C:\windows\SysWow64\ntoskrnl.exe 2012-03-14 15:43:13 3145728 ----a-w- C:\windows\System32\win32k.sys 2012-03-14 15:43:12 1544192 ----a-w- C:\windows\System32\DWrite.dll 2012-03-14 15:43:12 1077248 ----a-w- C:\windows\SysWow64\DWrite.dll 2012-03-14 15:38:04 826880 ----a-w- C:\windows\SysWow64\rdpcore.dll 2012-03-14 15:38:04 1031680 ----a-w- C:\windows\System32\rdpcore.dll 2012-03-14 15:38:03 23552 ----a-w- C:\windows\System32\drivers\tdtcp.sys 2012-03-14 15:38:03 210944 ----a-w- C:\windows\System32\drivers\rdpwd.sys 2012-03-14 15:37:52 9216 ----a-w- C:\windows\System32\rdrmemptylst.exe 2012-03-14 15:37:52 77312 ----a-w- C:\windows\System32\rdpwsx.dll 2012-03-14 15:37:52 149504 ----a-w- C:\windows\System32\rdpcorekmts.dll 2012-03-10 00:44:36 -------- d-----w- C:\Program Files\iPod 2012-03-10 00:44:35 -------- d-----w- C:\Program Files\iTunes 2012-03-10 00:44:35 -------- d-----w- C:\Program Files (x86)\iTunes 2012-03-10 00:29:06 -------- d-----w- C:\Program Files\Microsoft IntelliType Pro 2012-03-09 05:46:50 -------- d-----w- C:\Users\Isaac\AppData\Roaming\Boomzap 2012-03-09 05:44:59 -------- d-----w- C:\Program Files (x86)\Awakening - The Dreamless Castle 2012-03-09 05:42:53 -------- d-----w- C:\ProgramData\Big Fish Games 2012-03-09 05:42:51 -------- d-----w- C:\Program Files (x86)\bfgclient 2012-03-09 05:42:18 -------- d-----w- C:\BigFishGamesCache . ==================== Find3M ==================== . 2012-04-02 08:16:08 472808 ----a-w- C:\windows\SysWow64\deployJava1.dll 2012-03-29 07:58:28 70304 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-01-31 12:44:20 279656 ------w- C:\windows\System32\MpSigStub.exe . ============= FINISH: 9:53:11.80 ===============

Malwarebytes Anti-Malware (PRO) 1.60.1.1000 www.malwarebytes.org Database version: v2012.04.06.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Isaac :: ISAAC-PC [administrator] Protection: Enabled 4/6/2012 9:46:46 AM mbam-log-2012-04-06 (09-46-46).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 194419 Time elapsed: 4 minute(s), 3 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)

TDSSKiller log found no threats. 09:42:39.0917 5820 TDSS rootkit removing tool 2.7.26.0 Apr 4 2012 19:52:02 09:42:40.0311 5820 ============================================================ 09:42:40.0311 5820 Current date / time: 2012/04/06 09:42:40.0311 09:42:40.0311 5820 SystemInfo: 09:42:40.0311 5820 09:42:40.0312 5820 OS Version: 6.1.7601 ServicePack: 1.0 09:42:40.0312 5820 Product type: Workstation 09:42:40.0312 5820 ComputerName: ISAAC-PC 09:42:40.0312 5820 UserName: Isaac 09:42:40.0312 5820 Windows directory: C:\windows 09:42:40.0312 5820 System windows directory: C:\windows 09:42:40.0312 5820 Running under WOW64 09:42:40.0312 5820 Processor architecture: Intel x64 09:42:40.0312 5820 Number of processors: 4 09:42:40.0312 5820 Page size: 0x1000 09:42:40.0312 5820 Boot type: Normal boot 09:42:40.0312 5820 ============================================================ 09:42:40.0957 5820 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 09:42:40.0961 5820 \Device\Harddisk0\DR0: 09:42:40.0962 5820 MBR used 09:42:40.0962 5820 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x64000 09:42:40.0962 5820 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64800, BlocksNum 0x34BA1000 09:42:40.0990 5820 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x34C06000, BlocksNum 0x39FD800 09:42:41.0336 5820 Initialize success 09:42:41.0336 5820 ============================================================ 09:43:35.0514 4452 ============================================================ 09:43:35.0514 4452 Scan started 09:43:35.0514 4452 Mode: Manual; SigCheck; TDLFS; 09:43:35.0514 4452 ============================================================ 09:43:35.0826 4452 1394ohci (a87d604aea360176311474c87a63bb88) C:\windows\system32\drivers\1394ohci.sys 09:43:35.0912 4452 1394ohci - ok 09:43:35.0998 4452 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\windows\system32\drivers\ACPI.sys 09:43:36.0024 4452 ACPI - ok 09:43:36.0080 4452 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\windows\system32\drivers\acpipmi.sys 09:43:36.0192 4452 AcpiPmi - ok 09:43:36.0308 4452 ACPIVPC (5bbff8b826ec38d32c26334e079c7efc) C:\windows\system32\DRIVERS\AcpiVpc.sys 09:43:36.0336 4452 ACPIVPC - ok 09:43:36.0506 4452 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 09:43:36.0611 4452 AdobeARMservice - ok 09:43:36.0776 4452 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 09:43:36.0863 4452 AdobeFlashPlayerUpdateSvc - ok 09:43:36.0992 4452 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys 09:43:37.0018 4452 adp94xx - ok 09:43:37.0070 4452 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys 09:43:37.0091 4452 adpahci - ok 09:43:37.0140 4452 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys 09:43:37.0159 4452 adpu320 - ok 09:43:37.0189 4452 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\windows\System32\aelupsvc.dll 09:43:37.0346 4452 AeLookupSvc - ok 09:43:37.0488 4452 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\windows\system32\drivers\afd.sys 09:43:37.0602 4452 AFD - ok 09:43:37.0729 4452 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\drivers\agp440.sys 09:43:37.0746 4452 agp440 - ok 09:43:37.0808 4452 ALG (3290d6946b5e30e70414990574883ddb) C:\windows\System32\alg.exe 09:43:37.0903 4452 ALG - ok 09:43:38.0030 4452 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\drivers\aliide.sys 09:43:38.0046 4452 aliide - ok 09:43:38.0070 4452 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\drivers\amdide.sys 09:43:38.0083 4452 amdide - ok 09:43:38.0138 4452 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys 09:43:38.0178 4452 AmdK8 - ok 09:43:38.0224 4452 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys 09:43:38.0259 4452 AmdPPM - ok 09:43:38.0326 4452 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\windows\system32\drivers\amdsata.sys 09:43:38.0341 4452 amdsata - ok 09:43:38.0400 4452 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys 09:43:38.0419 4452 amdsbs - ok 09:43:38.0497 4452 amdxata (540daf1cea6094886d72126fd7c33048) C:\windows\system32\drivers\amdxata.sys 09:43:38.0514 4452 amdxata - ok 09:43:38.0590 4452 AppID (89a69c3f2f319b43379399547526d952) C:\windows\system32\drivers\appid.sys 09:43:38.0674 4452 AppID - ok 09:43:38.0754 4452 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\windows\System32\appidsvc.dll 09:43:38.0810 4452 AppIDSvc - ok 09:43:38.0889 4452 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\windows\System32\appinfo.dll 09:43:38.0944 4452 Appinfo - ok 09:43:39.0089 4452 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 09:43:39.0129 4452 Apple Mobile Device - ok 09:43:39.0307 4452 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys 09:43:39.0322 4452 arc - ok 09:43:39.0375 4452 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys 09:43:39.0407 4452 arcsas - ok 09:43:39.0455 4452 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys 09:43:39.0505 4452 AsyncMac - ok 09:43:39.0597 4452 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\drivers\atapi.sys 09:43:39.0614 4452 atapi - ok 09:43:39.0705 4452 athr (782d36bad8ddbf008d02e055dbe70f82) C:\windows\system32\DRIVERS\athrx.sys 09:43:39.0889 4452 athr - ok 09:43:40.0084 4452 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll 09:43:40.0170 4452 AudioEndpointBuilder - ok 09:43:40.0205 4452 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\windows\System32\Audiosrv.dll 09:43:40.0257 