Jump to content

Jordi291

Members
  • Posts

    9
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Thanks to MrC putting in the time and effort into helping me, i can finally use my pc knowing its safe. Thank you very much MrC!

  2. Thank you very much for helping me MrC, I really appreciate what you have done for me and i won't forget it! Hopefully I can keep my PC clean in the future.
  3. Pc seems to be running well, have had no problems so far today this is the log from the quick scan : Malwarebytes Anti-Malware (Trial) 1.61.0.1400 www.malwarebytes.org Database version: v2012.06.19.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Jordi :: JORDI-PC [administrator] Protection: Enabled 19/06/2012 22:58:46 mbam-log-2012-06-19 (22-58-46).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 263419 Time elapsed: 2 minute(s), 50 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  4. ComboFix 12-06-19.01 - Jordi 19/06/2012 15:54:48.2.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.6126.4539 [GMT 1:00] Running from: c:\users\Jordi\Desktop\ComboFix.exe Command switches used :: c:\users\Jordi\Desktop\CFScript.txt AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Jordi\AppData\Local\{4A4AA778-B5AC-11E1-8270-B8AC6F996F26} c:\users\Jordi\AppData\Local\{4A4AA778-B5AC-11E1-8270-B8AC6F996F26}\chrome.manifest c:\users\Jordi\AppData\Local\{4A4AA778-B5AC-11E1-8270-B8AC6F996F26}\install.rdf c:\users\Jordi\AppData\Local\gjsvwbem c:\users\Jordi\AppData\Local\gjsvwbem\opkihbnd.exe c:\users\Jordi\AppData\Roaming\Eryv c:\users\Jordi\AppData\Roaming\Esuvs c:\users\Jordi\AppData\Roaming\Esuvs\culuc.inq c:\users\Jordi\AppData\Roaming\Kaykxy . . ((((((((((((((((((((((((( Files Created from 2012-05-19 to 2012-06-19 ))))))))))))))))))))))))))))))) . . 2012-06-19 15:01 . 2012-06-19 15:01 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2012-06-19 15:01 . 2012-06-19 15:01 -------- d-----w- c:\users\UpdatusUser.Jordi-PC\AppData\Local\temp 2012-06-19 15:01 . 2012-06-19 15:01 -------- d-----w- c:\users\Tay\AppData\Local\temp 2012-06-19 15:01 . 2012-06-19 15:01 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-06-18 19:15 . 2012-06-18 19:15 -------- d-----w- c:\program files (x86)\ESET 2012-06-16 18:53 . 2012-06-16 18:53 -------- d-----w- c:\users\Jordi\AppData\Roaming\Malwarebytes 2012-06-16 18:53 . 2012-06-16 18:53 -------- d-----w- c:\programdata\Malwarebytes 2012-06-16 18:53 . 2012-06-16 18:53 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-06-16 18:53 . 2012-04-04 14:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-13 22:24 . 2012-06-13 22:24 -------- d-----w- c:\users\Jordi\AppData\Local\The Lord of the Rings Online 2012-06-13 22:17 . 2012-06-13 22:19 -------- d-----w- c:\users\Jordi\AppData\Local\Turbine 2012-06-13 22:17 . 2012-06-13 22:34 -------- d-----w- c:\users\Jordi\AppData\Local\ApplicationHistory 2012-06-13 22:15 . 2012-06-13 22:15 -------- d-----w- c:\windows\SysWow64\URTTEMP 2012-06-12 23:03 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll 2012-06-12 23:03 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-06-12 23:03 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-06-12 23:00 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll 2012-06-12 22:59 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-06-12 22:59 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-06-12 22:59 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-06-12 22:56 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys 2012-06-12 22:54 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-06-12 22:51 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll 2012-06-12 22:51 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll 2012-06-12 22:50 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2012-06-12 22:50 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll 2012-06-12 22:50 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll 2012-06-12 22:50 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2012-06-12 22:50 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll 2012-06-12 22:50 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2012-06-12 22:23 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8AEDCEAC-A3CF-4C7C-8D2D-1EE2C3BA9822}\mpengine.dll 2012-06-10 15:47 . 2012-06-10 15:47 -------- d-----w- c:\windows\Sun 2012-06-09 01:32 . 2012-06-09 01:32 -------- d-----w- c:\programdata\Premium 2012-06-09 01:32 . 2012-06-10 20:59 -------- d-----w- c:\programdata\GboxUpdater 2012-06-09 01:31 . 2012-06-10 20:59 -------- d-----w- c:\programdata\OptimizerPro 2012-06-09 01:31 . 2012-06-09 01:44 -------- d-----w- c:\program files (x86)\Optimizer Pro 2012-06-09 01:31 . 2012-06-09 01:32 -------- d-----w- c:\programdata\InstallMate 2012-06-09 01:01 . 2012-06-09 01:01 -------- d-----w- c:\program files (x86)\thechineseroom 2012-06-06 17:17 . 2012-06-06 17:18 -------- d---a-w- C:\GMD-TMP 2012-06-06 17:10 . 2012-06-06 17:28 -------- d-----w- c:\program files\Valve 2012-05-29 21:30 . 2012-06-19 13:43 -------- d-----r- c:\users\Jordi\Dropbox 2012-05-29 16:30 . 2012-05-30 22:46 -------- d-----w- c:\users\Jordi\AppData\Roaming\Apple Computer 2012-05-29 16:30 . 2012-05-29 16:30 -------- d-----w- c:\users\Jordi\AppData\Local\Apple Computer 2012-05-29 16:30 . 2012-05-29 16:30 -------- dc----w- c:\windows\system32\DRVSTORE 2012-05-29 16:30 . 2009-05-18 12:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2012-05-29 16:30 . 2008-04-17 11:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll 2012-05-29 16:30 . 2008-04-17 11:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll 2012-05-29 16:29 . 2012-05-29 16:30 -------- d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001} 2012-05-29 16:29 . 2012-05-29 16:30 -------- d-----w- c:\program files\iTunes 2012-05-29 16:29 . 2012-05-29 16:29 -------- d-----w- c:\program files (x86)\iTunes 2012-05-29 16:29 . 2012-05-29 16:29 -------- d-----w- c:\programdata\Apple Computer 2012-05-29 16:29 . 2012-05-29 16:29 -------- d-----w- c:\program files\iPod 2012-05-29 16:29 . 2012-05-29 16:29 -------- d-----w- c:\users\Jordi\AppData\Local\Apple 2012-05-29 16:29 . 2012-05-29 16:29 -------- d-----w- c:\program files (x86)\Apple Software Update 2012-05-29 16:28 . 2012-05-29 16:28 -------- d-----w- c:\program files\Common Files\Apple 2012-05-29 16:28 . 2012-05-29 16:28 -------- d-----w- c:\program files\Bonjour 2012-05-29 16:28 . 2012-05-29 16:28 -------- d-----w- c:\program files (x86)\Bonjour 2012-05-29 16:28 . 2012-05-29 16:29 -------- d-----w- c:\program files (x86)\Common Files\Apple 2012-05-29 16:28 . 2012-05-29 16:29 -------- d-----w- c:\programdata\Apple 2012-05-23 15:05 . 2012-05-23 15:05 -------- d-----w- c:\users\Jordi\AppData\Local\SniperV2 2012-05-23 13:50 . 2012-05-23 13:50 -------- d-----w- c:\program files (x86)\Rebellion . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-05-25 00:16 . 2012-01-07 04:10 103736 ----a-w- c:\windows\SysWow64\PnkBstrB.exe 2012-05-25 00:16 . 2012-01-07 04:09 66872 ----a-w- c:\windows\SysWow64\PnkBstrA.exe 2012-05-25 00:16 . 2012-01-08 00:58 669184 ----a-w- c:\windows\SysWow64\pbsvc.exe 2012-05-06 21:29 . 2012-01-07 04:09 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr 2012-05-06 21:28 . 2012-01-07 04:10 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0 2012-05-05 15:35 . 2012-05-03 21:08 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-05-05 15:35 . 2012-01-02 20:30 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-05-05 15:35 . 2012-05-03 21:35 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2012-05-03 18:40 . 2012-05-03 18:40 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys 2012-04-10 21:36 . 2012-04-10 21:36 685338 ----a-w- c:\program files (x86)\unins000.exe 2012-03-30 11:35 . 2012-05-11 23:48 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys . . ((((((((((((((((((((((((((((( SnapShot@2012-06-19_12.54.44 ))))))))))))))))))))))))))))))))))))))))) . - 2009-07-14 04:54 . 2012-06-19 08:16 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:54 . 2012-06-19 15:01 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-07-14 04:54 . 2012-06-19 08:16 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2012-06-19 15:01 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2012-06-19 08:16 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2012-06-19 15:01 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-11-21 03:09 . 2012-06-19 13:22 53412 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-06-19 13:22 36274 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2012-01-06 21:53 . 2012-06-19 13:22 12086 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-627470774-947398072-1727455304-1000_UserData.bin - 2012-01-06 21:56 . 2012-06-19 10:38 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2012-01-06 21:56 . 2012-06-19 15:02 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2012-01-06 21:56 . 2012-06-19 15:02 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2012-01-06 21:56 . 2012-06-19 10:38 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2012-06-19 15:02 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:54 . 2012-06-19 10:38 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2012-06-19 15:01 . 2012-06-19 15:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-06-19 12:53 . 2012-06-19 12:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-06-19 15:01 . 2012-06-19 15:01 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2012-06-19 12:53 . 2012-06-19 12:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2009-07-14 02:36 . 2012-06-19 08:20 673234 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2012-06-19 15:06 673234 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2012-06-19 15:06 129228 c:\windows\system32\perfc009.dat - 2009-07-14 02:36 . 2012-06-19 08:20 129228 c:\windows\system32\perfc009.dat - 2012-01-10 03:17 . 2012-06-19 06:50 370288 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat + 2012-01-10 03:17 . 2012-06-19 15:01 370288 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat - 2009-07-14 05:01 . 2012-06-19 12:53 268268 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2012-06-19 15:01 268268 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2012-01-07 05:45 . 2012-06-19 15:01 10135520 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-627470774-947398072-1727455304-1000-8192.dat - 2012-01-07 05:45 . 2012-06-19 12:53 10135520 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-627470774-947398072-1727455304-1000-8192.dat + 2012-01-07 05:45 . 2012-06-19 15:01 37040377 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-627470774-947398072-1727455304-1000-4096.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 94208 ----a-w- c:\users\Jordi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 94208 ----a-w- c:\users\Jordi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 94208 ----a-w- c:\users\Jordi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BitComet"="c:\program files\BitComet\BitComet.exe" [2011-12-12 19875120] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-21 1675160] "BambooCore"="c:\program files (x86)\Bamboo Dock\BambooCore.exe" [2011-09-27 646232] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] . c:\users\Jordi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Jordi\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-03 136176] R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696] R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files\BitComet\tools\BitCometService.exe [2010-12-28 1296728] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-03 136176] R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [2011-03-08 224704] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-21 129976] R3 netr7364;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr7364.sys [x] R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656] R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys [x] R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys [x] R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] R3 VLAN;Realtek Virtual Miniport Driver for VLAN (NDIS 6.2);c:\windows\system32\DRIVERS\RtVLAN60.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-27 249936] S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x] S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AlienFusionService;Alienware Fusion Service;c:\program files\Alienware\Command Center\AlienFusionService.exe [2011-05-02 15296] S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-13 13336] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408] S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936] S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-27 249936] S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352] S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [x] S2 SftService;SoftThinks Agent Service;c:\program files (x86)\AlienRespawn\sftservice.EXE [2011-09-22 1692480] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272] S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2011-09-08 6583160] S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2011-09-08 528760] S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408] S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x] S3 netr28ux;Belkin USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28ux.sys [x] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] . . --- Other Services/Drivers In Memory --- . *Deregistered* - mfeavfk01 . Contents of the 'Scheduled Tasks' folder . 2012-06-19 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-03 15:35] . 2012-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-03 18:42] . 2012-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-03 18:42] . 2012-06-19 c:\windows\Tasks\HP Photo Creations Messager.job - c:\programdata\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11] . 2012-05-24 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job - c:\program files\AlienAutopsy\uaclauncher.exe [2011-03-22 17:20] . 2012-06-19 c:\windows\Tasks\SystemToolsDailyTest.job - c:\program files\AlienAutopsy\pcdrcui.exe [2011-03-22 17:20] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 97792 ----a-w- c:\users\Jordi\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 97792 ----a-w- c:\users\Jordi\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 97792 ----a-w- c:\users\Jordi\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 97792 ----a-w- c:\users\Jordi\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.co.uk/ mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm TCP: DhcpNameServer = 194.168.4.100 194.168.8.100 FF - ProfilePath - c:\users\Jordi\AppData\Roaming\Mozilla\Firefox\Profiles\dcv15hde.default\ FF - prefs.js: browser.search.defaulturl - FF - prefs.js: browser.search.selectedEngine - Blekko FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: network.proxy.type - 0 FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-627470774-947398072-1727455304-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:db,79,f6,18,7d,59,a9,ea,c7,ad,9f,2c,6d,2b,d8,ac,a6,3d,81,27,32,90,94, b1,8c,d6,bb,ed,a8,21,fd,98,fc,10,33,fd,c6,de,8f,ba,d1,95,25,f5,12,a0,03,d9,\ "??"=hex:ea,1a,32,20,24,5b,df,0a,d5,3e,96,03,d3,cf,87,89 . [HKEY_USERS\S-1-5-21-627470774-947398072-1727455304-1000\Software\SecuROM\License information*] "datasecu"=hex:07,fa,08,59,60,b2,fd,e7,05,98,cb,c1,20,0c,46,cb,42,c8,12,ad,84, 1a,97,4f,98,30,cc,ed,8a,76,45,7e,e8,e7,d6,62,19,22,c1,6e,dc,c5,f4,2b,c0,1c,\ "rkeysecu"=hex:72,91,60,a0,4c,b1,32,d2,00,fa,6a,2c,22,3e,e5,2c . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\windows\SysWOW64\PnkBstrA.exe c:\program files (x86)\AlienRespawn\TOASTER.EXE c:\program files (x86)\AlienRespawn\COMPONENTS\SCHEDULER\STSERVICE.EXE c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe c:\program files\Alienware\Command Center\AlienFusionController.exe c:\program files (x86)\Common Files\Java\Java Update\jusched.exe . ************************************************************************** . Completion time: 2012-06-19 16:20:50 - machine was rebooted ComboFix-quarantined-files.txt 2012-06-19 15:20 ComboFix2.txt 2012-06-19 12:59 . Pre-Run: 588,624,179,200 bytes free Post-Run: 588,539,342,848 bytes free . - - End Of File - - 01CA7BEE89A583B1898057A868CB729A Followed the instructions and this is the log.
