HowDidThisGetHere
-
Posts
7 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by HowDidThisGetHere
-
-
Oh boy, it found tons of the same thing I thought was gone...
ESET Report:
C:\Qoobox\Quarantine\C\Users\Fable\AppData\Local\{edfe05c3-645f-9769-6f6f-9033e04473af}\n.vir Win32/Sirefef.EV trojan
C:\Qoobox\Quarantine\C\Users\Fable\AppData\Roaming\dmcexp.dll.vir a variant of Win32/Medfos.AM trojan
C:\Qoobox\Quarantine\C\Users\Fable\AppData\Roaming\uireap.dll.vir a variant of Win32/Medfos.AM trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{edfe05c3-645f-9769-6f6f-9033e04473af}\n.vir Win32/Sirefef.EV trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{edfe05c3-645f-9769-6f6f-9033e04473af}\U\80000000.@.vir a variant of Win32/Sirefef.FA trojan
C:\Qoobox\Quarantine\C\Windows\Installer\{edfe05c3-645f-9769-6f6f-9033e04473af}\U\80000032.@.vir a variant of Win32/Sirefef.FD trojan
C:\Qoobox\Quarantine\C\Windows\System32\services.exe.vir Win32/Sirefef.FC trojan
-
MBAM Report:
Malwarebytes Anti-Malware 1.61.0.1400
Database version: v2012.07.10.01
Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
Fable :: COMPUTRESS [administrator]
7/9/2012 10:15:24 PM
mbam-log-2012-07-09 (22-15-24).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 234881
Time elapsed: 2 minute(s), 23 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|beapl (Trojan.Agent) -> Data: rundll32.exe "C:\Users\Fable\AppData\Roaming\beapl.dll",CleanupGlobalTempFiles -> Quarantined and deleted successfully.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Users\Fable\AppData\Roaming\beapl.dll (Trojan.Agent) -> Quarantined and deleted successfully.
(end)
Hijackthis Report:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:27:06 PM, on 7/9/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16446)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
F:\Program Files\Razer\Razer TRON\RazerTRONSysTray.exe
F:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
F:\Skype\Phone\Skype.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Fable\Desktop\HijackThis.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\mspaint.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer, optimized for Bing and MSN
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - F:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Razer TRON Driver] F:\Program Files\Razer\Razer TRON\RazerTRONSysTray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "F:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [skype] "F:\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - F:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - F:\Skype\Updater\Updater.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
--
End of file - 4410 bytes
No new problems and MSE was reinstalled just fine. Again, everything seems to be ok but I want to be completely sure before I go and change all my passwords.
-
Here is the report:
ComboFix 12-07-08.02 - Fable 07/09/2012 18:33:16.2.8 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3063.2014 [GMT -4:00]
Running from: c:\users\Fable\Desktop\ComboFix.exe
Command switches used :: c:\users\Fable\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Fable\AppData\Roaming\dmcexp.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-06-09 to 2012-07-09 )))))))))))))))))))))))))))))))
.
.
2012-07-09 22:36 . 2012-07-09 22:36 -------- d-----w- c:\users\Fable\AppData\Local\temp
2012-07-09 22:36 . 2012-07-09 22:36 -------- d-----w- c:\users\Wait\AppData\Local\temp
2012-07-09 22:36 . 2012-07-09 22:36 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-07-09 22:36 . 2012-07-09 22:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-05 00:22 . 2012-07-05 00:22 -------- d-----w- c:\users\Fable\AppData\Roaming\Malwarebytes
2012-07-05 00:22 . 2012-07-05 00:22 -------- d-----w- c:\programdata\Malwarebytes
2012-07-05 00:22 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-04 23:45 . 2012-07-05 01:38 -------- d-----w- c:\users\Fable\AppData\Local\ElevatedDiagnostics
2012-07-04 22:42 . 2012-07-04 22:42 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-07-04 01:38 . 2012-07-04 01:38 -------- d-----w- c:\users\Fable\AppData\Roaming\fltk.org
2012-07-04 01:38 . 2012-07-04 01:38 -------- d-----w- c:\programdata\fltk.org
2012-07-03 21:28 . 2012-07-03 21:28 -------- d-----w- c:\users\Fable\AppData\Roaming\LoneSurvivor
2012-07-03 19:32 . 2012-05-12 15:59 713784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2231B3C5-0303-46D3-A73E-447FD132883D}\gapaengine.dll
2012-07-03 19:32 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{21450275-2649-4826-8028-5AEC25A6DAFD}\mpengine.dll
2012-07-02 02:55 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-23 18:09 . 2004-02-27 04:00 962612 ----a-w- c:\windows\system32\mfc42d.dll
2012-06-23 18:09 . 2004-02-17 04:00 434252 ----a-w- c:\windows\system32\MSVCRTD.DLL
2012-06-23 18:09 . 2012-06-23 18:09 -------- d-----w- c:\program files\ASUS
2012-06-23 18:09 . 2007-12-17 21:14 12400 ----a-w- c:\windows\system32\drivers\AsIO.sys
2012-06-23 18:09 . 2006-01-10 20:50 24576 ----a-w- c:\windows\system32\AsIO.dll
2012-06-23 18:07 . 2009-05-13 23:11 6504 ----a-w- c:\windows\system32\drivers\ASACPI.sys
2012-06-22 13:41 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-22 13:41 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-22 13:41 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 13:41 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-22 13:41 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-22 13:41 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-22 13:41 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-22 13:41 . 2012-06-02 19:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-22 13:41 . 2012-06-02 19:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-20 00:44 . 2012-06-20 00:44 -------- d-----w- c:\users\Fable\AppData\Roaming\e-academy Inc
2012-06-15 03:27 . 2012-06-15 03:27 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-06-14 22:45 . 2009-02-27 07:42 31640 ----a-w- c:\windows\system32\msonpmon.dll
2012-06-14 22:45 . 2006-10-26 23:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2012-06-14 22:45 . 2012-06-18 01:59 -------- d-----w- c:\program files\Microsoft Works
2012-06-14 22:44 . 2012-06-14 22:44 -------- d-----w- c:\windows\PCHEALTH
2012-06-14 22:43 . 2012-06-14 22:43 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2012-06-14 22:43 . 2012-06-27 23:58 -------- d-----w- c:\users\Fable\AppData\Local\Microsoft Help
2012-06-14 22:43 . 2012-06-19 02:34 -------- d-----w- c:\programdata\Microsoft Help
2012-06-13 23:57 . 2012-04-28 03:19 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 23:57 . 2012-04-07 11:34 2342400 ----a-w- c:\windows\system32\msi.dll
2012-06-13 23:57 . 2012-05-15 01:12 2342400 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 23:57 . 2012-04-26 04:48 57856 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 23:57 . 2012-04-26 04:48 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-13 23:57 . 2012-04-26 04:43 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-13 23:56 . 2012-05-02 04:52 163328 ----a-w- c:\windows\system32\profsvc.dll
2012-06-13 23:56 . 2012-04-24 04:47 139264 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 23:56 . 2012-04-24 04:47 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-13 23:56 . 2012-04-24 04:47 1156608 ----a-w- c:\windows\system32\crypt32.dll
2012-06-12 19:15 . 2012-05-12 15:59 713784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-20 18:47 . 2012-05-20 18:29 21840 ----atw- c:\windows\system32\SIntfNT.dll
2012-05-20 18:47 . 2012-05-20 18:29 17212 ----atw- c:\windows\system32\SIntf32.dll
2012-05-20 18:47 . 2012-05-20 18:29 12067 ----atw- c:\windows\system32\SIntf16.dll
2012-05-20 18:22 . 2012-05-20 18:22 94208 ----a-w- c:\windows\DIIUnin.exe
2012-05-20 18:22 . 2012-05-20 18:22 2829 ----a-w- c:\windows\DIIUnin.pif
2012-05-17 02:20 . 2012-05-13 05:27 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-17 02:20 . 2012-05-13 05:27 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-15 10:26 . 2012-05-22 14:43 5982528 ----a-w- c:\windows\system32\nvcuda.dll
2012-05-15 10:26 . 2012-05-22 14:43 2524992 ----a-w- c:\windows\system32\nvcuvid.dll
2012-05-15 10:26 . 2012-05-22 14:43 2445120 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-05-15 10:26 . 2012-05-22 14:43 19607872 ----a-w- c:\windows\system32\nvoglv32.dll
2012-05-15 10:26 . 2012-05-22 14:43 11354944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-05-15 10:26 . 2012-05-22 14:43 17551680 ----a-w- c:\windows\system32\nvcompiler.dll
2012-05-15 10:26 . 2012-05-15 01:47 883008 ----a-w- c:\windows\system32\nvgenco32.dll
2012-05-15 10:26 . 2012-05-15 01:47 61248 ----a-w- c:\windows\system32\OpenCL.dll
2012-05-15 10:26 . 2012-05-15 01:47 2368832 ----a-w- c:\windows\system32\nvapi.dll
2012-05-15 10:26 . 2012-05-15 01:47 1000768 ----a-w- c:\windows\system32\nvdispco32.dll
2012-05-15 10:26 . 2009-07-13 22:09 8105280 ----a-w- c:\windows\system32\nvwgf2um.dll
2012-05-15 10:26 . 2009-06-10 21:19 15322432 ----a-w- c:\windows\system32\nvd3dum.dll
2012-05-15 09:28 . 2012-05-15 01:48 645440 ----a-w- c:\windows\system32\nvvsvc.exe
2012-05-15 09:28 . 2012-05-15 01:48 62272 ----a-w- c:\windows\system32\nvshext.dll
2012-05-15 09:28 . 2012-05-15 01:48 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-05-15 09:28 . 2012-05-15 01:48 3931456 ----a-w- c:\windows\system32\nvcpl.dll
2012-05-15 09:27 . 2012-05-15 01:48 2759488 ----a-w- c:\windows\system32\nvsvc.dll
2012-05-15 06:21 . 2012-05-15 06:21 423744 ----a-w- c:\windows\system32\nvStreaming.exe
2012-05-12 15:59 . 2012-05-12 15:59 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-05-12 15:59 . 2012-05-12 15:59 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-05-12 15:59 . 2012-05-12 15:59 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-05-12 15:59 . 2012-05-12 15:59 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-05-12 15:59 . 2012-05-12 15:59 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-05-12 15:59 . 2012-05-12 15:59 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-05-12 15:59 . 2012-05-12 15:59 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-05-12 15:59 . 2012-05-12 15:59 367104 ----a-w- c:\windows\system32\html.iec
2012-05-12 15:59 . 2012-05-12 15:59 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-05-12 15:59 . 2012-05-12 15:59 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-12 15:59 . 2012-05-12 15:59 161792 ----a-w- c:\windows\system32\msls31.dll
2012-05-12 15:59 . 2012-05-12 15:59 152064 ----a-w- c:\windows\system32\wextract.exe
2012-05-12 15:59 . 2012-05-12 15:59 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-05-12 15:59 . 2012-05-12 15:59 11776 ----a-w- c:\windows\system32\mshta.exe
2012-05-12 15:59 . 2012-05-12 15:59 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-05-12 15:59 . 2012-05-12 15:59 101888 ----a-w- c:\windows\system32\admparse.dll
2012-05-12 15:59 . 2012-05-12 15:59 3181568 ----a-w- c:\windows\system32\mf.dll
2012-05-12 15:59 . 2012-05-12 15:59 196608 ----a-w- c:\windows\system32\mfreadwrite.dll
2012-05-12 15:59 . 2012-05-12 15:59 1619456 ----a-w- c:\windows\system32\WMVDECOD.DLL
2012-05-12 15:59 . 2012-05-12 15:59 1495040 ----a-w- c:\windows\system32\ExplorerFrame.dll
2012-05-12 15:59 . 2012-05-12 15:59 135168 ----a-w- c:\windows\system32\XpsRasterService.dll
2012-05-09 09:12 . 2012-05-20 17:21 121600 ----a-w- c:\windows\system32\drivers\WinisoCDBus.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="f:\skype\Phone\Skype.exe" [2012-06-05 17344176]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"Razer TRON Driver"="f:\program files\Razer\Razer TRON\RazerTRONSysTray.exe" [2011-02-25 958352]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"GrooveMonitor"="f:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [x]
R2 SkypeUpdate;Skype Updater;f:\skype\Updater\Updater.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RzSynapse;Razer Driver;c:\windows\system32\DRIVERS\RzSynapse.sys [x]
R3 skfiltv;skfiltv;c:\windows\system32\drivers\skfiltv.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S2 WinisoCDBus;WinISO Virtual CD Drive;c:\windows\system32\drivers\WinisoCDBus.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-876256292-3750786711-1594322207-1001Core.job
- c:\users\Fable\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-04 01:41]
.