4452 AudioSrv - ok 09:43:40.0410 4452 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\windows\System32\AxInstSV.dll 09:43:40.0498 4452 AxInstSV - ok 09:43:40.0570 4452 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys 09:43:40.0688 4452 b06bdrv - ok 09:43:40.0785 4452 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys 09:43:40.0832 4452 b57nd60a - ok 09:43:40.0888 4452 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\windows\System32\bdesvc.dll 09:43:41.0035 4452 BDESVC - ok 09:43:41.0148 4452 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys 09:43:41.0201 4452 Beep - ok 09:43:41.0354 4452 BFE (82974d6a2fd19445cc5171fc378668a4) C:\windows\System32\bfe.dll 09:43:41.0427 4452 BFE - ok 09:43:41.0503 4452 BITS (1ea7969e3271cbc59e1730697dc74682) C:\windows\System32\qmgr.dll 09:43:41.0621 4452 BITS - ok 09:43:41.0718 4452 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys 09:43:41.0748 4452 blbdrive - ok 09:43:41.0832 4452 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe 09:43:41.0879 4452 Bonjour Service - ok 09:43:41.0974 4452 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\windows\system32\DRIVERS\bowser.sys 09:43:42.0048 4452 bowser - ok 09:43:42.0161 4452 BPntDrv (aaa4f992f879977a000fe8b8c730cd2c) C:\windows\system32\drivers\BPntDrv.sys 09:43:42.0176 4452 BPntDrv - ok 09:43:42.0215 4452 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys 09:43:42.0323 4452 BrFiltLo - ok 09:43:42.0420 4452 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys 09:43:42.0454 4452 BrFiltUp - ok 09:43:42.0523 4452 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\windows\System32\browser.dll 09:43:42.0574 4452 Browser - ok 09:43:42.0616 4452 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys 09:43:42.0672 4452 Brserid - ok 09:43:42.0693 4452 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys 09:43:42.0719 4452 BrSerWdm - ok 09:43:42.0758 4452 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys 09:43:42.0796 4452 BrUsbMdm - ok 09:43:42.0816 4452 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys 09:43:42.0848 4452 BrUsbSer - ok 09:43:42.0929 4452 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\windows\system32\drivers\BthEnum.sys 09:43:43.0062 4452 BthEnum - ok 09:43:43.0157 4452 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys 09:43:43.0186 4452 BTHMODEM - ok 09:43:43.0227 4452 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\windows\system32\DRIVERS\bthpan.sys 09:43:43.0258 4452 BthPan - ok 09:43:43.0346 4452 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\windows\System32\Drivers\BTHport.sys 09:43:43.0405 4452 BTHPORT - ok 09:43:43.0481 4452 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\windows\system32\bthserv.dll 09:43:43.0537 4452 bthserv - ok 09:43:43.0600 4452 BTHUSB (f188b7394d81010767b6df3178519a37) C:\windows\System32\Drivers\BTHUSB.sys 09:43:43.0672 4452 BTHUSB - ok 09:43:43.0742 4452 BTWAMPFL (9de56fa4533e485ae5409d3c11747143) C:\windows\system32\DRIVERS\btwampfl.sys 09:43:43.0761 4452 BTWAMPFL - ok 09:43:43.0782 4452 btwaudio (f6135859a582a7294ba7a3336e08baa1) C:\windows\system32\drivers\btwaudio.sys 09:43:43.0797 4452 btwaudio - ok 09:43:43.0818 4452 btwavdt (3def2370e414b4e299673558ba171a51) C:\windows\system32\drivers\btwavdt.sys 09:43:43.0835 4452 btwavdt - ok 09:43:43.0909 4452 btwdins (7987fffda812abc69047d1b029d446a2) C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe 09:43:44.0005 4452 btwdins - ok 09:43:44.0088 4452 btwl2cap (e8d2bcd080ea91e74775b9f5ea051f97) C:\windows\system32\DRIVERS\btwl2cap.sys 09:43:44.0102 4452 btwl2cap - ok 09:43:44.0113 4452 btwrchid (9937e0e4dfc0030560a6dfe9d3a94b39) C:\windows\system32\DRIVERS\btwrchid.sys 09:43:44.0125 4452 btwrchid - ok 09:43:44.0187 4452 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys 09:43:44.0248 4452 cdfs - ok 09:43:44.0325 4452 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\windows\system32\DRIVERS\cdrom.sys 09:43:44.0383 4452 cdrom - ok 09:43:44.0512 4452 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll 09:43:44.0596 4452 CertPropSvc - ok 09:43:44.0653 4452 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys 09:43:44.0704 4452 circlass - ok 09:43:44.0741 4452 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys 09:43:44.0764 4452 CLFS - ok 09:43:44.0843 4452 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 09:43:44.0867 4452 clr_optimization_v2.0.50727_32 - ok 09:43:44.0910 4452 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 09:43:44.0928 4452 clr_optimization_v2.0.50727_64 - ok 09:43:45.0039 4452 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 09:43:45.0081 4452 clr_optimization_v4.0.30319_32 - ok 09:43:45.0167 4452 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 09:43:45.0186 4452 clr_optimization_v4.0.30319_64 - ok 09:43:45.0339 4452 clwvd (50f92c943f18b070f166d019dfab3d9a) C:\windows\system32\DRIVERS\clwvd.sys 09:43:45.0377 4452 clwvd - ok 09:43:45.0426 4452 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys 09:43:45.0452 4452 CmBatt - ok 09:43:45.0496 4452 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\drivers\cmdide.sys 09:43:45.0510 4452 cmdide - ok 09:43:45.0590 4452 CNG (c4943b6c962e4b82197542447ad599f4) C:\windows\system32\Drivers\cng.sys 09:43:45.0643 4452 CNG - ok 09:43:45.0766 4452 CnxtHdAudService (99b1b888b793de320c5479b3c953781f) C:\windows\system32\drivers\CHDRT64.sys 09:43:45.0827 4452 CnxtHdAudService - ok 09:43:45.0898 4452 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys 09:43:45.0912 4452 Compbatt - ok 09:43:45.0971 4452 CompositeBus (03edb043586cceba243d689bdda370a8) C:\windows\system32\drivers\CompositeBus.sys 09:43:46.0002 4452 CompositeBus - ok 09:43:46.0021 4452 COMSysApp - ok 09:43:46.0058 4452 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys 09:43:46.0073 4452 crcdisk - ok 09:43:46.0141 4452 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\windows\system32\cryptsvc.dll 09:43:46.0361 4452 CryptSvc - ok 09:43:46.0488 4452 dc3d (1ca90212a99db6975c344826d11055c9) C:\windows\system32\DRIVERS\dc3d.sys 09:43:46.0503 4452 dc3d - ok 09:43:46.0574 4452 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll 09:43:46.0638 4452 DcomLaunch - ok 09:43:46.0726 4452 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\windows\System32\defragsvc.dll 09:43:46.0793 4452 defragsvc - ok 09:43:46.0941 4452 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\windows\system32\Drivers\dfsc.sys 09:43:46.0997 4452 DfsC - ok 09:43:47.0120 4452 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\windows\system32\dhcpcore.dll 09:43:47.0173 4452 Dhcp - ok 09:43:47.0238 4452 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys 09:43:47.0328 4452 discache - ok 09:43:47.0468 4452 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys 09:43:47.0485 4452 Disk - ok 09:43:47.0555 4452 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\windows\System32\dnsrslvr.dll 09:43:47.0639 4452 Dnscache - ok 09:43:47.0751 4452 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\windows\System32\dot3svc.dll 09:43:47.0805 4452 dot3svc - ok 09:43:47.0866 4452 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\windows\system32\dps.dll 09:43:47.0920 4452 DPS - ok 09:43:48.0039 4452 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys 09:43:48.0072 4452 drmkaud - ok 09:43:48.0523 4452 dump_wmimmc - ok 09:43:48.0663 4452 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\windows\System32\drivers\dxgkrnl.sys 09:43:48.0710 4452 DXGKrnl - ok 