twistid

Members

View Profile See their activity

Posts
9
Joined
June 17, 2012
Last visited
June 17, 2012

Reputation

0 Neutral

Ping.exe and Trojan.dropper.bcminer and redirecting internet

twistid replied to twistid's topic in Resolved Malware Removal Logs

I have deleted Utorrent , yes I would like to try and repair my system if possible. I do infact have a USB drive ...
- June 17, 2012
- 12 replies
Ping.exe and Trojan.dropper.bcminer and redirecting internet

twistid replied to twistid's topic in Resolved Malware Removal Logs

I've just uninstalled Utorrent by the way.
- June 17, 2012
- 12 replies
Ping.exe and Trojan.dropper.bcminer and redirecting internet

twistid replied to twistid's topic in Resolved Malware Removal Logs

OTL Extras logfile created on: 6/17/2012 5:28:44 PM - Run 1 OTL by OldTimer - Version 3.2.49.0 Folder = C:\Users\napdizzle\Desktop 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 4.00 Gb Total Physical Memory | 1.23 Gb Available Physical Memory | 30.76% Memory free 8.00 Gb Paging File | 5.12 Gb Available in Paging File | 63.98% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 698.54 Gb Total Space | 109.41 Gb Free Space | 15.66% Space Free | Partition Type: NTFS Drive D: | 83.16 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF Drive F: | 465.65 Gb Total Space | 3.47 Gb Free Space | 0.75% Space Free | Partition Type: FAT32 Computer Name: NAPDIZZLE-PC | User Name: napdizzle | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [TVersity] -- "C:\Users\napdizzle\AppData\Local\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [TVersity] -- "C:\Users\napdizzle\AppData\Local\TVersity\Media Server\GUILaunch.exe" -type "folder" -url "%1" -title "" -tags "" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector "{07EEE598-5F21-4B57-B40B-46592625B3D9}" = Zune Language Pack (PTB) "{0C818871-6337-17AC-CA8C-A3942F15D92A}" = AMD Accelerated Video Transcoding "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 "{2C4E2E4E-A7C9-4CCB-BF03-FE6EBD5D4AB7}" = Windows Mobile Device Updater Component "{353D1262-B2D2-AD87-EB5E-6B1395AF9FAE}" = AMD Catalyst Install Manager "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{503640E5-B2ED-3173-D109-D4D03153471A}" = AMD Drag and Drop Transcoding "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{54FFD5AC-7350-52B9-FB8F-1A8A6CF1FB5B}" = AMD Media Foundation Decoders "{551F4187-F029-4240-DEF9-836B5E43CB29}" = AMD Fuel "{5C93E291-A1CC-4E51-85C6-E194209FCDB4}" = Zune Language Pack (PTG) "{6740BCB0-5863-47F4-80F4-44F394DE4FE2}" = Zune Language Pack (NLD) "{6965A8D2-465D-4F98-9FAA-0E9E2348F329}" = Microsoft LifeCam "{6B33492E-FBBC-4EC3-8738-09E16E395A10}" = Zune Language Pack (ESP) "{7006ED29-58F2-40C3-AE87-039287AD20B6}" = Zune "{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{883B114D-BD3E-498F-9DAD-5E4A8E1C43BA}" = HP Deskjet 1000 J110 series Basic Device Software "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007 "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007 "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation "{BE236D9A-52EC-4A17-82DA-84B5EAD31E3E}" = Zune Language Pack (DEU) "{C5D37FFA-7483-410B-982B-91E93FD3B7DA}" = Zune Language Pack (ITA) "{C68D33B1-0204-4EBE-BC45-A6E432B1D13A}" = Zune Language Pack (FRA) "{D6DDB606-CD15-98C7-AA65-6B617EE8CDA5}" = ccc-utility64 "{DA2737A4-B639-96F4-1CC2-30D2919EE1FB}" = AMD Steady Video Plug-In "{E77543EE-6FB5-4FF6-AB70-635392C8C756}" = Microsoft Security Client "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit "CPUID CPU-Z_is1" = CPUID CPU-Z 1.54 "Microsoft Security Client" = Microsoft Security Essentials "WinRAR archiver" = WinRAR archiver "Zune" = Zune [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable "{030C0401-52A9-BE86-D8A7-52C0DA203275}" = CCC Help Swedish "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration "{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0 "{1146E8F3-4057-4F46-B39C-D18AB4BB1523}_is1" = Deus Ex - Human Revolution version 1.0 "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{2602B4DC-7F39-4116-941F-7BFCC60D703F}" = PDG Gold for NCOs - 2009 "{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java 6 Update 26 "{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java 7 Update 4 "{283153BB-CEE6-EE9C-81E8-4350D73354BA}" = CCC Help Turkish "{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger "{2ECA81CA-D932-4AD3-AD59-BF5CCF099C83}" = Catalyst Control Center - Branding "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery "{39445575-7D3A-52AA-152B-7F9423D1AE69}" = CCC Help German "{3C9A3282-9DAE-F492-13F4-6D4D664AC15F}" = CCC Help Spanish "{45C8D17D-B5E0-4e93-8370-4329AB16D2A0}" = Battlefield 3™ Open Beta "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{5236FA8C-4B70-E30E-93EF-F7D3A5E468C7}" = CCC Help Greek "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack "{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV "{586F0E27-0BC5-34DE-AA0B-96D14397910E}" = CCC Help Russian "{5AF7EA0B-F009-CC00-E446-C2286AF80471}" = CCC Help Czech "{5FC116F2-4508-A6FC-15FB-C64F05AB0F26}" = CCC Help Chinese Traditional "{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{685ACA56-004C-4F80-2BC0-951BF278C03F}" = CCC Help Chinese Standard "{6D1AFFC2-AC60-BC3B-2DC9-0D80A1E9CB16}" = CCC Help Thai "{6D8DDB4A-C263-40DE-BA16-AFDAD159D59A}" = Tom Clancy's Splinter Cell Conviction "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762 "{79CFDE3C-4602-85B2-ACF6-83D897B8B33A}" = CCC Help Korean "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83A606F5-BF6F-42ED-9F33-B9F74297CDED}" = Need for Speed Hot Pursuit "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{8972B1C8-B899-0AA0-8596-BFC9AE3311F1}" = CCC Help Finnish "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007 "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007 "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007 "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007 "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007 "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007 "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007 "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581) "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007 "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007 "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007 "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007 "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007 "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007 "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007 "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2) "{92482FB3-C05B-41C6-89E7-75D985602A6E}" = System Requirements Lab "{92BE4E1B-AEFD-DA72-B805-948290A4BB13}" = CCC Help Hungarian "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{9526B61A-1C35-96D1-531B-C8DB1D36C336}" = CCC Help Danish "{96D06FDD-6AF4-4309-BC1B-1C9588B0575E}" = Dead Space™ 2 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9A295F81-04C8-FB18-2D1C-A33AA8A442CA}" = CCC Help French "{A1C962E2-2426-49C6-A38B-9A07E40D607C}" = Microsoft Games for Windows - LIVE "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR "{A64479BE-7DB6-4B07-87B9-70AD85B7EAD2}" = Medal of Honor™ MP Beta "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5 "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3 "{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation "{B3C8C8EF-77E0-1C0D-1CFA-A39E2E898311}" = CCC Help Italian "{B5AD9952-F716-9862-7ED7-734E0328CF7C}" = AMD VISION Engine Control Center "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{C0E69600-E8D1-784D-829C-788D91D65051}" = CCC Help Polish "{C37B1C57-DD9B-D1E0-B933-8EA8D56E2222}" = CCC Help Norwegian "{CA3A3F20-566B-ABB1-A541-3D93C0D09EE5}" = CCC Help Japanese "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D4C4485B-16EB-31A8-C2DE-D778E8E4628B}" = Catalyst Control Center Localization All "{D6C95F4B-86BF-4D75-B1A1-72C650CAC79B}" = Ez_Flash "{DAF650C8-AFE5-3460-E1C4-B9716D2DA5D2}" = Catalyst Control Center InstallProxy "{DDDFCC77-7F9C-45E9-B38E-721BA599BA0C}" = HP Deskjet 1000 J110 series Help "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E0C6F271-FE15-B2D5-FF42-BCA40700DC51}" = CCC Help English "{E1D0A4DC-97BD-CE37-3E89-87D3337E55CA}" = CCC Help Dutch "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{E6FA341F-8840-6B18-5BCE-C7CCEBDFE516}" = Catalyst Control Center Graphics Previews Common "{ED15763E-A6ED-56D2-B0B5-C7D22D4CE248}" = CCC Help Portuguese "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F9835182-794B-4F24-902A-E2CA9D43380F}" = NVIDIA PhysX "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "ArcaniA" = ArcaniA - Gothic 4 "AudioCS" = Creative Audio Control Panel "Battlelog Web Plugins" = Battlelog Web Plugins "Belkin Setup and Router Monitor_is1" = Belkin Setup and Router Monitor "Call of Duty: Black Ops_is1" = Call of Duty: Black Ops "Cities XL 2011" = Cities XL 2011 "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com "Creative Software AutoUpdate" = Creative Software AutoUpdate "Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition "DDA23392-9C73-4909-A221-BC12C6D2664D" = GmoteServer "DFX for Windows Media Player" = DFX for Windows Media Player "Download Manager" = Download Manager 2.3.10 "DriverCleanerDotNET" = Driver Cleaner.NET "ENTERPRISE" = Microsoft Office Enterprise 2007 "ESET Online Scanner" = ESET Online Scanner v3 "ESN Sonar-0.70.0" = ESN Sonar "Fallout New Vegas_is1" = Fallout New Vegas "HotspotShield" = Hotspot Shield 2.53 "Mafia II_is1" = Mafia II "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400 "Mozilla Firefox 13.0.1 (x86 en-US)" = Mozilla Firefox 13.0.1 (x86 en-US) "MozillaMaintenanceService" = Mozilla Maintenance Service "OpenAL" = OpenAL "Origin" = Origin "PFPortChecker" = PFPortChecker 1.0.32 "Postal 2_is1" = Portal 2 "PunkBusterSvc" = PunkBuster Services "Steam App 240" = Counter-Strike: Source "Steam App 24960" = Battlefield: Bad Company 2 "Steam App 400" = Portal "Steam App 41300" = Altitude "Steam App 440" = Team Fortress 2 "Steam App 630" = Alien Swarm "TVersity Codec Pack" = TVersity Codec Pack 1.4 "TVersity Media Server" = TVersity Media Server 1.9.2 "uTorrent" = µTorrent "VLC media player" = VLC media player 1.1.4 "WinLiveSuite" = Windows Live Essentials "WinPcapInst" = WinPcap 4.1.1 "Wireshark" = Wireshark 1.2.6 "Yahoo! Companion" = Yahoo! Toolbar "Yahoo! Messenger" = Yahoo! Messenger "Yahoo! Software Update" = Yahoo! Software Update ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-4061514787-1851555340-1822992461-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Facebook Plug-In" = Facebook Plug-In "FoxTab FLV Player" = FoxTab FLV Player "Google Chrome" = Google Chrome "SOE-DC Universe Online Beta" = DC Universe Online Beta ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 6/17/2012 4:34:20 PM | Computer Name = napdizzle-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Error - 6/17/2012 4:39:31 PM | Computer Name = napdizzle-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Error - 6/17/2012 4:54:22 PM | Computer Name = napdizzle-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Error - 6/17/2012 5:04:25 PM | Computer Name = napdizzle-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Error - 6/17/2012 5:06:33 PM | Computer Name = napdizzle-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Error - 6/17/2012 5:07:21 PM | Computer Name = napdizzle-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Error - 6/17/2012 5:08:00 PM | Computer Name = napdizzle-PC | Source = SideBySide | ID = 16842832 Description = Activation context generation failed for "C:\Users\napdizzle\Downloads\esetsmartinstaller_enu.exe".Error in manifest or policy file "" on line . A component version required by the application conflicts with another component version already active. Conflicting components are:. Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_fa645303170382f6.manifest. Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc.manifest. Error - 6/17/2012 5:15:28 PM | Computer Name = napdizzle-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Error - 6/17/2012 5:19:26 PM | Computer Name = napdizzle-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Error - 6/17/2012 5:20:03 PM | Computer Name = napdizzle-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . Error - 6/17/2012 5:22:17 PM | Computer Name = napdizzle-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107 Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. . [ System Events ] Error - 6/16/2012 2:35:19 AM | Computer Name = napdizzle-PC | Source = Service Control Manager | ID = 7000 Description = The NTPort Library Driver service failed to start due to the following error: %%1275 Error - 6/17/2012 4:40:10 PM | Computer Name = napdizzle-PC | Source = Service Control Manager | ID = 7034 Description = The TVersityMediaServer service terminated unexpectedly. It has done this 1 time(s). Error - 6/17/2012 4:43:33 PM | Computer Name = napdizzle-PC | Source = Service Control Manager | ID = 7000 Description = The AODDriver4.1 service failed to start due to the following error: %%2 Error - 6/17/2012 4:43:33 PM | Computer Name = napdizzle-PC | Source = Service Control Manager | ID = 7003 Description = The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed. Error - 6/17/2012 4:43:33 PM | Computer Name = napdizzle-PC | Source = Service Control Manager | ID = 7003 Description = The IPsec Policy Agent service depends the following service: BFE. This service might not be installed. Error - 6/17/2012 4:43:34 PM | Computer Name = napdizzle-PC | Source = Application Popup | ID = 1060 Description = \SystemRoot\System32\drivers\zntport.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error - 6/17/2012 4:43:34 PM | Computer Name = napdizzle-PC | Source = Service Control Manager | ID = 7000 Description = The NTPort Library Driver service failed to start due to the following error: %%1275 Error - 6/17/2012 4:43:36 PM | Computer Name = napdizzle-PC | Source = Service Control Manager | ID = 7000 Description = The AODDriver4.1 service failed to start due to the following error: %%2 Error - 6/17/2012 4:43:36 PM | Computer Name = napdizzle-PC | Source = Service Control Manager | ID = 7023 Description = The Computer Browser service terminated with the following error: %%1060 Error - 6/17/2012 4:48:23 PM | Computer Name = napdizzle-PC | Source = Service Control Manager | ID = 7034 Description = The TVersityMediaServer service terminated unexpectedly. It has done this 1 time(s). < End of report >
- June 17, 2012
- 12 replies
Ping.exe and Trojan.dropper.bcminer and redirecting internet