2012-07-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-876256292-3750786711-1594322207-1001UA.job
- c:\users\Fable\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-04 01:41]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
IE: E&xport to Microsoft Excel - f:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-dmcexp - c:\users\Fable\AppData\Roaming\dmcexp.dll
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-07-09 18:37:10
ComboFix-quarantined-files.txt 2012-07-09 22:37
ComboFix2.txt 2012-07-07 16:49
.
Pre-Run: 9,392,979,968 bytes free
Post-Run: 9,519,136,768 bytes free
.
- - End Of File - - 1A006E2E2B72FB5DDC1496F4AB5CDCBF
It looks like everything is running ok, as in no more redirects, but Microsoft Security Essentialls is still disabled with error code 0x80070424. Those were the only two things that I noticed were going on so I can't really say about anything else.
-
Here is the TDSKiller:
23:59:38.0781 2572 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08
23:59:39.0171 2572 ============================================================
23:59:39.0171 2572 Current date / time: 2012/07/07 23:59:39.0171
23:59:39.0171 2572 SystemInfo:
23:59:39.0171 2572
23:59:39.0171 2572 OS Version: 6.1.7600 ServicePack: 0.0
23:59:39.0171 2572 Product type: Workstation
23:59:39.0171 2572 ComputerName: COMPUTRESS
23:59:39.0171 2572 UserName: Fable
23:59:39.0171 2572 Windows directory: C:\Windows
23:59:39.0171 2572 System windows directory: C:\Windows
23:59:39.0171 2572 Processor architecture: Intel x86
23:59:39.0171 2572 Number of processors: 8
23:59:39.0171 2572 Page size: 0x1000
23:59:39.0171 2572 Boot type: Normal boot
23:59:39.0171 2572 ============================================================
23:59:39.0467 2572 Drive \Device\Harddisk1\DR1 - Size: 0x7745D6000 (29.82 Gb), SectorSize: 0x200, Cylinders: 0xF34, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:59:39.0467 2572 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:59:39.0514 2572 ============================================================
23:59:39.0514 2572 \Device\Harddisk1\DR1:
23:59:39.0514 2572 MBR partitions:
23:59:39.0514 2572 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3BA1800
23:59:39.0514 2572 \Device\Harddisk0\DR0:
23:59:39.0514 2572 MBR partitions:
23:59:39.0514 2572 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
23:59:39.0514 2572 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3000
23:59:39.0514 2572 ============================================================
23:59:39.0514 2572 C: <-> \Device\Harddisk1\DR1\Partition0
23:59:39.0514 2572 E: <-> \Device\Harddisk0\DR0\Partition0
23:59:39.0514 2572 F: <-> \Device\Harddisk0\DR0\Partition1
23:59:39.0514 2572 ============================================================
23:59:39.0514 2572 Initialize success
23:59:39.0514 2572 ============================================================
23:59:51.0589 3736 ============================================================
23:59:51.0589 3736 Scan started
23:59:51.0589 3736 Mode: Manual;
23:59:51.0589 3736 ============================================================
23:59:51.0776 3736 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
23:59:51.0776 3736 1394ohci - ok
23:59:51.0791 3736 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
23:59:51.0791 3736 ACPI - ok
23:59:51.0791 3736 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
23:59:51.0791 3736 AcpiPmi - ok
23:59:51.0807 3736 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
23:59:51.0807 3736 AdobeARMservice - ok
23:59:51.0823 3736 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
23:59:51.0823 3736 adp94xx - ok
23:59:51.0823 3736 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
23:59:51.0838 3736 adpahci - ok
23:59:51.0838 3736 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
23:59:51.0838 3736 adpu320 - ok
23:59:51.0838 3736 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
23:59:51.0838 3736 AeLookupSvc - ok
23:59:51.0854 3736 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys
23:59:51.0854 3736 AFD - ok
23:59:51.0869 3736 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
23:59:51.0869 3736 agp440 - ok
23:59:51.0869 3736 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
23:59:51.0869 3736 aic78xx - ok
23:59:51.0869 3736 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
23:59:51.0869 3736 ALG - ok
23:59:51.0869 3736 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
23:59:51.0869 3736 aliide - ok
23:59:51.0885 3736 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
23:59:51.0885 3736 amdagp - ok
23:59:51.0885 3736 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
23:59:51.0885 3736 amdide - ok
23:59:51.0916 3736 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
23:59:51.0916 3736 AmdK8 - ok
23:59:51.0916 3736 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
23:59:51.0916 3736 AmdPPM - ok
23:59:51.0916 3736 amdsata (19ce906b4cdc11fc4fef5745f33a63b6) C:\Windows\system32\drivers\amdsata.sys
23:59:51.0916 3736 amdsata - ok
23:59:51.0932 3736 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
23:59:51.0932 3736 amdsbs - ok
23:59:51.0932 3736 amdxata (869e67d66be326a5a9159fba8746fa70) C:\Windows\system32\drivers\amdxata.sys
23:59:51.0932 3736 amdxata - ok
23:59:51.0932 3736 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
23:59:51.0932 3736 AppID - ok
23:59:51.0932 3736 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
23:59:51.0932 3736 AppIDSvc - ok
23:59:51.0947 3736 Appinfo (7dead9e3f65dcb2794f2711003bbf650) C:\Windows\System32\appinfo.dll
23:59:51.0947 3736 Appinfo - ok
23:59:51.0947 3736 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
23:59:51.0947 3736 AppMgmt - ok
23:59:51.0947 3736 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
23:59:51.0947 3736 arc - ok
23:59:51.0963 3736 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
23:59:51.0963 3736 arcsas - ok
23:59:51.0963 3736 AsIO (2b4e66fac6503494a2c6f32bb6ab3826) C:\Windows\system32\drivers\AsIO.sys
23:59:51.0963 3736 AsIO - ok
23:59:51.0963 3736 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
23:59:51.0963 3736 AsyncMac - ok
23:59:51.0963 3736 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
23:59:51.0963 3736 atapi - ok
23:59:51.0979 3736 AudioEndpointBuilder (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll
23:59:51.0979 3736 AudioEndpointBuilder - ok
23:59:51.0979 3736 Audiosrv (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll
23:59:51.0979 3736 Audiosrv - ok
23:59:51.0994 3736 AxInstSV (dd6a431b43e34b91a767d1ce33728175) C:\Windows\System32\AxInstSV.dll
23:59:51.0994 3736 AxInstSV - ok
23:59:51.0994 3736 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
23:59:52.0010 3736 b06bdrv - ok
23:59:52.0010 3736 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
23:59:52.0010 3736 b57nd60x - ok
23:59:52.0010 3736 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
23:59:52.0025 3736 BDESVC - ok
23:59:52.0025 3736 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
23:59:52.0025 3736 Beep - ok
23:59:52.0041 3736 BFE (85ac71c045ceb054ed48a7841aae0c11) C:\Windows\System32\bfe.dll
23:59:52.0041 3736 BFE - ok
23:59:52.0057 3736 BITS (53f476476f55a27f580661bde09c4ec4) C:\Windows\system32\qmgr.dll
23:59:52.0057 3736 BITS - ok
23:59:52.0057 3736 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
23:59:52.0057 3736 blbdrive - ok
23:59:52.0057 3736 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
23:59:52.0057 3736 bowser - ok
23:59:52.0057 3736 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:59:52.0072 3736 BrFiltLo - ok
23:59:52.0072 3736 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:59:52.0072 3736 BrFiltUp - ok
23:59:52.0072 3736 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
23:59:52.0072 3736 BridgeMP - ok
23:59:52.0072 3736 Browser (598e1280e7ff3744f4b8329366cc5635) C:\Windows\System32\browser.dll
23:59:52.0072 3736 Browser - ok
23:59:52.0088 3736 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
23:59:52.0088 3736 Brserid - ok
23:59:52.0088 3736 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
23:59:52.0088 3736 BrSerWdm - ok
23:59:52.0088 3736 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
23:59:52.0088 3736 BrUsbMdm - ok
23:59:52.0088 3736 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
23:59:52.0088 3736 BrUsbSer - ok
23:59:52.0103 3736 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
23:59:52.0103 3736 BTHMODEM - ok
23:59:52.0103 3736 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
23:59:52.0103 3736 bthserv - ok
23:59:52.0103 3736 catchme - ok
23:59:52.0103 3736 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
23:59:52.0103 3736 cdfs - ok
23:59:52.0119 3736 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
23:59:52.0119 3736 cdrom - ok
