Jump to content

ljlkljlk

Members
  • Posts

    9
  • Joined

  • Last visited

Reputation

0 Neutral
  1. C:\Qoobox\Quarantine\C\Users\me\AppData\Local\{536f3ba4-5a21-3fb9-2834-3ccacd733c85}\n.vir Win64/Sirefef.W trojan C:\Qoobox\Quarantine\C\Windows\Installer\{536f3ba4-5a21-3fb9-2834-3ccacd733c85}\n.vir Win64/Sirefef.W trojan C:\Qoobox\Quarantine\C\Windows\Installer\{536f3ba4-5a21-3fb9-2834-3ccacd733c85}\U\00000008.@.vir Win64/Agent.BA trojan C:\Qoobox\Quarantine\C\Windows\Installer\{536f3ba4-5a21-3fb9-2834-3ccacd733c85}\U\80000000.@.vir Win64/Sirefef.AE trojan C:\Qoobox\Quarantine\C\Windows\Installer\{536f3ba4-5a21-3fb9-2834-3ccacd733c85}\U\80000032.@.vir a variant of Win32/Sirefef.FD trojan C:\Qoobox\Quarantine\C\Windows\System32\services.exe.vir Win64/Patched.B.Gen trojan
  2. Hi, everything still looks good Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Database version: v2012.07.09.14 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 me :: ME-PC [administrator] 07.09.2012 6:33:27 PM mbam-log-2012-07-09 (18-33-27).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 208619 Time elapsed: 1 minute(s), 38 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) . Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 6:35:29 PM, on 07.09.2012 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v9.00 (9.00.8112.16446) Boot mode: Normal Running processes: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Users\me\Desktop\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll O2 - BHO: Mouse Gestures - {A6A49249-57AE-4295-8D4D-18A9502C7D8E} - C:\Program Files (x86)\Internet Explorer\Plugins\Drowse\MouseGestures.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll O2 - BHO: SimpleAdblock Class - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblock.dll O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O9 - Extra button: (no name) - {4E660F19-E91E-41E1-88EF-D1DFAB118F67} - C:\Program Files (x86)\Internet Explorer\Plugins\Drowse\MouseGestures.dll O9 - Extra 'Tools' menuitem: Mouse Gestures... - {4E660F19-E91E-41E1-88EF-D1DFAB118F67} - C:\Program Files (x86)\Internet Explorer\Plugins\Drowse\MouseGestures.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Futuremark SystemInfo Service - Futuremark Corporation - C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Unknown owner - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 5850 bytes
  3. Hi, as far as I can tell everything is working normally. Windows Firewall and Defender are functional again, Firefox isn't hijacked, no fake security alerts. So far so good, thanks. ComboFix 12-07-08.01 - me 07.09.2012 3:37.2.4 - x64 Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.4055.2664 [GMT -4:00] Running from: c:\users\me\Desktop\ComboFix.exe Command switches used :: c:\users\me\Desktop\CFScript.txt SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-06-09 to 2012-07-09 ))))))))))))))))))))))))))))))) . . 2012-07-09 07:40 . 2012-07-09 07:40 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-08 18:32 . 2012-07-08 18:32 -------- d-sh--w- c:\windows\SysWow64\%APPDATA% 2012-07-07 00:35 . 2010-11-23 07:18 663424 ----a-w- c:\windows\system32\drivers\emBDA64.sys 2012-07-07 00:35 . 2010-11-23 07:18 118784 ----a-w- c:\windows\system32\emPRP64.ax 2012-07-07 00:35 . 2010-11-23 07:16 114176 ----a-w- c:\windows\SysWow64\emPRP.ax 2012-07-07 00:35 . 2010-09-07 03:25 81920 ----a-w- c:\windows\emMON.exe 2012-06-23 01:24 . 2012-06-23 05:13 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service 2012-06-13 05:34 . 2012-05-18 02:06 2311680 ----a-w- c:\windows\system32\jscript9.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2006-05-03 16:06 163328 --sha-r- c:\windows\SysWOW64\flvDX.dll 2007-02-21 17:47 31232 --sha-r- c:\windows\SysWOW64\msfDX.dll 2008-03-16 19:30 216064 --sha-r- c:\windows\SysWOW64\nbDX.dll 2010-01-07 04:00 107520 --sha-r- c:\windows\SysWOW64\TAKDSDecoder.dll . . ((((((((((((((((((((((((((((( SnapShot@2012-07-09_06.26.18 ))))))))))))))))))))))))))))))))))))))))) . + 2010-09-17 03:30 . 2012-07-09 06:27 57412 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-07-09 06:27 34704 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2010-09-17 03:24 . 2012-07-09 06:27 24866 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3475584479-4188768083-1450281213-1000_UserData.bin - 2012-07-09 06:25 . 2012-07-09 06:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-07-09 07:41 . 2012-07-09 07:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-07-09 06:25 . 2012-07-09 06:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2012-07-09 07:41 . 2012-07-09 07:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2009-07-14 02:36 . 2012-07-09 06:30 624162 c:\windows\system32\perfh009.dat - 2009-07-14 02:36 . 2012-07-09 06:23 624162 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2012-07-09 06:30 106538 c:\windows\system32\perfc009.dat - 2009-07-14 02:36 . 2012-07-09 06:23 106538 c:\windows\system32\perfc009.dat - 2009-07-14 05:01 . 2012-07-09 06:24 274392 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2012-07-09 07:40 274392 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2010-11-15 17:47 . 2012-07-09 07:40 58334916 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3475584479-4188768083-1450281213-1000-12288.dat - 2010-11-15 17:47 . 2012-07-09 06:13 58334916 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3475584479-4188768083-1450281213-1000-12288.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-20 136176] R3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [2009-07-14 281088] R3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [2009-06-10 15360] R3 cpuz130;cpuz130;c:\users\me\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x] R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x] R3 FLASHSYS;FLASHSYS;c:\program files (x86)\MSI\Live Update 4\LU4\FLASHSYS64.sys [2008-02-15 15192] R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2011-12-09 135584] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-20 136176] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680] R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys [x] R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\CPUID\RealTemp\WinRing0x64.sys [2008-07-27 14544] S2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x64.sys [2010-07-09 21480] S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-11-02 13784] S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-07-01 2533400] S3 3xHybr64;3xHybrid service;c:\windows\system32\DRIVERS\3xHybr64.sys [2009-08-26 1333376] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 253600] S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-09-17 270912] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344] . . Contents of the 'Scheduled Tasks' folder . 2012-07-09 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 05:48] . 2012-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-20 03:00] . 2012-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-20 03:00] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-25 9650720] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com/ mLocal Page = c:\windows\SysWOW64\blank.htm TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\me\AppData\Roaming\Mozilla\Firefox\Profiles\djbxap69.Default User\ FF - prefs.js: browser.startup.homepage - about:blank . - - - - ORPHANS REMOVED - - - - . WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-3475584479-4188768083-1450281213-1000\Software\SecuROM\License information*] "datasecu"=hex:b0,01,18,44,12,84,6b,85,81,b8,7d,79,01,38,df,c3,bc,cb,a0,4f,60, 12,ec,90,44,5d,55,91,fc,30,43,9c,a2,65,47,a9,2e,35,46,a1,aa,49,1e,62,ed,0b,\ "rkeysecu"=hex:83,b3,28,2d,a0,ae,7d,98,65,95,6d,19,2a,ab,3d,b5 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe . ************************************************************************** . Completion time: 2012-07-09 03:44:44 - machine was rebooted ComboFix-quarantined-files.txt 2012-07-09 07:44 ComboFix2.txt 2012-07-09 06:29 . Pre-Run: 206,449,111,040 bytes free Post-Run: 207,292,522,496 bytes free . - - End Of File - - 81B99B3F698F2AA909D67C1E16196579