twistid replied to twistid's topic in Resolved Malware Removal Logs

OTL logfile created on: 6/17/2012 5:28:44 PM - Run 1 OTL by OldTimer - Version 3.2.49.0 Folder = C:\Users\napdizzle\Desktop 64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 4.00 Gb Total Physical Memory | 1.23 Gb Available Physical Memory | 30.76% Memory free 8.00 Gb Paging File | 5.12 Gb Available in Paging File | 63.98% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 698.54 Gb Total Space | 109.41 Gb Free Space | 15.66% Space Free | Partition Type: NTFS Drive D: | 83.16 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: UDF Drive F: | 465.65 Gb Total Space | 3.47 Gb Free Space | 0.75% Space Free | Partition Type: FAT32 Computer Name: NAPDIZZLE-PC | User Name: napdizzle | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/06/17 17:27:53 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\napdizzle\Desktop\OTL.exe PRC - [2012/04/10 18:59:14 | 000,542,552 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012/04/04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012/04/02 13:46:58 | 000,329,544 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe PRC - [2011/11/15 13:26:48 | 000,363,336 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe PRC - [2011/09/29 21:59:22 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2010/07/28 03:34:02 | 000,569,752 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe PRC - [2010/07/28 03:33:58 | 006,995,864 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe PRC - [2010/07/28 03:33:58 | 001,485,208 | ---- | M] (Affinegy, Inc.) -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe PRC - [2010/04/01 04:16:20 | 000,357,696 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe PRC - [2010/02/17 05:30:48 | 005,244,216 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe PRC - [2009/07/13 20:14:28 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\PING.EXE PRC - [2009/02/22 21:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe PRC - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe ========== Modules (No Company Name) ========== MOD - [2010/07/28 03:34:04 | 000,022,424 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinServicePS.dll MOD - [2010/07/28 03:02:58 | 000,658,432 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\gateways\GenericBelkinGatewayLOC.dll MOD - [2010/06/23 04:12:28 | 007,187,456 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtGui4.dll MOD - [2010/06/23 04:11:52 | 000,325,632 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtXml4.dll MOD - [2010/06/23 04:11:48 | 001,954,304 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtCore4.dll MOD - [2010/06/23 04:11:48 | 000,847,360 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\QtNetwork4.dll MOD - [2010/06/23 03:38:18 | 000,119,808 | ---- | M] () -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\imageformats\qjpeg4.dll MOD - [2010/02/17 05:30:46 | 000,929,792 | ---- | M] () -- C:\Program Files (x86)\Yahoo!\Messenger\yui.dll MOD - [2009/07/13 20:15:51 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2012/02/14 22:16:40 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV:64bit: - [2012/02/14 22:13:00 | 000,235,520 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2010/11/11 00:36:38 | 000,282,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv) SRV:64bit: - [2010/09/23 23:17:16 | 000,467,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc) SRV:64bit: - [2010/09/23 23:17:16 | 000,306,416 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\WMZuneComm.exe -- (WMZuneComm) SRV:64bit: - [2010/09/23 23:17:10 | 008,251,120 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Zune\ZuneNss.exe -- (ZuneNetworkSvc) SRV:64bit: - [2010/05/20 01:26:28 | 000,199,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc) SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Unknown] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012/06/17 12:48:04 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/04/10 19:06:10 | 000,077,520 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.exe -- (HssTrayService) SRV - [2012/04/10 18:59:14 | 000,542,552 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe -- (hshld) SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012/04/02 13:46:58 | 000,329,544 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -- (HssWd) SRV - [2011/11/15 13:26:48 | 000,363,336 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv) SRV - [2011/09/29 21:59:22 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2011/07/01 16:55:08 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2011/06/26 01:45:56 | 000,256,000 | ---- | M] () [Auto | Stopped] -- C:\32788R22FWJFW\pev.3XE -- (PEVSystemStart) SRV - [2011/01/31 18:55:19 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service) SRV - [2010/07/28 03:34:02 | 000,569,752 | ---- | M] (Affinegy, Inc.) [Auto | Running] -- C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe -- (AffinegyService) SRV - [2010/07/25 01:26:02 | 000,884,736 | ---- | M] () [Auto | Stopped] -- C:\Users\napdizzle\AppData\Local\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer) SRV - [2009/10/20 13:19:48 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental) SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009/02/22 21:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService) SRV - [2008/11/09 15:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012/02/14 22:48:32 | 010,856,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012/02/14 21:13:12 | 000,327,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012/01/03 22:22:54 | 000,055,936 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.1) DRV:64bit: - [2012/01/03 22:22:54 | 000,055,936 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.01) DRV:64bit: - [2011/12/05 14:47:30 | 000,095,248 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2010/10/24 07:25:38 | 000,072,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv) DRV:64bit: - [2010/05/20 01:26:28 | 000,036,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo) DRV:64bit: - [2010/04/03 10:40:33 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2010/03/30 09:35:04 | 000,020,968 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz133_x64.sys -- (cpuz133) DRV:64bit: - [2010/02/17 19:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64) DRV:64bit: - [2010/01/28 09:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV:64bit: - [2010/01/08 18:42:40 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss) DRV:64bit: - [2009/10/20 13:19:54 | 000,047,632 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF) DRV:64bit: - [2009/07/13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2009/07/13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009/07/13 20:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/13 19:09:02 | 000,120,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\irda.sys -- (irda) DRV:64bit: - [2009/06/10 15:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7) DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/06/04 05:49:58 | 001,561,112 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ha20x2k.sys -- (ha20x2k) DRV:64bit: - [2009/06/04 05:49:42 | 000,118,296 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emupia2k.sys -- (emupia) DRV:64bit: - [2009/06/04 05:49:34 | 000,213,016 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctsfm2k.sys -- (ctsfm2k) DRV:64bit: - [2009/06/04 05:49:26 | 000,015,896 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctprxy2k.sys -- (ctprxy2k) DRV:64bit: - [2009/06/04 05:49:18 | 000,179,224 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctoss2k.sys -- (ossrv) DRV:64bit: - [2009/06/04 05:49:08 | 000,684,312 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM) DRV:64bit: - [2009/06/04 05:49:00 | 000,580,632 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ctac32k.sys -- (ctac32k) DRV:64bit: - [2009/06/04 05:48:50 | 001,417,240 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX.SYS) DRV:64bit: - [2009/06/04 05:48:50 | 001,417,240 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTEXFIFX.sys -- (CTEXFIFX) DRV:64bit: - [2009/06/04 05:48:38 | 000,094,744 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT.SYS) DRV:64bit: - [2009/06/04 05:48:38 | 000,094,744 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CTHWIUT.sys -- (CTHWIUT) DRV:64bit: - [2009/06/04 05:48:30 | 000,202,776 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT.SYS) DRV:64bit: - [2009/06/04 05:48:30 | 000,202,776 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CT20XUT.sys -- (CT20XUT) DRV:64bit: - [2008/01/19 09:36:12 | 000,027,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\irsir.sys -- (irsir) DRV:64bit: - [2007/12/22 18:41:38 | 000,012,344 | ---- | M] (Zeal SoftStudio) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\zntport.sys -- (zntport) DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2007/12/22 18:41:38 | 000,012,344 | ---- | M] (Zeal SoftStudio) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\ZNTPORT.SYS -- (zntport) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-4061514787-1851555340-1822992461-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp IE - HKU\S-1-5-21-4061514787-1851555340-1822992461-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKU\S-1-5-21-4061514787-1851555340-1822992461-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2F 47 6D 55 6D C7 CC 01 [binary data] IE - HKU\S-1-5-21-4061514787-1851555340-1822992461-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-4061514787-1851555340-1822992461-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://findgala.com/?&uid=3127&q={searchTerms} IE - HKU\S-1-5-21-4061514787-1851555340-1822992461-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "http://www.facebook.com/|www.gmail.com" FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.0: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=0.80.0: C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@fileplanet.com/fpdlm: C:\Program Files (x86)\Download Manager\npfpdlm.dll (IGN Entertainment) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\napdizzle\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( ) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\napdizzle\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\napdizzle\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/17 12:48:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/06/11 19:34:34 | 000,000,000 | ---D | M] [2010/03/08 19:55:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\napdizzle\AppData\Roaming\Mozilla\Extensions [2012/05/22 18:48:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\napdizzle\AppData\Roaming\Mozilla\Firefox\Profiles\8dpkf5f0.default\extensions [2012/05/22 18:48:42 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\napdizzle\AppData\Roaming\Mozilla\Firefox\Profiles\8dpkf5f0.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2012/05/21 23:49:20 | 000,001,210 | ---- | M] () -- C:\Users\napdizzle\AppData\Roaming\Mozilla\Firefox\Profiles\8dpkf5f0.default\searchplugins\search.xml [2012/01/01 02:40:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2011/12/30 00:32:38 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2011/08/26 15:10:10 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Program Files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com [2012/06/17 12:48:04 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012/06/17 12:48:03 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/06/17 12:48:03 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\napdizzle\AppData\Local\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\napdizzle\AppData\Local\Google\Chrome\Application\19.0.1084.56\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\napdizzle\AppData\Local\Google\Chrome\Application\19.0.1084.56\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdivx32.dll CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll CHR - plugin: IGN Download Manager Plug-in (Enabled) = C:\Program Files (x86)\Download Manager\npfpdlm.dll CHR - plugin: Google Update (Enabled) = C:\Users\napdizzle\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll CHR - plugin: Facebook Plugin (Enabled) = C:\Users\napdizzle\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\hssie\HssIE_64.dll (AnchorFree Inc.) O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.) O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\hssie\HssIE.dll (AnchorFree Inc.) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.) O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [Zune Launcher] c:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation) O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [CTxfiHlp] C:\Windows\SysWow64\Ctxfihlp.exe (Creative Technology Ltd) O4 - HKLM..\Run: [instaLAN] C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe (Affinegy, Inc.) O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-21-4061514787-1851555340-1822992461-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-4061514787-1851555340-1822992461-1000..\Run: [igndlm.exe] C:\Program Files (x86)\Download Manager\DLM.exe (IGN Entertainment) O4 - HKU\S-1-5-21-4061514787-1851555340-1822992461-1000..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) O4 - HKU\S-1-5-21-4061514787-1851555340-1822992461-1000..\Run: [RGSC] C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe (Take-Two Interactive Software, Inc.) O4 - HKU\S-1-5-21-4061514787-1851555340-1822992461-1000..\Run: [steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation) O4 - HKU\S-1-5-21-4061514787-1851555340-1822992461-1000..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-4061514787-1851555340-1822992461-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-4061514787-1851555340-1822992461-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-4061514787-1851555340-1822992461-1000\..Trusted Domains: soe.com ([]* in Trusted sites) O15 - HKU\S-1-5-21-4061514787-1851555340-1822992461-1000\..Trusted Domains: sony.com ([]* in Trusted sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 10.4.1) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 10.4.1) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{249BD807-FFCF-443B-90E5-952C3A29DE0F}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{67986829-03FE-4B19-B19C-30F44ABEFE5B}: DhcpNameServer = 10.36.16.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010/03/11 11:09:30 | 000,000,037 | R--- | M] () - D:\autorun.inf -- [ UDF ] O32 - AutoRun File - [2007/10/13 04:00:32 | 000,000,000 | ---D | M] - F:\autorun -- [ FAT32 ] O32 - AutoRun File - [2007/05/18 10:37:12 | 000,000,069 | RH-- | M] () - F:\autorun.inf -- [ FAT32 ] O33 - MountPoints2\{3a8a2dca-2b06-11df-8dd8-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{3a8a2dca-2b06-11df-8dd8-806e6f6e6963}\Shell\AutoRun\command - "" = D:\PhotoApp.exe -- [2010/03/11 11:09:30 | 004,965,304 | R--- | M] () O33 - MountPoints2\{3a8a2deb-2b06-11df-8dd8-806e6f6e6963}\Shell\AutoRun\command - "" = F:\autorun.exe O33 - MountPoints2\{3a8a2deb-2b06-11df-8dd8-806e6f6e6963}\Shell\phone\command - "" = F:\autorun.exe O33 - MountPoints2\{7cc6650c-3f37-11df-bee5-000129a79902}\Shell - "" = AutoRun O33 - MountPoints2\{7cc6650c-3f37-11df-bee5-000129a79902}\Shell\AutoRun\command - "" = G:\INSTALL.EXE O33 - MountPoints2\{de43be15-2ca4-11e1-806b-000129a79902}\Shell - "" = AutoRun O33 - MountPoints2\{de43be15-2ca4-11e1-806b-000129a79902}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a O33 - MountPoints2\{f9d0803b-336b-11e1-9006-000129a79902}\Shell - "" = AutoRun O33 - MountPoints2\{f9d0803b-336b-11e1-9006-000129a79902}\Shell\AutoRun\command - "" = K:\setup.exe -a O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\autorun.exe O33 - MountPoints2\F\Shell\phone\command - "" = F:\autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/06/17 17:27:51 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\napdizzle\Desktop\OTL.exe [2012/06/17 16:08:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012/06/17 15:44:36 | 000,000,000 | ---D | C] -- C:\Users\napdizzle\AppData\Local\{CE85CE9E-B705-41A9-A4EE-3BA45ADB3D9A} [2012/06/16 01:37:17 | 000,000,000 | ---D | C] -- C:\Users\napdizzle\AppData\Local\{00121ED0-6BA3-4EB4-8901-ED00E2FE8D61} [2012/06/12 21:10:10 | 000,000,000 | ---D | C] -- C:\update [2012/06/12 21:10:10 | 000,000,000 | ---D | C] -- C:\hsswd [2012/06/12 21:10:10 | 000,000,000 | ---D | C] -- C:\hssff [2012/06/12 21:10:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Hotspot Shield [2012/06/11 21:03:59 | 000,000,000 | ---D | C] -- C:\Users\napdizzle\AppData\Local\Skyrim [2012/06/11 20:26:51 | 000,000,000 | ---D | C] -- C:\Users\napdizzle\AppData\Local\{417C1B19-9E0F-4373-85A1-530EF725C547} [2012/06/11 20:06:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razor 1911 [2012/06/11 20:06:19 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_6.dll [2012/06/11 20:06:19 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll [2012/06/11 20:06:19 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_4.dll [2012/06/11 20:06:19 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll [2012/06/11 20:06:18 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll [2012/06/11 20:06:18 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_6.dll [2012/06/11 20:06:18 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_7.dll [2012/06/11 20:06:18 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll [2012/06/11 20:01:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Elder Scrolls V Skyrim [2012/06/11 19:43:43 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2012/06/11 19:36:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012/06/11 19:34:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle [2012/06/11 19:34:34 | 000,772,504 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2012/06/11 08:26:26 | 000,000,000 | ---D | C] -- C:\Users\napdizzle\AppData\Local\{06E32F9D-600F-46A4-A06C-13207BEB2174} [2012/06/11 08:26:15 | 000,000,000 | ---D | C] -- C:\Users\napdizzle\AppData\Local\{64AF2943-7B43-4284-A562-3D3E352A2DF3} [2012/06/10 20:34:31 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012/06/10 20:34:31 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012/06/10 20:34:31 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012/06/10 20:34:26 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2012/06/10 20:34:25 | 000,000,000 | --SD | C] -- C:\ComboFix [2012/06/10 20:34:15 | 000,000,000 | ---D | C] -- C:\Qoobox [2012/06/10 20:34:03 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW [2012/06/10 20:25:49 | 000,000,000 | ---D | C] -- C:\Users\napdizzle\AppData\Local\{89CF3D2F-66E1-4867-8E2D-CD5698DD685C} [2012/06/10 20:25:34 | 000,000,000 | ---D | C] -- C:\Users\napdizzle\AppData\Local\{F355C043-FEBE-439F-91E5-C4B0D130E74F} [2012/06/10 20:24:37 | 000,000,000 | ---D | C] -- C:\Windows\en [2012/06/10 20:15:52 | 000,000,000 | ---D | C] -- C:\Users\napdizzle\AppData\Local\{220F9A20-E422-49BA-885B-DF5509174EE4} [2012/06/10 20:15:39 | 000,000,000 | ---D | C] -- C:\Users\napdizzle\AppData\Local\{9BFAD569-CCF0-4D7A-8BCB-E0C4F119BDDE} [2012/06/10 19:32:35 | 000,426,184 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012/06/10 18:36:31 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA% [2012/06/10 16:33:14 | 000,000,000 | ---D | C] -- C:\Users\napdizzle\Desktop\skyrim [2012/05/30 15:53:02 | 000,000,000 | ---D | C] -- C:\Users\napdizzle\AppData\Local\{ACECDD50-E09F-46BB-A07B-2D9A43BD8579} [2012/05/30 15:52:34 | 000,000,000 | ---D | C] -- C:\Users\napdizzle\AppData\Local\{E0918699-3109-45AA-B4B9-8FD1DE156650} [2012/05/29 09:22:17 | 000,000,000 | ---D | C] -- C:\Users\napdizzle\Desktop\investment [2012/05/23 09:13:39 | 000,000,000 | ---D | C] -- C:\Users\napdizzle\AppData\Local\{EAC9A3A3-B853-48B6-B69D-D48B58F97D9E} [2012/05/23 09:13:25 | 000,000,000 | ---D | C] -- C:\Users\napdizzle\AppData\Local\{7F0A22DD-F753-4759-88F2-68F5E1F805A1} [2012/05/21 23:34:14 | 000,000,000 | ---D | C] -- C:\Users\napdizzle\AppData\Local\{4C1A56FE-673C-4191-89C1-00F7A71804CD} [2012/05/21 23:33:52 | 000,000,000 | ---D | C] -- C:\Users\napdizzle\AppData\Local\{FEA777D8-6B8F-4C32-B2AB-15AA29387CC6} [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/06/17 17:27:53 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\napdizzle\Desktop\OTL.exe [2012/06/17 16:42:08 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4061514787-1851555340-1822992461-1000UA.job [2012/06/17 16:09:42 | 000,000,512 | ---- | M] () -- C:\Users\napdizzle\Desktop\MBR.dat [2012/06/17 15:48:34 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/06/17 15:48:34 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/06/17 15:48:00 | 000,717,324 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/06/17 15:48:00 | 000,617,222 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/06/17 15:48:00 | 000,104,496 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/06/17 15:43:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/06/17 15:43:09 | 3220,824,064 | -HS- | M] () -- C:\hiberfil.sys [2012/06/17 15:40:19 | 000,061,160 | ---- | M] () -- C:\Windows\SysNative\BMXStateBkp-{00000003-00000000-00000007-00001102-00000005-00211102}.rfx [2012/06/17 15:40:19 | 000,061,160 | ---- | M] () -- C:\Windows\SysNative\BMXState-{00000003-00000000-00000007-00001102-00000005-00211102}.rfx [2012/06/17 15:40:19 | 000,000,788 | ---- | M] () -- C:\Windows\SysNative\DVCState-{00000003-00000000-00000007-00001102-00000005-00211102}.rfx [2012/06/16 23:42:00 | 000,000,872 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4061514787-1851555340-1822992461-1000Core.job [2012/06/16 01:32:31 | 002,329,218 | ---- | M] () -- C:\Users\napdizzle\Desktop\boat.xps [2012/06/11 19:34:25 | 000,174,024 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2012/06/11 19:34:25 | 000,174,024 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2012/06/10 19:32:35 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012/06/10 19:32:35 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012/06/05 22:32:36 | 193,474,269 | ---- | M] () -- C:\Users\napdizzle\Desktop\01-nicolas_jaar_-_essential_mix-sat-05-19-2012-talion.mp3 [2012/06/05 22:32:14 | 000,011,760 | -HS- | M] () -- C:\Users\napdizzle\Desktop\Folder.jpg [2012/06/05 22:32:14 | 000,011,760 | -HS- | M] () -- C:\Users\napdizzle\Desktop\AlbumArt_{D8F020C2-866C-4DCE-B014-A4742941E853}_Large.jpg [2012/06/05 22:32:14 | 000,002,401 | -HS- | M] () -- C:\Users\napdizzle\Desktop\AlbumArtSmall.jpg [2012/06/05 22:32:14 | 000,002,401 | -HS- | M] () -- C:\Users\napdizzle\Desktop\AlbumArt_{D8F020C2-866C-4DCE-B014-A4742941E853}_Small.jpg [2012/05/28 09:52:03 | 000,000,913 | ---- | M] () -- C:\Users\Public\Desktop\CPUID CPU-Z.lnk [2012/05/22 23:43:50 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk [2012/05/21 23:49:20 | 000,001,731 | ---- | M] () -- C:\Users\napdizzle\Desktop\Computer.lnk [2012/05/21 23:49:20 | 000,000,288 | ---- | M] () -- C:\Users\napdizzle\AppData\Roaming\9F513D51.reg [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/06/17 16:56:43 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{4d28bc9a-4a99-aa15-c3b2-0458967b9fe1}\U\00000008.@ [2012/06/17 16:56:41 | 000,093,696 | ---- | C] () -- C:\Windows\Installer\{4d28bc9a-4a99-aa15-c3b2-0458967b9fe1}\U\80000032.@ [2012/06/17 16:56:40 | 000,076,800 | ---- | C] () -- C:\Windows\Installer\{4d28bc9a-4a99-aa15-c3b2-0458967b9fe1}\U\80000064.@ [2012/06/17 16:56:40 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{4d28bc9a-4a99-aa15-c3b2-0458967b9fe1}\U\80000000.@ [2012/06/17 16:09:42 | 000,000,512 | ---- | C] () -- C:\Users\napdizzle\Desktop\MBR.dat [2012/06/17 16:09:27 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{4d28bc9a-4a99-aa15-c3b2-0458967b9fe1}\U\00000004.@ [2012/06/17 16:09:27 | 000,001,584 | ---- | C] () -- C:\Windows\Installer\{4d28bc9a-4a99-aa15-c3b2-0458967b9fe1}\U\000000cb.@ [2012/06/17 16:09:27 | 000,000,773 | ---- | C] () -- C:\Windows\Installer\{4d28bc9a-4a99-aa15-c3b2-0458967b9fe1}\L\00000004.@ [2012/06/16 01:32:30 | 002,329,218 | ---- | C] () -- C:\Users\napdizzle\Desktop\boat.xps [2012/06/10 20:35:16 | 000,001,584 | ---- | C] () -- C:\Users\napdizzle\AppData\Local\{4d28bc9a-4a99-aa15-c3b2-0458967b9fe1}\U\000000cb.@ [2012/06/10 20:35:16 | 000,001,536 | ---- | C] () -- C:\Users\napdizzle\AppData\Local\{4d28bc9a-4a99-aa15-c3b2-0458967b9fe1}\U\00000004.@ [2012/06/10 20:35:16 | 000,000,740 | ---- | C] () -- C:\Users\napdizzle\AppData\Local\{4d28bc9a-4a99-aa15-c3b2-0458967b9fe1}\L\00000004.@ [2012/06/10 20:34:31 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012/06/10 20:34:31 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012/06/10 20:34:31 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012/06/10 20:34:31 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012/06/10 20:34:31 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012/06/05 22:32:14 | 000,011,760 | -HS- | C] () -- C:\Users\napdizzle\Desktop\AlbumArt_{D8F020C2-866C-4DCE-B014-A4742941E853}_Large.jpg [2012/06/05 22:32:14 | 000,002,401 | -HS- | C] () -- C:\Users\napdizzle\Desktop\AlbumArt_{D8F020C2-866C-4DCE-B014-A4742941E853}_Small.jpg [2012/05/22 21:33:01 | 000,090,439 | ---- | C] () -- C:\Users\napdizzle\Desktop\2012-05-22_20-31-52_370.jpg [2012/05/22 19:00:02 | 193,474,269 | ---- | C] () -- C:\Users\napdizzle\Desktop\01-nicolas_jaar_-_essential_mix-sat-05-19-2012-talion.mp3 [2012/05/21 23:49:20 | 000,001,731 | ---- | C] () -- C:\Users\napdizzle\Desktop\Computer.lnk [2012/05/21 23:49:20 | 000,000,288 | ---- | C] () -- C:\Users\napdizzle\AppData\Roaming\9F513D51.reg [2012/02/14 22:05:16 | 000,054,784 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll [2012/02/14 21:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012/02/14 21:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012/01/31 06:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2011/12/30 22:17:33 | 000,011,946 | -HS- | C] () -- C:\Users\napdizzle\AppData\Local\121ttv68j532vb67d2pmg2e107012j02r3742 [2011/12/30 22:17:33 | 000,011,946 | -HS- | C] () -- C:\ProgramData\121ttv68j532vb67d2pmg2e107012j02r3742 [2011/09/25 05:00:11 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\cd.dat [2011/09/12 17:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011/02/23 04:37:37 | 000,730,638 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011/01/01 00:55:35 | 000,000,110 | ---- | C] () -- C:\ProgramData\{2602B4DC-7F39-4116-941F-7BFCC60D703F}_WiseFW.ini [2010/07/08 09:43:57 | 000,007,680 | ---- | C] () -- C:\Users\napdizzle\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/07/13 18:22:13 | 000,002,048 | -HS- | C] () -- C:\Users\napdizzle\AppData\Local\{4d28bc9a-4a99-aa15-c3b2-0458967b9fe1}\@ < End of report >
- June 17, 2012
- 12 replies
Ping.exe and Trojan.dropper.bcminer and redirecting internet