23:59:52.0119 3736 CertPropSvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll
23:59:52.0119 3736 CertPropSvc - ok
23:59:52.0119 3736 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
23:59:52.0119 3736 circlass - ok
23:59:52.0135 3736 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
23:59:52.0135 3736 CLFS - ok
23:59:52.0135 3736 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:59:52.0135 3736 clr_optimization_v2.0.50727_32 - ok
23:59:52.0150 3736 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:59:52.0150 3736 clr_optimization_v4.0.30319_32 - ok
23:59:52.0150 3736 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
23:59:52.0150 3736 CmBatt - ok
23:59:52.0150 3736 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
23:59:52.0150 3736 cmdide - ok
23:59:52.0166 3736 CNG (36c252e474b2ffa0f0fbbff20d92a640) C:\Windows\system32\Drivers\cng.sys
23:59:52.0166 3736 CNG - ok
23:59:52.0166 3736 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
23:59:52.0166 3736 Compbatt - ok
23:59:52.0166 3736 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
23:59:52.0166 3736 CompositeBus - ok
23:59:52.0166 3736 COMSysApp - ok
23:59:52.0181 3736 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
23:59:52.0181 3736 crcdisk - ok
23:59:52.0181 3736 CryptSvc (520a108a2657f4bca7fced9ca7d885de) C:\Windows\system32\cryptsvc.dll
23:59:52.0181 3736 CryptSvc - ok
23:59:52.0197 3736 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
23:59:52.0197 3736 CSC - ok
23:59:52.0213 3736 CscService (56fb5f222ea30d3d3fc459879772cb73) C:\Windows\System32\cscsvc.dll
23:59:52.0213 3736 CscService - ok
23:59:52.0228 3736 DcomLaunch (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll
23:59:52.0228 3736 DcomLaunch - ok
23:59:52.0228 3736 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
23:59:52.0228 3736 defragsvc - ok
23:59:52.0244 3736 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys
23:59:52.0244 3736 DfsC - ok
23:59:52.0244 3736 Dhcp (c56495fbd770712367cad35e5de72da6) C:\Windows\system32\dhcpcore.dll
23:59:52.0244 3736 Dhcp - ok
23:59:52.0259 3736 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
23:59:52.0259 3736 discache - ok
23:59:52.0259 3736 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
23:59:52.0259 3736 Disk - ok
23:59:52.0259 3736 Dnscache (b15be77a2bacf9c3177d27518afe26a9) C:\Windows\System32\dnsrslvr.dll
23:59:52.0259 3736 Dnscache - ok
23:59:52.0275 3736 dot3svc (4408c85c21eea48eb0ce486baeef0502) C:\Windows\System32\dot3svc.dll
23:59:52.0275 3736 dot3svc - ok
23:59:52.0275 3736 DPS (7fa81c6e11caa594adb52084da73a1e5) C:\Windows\system32\dps.dll
23:59:52.0275 3736 DPS - ok
23:59:52.0275 3736 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
23:59:52.0275 3736 drmkaud - ok
23:59:52.0291 3736 DXGKrnl (1679a4669326cb1a67cc95658d273234) C:\Windows\System32\drivers\dxgkrnl.sys
23:59:52.0306 3736 DXGKrnl - ok
23:59:52.0306 3736 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
23:59:52.0306 3736 EapHost - ok
23:59:52.0384 3736 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
23:59:52.0400 3736 ebdrv - ok
23:59:52.0415 3736 EFS (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\System32\lsass.exe
23:59:52.0415 3736 EFS - ok
23:59:52.0431 3736 ehRecvr (1697c39978cd69f6fbc15302edcece1f) C:\Windows\ehome\ehRecvr.exe
23:59:52.0447 3736 ehRecvr - ok
23:59:52.0447 3736 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
23:59:52.0447 3736 ehSched - ok
23:59:52.0462 3736 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
23:59:52.0462 3736 elxstor - ok
23:59:52.0462 3736 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
23:59:52.0462 3736 ErrDev - ok
23:59:52.0478 3736 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
23:59:52.0478 3736 EventSystem - ok
23:59:52.0478 3736 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
23:59:52.0478 3736 exfat - ok
23:59:52.0493 3736 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
23:59:52.0493 3736 fastfat - ok
23:59:52.0509 3736 Fax (f7ea23cc5e6bf2181f3f399d54f6efc1) C:\Windows\system32\fxssvc.exe
23:59:52.0509 3736 Fax - ok
23:59:52.0509 3736 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
23:59:52.0509 3736 fdc - ok
23:59:52.0509 3736 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
23:59:52.0509 3736 fdPHost - ok
23:59:52.0509 3736 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
23:59:52.0509 3736 FDResPub - ok
23:59:52.0525 3736 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
23:59:52.0525 3736 FileInfo - ok
23:59:52.0525 3736 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
23:59:52.0525 3736 Filetrace - ok
23:59:52.0525 3736 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
23:59:52.0525 3736 flpydisk - ok
23:59:52.0525 3736 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
23:59:52.0525 3736 FltMgr - ok
23:59:52.0556 3736 FontCache (7fe4995528a7529a761875151ee3d512) C:\Windows\system32\FntCache.dll
23:59:52.0556 3736 FontCache - ok
23:59:52.0556 3736 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
23:59:52.0556 3736 FontCache3.0.0.0 - ok
23:59:52.0571 3736 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
23:59:52.0571 3736 FsDepends - ok
23:59:52.0571 3736 Fs_Rec (500a9814fd9446a8126858a5a7f7d273) C:\Windows\system32\drivers\Fs_Rec.sys
23:59:52.0571 3736 Fs_Rec - ok
23:59:52.0571 3736 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
23:59:52.0571 3736 fvevol - ok
23:59:52.0587 3736 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
23:59:52.0587 3736 gagp30kx - ok
23:59:52.0603 3736 gpsvc (8ba3c04702bf8f927ab36ae8313ca4ee) C:\Windows\System32\gpsvc.dll
23:59:52.0603 3736 gpsvc - ok
23:59:52.0603 3736 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
23:59:52.0603 3736 hcw85cir - ok
23:59:52.0618 3736 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
23:59:52.0618 3736 HdAudAddService - ok
23:59:52.0618 3736 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
23:59:52.0618 3736 HDAudBus - ok
23:59:52.0618 3736 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
23:59:52.0618 3736 HidBatt - ok
23:59:52.0634 3736 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
23:59:52.0634 3736 HidBth - ok
23:59:52.0634 3736 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
23:59:52.0634 3736 HidIr - ok
23:59:52.0634 3736 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
23:59:52.0634 3736 hidserv - ok
23:59:52.0634 3736 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
23:59:52.0634 3736 HidUsb - ok
23:59:52.0649 3736 hkmsvc (741c2a45ca8407e374aaba3e330b7872) C:\Windows\system32\kmsvc.dll
23:59:52.0649 3736 hkmsvc - ok
23:59:52.0649 3736 HomeGroupListener (a768ca158bb06782a2835b907f4873c3) C:\Windows\system32\ListSvc.dll
23:59:52.0649 3736 HomeGroupListener - ok
23:59:52.0665 3736 HomeGroupProvider (fb08dec5ef43d0c66d83b8e9694e7549) C:\Windows\system32\provsvc.dll
23:59:52.0665 3736 HomeGroupProvider - ok
23:59:52.0665 3736 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
23:59:52.0665 3736 HpSAMD - ok
23:59:52.0681 3736 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
23:59:52.0681 3736 HTTP - ok
23:59:52.0681 3736 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
23:59:52.0681 3736 hwpolicy - ok
23:59:52.0696 3736 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
23:59:52.0696 3736 i8042prt - ok
23:59:52.0696 3736 iaStorV (71f1a494fedf4b33c02c4a6a28d6d9e9) C:\Windows\system32\drivers\iaStorV.sys
23:59:52.0696 3736 iaStorV - ok
23:59:52.0727 3736 idsvc (5af815eb5bc9802e5a064e2ba62bfc0c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:59:52.0727 3736 idsvc - ok
23:59:52.0727 3736 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
23:59:52.0727 3736 iirsp - ok
23:59:52.0759 3736 IKEEXT (fac0ee6562b121b1399d6e855583f7a5) C:\Windows\System32\ikeext.dll
23:59:52.0759 3736 IKEEXT - ok
23:59:52.0759 3736 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
23:59:52.0759 3736 intelide - ok
23:59:52.0759 3736 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
23:59:52.0774 3736 intelppm - ok
23:59:52.0774 3736 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
23:59:52.0774 3736 IPBusEnum - ok
23:59:52.0774 3736 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:59:52.0774 3736 IpFilterDriver - ok
23:59:52.0790 3736 iphlpsvc (477397b432a256a50ee7e4339eb9ea14) C:\Windows\System32\iphlpsvc.dll
23:59:52.0790 3736 iphlpsvc - ok
23:59:52.0790 3736 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
23:59:52.0790 3736 IPMIDRV - ok
23:59:52.0805 3736 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
23:59:52.0805 3736 IPNAT - ok
23:59:52.0805 3736 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
23:59:52.0805 3736 IRENUM - ok
23:59:52.0805 3736 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
23:59:52.0805 3736 isapnp - ok
23:59:52.0821 3736 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