09:43:48.0786 4452 EagleX64 - ok 09:43:48.0853 4452 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\windows\System32\eapsvc.dll 09:43:48.0972 4452 EapHost - ok 09:43:49.0101 4452 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys 09:43:49.0208 4452 ebdrv - ok 09:43:49.0291 4452 EFS (c118a82cd78818c29ab228366ebf81c3) C:\windows\System32\lsass.exe 09:43:49.0352 4452 EFS - ok 09:43:49.0429 4452 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\windows\ehome\ehRecvr.exe 09:43:49.0534 4452 ehRecvr - ok 09:43:49.0598 4452 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\windows\ehome\ehsched.exe 09:43:49.0659 4452 ehSched - ok 09:43:49.0734 4452 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys 09:43:49.0760 4452 elxstor - ok 09:43:49.0834 4452 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\drivers\errdev.sys 09:43:49.0891 4452 ErrDev - ok 09:43:49.0997 4452 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\windows\system32\es.dll 09:43:50.0060 4452 EventSystem - ok 09:43:50.0134 4452 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys 09:43:50.0205 4452 exfat - ok 09:43:50.0649 4452 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys 09:43:50.0699 4452 fastfat - ok 09:43:50.0828 4452 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\windows\system32\fxssvc.exe 09:43:51.0000 4452 Fax - ok 09:43:51.0087 4452 fbfmon (3191aca33088ee2481044fc0db736442) C:\windows\system32\drivers\fbfmon.sys 09:43:51.0102 4452 fbfmon - ok 09:43:51.0152 4452 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys 09:43:51.0185 4452 fdc - ok 09:43:51.0266 4452 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\windows\system32\fdPHost.dll 09:43:51.0318 4452 fdPHost - ok 09:43:51.0367 4452 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\windows\system32\fdrespub.dll 09:43:51.0430 4452 FDResPub - ok 09:43:51.0546 4452 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys 09:43:51.0564 4452 FileInfo - ok 09:43:51.0609 4452 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys 09:43:51.0658 4452 Filetrace - ok 09:43:51.0735 4452 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys 09:43:51.0752 4452 flpydisk - ok 09:43:51.0832 4452 FltMgr (da6b67270fd9db3697b20fce94950741) C:\windows\system32\drivers\fltmgr.sys 09:43:51.0856 4452 FltMgr - ok 09:43:51.0926 4452 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\windows\system32\FntCache.dll 09:43:52.0009 4452 FontCache - ok 09:43:52.0130 4452 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 09:43:53.0209 4452 FontCache3.0.0.0 - ok 09:43:53.0292 4452 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys 09:43:53.0309 4452 FsDepends - ok 09:43:53.0330 4452 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys 09:43:53.0345 4452 Fs_Rec - ok 09:43:53.0419 4452 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\windows\system32\DRIVERS\fvevol.sys 09:43:53.0442 4452 fvevol - ok 09:43:53.0537 4452 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys 09:43:53.0554 4452 gagp30kx - ok 09:43:53.0614 4452 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\windows\system32\DRIVERS\GEARAspiWDM.sys 09:43:53.0627 4452 GEARAspiWDM - ok 09:43:53.0688 4452 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\windows\System32\gpsvc.dll 09:43:53.0771 4452 gpsvc - ok 09:43:53.0831 4452 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys 09:43:53.0938 4452 hcw85cir - ok 09:43:54.0065 4452 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\windows\system32\drivers\HdAudio.sys 09:43:54.0101 4452 HdAudAddService - ok 09:43:54.0227 4452 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\windows\system32\drivers\HDAudBus.sys 09:43:54.0256 4452 HDAudBus - ok 09:43:54.0300 4452 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys 09:43:54.0358 4452 HidBatt - ok 09:43:54.0450 4452 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys 09:43:54.0481 4452 HidBth - ok 09:43:54.0523 4452 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys 09:43:54.0599 4452 HidIr - ok 09:43:54.0664 4452 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\windows\system32\hidserv.dll 09:43:54.0717 4452 hidserv - ok 09:43:54.0876 4452 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\windows\system32\DRIVERS\hidusb.sys 09:43:54.0891 4452 HidUsb - ok 09:43:54.0942 4452 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\windows\system32\kmsvc.dll 09:43:55.0017 4452 hkmsvc - ok 09:43:55.0071 4452 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\windows\system32\ListSvc.dll 09:43:55.0169 4452 HomeGroupListener - ok 09:43:55.0216 4452 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\windows\system32\provsvc.dll 09:43:55.0250 4452 HomeGroupProvider - ok 09:43:55.0336 4452 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\windows\system32\drivers\HpSAMD.sys 09:43:55.0351 4452 HpSAMD - ok 09:43:55.0552 4452 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\windows\system32\drivers\HTTP.sys 09:43:55.0610 4452 HTTP - ok 09:43:55.0683 4452 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\windows\system32\drivers\hwpolicy.sys 09:43:55.0697 4452 hwpolicy - ok 09:43:55.0786 4452 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\drivers\i8042prt.sys 09:43:55.0805 4452 i8042prt - ok 09:43:55.0862 4452 iaStor (d469b77687e12fe43e344806740b624d) C:\windows\system32\DRIVERS\iaStor.sys 09:43:55.0883 4452 iaStor - ok 09:43:55.0982 4452 IAStorDataMgrSvc (983fc69644ddf0486c8dfea262948d1a) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe 09:43:55.0999 4452 IAStorDataMgrSvc - ok 09:43:56.0119 4452 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\windows\system32\drivers\iaStorV.sys 09:43:56.0144 4452 iaStorV - ok 09:43:56.0228 4452 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 09:43:56.0275 4452 idsvc - ok 09:43:56.0574 4452 igfx (0d1b8c64bdf0e5cdc523a1409ffb5ef0) C:\windows\system32\DRIVERS\igdkmd64.sys 09:43:56.0909 4452 igfx - ok 09:43:56.0989 4452 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys 09:43:57.0004 4452 iirsp - ok 09:43:57.0073 4452 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\windows\System32\ikeext.dll 09:43:57.0140 4452 IKEEXT - ok 09:43:57.0188 4452 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\windows\system32\DRIVERS\IntcDAud.sys 09:43:57.0240 4452 IntcDAud - ok 09:43:57.0361 4452 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\drivers\intelide.sys 09:43:57.0375 4452 intelide - ok 09:43:57.0422 4452 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys 09:43:57.0448 4452 intelppm - ok 09:43:57.0479 4452 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\windows\system32\ipbusenum.dll 09:43:57.0531 4452 IPBusEnum - ok 09:43:57.0610 4452 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\windows\system32\DRIVERS\ipfltdrv.sys 09:43:57.0653 4452 IpFilterDriver - ok 09:43:57.0781 4452 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\windows\System32\iphlpsvc.dll 09:43:57.0847 4452 iphlpsvc - ok 09:43:57.0950 4452 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\windows\system32\drivers\IPMIDrv.sys 09:43:57.0969 4452 IPMIDRV - ok 09:43:58.0005 4452 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys 09:43:58.0057 4452 IPNAT - ok 09:43:58.0158 4452 iPod Service (755e4ba6dce627a2683bb7640553c8d6) C:\Program Files\iPod\bin\iPodService.exe 09:43:58.0238 4452 iPod Service - ok 09:43:58.0332 4452 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys 09:43:58.0411 4452 IRENUM - ok 09:43:58.0472 4452 