twistid replied to twistid's topic in Resolved Malware Removal Logs

I happend to run ESET I found in another thread... C:\Program Files (x86)\FoxTabFLVPlayer\FLVPlayer.exe a variant of Win32/InstallCore.A application cleaned by deleting - quarantined C:\Program Files (x86)\Ubisoft\Tom Clancy's Splinter Cell Conviction\src\system\ubiorbitapi_r2.dll a variant of Win32/Packed.VMProtect.AAA trojan cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\Windows\Installer\{4d28bc9a-4a99-aa15-c3b2-0458967b9fe1}\n.vir Win64/Sirefef.W trojan cleaned by deleting (after the next restart) - quarantined C:\Qoobox\Quarantine\C\Windows\Installer\{4d28bc9a-4a99-aa15-c3b2-0458967b9fe1}\U\00000008.@.vir Win64/Agent.BA trojan cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\Windows\Installer\{4d28bc9a-4a99-aa15-c3b2-0458967b9fe1}\U\80000000.@.vir Win64/Sirefef.AE trojan cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\Windows\Installer\{4d28bc9a-4a99-aa15-c3b2-0458967b9fe1}\U\80000032.@.vir probably a variant of Win32/Sirefef.EU trojan cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\Windows\Installer\{4d28bc9a-4a99-aa15-c3b2-0458967b9fe1}\U\80000064.@.vir Win64/Sirefef.AE trojan cleaned by deleting - quarantined C:\Users\napdizzle\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WIU8YK9B\8[1].exe Win32/Simda.B trojan cleaned by deleting - quarantined C:\Users\napdizzle\AppData\Local\Mozilla\Firefox\Profiles\8dpkf5f0.default\Cache\5\31\CEE37d01 HTML/ScrInject.B.Gen virus deleted - quarantined C:\Users\napdizzle\AppData\Local\Mozilla\Firefox\Profiles\8dpkf5f0.default\Cache\8\68\F56D7d01 HTML/Iframe.B.Gen virus deleted - quarantined C:\Users\napdizzle\AppData\Local\Temp\B55A.tmp Win32/Simda.B trojan cleaned by deleting - quarantined C:\Users\napdizzle\AppData\Local\Temp\Main.class a variant of Java/Exploit.CVE-2011-3544.BK trojan cleaned by deleting - quarantined C:\Users\napdizzle\AppData\Local\Temp\NOD7338.tmp Win64/Sirefef.W trojan cleaned by deleting (after the next restart) - quarantined C:\Users\napdizzle\AppData\Local\Temp\is1438683437\MyBabylonTB.exe Win32/Toolbar.Babylon application cleaned by deleting - quarantined C:\Users\napdizzle\AppData\Local\{4d28bc9a-4a99-aa15-c3b2-0458967b9fe1}\n Win64/Sirefef.W trojan cleaned by deleting (after the next restart) - quarantined C:\Users\napdizzle\AppData\Local\{4d28bc9a-4a99-aa15-c3b2-0458967b9fe1}\U\80000000.@ Win64/Sirefef.AE trojan cleaned by deleting - quarantined C:\Users\napdizzle\AppData\Local\{4d28bc9a-4a99-aa15-c3b2-0458967b9fe1}\U\80000032.@ probably a variant of Win32/Sirefef.EU trojan cleaned by deleting - quarantined C:\Users\napdizzle\AppData\Local\{4d28bc9a-4a99-aa15-c3b2-0458967b9fe1}\U\80000064.@ Win64/Sirefef.AE trojan cleaned by deleting - quarantined C:\Users\napdizzle\Downloads\driverperformer_849.exe a variant of Win32/InstallIQ application cleaned by deleting - quarantined C:\Users\napdizzle\Downloads\HSS-1.37-install-anchorfree-76-conduit.exe a variant of Win32/HotSpotShield application cleaned by deleting - quarantined C:\Windows\Installer\{4d28bc9a-4a99-aa15-c3b2-0458967b9fe1}\U\00000008.@ Win64/Agent.BA trojan cleaned by deleting - quarantined C:\Windows\Installer\{4d28bc9a-4a99-aa15-c3b2-0458967b9fe1}\U\80000000.@ Win64/Sirefef.AE trojan cleaned by deleting - quarantined C:\Windows\Installer\{4d28bc9a-4a99-aa15-c3b2-0458967b9fe1}\U\80000032.@ probably a variant of Win32/Sirefef.EU trojan cleaned by deleting - quarantined C:\Windows\Installer\{4d28bc9a-4a99-aa15-c3b2-0458967b9fe1}\U\80000064.@ Win64/Sirefef.AE trojan cleaned by deleting - quarantined Operating memory a variant of Win32/Sirefef.EZ trojan I'll start on OTL
- June 17, 2012
- 12 replies
Ping.exe and Trojan.dropper.bcminer and redirecting internet

twistid replied to twistid's topic in Resolved Malware Removal Logs

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-06-17 16:08:57 ----------------------------- 16:08:57.585 OS Version: Windows x64 6.1.7600 16:08:57.585 Number of processors: 4 586 0x403 16:08:57.586 ComputerName: NAPDIZZLE-PC UserName: napdizzle 16:09:02.107 Initialize success 16:09:14.077 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 16:09:14.079 Disk 0 Vendor: WDC_WD7501AALS-00E8B0 05.00K05 Size: 715404MB BusType: 3 16:09:14.086 Disk 0 MBR read successfully 16:09:14.088 Disk 0 MBR scan 16:09:14.089 Disk 0 Windows 7 default MBR code 16:09:14.096 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048 16:09:14.102 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 715302 MB offset 206848 16:09:14.105 Disk 0 scanning C:\Windows\system32\drivers 16:09:17.935 Service scanning 16:09:25.568 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32 16:09:29.249 Modules scanning 16:09:29.253 Disk 0 trace - called modules: 16:09:29.261 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa80047042c0]<<spry.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys 16:09:29.264 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004b00060] 16:09:29.590 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> [0xfffffa800484d520] 16:09:29.593 5 ACPI.sys[fffff88000c0b781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800484f060] 16:09:29.596 \Driver\atapi[0xfffffa8004836360] -> IRP_MJ_CREATE -> 0xfffffa80047042c0 16:09:29.599 Scan finished successfully 16:09:42.055 Disk 0 MBR has been saved successfully to "C:\Users\napdizzle\Desktop\MBR.dat" 16:09:42.058 The log file has been saved successfully to "C:\Users\napdizzle\Desktop\aswMBR.txt"
- June 17, 2012
- 12 replies
Ping.exe and Trojan.dropper.bcminer and redirecting internet