  5. Okay, my Mcafee seems to be working now, and isn't turned off. Malwarebytes is running smoothly with no problems. No fake 'cannot find website' when going on anti-malware websites. Heres the log MrC, ComboFix 12-06-19.01 - Jordi 19/06/2012 13:45:42.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.6126.4424 [GMT 1:00] Running from: c:\users\Jordi\Desktop\ComboFix.exe AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Jordi\AppData\Local\cglecpep.log c:\users\Jordi\AppData\Local\eccboois.log c:\users\Jordi\AppData\Local\inuqtxiq.log c:\users\Jordi\AppData\Local\pqkywbuv.log c:\users\Jordi\AppData\Local\qhrneaay.log c:\users\Jordi\AppData\Local\rdvebbqm.log c:\users\Jordi\AppData\Local\uafxksmt.log c:\users\Jordi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\opkihbnd.exe c:\users\Jordi\AppData\Roaming\wimolp.dll . . ((((((((((((((((((((((((( Files Created from 2012-05-19 to 2012-06-19 ))))))))))))))))))))))))))))))) . . 2012-06-19 12:52 . 2012-06-19 12:52 -------- d-----w- c:\users\UpdatusUser.Jordi-PC\AppData\Local\temp 2012-06-19 12:52 . 2012-06-19 12:52 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-06-18 19:15 . 2012-06-18 19:15 -------- d-----w- c:\program files (x86)\ESET 2012-06-16 18:53 . 2012-06-16 18:53 -------- d-----w- c:\users\Jordi\AppData\Roaming\Malwarebytes 2012-06-16 18:53 . 2012-06-16 18:53 -------- d-----w- c:\programdata\Malwarebytes 2012-06-16 18:53 . 2012-06-16 18:53 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-06-16 18:53 . 2012-04-04 14:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-13 23:20 . 2012-06-16 18:34 -------- d-----w- c:\users\Jordi\AppData\Roaming\Eryv 2012-06-13 23:20 . 2012-06-16 14:44 -------- d-----w- c:\users\Jordi\AppData\Roaming\Kaykxy 2012-06-13 23:20 . 2012-06-13 23:20 -------- d-----w- c:\users\Jordi\AppData\Roaming\Esuvs 2012-06-13 23:05 . 2012-06-13 23:05 -------- d-----w- c:\users\Jordi\AppData\Local\{4A4AA778-B5AC-11E1-8270-B8AC6F996F26} 2012-06-13 22:24 . 2012-06-13 22:24 -------- d-----w- c:\users\Jordi\AppData\Local\The Lord of the Rings Online 2012-06-13 22:17 . 2012-06-13 22:19 -------- d-----w- c:\users\Jordi\AppData\Local\Turbine 2012-06-13 22:17 . 2012-06-13 22:34 -------- d-----w- c:\users\Jordi\AppData\Local\ApplicationHistory 2012-06-13 22:15 . 2012-06-13 22:15 -------- d-----w- c:\windows\SysWow64\URTTEMP 2012-06-13 00:12 . 2012-06-19 08:17 -------- d-----w- c:\users\Jordi\AppData\Local\gjsvwbem 2012-06-12 23:03 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll 2012-06-12 23:03 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-06-12 23:03 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-06-12 23:00 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll 2012-06-12 22:59 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-06-12 22:59 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-06-12 22:59 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-06-12 22:56 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys 2012-06-12 22:54 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-06-12 22:51 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll 2012-06-12 22:51 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll 2012-06-12 22:50 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2012-06-12 22:50 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll 2012-06-12 22:50 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll 2012-06-12 22:50 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2012-06-12 22:50 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll 2012-06-12 22:50 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2012-06-12 22:23 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8AEDCEAC-A3CF-4C7C-8D2D-1EE2C3BA9822}\mpengine.dll 2012-06-10 15:47 . 2012-06-10 15:47 -------- d-----w- c:\windows\Sun 2012-06-09 01:32 . 2012-06-09 01:32 -------- d-----w- c:\programdata\Premium 2012-06-09 01:32 . 2012-06-10 20:59 -------- d-----w- c:\programdata\GboxUpdater 2012-06-09 01:31 . 2012-06-10 20:59 -------- d-----w- c:\programdata\OptimizerPro 2012-06-09 01:31 . 2012-06-09 01:44 -------- d-----w- c:\program files (x86)\Optimizer Pro 2012-06-09 01:31 . 2012-06-09 01:32 -------- d-----w- c:\programdata\InstallMate 2012-06-09 01:01 . 2012-06-09 01:01 -------- d-----w- c:\program files (x86)\thechineseroom 2012-06-06 17:17 . 2012-06-06 17:18 -------- d---a-w- C:\GMD-TMP 2012-06-06 17:10 . 2012-06-06 17:28 -------- d-----w- c:\program files\Valve 2012-05-29 21:30 . 2012-06-19 08:17 -------- d-----r- c:\users\Jordi\Dropbox 2012-05-29 16:30 . 2012-05-30 22:46 -------- d-----w- c:\users\Jordi\AppData\Roaming\Apple Computer 2012-05-29 16:30 . 2012-05-29 16:30 -------- d-----w- c:\users\Jordi\AppData\Local\Apple Computer 2012-05-29 16:30 . 2012-05-29 16:30 -------- dc----w- c:\windows\system32\DRVSTORE 2012-05-29 16:30 . 2009-05-18 12:17 34152 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2012-05-29 16:30 . 2008-04-17 11:12 126312 ----a-w- c:\windows\system32\GEARAspi64.dll 2012-05-29 16:30 . 2008-04-17 11:12 107368 ----a-w- c:\windows\SysWow64\GEARAspi.dll 2012-05-29 16:29 . 2012-05-29 16:30 -------- d-----w- c:\programdata\{93E26451-CD9A-43A5-A2FA-C42392EA4001} 2012-05-29 16:29 . 2012-05-29 16:30 -------- d-----w- c:\program files\iTunes 2012-05-29 16:29 . 2012-05-29 16:29 -------- d-----w- c:\program files (x86)\iTunes 2012-05-29 16:29 . 2012-05-29 16:29 -------- d-----w- c:\programdata\Apple Computer 2012-05-29 16:29 . 2012-05-29 16:29 -------- d-----w- c:\program files\iPod 2012-05-29 16:29 . 2012-05-29 16:29 -------- d-----w- c:\users\Jordi\AppData\Local\Apple 2012-05-29 16:29 . 2012-05-29 16:29 -------- d-----w- c:\program files (x86)\Apple Software Update 2012-05-29 16:28 . 2012-05-29 16:28 -------- d-----w- c:\program files\Common Files\Apple 2012-05-29 16:28 . 2012-05-29 16:28 -------- d-----w- c:\program files\Bonjour 2012-05-29 16:28 . 2012-05-29 16:28 -------- d-----w- c:\program files (x86)\Bonjour 2012-05-29 16:28 . 2012-05-29 16:29 -------- d-----w- c:\program files (x86)\Common Files\Apple 2012-05-29 16:28 . 2012-05-29 16:29 -------- d-----w- c:\programdata\Apple 2012-05-23 15:05 . 2012-05-23 15:05 -------- d-----w- c:\users\Jordi\AppData\Local\SniperV2 2012-05-23 13:50 . 2012-05-23 13:50 -------- d-----w- c:\program files (x86)\Rebellion . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-05-25 00:16 . 2012-01-07 04:10 103736 ----a-w- c:\windows\SysWow64\PnkBstrB.exe 2012-05-25 00:16 . 2012-01-07 04:09 66872 ----a-w- c:\windows\SysWow64\PnkBstrA.exe 2012-05-25 00:16 . 2012-01-08 00:58 669184 ----a-w- c:\windows\SysWow64\pbsvc.exe 2012-05-06 21:29 . 2012-01-07 04:09 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr 2012-05-06 21:28 . 2012-01-07 04:10 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0 2012-05-05 15:35 . 2012-05-03 21:08 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-05-05 15:35 . 2012-01-02 20:30 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-05-05 15:35 . 2012-05-03 21:35 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2012-05-03 18:40 . 2012-05-03 18:40 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys 2012-04-10 21:36 . 2012-04-10 21:36 685338 ----a-w- c:\program files (x86)\unins000.exe 2012-03-30 11:35 . 2012-05-11 23:48 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 94208 ----a-w- c:\users\Jordi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 94208 ----a-w- c:\users\Jordi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 94208 ----a-w- c:\users\Jordi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "BitComet"="c:\program files\BitComet\BitComet.exe" [2011-12-12 19875120] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-21 1675160] "BambooCore"="c:\program files (x86)\Bamboo Dock\BambooCore.exe" [2011-09-27 646232] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] . c:\users\Jordi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Jordi\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R2 AlienFusionService;Alienware Fusion Service;c:\program files\Alienware\Command Center\AlienFusionService.exe [2011-05-02 15296] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-03 136176] R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696] R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 240408] R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files\BitComet\tools\BitCometService.exe [2010-12-28 1296728] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-03 136176] R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe [2011-03-08 224704] R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-21 129976] R3 netr7364;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr7364.sys [x] R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656] R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys [x] R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys [x] R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x] R3 VLAN;Realtek Virtual Miniport Driver for VLAN (NDIS 6.2);c:\windows\system32\DRIVERS\RtVLAN60.sys [x] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-27 249936] S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x] S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-13 13336] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408] S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936] S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-27 249936] S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584] S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352] S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [x] S2 SftService;SoftThinks Agent Service;c:\program files (x86)\AlienRespawn\sftservice.EXE [2011-09-22 1692480] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272] S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2011-09-08 6583160] S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2011-09-08 528760] S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x] S3 netr28ux;Belkin USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28ux.sys [x] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL *Deregistered* - mfeavfk01 . Contents of the 'Scheduled Tasks' folder . 2012-06-19 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-03 15:35] . 2012-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-03 18:42] . 2012-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-03 18:42] . 2012-06-19 c:\windows\Tasks\HP Photo Creations Messager.job - c:\programdata\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11] . 2012-05-24 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job - c:\program files\AlienAutopsy\uaclauncher.exe [2011-03-22 17:20] . 2012-06-18 c:\windows\Tasks\SystemToolsDailyTest.job - c:\program files\AlienAutopsy\pcdrcui.exe [2011-03-22 17:20] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 97792 ----a-w- c:\users\Jordi\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 97792 ----a-w- c:\users\Jordi\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 97792 ----a-w- c:\users\Jordi\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-15 00:32 97792 ----a-w- c:\users\Jordi\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.co.uk/ mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm TCP: DhcpNameServer = 194.168.4.100 194.168.8.100 FF - ProfilePath - c:\users\Jordi\AppData\Roaming\Mozilla\Firefox\Profiles\dcv15hde.default\ FF - prefs.js: browser.search.defaulturl - FF - prefs.js: browser.search.selectedEngine - Blekko FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: network.proxy.type - 0 FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Toolbar-Locked - (no file) HKLM-Run-(Default) - (no file) AddRemove-ESN Sonar-0.70.4 - c:\program files (x86)\Battlelog Web Plugins\Sonar\esnsonar_uninstall.exe AddRemove-Native Instruments Massive v1.0.1.008 VSTi DXi RTAS - c:\progra~2\NATIVE~1\Massive\UNWISE.EXE AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe AddRemove-Saint Row_is1 - c:\program files (x86)\Saint Row\unins000.exe AddRemove-{84D04D4F-2201-4AED-BE9A-FFA62069CA19}_is1 - c:\program files (x86)\reFX\Nexus\Uninstall\unins000.exe AddRemove-{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B} - c:\program files (x86)\InstallShield Installation Information\{F0A209B7-7F85-4BDD-8F1F-B98EEAD9E04B}\setup.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-627470774-947398072-1727455304-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:db,79,f6,18,7d,59,a9,ea,c7,ad,9f,2c,6d,2b,d8,ac,a6,3d,81,27,32,90,94, b1,8c,d6,bb,ed,a8,21,fd,98,fc,10,33,fd,c6,de,8f,ba,d1,95,25,f5,12,a0,03,d9,\ "??"=hex:ea,1a,32,20,24,5b,df,0a,d5,3e,96,03,d3,cf,87,89 . [HKEY_USERS\S-1-5-21-627470774-947398072-1727455304-1000\Software\SecuROM\License information*] "datasecu"=hex:07,fa,08,59,60,b2,fd,e7,05,98,cb,c1,20,0c,46,cb,42,c8,12,ad,84, 1a,97,4f,98,30,cc,ed,8a,76,45,7e,e8,e7,d6,62,19,22,c1,6e,dc,c5,f4,2b,c0,1c,\ "rkeysecu"=hex:72,91,60,a0,4c,b1,32,d2,00,fa,6a,2c,22,3e,e5,2c . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\windows\SysWOW64\PnkBstrA.exe c:\program files (x86)\AlienRespawn\TOASTER.EXE c:\program files (x86)\AlienRespawn\COMPONENTS\SCHEDULER\STSERVICE.EXE c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe c:\program files (x86)\Common Files\Java\Java Update\jusched.exe . ************************************************************************** . Completion time: 2012-06-19 13:59:16 - machine was rebooted ComboFix-quarantined-files.txt 2012-06-19 12:59 . Pre-Run: 587,119,546,368 bytes free Post-Run: 587,886,063,616 bytes free . - - End Of File - - C93A96309B06A3C688E02DE2EA65E8F4