  4. Thanks again. No problems. Here are the results. 03:14:58.0786 3816 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08 03:14:59.0009 3816 ============================================================ 03:14:59.0009 3816 Current date / time: 2012/07/09 03:14:59.0009 03:14:59.0009 3816 SystemInfo: 03:14:59.0009 3816 03:14:59.0009 3816 OS Version: 6.1.7600 ServicePack: 0.0 03:14:59.0009 3816 Product type: Workstation 03:14:59.0009 3816 ComputerName: ME-PC 03:14:59.0010 3816 UserName: me 03:14:59.0010 3816 Windows directory: C:\Windows 03:14:59.0010 3816 System windows directory: C:\Windows 03:14:59.0010 3816 Running under WOW64 03:14:59.0010 3816 Processor architecture: Intel x64 03:14:59.0010 3816 Number of processors: 4 03:14:59.0010 3816 Page size: 0x1000 03:14:59.0010 3816 Boot type: Normal boot 03:14:59.0010 3816 ============================================================ 03:14:59.0499 3816 Drive \Device\Harddisk0\DR0 - Size: 0x45DD826000 (279.46 Gb), SectorSize: 0x200, Cylinders: 0x8E81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 03:14:59.0512 3816 Drive \Device\Harddisk1\DR1 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 03:14:59.0513 3816 Drive \Device\Harddisk2\DR2 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 03:14:59.0514 3816 Drive \Device\Harddisk3\DR3 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 03:14:59.0518 3816 Drive \Device\Harddisk4\DR4 - Size: 0x4A85C4DE00 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 03:14:59.0525 3816 ============================================================ 03:14:59.0525 3816 \Device\Harddisk0\DR0: 03:14:59.0533 3816 MBR partitions: 03:14:59.0533 3816 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x22EEAD02 03:14:59.0533 3816 \Device\Harddisk1\DR1: 03:14:59.0533 3816 MBR partitions: 03:14:59.0533 3816 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xDF93782 03:14:59.0533 3816 \Device\Harddisk2\DR2: 03:14:59.0533 3816 MBR partitions: 03:14:59.0533 3816 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAEA86800 03:14:59.0533 3816 \Device\Harddisk3\DR3: 03:14:59.0533 3816 MBR partitions: 03:14:59.0533 3816 \Device\Harddisk3\DR3\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAEA86800 03:14:59.0533 3816 \Device\Harddisk4\DR4: 03:14:59.0535 3816 MBR partitions: 03:14:59.0535 3816 \Device\Harddisk4\DR4\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x254297C1 03:14:59.0535 3816 ============================================================ 03:14:59.0547 3816 C: <-> \Device\Harddisk4\DR4\Partition0 03:14:59.0560 3816 D: <-> \Device\Harddisk1\DR1\Partition0 03:14:59.0560 3816 ============================================================ 03:14:59.0560 3816 Initialize success 03:14:59.0560 3816 ============================================================ 03:15:07.0554 3388 ============================================================ 03:15:07.0554 3388 Scan started 03:15:07.0554 3388 Mode: Manual; 03:15:07.0554 3388 ============================================================ 03:15:08.0253 3388 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys 03:15:08.0264 3388 1394ohci - ok 03:15:08.0342 3388 3xHybr64 (11dff8697faf248eba8f047d0a59a3e2) C:\Windows\system32\DRIVERS\3xHybr64.sys 03:15:08.0379 3388 3xHybr64 - ok 03:15:08.0460 3388 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys 03:15:08.0472 3388 ACPI - ok 03:15:08.0496 3388 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys 03:15:08.0497 3388 AcpiPmi - ok 03:15:08.0623 3388 AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 03:15:08.0634 3388 AdobeFlashPlayerUpdateSvc - ok 03:15:08.0683 3388 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 03:15:08.0701 3388 adp94xx - ok 03:15:08.0744 3388 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 03:15:08.0758 3388 adpahci - ok 03:15:08.0779 3388 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 03:15:08.0788 3388 adpu320 - ok 03:15:08.0824 3388 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll 03:15:08.0825 3388 AeLookupSvc - ok 03:15:08.0878 3388 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys 03:15:08.0908 3388 AFD - ok 03:15:08.0925 3388 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys 03:15:08.0926 3388 agp440 - ok 03:15:08.0953 3388 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe 03:15:08.0955 3388 ALG - ok 03:15:08.0973 3388 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys 03:15:08.0974 3388 aliide - ok 03:15:08.0982 3388 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys 03:15:08.0983 3388 amdide - ok 03:15:09.0010 3388 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 03:15:09.0012 3388 AmdK8 - ok 03:15:09.0029 3388 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 03:15:09.0030 3388 AmdPPM - ok 03:15:09.0063 3388 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys 03:15:09.0076 3388 amdsata - ok 03:15:09.0090 3388 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 03:15:09.0097 3388 amdsbs - ok 03:15:09.0111 3388 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys 03:15:09.0112 3388 amdxata - ok 03:15:09.0141 3388 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys 03:15:09.0142 3388 AppID - ok 03:15:09.0163 3388 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll 03:15:09.0165 3388 AppIDSvc - ok 03:15:09.0175 3388 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll 03:15:09.0183 3388 Appinfo - ok 03:15:09.0231 3388 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll 03:15:09.0241 3388 AppMgmt - ok 03:15:09.0261 3388 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 03:15:09.0265 3388 arc - ok 03:15:09.0281 3388 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 03:15:09.0286 3388 arcsas - ok 03:15:09.0314 3388 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 03:15:09.0314 3388 AsyncMac - ok 03:15:09.0331 3388 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys 03:15:09.0332 3388 atapi - ok 03:15:09.0374 3388 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll 03:15:09.0400 3388 AudioEndpointBuilder - ok 03:15:09.0409 3388 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll 03:15:09.0415 3388 AudioSrv - ok 03:15:09.0457 3388 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll 03:15:09.0469 3388 AxInstSV - ok 03:15:09.0512 3388 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 03:15:09.0533 3388 b06bdrv - ok 03:15:09.0590 3388 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 03:15:09.0605 3388 b57nd60a - ok 03:15:09.0621 3388 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll 03:15:09.0624 3388 BDESVC - ok 03:15:09.0634 3388 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 03:15:09.0635 3388 Beep - ok 03:15:09.0703 3388 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll 03:15:09.0731 3388 BFE - ok 03:15:09.0800 3388 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\system32\qmgr.dll 