twistid replied to twistid's topic in Resolved Malware Removal Logs

15:35:01.0502 5044 b06bdrv - ok 15:35:01.0519 5044 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 15:35:01.0528 5044 b57nd60a - ok 15:35:01.0556 5044 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll 15:35:01.0563 5044 BDESVC - ok 15:35:01.0568 5044 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 15:35:01.0589 5044 Beep - ok 15:35:01.0654 5044 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll 15:35:01.0695 5044 BITS - ok 15:35:01.0702 5044 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 15:35:01.0708 5044 blbdrive - ok 15:35:01.0718 5044 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys 15:35:01.0740 5044 bowser - ok 15:35:01.0751 5044 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 15:35:01.0759 5044 BrFiltLo - ok 15:35:01.0771 5044 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 15:35:01.0778 5044 BrFiltUp - ok 15:35:01.0794 5044 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys 15:35:01.0816 5044 BridgeMP - ok 15:35:01.0835 5044 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll 15:35:01.0857 5044 Browser - ok 15:35:01.0875 5044 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 15:35:01.0885 5044 Brserid - ok 15:35:01.0895 5044 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 15:35:01.0904 5044 BrSerWdm - ok 15:35:01.0906 5044 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 15:35:01.0914 5044 BrUsbMdm - ok 15:35:01.0916 5044 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 15:35:01.0922 5044 BrUsbSer - ok 15:35:01.0934 5044 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 15:35:01.0942 5044 BTHMODEM - ok 15:35:01.0949 5044 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll 15:35:01.0971 5044 bthserv - ok 15:35:01.0980 5044 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 15:35:02.0002 5044 cdfs - ok 15:35:02.0015 5044 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys 15:35:02.0023 5044 cdrom - ok 15:35:02.0032 5044 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll 15:35:02.0054 5044 CertPropSvc - ok 15:35:02.0057 5044 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 15:35:02.0065 5044 circlass - ok 15:35:02.0090 5044 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 15:35:02.0099 5044 CLFS - ok 15:35:02.0146 5044 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 15:35:02.0150 5044 clr_optimization_v2.0.50727_32 - ok 15:35:02.0214 5044 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 15:35:02.0218 5044 clr_optimization_v2.0.50727_64 - ok 15:35:02.0221 5044 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 15:35:02.0227 5044 CmBatt - ok 15:35:02.0229 5044 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys 15:35:02.0234 5044 cmdide - ok 15:35:02.0265 5044 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys 15:35:02.0286 5044 CNG - ok 15:35:02.0298 5044 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 15:35:02.0303 5044 Compbatt - ok 15:35:02.0310 5044 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys 15:35:02.0318 5044 CompositeBus - ok 15:35:02.0320 5044 COMSysApp - ok 15:35:02.0355 5044 cpuz133 (641243746597fbd650e5000d95811ea3) C:\Windows\system32\drivers\cpuz133_x64.sys 15:35:02.0359 5044 cpuz133 - ok 15:35:02.0370 5044 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 15:35:02.0374 5044 crcdisk - ok 15:35:02.0427 5044 Creative Audio Engine Licensing Service (c0ead9f8ab83d41ff07303c75589c2b8) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe 15:35:02.0430 5044 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - warning 15:35:02.0430 5044 Creative Audio Engine Licensing Service - detected UnsignedFile.Multi.Generic (1) 15:35:02.0447 5044 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll 15:35:02.0470 5044 CryptSvc - ok 15:35:02.0496 5044 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys 15:35:02.0523 5044 CSC - ok 15:35:02.0561 5044 CscService (873fbf927c06e5cee04dec617502f8fd) C:\Windows\System32\cscsvc.dll 15:35:02.0581 5044 CscService - ok 15:35:02.0610 5044 CT20XUT (b3b541b3b25adb02d793c51953b22491) C:\Windows\system32\drivers\CT20XUT.SYS 15:35:02.0616 5044 CT20XUT - ok 15:35:02.0619 5044 CT20XUT.SYS (b3b541b3b25adb02d793c51953b22491) C:\Windows\System32\drivers\CT20XUT.SYS 15:35:02.0624 5044 CT20XUT.SYS - ok 15:35:02.0653 5044 ctac32k (f2e098f140b769ae62803e89230f11a9) C:\Windows\system32\drivers\ctac32k.sys 15:35:02.0665 5044 ctac32k - ok 15:35:02.0710 5044 ctaud2k (5c315e9dabf63d9d12973585a6113066) C:\Windows\system32\drivers\ctaud2k.sys 15:35:02.0729 5044 ctaud2k - ok 15:35:02.0784 5044 CTAudSvcService (07ba6d17e66879018b30b6c3f976ebed) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe 15:35:02.0789 5044 CTAudSvcService ( UnsignedFile.Multi.Generic ) - warning 15:35:02.0789 5044 CTAudSvcService - detected UnsignedFile.Multi.Generic (1) 15:35:02.0866 5044 CTEXFIFX (59d681564c6d5cd72890082925501be9) C:\Windows\system32\drivers\CTEXFIFX.SYS 15:35:02.0895 5044 CTEXFIFX - ok 15:35:03.0058 5044 CTEXFIFX.SYS (59d681564c6d5cd72890082925501be9) C:\Windows\System32\drivers\CTEXFIFX.SYS 15:35:03.0075 5044 CTEXFIFX.SYS - ok 15:35:03.0120 5044 CTHWIUT (d0ebcff35fe9a4f9d3ca2fd6a38bee56) C:\Windows\system32\drivers\CTHWIUT.SYS 15:35:03.0125 5044 CTHWIUT - ok 15:35:03.0127 5044 CTHWIUT.SYS (d0ebcff35fe9a4f9d3ca2fd6a38bee56) C:\Windows\System32\drivers\CTHWIUT.SYS 15:35:03.0131 5044 CTHWIUT.SYS - ok 15:35:03.0136 5044 ctprxy2k (ef305cab6295b8a250a77a7fd5f9f113) C:\Windows\system32\drivers\ctprxy2k.sys 15:35:03.0140 5044 ctprxy2k - ok 15:35:03.0154 5044 ctsfm2k (01323c189318b92bb7781b911de9d62b) C:\Windows\system32\drivers\ctsfm2k.sys 15:35:03.0161 5044 ctsfm2k - ok 15:35:03.0193 5044 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll 15:35:03.0218 5044 DcomLaunch - ok 15:35:03.0238 5044 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll 15:35:03.0263 5044 defragsvc - ok 15:35:03.0301 5044 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys 15:35:03.0324 5044 DfsC - ok 15:35:03.0344 5044 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll 15:35:03.0357 5044 Dhcp - ok 15:35:03.0364 5044 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 15:35:03.0386 5044 discache - ok 15:35:03.0395 5044 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 15:35:03.0400 5044 Disk - ok 15:35:03.0419 5044 Dnscache (676108c4e3aa6f6b34633748bd0bebd9) C:\Windows\System32\dnsrslvr.dll 15:35:03.0442 5044 Dnscache - ok 15:35:03.0462 5044 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll 15:35:03.0486 5044 dot3svc - ok 15:35:03.0501 5044 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll 15:35:03.0524 5044 DPS - ok 15:35:03.0544 5044 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 15:35:03.0551 5044 drmkaud - ok 15:35:03.0653 5044 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys 15:35:03.0678 5044 DXGKrnl - ok 15:35:03.0691 5044 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll 15:35:03.0714 5044 EapHost - ok 15:35:03.0851 5044 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 15:35:03.0902 5044 ebdrv - ok 15:35:03.0999 5044 EFS (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\System32\lsass.exe 15:35:04.0006 5044 EFS - ok 15:35:04.0078 5044 ehRecvr (3d69fae60ede442e004611a4ee4db44c) C:\Windows\ehome\ehRecvr.exe 15:35:04.0105 5044 ehRecvr - ok 15:35:04.0137 5044 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe 15:35:04.0144 5044 ehSched - ok 15:35:04.0186 5044 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 15:35:04.0198 5044 elxstor - ok 15:35:04.0225 5044 emupia (1b68c7ddd39811df63fc04af937be91a) C:\Windows\system32\drivers\emupia2k.sys 15:35:04.0230 5044 emupia - ok 15:35:04.0241 5044 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys 15:35:04.0247 5044 ErrDev - ok 15:35:04.0279 5044 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll 15:35:04.0305 5044 EventSystem - ok 15:35:04.0318 5044 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 15:35:04.0341 5044 exfat - ok 15:35:04.0354 5044 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 15:35:04.0377 5044 fastfat - ok 15:35:04.0413 5044 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe 15:35:04.0437 5044 Fax - ok 15:35:04.0440 5044 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 15:35:04.0446 5044 fdc - ok 15:35:04.0457 5044 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll 15:35:04.0479 5044 fdPHost - ok 15:35:04.0490 5044 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll 15:35:04.0511 5044 FDResPub - ok 15:35:04.0519 5044 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 15:35:04.0525 5044 FileInfo - ok 15:35:04.0528 5044 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 15:35:04.0549 5044 Filetrace - ok 15:35:04.0555 5044 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 15:35:04.0562 5044 flpydisk - ok 15:35:04.0582 5044 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys 15:35:04.0590 5044 FltMgr - ok 15:35:04.0638 5044 FontCache (8ac4cb4ea61e41009fae9ae7b2b5da3a) C:\Windows\system32\FntCache.dll 15:35:04.0680 5044 FontCache - ok 15:35:04.0803 5044 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 15:35:04.0807 5044 FontCache3.0.0.0 - ok 15:35:04.0926 5044 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 15:35:04.0932 5044 FsDepends - ok 15:35:04.0934 5044 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys 15:35:04.0939 5044 Fs_Rec - ok 15:35:04.0967 5044 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys 15:35:04.0975 5044 fvevol - ok 15:35:05.0003 5044 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 15:35:05.0008 5044 gagp30kx - ok 15:35:05.0043 5044 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll 15:35:05.0064 5044 gpsvc - ok 15:35:05.0145 5044 ha20x2k (c1c61e83f44b105a4a131cb0c583174c) C:\Windows\system32\drivers\ha20x2k.sys 15:35:05.0173 5044 ha20x2k - ok 15:35:05.0265 5044 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 15:35:05.0272 5044 hcw85cir - ok 15:35:05.0308 5044 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys 15:35:05.0318 5044 HdAudAddService - ok 15:35:05.0329 5044 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys 15:35:05.0337 5044 HDAudBus - ok 15:35:05.0350 5044 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 15:35:05.0356 5044 HidBatt - ok 15:35:05.0371 5044 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 15:35:05.0380 5044 HidBth - ok 15:35:05.0388 5044 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 15:35:05.0396 5044 HidIr - ok 15:35:05.0409 5044 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll 15:35:05.0431 5044 hidserv - ok 15:35:05.0442 5044 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys 15:35:05.0448 5044 HidUsb - ok 15:35:05.0462 5044 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll 15:35:05.0484 5044 hkmsvc - ok 15:35:05.0498 5044 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll 15:35:05.0507 5044 HomeGroupListener - ok 15:35:05.0522 5044 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll 15:35:05.0531 5044 HomeGroupProvider - ok 15:35:05.0540 5044 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys 15:35:05.0546 5044 HpSAMD - ok 15:35:05.0647 5044 hshld (b7cfe93627e7796624004687125a729f) C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe 15:35:05.0656 5044 hshld - ok 15:35:05.0707 5044 HssSrv (2cfea9c337b699aca38487e8a7438f35) C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe 15:35:05.0714 5044 HssSrv - ok 15:35:05.0732 5044 HssTrayService (b3c6eeeff5c5ea3235b7d84317c1fb3f) C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE 15:35:05.0736 5044 HssTrayService - ok 15:35:05.0738 5044 HssWd - ok 15:35:05.0778 5044 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys 15:35:05.0813 5044 HTTP - ok 15:35:05.0819 5044 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys 15:35:05.0824 5044 hwpolicy - ok 15:35:05.0835 5044 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys 15:35:05.0842 5044 i8042prt - ok 15:35:05.0870 5044 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys 15:35:05.0880 5044 iaStorV - ok 15:35:06.0016 5044 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 15:35:06.0041 5044 idsvc - ok 15:35:06.0056 5044 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 15:35:06.0061 5044 iirsp - ok 15:35:06.0103 5044 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll 15:35:06.0143 5044 IKEEXT - ok 15:35:06.0152 5044 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys 15:35:06.0157 5044 intelide - ok 15:35:06.0165 5044 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 15:35:06.0172 5044 intelppm - ok 15:35:06.0180 5044 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll 15:35:06.0203 5044 IPBusEnum - ok 15:35:06.0211 5044 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys 15:35:06.0233 5044 IpFilterDriver - ok 15:35:06.0245 5044 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys 15:35:06.0252 5044 IPMIDRV - ok 15:35:06.0269 5044 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 15:35:06.0291 5044 IPNAT - ok 15:35:06.0306 5044 irda (05360b1ea5a2abf620d1d96ebd8bd8f1) C:\Windows\system32\DRIVERS\irda.sys 15:35:06.0316 5044 irda - ok 15:35:06.0324 5044 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 15:35:06.0333 5044 IRENUM - ok 15:35:06.0338 5044 Irmon (3848384ab383f0a8f506c4370635c1f9) C:\Windows\System32\irmon.dll 15:35:06.0348 5044 Irmon - ok 15:35:06.0371 5044 irsir (d2ca12736624ba636f8357dc3ef0757e) C:\Windows\system32\DRIVERS\irsir.sys 15:35:06.0376 5044 irsir - ok 15:35:06.0383 5044 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys 15:35:06.0388 5044 isapnp - ok 15:35:06.0425 5044 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys 15:35:06.0433 5044 iScsiPrt - ok 15:35:06.0444 5044 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys 15:35:06.0449 5044 kbdclass - ok 15:35:06.0454 5044 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys 15:35:06.0460 5044 kbdhid - ok 15:35:06.0465 5044 KeyIso (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe 15:35:06.0473 5044 KeyIso - ok 15:35:06.0478 5044 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys 15:35:06.0484 5044 KSecDD - ok 15:35:06.0506 5044 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys 15:35:06.0513 5044 KSecPkg - ok 15:35:06.0519 5044 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 15:35:06.0540 5044 ksthunk - ok 15:35:06.0562 5044 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll 15:35:06.0588 5044 KtmRm - ok 15:35:06.0610 5044 LanmanServer (c926920b8978de6acfe9e15c709e9b57) C:\Windows\System32\srvsvc.dll 15:35:06.0635 5044 LanmanServer - ok 15:35:06.0669 5044 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll 15:35:06.0693 5044 LanmanWorkstation - ok 15:35:06.0725 5044 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 15:35:06.0748 5044 lltdio - ok 15:35:06.0767 5044 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll 15:35:06.0792 5044 lltdsvc - ok 15:35:06.0798 5044 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll 15:35:06.0820 5044 lmhosts - ok 15:35:06.0835 5044 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 15:35:06.0841 5044 LSI_FC - ok 15:35:06.0857 5044 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 15:35:06.0863 5044 LSI_SAS - ok 15:35:06.0871 5044 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 15:35:06.0876 5044 LSI_SAS2 - ok 15:35:06.0887 5044 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 15:35:06.0894 5044 LSI_SCSI - ok 15:35:06.0903 5044 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 15:35:06.0925 5044 luafv - ok 15:35:06.0951 5044 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys 15:35:06.0955 5044 MBAMProtector - ok 15:35:07.0034 5044 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 15:35:07.0043 5044 MBAMService - ok 15:35:07.0059 5044 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll 15:35:07.0066 5044 Mcx2Svc - ok 15:35:07.0078 5044 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 15:35:07.0083 5044 megasas - ok 15:35:07.0101 5044 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 15:35:07.0110 5044 MegaSR - ok 15:35:07.0147 5044 Microsoft Office Groove Audit Service (7c4c76b39d5525c4a465e0be32528e19) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe 15:35:07.0152 5044 Microsoft Office Groove Audit Service - ok 15:35:07.0167 5044 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 15:35:07.0189 5044 MMCSS - ok 15:35:07.0195 5044 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 15:35:07.0217 5044 Modem - ok 15:35:07.0234 5044 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 15:35:07.0242 5044 monitor - ok 15:35:07.0255 5044 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 15:35:07.0259 5044 mouclass - ok 15:35:07.0272 5044 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 15:35:07.0278 5044 mouhid - ok 15:35:07.0291 5044 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys 15:35:07.0296 5044 mountmgr - ok 15:35:07.0350 5044 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 15:35:07.0355 5044 MozillaMaintenance - ok 15:35:07.0393 5044 MpFilter (e6ba8e5a4a871899e23d64573ef58ee9) C:\Windows\system32\DRIVERS\MpFilter.sys 15:35:07.0400 5044 MpFilter - ok 15:35:07.0418 5044 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys 15:35:07.0425 5044 mpio - ok 15:35:07.0437 5044 MpNWMon (98b09a4f2c462441030b83a80a3f6fb3) C:\Windows\system32\DRIVERS\MpNWMon.sys 15:35:07.0441 5044 MpNWMon - ok 15:35:07.0475 5044 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 15:35:07.0497 5044 mpsdrv - ok 15:35:07.0507 5044 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys 15:35:07.0518 5044 MRxDAV - ok 15:35:07.0535 5044 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys 15:35:07.0553 5044 mrxsmb - ok 15:35:07.0592 5044 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys 15:35:07.0602 5044 mrxsmb10 - ok 15:35:07.0616 5044 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys 15:35:07.0623 5044 mrxsmb20 - ok 15:35:07.0630 5044 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys 15:35:07.0635 5044 msahci - ok 15:35:07.0692 5044 MSCamSvc (a592a054d78750b4d73abaa4c94decdf) C:\Program Files\Microsoft LifeCam\MSCamS64.exe 15:35:07.0698 5044 MSCamSvc - ok 15:35:07.0713 5044 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys 15:35:07.0720 5044 msdsm - ok 15:35:07.0750 5044 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe 15:35:07.0758 5044 MSDTC - ok 15:35:07.0766 5044 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 15:35:07.0789 5044 Msfs - ok 15:35:07.0792 5044 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 15:35:07.0814 5044 mshidkmdf - ok 15:35:07.0826 5044 MSHUSBVideo (55218f924e55fd2786ed40edf4ed79c3) C:\Windows\system32\Drivers\nx6000.sys 15:35:07.0831 5044 MSHUSBVideo - ok 15:35:07.0833 5044 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys 15:35:07.0838 5044 msisadrv - ok 15:35:07.0864 5044 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll 15:35:07.0888 5044 MSiSCSI - ok 15:35:07.0891 5044 msiserver - ok 15:35:07.0894 5044 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 15:35:07.0916 5044 MSKSSRV - ok 15:35:07.0922 5044 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 15:35:07.0944 5044 MSPCLOCK - ok 15:35:07.0947 5044 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 15:35:07.0969 5044 MSPQM - ok 15:35:07.0994 5044 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys 15:35:08.0004 5044 MsRPC - ok 15:35:08.0016 5044 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys 15:35:08.0021 5044 mssmbios - ok 15:35:08.0023 5044 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 15:35:08.0046 5044 MSTEE - ok 15:35:08.0052 5044 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 15:35:08.0058 5044 MTConfig - ok 15:35:08.0064 5044 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 15:35:08.0070 5044 Mup - ok 15:35:08.0118 5044 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll 15:35:08.0152 5044 napagent - ok 15:35:08.0177 5044 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 15:35:08.0190 5044 NativeWifiP - ok 15:35:08.0236 5044 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys 15:35:08.0260 5044 NDIS - ok 15:35:08.0272 5044 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 15:35:08.0295 5044 NdisCap - ok 15:35:08.0305 5044 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 15:35:08.0327 5044 NdisTapi - ok 15:35:08.0342 5044 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys 15:35:08.0365 5044 Ndisuio - ok 15:35:08.0377 5044 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys 15:35:08.0401 5044 NdisWan - ok 15:35:08.0414 5044 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys 15:35:08.0438 5044 NDProxy - ok 15:35:08.0444 5044 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 15:35:08.0467 5044 NetBIOS - ok 15:35:08.0488 5044 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys 15:35:08.0514 5044 NetBT - ok 15:35:08.0540 5044 Netlogon (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe 15:35:08.0547 5044 Netlogon - ok 15:35:08.0588 5044 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll 15:35:08.0615 5044 Netman - ok 15:35:08.0642 5044 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll 15:35:08.0676 5044 netprofm - ok 15:35:08.0777 5044 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 15:35:08.0782 5044 NetTcpPortSharing - ok 15:35:08.0789 5044 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 15:35:08.0794 5044 nfrd960 - ok 15:35:08.0823 5044 NisDrv (3713e8452b88d3e0be095e06b6fbc776) C:\Windows\system32\DRIVERS\NisDrvWFP.sys 15:35:08.0828 5044 NisDrv - ok 15:35:08.0902 5044 NisSrv (c67e39d2968400b38f54a10822e6eacf) c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe 15:35:08.0911 5044 NisSrv - ok 15:35:08.0933 5044 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll 15:35:08.0959 5044 NlaSvc - ok 15:35:09.0000 5044 NPF (c31fa031335eff434b2d94278e74bcce) C:\Windows\system32\drivers\npf.sys 15:35:09.0004 5044 NPF - ok 15:35:09.0017 5044 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 15:35:09.0039 5044 Npfs - ok 15:35:09.0065 5044 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll 15:35:09.0088 5044 nsi - ok 15:35:09.0099 5044 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 15:35:09.0121 5044 nsiproxy - ok 15:35:09.0189 5044 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys 15:35:09.0225 5044 Ntfs - ok 15:35:09.0344 5044 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 15:35:09.0365 5044 Null - ok 15:35:09.0383 5044 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys 15:35:09.0390 5044 nvraid - ok 15:35:09.0408 5044 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys 15:35:09.0415 5044 nvstor - ok 15:35:09.0424 5044 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys 15:35:09.0430 5044 nv_agp - ok 15:35:09.0520 5044 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 15:35:09.0530 5044 odserv - ok 15:35:09.0539 5044 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys 15:35:09.0546 5044 ohci1394 - ok 