  6. The TDSS Killer got the same results as before, 447 objects processed, 0 threats found, could this be any sort of good news?
  7. This is the malwarebytes results: Malwarebytes Anti-Malware (Trial) 1.61.0.1400 www.malwarebytes.org Database version: v2012.06.18.09 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Jordi :: JORDI-PC [administrator] Protection: Enabled 19/06/2012 00:06:48 mbam-log-2012-06-19 (00-06-48).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 547943 Time elapsed: 2 hour(s), 3 minute(s), 45 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\ProgramData\Bcool\bhoclass.dll (PUP.DownloadnSave) -> Quarantined and deleted successfully. (end) after the scan it told me to restart my pc for it to take full effect, i did so and i can tell that im not really cured, because malwarebytes and mcaffee would not start up, so i re-ran RougeKiller and got this : RogueKiller V7.5.4 [06/07/2012] by Tigzy mail: tigzyRKgmailcom Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User: Jordi [Admin rights] Mode: Remove -- Date: 06/19/2012 09:39:04 ¤¤¤ Bad processes: 2 ¤¤¤ [sVCHOST] svchost.exe -- C:\Windows\SysWOW64\svchost.exe -> KILLED [TermProc] [sVCHOST] svchost.exe -- C:\Windows\SysWOW64\svchost.exe -> KILLED [TermProc] ¤¤¤ Registry Entries: 4 ¤¤¤ [sUSP PATH] HKCU\[...]\Run : OpkIhbnd (C:\Users\Jordi\AppData\Local\gjsvwbem\opkihbnd.exe) -> DELETED [HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1) [HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) [HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ 127.0.0.1 localhost 127.0.0.1 activate.adobe.com 127.0.0.1 3dns-3.adobe.com 127.0.0.1 adobe-dns-2.adobe.com 127.0.0.1 adobe-dns-3.adobe.com 127.0.0.1 ereg.wip3.adobe.com 127.0.0.1 activate-sea.adobe.com 127.0.0.1 wip3.adobe.com 127.0.0.1 wwis-dubc1-vip60.adobe.com 127.0.0.1 activate-sjc0.adobe.com 127.0.0.1 practivate.adobe.com 127.0.0.1 ereg.adobe.com 127.0.0.1 activate.wip3.adobe.com 127.0.0.1 3dns-2.adobe.com 127.0.0.1 adobe-dns.adobe.com ::1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST31000524AS +++++ --- User --- [MBR] b931c9a9377dceb4b4e2b433006db7df [bSP] f91ad37179ea1cb3eb01eeb9d8297504 : Windows Vista MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 10466 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 21516288 | Size: 943362 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : > RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt I can use malwarebytes and mcaffee again at the moment, but im not sure whether i might always have to use Rouge Killer to use them, I have also noticed that my Mcaffee firewall wont turn on, should i be worried about this? Thanks again Mr C, i really hope we can get my pc working properly again.
  8. This is what i got from TDSS, 23:50:17.0497 3288 TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31 23:50:17.0504 3288 ============================================================ 23:50:17.0504 3288 Current date / time: 2012/06/18 23:50:17.0504 23:50:17.0504 3288 SystemInfo: 23:50:17.0504 3288 23:50:17.0504 3288 OS Version: 6.1.7601 ServicePack: 1.0 23:50:17.0504 3288 Product type: Workstation 23:50:17.0505 3288 ComputerName: JORDI-PC 23:50:17.0505 3288 UserName: Jordi 23:50:17.0505 3288 Windows directory: C:\Windows 23:50:17.0505 3288 System windows directory: C:\Windows 23:50:17.0505 3288 Running under WOW64 23:50:17.0505 3288 Processor architecture: Intel x64 23:50:17.0505 3288 Number of processors: 4 23:50:17.0505 3288 Page size: 0x1000 23:50:17.0505 3288 Boot type: Normal boot 23:50:17.0505 3288 ============================================================ 23:50:17.0863 3288 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 23:50:17.0865 3288 ============================================================ 23:50:17.0865 3288 \Device\Harddisk0\DR0: 23:50:17.0866 3288 MBR partitions: 23:50:17.0866 3288 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1471000 23:50:17.0866 3288 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1485000, BlocksNum 0x73281000 23:50:17.0866 3288 ============================================================ 23:50:17.0899 3288 C: \Device\Harddisk0\DR0\Partition1 23:50:17.0899 3288 ============================================================ 23:50:17.0899 3288 Initialize success 23:50:17.0899 3288 ============================================================ 23:53:32.0625 6308 ============================================================ 23:53:32.0625 6308 Scan started 23:53:32.0625 6308 Mode: Manual; SigCheck; TDLFS; 23:53:32.0625 6308 ============================================================ 23:53:33.0788 6308 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\DRIVERS\1394ohci.sys 23:53:33.0891 6308 1394ohci - ok 23:53:33.0924 6308 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 23:53:33.0936 6308 ACPI - ok 23:53:33.0951 6308 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 23:53:34.0029 6308 AcpiPmi - ok 23:53:34.0128 6308 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 23:53:34.0138 6308 AdobeFlashPlayerUpdateSvc - ok 23:53:34.0163 6308 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys 23:53:34.0181 6308 adp94xx - ok 23:53:34.0216 6308 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys 23:53:34.0232 6308 adpahci - ok 23:53:34.0262 6308 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys 23:53:34.0274 6308 adpu320 - ok 23:53:34.0295 6308 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll 23:53:34.0365 6308 AeLookupSvc - ok 23:53:34.0424 6308 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys 23:53:34.0496 6308 AFD - ok 23:53:34.0512 6308 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 23:53:34.0522 6308 agp440 - ok 23:53:34.0536 6308 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe 23:53:34.0581 6308 ALG - ok 23:53:34.0665 6308 AlienFusionService (976d409a347340c907cd854fb9a9b252) C:\Program Files\Alienware\Command Center\AlienFusionService.exe 23:53:34.0673 6308 AlienFusionService - ok 23:53:34.0683 6308 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 23:53:34.0693 6308 aliide - ok 23:53:34.0703 6308 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 23:53:34.0711 6308 amdide - ok 23:53:34.0724 6308 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys 23:53:34.0746 6308 AmdK8 - ok 23:53:34.0751 6308 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys 23:53:34.0778 6308 AmdPPM - ok 23:53:34.0824 6308 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys 23:53:34.0861 6308 amdsata - ok 23:53:34.0887 6308 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys 23:53:34.0900 6308 amdsbs - ok 23:53:34.0908 6308 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys 23:53:34.0916 6308 amdxata - ok 23:53:34.0980 6308 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 23:53:35.0112 6308 AppID - ok 23:53:35.0159 6308 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll 23:53:35.0204 6308 AppIDSvc - ok 23:53:35.0226 6308 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll 23:53:35.0286 6308 Appinfo - ok 23:53:35.0381 6308 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 23:53:35.0388 6308 Apple Mobile Device - ok 23:53:35.0407 6308 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys 23:53:35.0417 6308 arc - ok 23:53:35.0425 6308 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys 23:53:35.0437 6308 arcsas - ok 23:53:35.0492 6308 aspnet_state - ok 23:53:35.0510 6308 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 23:53:35.0569 6308 AsyncMac - ok 23:53:35.0620 6308 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 23:53:35.0629 6308 atapi - ok 23:53:35.0664 6308 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 23:53:35.0709 6308 AudioEndpointBuilder - ok 23:53:35.0713 6308 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 23:53:35.0742 6308 AudioSrv - ok 23:53:35.0753 6308 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll 23:53:35.0877 6308 AxInstSV - ok 23:53:35.0909 6308 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys 23:53:35.0946 6308 b06bdrv - ok 23:53:35.0985 6308 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 23:53:36.0016 6308 b57nd60a - ok 23:53:36.0120 6308 BBSvc (a2494901e7226b356b8c1005c45f1c5f) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe 23:53:36.0130 6308 BBSvc - ok 23:53:36.0158 6308 BBUpdate (63b1cbbae4790b5bac98f01bf9449722) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe 23:53:36.0168 6308 BBUpdate - ok 23:53:36.0180 6308 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll 23:53:36.0215 6308 BDESVC - ok 23:53:36.0222 6308 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 23:53:36.0275 6308 Beep - ok 23:53:36.0358 6308 BITCOMET_HELPER_SERVICE - ok 23:53:36.0396 6308 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll 23:53:36.0451 6308 BITS - ok 23:53:36.0470 6308 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 23:53:36.0485 6308 blbdrive - ok 23:53:36.0555 6308 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe 23:53:36.0567 6308 Bonjour Service - ok 23:53:36.0618 6308 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 23:53:36.0657 6308 bowser - ok 23:53:36.0667 6308 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys 23:53:36.0696 6308 BrFiltLo - ok 23:53:36.0709 6308 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys 23:53:36.0725 6308 BrFiltUp - ok 23:53:36.0745 6308 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll 23:53:36.0779 6308 Browser - ok 23:53:36.0793 6308 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 23:53:36.0827 6308 Brserid - ok 23:53:36.0843 6308 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 23:53:36.0866 6308 BrSerWdm - ok 23:53:36.0874 6308 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 23:53:36.0889 6308 BrUsbMdm - ok 23:53:36.0900 6308 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 23:53:36.0913 6308 BrUsbSer - ok 23:53:36.0930 6308 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys 23:53:36.0951 6308 BTHMODEM - ok 23:53:36.0970 6308 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll 23:53:37.0018 6308 bthserv - ok 23:53:37.0061 6308 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 23:53:37.0098 6308 cdfs - ok 23:53:37.0159 6308 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys 23:53:37.0208 6308 cdrom - ok 23:53:37.0232 6308 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 23:53:37.0291 6308 CertPropSvc - ok 23:53:37.0336 6308 cfwids (274ce03459896006f7a5069266e0469e) C:\Windows\system32\drivers\cfwids.sys 23:53:37.0375 6308 cfwids - ok 23:53:37.0414 6308 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys 23:53:37.0429 6308 circlass - ok 23:53:37.0450 6308 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 23:53:37.0462 6308 CLFS - ok 23:53:37.0530 6308 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 23:53:37.0539 6308 clr_optimization_v2.0.50727_32 - ok 23:53:37.0607 6308 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 23:53:37.0617 6308 clr_optimization_v2.0.50727_64 - ok 23:53:37.0657 6308 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 23:53:37.0666 6308 clr_optimization_v4.0.30319_32 - ok 23:53:37.0685 6308 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 23:53:37.0693 6308 clr_optimization_v4.0.30319_64 - ok 23:53:37.0719 6308 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys 23:53:37.0733 6308 CmBatt - ok 23:53:37.0736 6308 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 23:53:37.0745 6308 cmdide - ok 23:53:37.0797 6308 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys 23:53:37.0815 6308 CNG - ok 23:53:37.0842 6308 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys 23:53:37.0852 6308 Compbatt - ok 23:53:37.0875 6308 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys 23:53:37.0931 6308 CompositeBus - ok 23:53:37.0933 6308 COMSysApp - ok 23:53:37.0957 6308 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys 23:53:37.0966 6308 crcdisk - ok 23:53:38.0015 6308 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll 23:53:38.0041 6308 CryptSvc - ok 23:53:38.0076 6308 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 23:53:38.0115 6308 DcomLaunch - ok 23:53:38.0155 6308 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll 23:53:38.0194 6308 defragsvc - ok 23:53:38.0237 6308 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 23:53:38.0273 6308 DfsC - ok 23:53:38.0321 6308 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll 23:53:38.0356 6308 Dhcp - ok 23:53:38.0371 6308 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 23:53:38.0418 6308 discache - ok 23:53:38.0449 6308 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys 23:53:38.0458 6308 Disk - ok 23:53:38.0486 6308 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll 23:53:38.0525 6308 Dnscache - ok 23:53:38.0540 6308 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll 23:53:38.0590 6308 dot3svc - ok 23:53:38.0622 6308 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll 23:53:38.0660 6308 DPS - ok 23:53:38.0712 6308 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 23:53:38.0738 6308 drmkaud - ok 23:53:38.0796 6308 dtsoftbus01 (46571ed73ae84469dca53081d33cf3c8) C:\Windows\system32\DRIVERS\dtsoftbus01.sys 23:53:38.0837 6308 dtsoftbus01 - ok 23:53:38.0918 6308 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 23:53:38.0972 6308 DXGKrnl - ok 23:53:38.0991 6308 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll 23:53:39.0028 6308 EapHost - ok 23:53:39.0130 6308 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys 23:53:39.0200 6308 ebdrv - ok 23:53:39.0311 6308 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe 23:53:39.0347 6308 EFS - ok 23:53:39.0423 6308 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe 23:53:39.0445 6308 ehRecvr - ok 23:53:39.0455 6308 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe 23:53:39.0468 6308 ehSched - ok 23:53:39.0519 6308 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys 23:53:39.0536 6308 elxstor - ok 23:53:39.0544 6308 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 23:53:39.0557 6308 ErrDev - ok 23:53:39.0594 6308 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll 23:53:39.0645 6308 EventSystem - ok 23:53:39.0663 6308 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 23:53:39.0704 6308 exfat - ok 23:53:39.0717 6308 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 23:53:39.0755 6308 fastfat - ok 23:53:39.0784 6308 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe 23:53:39.0831 6308 Fax - ok 23:53:39.0840 6308 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys 23:53:39.0860 6308 fdc - ok 23:53:39.0875 6308 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll 23:53:39.0922 6308 fdPHost - ok 23:53:39.0938 6308 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll 23:53:39.0975 6308 FDResPub - ok 23:53:39.0986 6308 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 23:53:39.0995 6308 FileInfo - ok 23:53:40.0005 6308 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 23:53:40.0062 6308 Filetrace - ok 23:53:40.0130 6308 FLEXnet Licensing Service (8669be94f63944e4f899c3950b520241) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe 23:53:40.0149 6308 FLEXnet Licensing Service - ok 23:53:40.0191 6308 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys 23:53:40.0204 6308 flpydisk - ok 23:53:40.0225 6308 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 23:53:40.0236 6308 FltMgr - ok 23:53:40.0287 6308 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll 23:53:40.0332 6308 FontCache - ok 23:53:40.0386 6308 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 23:53:40.0424 6308 FontCache3.0.0.0 - ok 23:53:40.0450 6308 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 23:53:40.0460 6308 FsDepends - ok 23:53:40.0507 6308 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys 23:53:40.0544 6308 Fs_Rec - ok 23:53:40.0561 6308 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 23:53:40.0574 6308 fvevol - ok 23:53:40.0593 6308 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys 23:53:40.0604 6308 gagp30kx - ok 23:53:40.0625 6308 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 23:53:40.0659 6308 GEARAspiWDM - ok 23:53:40.0700 6308 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll 23:53:40.0732 6308 gpsvc - ok 23:53:40.0816 6308 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 23:53:40.0824 6308 gupdate - ok 23:53:40.0826 6308 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 23:53:40.0833 6308 gupdatem - ok 23:53:40.0849 6308 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 23:53:40.0873 6308 hcw85cir - ok 23:53:40.0898 6308 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys 23:53:40.0948 6308 HDAudBus - ok 23:53:40.0951 6308 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys 23:53:40.0970 6308 HidBatt - ok 23:53:40.0978 6308 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys 23:53:41.0000 6308 HidBth - ok 23:53:41.0017 6308 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys 23:53:41.0032 6308 HidIr - ok 23:53:41.0040 6308 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll 23:53:41.0090 6308 hidserv - ok 23:53:41.0103 6308 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys 23:53:41.0142 6308 HidUsb - ok 23:53:41.0151 6308 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll 23:53:41.0219 6308 hkmsvc - ok 23:53:41.0234 6308 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll 23:53:41.0278 6308 HomeGroupListener - ok 23:53:41.0310 6308 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll 23:53:41.0323 6308 HomeGroupProvider - ok 23:53:41.0329 6308 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 23:53:41.0366 6308 HpSAMD - ok 23:53:41.0394 6308 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 23:53:41.0464 6308 HTTP - ok 23:53:41.0475 6308 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 23:53:41.0483 6308 hwpolicy - ok 23:53:41.0499 6308 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys 23:53:41.0514 6308 i8042prt - ok 23:53:41.0537 6308 iaStor (f7ce9be72edac499b713eca6dae5d26f) C:\Windows\system32\drivers\iaStor.sys 23:53:41.0549 6308 iaStor - ok 23:53:41.0616 6308 IAStorDataMgrSvc (b25f192ea1f84a316eb7c19efcccf33d) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe 23:53:41.0624 6308 IAStorDataMgrSvc - ok 23:53:41.0643 6308 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys 23:53:41.0687 6308 iaStorV - ok 23:53:41.0756 6308 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 23:53:41.0773 6308 idsvc - ok 23:53:41.0777 6308 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys 23:53:41.0788 6308 iirsp - ok 23:53:41.0839 6308 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll 23:53:41.0884 6308 IKEEXT - ok 23:53:41.0975 6308 IntcAzAudAddService (b4563fdbcae3d96d1aff474a84965a63) C:\Windows\system32\drivers\RTKVHD64.sys 23:53:42.0063 6308 IntcAzAudAddService - ok 23:53:42.0156 6308 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 23:53:42.0165 6308 intelide - ok 23:53:42.0179 6308 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 23:53:42.0203 6308 intelppm - ok 23:53:42.0245 6308 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll 23:53:42.0297 6308 IPBusEnum - ok 23:53:42.0304 6308 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 23:53:42.0357 6308 IpFilterDriver - ok 23:53:42.0362 6308 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 23:53:42.0426 6308 IPMIDRV - ok 23:53:42.0443 6308 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 23:53:42.0490 6308 IPNAT - ok 23:53:42.0573 6308 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe 23:53:42.0591 6308 iPod Service - ok 23:53:42.0604 6308 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 23:53:42.0618 6308 IRENUM - ok 23:53:42.0630 6308 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 23:53:42.0639 6308 isapnp - ok 23:53:42.0657 6308 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 23:53:42.0697 6308 iScsiPrt - ok 23:53:42.0716 6308 JRAID (a577f5db30f70eca9708c07c2eacbd9d) C:\Windows\system32\drivers\jraid.sys 23:53:42.0726 6308 JRAID - ok 23:53:42.0753 6308 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys 23:53:42.0764 6308 kbdclass - ok 23:53:42.0784 6308 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys 23:53:42.0836 6308 kbdhid - ok 23:53:42.0855 6308 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 23:53:42.0867 6308 KeyIso - ok 23:53:42.0889 6308 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys 23:53:42.0898 6308 KSecDD - ok 23:53:42.0913 6308 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys 23:53:42.0923 6308 KSecPkg - ok 23:53:42.0929 6308 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 23:53:42.0974 6308 ksthunk - ok 23:53:43.0012 6308 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll 23:53:43.0070 6308 KtmRm - ok 23:53:43.0103 6308 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll 23:53:43.0142 6308 LanmanServer - ok 23:53:43.0161 6308 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll 23:53:43.0196 6308 LanmanWorkstation - ok 23:53:43.0221 6308 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 23:53:43.0271 6308 lltdio - ok 23:53:43.0294 6308 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll 23:53:43.0336 6308 lltdsvc - ok 23:53:43.0349 6308 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll 23:53:43.0388 6308 lmhosts - ok 23:53:43.0411 6308 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys 23:53:43.0422 6308 LSI_FC - ok 23:53:43.0428 6308 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys 23:53:43.0438 6308 LSI_SAS - ok 23:53:43.0442 6308 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys 23:53:43.0451 6308 LSI_SAS2 - ok 23:53:43.0457 6308 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys 23:53:43.0468 6308 LSI_SCSI - ok 23:53:43.0485 6308 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 23:53:43.0528 6308 luafv - ok 23:53:43.0591 6308 McAWFwk (9504f1dda1b67fb8d526fd4f8cc882f3) c:\PROGRA~1\mcafee\msc\mcawfwk.exe 23:53:43.0602 6308 McAWFwk - ok 23:53:43.0627 6308 McMPFSvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe 23:53:43.0638 6308 McMPFSvc - ok 23:53:43.0641 6308 mcmscsvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe 23:53:43.0651 6308 mcmscsvc - ok 23:53:43.0666 6308 McNaiAnn (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe 23:53:43.0676 6308 McNaiAnn - ok 23:53:43.0684 6308 McNASvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe 23:53:43.0694 6308 McNASvc - ok 23:53:43.0768 6308 McODS (dd2321925274f2902929d76ce2b0eb45) C:\Program Files\mcafee\VirusScan\mcods.exe 23:53:43.0782 6308 McODS - ok 23:53:43.0785 6308 McOobeSv (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe 23:53:43.0795 6308 