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\drivers\isapnp.sys 09:43:58.0487 4452 isapnp - ok 09:43:58.0542 4452 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\windows\system32\drivers\msiscsi.sys 09:43:58.0563 4452 iScsiPrt - ok 09:43:58.0620 4452 k57nd60a (7dbafe10c1b777305c80bea42fbda710) C:\windows\system32\DRIVERS\k57nd60a.sys 09:43:58.0652 4452 k57nd60a - ok 09:43:58.0717 4452 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys 09:43:58.0733 4452 kbdclass - ok 09:43:58.0798 4452 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\windows\system32\DRIVERS\kbdhid.sys 09:43:58.0823 4452 kbdhid - ok 09:43:58.0876 4452 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe 09:43:58.0896 4452 KeyIso - ok 09:43:58.0916 4452 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\windows\system32\Drivers\ksecdd.sys 09:43:58.0932 4452 KSecDD - ok 09:43:58.0992 4452 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\windows\system32\Drivers\ksecpkg.sys 09:43:59.0012 4452 KSecPkg - ok 09:43:59.0065 4452 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys 09:43:59.0115 4452 ksthunk - ok 09:43:59.0147 4452 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\windows\system32\msdtckrm.dll 09:43:59.0205 4452 KtmRm - ok 09:43:59.0250 4452 L1C (95ca93fc12be372bb952669f37fff9c5) C:\windows\system32\DRIVERS\L1C62x64.sys 09:43:59.0265 4452 L1C - ok 09:43:59.0359 4452 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\windows\system32\srvsvc.dll 09:43:59.0418 4452 LanmanServer - ok 09:43:59.0488 4452 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\windows\System32\wkssvc.dll 09:43:59.0538 4452 LanmanWorkstation - ok 09:43:59.0655 4452 LHDmgr (be166935083f9c38edfdc21b9a7a679b) C:\windows\system32\DRIVERS\LhdX64.sys 09:43:59.0667 4452 LHDmgr - ok 09:43:59.0722 4452 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys 09:43:59.0773 4452 lltdio - ok 09:43:59.0809 4452 lltdsvc (c1185803384ab3feed115f79f109427f) C:\windows\System32\lltdsvc.dll 09:43:59.0866 4452 lltdsvc - ok 09:43:59.0946 4452 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\windows\System32\lmhsvc.dll 09:43:59.0987 4452 lmhosts - ok 09:44:00.0078 4452 LMS (2ed1786b7542cda261029f6b526edf44) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe 09:44:00.0137 4452 LMS - ok 09:44:00.0232 4452 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys 09:44:00.0248 4452 LSI_FC - ok 09:44:00.0293 4452 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys 09:44:00.0309 4452 LSI_SAS - ok 09:44:00.0337 4452 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys 09:44:00.0352 4452 LSI_SAS2 - ok 09:44:00.0374 4452 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys 09:44:00.0390 4452 LSI_SCSI - ok 09:44:00.0426 4452 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys 09:44:00.0474 4452 luafv - ok 09:44:00.0616 4452 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\windows\system32\drivers\mbam.sys 09:44:00.0629 4452 MBAMProtector - ok 09:44:00.0724 4452 MBAMService (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 09:44:00.0781 4452 MBAMService - ok 09:44:00.0798 4452 McAfee SiteAdvisor Service - ok 09:44:00.0913 4452 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\windows\system32\Mcx2Svc.dll 09:44:00.0957 4452 Mcx2Svc - ok 09:44:01.0017 4452 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys 09:44:01.0031 4452 megasas - ok 09:44:01.0062 4452 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys 09:44:01.0077 4452 MegaSR - ok 09:44:01.0129 4452 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\windows\system32\DRIVERS\HECIx64.sys 09:44:01.0145 4452 MEIx64 - ok 09:44:01.0249 4452 Microsoft SharePoint Workspace Audit Service - ok 09:44:01.0348 4452 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll 09:44:01.0405 4452 MMCSS - ok 09:44:01.0454 4452 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys 09:44:01.0501 4452 Modem - ok 09:44:01.0566 4452 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys 09:44:01.0596 4452 monitor - ok 09:44:01.0709 4452 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys 09:44:01.0725 4452 mouclass - ok 09:44:01.0782 4452 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys 09:44:01.0817 4452 mouhid - ok 09:44:01.0918 4452 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\windows\system32\drivers\mountmgr.sys 09:44:01.0935 4452 mountmgr - ok 09:44:01.0988 4452 MpFilter (c177a7ebf5e8a0b596f618870516cab8) C:\windows\system32\DRIVERS\MpFilter.sys 09:44:02.0009 4452 MpFilter - ok 09:44:02.0058 4452 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\windows\system32\drivers\mpio.sys 09:44:02.0076 4452 mpio - ok 09:44:02.0111 4452 MpNWMon (8fbf6b31fe8af1833d93c5913d5b4d55) C:\windows\system32\DRIVERS\MpNWMon.sys 09:44:02.0121 4452 MpNWMon - ok 09:44:02.0208 4452 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys 09:44:02.0251 4452 mpsdrv - ok 09:44:02.0389 4452 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\windows\system32\mpssvc.dll 09:44:02.0467 4452 MpsSvc - ok 09:44:02.0531 4452 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\windows\system32\drivers\mrxdav.sys 09:44:02.0576 4452 MRxDAV - ok 09:44:02.0638 4452 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\windows\system32\DRIVERS\mrxsmb.sys 09:44:02.0730 4452 mrxsmb - ok 09:44:02.0808 4452 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\windows\system32\DRIVERS\mrxsmb10.sys 09:44:02.0846 4452 mrxsmb10 - ok 09:44:02.0923 4452 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\windows\system32\DRIVERS\mrxsmb20.sys 09:44:02.0943 4452 mrxsmb20 - ok 09:44:02.0998 4452 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\windows\system32\drivers\msahci.sys 09:44:03.0012 4452 msahci - ok 09:44:03.0057 4452 msdsm (db801a638d011b9633829eb6f663c900) C:\windows\system32\drivers\msdsm.sys 09:44:03.0075 4452 msdsm - ok 09:44:03.0104 4452 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\windows\System32\msdtc.exe 09:44:03.0145 4452 MSDTC - ok 09:44:03.0162 4452 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys 09:44:03.0193 4452 Msfs - ok 09:44:03.0224 4452 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys 09:44:03.0268 4452 mshidkmdf - ok 09:44:03.0312 4452 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\drivers\msisadrv.sys 09:44:03.0344 4452 msisadrv - ok 09:44:03.0406 4452 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\windows\system32\iscsiexe.dll 09:44:03.0458 4452 MSiSCSI - ok 09:44:03.0468 4452 msiserver - ok 09:44:03.0527 4452 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys 09:44:03.0626 4452 MSKSSRV - ok 09:44:03.0766 4452 MsMpSvc (157e9e498206a3366baa7e4697bdd947) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe 09:44:03.0782 4452 MsMpSvc - ok 09:44:03.0893 4452 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys 09:44:03.0947 4452 MSPCLOCK - ok 09:44:03.0987 4452 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys 09:44:04.0037 4452 MSPQM - ok 09:44:04.0092 4452 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\windows\system32\drivers\MsRPC.sys 09:44:04.0121 4452 MsRPC - ok 09:44:04.0221 4452 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\drivers\mssmbios.sys 09:44:04.0231 4452 mssmbios - ok 09:44:04.0317 4452 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys 09:44:04.0361 4452 MSTEE - ok 09:44:04.0385 4452 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys 09:44:04.0412 4452 MTConfig - ok 09:44:04.0447 4452 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys 09:44:04.0464 4452 Mup - ok 