15:35:09.0560 5044 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 15:35:09.0566 5044 ose - ok 15:35:09.0592 5044 ossrv (eb8724534cee0977eac4878812682f6b) C:\Windows\system32\drivers\ctoss2k.sys 15:35:09.0598 5044 ossrv - ok 15:35:09.0642 5044 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 15:35:09.0661 5044 p2pimsvc - ok 15:35:09.0684 5044 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll 15:35:09.0695 5044 p2psvc - ok 15:35:09.0711 5044 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 15:35:09.0718 5044 Parport - ok 15:35:09.0728 5044 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys 15:35:09.0734 5044 partmgr - ok 15:35:09.0753 5044 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll 15:35:09.0764 5044 PcaSvc - ok 15:35:09.0797 5044 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys 15:35:09.0803 5044 pci - ok 15:35:09.0808 5044 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys 15:35:09.0812 5044 pciide - ok 15:35:09.0822 5044 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 15:35:09.0830 5044 pcmcia - ok 15:35:09.0843 5044 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 15:35:09.0848 5044 pcw - ok 15:35:09.0891 5044 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 15:35:09.0929 5044 PEAUTH - ok 15:35:10.0005 5044 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll 15:35:10.0038 5044 PeerDistSvc - ok 15:35:10.0138 5044 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe 15:35:10.0145 5044 PerfHost - ok 15:35:10.0226 5044 PEVSystemStart - ok 15:35:10.0337 5044 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll 15:35:10.0383 5044 pla - ok 15:35:10.0422 5044 PlugPlay (23157d583244400e1d7fbaee2e4b31b7) C:\Windows\system32\umpnpmgr.dll 15:35:10.0449 5044 PlugPlay - ok 15:35:10.0451 5044 PnkBstrA - ok 15:35:10.0462 5044 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll 15:35:10.0468 5044 PNRPAutoReg - ok 15:35:10.0509 5044 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 15:35:10.0517 5044 PNRPsvc - ok 15:35:10.0562 5044 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll 15:35:10.0593 5044 PolicyAgent - ok 15:35:10.0614 5044 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll 15:35:10.0638 5044 Power - ok 15:35:10.0694 5044 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys 15:35:10.0717 5044 PptpMiniport - ok 15:35:10.0744 5044 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 15:35:10.0751 5044 Processor - ok 15:35:10.0768 5044 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll 15:35:10.0792 5044 ProfSvc - ok 15:35:10.0832 5044 ProtectedStorage (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe 15:35:10.0839 5044 ProtectedStorage - ok 15:35:10.0870 5044 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys 15:35:10.0893 5044 Psched - ok 15:35:10.0975 5044 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 15:35:11.0023 5044 ql2300 - ok 15:35:11.0116 5044 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 15:35:11.0122 5044 ql40xx - ok 15:35:11.0146 5044 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll 15:35:11.0158 5044 QWAVE - ok 15:35:11.0168 5044 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 15:35:11.0177 5044 QWAVEdrv - ok 15:35:11.0188 5044 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 15:35:11.0209 5044 RasAcd - ok 15:35:11.0237 5044 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 15:35:11.0259 5044 RasAgileVpn - ok 15:35:11.0278 5044 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll 15:35:11.0301 5044 RasAuto - ok 15:35:11.0322 5044 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys 15:35:11.0345 5044 Rasl2tp - ok 15:35:11.0364 5044 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll 15:35:11.0390 5044 RasMan - ok 15:35:11.0403 5044 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 15:35:11.0426 5044 RasPppoe - ok 15:35:11.0460 5044 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 15:35:11.0482 5044 RasSstp - ok 15:35:11.0501 5044 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys 15:35:11.0526 5044 rdbss - ok 15:35:11.0556 5044 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 15:35:11.0564 5044 rdpbus - ok 15:35:11.0570 5044 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 15:35:11.0591 5044 RDPCDD - ok 15:35:11.0607 5044 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys 15:35:11.0617 5044 RDPDR - ok 15:35:11.0626 5044 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 15:35:11.0648 5044 RDPENCDD - ok 15:35:11.0653 5044 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 15:35:11.0675 5044 RDPREFMP - ok 15:35:11.0690 5044 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys 15:35:11.0714 5044 RDPWD - ok 15:35:11.0731 5044 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys 15:35:11.0739 5044 rdyboost - ok 15:35:11.0766 5044 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll 15:35:11.0789 5044 RemoteAccess - ok 15:35:11.0805 5044 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll 15:35:11.0829 5044 RemoteRegistry - ok 15:35:11.0891 5044 rpcapd (a780d3eaa74582ea1deb6bd9c7a3d9c9) C:\Program Files (x86)\WinPcap\rpcapd.exe 15:35:11.0896 5044 rpcapd - ok 15:35:11.0907 5044 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll 15:35:11.0930 5044 RpcEptMapper - ok 15:35:11.0943 5044 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe 15:35:11.0950 5044 RpcLocator - ok 15:35:11.0986 5044 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll 15:35:12.0011 5044 RpcSs - ok 15:35:12.0022 5044 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 15:35:12.0045 5044 rspndr - ok 15:35:12.0073 5044 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys 15:35:12.0079 5044 s3cap - ok 15:35:12.0091 5044 SamSs (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe 15:35:12.0098 5044 SamSs - ok 15:35:12.0112 5044 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys 15:35:12.0118 5044 sbp2port - ok 15:35:12.0137 5044 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll 15:35:12.0162 5044 SCardSvr - ok 15:35:12.0172 5044 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys 15:35:12.0194 5044 scfilter - ok 15:35:12.0241 5044 Schedule (ec56b171f85c7e855e7b0588ac503eea) C:\Windows\system32\schedsvc.dll 15:35:12.0284 5044 Schedule - ok 15:35:12.0315 5044 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll 15:35:12.0337 5044 SCPolicySvc - ok 15:35:12.0351 5044 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll 15:35:12.0369 5044 SDRSVC - ok 15:35:12.0394 5044 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 15:35:12.0416 5044 secdrv - ok 15:35:12.0419 5044 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll 15:35:12.0441 5044 seclogon - ok 15:35:12.0452 5044 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll 15:35:12.0474 5044 SENS - ok 15:35:12.0477 5044 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll 15:35:12.0488 5044 SensrSvc - ok 15:35:12.0491 5044 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 15:35:12.0497 5044 Serenum - ok 15:35:12.0509 5044 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 15:35:12.0515 5044 Serial - ok 15:35:12.0521 5044 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 15:35:12.0527 5044 sermouse - ok 15:35:12.0539 5044 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll 15:35:12.0562 5044 SessionEnv - ok 15:35:12.0579 5044 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys 15:35:12.0585 5044 sffdisk - ok 15:35:12.0595 5044 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys 15:35:12.0601 5044 sffp_mmc - ok 15:35:12.0610 5044 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys 15:35:12.0616 5044 sffp_sd - ok 15:35:12.0625 5044 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 15:35:12.0632 5044 sfloppy - ok 15:35:12.0654 5044 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll 15:35:12.0669 5044 ShellHWDetection - ok 15:35:12.0676 5044 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 15:35:12.0681 5044 SiSRaid2 - ok 15:35:12.0693 5044 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 15:35:12.0699 5044 SiSRaid4 - ok 15:35:12.0714 5044 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 15:35:12.0737 5044 Smb - ok 15:35:12.0742 5044 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe 15:35:12.0750 5044 SNMPTRAP - ok 15:35:12.0757 5044 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 15:35:12.0762 5044 spldr - ok 15:35:12.0791 5044 Spooler (89e8550c5862999fcf482ea562b0e98e) C:\Windows\System32\spoolsv.exe 15:35:12.0806 5044 Spooler - ok 15:35:12.0951 5044 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe 15:35:13.0015 5044 sppsvc - ok 15:35:13.0123 5044 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll 15:35:13.0145 5044 sppuinotify - ok 15:35:13.0231 5044 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys 15:35:13.0231 5044 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb 15:35:13.0232 5044 sptd ( LockedFile.Multi.Generic ) - warning 15:35:13.0232 5044 sptd - detected LockedFile.Multi.Generic (1) 15:35:13.0276 5044 srv (37c3abc2338010e110d2a6a3930f3149) C:\Windows\system32\DRIVERS\srv.sys 15:35:13.0297 5044 srv - ok 15:35:13.0324 5044 srv2 (f773d2ed090b7baa1c1a034f3ca476c8) C:\Windows\system32\DRIVERS\srv2.sys 15:35:13.0350 5044 srv2 - ok 15:35:13.0383 5044 srvnet (cce32bb223e9ff55d241099a858fa889) C:\Windows\system32\DRIVERS\srvnet.sys 15:35:13.0391 5044 srvnet - ok 15:35:13.0408 5044 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll 15:35:13.0432 5044 SSDPSRV - ok 15:35:13.0442 5044 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll 15:35:13.0464 5044 SstpSvc - ok 15:35:13.0520 5044 Steam Client Service - ok 15:35:13.0528 5044 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 15:35:13.0534 5044 stexstor - ok 15:35:13.0569 5044 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll 15:35:13.0594 5044 stisvc - ok 15:35:13.0623 5044 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys 15:35:13.0628 5044 storflt - ok 15:35:13.0639 5044 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys 15:35:13.0644 5044 storvsc - ok 15:35:13.0648 5044 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys 15:35:13.0653 5044 swenum - ok 15:35:13.0686 5044 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll 15:35:13.0717 5044 swprv - ok 15:35:13.0793 5044 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll 15:35:13.0824 5044 SysMain - ok 15:35:13.0925 5044 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll 15:35:13.0935 5044 TabletInputService - ok 15:35:13.0981 5044 taphss (f33fdc72298df4bf9813a55d21f4eb31) C:\Windows\system32\DRIVERS\taphss.sys 15:35:13.0986 5044 taphss - ok 15:35:14.0006 5044 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll 15:35:14.0031 5044 TapiSrv - ok 15:35:14.0046 5044 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll 15:35:14.0075 5044 TBS - ok 15:35:14.0163 5044 Tcpip (7fc877a25796d8adf539e64703fca7e1) C:\Windows\system32\drivers\tcpip.sys 15:35:14.0203 5044 Tcpip - ok 15:35:14.0297 5044 TCPIP6 (7fc877a25796d8adf539e64703fca7e1) C:\Windows\system32\DRIVERS\tcpip.sys 15:35:14.0320 5044 TCPIP6 - ok 15:35:14.0357 5044 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys 15:35:14.0379 5044 tcpipreg - ok 15:35:14.0393 5044 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 15:35:14.0414 5044 TDPIPE - ok 15:35:14.0425 5044 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys 15:35:14.0447 5044 TDTCP - ok 15:35:14.0458 5044 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys 15:35:14.0480 5044 tdx - ok 15:35:14.0494 5044 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys 15:35:14.0499 5044 TermDD - ok 15:35:14.0534 5044 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll 15:35:14.0561 5044 TermService - ok 15:35:14.0568 5044 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll 15:35:14.0578 5044 Themes - ok 15:35:14.0609 5044 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 15:35:14.0631 5044 THREADORDER - ok 15:35:14.0637 5044 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll 15:35:14.0660 5044 TrkWks - ok 15:35:14.0722 5044 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe 15:35:14.0731 5044 TrustedInstaller - ok 15:35:14.0736 5044 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys 15:35:14.0758 5044 tssecsrv - ok 15:35:14.0768 5044 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys 15:35:14.0791 5044 tunnel - ok 15:35:14.0934 5044 TVersityMediaServer (685a80878bab2e587b07053793c47bc4) C:\Users\napdizzle\AppData\Local\TVersity\Media Server\MediaServer.exe 15:35:14.0956 5044 TVersityMediaServer ( UnsignedFile.Multi.Generic ) - warning 15:35:14.0956 5044 TVersityMediaServer - detected UnsignedFile.Multi.Generic (1) 15:35:15.0014 5044 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 15:35:15.0027 5044 uagp35 - ok 15:35:15.0097 5044 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys 15:35:15.0122 5044 udfs - ok 15:35:15.0137 5044 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe 15:35:15.0145 5044 UI0Detect - ok 15:35:15.0156 5044 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys 15:35:15.0161 5044 uliagpkx - ok 15:35:15.0171 5044 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys 15:35:15.0177 5044 umbus - ok 15:35:15.0183 5044 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 15:35:15.0189 5044 UmPass - ok 15:35:15.0202 5044 UmRdpService (af0ac98ee5077eb844413eb54287fde3) C:\Windows\System32\umrdp.dll 15:35:15.0211 5044 UmRdpService - ok 15:35:15.0225 5044 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll 15:35:15.0251 5044 upnphost - ok 15:35:15.0288 5044 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys 15:35:15.0296 5044 usbaudio - ok 15:35:15.0305 5044 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys 15:35:15.0312 5044 usbccgp - ok 15:35:15.0323 5044 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys 15:35:15.0332 5044 usbcir - ok 15:35:15.0350 5044 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys 15:35:15.0356 5044 usbehci - ok 15:35:15.0380 5044 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys 15:35:15.0389 5044 usbhub - ok 15:35:15.0401 5044 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys 15:35:15.0407 5044 usbohci - ok 15:35:15.0419 5044 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 15:35:15.0426 5044 usbprint - ok 15:35:15.0457 5044 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys 15:35:15.0465 5044 usbscan - ok 15:35:15.0474 5044 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS 15:35:15.0480 5044 USBSTOR - ok 15:35:15.0483 5044 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys 15:35:15.0489 5044 usbuhci - ok 15:35:15.0515 5044 usbvideo (d501e12614b00a3252073101d6a1a74b) C:\Windows\system32\Drivers\usbvideo.sys 15:35:15.0524 5044 usbvideo - ok 15:35:15.0537 5044 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll 15:35:15.0559 5044 UxSms - ok 15:35:15.0607 5044 VaultSvc (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe 15:35:15.0614 5044 VaultSvc - ok 15:35:15.0622 5044 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys 15:35:15.0627 5044 vdrvroot - ok 15:35:15.0654 5044 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe 15:35:15.0671 5044 vds - ok 15:35:15.0682 5044 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 15:35:15.0690 5044 vga - ok 15:35:15.0695 5044 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 15:35:15.0717 5044 VgaSave - ok 15:35:15.0730 5044 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys 15:35:15.0738 5044 vhdmp - ok 15:35:15.0743 5044 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys 15:35:15.0748 5044 viaide - ok 15:35:15.0761 5044 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys 15:35:15.0769 5044 vmbus - ok 15:35:15.0777 5044 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys 15:35:15.0783 5044 VMBusHID - ok 15:35:15.0790 5044 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys 15:35:15.0795 5044 volmgr - ok 15:35:15.0815 5044 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys 15:35:15.0825 5044 volmgrx - ok 15:35:15.0844 5044 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys 15:35:15.0851 5044 volsnap - ok 15:35:15.0865 5044 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 15:35:15.0872 5044 vsmraid - ok 15:35:15.0941 5044 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe 15:35:15.0968 5044 VSS - ok 15:35:16.0083 5044 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys 15:35:16.0091 5044 vwifibus - ok 15:35:16.0111 5044 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll 15:35:16.0138 5044 W32Time - ok 15:35:16.0149 5044 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 15:35:16.0155 5044 WacomPen - ok 15:35:16.0167 5044 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys 15:35:16.0190 5044 WANARP - ok 15:35:16.0192 5044 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys 15:35:16.0213 5044 Wanarpv6 - ok 15:35:16.0277 5044 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe 15:35:16.0311 5044 wbengine - ok 15:35:16.0355 5044 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll 15:35:16.0367 5044 WbioSrvc - ok 15:35:16.0388 5044 wcncsvc (8321c2ca3b62b61b293cda3451984468) C:\Windows\System32\wcncsvc.dll 15:35:16.0402 5044 wcncsvc - ok 15:35:16.0408 5044 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll 15:35:16.0423 5044 WcsPlugInService - ok 15:35:16.0432 5044 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 15:35:16.0437 5044 Wd - ok 15:35:16.0474 5044 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 15:35:16.0495 5044 Wdf01000 - ok 15:35:16.0509 5044 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 15:35:16.0519 5044 WdiServiceHost - ok 15:35:16.0522 5044 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 15:35:16.0532 5044 WdiSystemHost - ok 15:35:16.0550 5044 WebClient (8a438cbb8c032a0c798b0c642ffbe572) C:\Windows\System32\webclnt.dll 15:35:16.0563 5044 WebClient - ok 15:35:16.0579 5044 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll 15:35:16.0604 5044 Wecsvc - ok 15:35:16.0614 5044 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll 15:35:16.0637 5044 wercplsupport - ok 15:35:16.0646 5044 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll 15:35:16.0668 5044 WerSvc - ok 15:35:16.0677 5044 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 15:35:16.0698 5044 WfpLwf - ok 15:35:16.0718 5044 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 15:35:16.0723 5044 WIMMount - ok 15:35:16.0726 5044 WinHttpAutoProxySvc - ok 15:35:16.0791 5044 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll 15:35:16.0815 5044 Winmgmt - ok 15:35:16.0913 5044 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll 15:35:16.0988 5044 WinRM - ok 15:35:17.0094 5044 WinUSB (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUSB.sys 15:35:17.0102 5044 WinUSB - ok 15:35:17.0143 5044 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll 15:35:17.0171 5044 Wlansvc - ok 15:35:17.0329 5044 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 15:35:17.0371 5044 wlidsvc - ok 15:35:17.0420 5044 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys 15:35:17.0426 5044 WmiAcpi - ok 15:35:17.0463 5044 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe 15:35:17.0472 5044 wmiApSrv - ok 15:35:17.0520 5044 WMPNetworkSvc - ok 15:35:17.0567 5044 WMZuneComm (45de51db0950a4b8595520ef0bafcff1) c:\Program Files\Zune\WMZuneComm.exe 15:35:17.0576 5044 WMZuneComm - ok 15:35:17.0579 5044 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll 15:35:17.0596 5044 WPCSvc - ok 15:35:17.0610 5044 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll 15:35:17.0619 5044 WPDBusEnum - ok 15:35:17.0621 5044 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 15:35:17.0643 5044 ws2ifsl - ok 15:35:17.0645 5044 WSearch - ok 15:35:17.0747 5044 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll 15:35:17.0805 5044 wuauserv - ok 15:35:17.0866 5044 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys 15:35:17.0890 5044 WudfPf - ok 15:35:17.0904 5044 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys 15:35:17.0927 5044 WUDFRd - ok 15:35:17.0938 5044 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll 15:35:17.0961 5044 wudfsvc - ok 15:35:17.0979 5044 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll 15:35:17.0991 5044 WwanSvc - ok 15:35:18.0081 5044 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe 15:35:18.0102 5044 YahooAUService - ok 15:35:18.0146 5044 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys 15:35:18.0157 5044 yukonw7 - ok 15:35:18.0183 5044 zntport (518b04e0ebeab273135b4408b8ed97e6) C:\Windows\System32\drivers\zntport.sys 15:35:18.0188 5044 zntport - ok 15:35:18.0546 5044 ZuneNetworkSvc (b79c2ce5340a5eca38ca1f74aa445d2b) c:\Program Files\Zune\ZuneNss.exe 15:35:18.0698 5044 ZuneNetworkSvc - ok 15:35:18.0810 5044 ZuneWlanCfgSvc (e2859aea054422fe40517179ae867c2d) c:\Windows\system32\ZuneWlanCfgSvc.exe 15:35:18.0819 5044 ZuneWlanCfgSvc - ok 15:35:18.0851 5044 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 15:35:19.0013 5044 \Device\Harddisk0\DR0 - ok 15:35:19.0020 5044 MBR (0x1B8) (8ff255184f078c9c04e6a2ce66117c5c) \Device\Harddisk3\DR3 15:35:19.0163 5044 \Device\Harddisk3\DR3 - ok 15:35:19.0165 5044 Boot (0x1200) (df95e5de16c96b5e1b88fb0a95af43f8) \Device\Harddisk0\DR0\Partition0 15:35:19.0166 5044 \Device\Harddisk0\DR0\Partition0 - ok 15:35:19.0183 5044 Boot (0x1200) (bdf0ccfb93bf6c62250ee1a0bef32d50) \Device\Harddisk0\DR0\Partition1 15:35:19.0184 5044 \Device\Harddisk0\DR0\Partition1 - ok 15:35:19.0187 5044 Boot (0x1200) (e0a169b83be2ad6ab453a54b87aab61d) \Device\Harddisk3\DR3\Partition0 15:35:19.0189 5044 \Device\Harddisk3\DR3\Partition0 - ok 15:35:19.0189 5044 ============================================================ 15:35:19.0189 5044 Scan finished 15:35:19.0189 5044 ============================================================ 15:35:19.0194 4932 Detected object count: 4 15:35:19.0194 4932 Actual detected object count: 4 15:35:32.0918 4932 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user 15:35:32.0918 4932 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:35:32.0919 4932 CTAudSvcService ( UnsignedFile.Multi.Generic ) - skipped by user 15:35:32.0919 4932 CTAudSvcService ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:35:32.0920 4932 sptd ( LockedFile.Multi.Generic ) - skipped by user 15:35:32.0920 4932 sptd ( LockedFile.Multi.Generic ) - User select action: Skip 15:35:32.0921 4932 TVersityMediaServer ( UnsignedFile.Multi.Generic ) - skipped by user 15:35:32.0921 4932 TVersityMediaServer ( UnsignedFile.Multi.Generic ) - User select action: Skip This log file is located at C:\rkill.log. Please post this only if requested to by the person helping you. Otherwise you can close this log when you wish. Rkill was run on 06/10/2012 at 20:33:24. Operating System: Windows 7 Ultimate Processes terminated by Rkill or while it was running: Rkill completed on 06/10/2012 at 20:33:29.
- June 17, 2012
- 12 replies
Ping.exe and Trojan.dropper.bcminer and redirecting internet