03:15:09.0810 3388 BITS - ok 03:15:09.0862 3388 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 03:15:09.0863 3388 blbdrive - ok 03:15:09.0899 3388 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys 03:15:09.0903 3388 bowser - ok 03:15:09.0923 3388 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 03:15:09.0924 3388 BrFiltLo - ok 03:15:09.0937 3388 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 03:15:09.0938 3388 BrFiltUp - ok 03:15:09.0972 3388 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys 03:15:09.0976 3388 BridgeMP - ok 03:15:10.0023 3388 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll 03:15:10.0024 3388 Browser - ok 03:15:10.0069 3388 BrSerIb (e5e9b1625a767ceb6f319c12d33eab78) C:\Windows\system32\DRIVERS\BrSerIb.sys 03:15:10.0081 3388 BrSerIb - ok 03:15:10.0098 3388 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 03:15:10.0110 3388 Brserid - ok 03:15:10.0117 3388 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 03:15:10.0118 3388 BrSerWdm - ok 03:15:10.0126 3388 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 03:15:10.0127 3388 BrUsbMdm - ok 03:15:10.0160 3388 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 03:15:10.0161 3388 BrUsbSer - ok 03:15:10.0180 3388 BrUsbSIb (d9f6b30ad93cbd165ec71fadf51df25e) C:\Windows\system32\DRIVERS\BrUsbSIb.sys 03:15:10.0181 3388 BrUsbSIb - ok 03:15:10.0192 3388 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 03:15:10.0193 3388 BTHMODEM - ok 03:15:10.0219 3388 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll 03:15:10.0224 3388 bthserv - ok 03:15:10.0231 3388 catchme - ok 03:15:10.0253 3388 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 03:15:10.0258 3388 cdfs - ok 03:15:10.0285 3388 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys 03:15:10.0296 3388 cdrom - ok 03:15:10.0329 3388 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll 03:15:10.0330 3388 CertPropSvc - ok 03:15:10.0349 3388 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 03:15:10.0350 3388 circlass - ok 03:15:10.0397 3388 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 03:15:10.0408 3388 CLFS - ok 03:15:10.0484 3388 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 03:15:10.0486 3388 clr_optimization_v2.0.50727_32 - ok 03:15:10.0616 3388 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 03:15:10.0621 3388 clr_optimization_v2.0.50727_64 - ok 03:15:10.0707 3388 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 03:15:10.0718 3388 clr_optimization_v4.0.30319_32 - ok 03:15:10.0745 3388 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 03:15:10.0757 3388 clr_optimization_v4.0.30319_64 - ok 03:15:10.0789 3388 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 03:15:10.0790 3388 CmBatt - ok 03:15:10.0802 3388 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys 03:15:10.0803 3388 cmdide - ok 03:15:10.0855 3388 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys 03:15:10.0874 3388 CNG - ok 03:15:10.0879 3388 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 03:15:10.0880 3388 Compbatt - ok 03:15:10.0905 3388 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys 03:15:10.0906 3388 CompositeBus - ok 03:15:10.0920 3388 COMSysApp - ok 03:15:11.0016 3388 cpuz130 - ok 03:15:11.0048 3388 cpuz134 (17719a7f571d4cd08223f0b30f71b8b8) C:\Windows\system32\drivers\cpuz134_x64.sys 03:15:11.0049 3388 cpuz134 - ok 03:15:11.0081 3388 cpuz135 - ok 03:15:11.0120 3388 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 03:15:11.0121 3388 crcdisk - ok 03:15:11.0176 3388 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll 03:15:11.0178 3388 CryptSvc - ok 03:15:11.0235 3388 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys 03:15:11.0253 3388 CSC - ok 03:15:11.0297 3388 CscService (873fbf927c06e5cee04dec617502f8fd) C:\Windows\System32\cscsvc.dll 03:15:11.0317 3388 CscService - ok 03:15:11.0400 3388 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll 03:15:11.0406 3388 DcomLaunch - ok 03:15:11.0455 3388 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll 03:15:11.0469 3388 defragsvc - ok 03:15:11.0522 3388 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys 03:15:11.0526 3388 DfsC - ok 03:15:11.0573 3388 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll 03:15:11.0586 3388 Dhcp - ok 03:15:11.0623 3388 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 03:15:11.0625 3388 discache - ok 03:15:11.0656 3388 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 03:15:11.0657 3388 Disk - ok 03:15:11.0687 3388 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll 03:15:11.0696 3388 Dnscache - ok 03:15:11.0719 3388 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll 03:15:11.0732 3388 dot3svc - ok 03:15:11.0764 3388 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll 03:15:11.0775 3388 DPS - ok 03:15:11.0816 3388 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 03:15:11.0817 3388 drmkaud - ok 03:15:11.0865 3388 dtsoftbus01 (d3d64cf7b2bceaa34a270f45a3fffb36) C:\Windows\system32\DRIVERS\dtsoftbus01.sys 03:15:11.0868 3388 dtsoftbus01 - ok 03:15:11.0950 3388 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys 03:15:11.0959 3388 DXGKrnl - ok 03:15:11.0998 3388 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll 03:15:12.0011 3388 EapHost - ok 03:15:12.0155 3388 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 03:15:12.0245 3388 ebdrv - ok 03:15:12.0366 3388 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe 03:15:12.0367 3388 EFS - ok 03:15:12.0451 3388 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe 03:15:12.0498 3388 ehRecvr - ok 03:15:12.0549 3388 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe 03:15:12.0560 3388 ehSched - ok 03:15:12.0637 3388 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 03:15:12.0668 3388 elxstor - ok 03:15:12.0704 3388 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys 03:15:12.0705 3388 ErrDev - ok 03:15:12.0777 3388 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll 03:15:12.0781 3388 EventSystem - ok 03:15:12.0821 3388 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 03:15:12.0832 3388 exfat - ok 03:15:12.0871 3388 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 03:15:12.0882 3388 fastfat - ok 03:15:12.0930 3388 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe 03:15:12.0974 3388 Fax - ok 03:15:13.0007 3388 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 03:15:13.0008 3388 fdc - ok 03:15:13.0027 3388 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll 03:15:13.0028 3388 fdPHost - ok 03:15:13.0037 3388 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll 03:15:13.0038 3388 FDResPub - ok 03:15:13.0048 3388 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 03:15:13.0049 3388 FileInfo - ok 03:15:13.0060 3388 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 03:15:13.0061 3388 Filetrace - ok 03:15:13.0122 3388 FLASHSYS (5b314cc7640d091de8f3bc822490da28) C:\Program Files (x86)\MSI\Live Update 4\LU4\FLASHSYS64.sys 03:15:13.0122 3388 FLASHSYS - ok 03:15:13.0128 3388 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 03:15:13.0129 3388 flpydisk - ok 03:15:13.0178 3388 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys 03:15:13.0197 3388 FltMgr - ok 03:15:13.0260 3388 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll 03:15:13.0305 3388 FontCache - ok 03:15:13.0427 3388 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 03:15:13.0429 3388 FontCache3.0.0.0 - ok 03:15:13.0471 3388 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 