09:44:04.0522 4452 napagent (582ac6d9873e31dfa28a4547270862dd) C:\windows\system32\qagentRT.dll 09:44:04.0587 4452 napagent - ok 09:44:04.0724 4452 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys 09:44:04.0766 4452 NativeWifiP - ok 09:44:04.0880 4452 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\windows\system32\drivers\ndis.sys 09:44:04.0929 4452 NDIS - ok 09:44:04.0978 4452 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys 09:44:05.0025 4452 NdisCap - ok 09:44:05.0084 4452 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys 09:44:05.0118 4452 NdisTapi - ok 09:44:05.0192 4452 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\windows\system32\DRIVERS\ndisuio.sys 09:44:05.0245 4452 Ndisuio - ok 09:44:05.0381 4452 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\windows\system32\DRIVERS\ndiswan.sys 09:44:05.0428 4452 NdisWan - ok 09:44:05.0473 4452 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\windows\system32\drivers\NDProxy.sys 09:44:05.0508 4452 NDProxy - ok 09:44:05.0553 4452 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys 09:44:05.0599 4452 NetBIOS - ok 09:44:05.0652 4452 NetBT (09594d1089c523423b32a4229263f068) C:\windows\system32\DRIVERS\netbt.sys 09:44:05.0721 4452 NetBT - ok 09:44:05.0819 4452 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe 09:44:05.0839 4452 Netlogon - ok 09:44:05.0882 4452 Netman (847d3ae376c0817161a14a82c8922a9e) C:\windows\System32\netman.dll 09:44:05.0935 4452 Netman - ok 09:44:05.0966 4452 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\windows\System32\netprofm.dll 09:44:06.0023 4452 netprofm - ok 09:44:06.0075 4452 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 09:44:06.0095 4452 NetTcpPortSharing - ok 09:44:06.0271 4452 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\windows\system32\DRIVERS\netw5v64.sys 09:44:06.0515 4452 netw5v64 - ok 09:44:06.0582 4452 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys 09:44:06.0596 4452 nfrd960 - ok 09:44:06.0654 4452 NisDrv (5f7d72cbcdd025af1f38fdeee5646968) C:\windows\system32\DRIVERS\NisDrvWFP.sys 09:44:06.0674 4452 NisDrv - ok 09:44:06.0810 4452 NisSrv (566ddd5d82520da01d75f81428ac4c38) c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe 09:44:06.0841 4452 NisSrv - ok 09:44:06.0952 4452 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\windows\System32\nlasvc.dll 09:44:07.0020 4452 NlaSvc - ok 09:44:07.0184 4452 nmservice (cd569fa91ec6f59d045c19d0d3850f44) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe 09:44:07.0444 4452 nmservice - ok 09:44:07.0581 4452 NPF (c31fa031335eff434b2d94278e74bcce) C:\windows\system32\drivers\npf.sys 09:44:07.0603 4452 NPF - ok 09:44:07.0647 4452 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys 09:44:07.0682 4452 Npfs - ok 09:44:07.0690 4452 npggsvc - ok 09:44:07.0699 4452 NPPTNT2 - ok 09:44:07.0737 4452 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\windows\system32\nsisvc.dll 09:44:07.0786 4452 nsi - ok 09:44:07.0810 4452 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys 09:44:07.0844 4452 nsiproxy - ok 09:44:07.0930 4452 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\windows\system32\drivers\Ntfs.sys 09:44:07.0995 4452 Ntfs - ok 09:44:08.0017 4452 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys 09:44:08.0067 4452 Null - ok 09:44:08.0135 4452 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\windows\system32\drivers\nvraid.sys 09:44:08.0160 4452 nvraid - ok 09:44:08.0185 4452 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\windows\system32\drivers\nvstor.sys 09:44:08.0202 4452 nvstor - ok 09:44:08.0363 4452 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\drivers\nv_agp.sys 09:44:08.0382 4452 nv_agp - ok 09:44:08.0456 4452 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\drivers\ohci1394.sys 09:44:08.0517 4452 ohci1394 - ok 09:44:08.0623 4452 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 09:44:08.0681 4452 ose - ok 09:44:08.0913 4452 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 09:44:09.0165 4452 osppsvc - ok 09:44:09.0265 4452 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll 09:44:09.0353 4452 p2pimsvc - ok 09:44:09.0403 4452 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\windows\system32\p2psvc.dll 09:44:09.0434 4452 p2psvc - ok 09:44:09.0502 4452 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys 09:44:09.0521 4452 Parport - ok 09:44:09.0583 4452 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\windows\system32\drivers\partmgr.sys 09:44:09.0600 4452 partmgr - ok 09:44:09.0631 4452 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\windows\System32\pcasvc.dll 09:44:09.0673 4452 PcaSvc - ok 09:44:09.0724 4452 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\windows\system32\drivers\pci.sys 09:44:09.0744 4452 pci - ok 09:44:09.0794 4452 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\drivers\pciide.sys 09:44:09.0808 4452 pciide - ok 09:44:09.0842 4452 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys 09:44:09.0861 4452 pcmcia - ok 09:44:09.0892 4452 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys 09:44:09.0907 4452 pcw - ok 09:44:09.0940 4452 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys 09:44:09.0994 4452 PEAUTH - ok 09:44:10.0058 4452 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\windows\SysWow64\perfhost.exe 09:44:10.0095 4452 PerfHost - ok 09:44:10.0196 4452 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\windows\system32\pla.dll 09:44:10.0276 4452 pla - ok 09:44:10.0344 4452 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\windows\system32\umpnpmgr.dll 09:44:10.0430 4452 PlugPlay - ok 09:44:10.0531 4452 pnarp (fb83b6c62dff5abe36304351d2bed581) C:\windows\system32\DRIVERS\pnarp.sys 09:44:10.0544 4452 pnarp - ok 09:44:10.0577 4452 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\windows\system32\pnrpauto.dll 09:44:10.0608 4452 PNRPAutoReg - ok 09:44:10.0640 4452 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\windows\system32\pnrpsvc.dll 09:44:10.0667 4452 PNRPsvc - ok 09:44:10.0728 4452 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\windows\System32\ipsecsvc.dll 09:44:10.0784 4452 PolicyAgent - ok 09:44:10.0815 4452 Power (6ba9d927dded70bd1a9caded45f8b184) C:\windows\system32\umpo.dll 09:44:10.0872 4452 Power - ok 09:44:11.0008 4452 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\windows\system32\DRIVERS\raspptp.sys 09:44:11.0046 4452 PptpMiniport - ok 09:44:11.0086 4452 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys 09:44:11.0112 4452 Processor - ok 09:44:11.0218 4452 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\windows\system32\profsvc.dll 09:44:11.0279 4452 ProfSvc - ok 09:44:11.0333 4452 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe 09:44:11.0353 4452 ProtectedStorage - ok 09:44:11.0438 4452 Psched (0557cf5a2556bd58e26384169d72438d) C:\windows\system32\DRIVERS\pacer.sys 09:44:11.0482 4452 Psched - ok 09:44:11.0618 4452 purendis (1b3434642ce3c26e6f24d3a76d749c2a) C:\windows\system32\DRIVERS\purendis.sys 09:44:11.0632 4452 purendis - ok 09:44:11.0760 4452 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys 09:44:11.0817 4452 ql2300 - ok 09:44:11.0843 4452 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys 09:44:11.0859 4452 ql40xx - ok 09:44:11.0898 4452 QWAVE (906191634e99aea92c4816150bda3732) C:\windows\system32\qwave.dll 09:44:11.0929 4452 QWAVE - ok 09:44:11.0957 4452 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys 09:44:11.0995 4452 QWAVEdrv - ok 09:44:12.0020 