23:59:52.0821 3736 iScsiPrt - ok
23:59:52.0821 3736 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
23:59:52.0821 3736 kbdclass - ok
23:59:52.0821 3736 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
23:59:52.0821 3736 kbdhid - ok
23:59:52.0821 3736 KeyIso (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
23:59:52.0821 3736 KeyIso - ok
23:59:52.0837 3736 KSecDD (0263364acb9c834ace52fb85c2c064ec) C:\Windows\system32\Drivers\ksecdd.sys
23:59:52.0837 3736 KSecDD - ok
23:59:52.0837 3736 KSecPkg (27391db553be2a4e2b0adeea2873b2af) C:\Windows\system32\Drivers\ksecpkg.sys
23:59:52.0837 3736 KSecPkg - ok
23:59:52.0852 3736 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
23:59:52.0868 3736 KtmRm - ok
23:59:52.0899 3736 LanmanServer (8f6bf790d3168224c16f2af68a84438c) C:\Windows\System32\srvsvc.dll
23:59:52.0899 3736 LanmanServer - ok
23:59:52.0899 3736 LanmanWorkstation (b9891f885dcf1f0513a51cb58493cb1f) C:\Windows\System32\wkssvc.dll
23:59:52.0915 3736 LanmanWorkstation - ok
23:59:52.0915 3736 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
23:59:52.0915 3736 lltdio - ok
23:59:53.0086 3736 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
23:59:53.0102 3736 lltdsvc - ok
23:59:53.0102 3736 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
23:59:53.0102 3736 lmhosts - ok
23:59:53.0117 3736 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
23:59:53.0117 3736 LSI_FC - ok
23:59:53.0117 3736 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
23:59:53.0117 3736 LSI_SAS - ok
23:59:53.0117 3736 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:59:53.0117 3736 LSI_SAS2 - ok
23:59:53.0133 3736 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:59:53.0133 3736 LSI_SCSI - ok
23:59:53.0133 3736 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
23:59:53.0133 3736 luafv - ok
23:59:53.0133 3736 LVRS (ed643e777ba3f7151ef3f0fb6be4f7f0) C:\Windows\system32\DRIVERS\lvrs.sys
23:59:53.0149 3736 LVRS - ok
23:59:53.0336 3736 LVUVC (5bc80451109a8dd7f2ddd35bce2929a3) C:\Windows\system32\DRIVERS\lvuvc.sys
23:59:53.0351 3736 LVUVC - ok
23:59:53.0383 3736 Mcx2Svc (e2b0887816ed336685954e3d8fdaa51d) C:\Windows\system32\Mcx2Svc.dll
23:59:53.0383 3736 Mcx2Svc - ok
23:59:53.0383 3736 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
23:59:53.0383 3736 megasas - ok
23:59:53.0383 3736 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
23:59:53.0398 3736 MegaSR - ok
23:59:53.0398 3736 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) F:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
23:59:53.0398 3736 Microsoft Office Groove Audit Service - ok
23:59:53.0398 3736 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
23:59:53.0398 3736 MMCSS - ok
23:59:53.0398 3736 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
23:59:53.0398 3736 Modem - ok
23:59:53.0414 3736 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
23:59:53.0414 3736 monitor - ok
23:59:53.0414 3736 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
23:59:53.0414 3736 mouclass - ok
23:59:53.0414 3736 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
23:59:53.0414 3736 mouhid - ok
23:59:53.0414 3736 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
23:59:53.0414 3736 mountmgr - ok
23:59:53.0429 3736 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\Windows\system32\DRIVERS\MpFilter.sys
23:59:53.0429 3736 MpFilter - ok
23:59:53.0429 3736 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
23:59:53.0429 3736 mpio - ok
23:59:53.0429 3736 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
23:59:53.0429 3736 mpsdrv - ok
23:59:53.0461 3736 MpsSvc (5cd996cecf45cbc3e8d109c86b82d69e) C:\Windows\system32\mpssvc.dll
23:59:53.0461 3736 MpsSvc - ok
23:59:53.0476 3736 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
23:59:53.0476 3736 MRxDAV - ok
23:59:53.0492 3736 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:59:53.0492 3736 mrxsmb - ok
23:59:53.0523 3736 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:59:53.0523 3736 mrxsmb10 - ok
23:59:53.0523 3736 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:59:53.0523 3736 mrxsmb20 - ok
23:59:53.0539 3736 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
23:59:53.0539 3736 msahci - ok
23:59:53.0554 3736 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
23:59:53.0554 3736 msdsm - ok
23:59:53.0570 3736 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
23:59:53.0570 3736 MSDTC - ok
23:59:53.0585 3736 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
23:59:53.0585 3736 Msfs - ok
23:59:53.0585 3736 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
23:59:53.0585 3736 mshidkmdf - ok
23:59:53.0585 3736 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
23:59:53.0585 3736 msisadrv - ok
23:59:53.0601 3736 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
23:59:53.0601 3736 MSiSCSI - ok
23:59:53.0601 3736 msiserver - ok
23:59:53.0601 3736 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
23:59:53.0601 3736 MSKSSRV - ok
23:59:53.0617 3736 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
23:59:53.0617 3736 MSPCLOCK - ok
23:59:53.0617 3736 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
23:59:53.0617 3736 MSPQM - ok
23:59:53.0632 3736 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
23:59:53.0632 3736 MsRPC - ok
23:59:53.0632 3736 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
23:59:53.0632 3736 mssmbios - ok
23:59:53.0632 3736 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
23:59:53.0632 3736 MSTEE - ok
23:59:53.0648 3736 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
23:59:53.0648 3736 MTConfig - ok
23:59:53.0648 3736 MTsensor (0f24624106d8042e7f27882d9d6ff5c0) C:\Windows\system32\DRIVERS\ASACPI.sys
23:59:53.0648 3736 MTsensor - ok
23:59:53.0648 3736 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
23:59:53.0648 3736 Mup - ok
23:59:53.0695 3736 napagent (80284f1985c70c86f0b5f86da2dfe1df) C:\Windows\system32\qagentRT.dll
23:59:53.0695 3736 napagent - ok
23:59:53.0726 3736 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
23:59:53.0726 3736 NativeWifiP - ok
23:59:53.0804 3736 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
23:59:53.0819 3736 NDIS - ok
23:59:53.0819 3736 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
23:59:53.0819 3736 NdisCap - ok
23:59:53.0819 3736 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
23:59:53.0819 3736 NdisTapi - ok
23:59:53.0835 3736 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
23:59:53.0835 3736 Ndisuio - ok
23:59:53.0851 3736 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
23:59:53.0851 3736 NdisWan - ok
23:59:53.0851 3736 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
23:59:53.0851 3736 NDProxy - ok
23:59:53.0866 3736 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
23:59:53.0866 3736 NetBIOS - ok
23:59:53.0882 3736 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
23:59:53.0882 3736 NetBT - ok
23:59:53.0897 3736 Netlogon (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
23:59:53.0897 3736 Netlogon - ok
23:59:53.0929 3736 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
23:59:53.0929 3736 Netman - ok
23:59:53.0960 3736 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
23:59:53.0975 3736 netprofm - ok
23:59:53.0991 3736 NetTcpPortSharing (fe2aa5a684b0dd9b1fae57b7817c198b) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:59:53.0991 3736 NetTcpPortSharing - ok
23:59:53.0991 3736 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
23:59:53.0991 3736 nfrd960 - ok
23:59:54.0007 3736 NisDrv (b52f26bade7d7e4a79706e3fd91834cd) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
23:59:54.0007 3736 NisDrv - ok
23:59:54.0038 3736 NisSrv (290c0d4c4889398797f8df3be00b9698) c:\Program Files\Microsoft Security Client\NisSrv.exe
23:59:54.0038 3736 NisSrv - ok
23:59:54.0053 3736 NlaSvc (2226496e34bd40734946a054b1cd657f) C:\Windows\System32\nlasvc.dll
23:59:54.0053 3736 NlaSvc - ok
23:59:54.0053 3736 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
23:59:54.0053 3736 Npfs - ok
23:59:54.0053 3736 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
23:59:54.0053 3736 nsi - ok
23:59:54.0069 3736 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
23:59:54.0069 3736 nsiproxy - ok
23:59:54.0209 3736 Ntfs (187002ce05693c306f43c873f821381f) C:\Windows\system32\drivers\Ntfs.sys
23:59:54.0209 3736 Ntfs - ok
23:59:54.0209 3736 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
23:59:54.0209 3736 Null - ok
23:59:54.0880 3736 nvlddmkm (afb33a823aabc112fc7bd62afbcdb0cd) C:\Windows\system32\DRIVERS\nvlddmkm.sys
23:59:54.0927 3736 nvlddmkm - ok
23:59:54.0974 3736 nvraid (f1b0bed906f97e16f6d0c3629d2f21c6) C:\Windows\system32\drivers\nvraid.sys
23:59:54.0974 3736 nvraid - ok
23:59:54.0974 3736 nvstor (4520b63899e867f354ee012d34e11536) C:\Windows\system32\drivers\nvstor.sys