03:15:13.0472 3388 FsDepends - ok 03:15:13.0493 3388 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys 03:15:13.0493 3388 Fs_Rec - ok 03:15:13.0608 3388 Futuremark SystemInfo Service (0d015d3584704ec814a58276232f143b) C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe 03:15:13.0623 3388 Futuremark SystemInfo Service - ok 03:15:13.0671 3388 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys 03:15:13.0679 3388 fvevol - ok 03:15:13.0719 3388 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 03:15:13.0721 3388 gagp30kx - ok 03:15:13.0786 3388 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll 03:15:13.0827 3388 gpsvc - ok 03:15:13.0912 3388 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 03:15:13.0924 3388 gupdate - ok 03:15:13.0935 3388 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 03:15:13.0937 3388 gupdatem - ok 03:15:13.0954 3388 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 03:15:13.0955 3388 hcw85cir - ok 03:15:13.0996 3388 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys 03:15:14.0037 3388 HdAudAddService - ok 03:15:14.0087 3388 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys 03:15:14.0098 3388 HDAudBus - ok 03:15:14.0134 3388 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys 03:15:14.0135 3388 HECIx64 - ok 03:15:14.0151 3388 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 03:15:14.0153 3388 HidBatt - ok 03:15:14.0191 3388 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 03:15:14.0195 3388 HidBth - ok 03:15:14.0223 3388 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 03:15:14.0224 3388 HidIr - ok 03:15:14.0256 3388 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll 03:15:14.0257 3388 hidserv - ok 03:15:14.0287 3388 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys 03:15:14.0289 3388 HidUsb - ok 03:15:14.0318 3388 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll 03:15:14.0330 3388 hkmsvc - ok 03:15:14.0368 3388 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll 03:15:14.0375 3388 HomeGroupListener - ok 03:15:14.0419 3388 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll 03:15:14.0428 3388 HomeGroupProvider - ok 03:15:14.0458 3388 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys 03:15:14.0460 3388 HpSAMD - ok 03:15:14.0518 3388 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys 03:15:14.0543 3388 HTTP - ok 03:15:14.0553 3388 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys 03:15:14.0554 3388 hwpolicy - ok 03:15:14.0592 3388 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys 03:15:14.0604 3388 i8042prt - ok 03:15:14.0644 3388 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys 03:15:14.0658 3388 iaStorV - ok 03:15:14.0806 3388 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 03:15:14.0839 3388 idsvc - ok 03:15:14.0856 3388 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 03:15:14.0857 3388 iirsp - ok 03:15:14.0927 3388 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll 03:15:14.0974 3388 IKEEXT - ok 03:15:15.0126 3388 IntcAzAudAddService (c1e2d46eb6e533dd087c684d33411f4a) C:\Windows\system32\drivers\RTKVHD64.sys 03:15:15.0138 3388 IntcAzAudAddService - ok 03:15:15.0259 3388 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys 03:15:15.0261 3388 intelide - ok 03:15:15.0284 3388 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 03:15:15.0285 3388 intelppm - ok 03:15:15.0302 3388 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll 03:15:15.0315 3388 IPBusEnum - ok 03:15:15.0352 3388 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys 03:15:15.0357 3388 IpFilterDriver - ok 03:15:15.0407 3388 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll 03:15:15.0444 3388 iphlpsvc - ok 03:15:15.0468 3388 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys 03:15:15.0470 3388 IPMIDRV - ok 03:15:15.0504 3388 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 03:15:15.0516 3388 IPNAT - ok 03:15:15.0529 3388 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 03:15:15.0530 3388 IRENUM - ok 03:15:15.0551 3388 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys 03:15:15.0552 3388 isapnp - ok 03:15:15.0587 3388 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys 03:15:15.0597 3388 iScsiPrt - ok 03:15:15.0613 3388 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys 03:15:15.0614 3388 kbdclass - ok 03:15:15.0629 3388 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys 03:15:15.0630 3388 kbdhid - ok 03:15:15.0656 3388 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe 03:15:15.0658 3388 KeyIso - ok 03:15:15.0684 3388 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys 03:15:15.0688 3388 KSecDD - ok 03:15:15.0717 3388 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys 03:15:15.0727 3388 KSecPkg - ok 03:15:15.0733 3388 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 03:15:15.0734 3388 ksthunk - ok 03:15:15.0789 3388 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll 03:15:15.0801 3388 KtmRm - ok 03:15:15.0836 3388 LanmanServer (c926920b8978de6acfe9e15c709e9b57) C:\Windows\System32\srvsvc.dll 03:15:15.0878 3388 LanmanServer - ok 03:15:15.0927 3388 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll 03:15:15.0939 3388 LanmanWorkstation - ok 03:15:15.0968 3388 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 03:15:15.0972 3388 lltdio - ok 03:15:16.0013 3388 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll 03:15:16.0027 3388 lltdsvc - ok 03:15:16.0058 3388 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll 03:15:16.0060 3388 lmhosts - ok 03:15:16.0173 3388 LMS (ce97b09d1ba41802a6fae3bbed3cc37b) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe 03:15:16.0187 3388 LMS - ok 03:15:16.0239 3388 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 03:15:16.0246 3388 LSI_FC - ok 03:15:16.0260 3388 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 03:15:16.0273 3388 LSI_SAS - ok 03:15:16.0290 3388 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 03:15:16.0291 3388 LSI_SAS2 - ok 03:15:16.0305 3388 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 03:15:16.0318 3388 LSI_SCSI - ok 03:15:16.0335 3388 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 03:15:16.0348 3388 luafv - ok 03:15:16.0381 3388 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll 03:15:16.0395 3388 Mcx2Svc - ok 03:15:16.0421 3388 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 03:15:16.0423 3388 megasas - ok 03:15:16.0447 3388 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 03:15:16.0462 3388 MegaSR - ok 03:15:16.0493 3388 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 03:15:16.0495 3388 MMCSS - ok 03:15:16.0516 3388 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 03:15:16.0517 3388 Modem - ok 03:15:16.0553 3388 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 03:15:16.0553 3388 monitor - ok 03:15:16.0575 3388 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 03:15:16.0575 3388 mouclass - ok 03:15:16.0589 3388 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 03:15:16.0591 3388 mouhid - ok 03:15:16.0607 3388 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys 03:15:16.0612 3388 mountmgr - ok 03:15:16.0636 3388 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys 03:15:16.0646 3388 mpio - ok 03:15:16.0664 3388 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 03:15:16.0675 3388 mpsdrv - ok 03:15:16.0747 3388 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll 03:15:16.0779 3388 MpsSvc - ok 03:15:16.0811 3388 