4452 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys 09:44:12.0069 4452 RasAcd - ok 09:44:12.0174 4452 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys 09:44:12.0219 4452 RasAgileVpn - ok 09:44:12.0245 4452 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\windows\System32\rasauto.dll 09:44:12.0295 4452 RasAuto - ok 09:44:12.0371 4452 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\windows\system32\DRIVERS\rasl2tp.sys 09:44:12.0422 4452 Rasl2tp - ok 09:44:12.0486 4452 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\windows\System32\rasmans.dll 09:44:12.0527 4452 RasMan - ok 09:44:12.0567 4452 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys 09:44:12.0623 4452 RasPppoe - ok 09:44:12.0652 4452 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys 09:44:12.0695 4452 RasSstp - ok 09:44:12.0746 4452 rdbss (77f665941019a1594d887a74f301fa2f) C:\windows\system32\DRIVERS\rdbss.sys 09:44:12.0795 4452 rdbss - ok 09:44:12.0820 4452 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys 09:44:12.0848 4452 rdpbus - ok 09:44:12.0907 4452 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys 09:44:12.0957 4452 RDPCDD - ok 09:44:12.0977 4452 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys 09:44:13.0027 4452 RDPENCDD - ok 09:44:13.0052 4452 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys 09:44:13.0085 4452 RDPREFMP - ok 09:44:13.0132 4452 RDPWD (6d76e6433574b058adcb0c50df834492) C:\windows\system32\drivers\RDPWD.sys 09:44:13.0196 4452 RDPWD - ok 09:44:13.0270 4452 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\windows\system32\drivers\rdyboost.sys 09:44:13.0290 4452 rdyboost - ok 09:44:13.0325 4452 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\windows\System32\mprdim.dll 09:44:13.0378 4452 RemoteAccess - ok 09:44:13.0415 4452 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\windows\system32\regsvc.dll 09:44:13.0470 4452 RemoteRegistry - ok 09:44:13.0547 4452 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\windows\system32\DRIVERS\rfcomm.sys 09:44:13.0576 4452 RFCOMM - ok 09:44:13.0678 4452 rpcapd (a780d3eaa74582ea1deb6bd9c7a3d9c9) C:\Program Files (x86)\WinPcap\rpcapd.exe 09:44:13.0743 4452 rpcapd - ok 09:44:13.0822 4452 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\windows\System32\RpcEpMap.dll 09:44:13.0875 4452 RpcEptMapper - ok 09:44:13.0912 4452 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\windows\system32\locator.exe 09:44:13.0953 4452 RpcLocator - ok 09:44:13.0998 4452 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\windows\system32\rpcss.dll 09:44:14.0045 4452 RpcSs - ok 09:44:14.0114 4452 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys 09:44:14.0175 4452 rspndr - ok 09:44:14.0279 4452 RSUSBVSTOR (e57fac2cdb73f06586ed2ed310b80932) C:\windows\system32\Drivers\RtsUVStor.sys 09:44:14.0295 4452 RSUSBVSTOR - ok 09:44:14.0348 4452 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe 09:44:14.0368 4452 SamSs - ok 09:44:14.0428 4452 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\windows\system32\drivers\sbp2port.sys 09:44:14.0444 4452 sbp2port - ok 09:44:14.0481 4452 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\windows\System32\SCardSvr.dll 09:44:14.0526 4452 SCardSvr - ok 09:44:14.0593 4452 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\windows\system32\DRIVERS\scfilter.sys 09:44:14.0637 4452 scfilter - ok 09:44:14.0707 4452 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\windows\system32\schedsvc.dll 09:44:14.0791 4452 Schedule - ok 09:44:14.0896 4452 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\windows\System32\certprop.dll 09:44:14.0936 4452 SCPolicySvc - ok 09:44:14.0980 4452 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\windows\System32\SDRSVC.dll 09:44:15.0053 4452 SDRSVC - ok 09:44:15.0095 4452 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys 09:44:15.0131 4452 secdrv - ok 09:44:15.0181 4452 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\windows\system32\seclogon.dll 09:44:15.0237 4452 seclogon - ok 09:44:15.0266 4452 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\windows\System32\sens.dll 09:44:15.0319 4452 SENS - ok 09:44:15.0365 4452 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\windows\system32\sensrsvc.dll 09:44:15.0459 4452 SensrSvc - ok 09:44:15.0547 4452 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys 09:44:15.0578 4452 Serenum - ok 09:44:15.0625 4452 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys 09:44:15.0643 4452 Serial - ok 09:44:15.0704 4452 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys 09:44:15.0760 4452 sermouse - ok 09:44:15.0801 4452 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\windows\system32\sessenv.dll 09:44:15.0861 4452 SessionEnv - ok 09:44:15.0916 4452 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\drivers\sffdisk.sys 09:44:15.0968 4452 sffdisk - ok 09:44:16.0093 4452 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\drivers\sffp_mmc.sys 09:44:16.0119 4452 sffp_mmc - ok 09:44:16.0151 4452 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\windows\system32\drivers\sffp_sd.sys 09:44:16.0181 4452 sffp_sd - ok 09:44:16.0213 4452 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys 09:44:16.0246 4452 sfloppy - ok 09:44:16.0289 4452 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\windows\System32\ipnathlp.dll 09:44:16.0357 4452 SharedAccess - ok 09:44:16.0419 4452 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\windows\System32\shsvcs.dll 09:44:16.0480 4452 ShellHWDetection - ok 09:44:16.0539 4452 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys 09:44:16.0553 4452 SiSRaid2 - ok 09:44:16.0574 4452 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys 09:44:16.0590 4452 SiSRaid4 - ok 09:44:16.0627 4452 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys 09:44:16.0663 4452 Smb - ok 09:44:16.0719 4452 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\windows\System32\snmptrap.exe 09:44:16.0774 4452 SNMPTRAP - ok 09:44:16.0858 4452 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys 09:44:16.0873 4452 spldr - ok 09:44:16.0931 4452 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\windows\System32\spoolsv.exe 09:44:17.0011 4452 Spooler - ok 09:44:17.0120 4452 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\windows\system32\sppsvc.exe 09:44:17.0277 4452 sppsvc - ok 09:44:17.0368 4452 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\windows\system32\sppuinotify.dll 09:44:17.0418 4452 sppuinotify - ok 09:44:17.0518 4452 SPUVCbv (454800c2bc7f3927ce030141ee4f4c50) C:\windows\system32\Drivers\usbvideo.sys 09:44:17.0541 4452 SPUVCbv - ok 09:44:17.0613 4452 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\windows\system32\DRIVERS\srv.sys 09:44:17.0701 4452 srv - ok 09:44:17.0798 4452 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\windows\system32\DRIVERS\srv2.sys 09:44:17.0823 4452 srv2 - ok 09:44:17.0844 4452 srvnet (27e461f0be5bff5fc737328f749538c3) C:\windows\system32\DRIVERS\srvnet.sys 09:44:17.0874 4452 srvnet - ok 09:44:17.0907 4452 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\windows\System32\ssdpsrv.dll 09:44:17.0967 4452 SSDPSRV - ok 09:44:17.0989 4452 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\windows\system32\sstpsvc.dll 09:44:18.0029 4452 SstpSvc - ok 09:44:18.0100 4452 Steam Client Service - ok 09:44:18.0154 4452 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys 09:44:18.0174 4452 stexstor - ok 09:44:18.0234 4452 