McOobeSv - ok 23:53:43.0797 6308 McProxy (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe 23:53:43.0807 6308 McProxy - ok 23:53:43.0857 6308 McShield (e998e3b12101288d716558466cbf6ae1) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe 23:53:43.0868 6308 McShield - ok 23:53:43.0948 6308 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll 23:53:43.0982 6308 Mcx2Svc - ok 23:53:44.0024 6308 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys 23:53:44.0035 6308 megasas - ok 23:53:44.0064 6308 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys 23:53:44.0078 6308 MegaSR - ok 23:53:44.0115 6308 MEIx64 (1c6e73fc46b509eff9d0086aa37132df) C:\Windows\system32\DRIVERS\HECIx64.sys 23:53:44.0151 6308 MEIx64 - ok 23:53:44.0168 6308 mfeapfk (01884cb7655c8908b43ff5e364fe6fd2) C:\Windows\system32\drivers\mfeapfk.sys 23:53:44.0206 6308 mfeapfk - ok 23:53:44.0224 6308 mfeavfk (dab9a9cdfb04e4d68924492aa043019d) C:\Windows\system32\drivers\mfeavfk.sys 23:53:44.0264 6308 mfeavfk - ok 23:53:44.0271 6308 mfeavfk01 - ok 23:53:44.0284 6308 mfefire (b26782c3d6045b4464017d7926877560) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe 23:53:44.0295 6308 mfefire - ok 23:53:44.0311 6308 mfefirek (ce9a3680675c0907ade16404ca967b49) C:\Windows\system32\drivers\mfefirek.sys 23:53:44.0355 6308 mfefirek - ok 23:53:44.0394 6308 mfehidk (60cf67458dd29cd17e77f2327b1a9a54) C:\Windows\system32\drivers\mfehidk.sys 23:53:44.0411 6308 mfehidk - ok 23:53:44.0419 6308 mfenlfk (a8129cfb919347f8533c934b365e9202) C:\Windows\system32\DRIVERS\mfenlfk.sys 23:53:44.0455 6308 mfenlfk - ok 23:53:44.0472 6308 mferkdet (5041fa2bd2b3a2693b015771bfbf6dca) C:\Windows\system32\drivers\mferkdet.sys 23:53:44.0509 6308 mferkdet - ok 23:53:44.0550 6308 mfevtp (723a5eb6cef7f408c3d0f15a82a6bff8) C:\Windows\system32\mfevtps.exe 23:53:44.0588 6308 mfevtp - ok 23:53:44.0606 6308 mfewfpk (919c56db14a0e1e2ab6da5d2821dc26e) C:\Windows\system32\drivers\mfewfpk.sys 23:53:44.0618 6308 mfewfpk - ok 23:53:44.0642 6308 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 23:53:44.0684 6308 MMCSS - ok 23:53:44.0688 6308 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 23:53:44.0729 6308 Modem - ok 23:53:44.0750 6308 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 23:53:44.0772 6308 monitor - ok 23:53:44.0798 6308 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 23:53:44.0809 6308 mouclass - ok 23:53:44.0827 6308 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 23:53:44.0853 6308 mouhid - ok 23:53:44.0879 6308 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 23:53:44.0888 6308 mountmgr - ok 23:53:44.0954 6308 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 23:53:44.0963 6308 MozillaMaintenance - ok 23:53:44.0978 6308 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 23:53:45.0016 6308 mpio - ok 23:53:45.0036 6308 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 23:53:45.0074 6308 mpsdrv - ok 23:53:45.0084 6308 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 23:53:45.0140 6308 MRxDAV - ok 23:53:45.0182 6308 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys 23:53:45.0205 6308 mrxsmb - ok 23:53:45.0228 6308 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys 23:53:45.0242 6308 mrxsmb10 - ok 23:53:45.0251 6308 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 23:53:45.0263 6308 mrxsmb20 - ok 23:53:45.0285 6308 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 23:53:45.0323 6308 msahci - ok 23:53:45.0333 6308 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 23:53:45.0376 6308 msdsm - ok 23:53:45.0404 6308 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe 23:53:45.0419 6308 MSDTC - ok 23:53:45.0435 6308 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 23:53:45.0472 6308 Msfs - ok 23:53:45.0483 6308 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 23:53:45.0522 6308 mshidkmdf - ok 23:53:45.0533 6308 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 23:53:45.0542 6308 msisadrv - ok 23:53:45.0558 6308 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll 23:53:45.0609 6308 MSiSCSI - ok 23:53:45.0610 6308 msiserver - ok 23:53:45.0651 6308 MSK80Service (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe 23:53:45.0661 6308 MSK80Service - ok 23:53:45.0674 6308 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 23:53:45.0720 6308 MSKSSRV - ok 23:53:45.0722 6308 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 23:53:45.0762 6308 MSPCLOCK - ok 23:53:45.0765 6308 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 23:53:45.0806 6308 MSPQM - ok 23:53:45.0829 6308 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 23:53:45.0842 6308 MsRPC - ok 23:53:45.0854 6308 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys 23:53:45.0864 6308 mssmbios - ok 23:53:45.0867 6308 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 23:53:45.0912 6308 MSTEE - ok 23:53:45.0915 6308 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys 23:53:45.0928 6308 MTConfig - ok 23:53:45.0955 6308 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 23:53:45.0963 6308 Mup - ok 23:53:45.0983 6308 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll 23:53:46.0023 6308 napagent - ok 23:53:46.0049 6308 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 23:53:46.0073 6308 NativeWifiP - ok 23:53:46.0130 6308 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys 23:53:46.0150 6308 NDIS - ok 23:53:46.0162 6308 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 23:53:46.0201 6308 NdisCap - ok 23:53:46.0225 6308 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 23:53:46.0263 6308 NdisTapi - ok 23:53:46.0276 6308 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 23:53:46.0328 6308 Ndisuio - ok 23:53:46.0344 6308 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 23:53:46.0405 6308 NdisWan - ok 23:53:46.0418 6308 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 23:53:46.0470 6308 NDProxy - ok 23:53:46.0479 6308 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 23:53:46.0522 6308 NetBIOS - ok 23:53:46.0543 6308 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 23:53:46.0570 6308 NetBT - ok 23:53:46.0611 6308 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 23:53:46.0623 6308 Netlogon - ok 23:53:46.0638 6308 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll 23:53:46.0686 6308 Netman - ok 23:53:46.0748 6308 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 23:53:46.0756 6308 NetMsmqActivator - ok 23:53:46.0758 6308 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 23:53:46.0766 6308 NetPipeActivator - ok 23:53:46.0794 6308 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll 23:53:46.0847 6308 netprofm - ok 23:53:46.0939 6308 netr28ux (26672f93749ac9fd28da1b0f94efa78d) C:\Windows\system32\DRIVERS\netr28ux.sys 23:53:46.0993 6308 netr28ux - ok 23:53:47.0043 6308 netr7364 (81b8d0c1ce44a7fdbd596b693783950c) C:\Windows\system32\DRIVERS\netr7364.sys 23:53:47.0079 6308 netr7364 - ok 23:53:47.0111 6308 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 23:53:47.0118 6308 NetTcpActivator - ok 23:53:47.0120 6308 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 23:53:47.0128 6308 NetTcpPortSharing - ok 23:53:47.0155 6308 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys 23:53:47.0165 6308 nfrd960 - ok 23:53:47.0184 6308 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll 23:53:47.0224 6308 NlaSvc - ok 23:53:47.0239 6308 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 23:53:47.0275 6308 Npfs - ok 23:53:47.0285 6308 npggsvc - ok 23:53:47.0299 6308 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll 23:53:47.0344 6308 nsi - ok 23:53:47.0358 6308 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 23:53:47.0395 6308 nsiproxy - ok 23:53:47.0451 6308 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys 23:53:47.0498 6308 Ntfs - ok 23:53:47.0571 6308 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 23:53:47.0610 6308 Null - ok 23:53:47.0642 6308 nusb3hub (285acec1b13a15ba520aae06bacb9cff) C:\Windows\system32\DRIVERS\nusb3hub.sys 23:53:47.0679 6308 nusb3hub - ok 23:53:47.0696 6308 nusb3xhc (f6d625ff7b56bb6ea063f0d3a5bbc996) C:\Windows\system32\DRIVERS\nusb3xhc.sys 23:53:47.0734 6308 nusb3xhc - ok 23:53:47.0786 6308 NVHDA (8d4aac74b571fc356560e5b308955e93) C:\Windows\system32\drivers\nvhda64v.sys 23:53:47.0825 6308 NVHDA - ok 23:53:48.0155 6308 nvlddmkm (0eb204639119370f5f8f2871fbf4e14b) C:\Windows\system32\DRIVERS\nvlddmkm.sys 23:53:48.0489 6308 nvlddmkm - ok 23:53:48.0547 6308 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys 23:53:48.0585 6308 nvraid - ok 23:53:48.0595 6308 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys 23:53:48.0634 6308 nvstor - ok 23:53:48.0707 6308 nvsvc (32ff8ee6dcee5c0cb91ff892fb1ca364) C:\Windows\system32\nvvsvc.exe 23:53:48.0760 6308 nvsvc - ok 23:53:48.0889 6308 nvUpdatusService (bd012dc22c78be1071bc21eb125d782f) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe 23:53:48.0941 6308 nvUpdatusService - ok 23:53:48.0990 6308 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 23:53:49.0002 6308 nv_agp - ok 23:53:49.0015 6308 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 23:53:49.0042 6308 ohci1394 - ok 23:53:49.0075 6308 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 23:53:49.0114 6308 p2pimsvc - ok 23:53:49.0143 6308 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll 23:53:49.0163 6308 p2psvc - ok 23:53:49.0172 6308 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys 23:53:49.0186 6308 Parport - ok 23:53:49.0263 6308 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys 23:53:49.0271 6308 partmgr - ok 23:53:49.0278 6308 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll 23:53:49.0302 6308 PcaSvc - ok 23:53:49.0330 6308 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 23:53:49.0340 6308 pci - ok 23:53:49.0358 6308 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 23:53:49.0368 6308 pciide - ok 23:53:49.0380 6308 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys 23:53:49.0392 6308 pcmcia - ok 23:53:49.0414 6308 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 23:53:49.0423 6308 pcw - ok 23:53:49.0445 6308 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 23:53:49.0499 6308 PEAUTH - ok 23:53:49.0548 6308 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe 23:53:49.0572 6308 PerfHost - ok 23:53:49.0621 6308 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll 23:53:49.0708 6308 pla - ok 23:53:49.0744 6308 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll 23:53:49.0802 6308 PlugPlay - ok 23:53:49.0816 6308 PnkBstrA - ok 23:53:49.0825 6308 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll 23:53:49.0846 6308 PNRPAutoReg - ok 23:53:49.0870 6308 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 23:53:49.0883 6308 PNRPsvc - ok 23:53:49.0908 6308 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll 23:53:49.0948 6308 PolicyAgent - ok 23:53:49.0976 6308 Power (a2cca4fb273e6050f17a0a416cff2fcd) C:\Windows\system32\umpo.dll 23:53:50.0020 6308 Power - ok 23:53:50.0067 6308 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 23:53:50.0129 6308 PptpMiniport - ok 23:53:50.0167 6308 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys 23:53:50.0193 6308 Processor - ok 23:53:50.0230 6308 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll 23:53:50.0259 6308 ProfSvc - ok 23:53:50.0300 6308 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 23:53:50.0312 6308 ProtectedStorage - ok 23:53:50.0324 6308 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 23:53:50.0360 6308 Psched - ok 23:53:50.0379 6308 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys 23:53:50.0388 6308 PxHlpa64 - ok 23:53:50.0446 6308 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys 23:53:50.0487 6308 ql2300 - ok 23:53:50.0535 6308 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys 23:53:50.0545 6308 ql40xx - ok 23:53:50.0584 6308 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll 23:53:50.0598 6308 QWAVE - ok 23:53:50.0605 6308 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 23:53:50.0620 6308 