23:59:54.0974 3736 nvstor - ok
23:59:54.0989 3736 nvsvc (782945716ad010ac3d41758e8e52c735) C:\Windows\system32\nvvsvc.exe
23:59:55.0005 3736 nvsvc - ok
23:59:55.0036 3736 nvUpdatusService (a974e5c310b9b00894070ceb055d467f) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
23:59:55.0036 3736 nvUpdatusService - ok
23:59:55.0052 3736 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
23:59:55.0052 3736 nv_agp - ok
23:59:55.0067 3736 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
23:59:55.0067 3736 odserv - ok
23:59:55.0083 3736 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
23:59:55.0083 3736 ohci1394 - ok
23:59:55.0083 3736 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:59:55.0083 3736 ose - ok
23:59:55.0099 3736 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
23:59:55.0099 3736 p2pimsvc - ok
23:59:55.0099 3736 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
23:59:55.0114 3736 p2psvc - ok
23:59:55.0114 3736 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
23:59:55.0114 3736 Parport - ok
23:59:55.0114 3736 partmgr (66d3415c159741ade7038a277efff99f) C:\Windows\system32\drivers\partmgr.sys
23:59:55.0114 3736 partmgr - ok
23:59:55.0114 3736 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
23:59:55.0114 3736 Parvdm - ok
23:59:55.0130 3736 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
23:59:55.0130 3736 PcaSvc - ok
23:59:55.0130 3736 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
23:59:55.0130 3736 pci - ok
23:59:55.0130 3736 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
23:59:55.0130 3736 pciide - ok
23:59:55.0145 3736 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
23:59:55.0145 3736 pcmcia - ok
23:59:55.0145 3736 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
23:59:55.0145 3736 pcw - ok
23:59:55.0161 3736 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
23:59:55.0161 3736 PEAUTH - ok
23:59:55.0192 3736 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
23:59:55.0192 3736 PeerDistSvc - ok
23:59:55.0239 3736 pla (9c1bff7910c89a1d12e57343475840cb) C:\Windows\system32\pla.dll
23:59:55.0239 3736 pla - ok
23:59:55.0270 3736 PlugPlay (71def5ec79774c798342d0ea16e41780) C:\Windows\system32\umpnpmgr.dll
23:59:55.0270 3736 PlugPlay - ok
23:59:55.0270 3736 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
23:59:55.0270 3736 PNRPAutoReg - ok
23:59:55.0286 3736 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
23:59:55.0286 3736 PNRPsvc - ok
23:59:55.0286 3736 PolicyAgent (48e1b75c6dc0232fd92baae4bd344721) C:\Windows\System32\ipsecsvc.dll
23:59:55.0301 3736 PolicyAgent - ok
23:59:55.0301 3736 Power (dbff83f709a91049621c1d35dd45c92c) C:\Windows\system32\umpo.dll
23:59:55.0301 3736 Power - ok
23:59:55.0301 3736 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
23:59:55.0301 3736 PptpMiniport - ok
23:59:55.0317 3736 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
23:59:55.0317 3736 Processor - ok
23:59:55.0317 3736 ProfSvc (aea3bdbdba667aa6f678cb38907e4f5e) C:\Windows\system32\profsvc.dll
23:59:55.0317 3736 ProfSvc - ok
23:59:55.0317 3736 ProtectedStorage (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
23:59:55.0317 3736 ProtectedStorage - ok
23:59:55.0333 3736 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
23:59:55.0333 3736 Psched - ok
23:59:55.0364 3736 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
23:59:55.0379 3736 ql2300 - ok
23:59:55.0395 3736 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
23:59:55.0395 3736 ql40xx - ok
23:59:55.0395 3736 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
23:59:55.0411 3736 QWAVE - ok
23:59:55.0411 3736 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
23:59:55.0411 3736 QWAVEdrv - ok
23:59:55.0411 3736 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
23:59:55.0411 3736 RasAcd - ok
23:59:55.0411 3736 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
23:59:55.0411 3736 RasAgileVpn - ok
23:59:55.0411 3736 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
23:59:55.0426 3736 RasAuto - ok
23:59:55.0426 3736 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:59:55.0426 3736 Rasl2tp - ok
23:59:55.0426 3736 RasMan (0ce66ec736b7fc526d78f7624c7d2a94) C:\Windows\System32\rasmans.dll
23:59:55.0442 3736 RasMan - ok
23:59:55.0442 3736 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
23:59:55.0442 3736 RasPppoe - ok
23:59:55.0442 3736 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
23:59:55.0442 3736 RasSstp - ok
23:59:55.0457 3736 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
23:59:55.0457 3736 rdbss - ok
23:59:55.0457 3736 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
23:59:55.0457 3736 rdpbus - ok
23:59:55.0457 3736 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:59:55.0457 3736 RDPCDD - ok
23:59:55.0457 3736 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
23:59:55.0473 3736 RDPDR - ok
23:59:55.0473 3736 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
23:59:55.0473 3736 RDPENCDD - ok
23:59:55.0473 3736 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
23:59:55.0473 3736 RDPREFMP - ok
23:59:55.0473 3736 RDPWD (c5b8d47a4688de9d335204ea757c2240) C:\Windows\system32\drivers\RDPWD.sys
23:59:55.0473 3736 RDPWD - ok
23:59:55.0489 3736 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
23:59:55.0489 3736 rdyboost - ok
23:59:55.0489 3736 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
23:59:55.0489 3736 RemoteAccess - ok
23:59:55.0504 3736 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
23:59:55.0504 3736 RemoteRegistry - ok
23:59:55.0504 3736 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
23:59:55.0504 3736 RpcEptMapper - ok
23:59:55.0504 3736 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
23:59:55.0504 3736 RpcLocator - ok
23:59:55.0520 3736 RpcSs (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll
23:59:55.0520 3736 RpcSs - ok
23:59:55.0520 3736 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
23:59:55.0520 3736 rspndr - ok
23:59:55.0535 3736 RzSynapse (f6fcb0021680c2e91f2432a1b50703fc) C:\Windows\system32\DRIVERS\RzSynapse.sys
23:59:55.0535 3736 RzSynapse - ok
23:59:55.0535 3736 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
23:59:55.0535 3736 s3cap - ok
23:59:55.0535 3736 SamSs (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
23:59:55.0535 3736 SamSs - ok
23:59:55.0535 3736 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
23:59:55.0535 3736 sbp2port - ok
23:59:55.0551 3736 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
23:59:55.0551 3736 SCardSvr - ok
23:59:55.0551 3736 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
23:59:55.0551 3736 scfilter - ok
23:59:55.0567 3736 Schedule (df1e5c82e4d09cf8105cc644980c4803) C:\Windows\system32\schedsvc.dll
23:59:55.0567 3736 Schedule - ok
23:59:55.0582 3736 SCPolicySvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll
23:59:55.0582 3736 SCPolicySvc - ok
23:59:55.0582 3736 SDRSVC (5fd90abdbfaee85986802622cbb03446) C:\Windows\System32\SDRSVC.dll
23:59:55.0582 3736 SDRSVC - ok
23:59:55.0582 3736 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
23:59:55.0582 3736 secdrv - ok
23:59:55.0598 3736 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
23:59:55.0598 3736 seclogon - ok
23:59:55.0598 3736 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
23:59:55.0598 3736 SENS - ok
23:59:55.0598 3736 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
23:59:55.0598 3736 SensrSvc - ok
23:59:55.0598 3736 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
23:59:55.0598 3736 Serenum - ok
23:59:55.0613 3736 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
23:59:55.0613 3736 Serial - ok
23:59:55.0613 3736 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
23:59:55.0613 3736 sermouse - ok
23:59:55.0629 3736 SessionEnv (8f55ce568c543d5adf45c409d16718fc) C:\Windows\system32\sessenv.dll
23:59:55.0629 3736 SessionEnv - ok
23:59:55.0629 3736 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
23:59:55.0629 3736 sffdisk - ok
23:59:55.0629 3736 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
23:59:55.0629 3736 sffp_mmc - ok
23:59:55.0629 3736 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
23:59:55.0629 3736 sffp_sd - ok
23:59:55.0645 3736 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
23:59:55.0645 3736 sfloppy - ok
23:59:55.0645 3736 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
23:59:55.0660 3736 SharedAccess - ok
23:59:55.0660 3736 ShellHWDetection (cd2e48fa5b29ee2b3b5858056d246ef2) C:\Windows\System32\shsvcs.dll
23:59:55.0660 3736 ShellHWDetection - ok
23:59:55.0676 3736 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
23:59:55.0676 3736 sisagp - ok
23:59:55.0676 3736 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:59:55.0676 3736 SiSRaid2 - ok
23:59:55.0676 3736 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