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\windows\System32\wiaservc.dll 09:44:18.0294 4452 stisvc - ok 09:44:18.0364 4452 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\drivers\swenum.sys 09:44:18.0394 4452 swenum - ok 09:44:18.0484 4452 swprv (e08e46fdd841b7184194011ca1955a0b) C:\windows\System32\swprv.dll 09:44:18.0554 4452 swprv - ok 09:44:18.0644 4452 SynTP (b0c7d4dcf4800df2f2145b500d0161e8) C:\windows\system32\DRIVERS\SynTP.sys 09:44:18.0704 4452 SynTP - ok 09:44:18.0774 4452 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\windows\system32\sysmain.dll 09:44:18.0854 4452 SysMain - ok 09:44:18.0904 4452 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\windows\System32\TabSvc.dll 09:44:18.0924 4452 TabletInputService - ok 09:44:18.0984 4452 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\windows\System32\tapisrv.dll 09:44:19.0044 4452 TapiSrv - ok 09:44:19.0074 4452 TBS (1be03ac720f4d302ea01d40f588162f6) C:\windows\System32\tbssvc.dll 09:44:19.0114 4452 TBS - ok 09:44:19.0237 4452 Tcpip (fc62769e7bff2896035aeed399108162) C:\windows\system32\drivers\tcpip.sys 09:44:19.0316 4452 Tcpip - ok 09:44:19.0403 4452 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\windows\system32\DRIVERS\tcpip.sys 09:44:19.0446 4452 TCPIP6 - ok 09:44:19.0522 4452 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\windows\system32\drivers\tcpipreg.sys 09:44:19.0580 4452 tcpipreg - ok 09:44:19.0657 4452 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys 09:44:19.0692 4452 TDPIPE - ok 09:44:19.0816 4452 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\windows\system32\drivers\tdtcp.sys 09:44:19.0839 4452 TDTCP - ok 09:44:19.0919 4452 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\windows\system32\DRIVERS\tdx.sys 09:44:19.0971 4452 tdx - ok 09:44:20.0005 4452 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\windows\system32\drivers\termdd.sys 09:44:20.0021 4452 TermDD - ok 09:44:20.0075 4452 TermService (2e648163254233755035b46dd7b89123) C:\windows\System32\termsrv.dll 09:44:20.0140 4452 TermService - ok 09:44:20.0165 4452 Themes (f0344071948d1a1fa732231785a0664c) C:\windows\system32\themeservice.dll 09:44:20.0208 4452 Themes - ok 09:44:20.0244 4452 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\windows\system32\mmcss.dll 09:44:20.0282 4452 THREADORDER - ok 09:44:20.0297 4452 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\windows\System32\trkwks.dll 09:44:20.0351 4452 TrkWks - ok 09:44:20.0425 4452 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\windows\servicing\TrustedInstaller.exe 09:44:20.0498 4452 TrustedInstaller - ok 09:44:20.0597 4452 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\windows\system32\DRIVERS\tssecsrv.sys 09:44:20.0653 4452 tssecsrv - ok 09:44:20.0716 4452 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\windows\system32\drivers\tsusbflt.sys 09:44:20.0770 4452 TsUsbFlt - ok 09:44:20.0892 4452 tunnel (3566a8daafa27af944f5d705eaa64894) C:\windows\system32\DRIVERS\tunnel.sys 09:44:20.0971 4452 tunnel - ok 09:44:21.0010 4452 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys 09:44:21.0052 4452 uagp35 - ok 09:44:21.0110 4452 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\windows\system32\DRIVERS\udfs.sys 09:44:21.0162 4452 udfs - ok 09:44:21.0246 4452 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\windows\system32\UI0Detect.exe 09:44:21.0270 4452 UI0Detect - ok 09:44:21.0367 4452 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\drivers\uliagpkx.sys 09:44:21.0385 4452 uliagpkx - ok 09:44:21.0550 4452 umbus (dc54a574663a895c8763af0fa1ff7561) C:\windows\system32\drivers\umbus.sys 09:44:21.0583 4452 umbus - ok 09:44:21.0628 4452 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys 09:44:21.0656 4452 UmPass - ok 09:44:21.0787 4452 UNS (7e5e1603d0ff2d240ae70295c5c3fefc) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe 09:44:22.0008 4452 UNS - ok 09:44:22.0109 4452 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\windows\System32\upnphost.dll 09:44:22.0172 4452 upnphost - ok 09:44:22.0268 4452 usbbus (5fcc71487888589a9244af54cfefab29) C:\windows\system32\DRIVERS\lgx64bus.sys 09:44:22.0335 4452 usbbus - ok 09:44:22.0399 4452 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\windows\system32\DRIVERS\usbccgp.sys 09:44:22.0431 4452 usbccgp - ok 09:44:22.0516 4452 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\drivers\usbcir.sys 09:44:22.0537 4452 usbcir - ok 09:44:22.0601 4452 UsbDiag (3fb6e423f7567c92c32ea786f5fd0c69) C:\windows\system32\DRIVERS\lgx64diag.sys 09:44:22.0634 4452 UsbDiag - ok 09:44:22.0690 4452 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\windows\system32\drivers\usbehci.sys 09:44:22.0728 4452 usbehci - ok 09:44:22.0817 4452 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\windows\system32\DRIVERS\usbhub.sys 09:44:22.0856 4452 usbhub - ok 09:44:22.0939 4452 USBModem (78d551f5b93488b4666f5fc8dd4815f3) C:\windows\system32\DRIVERS\lgx64modem.sys 09:44:22.0954 4452 USBModem - ok 09:44:23.0006 4452 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\windows\system32\drivers\usbohci.sys 09:44:23.0041 4452 usbohci - ok 09:44:23.0099 4452 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys 09:44:23.0129 4452 usbprint - ok 09:44:23.0159 4452 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\windows\system32\DRIVERS\usbscan.sys 09:44:23.0189 4452 usbscan - ok 09:44:23.0289 4452 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\windows\system32\DRIVERS\USBSTOR.SYS 09:44:23.0359 4452 USBSTOR - ok 09:44:23.0429 4452 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\windows\system32\drivers\usbuhci.sys 09:44:23.0459 4452 usbuhci - ok 09:44:23.0569 4452 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\windows\System32\Drivers\usbvideo.sys 09:44:23.0589 4452 usbvideo - ok 09:44:23.0619 4452 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\windows\System32\uxsms.dll 09:44:23.0709 4452 UxSms - ok 09:44:23.0809 4452 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\windows\system32\lsass.exe 09:44:23.0829 4452 VaultSvc - ok 09:44:23.0929 4452 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\drivers\vdrvroot.sys 09:44:23.0939 4452 vdrvroot - ok 09:44:24.0009 4452 vds (8d6b481601d01a456e75c3210f1830be) C:\windows\System32\vds.exe 09:44:24.0061 4452 vds - ok 09:44:24.0091 4452 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys 09:44:24.0112 4452 vga - ok 09:44:24.0131 4452 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys 09:44:24.0173 4452 VgaSave - ok 09:44:24.0242 4452 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\windows\system32\drivers\vhdmp.sys 09:44:24.0262 4452 vhdmp - ok 09:44:24.0310 4452 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\drivers\viaide.sys 09:44:24.0324 4452 viaide - ok 09:44:24.0351 4452 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\windows\system32\drivers\volmgr.sys 09:44:24.0368 4452 volmgr - ok 09:44:24.0435 4452 volmgrx (a255814907c89be58b79ef2f189b843b) C:\windows\system32\drivers\volmgrx.sys 09:44:24.0458 4452 volmgrx - ok 09:44:24.0515 4452 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\windows\system32\drivers\volsnap.sys 09:44:24.0537 4452 volsnap - ok 09:44:24.0590 4452 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys 09:44:24.0608 4452 vsmraid - ok 09:44:24.0691 4452 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\windows\system32\vssvc.exe 09:44:24.0781 4452 VSS - ok 09:44:24.0823 4452 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys 09:44:24.0858 4452 