twistid replied to twistid's topic in Resolved Malware Removal Logs

15:26:43.0817 4548 TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31 15:26:44.0183 4548 ============================================================ 15:26:44.0183 4548 Current date / time: 2012/06/17 15:26:44.0183 15:26:44.0183 4548 SystemInfo: 15:26:44.0184 4548 15:26:44.0184 4548 OS Version: 6.1.7600 ServicePack: 0.0 15:26:44.0184 4548 Product type: Workstation 15:26:44.0184 4548 ComputerName: NAPDIZZLE-PC 15:26:44.0184 4548 UserName: napdizzle 15:26:44.0184 4548 Windows directory: C:\Windows 15:26:44.0184 4548 System windows directory: C:\Windows 15:26:44.0184 4548 Running under WOW64 15:26:44.0184 4548 Processor architecture: Intel x64 15:26:44.0184 4548 Number of processors: 4 15:26:44.0184 4548 Page size: 0x1000 15:26:44.0184 4548 Boot type: Normal boot 15:26:44.0184 4548 ============================================================ 15:26:44.0954 4548 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x17A85, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040 15:26:44.0959 4548 Drive \Device\Harddisk3\DR3 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 15:26:50.0376 4548 ============================================================ 15:26:50.0376 4548 \Device\Harddisk0\DR0: 15:26:50.0377 4548 MBR partitions: 15:26:50.0377 4548 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 15:26:50.0377 4548 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x57513000 15:26:50.0377 4548 \Device\Harddisk3\DR3: 15:26:50.0378 4548 MBR partitions: 15:26:50.0378 4548 \Device\Harddisk3\DR3\Partition0: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x3A384C02 15:26:50.0378 4548 ============================================================ 15:26:50.0390 4548 C: <-> \Device\Harddisk0\DR0\Partition1 15:26:50.0391 4548 F: <-> \Device\Harddisk3\DR3\Partition0 15:26:50.0391 4548 ============================================================ 15:26:50.0391 4548 Initialize success 15:26:50.0391 4548 ============================================================ 15:27:08.0254 4832 ============================================================ 15:27:08.0254 4832 Scan started 15:27:08.0254 4832 Mode: Manual; SigCheck; TDLFS; 15:27:08.0254 4832 ============================================================ 15:27:10.0872 4832 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys 15:27:10.0925 4832 1394ohci - ok 15:27:10.0957 4832 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys 15:27:10.0967 4832 ACPI - ok 15:27:10.0996 4832 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys 15:27:11.0022 4832 AcpiPmi - ok 15:27:11.0072 4832 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 15:27:11.0088 4832 adp94xx - ok 15:27:11.0135 4832 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 15:27:11.0145 4832 adpahci - ok 15:27:11.0159 4832 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 15:27:11.0167 4832 adpu320 - ok 15:27:11.0201 4832 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll 15:27:11.0236 4832 AeLookupSvc - ok 15:27:11.0283 4832 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys 15:27:11.0335 4832 AFD - ok 15:27:11.0439 4832 AffinegyService (7e077309910ce334c3b2b7b8665a55c4) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe 15:27:11.0448 4832 AffinegyService - ok 15:27:11.0456 4832 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys 15:27:11.0461 4832 agp440 - ok 15:27:11.0475 4832 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe 15:27:11.0483 4832 ALG - ok 15:27:11.0485 4832 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys 15:27:11.0490 4832 aliide - ok 15:27:11.0617 4832 ALSysIO - ok 15:27:11.0659 4832 AMD External Events Utility (962227630779043b5c1d4cd157abb912) C:\Windows\system32\atiesrxx.exe 15:27:11.0672 4832 AMD External Events Utility - ok 15:27:11.0741 4832 AMD FUEL Service - ok 15:27:11.0745 4832 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys 15:27:11.0750 4832 amdide - ok 15:27:11.0758 4832 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys 15:27:11.0770 4832 amdiox64 - ok 15:27:11.0792 4832 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 15:27:11.0818 4832 AmdK8 - ok 15:27:12.0367 4832 amdkmdag (56d6631761ec37745f0df16bcdc4caf4) C:\Windows\system32\DRIVERS\atikmdag.sys 15:27:12.0556 4832 amdkmdag - ok 15:27:12.0727 4832 amdkmdap (2d9005ea0bfd25c740e53c8dd3c069e0) C:\Windows\system32\DRIVERS\atikmpag.sys 15:27:12.0766 4832 amdkmdap - ok 15:27:12.0793 4832 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 15:27:12.0822 4832 AmdPPM - ok 15:27:12.0849 4832 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys 15:27:12.0855 4832 amdsata - ok 15:27:12.0875 4832 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 15:27:12.0882 4832 amdsbs - ok 15:27:12.0894 4832 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys 15:27:12.0900 4832 amdxata - ok 15:27:12.0979 4832 AODDriver4.01 (0e2ba6dc63e9cf3bf275856735a3e3be) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys 15:27:12.0983 4832 AODDriver4.01 - ok 15:27:12.0988 4832 AODDriver4.1 (0e2ba6dc63e9cf3bf275856735a3e3be) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys 15:27:12.0992 4832 AODDriver4.1 - ok 15:27:13.0012 4832 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys 15:27:13.0051 4832 AppID - ok 15:27:13.0077 4832 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll 15:27:13.0111 4832 AppIDSvc - ok 15:27:13.0137 4832 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll 15:27:13.0160 4832 Appinfo - ok 15:27:13.0192 4832 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll 15:27:13.0200 4832 AppMgmt - ok 15:27:13.0219 4832 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 15:27:13.0225 4832 arc - ok 15:27:13.0240 4832 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 15:27:13.0247 4832 arcsas - ok 15:27:13.0270 4832 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 15:27:13.0311 4832 AsyncMac - ok 15:27:13.0331 4832 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys 15:27:13.0336 4832 atapi - ok 15:27:13.0369 4832 AtiHDAudioService (2b3b05c0a7768bf033217eb8f33f9c35) C:\Windows\system32\drivers\AtihdW76.sys 15:27:13.0374 4832 AtiHDAudioService - ok 15:27:13.0406 4832 AtiHdmiService (77c149e6d702737b2e372dee166faef8) C:\Windows\system32\drivers\AtiHdmi.sys 15:27:13.0436 4832 AtiHdmiService - ok 15:27:13.0481 4832 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll 15:27:13.0533 4832 AudioEndpointBuilder - ok 15:27:13.0538 4832 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll 15:27:13.0563 4832 AudioSrv - ok 15:27:13.0582 4832 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll 15:27:13.0609 4832 AxInstSV - ok 15:27:13.0651 4832 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 15:27:13.0685 4832 b06bdrv - ok 15:27:13.0730 4832 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 15:27:13.0753 4832 b57nd60a - ok 15:27:13.0784 4832 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll 15:27:13.0807 4832 BDESVC - ok 15:27:13.0829 4832 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 15:27:13.0864 4832 Beep - ok 15:27:13.0925 4832 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll 15:27:13.0976 4832 BITS - ok 15:27:13.0997 4832 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 15:27:14.0004 4832 blbdrive - ok 15:27:14.0013 4832 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys 15:27:14.0047 4832 bowser - ok 15:27:14.0063 4832 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 15:27:14.0071 4832 BrFiltLo - ok 15:27:14.0082 4832 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 15:27:14.0090 4832 BrFiltUp - ok 15:27:14.0105 4832 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys 15:27:14.0143 4832 BridgeMP - ok 15:27:14.0163 4832 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll 15:27:14.0204 4832 Browser - ok 15:27:14.0237 4832 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 15:27:14.0264 4832 Brserid - ok 15:27:14.0282 4832 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 15:27:14.0291 4832 BrSerWdm - ok 15:27:14.0293 4832 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 15:27:14.0302 4832 BrUsbMdm - ok 15:27:14.0305 4832 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 15:27:14.0312 4832 BrUsbSer - ok 15:27:14.0321 4832 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 15:27:14.0330 4832 BTHMODEM - ok 15:27:14.0337 4832 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll 15:27:14.0379 4832 bthserv - ok 15:27:14.0408 4832 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 15:27:14.0447 4832 cdfs - ok 15:27:14.0485 4832 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys 15:27:14.0508 4832 cdrom - ok 15:27:14.0551 4832 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll 15:27:14.0574 4832 CertPropSvc - ok 15:27:14.0578 4832 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 15:27:14.0605 4832 circlass - ok 15:27:14.0619 4832 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 15:27:14.0629 4832 CLFS - ok 15:27:14.0682 4832 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 15:27:14.0688 4832 clr_optimization_v2.0.50727_32 - ok 15:27:14.0750 4832 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 15:27:14.0756 4832 clr_optimization_v2.0.50727_64 - ok 15:27:14.0764 4832 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 15:27:14.0770 4832 CmBatt - ok 15:27:14.0773 4832 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys 15:27:14.0778 4832 cmdide - ok 15:27:14.0819 4832 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys 15:27:14.0839 4832 CNG - ok 15:27:14.0868 4832 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 15:27:14.0873 4832 Compbatt - ok 15:27:14.0888 4832 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys 15:27:14.0915 4832 CompositeBus - ok 15:27:14.0917 4832 COMSysApp - ok 15:27:14.0958 4832 cpuz133 (641243746597fbd650e5000d95811ea3) C:\Windows\system32\drivers\cpuz133_x64.sys 15:27:14.0962 4832 cpuz133 - ok 15:27:14.0973 4832 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 15:27:14.0978 4832 crcdisk - ok 15:27:15.0039 4832 Creative Audio Engine Licensing Service (c0ead9f8ab83d41ff07303c75589c2b8) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe 15:27:15.0042 4832 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - warning 15:27:15.0042 4832 Creative Audio Engine Licensing Service - detected UnsignedFile.Multi.Generic (1) 15:27:15.0092 4832 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll 15:27:15.0129 4832 CryptSvc - ok 15:27:15.0166 4832 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys 15:27:15.0182 4832 CSC - ok 15:27:15.0215 4832 CscService (873fbf927c06e5cee04dec617502f8fd) C:\Windows\System32\cscsvc.dll 15:27:15.0246 4832 CscService - ok 15:27:15.0279 4832 CT20XUT (b3b541b3b25adb02d793c51953b22491) C:\Windows\system32\drivers\CT20XUT.SYS 15:27:15.0286 4832 CT20XUT - ok 15:27:15.0292 4832 CT20XUT.SYS (b3b541b3b25adb02d793c51953b22491) C:\Windows\System32\drivers\CT20XUT.SYS 15:27:15.0297 4832 CT20XUT.SYS - ok 15:27:15.0332 4832 ctac32k (f2e098f140b769ae62803e89230f11a9) C:\Windows\system32\drivers\ctac32k.sys 15:27:15.0343 4832 ctac32k - ok 15:27:15.0388 4832 ctaud2k (5c315e9dabf63d9d12973585a6113066) C:\Windows\system32\drivers\ctaud2k.sys 15:27:15.0407 4832 ctaud2k - ok 15:27:15.0462 4832 CTAudSvcService (07ba6d17e66879018b30b6c3f976ebed) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe 15:27:15.0483 4832 CTAudSvcService ( UnsignedFile.Multi.Generic ) - warning 15:27:15.0483 4832 CTAudSvcService - detected UnsignedFile.Multi.Generic (1) 15:27:15.0553 4832 CTEXFIFX (59d681564c6d5cd72890082925501be9) C:\Windows\system32\drivers\CTEXFIFX.SYS 15:27:15.0582 4832 CTEXFIFX - ok 15:27:15.0738 4832 CTEXFIFX.SYS (59d681564c6d5cd72890082925501be9) C:\Windows\System32\drivers\CTEXFIFX.SYS 15:27:15.0756 4832 CTEXFIFX.SYS - ok 15:27:15.0807 4832 CTHWIUT (d0ebcff35fe9a4f9d3ca2fd6a38bee56) C:\Windows\system32\drivers\CTHWIUT.SYS 15:27:15.0812 4832 CTHWIUT - ok 15:27:15.0814 4832 CTHWIUT.SYS (d0ebcff35fe9a4f9d3ca2fd6a38bee56) C:\Windows\System32\drivers\CTHWIUT.SYS 15:27:15.0818 4832 CTHWIUT.SYS - ok 15:27:15.0831 4832 ctprxy2k (ef305cab6295b8a250a77a7fd5f9f113) C:\Windows\system32\drivers\ctprxy2k.sys 15:27:15.0834 4832 ctprxy2k - ok 15:27:15.0849 4832 ctsfm2k (01323c189318b92bb7781b911de9d62b) C:\Windows\system32\drivers\ctsfm2k.sys 15:27:15.0856 4832 ctsfm2k - ok 15:27:15.0914 4832 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll 15:27:15.0956 4832 DcomLaunch - ok 15:27:16.0016 4832 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll 15:27:16.0127 4832 defragsvc - ok 15:27:16.0179 4832 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys 15:27:16.0243 4832 DfsC - ok 15:27:16.0273 4832 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll 15:27:16.0287 4832 Dhcp - ok 15:27:16.0300 4832 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 15:27:16.0337 4832 discache - ok 15:27:16.0365 4832 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 15:27:16.0371 4832 Disk - ok 15:27:16.0391 4832 Dnscache (676108c4e3aa6f6b34633748bd0bebd9) C:\Windows\System32\dnsrslvr.dll 15:27:16.0429 4832 Dnscache - ok 15:27:16.0462 4832 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll 15:27:16.0498 4832 dot3svc - ok 15:27:16.0529 4832 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll 15:27:16.0553 4832 DPS - ok 15:27:16.0589 4832 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 15:27:16.0597 4832 drmkaud - ok 15:27:16.0667 4832 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys 15:27:16.0706 4832 DXGKrnl - ok 15:27:16.0728 4832 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll 15:27:16.0766 4832 EapHost - ok 15:27:16.0913 4832 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 15:27:16.0992 4832 ebdrv - ok 15:27:17.0110 4832 EFS (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\System32\lsass.exe 15:27:17.0118 4832 EFS - ok 15:27:17.0190 4832 ehRecvr (3d69fae60ede442e004611a4ee4db44c) C:\Windows\ehome\ehRecvr.exe 15:27:17.0211 4832 ehRecvr - ok 15:27:17.0343 4832 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe 15:27:17.0351 4832 ehSched - ok 15:27:17.0392 4832 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 15:27:17.0405 4832 elxstor - ok 15:27:17.0437 4832 emupia (1b68c7ddd39811df63fc04af937be91a) C:\Windows\system32\drivers\emupia2k.sys 15:27:17.0441 4832 emupia - ok 15:27:17.0452 4832 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys 15:27:17.0477 4832 ErrDev - ok 15:27:17.0516 4832 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll 15:27:17.0553 4832 EventSystem - ok 15:27:17.0579 4832 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 15:27:17.0604 4832 exfat - ok 15:27:17.0615 4832 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 15:27:17.0650 4832 fastfat - ok 15:27:17.0725 4832 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe 15:27:17.0756 4832 Fax - ok 15:27:17.0777 4832 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 15:27:17.0795 4832 fdc - ok 15:27:17.0818 4832 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll 15:27:17.0842 4832 fdPHost - ok 15:27:17.0851 4832 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll 15:27:17.0874 4832 FDResPub - ok 15:27:17.0889 4832 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 15:27:17.0895 4832 FileInfo - ok 15:27:17.0899 4832 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 15:27:17.0922 4832 Filetrace - ok 15:27:17.0933 4832 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 15:27:17.0940 4832 flpydisk - ok 15:27:17.0960 4832 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys 15:27:17.0969 4832 FltMgr - ok 15:27:18.0025 4832 FontCache (8ac4cb4ea61e41009fae9ae7b2b5da3a) C:\Windows\system32\FntCache.dll 15:27:18.0083 4832 FontCache - ok 15:27:18.0160 4832 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 15:27:18.0164 4832 FontCache3.0.0.0 - ok 15:27:18.0196 4832 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 15:27:18.0202 4832 FsDepends - ok 15:27:18.0205 4832 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys 15:27:18.0210 4832 Fs_Rec - ok 15:27:18.0245 4832 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys 15:27:18.0256 4832 fvevol - ok 15:27:18.0281 4832 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 15:27:18.0287 4832 gagp30kx - ok 15:27:18.0346 4832 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll 15:27:18.0384 4832 gpsvc - ok 15:27:18.0465 4832 ha20x2k (c1c61e83f44b105a4a131cb0c583174c) C:\Windows\system32\drivers\ha20x2k.sys 15:27:18.0501 4832 ha20x2k - ok 15:27:18.0595 4832 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 15:27:18.0617 4832 hcw85cir - ok 15:27:18.0653 4832 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys 15:27:18.0675 4832 HdAudAddService - ok 15:27:18.0707 4832 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys 15:27:18.0734 4832 HDAudBus - ok 15:27:18.0752 4832 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 15:27:18.0776 4832 HidBatt - ok 15:27:18.0799 4832 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 15:27:18.0822 4832 HidBth - ok 15:27:18.0841 4832 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 15:27:18.0868 4832 HidIr - ok 15:27:18.0887 4832 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll 15:27:18.0921 4832 hidserv - ok 15:27:18.0961 4832 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys 15:27:18.0968 4832 HidUsb - ok 15:27:18.0990 4832 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll 15:27:19.0029 4832 hkmsvc - ok 15:27:19.0059 4832 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll 15:27:19.0069 4832 HomeGroupListener - ok 15:27:19.0109 4832 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll 15:27:19.0128 4832 HomeGroupProvider - ok 15:27:19.0151 4832 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys 15:27:19.0157 4832 HpSAMD - ok 15:27:19.0259 4832 hshld (b7cfe93627e7796624004687125a729f) C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe 15:27:19.0268 4832 hshld - ok 15:27:19.0327 4832 HssSrv (2cfea9c337b699aca38487e8a7438f35) C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe 15:27:19.0334 4832 HssSrv - ok 15:27:19.0384 4832 HssTrayService (b3c6eeeff5c5ea3235b7d84317c1fb3f) C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE 15:27:19.0389 4832 HssTrayService - ok 15:27:19.0405 4832 HssWd - ok 15:27:19.0448 4832 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys 15:27:19.0482 4832 HTTP - ok 15:27:19.0488 4832 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys 15:27:19.0493 4832 hwpolicy - ok 15:27:19.0513 4832 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys 15:27:19.0521 4832 i8042prt - ok 15:27:19.0548 4832 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys 15:27:19.0559 4832 iaStorV - ok 15:27:19.0695 4832 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 15:27:19.0719 4832 idsvc - ok 15:27:19.0734 4832 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 15:27:19.0740 4832 iirsp - ok 15:27:19.0807 4832 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll 15:27:19.0865 4832 IKEEXT - ok 15:27:19.0880 4832 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys 15:27:19.0886 4832 intelide - ok 15:27:19.0902 4832 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 15:27:19.0925 4832 intelppm - ok 15:27:19.0950 4832 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll 15:27:19.0985 4832 IPBusEnum - ok 15:27:20.0005 4832 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys 15:27:20.0028 4832 IpFilterDriver - ok 15:27:20.0040 4832 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys 15:27:20.0047 4832 IPMIDRV - ok 15:27:20.0063 4832 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 15:27:20.0104 4832 IPNAT - ok 15:27:20.0158 4832 irda (05360b1ea5a2abf620d1d96ebd8bd8f1) C:\Windows\system32\DRIVERS\irda.sys 15:27:20.0182 4832 irda - ok 15:27:20.0210 4832 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 15:27:20.0219 4832 IRENUM - ok 15:27:20.0233 4832 Irmon (3848384ab383f0a8f506c4370635c1f9) C:\Windows\System32\irmon.dll 15:27:20.0255 4832 Irmon - ok 15:27:20.0291 4832 irsir (d2ca12736624ba636f8357dc3ef0757e) C:\Windows\system32\DRIVERS\irsir.sys 15:27:20.0314 4832 irsir - ok 15:27:20.0328 4832 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys 15:27:20.0333 4832 isapnp - ok 15:27:20.0353 4832 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys 15:27:20.0361 4832 iScsiPrt - ok 15:27:20.0380 4832 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys 15:27:20.0386 4832 kbdclass - ok 15:27:20.0399 4832 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys 15:27:20.0406 4832 kbdhid - ok 15:27:20.0435 4832 KeyIso (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe 15:27:20.0442 4832 KeyIso - ok 15:27:20.0448 4832 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys 15:27:20.0454 4832 KSecDD - ok 15:27:20.0476 4832 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys 15:27:20.0484 4832 KSecPkg - ok 15:27:20.0497 4832 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 15:27:20.0530 4832 ksthunk - ok 15:27:20.0574 4832 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll 15:27:20.0601 4832 KtmRm - ok 15:27:20.0638 4832 LanmanServer (c926920b8978de6acfe9e15c709e9b57) C:\Windows\System32\srvsvc.dll 15:27:20.0664 4832 LanmanServer - ok 15:27:20.0708 4832 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll 15:27:20.0732 4832 LanmanWorkstation - ok 15:27:20.0770 4832 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 15:27:20.0793 4832 lltdio - ok 15:27:20.0837 4832 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll 15:27:20.0877 4832 lltdsvc - ok 15:27:20.0892 4832 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll 15:27:20.0914 4832 lmhosts - ok 15:27:20.0955 4832 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 15:27:20.0961 4832 LSI_FC - ok 15:27:20.0976 4832 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 15:27:20.0983 4832 LSI_SAS - ok 15:27:20.0990 4832 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 15:27:20.0996 4832 LSI_SAS2 - ok 15:27:21.0007 4832 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 15:27:21.0014 4832 LSI_SCSI - ok 15:27:21.0023 4832 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 15:27:21.0057 4832 luafv - ok 15:27:21.0112 4832 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys 15:27:21.0117 4832 MBAMProtector - ok 15:27:21.0196 4832 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 15:27:21.0216 4832 MBAMService - ok 15:27:21.0245 4832 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll 15:27:21.0270 4832 Mcx2Svc - ok 15:27:21.0289 4832 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 15:27:21.0295 4832 megasas - ok 15:27:21.0313 4832 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 15:27:21.0323 4832 MegaSR - ok 15:27:21.0366 4832 Microsoft Office Groove Audit Service (7c4c76b39d5525c4a465e0be32528e19) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe 15:27:21.0372 4832 Microsoft Office Groove Audit Service - ok 15:27:21.0387 4832 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 15:27:21.0426 4832 MMCSS - ok 15:27:21.0448 4832 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 15:27:21.0488 4832 Modem - ok 15:27:21.0520 4832 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 15:27:21.0546 4832 monitor - ok 15:27:21.0574 4832 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 15:27:21.0579 4832 mouclass - ok 15:27:21.0591 4832 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 15:27:21.0598 4832 mouhid - ok 15:27:21.0610 4832 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys 15:27:21.0616 4832 mountmgr - ok 15:27:21.0686 4832 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 15:27:21.0692 4832 MozillaMaintenance - ok 15:27:21.0754 4832 MpFilter (e6ba8e5a4a871899e23d64573ef58ee9) C:\Windows\system32\DRIVERS\MpFilter.sys 15:27:21.0762 4832 MpFilter - ok 15:27:21.0779 4832 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys 15:27:21.0787 4832 mpio - ok 15:27:21.0798 4832 MpNWMon (98b09a4f2c462441030b83a80a3f6fb3) C:\Windows\system32\DRIVERS\MpNWMon.sys 15:27:21.0802 4832 MpNWMon - ok 15:27:21.0811 4832 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 15:27:21.0834 4832 mpsdrv - ok 15:27:21.0860 4832 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys 15:27:21.0888 4832 MRxDAV - ok 15:27:21.0913 4832 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys 15:27:21.0933 4832 mrxsmb - ok 15:27:21.0959 4832 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys 15:27:21.0986 4832 mrxsmb10 - ok 15:27:22.0019 4832 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys 15:27:22.0026 4832 mrxsmb20 - ok 15:27:22.0033 4832 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys 15:27:22.0038 4832 msahci - ok 15:27:22.0103 4832 MSCamSvc (a592a054d78750b4d73abaa4c94decdf) C:\Program Files\Microsoft LifeCam\MSCamS64.exe 15:27:22.0109 4832 MSCamSvc - ok 15:27:22.0125 4832 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys 15:27:22.0132 4832 msdsm - ok 15:27:22.0169 4832 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe 15:27:22.0191 4832 MSDTC - ok 15:27:22.0211 4832 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 15:27:22.0233 4832 Msfs - ok 15:27:22.0253 4832 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 15:27:22.0275 4832 mshidkmdf - ok 15:27:22.0304 4832 MSHUSBVideo (55218f924e55fd2786ed40edf4ed79c3) C:\Windows\system32\Drivers\nx6000.sys 15:27:22.0308 4832 MSHUSBVideo - ok 15:27:22.0311 4832 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys 15:27:22.0316 4832 msisadrv - ok 15:27:22.0344 4832 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll 15:27:22.0394 4832 MSiSCSI - ok 15:27:22.0396 4832 msiserver - ok 15:27:22.0409 4832 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 15:27:22.0447 4832 MSKSSRV - ok 15:27:22.0475 4832 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 15:27:22.0497 4832 MSPCLOCK - ok 15:27:22.0499 4832 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 15:27:22.0531 4832 MSPQM - ok 15:27:22.0564 4832 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys 15:27:22.0574 4832 MsRPC - ok 15:27:22.0585 4832 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys 15:27:22.0590 4832 mssmbios - ok 15:27:22.0592 4832 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 15:27:22.0627 4832 MSTEE - ok 15:27:22.0646 4832 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 15:27:22.0665 4832 MTConfig - ok 15:27:22.0732 4832 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 15:27:22.0738 4832 Mup - ok 15:27:22.0796 4832 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll 15:27:22.0829 4832 napagent - ok 15:27:22.0888 4832 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 15:27:22.0914 4832 NativeWifiP - ok 15:27:22.0972 4832 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys 15:27:22.0996 4832 NDIS - ok 15:27:23.0009 4832 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 15:27:23.0031 4832 NdisCap - ok 15:27:23.0049 4832 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 15:27:23.0071 4832 NdisTapi - ok 15:27:23.0086 4832 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys 15:27:23.0122 4832 Ndisuio - ok 15:27:23.0146 4832 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys 15:27:23.0169 4832 NdisWan - ok 15:27:23.0184 4832 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys 15:27:23.0206 4832 NDProxy - ok 15:27:23.0214 4832 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 15:27:23.0248 4832 NetBIOS - ok 15:27:23.0274 4832 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys 15:27:23.0310 4832 NetBT - ok 15:27:23.0335 4832 Netlogon (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe 15:27:23.0342 4832 Netlogon - ok 15:27:23.0390 4832 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll 15:27:23.0432 4832 Netman - ok 15:27:23.0470 4832 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll 15:27:23.0503 4832 netprofm - ok 15:27:23.0604 4832 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 15:27:23.0610 4832 NetTcpPortSharing - ok 15:27:23.0618 4832 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 15:27:23.0624 4832 nfrd960 - ok 15:27:23.0659 4832 NisDrv (3713e8452b88d3e0be095e06b6fbc776) C:\Windows\system32\DRIVERS\NisDrvWFP.sys 15:27:23.0664 4832 NisDrv - ok 15:27:23.0763 4832 NisSrv (c67e39d2968400b38f54a10822e6eacf) c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe 15:27:23.0772 4832 NisSrv - ok 15:27:23.0795 4832 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll 15:27:23.0834 4832 NlaSvc - ok 15:27:23.0878 