QWAVEdrv - ok 23:53:50.0623 6308 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 23:53:50.0660 6308 RasAcd - ok 23:53:50.0683 6308 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 23:53:50.0720 6308 RasAgileVpn - ok 23:53:50.0730 6308 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll 23:53:50.0783 6308 RasAuto - ok 23:53:50.0800 6308 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 23:53:50.0858 6308 Rasl2tp - ok 23:53:50.0884 6308 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll 23:53:50.0939 6308 RasMan - ok 23:53:50.0954 6308 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 23:53:51.0006 6308 RasPppoe - ok 23:53:51.0018 6308 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 23:53:51.0056 6308 RasSstp - ok 23:53:51.0075 6308 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 23:53:51.0116 6308 rdbss - ok 23:53:51.0119 6308 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys 23:53:51.0135 6308 rdpbus - ok 23:53:51.0164 6308 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 23:53:51.0201 6308 RDPCDD - ok 23:53:51.0218 6308 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 23:53:51.0263 6308 RDPENCDD - ok 23:53:51.0287 6308 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 23:53:51.0323 6308 RDPREFMP - ok 23:53:51.0372 6308 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys 23:53:51.0419 6308 RDPWD - ok 23:53:51.0443 6308 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 23:53:51.0453 6308 rdyboost - ok 23:53:51.0473 6308 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll 23:53:51.0520 6308 RemoteAccess - ok 23:53:51.0537 6308 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll 23:53:51.0576 6308 RemoteRegistry - ok 23:53:51.0681 6308 RoxMediaDB12OEM (3c957189b31c34d3ad21967b12b6aed7) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe 23:53:51.0715 6308 RoxMediaDB12OEM - ok 23:53:51.0750 6308 RoxWatch12 (2b73088cc2ca757a172b425c9398e5bc) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe 23:53:51.0761 6308 RoxWatch12 - ok 23:53:51.0824 6308 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll 23:53:51.0870 6308 RpcEptMapper - ok 23:53:51.0886 6308 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe 23:53:51.0900 6308 RpcLocator - ok 23:53:51.0920 6308 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 23:53:51.0949 6308 RpcSs - ok 23:53:51.0980 6308 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 23:53:52.0027 6308 rspndr - ok 23:53:52.0075 6308 RTL8167 (4fbda07ef0a3097ce14c5cabf723b278) C:\Windows\system32\DRIVERS\Rt64win7.sys 23:53:52.0117 6308 RTL8167 - ok 23:53:52.0149 6308 RtNdPt60 (e16b7c030a05ef649b18fab0a93d871f) C:\Windows\system32\DRIVERS\RtNdPt60.sys 23:53:52.0185 6308 RtNdPt60 - ok 23:53:52.0232 6308 RTTEAMPT (1de78f5008120cd79b34c12394dcd493) C:\Windows\system32\DRIVERS\RtTeam60.sys 23:53:52.0268 6308 RTTEAMPT - ok 23:53:52.0281 6308 RTVLANPT (b1018aa1b5735f5fa89fd4dadf4bea7a) C:\Windows\system32\DRIVERS\RtVlan60.sys 23:53:52.0315 6308 RTVLANPT - ok 23:53:52.0373 6308 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 23:53:52.0385 6308 SamSs - ok 23:53:52.0396 6308 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 23:53:52.0433 6308 sbp2port - ok 23:53:52.0462 6308 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll 23:53:52.0503 6308 SCardSvr - ok 23:53:52.0527 6308 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 23:53:52.0590 6308 scfilter - ok 23:53:52.0630 6308 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll 23:53:52.0687 6308 Schedule - ok 23:53:52.0750 6308 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 23:53:52.0796 6308 SCPolicySvc - ok 23:53:52.0808 6308 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll 23:53:52.0851 6308 SDRSVC - ok 23:53:52.0887 6308 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 23:53:52.0938 6308 secdrv - ok 23:53:52.0950 6308 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll 23:53:52.0997 6308 seclogon - ok 23:53:53.0022 6308 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll 23:53:53.0071 6308 SENS - ok 23:53:53.0085 6308 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll 23:53:53.0108 6308 SensrSvc - ok 23:53:53.0125 6308 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys 23:53:53.0148 6308 Serenum - ok 23:53:53.0181 6308 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys 23:53:53.0204 6308 Serial - ok 23:53:53.0231 6308 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys 23:53:53.0244 6308 sermouse - ok 23:53:53.0257 6308 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll 23:53:53.0312 6308 SessionEnv - ok 23:53:53.0315 6308 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 23:53:53.0334 6308 sffdisk - ok 23:53:53.0337 6308 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 23:53:53.0352 6308 sffp_mmc - ok 23:53:53.0355 6308 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys 23:53:53.0403 6308 sffp_sd - ok 23:53:53.0406 6308 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys 23:53:53.0420 6308 sfloppy - ok 23:53:53.0509 6308 SftService (29ddea72c5bdf61d62f4d438dc0e497c) C:\Program Files (x86)\AlienRespawn\sftservice.EXE 23:53:53.0548 6308 SftService - ok 23:53:53.0612 6308 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll 23:53:53.0641 6308 ShellHWDetection - ok 23:53:53.0652 6308 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys 23:53:53.0662 6308 SiSRaid2 - ok 23:53:53.0669 6308 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys 23:53:53.0680 6308 SiSRaid4 - ok 23:53:53.0687 6308 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 23:53:53.0736 6308 Smb - ok 23:53:53.0768 6308 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe 23:53:53.0788 6308 SNMPTRAP - ok 23:53:53.0791 6308 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 23:53:53.0799 6308 spldr - ok 23:53:53.0821 6308 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe 23:53:53.0851 6308 Spooler - ok 23:53:53.0940 6308 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe 23:53:54.0029 6308 sppsvc - ok 23:53:54.0068 6308 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll 23:53:54.0108 6308 sppuinotify - ok 23:53:54.0147 6308 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys 23:53:54.0195 6308 srv - ok 23:53:54.0220 6308 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys 23:53:54.0241 6308 srv2 - ok 23:53:54.0263 6308 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys 23:53:54.0275 6308 srvnet - ok 23:53:54.0313 6308 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll 23:53:54.0352 6308 SSDPSRV - ok 23:53:54.0363 6308 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll 23:53:54.0403 6308 SstpSvc - ok 23:53:54.0451 6308 Steam Client Service - ok 23:53:54.0516 6308 Stereo Service (fc0a58529a02b1eed55ddc58696b7908) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe 23:53:54.0529 6308 Stereo Service - ok 23:53:54.0552 6308 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys 23:53:54.0562 6308 stexstor - ok 23:53:54.0624 6308 StillCam (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys 23:53:54.0649 6308 StillCam - ok 23:53:54.0687 6308 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll 23:53:54.0727 6308 stisvc - ok 23:53:54.0764 6308 stllssvr (7731f46ec0d687a931cba063e8f90ef0) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe 23:53:54.0772 6308 stllssvr - ok 23:53:54.0783 6308 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys 23:53:54.0793 6308 swenum - ok 23:53:54.0811 6308 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll 23:53:54.0863 6308 swprv - ok 23:53:54.0923 6308 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll 23:53:54.0978 6308 SysMain - ok 23:53:55.0032 6308 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll 23:53:55.0067 6308 TabletInputService - ok 23:53:55.0297 6308 TabletServicePen (c4c20cfa4f42e9b7454e895c5c47bcd3) C:\Program Files\Tablet\Pen\Pen_Tablet.exe 23:53:55.0431 6308 TabletServicePen - ok 23:53:55.0478 6308 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll 23:53:55.0535 6308 TapiSrv - ok 23:53:55.0550 6308 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll 23:53:55.0587 6308 TBS - ok 23:53:55.0673 6308 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys 23:53:55.0718 6308 Tcpip - ok 23:53:55.0815 6308 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys 23:53:55.0841 6308 TCPIP6 - ok 23:53:55.0892 6308 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 23:53:55.0955 6308 tcpipreg - ok 23:53:55.0967 6308 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 23:53:55.0998 6308 TDPIPE - ok 23:53:56.0037 6308 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys 23:53:56.0083 6308 TDTCP - ok 23:53:56.0100 6308 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 23:53:56.0152 6308 tdx - ok 23:53:56.0195 6308 TEAM (1de78f5008120cd79b34c12394dcd493) C:\Windows\system32\DRIVERS\RtTeam60.sys 23:53:56.0230 6308 TEAM - ok 23:53:56.0252 6308 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys 23:53:56.0283 6308 TermDD - ok 23:53:56.0306 6308 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll 23:53:56.0371 6308 TermService - ok 23:53:56.0388 6308 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll 23:53:56.0410 6308 Themes - ok 23:53:56.0430 6308 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 23:53:56.0466 6308 THREADORDER - ok 23:53:56.0568 6308 TouchServicePen (7625dcf246e488e523dc1f64c38abda2) C:\Program Files\Tablet\Pen\Pen_TouchService.exe 23:53:56.0580 6308 TouchServicePen - ok 23:53:56.0596 6308 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll 23:53:56.0646 6308 TrkWks - ok 23:53:56.0685 6308 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe 23:53:56.0722 6308 TrustedInstaller - ok 23:53:56.0760 6308 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 23:53:56.0825 6308 tssecsrv - ok 23:53:56.0847 6308 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 23:53:56.0899 6308 TsUsbFlt - ok 23:53:56.0903 6308 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys 23:53:56.0942 6308 TsUsbGD - ok 23:53:56.0968 6308 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 23:53:57.0001 6308 tunnel - ok 23:53:57.0006 6308 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys 23:53:57.0017 6308 uagp35 - ok 23:53:57.0058 6308 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 23:53:57.0114 6308 udfs - ok 23:53:57.0132 6308 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe 23:53:57.0146 6308 UI0Detect - ok 23:53:57.0160 6308 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 23:53:57.0170 6308 uliagpkx - ok 23:53:57.0188 6308 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys 23:53:57.0235 6308 umbus - ok 23:53:57.0238 6308 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys 23:53:57.0251 6308 UmPass - ok 23:53:57.0284 6308 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll 23:53:57.0332 6308 upnphost - ok 23:53:57.0382 6308 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys 23:53:57.0443 6308 USBAAPL64 - ok 23:53:57.0450 6308 usbccgp (19ad7990c0b67e48dac5b26f99628223) C:\Windows\system32\DRIVERS\usbccgp.sys 23:53:57.0511 6308 usbccgp - ok 23:53:57.0520 6308 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 23:53:57.0536 6308 usbcir - ok 23:53:57.0548 6308 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys 23:53:57.0599 6308 usbehci - ok 23:53:57.0633 6308 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys 23:53:57.0675 6308 usbhub - ok 23:53:57.0691 6308 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys 23:53:57.0744 6308 usbohci - ok 23:53:57.0754 6308 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 23:53:57.0774 6308 usbprint - ok 23:53:57.0811 6308 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys 23:53:57.0826 6308 usbscan - ok 23:53:57.0835 6308 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS 23:53:57.0901 6308 USBSTOR - ok 23:53:57.0921 6308 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys 23:53:57.0971 6308 usbuhci - ok 23:53:57.0998 6308 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll 23:53:58.0042 6308 UxSms - ok 23:53:58.0083 