vwifibus - ok 09:44:24.0925 4452 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys 09:44:24.0946 4452 vwififlt - ok 09:44:25.0010 4452 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\windows\system32\w32time.dll 09:44:25.0057 4452 W32Time - ok 09:44:25.0092 4452 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys 09:44:25.0128 4452 WacomPen - ok 09:44:25.0254 4452 WANARP (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys 09:44:25.0290 4452 WANARP - ok 09:44:25.0294 4452 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\windows\system32\DRIVERS\wanarp.sys 09:44:25.0329 4452 Wanarpv6 - ok 09:44:25.0424 4452 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\windows\system32\Wat\WatAdminSvc.exe 09:44:25.0683 4452 WatAdminSvc - ok 09:44:25.0802 4452 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\windows\system32\wbengine.exe 09:44:25.0963 4452 wbengine - ok 09:44:26.0063 4452 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\windows\System32\wbiosrvc.dll 09:44:26.0093 4452 WbioSrvc - ok 09:44:26.0181 4452 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\windows\System32\wcncsvc.dll 09:44:26.0221 4452 wcncsvc - ok 09:44:26.0271 4452 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\windows\System32\WcsPlugInService.dll 09:44:26.0371 4452 WcsPlugInService - ok 09:44:26.0521 4452 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys 09:44:26.0531 4452 Wd - ok 09:44:26.0581 4452 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys 09:44:26.0601 4452 Wdf01000 - ok 09:44:26.0651 4452 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll 09:44:26.0751 4452 WdiServiceHost - ok 09:44:26.0751 4452 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\windows\system32\wdi.dll 09:44:26.0781 4452 WdiSystemHost - ok 09:44:26.0851 4452 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\windows\System32\webclnt.dll 09:44:26.0891 4452 WebClient - ok 09:44:26.0991 4452 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\windows\system32\wecsvc.dll 09:44:27.0051 4452 Wecsvc - ok 09:44:27.0091 4452 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\windows\System32\wercplsupport.dll 09:44:27.0151 4452 wercplsupport - ok 09:44:27.0199 4452 WerSvc (6d137963730144698cbd10f202e9f251) C:\windows\System32\WerSvc.dll 09:44:27.0262 4452 WerSvc - ok 09:44:27.0309 4452 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys 09:44:27.0343 4452 WfpLwf - ok 09:44:27.0377 4452 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys 09:44:27.0392 4452 WIMMount - ok 09:44:27.0432 4452 WinDefend - ok 09:44:27.0530 4452 WinDriver6 (7922583c802203a54cdd47d9ecf028f2) C:\windows\system32\drivers\windrvr6.sys 09:44:27.0572 4452 WinDriver6 - ok 09:44:27.0574 4452 WinHttpAutoProxySvc - ok 09:44:27.0639 4452 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\windows\system32\wbem\WMIsvc.dll 09:44:27.0697 4452 Winmgmt - ok 09:44:27.0942 4452 WinRM (bcb1310604aa415c4508708975b3931e) C:\windows\system32\WsmSvc.dll 09:44:28.0058 4452 WinRM - ok 09:44:28.0177 4452 WinUsb (fe88b288356e7b47b74b13372add906d) C:\windows\system32\DRIVERS\WinUsb.sys 09:44:28.0212 4452 WinUsb - ok 09:44:28.0257 4452 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\windows\System32\wlansvc.dll 09:44:28.0321 4452 Wlansvc - ok 09:44:28.0402 4452 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe 09:44:28.0425 4452 wlcrasvc - ok 09:44:28.0523 4452 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 09:44:28.0671 4452 wlidsvc - ok 09:44:28.0791 4452 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\drivers\wmiacpi.sys 09:44:28.0819 4452 WmiAcpi - ok 09:44:28.0881 4452 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\windows\system32\wbem\WmiApSrv.exe 09:44:28.0917 4452 wmiApSrv - ok 09:44:28.0973 4452 WMPNetworkSvc - ok 09:44:29.0051 4452 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\windows\System32\wpcsvc.dll 09:44:29.0098 4452 WPCSvc - ok 09:44:29.0144 4452 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\windows\system32\wpdbusenum.dll 09:44:29.0193 4452 WPDBusEnum - ok 09:44:29.0241 4452 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys 09:44:29.0303 4452 ws2ifsl - ok 09:44:29.0342 4452 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\windows\System32\wscsvc.dll 09:44:29.0389 4452 wscsvc - ok 09:44:29.0398 4452 WSearch - ok 09:44:29.0467 4452 wsvd (83575c43b2bfe9ab0661a7f957e843c0) C:\windows\system32\DRIVERS\wsvd.sys 09:44:29.0484 4452 wsvd - ok 09:44:29.0571 4452 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\windows\system32\wuaueng.dll 09:44:29.0670 4452 wuauserv - ok 09:44:29.0736 4452 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\windows\system32\drivers\WudfPf.sys 09:44:29.0791 4452 WudfPf - ok 09:44:29.0867 4452 WUDFRd (cf8d590be3373029d57af80914190682) C:\windows\system32\DRIVERS\WUDFRd.sys 09:44:29.0923 4452 WUDFRd - ok 09:44:29.0986 4452 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\windows\System32\WUDFSvc.dll 09:44:30.0049 4452 wudfsvc - ok 09:44:30.0096 4452 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\windows\System32\wwansvc.dll 09:44:30.0154 4452 WwanSvc - ok 09:44:30.0265 4452 XilinxPC4Driver (0d7d5def542cf01ad9665f398a0d0c78) C:\windows\System32\drivers\xpc4drvr.sys 09:44:30.0284 4452 XilinxPC4Driver - ok 09:44:30.0374 4452 xusb21 (38f55d07b1d3391065c40ec065f984e2) C:\windows\system32\DRIVERS\xusb21.sys 09:44:30.0425 4452 xusb21 - ok 09:44:30.0458 4452 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 09:44:30.0625 4452 \Device\Harddisk0\DR0 - ok 09:44:30.0627 4452 Boot (0x1200) (34c891ed44f62270a22b5119730876b4) \Device\Harddisk0\DR0\Partition0 09:44:30.0629 4452 \Device\Harddisk0\DR0\Partition0 - ok 09:44:30.0665 4452 Boot (0x1200) (8bcc533718521799b23b6294394bfbd1) \Device\Harddisk0\DR0\Partition1 09:44:30.0668 4452 \Device\Harddisk0\DR0\Partition1 - ok 09:44:30.0698 4452 Boot (0x1200) (76c7d03d44b807bd4e87d6a6ab27f283) \Device\Harddisk0\DR0\Partition2 09:44:30.0700 4452 \Device\Harddisk0\DR0\Partition2 - ok 09:44:30.0701 4452 ============================================================ 09:44:30.0701 4452 Scan finished 09:44:30.0701 4452 ============================================================ 09:44:30.0709 3188 Detected object count: 0 09:44:30.0709 3188 Actual detected object count: 0

Oh and it is scanned with the purchased version of MalwareBytes if there's any difference between it and the free one.

I am having trouble catching this virus. It redirects my facebook to pricegrabber and MalwareBytes is constantly blocking something on chrome and bittorrent whenever I open those programs (it always pops up saying it's blocking something on google chrome). Scanned it my system multiple times with Microsoft Security Essentials, MalwareBytes, SpyDoctor and such. The internet started lagging since it started happening. Please help me fix this. The instructions for the dds.com program says to right click and run as administrator but it doesn't give me that option? Thanks in advance. Isaac. Attach.txt DDS.txt

Oh ya and the lag that wasn't there before this virus/malware is pretty bad. Internet became extremely slow.

I am having trouble catching this virus. It redirects my facebook to pricegrabber and MalwareBytes is constantly catching it trying to send information out (it always pops up saying it's blocking something on google chrome). Scanned it my system multiple times with Microsoft Security Essentials, MalwareBytes, SpyDoctor and such. Please help me fix this. Thank you in advance. Isaac.