4832 NPF (c31fa031335eff434b2d94278e74bcce) C:\Windows\system32\drivers\npf.sys 15:27:23.0882 4832 NPF - ok 15:27:23.0895 4832 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 15:27:23.0917 4832 Npfs - ok 15:27:23.0943 4832 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll 15:27:23.0982 4832 nsi - ok 15:27:24.0002 4832 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 15:27:24.0041 4832 nsiproxy - ok 15:27:24.0120 4832 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys 15:27:24.0154 4832 Ntfs - ok 15:27:24.0272 4832 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 15:27:24.0308 4832 Null - ok 15:27:24.0328 4832 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys 15:27:24.0335 4832 nvraid - ok 15:27:24.0353 4832 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys 15:27:24.0360 4832 nvstor - ok 15:27:24.0369 4832 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys 15:27:24.0375 4832 nv_agp - ok 15:27:24.0465 4832 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 15:27:24.0481 4832 odserv - ok 15:27:24.0492 4832 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys 15:27:24.0499 4832 ohci1394 - ok 15:27:24.0522 4832 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 15:27:24.0528 4832 ose - ok 15:27:24.0562 4832 ossrv (eb8724534cee0977eac4878812682f6b) C:\Windows\system32\drivers\ctoss2k.sys 15:27:24.0568 4832 ossrv - ok 15:27:24.0612 4832 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 15:27:24.0634 4832 p2pimsvc - ok 15:27:24.0679 4832 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll 15:27:24.0697 4832 p2psvc - ok 15:27:24.0706 4832 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 15:27:24.0713 4832 Parport - ok 15:27:24.0723 4832 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys 15:27:24.0728 4832 partmgr - ok 15:27:24.0747 4832 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll 15:27:24.0774 4832 PcaSvc - ok 15:27:24.0800 4832 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys 15:27:24.0807 4832 pci - ok 15:27:24.0819 4832 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys 15:27:24.0824 4832 pciide - ok 15:27:24.0834 4832 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 15:27:24.0842 4832 pcmcia - ok 15:27:24.0854 4832 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 15:27:24.0860 4832 pcw - ok 15:27:24.0903 4832 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 15:27:24.0953 4832 PEAUTH - ok 15:27:25.0018 4832 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll 15:27:25.0061 4832 PeerDistSvc - ok 15:27:25.0132 4832 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe 15:27:25.0155 4832 PerfHost - ok 15:27:25.0229 4832 PEVSystemStart - ok 15:27:25.0343 4832 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll 15:27:25.0398 4832 pla - ok 15:27:25.0459 4832 PlugPlay (23157d583244400e1d7fbaee2e4b31b7) C:\Windows\system32\umpnpmgr.dll 15:27:25.0485 4832 PlugPlay - ok 15:27:25.0498 4832 PnkBstrA - ok 15:27:25.0506 4832 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll 15:27:25.0532 4832 PNRPAutoReg - ok 15:27:25.0570 4832 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 15:27:25.0579 4832 PNRPsvc - ok 15:27:25.0624 4832 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll 15:27:25.0667 4832 PolicyAgent - ok 15:27:25.0693 4832 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll 15:27:25.0732 4832 Power - ok 15:27:25.0792 4832 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys 15:27:25.0830 4832 PptpMiniport - ok 15:27:25.0864 4832 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 15:27:25.0885 4832 Processor - ok 15:27:25.0912 4832 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll 15:27:25.0938 4832 ProfSvc - ok 15:27:25.0968 4832 ProtectedStorage (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe 15:27:25.0976 4832 ProtectedStorage - ok 15:27:26.0015 4832 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys 15:27:26.0039 4832 Psched - ok 15:27:26.0113 4832 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 15:27:26.0143 4832 ql2300 - ok 15:27:26.0244 4832 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 15:27:26.0250 4832 ql40xx - ok 15:27:26.0274 4832 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll 15:27:26.0286 4832 QWAVE - ok 15:27:26.0296 4832 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 15:27:26.0322 4832 QWAVEdrv - ok 15:27:26.0341 4832 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 15:27:26.0374 4832 RasAcd - ok 15:27:26.0415 4832 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 15:27:26.0437 4832 RasAgileVpn - ok 15:27:26.0471 4832 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll 15:27:26.0495 4832 RasAuto - ok 15:27:26.0508 4832 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys 15:27:26.0532 4832 Rasl2tp - ok 15:27:26.0551 4832 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll 15:27:26.0577 4832 RasMan - ok 15:27:26.0589 4832 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 15:27:26.0612 4832 RasPppoe - ok 15:27:26.0654 4832 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 15:27:26.0690 4832 RasSstp - ok 15:27:26.0739 4832 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys 15:27:26.0782 4832 rdbss - ok 15:27:26.0824 4832 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 15:27:26.0833 4832 rdpbus - ok 15:27:26.0838 4832 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 15:27:26.0859 4832 RDPCDD - ok 15:27:26.0884 4832 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys 15:27:26.0906 4832 RDPDR - ok 15:27:26.0928 4832 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 15:27:26.0966 4832 RDPENCDD - ok 15:27:26.0980 4832 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 15:27:27.0001 4832 RDPREFMP - ok 15:27:27.0047 4832 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys 15:27:27.0083 4832 RDPWD - ok 15:27:27.0124 4832 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys 15:27:27.0132 4832 rdyboost - ok 15:27:27.0168 4832 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll 15:27:27.0191 4832 RemoteAccess - ok 15:27:27.0240 4832 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll 15:27:27.0279 4832 RemoteRegistry - ok 15:27:27.0351 4832 rpcapd (a780d3eaa74582ea1deb6bd9c7a3d9c9) C:\Program Files (x86)\WinPcap\rpcapd.exe 15:27:27.0356 4832 rpcapd - ok 15:27:27.0367 4832 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll 15:27:27.0401 4832 RpcEptMapper - ok 15:27:27.0430 4832 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe 15:27:27.0485 4832 RpcLocator - ok 15:27:27.0588 4832 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll 15:27:27.0617 4832 RpcSs - ok 15:27:27.0632 4832 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 15:27:27.0673 4832 rspndr - ok 15:27:27.0700 4832 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys 15:27:27.0707 4832 s3cap - ok 15:27:27.0718 4832 SamSs (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe 15:27:27.0725 4832 SamSs - ok 15:27:27.0739 4832 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys 15:27:27.0745 4832 sbp2port - ok 15:27:27.0764 4832 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll 15:27:27.0790 4832 SCardSvr - ok 15:27:27.0799 4832 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys 15:27:27.0838 4832 scfilter - ok 15:27:27.0911 4832 Schedule (ec56b171f85c7e855e7b0588ac503eea) C:\Windows\system32\schedsvc.dll 15:27:27.0955 4832 Schedule - ok 15:27:27.0984 4832 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll 15:27:28.0006 4832 SCPolicySvc - ok 15:27:28.0020 4832 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll 15:27:28.0029 4832 SDRSVC - ok 15:27:28.0070 4832 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 15:27:28.0110 4832 secdrv - ok 15:27:28.0129 4832 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll 15:27:28.0169 4832 seclogon - ok 15:27:28.0188 4832 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll 15:27:28.0226 4832 SENS - ok 15:27:28.0242 4832 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll 15:27:28.0261 4832 SensrSvc - ok 15:27:28.0276 4832 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 15:27:28.0282 4832 Serenum - ok 15:27:28.0294 4832 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 15:27:28.0301 4832 Serial - ok 15:27:28.0314 4832 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 15:27:28.0321 4832 sermouse - ok 15:27:28.0341 4832 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll 15:27:28.0365 4832 SessionEnv - ok 15:27:28.0381 4832 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys 15:27:28.0404 4832 sffdisk - ok 15:27:28.0428 4832 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys 15:27:28.0445 4832 sffp_mmc - ok 15:27:28.0462 4832 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys 15:27:28.0469 4832 sffp_sd - ok 15:27:28.0477 4832 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 15:27:28.0484 4832 sfloppy - ok 15:27:28.0507 4832 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll 15:27:28.0535 4832 ShellHWDetection - ok 15:27:28.0553 4832 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 15:27:28.0558 4832 SiSRaid2 - ok 15:27:28.0570 4832 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 15:27:28.0575 4832 SiSRaid4 - ok 15:27:28.0599 4832 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 15:27:28.0622 4832 Smb - ok 15:27:28.0644 4832 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe 15:27:28.0652 4832 SNMPTRAP - ok 15:27:28.0659 4832 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 15:27:28.0664 4832 spldr - ok 15:27:28.0693 4832 Spooler (89e8550c5862999fcf482ea562b0e98e) C:\Windows\System32\spoolsv.exe 15:27:28.0716 4832 Spooler - ok 15:27:28.0865 4832 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe 15:27:28.0930 4832 sppsvc - ok 15:27:29.0024 4832 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll 15:27:29.0048 4832 sppuinotify - ok 15:27:29.0135 4832 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys 15:27:29.0135 4832 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb 15:27:29.0137 4832 sptd ( LockedFile.Multi.Generic ) - warning 15:27:29.0137 4832 sptd - detected LockedFile.Multi.Generic (1) 15:27:29.0179 4832 srv (37c3abc2338010e110d2a6a3930f3149) C:\Windows\system32\DRIVERS\srv.sys 15:27:29.0195 4832 srv - ok 15:27:29.0243 4832 srv2 (f773d2ed090b7baa1c1a034f3ca476c8) C:\Windows\system32\DRIVERS\srv2.sys 15:27:29.0270 4832 srv2 - ok 15:27:29.0302 4832 srvnet (cce32bb223e9ff55d241099a858fa889) C:\Windows\system32\DRIVERS\srvnet.sys 15:27:29.0327 4832 srvnet - ok 15:27:29.0377 4832 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll 15:27:29.0420 4832 SSDPSRV - ok 15:27:29.0444 4832 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll 15:27:29.0468 4832 SstpSvc - ok 15:27:29.0530 4832 Steam Client Service - ok 15:27:29.0539 4832 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 15:27:29.0544 4832 stexstor - ok 15:27:29.0597 4832 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll 15:27:29.0638 4832 stisvc - ok 15:27:29.0658 4832 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys 15:27:29.0664 4832 storflt - ok 15:27:29.0682 4832 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys 15:27:29.0687 4832 storvsc - ok 15:27:29.0692 4832 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys 15:27:29.0697 4832 swenum - ok 15:27:29.0730 4832 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll 15:27:29.0761 4832 swprv - ok 15:27:29.0837 4832 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll 15:27:29.0877 4832 SysMain - ok 15:27:29.0977 4832 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll 15:27:30.0006 4832 TabletInputService - ok 15:27:30.0050 4832 taphss (f33fdc72298df4bf9813a55d21f4eb31) C:\Windows\system32\DRIVERS\taphss.sys 15:27:30.0054 4832 taphss - ok 15:27:30.0075 4832 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll 15:27:30.0112 4832 TapiSrv - ok 15:27:30.0131 4832 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll 15:27:30.0156 4832 TBS - ok 15:27:30.0252 4832 Tcpip (7fc877a25796d8adf539e64703fca7e1) C:\Windows\system32\drivers\tcpip.sys 15:27:30.0289 4832 Tcpip - ok 15:27:30.0385 4832 TCPIP6 (7fc877a25796d8adf539e64703fca7e1) C:\Windows\system32\DRIVERS\tcpip.sys 15:27:30.0408 4832 TCPIP6 - ok 15:27:30.0442 4832 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys 15:27:30.0464 4832 tcpipreg - ok 15:27:30.0469 4832 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 15:27:30.0492 4832 TDPIPE - ok 15:27:30.0502 4832 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys 15:27:30.0523 4832 TDTCP - ok 15:27:30.0535 4832 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys 15:27:30.0570 4832 tdx - ok 15:27:30.0588 4832 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys 15:27:30.0593 4832 TermDD - ok 15:27:30.0646 4832 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll 15:27:30.0699 4832 TermService - ok 15:27:30.0746 4832 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll 15:27:30.0757 4832 Themes - ok 15:27:30.0786 4832 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 15:27:30.0809 4832 THREADORDER - ok 15:27:30.0832 4832 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll 15:27:30.0857 4832 TrkWks - ok 15:27:30.0925 4832 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe 15:27:30.0935 4832 TrustedInstaller - ok 15:27:30.0941 4832 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys 15:27:30.0965 4832 tssecsrv - ok 15:27:31.0029 4832 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys 15:27:31.0069 4832 tunnel - ok 15:27:31.0220 4832 TVersityMediaServer (685a80878bab2e587b07053793c47bc4) C:\Users\napdizzle\AppData\Local\TVersity\Media Server\MediaServer.exe 15:27:31.0241 4832 TVersityMediaServer ( UnsignedFile.Multi.Generic ) - warning 15:27:31.0241 4832 TVersityMediaServer - detected UnsignedFile.Multi.Generic (1) 15:27:31.0249 4832 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 15:27:31.0255 4832 uagp35 - ok 15:27:31.0276 4832 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys 15:27:31.0316 4832 udfs - ok 15:27:31.0339 4832 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe 15:27:31.0347 4832 UI0Detect - ok 15:27:31.0357 4832 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys 15:27:31.0363 4832 uliagpkx - ok 15:27:31.0381 4832 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys 15:27:31.0388 4832 umbus - ok 15:27:31.0393 4832 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 15:27:31.0411 4832 UmPass - ok 15:27:31.0503 4832 UmRdpService (af0ac98ee5077eb844413eb54287fde3) C:\Windows\System32\umrdp.dll 15:27:31.0513 4832 UmRdpService - ok 15:27:31.0537 4832 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll 15:27:31.0563 4832 upnphost - ok 15:27:31.0606 4832 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys 15:27:31.0631 4832 usbaudio - ok 15:27:31.0648 4832 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys 15:27:31.0668 4832 usbccgp - ok 15:27:31.0699 4832 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys 15:27:31.0726 4832 usbcir - ok 15:27:31.0743 4832 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys 15:27:31.0750 4832 usbehci - ok 15:27:31.0783 4832 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys 15:27:31.0808 4832 usbhub - ok 15:27:31.0828 4832 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys 15:27:31.0834 4832 usbohci - ok 15:27:31.0854 4832 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 15:27:31.0862 4832 usbprint - ok 15:27:31.0900 4832 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys 15:27:31.0909 4832 usbscan - ok 15:27:31.0917 4832 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS 15:27:31.0925 4832 USBSTOR - ok 15:27:31.0928 4832 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys 15:27:31.0935 4832 usbuhci - ok 15:27:31.0967 4832 usbvideo (d501e12614b00a3252073101d6a1a74b) C:\Windows\system32\Drivers\usbvideo.sys 15:27:31.0988 4832 usbvideo - ok 15:27:32.0006 4832 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll 15:27:32.0028 4832 UxSms - ok 15:27:32.0059 4832 VaultSvc (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe 15:27:32.0066 4832 VaultSvc - ok 15:27:32.0074 4832 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys 15:27:32.0079 4832 vdrvroot - ok 15:27:32.0107 4832 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe 15:27:32.0131 4832 vds - ok 15:27:32.0142 4832 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 15:27:32.0150 4832 vga - ok 15:27:32.0155 4832 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 15:27:32.0189 4832 VgaSave - ok 15:27:32.0216 4832 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys 15:27:32.0223 4832 vhdmp - ok 15:27:32.0236 4832 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys 15:27:32.0241 4832 viaide - ok 15:27:32.0255 4832 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys 15:27:32.0263 4832 vmbus - ok 15:27:32.0270 4832 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys 15:27:32.0288 4832 VMBusHID - ok 15:27:32.0308 4832 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys 15:27:32.0314 4832 volmgr - ok 15:27:32.0334 4832 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys 15:27:32.0344 4832 volmgrx - ok 15:27:32.0363 4832 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys 15:27:32.0372 4832 volsnap - ok 15:27:32.0384 4832 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 15:27:32.0391 4832 vsmraid - ok 15:27:32.0462 4832 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe 15:27:32.0514 4832 VSS - ok 15:27:32.0784 4832 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys 15:27:32.0793 4832 vwifibus - ok 15:27:32.0814 4832 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll 15:27:32.0841 4832 W32Time - ok 15:27:32.0851 4832 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 15:27:32.0858 4832 WacomPen - ok 15:27:32.0877 4832 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys 15:27:32.0900 4832 WANARP - ok 15:27:32.0902 4832 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys 15:27:32.0924 4832 Wanarpv6 - ok 15:27:32.0991 4832 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe 15:27:33.0042 4832 wbengine - ok 15:27:33.0091 4832 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll 15:27:33.0104 4832 WbioSrvc - ok 15:27:33.0124 4832 wcncsvc (8321c2ca3b62b61b293cda3451984468) C:\Windows\System32\wcncsvc.dll 15:27:33.0140 4832 wcncsvc - ok 15:27:33.0152 4832 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll 15:27:33.0170 4832 WcsPlugInService - ok 15:27:33.0192 4832 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 15:27:33.0197 4832 Wd - ok 15:27:33.0264 4832 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 15:27:33.0279 4832 Wdf01000 - ok 15:27:33.0294 4832 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 15:27:33.0317 4832 WdiServiceHost - ok 15:27:33.0319 4832 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 15:27:33.0329 4832 WdiSystemHost - ok 15:27:33.0361 4832 WebClient (8a438cbb8c032a0c798b0c642ffbe572) C:\Windows\System32\webclnt.dll 15:27:33.0384 4832 WebClient - ok 15:27:33.0415 4832 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll 15:27:33.0457 4832 Wecsvc - ok 15:27:33.0474 4832 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll 15:27:33.0517 4832 wercplsupport - ok 15:27:33.0547 4832 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll 15:27:33.0571 4832 WerSvc - ok 15:27:33.0620 4832 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 15:27:33.0643 4832 WfpLwf - ok 15:27:33.0653 4832 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 15:27:33.0658 4832 WIMMount - ok 15:27:33.0662 4832 WinHttpAutoProxySvc - ok 15:27:33.0726 4832 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll 15:27:33.0751 4832 Winmgmt - ok 15:27:33.0836 4832 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll 15:27:33.0905 4832 WinRM - ok 15:27:34.0037 4832 WinUSB (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUSB.sys 15:27:34.0046 4832 WinUSB - ok 15:27:34.0088 4832 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll 15:27:34.0115 4832 Wlansvc - ok 15:27:34.0290 4832 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 15:27:34.0332 4832 wlidsvc - ok 15:27:34.0380 4832 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys 15:27:34.0386 4832 WmiAcpi - ok 15:27:34.0448 4832 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe 15:27:34.0474 4832 wmiApSrv - ok 15:27:34.0522 4832 WMPNetworkSvc - ok 15:27:34.0586 4832 WMZuneComm (45de51db0950a4b8595520ef0bafcff1) c:\Program Files\Zune\WMZuneComm.exe 15:27:34.0596 4832 WMZuneComm - ok 15:27:34.0610 4832 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll 15:27:34.0617 4832 WPCSvc - ok 15:27:34.0637 4832 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll 15:27:34.0663 4832 WPDBusEnum - ok 15:27:34.0666 4832 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 15:27:34.0689 4832 ws2ifsl - ok 15:27:34.0691 4832 WSearch - ok 15:27:34.0808 4832 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll 15:27:34.0867 4832 wuauserv - ok 15:27:34.0968 4832 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys 15:27:34.0992 4832 WudfPf - ok 15:27:35.0014 4832 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys 15:27:35.0038 4832 WUDFRd - ok 15:27:35.0049 4832 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll 15:27:35.0090 4832 wudfsvc - ok 15:27:35.0114 4832 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll 15:27:35.0127 4832 WwanSvc - ok 15:27:35.0250 4832 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe 15:27:35.0259 4832 YahooAUService - ok 15:27:35.0307 4832 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys 15:27:35.0337 4832 yukonw7 - ok 15:27:35.0384 4832 zntport (518b04e0ebeab273135b4408b8ed97e6) C:\Windows\System32\drivers\zntport.sys 15:27:35.0390 4832 zntport - ok 15:27:35.0768 4832 ZuneNetworkSvc (b79c2ce5340a5eca38ca1f74aa445d2b) c:\Program Files\Zune\ZuneNss.exe 15:27:35.0908 4832 ZuneNetworkSvc - ok 15:27:36.0037 4832 ZuneWlanCfgSvc (e2859aea054422fe40517179ae867c2d) c:\Windows\system32\ZuneWlanCfgSvc.exe 15:27:36.0054 4832 ZuneWlanCfgSvc - ok 15:27:36.0077 4832 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 15:27:36.0240 4832 \Device\Harddisk0\DR0 - ok 15:27:36.0243 4832 MBR (0x1B8) (8ff255184f078c9c04e6a2ce66117c5c) \Device\Harddisk3\DR3 15:27:36.0806 4832 \Device\Harddisk3\DR3 - ok 15:27:36.0811 4832 Boot (0x1200) (df95e5de16c96b5e1b88fb0a95af43f8) \Device\Harddisk0\DR0\Partition0 15:27:36.0812 4832 \Device\Harddisk0\DR0\Partition0 - ok 15:27:36.0818 4832 Boot (0x1200) (bdf0ccfb93bf6c62250ee1a0bef32d50) \Device\Harddisk0\DR0\Partition1 15:27:36.0819 4832 \Device\Harddisk0\DR0\Partition1 - ok 15:27:36.0822 4832 Boot (0x1200) (e0a169b83be2ad6ab453a54b87aab61d) \Device\Harddisk3\DR3\Partition0 15:27:36.0823 4832 \Device\Harddisk3\DR3\Partition0 - ok 15:27:36.0823 4832 ============================================================ 15:27:36.0823 4832 Scan finished 15:27:36.0823 4832 ============================================================ 15:27:36.0830 0708 Detected object count: 4 15:27:36.0831 0708 Actual detected object count: 4 15:34:37.0302 0708 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user 15:34:37.0302 0708 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:34:37.0303 0708 CTAudSvcService ( UnsignedFile.Multi.Generic ) - skipped by user 15:34:37.0303 0708 CTAudSvcService ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:34:37.0304 0708 sptd ( LockedFile.Multi.Generic ) - skipped by user 15:34:37.0304 0708 sptd ( LockedFile.Multi.Generic ) - User select action: Skip 15:34:37.0305 0708 TVersityMediaServer ( UnsignedFile.Multi.Generic ) - skipped by user 15:34:37.0305 0708 TVersityMediaServer ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:34:57.0881 5044 ============================================================ 15:34:57.0881 5044 Scan started 15:34:57.0881 5044 Mode: Manual; SigCheck; TDLFS; 15:34:57.0881 5044 ============================================================ 15:34:59.0444 5044 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys 15:34:59.0455 5044 1394ohci - ok 15:34:59.0478 5044 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys 15:34:59.0486 5044 ACPI - ok 15:34:59.0493 5044 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys 15:34:59.0501 5044 AcpiPmi - ok 15:34:59.0535 5044 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 15:34:59.0544 5044 adp94xx - ok 15:34:59.0565 5044 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 15:34:59.0572 5044 adpahci - ok 15:34:59.0589 5044 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 15:34:59.0596 5044 adpu320 - ok 15:34:59.0639 5044 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll 15:34:59.0661 5044 AeLookupSvc - ok 15:34:59.0758 5044 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys 15:34:59.0783 5044 AFD - ok 15:34:59.0877 5044 AffinegyService (7e077309910ce334c3b2b7b8665a55c4) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe 15:34:59.0887 5044 AffinegyService - ok 15:34:59.0895 5044 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys 15:34:59.0900 5044 agp440 - ok 15:34:59.0914 5044 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe 15:34:59.0921 5044 ALG - ok 15:34:59.0923 5044 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys 15:34:59.0928 5044 aliide - ok 15:35:00.0047 5044 ALSysIO - ok 15:35:00.0081 5044 AMD External Events Utility (962227630779043b5c1d4cd157abb912) C:\Windows\system32\atiesrxx.exe 15:35:00.0092 5044 AMD External Events Utility - ok 15:35:00.0155 5044 AMD FUEL Service - ok 15:35:00.0158 5044 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys 15:35:00.0163 5044 amdide - ok 15:35:00.0172 5044 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys 15:35:00.0175 5044 amdiox64 - ok 15:35:00.0189 5044 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 15:35:00.0195 5044 AmdK8 - ok 15:35:00.0627 5044 amdkmdag (56d6631761ec37745f0df16bcdc4caf4) C:\Windows\system32\DRIVERS\atikmdag.sys 15:35:00.0715 5044 amdkmdag - ok 15:35:00.0857 5044 amdkmdap (2d9005ea0bfd25c740e53c8dd3c069e0) C:\Windows\system32\DRIVERS\atikmpag.sys 15:35:00.0870 5044 amdkmdap - ok 15:35:00.0906 5044 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 15:35:00.0912 5044 AmdPPM - ok 15:35:00.0929 5044 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys 15:35:00.0936 5044 amdsata - ok 15:35:00.0955 5044 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 15:35:00.0962 5044 amdsbs - ok 15:35:00.0975 5044 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys 15:35:00.0980 5044 amdxata - ok 15:35:01.0051 5044 AODDriver4.01 (0e2ba6dc63e9cf3bf275856735a3e3be) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys 15:35:01.0055 5044 AODDriver4.01 - ok 15:35:01.0057 5044 AODDriver4.1 (0e2ba6dc63e9cf3bf275856735a3e3be) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys 15:35:01.0060 5044 AODDriver4.1 - ok 15:35:01.0068 5044 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys 15:35:01.0078 5044 AppID - ok 15:35:01.0108 5044 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll 15:35:01.0130 5044 AppIDSvc - ok 15:35:01.0142 5044 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll 15:35:01.0164 5044 Appinfo - ok 15:35:01.0180 5044 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll 15:35:01.0188 5044 AppMgmt - ok 15:35:01.0199 5044 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 15:35:01.0205 5044 arc - ok 15:35:01.0221 5044 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 15:35:01.0227 5044 arcsas - ok 15:35:01.0233 5044 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 15:35:01.0255 5044 AsyncMac - ok 15:35:01.0261 5044 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys 15:35:01.0266 5044 atapi - ok 15:35:01.0291 5044 AtiHDAudioService (2b3b05c0a7768bf033217eb8f33f9c35) C:\Windows\system32\drivers\AtihdW76.sys 15:35:01.0296 5044 AtiHDAudioService - ok 15:35:01.0319 5044 AtiHdmiService (77c149e6d702737b2e372dee166faef8) C:\Windows\system32\drivers\AtiHdmi.sys 15:35:01.0334 5044 AtiHdmiService - ok 15:35:01.0369 5044 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll 15:35:01.0405 5044 AudioEndpointBuilder - ok 15:35:01.0409 5044 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll 15:35:01.0435 5044 AudioSrv - ok 15:35:01.0445 5044 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll 15:35:01.0455 5044 AxInstSV - ok 15:35:01.0481 5044 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
- June 17, 2012
- 12 replies
Ping.exe and Trojan.dropper.bcminer and redirecting internet