6308 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 23:53:58.0095 6308 VaultSvc - ok 23:53:58.0102 6308 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 23:53:58.0110 6308 vdrvroot - ok 23:53:58.0131 6308 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe 23:53:58.0200 6308 vds - ok 23:53:58.0212 6308 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 23:53:58.0226 6308 vga - ok 23:53:58.0241 6308 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 23:53:58.0288 6308 VgaSave - ok 23:53:58.0302 6308 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 23:53:58.0341 6308 vhdmp - ok 23:53:58.0344 6308 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 23:53:58.0354 6308 viaide - ok 23:53:58.0374 6308 VLAN (b1018aa1b5735f5fa89fd4dadf4bea7a) C:\Windows\system32\DRIVERS\RtVLAN60.sys 23:53:58.0408 6308 VLAN - ok 23:53:58.0432 6308 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 23:53:58.0441 6308 volmgr - ok 23:53:58.0460 6308 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 23:53:58.0473 6308 volmgrx - ok 23:53:58.0492 6308 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 23:53:58.0504 6308 volsnap - ok 23:53:58.0533 6308 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys 23:53:58.0546 6308 vsmraid - ok 23:53:58.0594 6308 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe 23:53:58.0661 6308 VSS - ok 23:53:58.0738 6308 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys 23:53:58.0761 6308 vwifibus - ok 23:53:58.0790 6308 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 23:53:58.0805 6308 vwififlt - ok 23:53:58.0827 6308 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll 23:53:58.0867 6308 W32Time - ok 23:53:58.0928 6308 wacommousefilter (e04d43c7d1641e95d35cae6086c7e350) C:\Windows\system32\DRIVERS\wacommousefilter.sys 23:53:58.0963 6308 wacommousefilter - ok 23:53:58.0967 6308 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys 23:53:58.0987 6308 WacomPen - ok 23:53:58.0999 6308 wacomvhid (ec1ceb237e365330c1fcfc4876aa0ac0) C:\Windows\system32\DRIVERS\wacomvhid.sys 23:53:59.0032 6308 wacomvhid - ok 23:53:59.0057 6308 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 23:53:59.0121 6308 WANARP - ok 23:53:59.0123 6308 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 23:53:59.0175 6308 Wanarpv6 - ok 23:53:59.0245 6308 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe 23:53:59.0306 6308 WatAdminSvc - ok 23:53:59.0356 6308 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe 23:53:59.0451 6308 wbengine - ok 23:53:59.0507 6308 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll 23:53:59.0524 6308 WbioSrvc - ok 23:53:59.0544 6308 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll 23:53:59.0592 6308 wcncsvc - ok 23:53:59.0604 6308 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll 23:53:59.0620 6308 WcsPlugInService - ok 23:53:59.0642 6308 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys 23:53:59.0652 6308 Wd - ok 23:53:59.0682 6308 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 23:53:59.0698 6308 Wdf01000 - ok 23:53:59.0706 6308 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 23:53:59.0744 6308 WdiServiceHost - ok 23:53:59.0746 6308 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 23:53:59.0763 6308 WdiSystemHost - ok 23:53:59.0781 6308 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll 23:53:59.0823 6308 WebClient - ok 23:53:59.0839 6308 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll 23:53:59.0894 6308 Wecsvc - ok 23:53:59.0906 6308 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll 23:53:59.0943 6308 wercplsupport - ok 23:53:59.0970 6308 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll 23:54:00.0007 6308 WerSvc - ok 23:54:00.0054 6308 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 23:54:00.0090 6308 WfpLwf - ok 23:54:00.0134 6308 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys 23:54:00.0172 6308 WimFltr - ok 23:54:00.0175 6308 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 23:54:00.0184 6308 WIMMount - ok 23:54:00.0188 6308 WinHttpAutoProxySvc - ok 23:54:00.0265 6308 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll 23:54:00.0304 6308 Winmgmt - ok 23:54:00.0361 6308 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll 23:54:00.0433 6308 WinRM - ok 23:54:00.0546 6308 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys 23:54:00.0586 6308 WinUsb - ok 23:54:00.0624 6308 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll 23:54:00.0659 6308 Wlansvc - ok 23:54:00.0789 6308 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 23:54:00.0840 6308 wlidsvc - ok 23:54:00.0901 6308 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys 23:54:00.0920 6308 WmiAcpi - ok 23:54:00.0946 6308 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe 23:54:00.0964 6308 wmiApSrv - ok 23:54:01.0004 6308 WMPNetworkSvc - ok 23:54:01.0024 6308 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll 23:54:01.0045 6308 WPCSvc - ok 23:54:01.0056 6308 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll 23:54:01.0070 6308 WPDBusEnum - ok 23:54:01.0076 6308 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 23:54:01.0113 6308 ws2ifsl - ok 23:54:01.0115 6308 WSearch - ok 23:54:01.0182 6308 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll 23:54:01.0260 6308 wuauserv - ok 23:54:01.0318 6308 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 23:54:01.0378 6308 WudfPf - ok 23:54:01.0391 6308 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 23:54:01.0456 6308 WUDFRd - ok 23:54:01.0463 6308 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll 23:54:01.0510 6308 wudfsvc - ok 23:54:01.0531 6308 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll 23:54:01.0562 6308 WwanSvc - ok 23:54:01.0617 6308 xusb21 (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys 23:54:01.0665 6308 xusb21 - ok 23:54:01.0694 6308 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0 23:54:01.0908 6308 \Device\Harddisk0\DR0 - ok 23:54:01.0909 6308 Boot (0x1200) (c7a6c31fe6b7c8a3f2b59fd4cd32b31a) \Device\Harddisk0\DR0\Partition0 23:54:01.0910 6308 \Device\Harddisk0\DR0\Partition0 - ok 23:54:01.0935 6308 Boot (0x1200) (1687c97efaf6ae06bbe1a59fbcf3334e) \Device\Harddisk0\DR0\Partition1 23:54:01.0936 6308 \Device\Harddisk0\DR0\Partition1 - ok 23:54:01.0936 6308 ============================================================ 23:54:01.0936 6308 Scan finished 23:54:01.0936 6308 ============================================================ 23:54:01.0941 6856 Detected object count: 0 23:54:01.0941 6856 Actual detected object count: 0 it didnt detect anything, im now running a full scan using malwarebytes, found no problems so far. thanks Mr C
  9. Thank you very much for helping me Mr.C, here are the logs, ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=16bda9a6400aee429541bd93393f2e79 # end=stopped # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-06-18 07:17:16 # local_time=2012-06-18 08:17:16 (+0000, GMT Daylight Time) # country="United Kingdom" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=5121 16777213 100 75 944479 5268908 0 0 # compatibility_mode=5893 16776574 66 94 420687 92512062 0 0 # compatibility_mode=8192 67108863 100 0 93 93 0 0 # scanned=162 # found=0 # cleaned=0 # scan_time=24 esets_scanner_update returned -1 esets_gle=53251 # version=7 # iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=16bda9a6400aee429541bd93393f2e79 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2012-06-18 08:46:43 # local_time=2012-06-18 09:46:43 (+0000, GMT Daylight Time) # country="United Kingdom" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=5121 16777213 100 75 944556 5268985 0 0 # compatibility_mode=5893 16776574 66 94 420764 92512139 0 0 # compatibility_mode=8192 67108863 100 0 170 170 0 0 # scanned=305675 # found=11 # cleaned=10 # scan_time=5313 C:\Program Files (x86)\AlienRespawn\hstart.exe a variant of Win32/HiddenStart.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Jordi\AppData\Local\Temp\InstallerBT.exe Win32/Toolbar.Babylon application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Jordi\AppData\Local\Temp\MyBabylonTB.exe Win32/Toolbar.Babylon application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Jordi\AppData\Local\Temp\V.class Java/Agent.EQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Jordi\AppData\Local\Temp\ICReinstall\cnet2_rpc412_zip.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Jordi\AppData\Local\{4A4AA778-B5AC-11E1-8270-B8AC6F996F26}\chrome\content\browser.xul JS/Redirector.NIQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Jordi\AppData\Roaming\ngces.dll a variant of Win32/Medfos.AG trojan (cleaned by deleting (after the next restart) - quarantined) 00000000000000000000000000000000 C C:\Users\Jordi\Desktop\RK_Quarantine\ngces.dll.vir a variant of Win32/Medfos.AG trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Users\Jordi\Dropbox\DTLite4454-0315.exe Win32/OpenCandy application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C ${Memory} a variant of Win32/Ramnit.L virus 00000000000000000000000000000000 I RogueKiller V7.5.4 [06/07/2012] by Tigzy mail: tigzyRKgmailcom Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User: Jordi [Admin rights] Mode: Remove -- Date: 06/18/2012 20:12:43 ¤¤¤ Bad processes: 2 ¤¤¤ [sVCHOST] svchost.exe -- C:\Windows\SysWOW64\svchost.exe -> KILLED [TermProc] [sVCHOST] svchost.exe -- C:\Windows\SysWOW64\svchost.exe -> KILLED [TermProc] ¤¤¤ Registry Entries: 14 ¤¤¤ [sUSP PATH] HKCU\[...]\Run : OpkIhbnd (C:\Users\Jordi\AppData\Local\gjsvwbem\opkihbnd.exe) -> DELETED [sUSP PATH] HKCU\[...]\Run : Nuwya (C:\Users\Jordi\AppData\Roaming\Eryv\uwup.exe) -> DELETED [bLACKLIST DLL] HKLM\[...]\Run : wimolp (rundll32.exe "C:\Users\Jordi\AppData\Roaming\wimolp.dll",GetCounter) -> DELETED [bLACKLIST DLL] HKLM\[...]\Run : ngces ("C:\Windows\System32\rundll32.exe" "C:\Users\Jordi\AppData\Roaming\ngces.dll",FillVolumeTextureTX) -> DELETED [sUSP PATH] HKLM\[...]\Wow6432Node\Winlogon : Userinit (userinit.exe,C:\Users\Jordi\AppData\Local\gjsvwbem\opkihbnd.exe) -> REPLACED (userinit.exe) [sUSP PATH] OptimizerProUpdaterRefreshTask.job @ : C:\ProgramData\OptimizerPro\updater.exe -> DELETED [sUSP PATH] OptimizerProUpdaterLogonTask.job @ : C:\ProgramData\OptimizerPro\updater.exe -> DELETED [sUSP PATH] GboxUpdaterRefreshTask.job @ : C:\ProgramData\GboxUpdater\updater.exe -> DELETED [sUSP PATH] GboxUpdaterLogonTask.job @ : C:\ProgramData\GboxUpdater\updater.exe -> DELETED [sUSP PATH] {718E90D4-3F40-4A3A-A96F-2B867CE4D060}.job @ : C:\Users\Jordi\Desktop\xpadder_gamepad_profiler\Xpadder.exe -> DELETED [HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1) [ZeroAccess] HKCR\[...]\InprocServer32 : (\\.\globalroot\systemroot\Installer\{b5e9965d-7248-0fb4-8807-e8e0c8e8de2c}\n.) -> REPLACED (c:\windows\system32\wbem\wbemess.dll) [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ZeroAccess ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ 127.0.0.1 localhost 127.0.0.1 activate.adobe.com 127.0.0.1 3dns-3.adobe.com 127.0.0.1 adobe-dns-2.adobe.com 127.0.0.1 adobe-dns-3.adobe.com 127.0.0.1 ereg.wip3.adobe.com 127.0.0.1 activate-sea.adobe.com 127.0.0.1 wip3.adobe.com 127.0.0.1 wwis-dubc1-vip60.adobe.com 127.0.0.1 activate-sjc0.adobe.com 127.0.0.1 practivate.adobe.com 127.0.0.1 ereg.adobe.com 127.0.0.1 activate.wip3.adobe.com 127.0.0.1 3dns-2.adobe.com 127.0.0.1 adobe-dns.adobe.com ::1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: +++++ --- User --- [MBR] b931c9a9377dceb4b4e2b433006db7df [bSP] f91ad37179ea1cb3eb01eeb9d8297504 : Windows Vista MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 10466 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 21516288 | Size: 943362 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : > RKreport[1].txt ; RKreport[2].txt