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys 03:15:16.0823 3388 MRxDAV - ok 03:15:16.0852 3388 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys 03:15:16.0863 3388 mrxsmb - ok 03:15:16.0928 3388 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys 03:15:16.0939 3388 mrxsmb10 - ok 03:15:16.0969 3388 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys 03:15:16.0973 3388 mrxsmb20 - ok 03:15:16.0999 3388 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys 03:15:17.0001 3388 msahci - ok 03:15:17.0026 3388 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys 03:15:17.0038 3388 msdsm - ok 03:15:17.0055 3388 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe 03:15:17.0067 3388 MSDTC - ok 03:15:17.0092 3388 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 03:15:17.0093 3388 Msfs - ok 03:15:17.0114 3388 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 03:15:17.0115 3388 mshidkmdf - ok 03:15:17.0131 3388 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys 03:15:17.0131 3388 msisadrv - ok 03:15:17.0167 3388 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll 03:15:17.0180 3388 MSiSCSI - ok 03:15:17.0183 3388 msiserver - ok 03:15:17.0209 3388 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 03:15:17.0210 3388 MSKSSRV - ok 03:15:17.0220 3388 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 03:15:17.0221 3388 MSPCLOCK - ok 03:15:17.0247 3388 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 03:15:17.0248 3388 MSPQM - ok 03:15:17.0286 3388 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys 03:15:17.0297 3388 MsRPC - ok 03:15:17.0321 3388 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys 03:15:17.0322 3388 mssmbios - ok 03:15:17.0342 3388 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 03:15:17.0343 3388 MSTEE - ok 03:15:17.0352 3388 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 03:15:17.0353 3388 MTConfig - ok 03:15:17.0371 3388 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 03:15:17.0372 3388 Mup - ok 03:15:17.0415 3388 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll 03:15:17.0432 3388 napagent - ok 03:15:17.0479 3388 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 03:15:17.0497 3388 NativeWifiP - ok 03:15:17.0551 3388 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys 03:15:17.0558 3388 NDIS - ok 03:15:17.0570 3388 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 03:15:17.0571 3388 NdisCap - ok 03:15:17.0591 3388 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 03:15:17.0592 3388 NdisTapi - ok 03:15:17.0603 3388 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys 03:15:17.0604 3388 Ndisuio - ok 03:15:17.0616 3388 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys 03:15:17.0626 3388 NdisWan - ok 03:15:17.0631 3388 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys 03:15:17.0632 3388 NDProxy - ok 03:15:17.0636 3388 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 03:15:17.0636 3388 NetBIOS - ok 03:15:17.0659 3388 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys 03:15:17.0662 3388 NetBT - ok 03:15:17.0688 3388 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe 03:15:17.0689 3388 Netlogon - ok 03:15:17.0738 3388 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll 03:15:17.0742 3388 Netman - ok 03:15:17.0772 3388 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll 03:15:17.0789 3388 netprofm - ok 03:15:17.0900 3388 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 03:15:17.0912 3388 NetTcpPortSharing - ok 03:15:17.0936 3388 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 03:15:17.0938 3388 nfrd960 - ok 03:15:17.0963 3388 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll 03:15:17.0973 3388 NlaSvc - ok 03:15:17.0990 3388 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 03:15:17.0990 3388 Npfs - ok 03:15:18.0023 3388 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll 03:15:18.0025 3388 nsi - ok 03:15:18.0039 3388 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 03:15:18.0040 3388 nsiproxy - ok 03:15:18.0127 3388 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys 03:15:18.0137 3388 Ntfs - ok 03:15:18.0394 3388 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 03:15:18.0395 3388 Null - ok 03:15:18.0406 3388 NVHDA - ok 03:15:18.0900 3388 nvlddmkm (b34e9bfbd9c61048ef6281c3e7ec210a) C:\Windows\system32\DRIVERS\nvlddmkm.sys 03:15:18.0944 3388 nvlddmkm - ok 03:15:19.0078 3388 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys 03:15:19.0089 3388 nvraid - ok 03:15:19.0118 3388 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys 03:15:19.0128 3388 nvstor - ok 03:15:19.0197 3388 nvsvc (dfda089bb2cd0ff7e789e2ef6ba1e4ba) C:\Windows\system32\nvvsvc.exe 03:15:19.0246 3388 nvsvc - ok 03:15:19.0297 3388 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys 03:15:19.0309 3388 nv_agp - ok 03:15:19.0327 3388 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys 03:15:19.0328 3388 ohci1394 - ok 03:15:19.0382 3388 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 03:15:19.0411 3388 p2pimsvc - ok 03:15:19.0465 3388 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll 03:15:19.0480 3388 p2psvc - ok 03:15:19.0526 3388 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 03:15:19.0532 3388 Parport - ok 03:15:19.0553 3388 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys 03:15:19.0554 3388 partmgr - ok 03:15:19.0616 3388 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll 03:15:19.0628 3388 PcaSvc - ok 03:15:19.0648 3388 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys 03:15:19.0659 3388 pci - ok 03:15:19.0671 3388 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys 03:15:19.0672 3388 pciide - ok 03:15:19.0704 3388 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 03:15:19.0716 3388 pcmcia - ok 03:15:19.0735 3388 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 03:15:19.0735 3388 pcw - ok 03:15:19.0784 3388 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 03:15:19.0801 3388 PEAUTH - ok 03:15:19.0874 3388 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll 03:15:19.0904 3388 PeerDistSvc - ok 03:15:19.0976 3388 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe 03:15:19.0978 3388 PerfHost - ok 03:15:20.0096 3388 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll 03:15:20.0127 3388 pla - ok 03:15:20.0166 3388 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll 03:15:20.0178 3388 PlugPlay - ok 03:15:20.0189 3388 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll 03:15:20.0190 3388 PNRPAutoReg - ok 03:15:20.0214 3388 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 03:15:20.0215 3388 PNRPsvc - ok 03:15:20.0261 3388 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll 03:15:20.0278 3388 PolicyAgent - ok 03:15:20.0334 3388 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll 03:15:20.0344 3388 Power - ok 03:15:20.0415 3388 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys 03:15:20.0427 3388 PptpMiniport - ok 03:15:20.0465 3388 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 03:15:20.0467 3388 Processor - ok 03:15:20.0499 3388 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll 03:15:20.0510 3388 ProfSvc - ok 03:15:20.0536 3388 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe 03:15:20.0537 3388 ProtectedStorage - ok 03:15:20.0585 3388 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys 03:15:20.0596 3388 Psched - ok 03:15:20.0689 3388 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 03:15:20.0738 3388 ql2300 - ok 