twistid posted a topic in Resolved Malware Removal Logs

I've been having this issue ongoing for nearly two weeks... I have followed numerous topics on trying to remove this virus and stop the redirecting/random advertisements playing on my computer. In my processes I have Ping.exe and Malware detects the Bcminer... Attached are logs that I normally see requested when providing assistance. I have gone through numerous different topics and followed all of there instructions to no avail, so hopefully tailored service may help my situation. I would appreciate any assistance Malwarebytes may provide . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 10.4.1 Run by napdizzle at 15:56:58 on 2012-06-17 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4095.2038 [GMT -5:00] . AV: Microsoft Security Essentials *Disabled/Outdated* {108DAC43-C256-20B7-BB05-914135DA5160} SP: Microsoft Security Essentials *Disabled/Outdated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\atieclxx.exe C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe C:\Program Files\Microsoft LifeCam\MSCamS64.exe C:\Windows\SysWOW64\PnkBstrA.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskhost.exe C:\Program Files\Zune\ZuneLauncher.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files (x86)\uTorrent\uTorrent.exe C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Windows\SysWOW64\Ctxfihlp.exe C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\system32\SearchProtocolHost.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Windows\SysWOW64\ping.exe C:\Windows\system32\conhost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: SteadyVideoBHO Class: {6c680bae-655c-4e3d-8fc4-e6a520c3d928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" uRun: [RGSC] C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun uRun: [igndlm.exe] C:\Program Files (x86)\Download Manager\DLM.exe /windowsstart /startifwork uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized uRun: [Google Update] "C:\Users\napdizzle\AppData\Local\Google\Update\GoogleUpdate.exe" /c mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe" mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" mRun: [CTxfiHlp] CTXFIHLP.EXE mRun: [instaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\AMLDEV~1.LNK - C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 0 (0x0) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL LSP: mswsock.dll Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{249BD807-FFCF-443B-90E5-952C3A29DE0F} : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{67986829-03FE-4B19-B19C-30F44ABEFE5B} : DhcpNameServer = 10.36.16.1 Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll BHO-X64: 0x1 - No File BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll BHO-X64: AMD SteadyVideo BHO - No File BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO-X64: SkypeIEPluginBHO - No File BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll BHO-X64: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" mRun-x64: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe" mRun-x64: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" mRun-x64: [CTxfiHlp] CTXFIHLP.EXE mRun-x64: [instaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\napdizzle\AppData\Roaming\Mozilla\Firefox\Profiles\8dpkf5f0.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/|www.gmail.com FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll FF - plugin: C:\Program Files (x86)\Download Manager\npfpdlm.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\napdizzle\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: C:\Users\napdizzle\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll . ============= SERVICES / DRIVERS =============== . R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-2-14 361984] R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-1-3 55936] R2 cpuz133;cpuz133;\??\C:\Windows\system32\drivers\cpuz133_x64.sys --> C:\Windows\system32\drivers\cpuz133_x64.sys [?] R2 hshld;Hotspot Shield Service;C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe [2012-4-10 542552] R2 HssWd;Hotspot Shield Monitoring Service;C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -product HSS --> C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -product HSS [?] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-5-22 654408] R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?] R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?] R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?] R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?] R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?] R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\system32\Drivers\nx6000.sys --> C:\Windows\system32\Drivers\nx6000.sys [?] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?] S2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-1-3 55936] S2 PEVSystemStart;PEVSystemStart;C:\32788R22FWJFW\pev.3XE [2011-6-26 256000] S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-1-31 79360] S3 CT20XUT;CT20XUT;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?] S3 CTEXFIFX;CTEXFIFX;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?] S3 CTHWIUT;CTHWIUT;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?] S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-26 113120] S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?] S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?] S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616] S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2010-9-23 306416] . =============== Created Last 30 ================ . 2012-06-17 20:44:36 -------- d-----w- C:\Users\napdizzle\AppData\Local\{CE85CE9E-B705-41A9-A4EE-3BA45ADB3D9A} 2012-06-17 17:48:03 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll 2012-06-17 17:48:03 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll 2012-06-16 06:37:17 -------- d-----w- C:\Users\napdizzle\AppData\Local\{00121ED0-6BA3-4EB4-8901-ED00E2FE8D61} 2012-06-13 02:10:36 561992 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor12.dll 2012-06-13 02:10:10 -------- d-----w- C:\update 2012-06-13 02:10:10 -------- d-----w- C:\hsswd 2012-06-13 02:10:10 -------- d-----w- C:\hssff 2012-06-13 02:10:09 -------- d-----w- C:\ProgramData\Hotspot Shield 2012-06-12 02:03:59 -------- d-----w- C:\Users\napdizzle\AppData\Local\Skyrim 2012-06-12 01:26:51 -------- d-----w- C:\Users\napdizzle\AppData\Local\{417C1B19-9E0F-4373-85A1-530EF725C547} 2012-06-12 01:06:19 78680 ----a-w- C:\Windows\System32\XAPOFX1_4.dll 2012-06-12 01:06:19 74072 ----a-w- C:\Windows\SysWow64\XAPOFX1_4.dll 2012-06-12 01:06:19 530776 ----a-w- C:\Windows\System32\XAudio2_6.dll 2012-06-12 01:06:19 528216 ----a-w- C:\Windows\SysWow64\XAudio2_6.dll 2012-06-12 01:06:18 24920 ----a-w- C:\Windows\System32\X3DAudio1_7.dll 2012-06-12 01:06:18 238936 ----a-w- C:\Windows\SysWow64\xactengine3_6.dll 2012-06-12 01:06:18 22360 ----a-w- C:\Windows\SysWow64\X3DAudio1_7.dll 2012-06-12 01:06:18 176984 ----a-w- C:\Windows\System32\xactengine3_6.dll 2012-06-12 01:01:38 -------- d-----w- C:\Program Files (x86)\The Elder Scrolls V Skyrim 2012-06-12 00:34:51 -------- d-----w- C:\Program Files (x86)\Oracle 2012-06-12 00:34:34 772504 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2012-06-11 13:26:26 -------- d-----w- C:\Users\napdizzle\AppData\Local\{06E32F9D-600F-46A4-A06C-13207BEB2174} 2012-06-11 13:26:15 -------- d-----w- C:\Users\napdizzle\AppData\Local\{64AF2943-7B43-4284-A562-3D3E352A2DF3} 2012-06-11 01:34:31 98816 ----a-w- C:\Windows\sed.exe 2012-06-11 01:34:31 518144 ----a-w- C:\Windows\SWREG.exe 2012-06-11 01:34:31 256000 ----a-w- C:\Windows\PEV.exe 2012-06-11 01:34:31 208896 ----a-w- C:\Windows\MBR.exe 2012-06-11 01:34:25 -------- d-s---w- C:\ComboFix 2012-06-11 01:25:49 -------- d-----w- C:\Users\napdizzle\AppData\Local\{89CF3D2F-66E1-4867-8E2D-CD5698DD685C} 2012-06-11 01:25:34 -------- d-----w- C:\Users\napdizzle\AppData\Local\{F355C043-FEBE-439F-91E5-C4B0D130E74F} 2012-06-11 01:24:37 -------- d-----w- C:\Windows\en 2012-06-11 01:19:41 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\46b4e4bc1cd477003\DSETUP.dll 2012-06-11 01:19:41 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\46b4e4bc1cd477003\DXSETUP.exe 2012-06-11 01:19:41 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\46b4e4bc1cd477003\dsetup32.dll 2012-06-11 01:15:52 -------- d-----w- C:\Users\napdizzle\AppData\Local\{220F9A20-E422-49BA-885B-DF5509174EE4} 2012-06-11 01:15:39 -------- d-----w- C:\Users\napdizzle\AppData\Local\{9BFAD569-CCF0-4D7A-8BCB-E0C4F119BDDE} 2012-06-11 00:32:35 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-06-10 23:36:31 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA% 2012-06-10 20:55:47 8955792 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D9EBB7D1-801F-425F-9DEB-22DEA6D080AF}\mpengine.dll 2012-05-30 20:53:02 -------- d-----w- C:\Users\napdizzle\AppData\Local\{ACECDD50-E09F-46BB-A07B-2D9A43BD8579} 2012-05-30 20:52:34 -------- d-----w- C:\Users\napdizzle\AppData\Local\{E0918699-3109-45AA-B4B9-8FD1DE156650} 2012-05-23 14:13:39 -------- d-----w- C:\Users\napdizzle\AppData\Local\{EAC9A3A3-B853-48B6-B69D-D48B58F97D9E} 2012-05-23 14:13:25 -------- d-----w- C:\Users\napdizzle\AppData\Local\{7F0A22DD-F753-4759-88F2-68F5E1F805A1} 2012-05-22 04:49:20 288 ----a-w- C:\Users\napdizzle\AppData\Roaming\9F513D51.reg 2012-05-22 04:34:14 -------- d-----w- C:\Users\napdizzle\AppData\Local\{4C1A56FE-673C-4191-89C1-00F7A71804CD} 2012-05-22 04:33:52 -------- d-----w- C:\Users\napdizzle\AppData\Local\{FEA777D8-6B8F-4C32-B2AB-15AA29387CC6} . ==================== Find3M ==================== . 2012-06-11 00:32:35 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-04-04 23:47:02 687504 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-04-04 20:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys . ============= FINISH: 15:57:51.10 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Ultimate Boot Device: \Device\HarddiskVolume1 Install Date: 3/8/2010 5:53:00 PM System Uptime: 6/17/2012 3:42:59 PM (0 hours ago) . Motherboard: DFI Inc. | | LP DK 790FXB-M3H5 Processor: AMD Phenom™ II X4 965 Processor | Socket AM2 | 3400/200mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 699 GiB total, 109.915 GiB free. D: is CDROM (UDF) F: is FIXED (FAT32) - 466 GiB total, 3.472 GiB free. G: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP800: 5/31/2012 3:55:17 PM - Windows Update RP801: 6/1/2012 3:55:03 PM - Windows Update RP802: 6/2/2012 3:55:03 PM - Windows Update RP803: 6/3/2012 2:08:45 AM - Windows Update RP804: 6/3/2012 3:55:00 PM - Windows Update RP805: 6/4/2012 3:55:01 PM - Windows Update RP806: 6/5/2012 3:55:01 PM - Windows Update RP807: 6/6/2012 3:55:07 PM - Windows Update RP808: 6/7/2012 3:55:01 PM - Windows Update RP809: 6/8/2012 3:55:00 PM - Windows Update RP810: 6/9/2012 3:55:01 PM - Windows Update RP811: 6/10/2012 2:09:02 AM - Windows Update RP812: 6/10/2012 3:55:18 PM - Windows Update RP813: 6/10/2012 8:19:40 PM - Windows Live Essentials RP814: 6/10/2012 8:21:08 PM - Installed DirectX RP815: 6/10/2012 8:21:28 PM - Installed DirectX RP816: 6/10/2012 8:21:55 PM - WLSetup RP817: 6/11/2012 7:34:09 PM - Installed Java™ 7 Update 4 RP818: 6/11/2012 7:34:36 PM - Installed JavaFX 2.1.0 RP819: 6/11/2012 8:05:01 PM - Installed DirectX . ==== Installed Programs ====================== . µTorrent Acrobat.com Adobe AIR Adobe Flash Player 11 ActiveX Adobe Reader 9.3 Alien Swarm Altitude AMD VISION Engine Control Center ArcaniA - Gothic 4 Assassin's Creed II ATI Catalyst Registration Battlefield 3™ Open Beta Battlefield: Bad Company 2 Battlelog Web Plugins Belkin Setup and Router Monitor Call of Duty: Black Ops Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish Cities XL 2011 Counter-Strike: Source Creative Audio Control Panel Creative Software AutoUpdate Creative Sound Blaster Properties x64 Edition D3DX10 DC Universe Online Beta Dead Space™ 2 Deus Ex - Human Revolution version 1.0 DFX for Windows Media Player DivX Web Player Download Manager 2.3.10 Driver Cleaner.NET ESN Sonar Ez_Flash Facebook Plug-In Fallout New Vegas FoxTab FLV Player GmoteServer Google Chrome Grand Theft Auto IV Hotspot Shield 2.53 HP Deskjet 1000 J110 series Help Java Auto Updater Java™ 6 Update 26 Java™ 7 Update 4 JavaFX 2.1.0 Mafia II Malwarebytes Anti-Malware version 1.61.0.1400 Medal of Honor™ MP Beta Microsoft Corporation Microsoft Games for Windows - LIVE Microsoft Games for Windows - LIVE Redistributable Microsoft Office 2007 Service Pack 2 (SP2) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Mozilla Firefox 13.0.1 (x86 en-US) Mozilla Maintenance Service MSVCRT Need for Speed™ Hot Pursuit NVIDIA PhysX OpenAL Origin PDG Gold for NCOs - 2009 PFPortChecker 1.0.32 Portal Portal 2 PunkBuster Services Rockstar Games Social Club Security Update for 2007 Microsoft Office System (KB969559) Security Update for 2007 Microsoft Office System (KB976321) Security Update for 2007 Microsoft Office System (KB982312) Security Update for 2007 Microsoft Office System (KB982331) Security Update for Microsoft Office Access 2007 (KB979440) Security Update for Microsoft Office Excel 2007 (KB982308) Security Update for Microsoft Office InfoPath 2007 (KB979441) Security Update for Microsoft Office Outlook 2007 (KB980376) Security Update for Microsoft Office PowerPoint 2007 (KB982158) Security Update for Microsoft Office Publisher 2007 (KB982124) Security Update for Microsoft Office system 2007 (972581) Security Update for Microsoft Office system 2007 (KB969613) Security Update for Microsoft Office system 2007 (KB974234) Security Update for Microsoft Office Visio Viewer 2007 (KB973709) Security Update for Microsoft Office Word 2007 (KB982135) Skype Click to Call Skype™ 5.5 Steam System Requirements Lab Team Fortress 2 The Lord of the Rings FREE Trial Tom Clancy's Splinter Cell Conviction TVersity Codec Pack 1.4 TVersity Media Server 1.9.2 Ubisoft Game Launcher Update for 2007 Microsoft Office System (KB967642) Update for Microsoft Office OneNote 2007 (KB980729) Update for Outlook 2007 Junk Email Filter (kb2202131) VC80CRTRedist - 8.0.50727.762 VLC media player 1.1.4 Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Messenger Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack WinPcap 4.1.1 Wireshark 1.2.6 Yahoo! Messenger Yahoo! Software Update Yahoo! Toolbar . ==== Event Viewer Messages From Past Week ======== . 6/17/2012 3:48:23 PM, Error: Service Control Manager [7034] - The TVersityMediaServer service terminated unexpectedly. It has done this 1 time(s). 6/17/2012 3:43:36 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service. 6/17/2012 3:43:36 PM, Error: Service Control Manager [7000] - The AODDriver4.1 service failed to start due to the following error: The system cannot find the file specified. 6/17/2012 3:43:34 PM, Error: Service Control Manager [7000] - The NTPort Library Driver service failed to start due to the following error: This driver has been blocked from loading 6/17/2012 3:43:34 PM, Error: Application Popup [1060] - \SystemRoot\System32\drivers\zntport.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. 6/17/2012 3:43:33 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed. 6/17/2012 3:43:33 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed. 6/12/2012 9:10:12 PM, Error: Service Control Manager [7034] - The Hotspot Shield Routing Service service terminated unexpectedly. It has done this 1 time(s). 6/12/2012 9:10:10 PM, Error: Service Control Manager [7030] - The Hotspot Shield Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 6/10/2012 8:36:08 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running. 6/10/2012 8:36:08 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: An instance of the service is already running. 6/10/2012 8:35:08 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Application Experience service, but this action failed with the following error: An instance of the service is already running. 6/10/2012 8:34:08 PM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 6/10/2012 8:34:08 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 6/10/2012 8:34:08 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 6/10/2012 8:34:08 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 6/10/2012 8:34:08 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 6/10/2012 8:34:08 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 6/10/2012 8:34:08 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 6/10/2012 8:34:08 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 6/10/2012 8:34:08 PM, Error: Service Control Manager [7031] - The Secondary Logon service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 6/10/2012 8:34:08 PM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 6/10/2012 8:34:08 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 6/10/2012 8:34:08 PM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. 6/10/2012 8:34:08 PM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 6/10/2012 8:34:08 PM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 6/10/2012 8:34:05 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 6/10/2012 3:55:56 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem. 6/10/2012 2:09:37 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem. . ==== End Of File ===========================
- June 17, 2012
- 12 replies

Sign In

twistid

Posts

Joined

Last visited

Reputation

Ping.exe and Trojan.dropper.bcminer and redirecting internet

Ping.exe and Trojan.dropper.bcminer and redirecting internet

Ping.exe and Trojan.dropper.bcminer and redirecting internet

Ping.exe and Trojan.dropper.bcminer and redirecting internet

Ping.exe and Trojan.dropper.bcminer and redirecting internet

Ping.exe and Trojan.dropper.bcminer and redirecting internet

Ping.exe and Trojan.dropper.bcminer and redirecting internet

Ping.exe and Trojan.dropper.bcminer and redirecting internet

Ping.exe and Trojan.dropper.bcminer and redirecting internet

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information