23:59:55.0676 3736 SiSRaid4 - ok
23:59:55.0676 3736 skfiltv (a48b5af8e18e4765acdec5bbb8343f84) C:\Windows\system32\drivers\skfiltv.sys
23:59:55.0676 3736 skfiltv - ok
23:59:55.0691 3736 SkypeUpdate (c70aebd3608ed9fcea2a1bae83567ffc) F:\Skype\Updater\Updater.exe
23:59:55.0691 3736 SkypeUpdate - ok
23:59:55.0691 3736 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
23:59:55.0691 3736 Smb - ok
23:59:55.0707 3736 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
23:59:55.0707 3736 SNMPTRAP - ok
23:59:55.0707 3736 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
23:59:55.0707 3736 spldr - ok
23:59:55.0707 3736 Spooler (d1bb750eb51694de183e08b9c33be5b2) C:\Windows\System32\spoolsv.exe
23:59:55.0723 3736 Spooler - ok
23:59:55.0801 3736 sppsvc (4c287f9069fedbd791178876ee9de536) C:\Windows\system32\sppsvc.exe
23:59:55.0816 3736 sppsvc - ok
23:59:55.0847 3736 sppuinotify (d8e3e19eebdab49dd4a8d3062ead4ec7) C:\Windows\system32\sppuinotify.dll
23:59:55.0847 3736 sppuinotify - ok
23:59:55.0863 3736 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys
23:59:55.0863 3736 srv - ok
23:59:55.0863 3736 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys
23:59:55.0879 3736 srv2 - ok
23:59:55.0879 3736 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys
23:59:55.0879 3736 srvnet - ok
23:59:55.0879 3736 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
23:59:55.0879 3736 SSDPSRV - ok
23:59:55.0894 3736 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
23:59:55.0894 3736 SstpSvc - ok
23:59:55.0894 3736 Steam Client Service - ok
23:59:55.0910 3736 Stereo Service (c354621b6b94e10ae7f5cdbe745feb86) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
23:59:55.0910 3736 Stereo Service - ok
23:59:55.0910 3736 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
23:59:55.0910 3736 stexstor - ok
23:59:55.0925 3736 StiSvc (a22825e7bb7018e8af3e229a5af17221) C:\Windows\System32\wiaservc.dll
23:59:55.0925 3736 StiSvc - ok
23:59:55.0925 3736 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
23:59:55.0941 3736 storflt - ok
23:59:55.0941 3736 StorSvc (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll
23:59:55.0941 3736 StorSvc - ok
23:59:55.0941 3736 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
23:59:55.0941 3736 storvsc - ok
23:59:55.0941 3736 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
23:59:55.0941 3736 swenum - ok
23:59:55.0957 3736 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
23:59:55.0957 3736 swprv - ok
23:59:55.0988 3736 SysMain (04105c8da62353589c29bdaeb8d88bd8) C:\Windows\system32\sysmain.dll
23:59:55.0988 3736 SysMain - ok
23:59:55.0988 3736 TabletInputService (fcfb6c552fbc0da299799cbd50ad9fd4) C:\Windows\System32\TabSvc.dll
23:59:55.0988 3736 TabletInputService - ok
23:59:56.0003 3736 TapiSrv (2f46b0c70a4adc8c90cf825da3b4feaf) C:\Windows\System32\tapisrv.dll
23:59:56.0003 3736 TapiSrv - ok
23:59:56.0003 3736 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
23:59:56.0003 3736 TBS - ok
23:59:56.0050 3736 Tcpip (55e9965552741f3850cb22cbba9671ed) C:\Windows\system32\drivers\tcpip.sys
23:59:56.0050 3736 Tcpip - ok
23:59:56.0066 3736 TCPIP6 (55e9965552741f3850cb22cbba9671ed) C:\Windows\system32\DRIVERS\tcpip.sys
23:59:56.0066 3736 TCPIP6 - ok
23:59:56.0066 3736 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
23:59:56.0066 3736 tcpipreg - ok
23:59:56.0081 3736 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
23:59:56.0081 3736 TDPIPE - ok
23:59:56.0081 3736 TDTCP (7156308896d34ea75a582f9a09e50c17) C:\Windows\system32\drivers\tdtcp.sys
23:59:56.0081 3736 TDTCP - ok
23:59:56.0081 3736 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
23:59:56.0081 3736 tdx - ok
23:59:56.0081 3736 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
23:59:56.0081 3736 TermDD - ok
23:59:56.0097 3736 TermService (a01e50a04d7b1960b33e92b9080e6a94) C:\Windows\System32\termsrv.dll
23:59:56.0097 3736 TermService - ok
23:59:56.0113 3736 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
23:59:56.0113 3736 Themes - ok
23:59:56.0113 3736 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
23:59:56.0113 3736 THREADORDER - ok
23:59:56.0113 3736 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
23:59:56.0113 3736 TrkWks - ok
23:59:56.0128 3736 TrustedInstaller (41a4c781d2286208d397d72099304133) C:\Windows\servicing\TrustedInstaller.exe
23:59:56.0128 3736 TrustedInstaller - ok
23:59:56.0128 3736 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:59:56.0128 3736 tssecsrv - ok
23:59:56.0128 3736 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
23:59:56.0128 3736 tunnel - ok
23:59:56.0144 3736 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
23:59:56.0144 3736 uagp35 - ok
23:59:56.0144 3736 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
23:59:56.0144 3736 udfs - ok
23:59:56.0144 3736 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
23:59:56.0159 3736 UI0Detect - ok
23:59:56.0159 3736 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
23:59:56.0159 3736 uliagpkx - ok
23:59:56.0159 3736 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
23:59:56.0159 3736 umbus - ok
23:59:56.0159 3736 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
23:59:56.0159 3736 UmPass - ok
23:59:56.0175 3736 UmRdpService (8ecaca5454844f66386f7be4ae0d7cd1) C:\Windows\System32\umrdp.dll
23:59:56.0175 3736 UmRdpService - ok
23:59:56.0175 3736 UMVPFSrv (67a95b9d129ed5399e7965cd09cf30e7) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
23:59:56.0191 3736 UMVPFSrv - ok
23:59:56.0191 3736 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
23:59:56.0191 3736 upnphost - ok
23:59:56.0206 3736 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys
23:59:56.0206 3736 usbaudio - ok
23:59:56.0206 3736 usbccgp (c31ae588e403042632dc796cf09e30b0) C:\Windows\system32\DRIVERS\usbccgp.sys
23:59:56.0206 3736 usbccgp - ok
23:59:56.0206 3736 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
23:59:56.0206 3736 usbcir - ok
23:59:56.0206 3736 usbehci (e4c436d914768ce965d5e659ba7eebd8) C:\Windows\system32\DRIVERS\usbehci.sys
23:59:56.0206 3736 usbehci - ok
23:59:56.0222 3736 usbhub (bdcd7156ec37448f08633fd899823620) C:\Windows\system32\DRIVERS\usbhub.sys
23:59:56.0222 3736 usbhub - ok
23:59:56.0222 3736 usbohci (eb2d819a639015253c871cda09d91d58) C:\Windows\system32\drivers\usbohci.sys
23:59:56.0222 3736 usbohci - ok
23:59:56.0222 3736 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
23:59:56.0222 3736 usbprint - ok
23:59:56.0237 3736 USBSTOR (1c4287739a93594e57e2a9e6a3ed7353) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:59:56.0237 3736 USBSTOR - ok
23:59:56.0237 3736 usbuhci (22480bf4e5a09192e5e30ba4dde79fa4) C:\Windows\system32\DRIVERS\usbuhci.sys
23:59:56.0237 3736 usbuhci - ok
23:59:56.0237 3736 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
23:59:56.0237 3736 UxSms - ok
23:59:56.0237 3736 VaultSvc (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
23:59:56.0237 3736 VaultSvc - ok
23:59:56.0237 3736 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
23:59:56.0237 3736 vdrvroot - ok
23:59:56.0253 3736 vds (8c4e7c49d3641bc9e299e466a7f8867d) C:\Windows\System32\vds.exe
23:59:56.0253 3736 vds - ok
23:59:56.0269 3736 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
23:59:56.0269 3736 vga - ok
23:59:56.0269 3736 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
23:59:56.0269 3736 VgaSave - ok
23:59:56.0269 3736 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
23:59:56.0269 3736 vhdmp - ok
23:59:56.0269 3736 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
23:59:56.0284 3736 viaagp - ok
23:59:56.0284 3736 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
23:59:56.0284 3736 ViaC7 - ok
23:59:56.0284 3736 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
23:59:56.0284 3736 viaide - ok
23:59:56.0284 3736 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
23:59:56.0284 3736 vmbus - ok
23:59:56.0284 3736 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
23:59:56.0284 3736 VMBusHID - ok
23:59:56.0300 3736 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
23:59:56.0300 3736 volmgr - ok
23:59:56.0300 3736 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
23:59:56.0300 3736 volmgrx - ok
23:59:56.0315 3736 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
23:59:56.0315 3736 volsnap - ok
23:59:56.0315 3736 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
23:59:56.0315 3736 vsmraid - ok
23:59:56.0347 3736 VSS (7ea2bcd94d9cfaf4c556f5cc94532a6c) C:\Windows\system32\vssvc.exe
23:59:56.0347 3736 VSS - ok
23:59:56.0362 3736 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
23:59:56.0362 3736 vwifibus - ok
23:59:56.0362 3736 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
23:59:56.0362 3736 W32Time - ok
23:59:56.0378 3736 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