03:15:20.0874 3388 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 03:15:20.0887 3388 ql40xx - ok 03:15:20.0921 3388 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll 03:15:20.0931 3388 QWAVE - ok 03:15:20.0940 3388 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 03:15:20.0942 3388 QWAVEdrv - ok 03:15:20.0958 3388 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 03:15:20.0960 3388 RasAcd - ok 03:15:21.0000 3388 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 03:15:21.0001 3388 RasAgileVpn - ok 03:15:21.0013 3388 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll 03:15:21.0016 3388 RasAuto - ok 03:15:21.0028 3388 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys 03:15:21.0030 3388 Rasl2tp - ok 03:15:21.0068 3388 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll 03:15:21.0081 3388 RasMan - ok 03:15:21.0090 3388 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 03:15:21.0101 3388 RasPppoe - ok 03:15:21.0110 3388 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 03:15:21.0112 3388 RasSstp - ok 03:15:21.0144 3388 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys 03:15:21.0157 3388 rdbss - ok 03:15:21.0162 3388 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 03:15:21.0163 3388 rdpbus - ok 03:15:21.0186 3388 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 03:15:21.0187 3388 RDPCDD - ok 03:15:21.0229 3388 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys 03:15:21.0239 3388 RDPDR - ok 03:15:21.0250 3388 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 03:15:21.0251 3388 RDPENCDD - ok 03:15:21.0258 3388 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 03:15:21.0259 3388 RDPREFMP - ok 03:15:21.0297 3388 RDPWD (447de7e3dea39d422c1504f245b668b1) C:\Windows\system32\drivers\RDPWD.sys 03:15:21.0305 3388 RDPWD - ok 03:15:21.0334 3388 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys 03:15:21.0341 3388 rdyboost - ok 03:15:21.0396 3388 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll 03:15:21.0408 3388 RemoteAccess - ok 03:15:21.0443 3388 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll 03:15:21.0446 3388 RemoteRegistry - ok 03:15:21.0475 3388 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll 03:15:21.0478 3388 RpcEptMapper - ok 03:15:21.0520 3388 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe 03:15:21.0522 3388 RpcLocator - ok 03:15:21.0564 3388 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll 03:15:21.0570 3388 RpcSs - ok 03:15:21.0607 3388 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 03:15:21.0609 3388 rspndr - ok 03:15:21.0664 3388 RTL8167 (4b42bc58294e83a6a92ec8b88c14c4a3) C:\Windows\system32\DRIVERS\Rt64win7.sys 03:15:21.0680 3388 RTL8167 - ok 03:15:21.0748 3388 RTL8169 (b263b3aebcde2210d1cc25756601b8ea) C:\Windows\system32\DRIVERS\Rtlh64.sys 03:15:21.0751 3388 RTL8169 - ok 03:15:21.0794 3388 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys 03:15:21.0795 3388 s3cap - ok 03:15:21.0820 3388 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe 03:15:21.0821 3388 SamSs - ok 03:15:21.0837 3388 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys 03:15:21.0850 3388 sbp2port - ok 03:15:21.0888 3388 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll 03:15:21.0897 3388 SCardSvr - ok 03:15:21.0937 3388 SCDEmu (6ce6f98ea3d07a9c2ce3cd0a5a86352d) C:\Windows\system32\drivers\SCDEmu.sys 03:15:21.0938 3388 SCDEmu - ok 03:15:21.0971 3388 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys 03:15:21.0973 3388 scfilter - ok 03:15:22.0042 3388 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll 03:15:22.0053 3388 Schedule - ok 03:15:22.0090 3388 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll 03:15:22.0091 3388 SCPolicySvc - ok 03:15:22.0149 3388 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll 03:15:22.0161 3388 SDRSVC - ok 03:15:22.0201 3388 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 03:15:22.0202 3388 secdrv - ok 03:15:22.0208 3388 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll 03:15:22.0211 3388 seclogon - ok 03:15:22.0236 3388 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll 03:15:22.0239 3388 SENS - ok 03:15:22.0245 3388 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll 03:15:22.0247 3388 SensrSvc - ok 03:15:22.0253 3388 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 03:15:22.0254 3388 Serenum - ok 03:15:22.0280 3388 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 03:15:22.0289 3388 Serial - ok 03:15:22.0314 3388 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 03:15:22.0316 3388 sermouse - ok 03:15:22.0334 3388 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll 03:15:22.0346 3388 SessionEnv - ok 03:15:22.0378 3388 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys 03:15:22.0380 3388 sffdisk - ok 03:15:22.0400 3388 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys 03:15:22.0401 3388 sffp_mmc - ok 03:15:22.0414 3388 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys 03:15:22.0415 3388 sffp_sd - ok 03:15:22.0420 3388 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 03:15:22.0421 3388 sfloppy - ok 03:15:22.0488 3388 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll 03:15:22.0501 3388 SharedAccess - ok 03:15:22.0561 3388 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll 03:15:22.0566 3388 ShellHWDetection - ok 03:15:22.0595 3388 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 03:15:22.0597 3388 SiSRaid2 - ok 03:15:22.0626 3388 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 03:15:22.0628 3388 SiSRaid4 - ok 03:15:22.0646 3388 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 03:15:22.0651 3388 Smb - ok 03:15:22.0673 3388 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe 03:15:22.0675 3388 SNMPTRAP - ok 03:15:22.0765 3388 speedfan (5f9785e7535f8f602cb294a54962c9e7) C:\Windows\syswow64\speedfan.sys 03:15:22.0767 3388 speedfan - ok 03:15:22.0779 3388 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 03:15:22.0780 3388 spldr - ok 03:15:22.0828 3388 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe 03:15:22.0834 3388 Spooler - ok 03:15:22.0988 3388 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe 03:15:23.0073 3388 sppsvc - ok 03:15:23.0171 3388 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll 03:15:23.0174 3388 sppuinotify - ok 03:15:23.0242 3388 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys 03:15:23.0257 3388 srv - ok 03:15:23.0280 3388 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys 03:15:23.0298 3388 srv2 - ok 03:15:23.0317 3388 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys 03:15:23.0322 3388 srvnet - ok 03:15:23.0365 3388 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll 03:15:23.0369 3388 SSDPSRV - ok 03:15:23.0378 3388 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll 03:15:23.0381 3388 SstpSvc - ok 03:15:23.0439 3388 Steam Client Service - ok 03:15:23.0470 3388 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 03:15:23.0472 3388 stexstor - ok 03:15:23.0516 3388 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll 03:15:23.0538 3388 stisvc - ok 03:15:23.0583 3388 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys 03:15:23.0584 3388 storflt - ok 03:15:23.0618 3388 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll 03:15:23.0621 3388 StorSvc - ok 03:15:23.0636 3388 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys 03:15:23.0637 3388 storvsc - ok 03:15:23.0646 3388 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys 03:15:23.0647 3388 swenum - ok 03:15:23.0680 3388 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll 03:15:23.0695 3388 swprv - ok 03:15:23.0769 3388 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll 03:15:23.0813 3388 SysMain - ok 03:15:23.0922 3388 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll 03:15:23.0936 3388 TabletInputService - ok 03:15:23.0952 3388 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll 03:15:23.0957 3388 TapiSrv - ok 03:15:23.0972 3388 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll 03:15:23.0974 3388 TBS - ok 03:15:24.0085 3388 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys 03:15:24.0099 3388 Tcpip - ok 03:15:24.0209 3388 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys 03:15:24.0219 3388 TCPIP6 - ok 03:15:24.0282 3388 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys 03:15:24.0283 3388 tcpipreg - ok 03:15:24.0299 3388 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 03:15:24.0300 3388 TDPIPE - ok 03:15:24.0320 3388 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys 03:15:24.0321 3388 TDTCP - ok 03:15:24.0342 3388 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys 03:15:24.0344 3388 tdx - ok 03:15:24.0353 3388 TEAM - ok 03:15:24.0363 3388 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys 03:15:24.0364 3388 TermDD - ok 03:15:24.0419 3388 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll 03:15:24.0427 3388 TermService - ok 03:15:24.0442 3388 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll 03:15:24.0444 3388 Themes - ok 03:15:24.0472 3388 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 03:15:24.0473 3388 THREADORDER - ok 03:15:24.0486 3388 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll 03:15:24.0498 3388 TrkWks - ok 03:15:24.0570 3388 truecrypt (ea43de1743c1ba0d2d17b8db90c91d88) C:\Windows\system32\drivers\truecrypt.sys 03:15:24.0573 3388 truecrypt - ok 03:15:24.0652 3388 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe 03:15:24.0663 3388 TrustedInstaller - ok 03:15:24.0710 3388 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys 03:15:24.0711 3388 tssecsrv - ok 03:15:24.0736 3388 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys 03:15:24.0743 3388 tunnel - ok 03:15:24.0773 3388 TurboB (825e7a1f48fb8bcfba27c178aab4e275) C:\Windows\system32\DRIVERS\TurboB.sys 03:15:24.0773 3388 TurboB - ok 03:15:24.0791 3388 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 03:15:24.0793 3388 uagp35 - ok 03:15:24.0840 3388 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys 03:15:24.0851 3388 udfs - ok 03:15:24.0886 3388 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe 03:15:24.0889 3388 UI0Detect - ok 03:15:24.0967 3388 UleadBurningHelper (332d341d92b933600d41953b08360dfb) C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe 03:15:24.0969 3388 UleadBurningHelper - ok 03:15:24.0993 3388 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys 03:15:24.0995 3388 uliagpkx - ok 03:15:25.0012 3388 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys 03:15:25.0013 3388 umbus - ok 03:15:25.0028 3388 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 03:15:25.0030 3388 UmPass - ok 03:15:25.0068 3388 UmRdpService (af0ac98ee5077eb844413eb54287fde3) C:\Windows\System32\umrdp.dll 03:15:25.0079 3388 UmRdpService - ok 03:15:25.0235 3388 UNS (c6c3b5ab7d807c1a97b1e95fed1ab90d) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe 03:15:25.0291 3388 UNS - ok 03:15:25.0415 3388 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll 03:15:25.0433 3388 upnphost - ok 03:15:25.0521 3388 USB28xxBGA (ccc0160668c6903791145f5c01f8c1c0) C:\Windows\system32\DRIVERS\emBDA64.sys 03:15:25.0542 3388 USB28xxBGA - ok 03:15:25.0583 3388 USB28xxOEM (350676a51cc0f33b46fdeb6c4a1e1470) C:\Windows\system32\DRIVERS\emOEM64.sys 03:15:25.0615 3388 USB28xxOEM - ok 03:15:25.0648 3388 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys 03:15:25.0652 3388 usbccgp - ok 03:15:25.0692 3388 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys 03:15:25.0696 3388 usbcir - ok 03:15:25.0705 3388 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\drivers\usbehci.sys 03:15:25.0710 3388 usbehci - ok 03:15:25.0757 3388 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys 03:15:25.0771 3388 usbhub - ok 03:15:25.0781 3388 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys 03:15:25.0782 3388 usbohci - ok 03:15:25.0799 3388 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 03:15:25.0801 3388 usbprint - ok 03:15:25.0830 3388 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys 03:15:25.0832 3388 usbscan - ok 03:15:25.0853 3388 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\drivers\USBSTOR.SYS 03:15:25.0859 3388 USBSTOR - ok 03:15:25.0872 3388 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys 03:15:25.0873 3388 usbuhci - ok 03:15:25.0903 3388 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll 03:15:25.0906 3388 UxSms - ok 03:15:25.0943 3388 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe 03:15:25.0944 3388 VaultSvc - ok 03:15:25.0967 3388 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys 03:15:25.0968 3388 vdrvroot - ok 03:15:25.0999 3388 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe 03:15:26.0015 3388 vds - ok 03:15:26.0038 3388 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 03:15:26.0040 3388 vga - ok 03:15:26.0052 3388 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 03:15:26.0054 3388 VgaSave - ok 03:15:26.0075 3388 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys 03:15:26.0086 3388 vhdmp - ok 03:15:26.0096 3388 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys 03:15:26.0097 3388 viaide - ok 03:15:26.0127 3388 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys 03:15:26.0138 3388 vmbus - ok 03:15:26.0150 3388 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys 03:15:26.0152 3388 VMBusHID - ok 03:15:26.0173 3388 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys 03:15:26.0174 3388 volmgr - ok 03:15:26.0195 3388 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys 03:15:26.0212 3388 volmgrx - ok 03:15:26.0237 3388 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys 03:15:26.0245 3388 volsnap - ok 03:15:26.0281 3388 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 03:15:26.0297 3388 vsmraid - ok 03:15:26.0380 3388 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe 03:15:26.0424 3388 VSS - ok 03:15:26.0537 3388 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys 03:15:26.0539 3388 vwifibus - ok 03:15:26.0574 3388 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll 03:15:26.0614 3388 W32Time - ok 03:15:26.0629 3388 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 03:15:26.0631 3388 WacomPen - ok 03:15:26.0644 3388 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys 03:15:26.0646 3388 WANARP - ok 03:15:26.0650 3388 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys 03:15:26.0651 3388 Wanarpv6 - ok 03:15:26.0746 3388 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe 03:15:26.0784 3388 wbengine - ok 03:15:26.0829 3388 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll 03:15:26.0842 3388 WbioSrvc - ok 03:15:26.0873 3388 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll 03:15:26.0884 3388 wcncsvc - ok 03:15:26.0897 3388 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll 03:15:26.0899 3388 WcsPlugInService - ok 03:15:26.0909 3388 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 03:15:26.0910 3388 Wd - ok 03:15:26.0939 3388 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 