  10. Hi, i think my pc is infected, the anti-malware software i got does not take any effect, (anti-malwarebytes and tdsskiller), i also cant use google chrome, internet explorer. the only one that works is firefox, and i think im being blocked by pages like this by the virus, i have to resort to using a proxy to actually get on this website, please can someone help me! The first thread told me to send you this, : . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by Jordi at 20:02:34 on 2012-06-16 . ============== Running Processes =============== . . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.co.uk/ uSearch Bar = Preserve uInternet Settings,ProxyOverride = *.local mURLSearchHooks: H - No File mWinlogon: Userinit=userinit.exe,C:\Users\Jordi\AppData\Local\gjsvwbem\opkihbnd.exe BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120503182550.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: Bcool Class: {f43916c8-74f3-5f14-9617-2c8dc138286b} - C:\ProgramData\Bcool\bhoclass.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll" uRun: [bitComet] "C:\Program Files\BitComet\BitComet.exe" /tray uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun uRun: [OpkIhbnd] C:\Users\Jordi\AppData\Local\gjsvwbem\opkihbnd.exe uRun: [Nuwya] C:\Users\Jordi\AppData\Roaming\Eryv\uwup.exe mRun: [] mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey mRun: [bambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent StartupFolder: C:\Users\Jordi\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Jordi\AppData\Roaming\Dropbox\bin\Dropbox.exe StartupFolder: C:\Users\Jordi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\opkihbnd.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll/206 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab TCP: DhcpNameServer = 194.168.4.100 194.168.8.100 TCP: Interfaces\{0CAEFB37-F5E8-4BCF-9758-42E335DD7B37} : DhcpNameServer = 194.168.4.100 194.168.8.100 TCP: Interfaces\{0CAEFB37-F5E8-4BCF-9758-42E335DD7B37}\35B4955393130353 : DhcpNameServer = 192.168.0.1 TCP: Interfaces\{59BAD6A9-DE91-4175-BECF-9350D77DFDC4} : DhcpNameServer = 192.168.0.1 TCP: Interfaces\{6780A4D2-EACD-484C-900E-4D83824602EA} : DhcpNameServer = 10.72.0.72 10.72.0.73 Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\msc\McSnIePl.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: BitComet Helper: {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll BHO-X64: BitComet ClickCapture - No File BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120503182550.dll BHO-X64: scriptproxy - No File BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO-X64: Bcool Class: {F43916C8-74F3-5F14-9617-2C8DC138286B} - C:\ProgramData\Bcool\bhoclass.dll BHO-X64: Bcool - No File TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll" mRun-x64: [(Default)] mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey mRun-x64: [bambooCore] C:\Program Files (x86)\Bamboo Dock\BambooCore.exe mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent IE-X64: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll/206 . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Jordi\AppData\Roaming\Mozilla\Firefox\Profiles\dcv15hde.default\ FF - prefs.js: browser.search.defaulturl - FF - prefs.js: browser.search.selectedEngine - Blekko FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: network.proxy.type - 0 FF - plugin: c:\progra~2\mcafee\msc\npMcSnFFPl.dll FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll FF - plugin: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll . ---- FIREFOX POLICIES ---- FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false . ============= SERVICES / DRIVERS =============== . . =============== Created Last 30 ================ . 2012-06-16 18:53:16 -------- d-----w- C:\Users\Jordi\AppData\Roaming\Malwarebytes 2012-06-16 18:53:10 -------- d-----w- C:\ProgramData\Malwarebytes 2012-06-16 18:53:09 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-06-16 18:53:09 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-06-13 23:20:07 -------- d-----w- C:\Users\Jordi\AppData\Roaming\Kaykxy 2012-06-13 23:20:07 -------- d-----w- C:\Users\Jordi\AppData\Roaming\Esuvs 2012-06-13 23:20:07 -------- d-----w- C:\Users\Jordi\AppData\Roaming\Eryv 2012-06-13 23:05:41 -------- d-----w- C:\Users\Jordi\AppData\Local\{4A4AA778-B5AC-11E1-8270-B8AC6F996F26} 2012-06-13 23:05:38 319488 ----a-w- C:\Users\Jordi\AppData\Roaming\ngces.dll 2012-06-13 23:05:04 125952 ----a-w- C:\Users\Jordi\AppData\Roaming\wimolp.dll 2012-06-13 22:24:12 -------- d-----w- C:\Users\Jordi\AppData\Local\The Lord of the Rings Online 2012-06-13 22:17:16 -------- d-----w- C:\Users\Jordi\AppData\Local\Turbine 2012-06-13 22:17:10 -------- d-----w- C:\Users\Jordi\AppData\Local\ApplicationHistory 2012-06-13 22:15:55 -------- d-----w- C:\Windows\SysWow64\URTTEMP 2012-06-13 00:12:53 88364 --s---w- C:\Users\Jordi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\opkihbnd.exe 2012-06-13 00:12:53 -------- d-----w- C:\Users\Jordi\AppData\Local\gjsvwbem 2012-06-12 23:03:47 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe 2012-06-12 23:03:47 77312 ----a-w- C:\Windows\System32\rdpwsx.dll 2012-06-12 23:03:47 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll 2012-06-12 23:00:27 209920 ----a-w- C:\Windows\System32\profsvc.dll 2012-06-12 22:59:09 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-06-12 22:59:09 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-06-12 22:59:08 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-06-12 22:56:27 3146752 ----a-w- C:\Windows\System32\win32k.sys 2012-06-12 22:54:07 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2012-06-12 22:51:47 3216384 ----a-w- C:\Windows\System32\msi.dll 2012-06-12 22:51:47 2342400 ----a-w- C:\Windows\SysWow64\msi.dll 2012-06-12 22:50:40 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2012-06-12 22:50:40 1462272 ----a-w- C:\Windows\System32\crypt32.dll 2012-06-12 22:50:40 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2012-06-12 22:50:40 140288 ----a-w- C:\Windows\System32\cryptnet.dll 2012-06-12 22:50:40 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll 2012-06-12 22:50:40 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll 2012-06-12 22:23:41 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8AEDCEAC-A3CF-4C7C-8D2D-1EE2C3BA9822}\mpengine.dll 2012-06-09 01:32:04 -------- d-----w- C:\ProgramData\Premium 2012-06-09 01:32:03 -------- d-----w- C:\ProgramData\GboxUpdater 2012-06-09 01:31:58 -------- d-----w- C:\ProgramData\OptimizerPro 2012-06-09 01:31:54 -------- d-----w- C:\Program Files (x86)\Optimizer Pro 2012-06-09 01:31:51 -------- d-----w- C:\ProgramData\Bcool 2012-06-09 01:31:07 -------- d-----w- C:\ProgramData\InstallMate 2012-06-09 01:01:46 -------- d-----w- C:\Program Files (x86)\thechineseroom 2012-06-06 17:17:20 -------- d---a-w- C:\GMD-TMP 2012-06-06 17:10:42 -------- d-----w- C:\Program Files\Valve 2012-05-29 21:30:00 -------- d-----r- C:\Users\Jordi\Dropbox 2012-05-29 16:30:28 -------- d-----w- C:\Users\Jordi\AppData\Local\Apple Computer 2012-05-29 16:30:03 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys 2012-05-29 16:30:03 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll 2012-05-29 16:30:03 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll 2012-05-29 16:29:35 -------- d-----w- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001} 2012-05-29 16:29:35 -------- d-----w- C:\Program Files\iTunes 2012-05-29 16:29:35 -------- d-----w- C:\Program Files\iPod 2012-05-29 16:29:35 -------- d-----w- C:\Program Files (x86)\iTunes 2012-05-29 16:29:09 -------- d-----w- C:\Users\Jordi\AppData\Local\Apple 2012-05-29 16:28:43 -------- d-----w- C:\Program Files\Bonjour 2012-05-29 16:28:43 -------- d-----w- C:\Program Files (x86)\Bonjour 2012-05-29 16:24:53 -------- d-----w- C:\Users\Jordi\AppData\Local\{2E79592C-B213-487D-869F-8F89BA77374C} 2012-05-29 16:24:42 -------- d-----w- C:\Users\Jordi\AppData\Local\{DCD4CF4B-3626-4980-A807-FCCC157B77F5} 2012-05-23 15:05:21 -------- d-----w- C:\Users\Jordi\AppData\Local\SniperV2 2012-05-23 13:50:47 -------- d-----w- C:\Program Files (x86)\Rebellion 2012-05-21 17:20:10 -------- d-----w- C:\Users\Jordi\AppData\Local\{BC5C79F1-D834-4244-ADAF-9DCFDA5B46DC} 2012-05-21 17:17:43 -------- d-----w- C:\Users\Jordi\AppData\Local\{0868906D-3AC0-47B0-A957-81D1EA7E72BC} 2012-05-21 16:58:39 -------- d-----w- C:\Users\Jordi\AppData\Local\{4BC851C1-DC0A-4E45-AA9E-D6482793DF4F} . ==================== Find3M ==================== . 2012-05-25 00:16:49 103736 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe 2012-05-25 00:16:29 66872 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe 2012-05-25 00:16:08 669184 ----a-w- C:\Windows\SysWow64\pbsvc.exe 2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll 2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-05-06 21:29:30 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr 2012-05-06 21:28:15 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0 2012-05-05 15:35:08 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-05-05 15:35:08 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-05-05 15:35:05 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe 2012-05-03 18:40:58 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys 2012-04-10 21:36:00 685338 ----a-w- C:\Program Files (x86)\unins000.exe 2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2012-03-20 12:11:30 162192 ----a-w- C:\Windows\System32\mfevtps.exe . ============= FINISH: 20:02:51.42 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . . ==== Disk Partitions ========================= . . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . 1.0 Adobe AIR Adobe Reader X MUI AlienRespawn AlienRespawn - Support Software Alliance of Valiant Arms Apple Application Support Apple Software Update Audacity 2.0 Aurora-R3 Manual Bamboo Dock Battlefield 3™ Battlelog Web Plugins Bcool Belkin F5D8053 N Wireless USB Adapter Bing Bar BitComet 1.31 64-bit Call of Duty® 2 Call of Duty® 2 Patch 1.3 Call of Duty® 4 - Modern Warfare Call of Duty® 4 - Modern Warfare 1.1 Patch Call of Duty® 4 - Modern Warfare 1.2 Patch Call of Duty® 4 - Modern Warfare 1.3 Patch Call of Duty® 4 - Modern Warfare 1.4 Patch Call of Duty® 4 - Modern Warfare 1.5 Multiplayer Patch Call of Duty® 4 - Modern Warfare 1.5 Patch Call of Duty® 4 - Modern Warfare 1.6 Patch Call of Duty® 4 - Modern Warfare 1.7 Patch Championship Manager 01-02 Command Center Consol app Creation Kit CryEngine®2 Sandbox2 Crysis® D3DX10 DAEMON Tools Lite Dear Esther DirectX 9 Runtime Dropbox ESN Sonar Fraps (remove only) Garry's Mod Garry's Mod 13 Gbox Updater Google Chrome Google Update Helper Grand Theft Auto IV HP Photo Creations HP Photosmart 6510 series Help HP Update Intel® Rapid Storage Technology Java Auto Updater Java 6 Update 27 LAME v3.99.3 (for Windows) Left 4 Dead 2 Malwarebytes Anti-Malware version 1.61.0.1400 McAfee SecurityCenter Microsoft .NET Framework 1.1 Microsoft Games for Windows - LIVE Microsoft Games for Windows - LIVE Redistributable Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Mozilla Firefox 12.0 (x86 en-US) Mozilla Maintenance Service MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Native Instruments Massive Native Instruments Massive v1.0.1.008 VSTi DXi RTAS Native Instruments Service Center NVIDIA PhysX NVIDIA Stereoscopic 3D Driver OF Dragon Rising OptimizerPro Updater Origin PhotoShowExpress Portal PunkBuster Services RAGE RAR Password Cracker 4.12 Realtek Ethernet Diagnostic Utility Realtek High Definition Audio Driver reFX Nexus 1.0.0 reFX Nexus 1.0.9 Roxio Activation Module Roxio BackOnTrack Roxio Burn Roxio Creator Starter Roxio Express Labeler 3 Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Sonic CinePlayer Decoder Pack Steam The Witcher 2 THX TruStudio PC Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) WebTablet FB Plugin WebTablet IE Plugin WebTablet Netscape Plugin Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Messenger Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack . ==== End Of File =========================== the second thread looked like it could be helpful, but i don't really know what im looking for in it. All i know is that the infection stops me from stopping IT, so malwarebytes and mcaffee just do not even start up Thanks helping me by the way
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.