23:59:56.0378 3736 WacomPen - ok
23:59:56.0378 3736 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
23:59:56.0378 3736 WANARP - ok
23:59:56.0378 3736 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
23:59:56.0378 3736 Wanarpv6 - ok
23:59:56.0409 3736 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
23:59:56.0425 3736 WatAdminSvc - ok
23:59:56.0456 3736 wbengine (7790b77fe1e5ee47dcc66247095bb4c9) C:\Windows\system32\wbengine.exe
23:59:56.0456 3736 wbengine - ok
23:59:56.0471 3736 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
23:59:56.0471 3736 WbioSrvc - ok
23:59:56.0487 3736 wcncsvc (6d9b75275c3e3a5f51aef81affadb2b6) C:\Windows\System32\wcncsvc.dll
23:59:56.0487 3736 wcncsvc - ok
23:59:56.0487 3736 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
23:59:56.0487 3736 WcsPlugInService - ok
23:59:56.0487 3736 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
23:59:56.0487 3736 Wd - ok
23:59:56.0503 3736 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
23:59:56.0503 3736 Wdf01000 - ok
23:59:56.0503 3736 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
23:59:56.0518 3736 WdiServiceHost - ok
23:59:56.0518 3736 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
23:59:56.0518 3736 WdiSystemHost - ok
23:59:56.0518 3736 WebClient (bb5ec38f8d4600119b4720bc5d4211f1) C:\Windows\System32\webclnt.dll
23:59:56.0518 3736 WebClient - ok
23:59:56.0534 3736 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
23:59:56.0534 3736 Wecsvc - ok
23:59:56.0534 3736 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
23:59:56.0534 3736 wercplsupport - ok
23:59:56.0549 3736 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
23:59:56.0549 3736 WerSvc - ok
23:59:56.0549 3736 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
23:59:56.0549 3736 WfpLwf - ok
23:59:56.0549 3736 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
23:59:56.0549 3736 WIMMount - ok
23:59:56.0565 3736 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
23:59:56.0565 3736 WinDefend - ok
23:59:56.0581 3736 WinHttpAutoProxySvc - ok
23:59:56.0581 3736 WinisoCDBus (2e099c98a64f891de47a28fb8b9455fc) C:\Windows\system32\drivers\WinisoCDBus.sys
23:59:56.0581 3736 WinisoCDBus - ok
23:59:56.0596 3736 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
23:59:56.0596 3736 Winmgmt - ok
23:59:56.0627 3736 WinRM (c4f5d3901d1b41d602ddc196e0b95b51) C:\Windows\system32\WsmSvc.dll
23:59:56.0627 3736 WinRM - ok
23:59:56.0659 3736 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
23:59:56.0659 3736 Wlansvc - ok
23:59:56.0659 3736 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
23:59:56.0659 3736 WmiAcpi - ok
23:59:56.0674 3736 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
23:59:56.0674 3736 wmiApSrv - ok
23:59:56.0705 3736 WMPNetworkSvc (77fbd400984cf72ba0fc4b3489d65f74) C:\Program Files\Windows Media Player\wmpnetwk.exe
23:59:56.0705 3736 WMPNetworkSvc - ok
23:59:56.0705 3736 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
23:59:56.0705 3736 WPCSvc - ok
23:59:56.0721 3736 WPDBusEnum (b7f658a2ebc07129538ad9ab35212637) C:\Windows\system32\wpdbusenum.dll
23:59:56.0721 3736 WPDBusEnum - ok
23:59:56.0721 3736 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
23:59:56.0721 3736 ws2ifsl - ok
23:59:56.0721 3736 wscsvc (a661a76333057b383a06e65f0073222f) C:\Windows\system32\wscsvc.dll
23:59:56.0721 3736 wscsvc - ok
23:59:56.0721 3736 WSearch - ok
23:59:56.0783 3736 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
23:59:56.0783 3736 wuauserv - ok
23:59:56.0799 3736 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
23:59:56.0815 3736 WudfPf - ok
23:59:56.0815 3736 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:59:56.0815 3736 WUDFRd - ok
23:59:56.0815 3736 wudfsvc (ddee3682fe97037c45f4d7ab467cb8b6) C:\Windows\System32\WUDFSvc.dll
23:59:56.0815 3736 wudfsvc - ok
23:59:56.0830 3736 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
23:59:56.0830 3736 WwanSvc - ok
23:59:56.0830 3736 yukonw7 (b07c5b7efdf936ff93d4f540938725be) C:\Windows\system32\DRIVERS\yk62x86.sys
23:59:56.0846 3736 yukonw7 - ok
23:59:56.0846 3736 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
23:59:56.0893 3736 \Device\Harddisk1\DR1 - ok
23:59:56.0893 3736 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
23:59:56.0971 3736 \Device\Harddisk0\DR0 - ok
23:59:56.0971 3736 Boot (0x1200) (06b83b71ac872132e1401c8c22c79bed) \Device\Harddisk1\DR1\Partition0
23:59:56.0971 3736 \Device\Harddisk1\DR1\Partition0 - ok
23:59:56.0971 3736 Boot (0x1200) (f8c08ff3cef97accb85180926c7e0c2a) \Device\Harddisk0\DR0\Partition0
23:59:56.0971 3736 \Device\Harddisk0\DR0\Partition0 - ok
23:59:56.0971 3736 Boot (0x1200) (a71120c5542f53f74b474e50fe4a7311) \Device\Harddisk0\DR0\Partition1
23:59:56.0971 3736 \Device\Harddisk0\DR0\Partition1 - ok
23:59:56.0971 3736 ============================================================
23:59:56.0971 3736 Scan finished
23:59:56.0971 3736 ============================================================
23:59:56.0986 2192 Detected object count: 0
23:59:56.0986 2192 Actual detected object count: 0
And here is the aswMBR:
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-08 00:01:23
-----------------------------
00:01:23.571 OS Version: Windows 6.1.7600
00:01:23.571 Number of processors: 8 586 0x1A05
00:01:23.571 ComputerName: COMPUTRESS UserName: Fable
00:01:28.333 Initialize success
00:02:28.121 AVAST engine defs: 12070701
00:02:35.204 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3
00:02:35.204 Disk 0 Vendor: SAMSUNG_HD103SI 1AG01118 Size: 953869MB BusType: 3
00:02:35.219 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T0L0-0
00:02:35.219 Disk 1 Vendor: OCZ-VERTEX 1.5 Size: 30533MB BusType: 3
00:02:35.219 Disk 1 MBR read successfully
00:02:35.219 Disk 1 MBR scan
00:02:35.219 Disk 1 Windows 7 default MBR code
00:02:35.235 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 30531 MB offset 2048
00:02:35.235 Disk 1 scanning sectors +62529536
00:02:35.251 Disk 1 scanning C:\Windows\system32\drivers
00:02:37.481 Service scanning
00:02:43.846 Modules scanning
00:02:45.921 Disk 1 trace - called modules:
00:02:45.921 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll pciide.sys PCIIDEX.SYS atapi.sys
00:02:45.921 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x85e9aac8]
00:02:45.921 3 CLASSPNP.SYS[8b1b059e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x84fd4908]
00:02:46.046 AVAST engine scan C:\Windows
00:02:46.514 AVAST engine scan C:\Windows\system32
00:03:31.566 AVAST engine scan C:\Windows\system32\drivers
00:03:34.046 AVAST engine scan C:\Users\Fable
00:03:46.542 AVAST engine scan C:\ProgramData
00:03:48.170 Scan finished successfully
00:04:22.140 Disk 1 MBR has been saved successfully to "C:\Users\Fable\Desktop\MBR.dat"
00:04:22.140 The log file has been saved successfully to "C:\Users\Fable\Desktop\aswMBR.txt"
How's it looking, boss?
-
Thank you so much for responding so promptly!
Here is the Security Check:
Results of screen317's Security Check version 0.99.42
Windows 7 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Microsoft Security Essentials
(On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.61.0.1400
JavaFX 2.1.0
Java 6 Update 22
Java 7 Update 4
Java version out of Date!
Adobe Flash Player 11.2.202.235
Adobe Reader X (10.1.3)
Google Chrome 19.0.1084.56
Google Chrome 20.0.1132.47
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 6%
````````````````````End of Log``````````````````````
And here is the ComboFix log:
1ComboFix 12-07-07.04 - Fable 07/07/2012 12:44:46.1.8 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3063.2327 [GMT -4:00]
Running from: c:\users\Fable\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Fable\AppData\Local\{edfe05c3-645f-9769-6f6f-9033e04473af}\@
c:\users\Fable\AppData\Local\{edfe05c3-645f-9769-6f6f-9033e04473af}\n
c:\users\Fable\AppData\Roaming\uireap.dll
c:\windows\assembly\GAC\Desktop.ini
c:\windows\Installer\{edfe05c3-645f-9769-6f6f-9033e04473af}\@
c:\windows\Installer\{edfe05c3-645f-9769-6f6f-9033e04473af}\L\00000004.@
c:\windows\Installer\{edfe05c3-645f-9769-6f6f-9033e04473af}\L\1afb2d56
c:\windows\Installer\{edfe05c3-645f-9769-6f6f-9033e04473af}\L\201d3dde
c:\windows\Installer\{edfe05c3-645f-9769-6f6f-9033e04473af}\n
c:\windows\Installer\{edfe05c3-645f-9769-6f6f-9033e04473af}\U\00000004.@
c:\windows\Installer\{edfe05c3-645f-9769-6f6f-9033e04473af}\U\00000008.@
c:\windows\Installer\{edfe05c3-645f-9769-6f6f-9033e04473af}\U\000000cb.@
c:\windows\Installer\{edfe05c3-645f-9769-6f6f-9033e04473af}\U\80000000.@
c:\windows\Installer\{edfe05c3-645f-9769-6f6f-9033e04473af}\U\80000032.@
.
Infected copy of c:\windows\system32\services.exe was found and disinfected
Restored copy from - c:\windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-07 to 2012-07-07 )))))))))))))))))))))))))))))))
.
.
2012-07-07 16:47 . 2012-07-07 16:48 -------- d-----w- c:\users\Fable\AppData\Local\temp
2012-07-07 16:47 . 2012-07-07 16:47 -------- d-----w- c:\users\Wait\AppData\Local\temp
2012-07-07 16:47 . 2012-07-07 16:47 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-07-07 16:47 . 2012-07-07 16:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-05 00:22 . 2012-07-05 00:22 -------- d-----w- c:\users\Fable\AppData\Roaming\Malwarebytes
2012-07-05 00:22 . 2012-07-05 00:22 -------- d-----w- c:\programdata\Malwarebytes
2012-07-05 00:22 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-04 23:45 . 2012-07-05 01:38 -------- d-----w- c:\users\Fable\AppData\Local\ElevatedDiagnostics
2012-07-04 22:42 . 2012-07-04 22:42 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-07-04 01:38 . 2012-07-04 01:38 -------- d-----w- c:\users\Fable\AppData\Roaming\fltk.org
2012-07-04 01:38 . 2012-07-04 01:38 -------- d-----w- c:\programdata\fltk.org
2012-07-03 21:28 . 2012-07-03 21:28 -------- d-----w- c:\users\Fable\AppData\Roaming\LoneSurvivor
2012-07-03 19:32 . 2012-05-12 15:59 713784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2231B3C5-0303-46D3-A73E-447FD132883D}\gapaengine.dll
2012-07-03 19:32 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{21450275-2649-4826-8028-5AEC25A6DAFD}\mpengine.dll
2012-07-02 02:55 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-23 18:09 . 2004-02-27 04:00 962612 ----a-w- c:\windows\system32\mfc42d.dll
2012-06-23 18:09 . 2004-02-17 04:00 434252 ----a-w- c:\windows\system32\MSVCRTD.DLL
2012-06-23 18:09 . 2012-06-23 18:09 -------- d-----w- c:\program files\ASUS
2012-06-23 18:09 . 2007-12-17 21:14 12400 ----a-w- c:\windows\system32\drivers\AsIO.sys
2012-06-23 18:09 . 2006-01-10 20:50 24576 ----a-w- c:\windows\system32\AsIO.dll
2012-06-23 18:07 . 2009-05-13 23:11 6504 ----a-w- c:\windows\system32\drivers\ASACPI.sys
2012-06-22 13:41 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-22 13:41 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-22 13:41 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 13:41 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-22 13:41 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-22 13:41 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-22 13:41 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-22 13:41 . 2012-06-02 19:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-22 13:41 . 2012-06-02 19:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-20 00:44 . 2012-06-20 00:44 -------- d-----w- c:\users\Fable\AppData\Roaming\e-academy Inc
2012-06-15 03:27 . 2012-06-15 03:27 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-06-14 22:45 . 2009-02-27 07:42 31640 ----a-w- c:\windows\system32\msonpmon.dll
2012-06-14 22:45 . 2006-10-26 23:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2012-06-14 22:45 . 2012-06-18 01:59 -------- d-----w- c:\program files\Microsoft Works
2012-06-14 22:44 . 2012-06-14 22:44 -------- d-----w- c:\windows\PCHEALTH
2012-06-14 22:43 . 2012-06-14 22:43 -------- d-----w- c:\program files\Microsoft Visual Studio 8
2012-06-14 22:43 . 2012-06-27 23:58 -------- d-----w- c:\users\Fable\AppData\Local\Microsoft Help
2012-06-14 22:43 . 2012-06-19 02:34 -------- d-----w- c:\programdata\Microsoft Help
2012-06-13 23:57 . 2012-04-28 03:19 177152 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 23:57 . 2012-04-07 11:34 2342400 ----a-w- c:\windows\system32\msi.dll
2012-06-13 23:57 . 2012-05-15 01:12 2342400 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 23:57 . 2012-04-26 04:48 57856 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 23:57 . 2012-04-26 04:48 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-13 23:57 . 2012-04-26 04:43 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-13 23:56 . 2012-05-02 04:52 163328 ----a-w- c:\windows\system32\profsvc.dll
2012-06-13 23:56 . 2012-04-24 04:47 139264 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 23:56 . 2012-04-24 04:47 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-13 23:56 . 2012-04-24 04:47 1156608 ----a-w- c:\windows\system32\crypt32.dll
2012-06-12 19:15 . 2012-05-12 15:59 713784 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-20 18:47 . 2012-05-20 18:29 21840 ----atw- c:\windows\system32\SIntfNT.dll
2012-05-20 18:47 . 2012-05-20 18:29 17212 ----atw- c:\windows\system32\SIntf32.dll
2012-05-20 18:47 . 2012-05-20 18:29 12067 ----atw- c:\windows\system32\SIntf16.dll
2012-05-20 18:22 . 2012-05-20 18:22 94208 ----a-w- c:\windows\DIIUnin.exe
2012-05-20 18:22 . 2012-05-20 18:22 2829 ----a-w- c:\windows\DIIUnin.pif
2012-05-17 02:20 . 2012-05-13 05:27 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-17 02:20 . 2012-05-13 05:27 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-15 10:26 . 2012-05-22 14:43 5982528 ----a-w- c:\windows\system32\nvcuda.dll
2012-05-15 10:26 . 2012-05-22 14:43 2524992 ----a-w- c:\windows\system32\nvcuvid.dll
2012-05-15 10:26 . 2012-05-22 14:43 2445120 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-05-15 10:26 . 2012-05-22 14:43 19607872 ----a-w- c:\windows\system32\nvoglv32.dll
2012-05-15 10:26 . 2012-05-22 14:43 11354944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-05-15 10:26 . 2012-05-22 14:43 17551680 ----a-w- c:\windows\system32\nvcompiler.dll
2012-05-15 10:26 . 2012-05-15 01:47 883008 ----a-w- c:\windows\system32\nvgenco32.dll
2012-05-15 10:26 . 2012-05-15 01:47 61248 ----a-w- c:\windows\system32\OpenCL.dll
2012-05-15 10:26 . 2012-05-15 01:47 2368832 ----a-w- c:\windows\system32\nvapi.dll
2012-05-15 10:26 . 2012-05-15 01:47 1000768 ----a-w- c:\windows\system32\nvdispco32.dll
2012-05-15 10:26 . 2009-07-13 22:09 8105280 ----a-w- c:\windows\system32\nvwgf2um.dll
2012-05-15 10:26 . 2009-06-10 21:19 15322432 ----a-w- c:\windows\system32\nvd3dum.dll
2012-05-15 09:28 . 2012-05-15 01:48 645440 ----a-w- c:\windows\system32\nvvsvc.exe
2012-05-15 09:28 . 2012-05-15 01:48 62272 ----a-w- c:\windows\system32\nvshext.dll
2012-05-15 09:28 . 2012-05-15 01:48 108352 ----a-w- c:\windows\system32\nvmctray.dll
2012-05-15 09:28 . 2012-05-15 01:48 3931456 ----a-w- c:\windows\system32\nvcpl.dll
2012-05-15 09:27 . 2012-05-15 01:48 2759488 ----a-w- c:\windows\system32\nvsvc.dll
2012-05-15 06:21 . 2012-05-15 06:21 423744 ----a-w- c:\windows\system32\nvStreaming.exe
2012-05-12 15:59 . 2012-05-12 15:59 86528 ----a-w- c:\windows\system32\iesysprep.dll
2012-05-12 15:59 . 2012-05-12 15:59 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-05-12 15:59 . 2012-05-12 15:59 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-05-12 15:59 . 2012-05-12 15:59 74752 ----a-w- c:\windows\system32\iesetup.dll
2012-05-12 15:59 . 2012-05-12 15:59 63488 ----a-w- c:\windows\system32\tdc.ocx
2012-05-12 15:59 . 2012-05-12 15:59 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-05-12 15:59 . 2012-05-12 15:59 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-05-12 15:59 . 2012-05-12 15:59 367104 ----a-w- c:\windows\system32\html.iec
2012-05-12 15:59 . 2012-05-12 15:59 35840 ----a-w- c:\windows\system32\imgutil.dll
2012-05-12 15:59 . 2012-05-12 15:59 23552 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-12 15:59 . 2012-05-12 15:59 161792 ----a-w- c:\windows\system32\msls31.dll
2012-05-12 15:59 . 2012-05-12 15:59 152064 ----a-w- c:\windows\system32\wextract.exe
2012-05-12 15:59 . 2012-05-12 15:59 150528 ----a-w- c:\windows\system32\iexpress.exe
2012-05-12 15:59 . 2012-05-12 15:59 11776 ----a-w- c:\windows\system32\mshta.exe
2012-05-12 15:59 . 2012-05-12 15:59 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-05-12 15:59 . 2012-05-12 15:59 101888 ----a-w- c:\windows\system32\admparse.dll
2012-05-12 15:59 . 2012-05-12 15:59 3181568 ----a-w- c:\windows\system32\mf.dll
2012-05-12 15:59 . 2012-05-12 15:59 196608 ----a-w- c:\windows\system32\mfreadwrite.dll
2012-05-12 15:59 . 2012-05-12 15:59 1619456 ----a-w- c:\windows\system32\WMVDECOD.DLL
2012-05-12 15:59 . 2012-05-12 15:59 1495040 ----a-w- c:\windows\system32\ExplorerFrame.dll
2012-05-12 15:59 . 2012-05-12 15:59 135168 ----a-w- c:\windows\system32\XpsRasterService.dll
2012-05-09 09:12 . 2012-05-20 17:21 121600 ----a-w- c:\windows\system32\drivers\WinisoCDBus.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="f:\skype\Phone\Skype.exe" [2012-06-05 17344176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"Razer TRON Driver"="f:\program files\Razer\Razer TRON\RazerTRONSysTray.exe" [2011-02-25 958352]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"GrooveMonitor"="f:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RzSynapse;Razer Driver;c:\windows\system32\DRIVERS\RzSynapse.sys [x]
R3 skfiltv;skfiltv;c:\windows\system32\drivers\skfiltv.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 SkypeUpdate;Skype Updater;f:\skype\Updater\Updater.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S2 WinisoCDBus;WinISO Virtual CD Drive;c:\windows\system32\drivers\WinisoCDBus.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-876256292-3750786711-1594322207-1001Core.job
- c:\users\Fable\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-04 01:41]
.
2012-07-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-876256292-3750786711-1594322207-1001UA.job
- c:\users\Fable\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-04 01:41]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
IE: E&xport to Microsoft Excel - f:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-uireap - c:\users\Fable\AppData\Roaming\uireap.dll
SafeBoot-MsMpSvc
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2012-07-07 12:49:52 - machine was rebooted
ComboFix-quarantined-files.txt 2012-07-07 16:49
.
Pre-Run: 9,175,777,280 bytes free
Post-Run: 9,470,136,320 bytes free
.
- - End Of File - - B8A2E81750DE810BBF1EC5FBD0A4712D
Ok so it does looks like it worked. There are still desktop.inis on my desktop but from what I understand those might be the harmless ones. Also my Microsoft Security Essentialls is still disabled with error code 0x80070424. Is this a symptom of something still going on or does that just need a reinstall?
Also is there any other damage clean ups I need to perform?
-
Hello good people,
So Malewarebytes finds trojan.0access in desktop.ini.
Microsoft Safety Scanner finds sirefef.
Both programs claim to delete these but upon restart they're always still there. Attached are the requested files.
Please assist because I need help.
0access dekstop.ini
in Resolved Malware Removal Logs
Posted
I'm not familiar with WinPatrol so the only thing I would ask is do you just run it and leave it be or does it require some action on my part?
Otherwise that is all and I really appreciate your help, so thank you.