03:15:26.0953 3388 Wdf01000 - ok 03:15:26.0964 3388 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 03:15:26.0969 3388 WdiServiceHost - ok 03:15:26.0971 3388 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 03:15:26.0972 3388 WdiSystemHost - ok 03:15:27.0003 3388 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll 03:15:27.0016 3388 WebClient - ok 03:15:27.0038 3388 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll 03:15:27.0042 3388 Wecsvc - ok 03:15:27.0060 3388 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll 03:15:27.0066 3388 wercplsupport - ok 03:15:27.0095 3388 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll 03:15:27.0097 3388 WerSvc - ok 03:15:27.0121 3388 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 03:15:27.0122 3388 WfpLwf - ok 03:15:27.0137 3388 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 03:15:27.0138 3388 WIMMount - ok 03:15:27.0181 3388 WinDefend - ok 03:15:27.0186 3388 WinHttpAutoProxySvc - ok 03:15:27.0241 3388 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll 03:15:27.0251 3388 Winmgmt - ok 03:15:27.0337 3388 WinRing0_1_2_0 (0c0195c48b6b8582fa6f6373032118da) C:\Program Files\CPUID\RealTemp\WinRing0x64.sys 03:15:27.0337 3388 WinRing0_1_2_0 - ok 03:15:27.0438 3388 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll 03:15:27.0486 3388 WinRM - ok 03:15:27.0615 3388 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys 03:15:27.0616 3388 WinUsb - ok 03:15:27.0673 3388 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll 03:15:27.0700 3388 Wlansvc - ok 03:15:27.0738 3388 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys 03:15:27.0739 3388 WmiAcpi - ok 03:15:27.0796 3388 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe 03:15:27.0807 3388 wmiApSrv - ok 03:15:27.0866 3388 WMPNetworkSvc - ok 03:15:27.0880 3388 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll 03:15:27.0883 3388 WPCSvc - ok 03:15:27.0904 3388 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll 03:15:27.0916 3388 WPDBusEnum - ok 03:15:27.0930 3388 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 03:15:27.0931 3388 ws2ifsl - ok 03:15:27.0969 3388 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\system32\wscsvc.dll 03:15:27.0983 3388 wscsvc - ok 03:15:27.0986 3388 WSearch - ok 03:15:28.0104 3388 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll 03:15:28.0166 3388 wuauserv - ok 03:15:28.0288 3388 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys 03:15:28.0298 3388 WudfPf - ok 03:15:28.0323 3388 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys 03:15:28.0334 3388 WUDFRd - ok 03:15:28.0433 3388 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll 03:15:28.0484 3388 wudfsvc - ok 03:15:28.0614 3388 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll 03:15:28.0626 3388 WwanSvc - ok 03:15:28.0659 3388 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0 03:15:30.0572 3388 \Device\Harddisk0\DR0 - ok 03:15:30.0587 3388 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1 03:15:30.0653 3388 \Device\Harddisk1\DR1 - ok 03:15:30.0657 3388 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk2\DR2 03:15:30.0659 3388 \Device\Harddisk2\DR2 - ok 03:15:30.0663 3388 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk3\DR3 03:15:30.0666 3388 \Device\Harddisk3\DR3 - ok 03:15:30.0681 3388 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk4\DR4 03:15:30.0983 3388 \Device\Harddisk4\DR4 - ok 03:15:30.0989 3388 Boot (0x1200) (6d6c64966b96c850f0ec9d3c1ba3528a) \Device\Harddisk0\DR0\Partition0 03:15:30.0989 3388 \Device\Harddisk0\DR0\Partition0 - ok 03:15:30.0991 3388 Boot (0x1200) (cdd548663b66fe2d1fee0e351a2ce0a6) \Device\Harddisk1\DR1\Partition0 03:15:30.0992 3388 \Device\Harddisk1\DR1\Partition0 - ok 03:15:30.0994 3388 Boot (0x1200) (52d58a5d935da5ac4bc3a65a88a64292) \Device\Harddisk2\DR2\Partition0 03:15:30.0994 3388 \Device\Harddisk2\DR2\Partition0 - ok 03:15:30.0996 3388 Boot (0x1200) (e5b811c72f400903a0f02e7cf8dd13f2) \Device\Harddisk3\DR3\Partition0 03:15:30.0996 3388 \Device\Harddisk3\DR3\Partition0 - ok 03:15:30.0998 3388 Boot (0x1200) (8ee022eab02f4cf3ac9dc4a0fd1ef2ee) \Device\Harddisk4\DR4\Partition0 03:15:30.0999 3388 \Device\Harddisk4\DR4\Partition0 - ok 03:15:31.0000 3388 ============================================================ 03:15:31.0000 3388 Scan finished 03:15:31.0000 3388 ============================================================ 03:15:31.0006 2504 Detected object count: 0 03:15:31.0006 2504 Actual detected object count: 0 aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-07-09 03:17:57 ----------------------------- 03:17:57.720 OS Version: Windows x64 6.1.7600 03:17:57.720 Number of processors: 4 586 0x1E05 03:17:57.721 ComputerName: ME-PC UserName: me 03:17:58.225 Initialize success 03:18:26.328 AVAST engine defs: 12070801 03:18:39.993 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 03:18:39.997 Disk 0 Vendor: ST3300622A 3.AAH Size: 286168MB BusType: 3 03:18:40.002 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-2 03:18:40.005 Disk 1 Vendor: ST3120026A 8.01 Size: 114473MB BusType: 3 03:18:40.010 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP3T0L0-4 03:18:40.014 Disk 2 Vendor: SAMSUNG_HD155UI 1AQ10001 Size: 1430799MB BusType: 3 03:18:40.020 Disk 3 \Device\Harddisk3\DR3 -> \Device\Ide\IdeDeviceP3T1L0-9 03:18:40.025 Disk 3 Vendor: ST31500541AS CC34 Size: 1430799MB BusType: 3 03:18:40.029 Disk 4 (boot) \Device\Harddisk4\DR4 -> \Device\Ide\IdeDeviceP4T0L0-5 03:18:40.032 Disk 4 Vendor: MAXTOR_STM3320620AS 3.AAE Size: 305244MB BusType: 3 03:18:40.049 Disk 4 MBR read successfully 03:18:40.052 Disk 4 MBR scan 03:18:40.056 Disk 4 Windows 7 default MBR code 03:18:40.082 Disk 4 Partition 1 80 (A) 07 HPFS/NTFS NTFS 305234 MB offset 63 03:18:40.102 Disk 4 scanning C:\Windows\system32\drivers 03:18:47.986 Service scanning 03:19:05.159 Modules scanning 03:19:05.170 Disk 4 trace - called modules: 03:19:05.188 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys 03:19:05.199 1 nt!IofCallDriver -> \Device\Harddisk4\DR4[0xfffffa8004d63060] 03:19:05.208 3 CLASSPNP.SYS[fffff8800145143f] -> nt!IofCallDriver -> [0xfffffa8004ac1580] 03:19:05.217 5 ACPI.sys[fffff88000f74781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP4T0L0-5[0xfffffa8004ac3060] 03:19:06.222 AVAST engine scan C:\Windows 03:19:09.345 AVAST engine scan C:\Windows\system32 03:21:27.553 AVAST engine scan C:\Windows\system32\drivers 03:21:35.166 AVAST engine scan C:\Users\me 03:23:35.458 Disk 4 MBR has been saved successfully to "C:\Users\me\Desktop\MBR.dat" 03:23:35.464 The log file has been saved successfully to "C:\Users\me\Desktop\aswMBR.txt"
  5. Great, thanks. Here are my results from combofix: ComboFix 12-07-08.01 - me 07.09.2012 2:20.1.4 - x64 Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.4055.3112 [GMT -4:00] Running from: c:\users\me\Desktop\ComboFix.exe SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\me\AppData\Local\{536f3ba4-5a21-3fb9-2834-3ccacd733c85}\@ c:\users\me\AppData\Local\{536f3ba4-5a21-3fb9-2834-3ccacd733c85}\n c:\users\me\AppData\Local\Microsoft\Windows\Temporary Internet Files\ab_6C21.tmp c:\users\me\AppData\Local\Microsoft\Windows\Temporary Internet Files\ab_83DB.tmp c:\users\me\AppData\Local\Microsoft\Windows\Temporary Internet Files\ab_F766.tmp c:\users\me\AppData\Local\Microsoft\Windows\Temporary Internet Files\install_flash_player_10_active_x.msi c:\users\me\AppData\Local\Microsoft\Windows\Temporary Internet Files\simpleadblock.msi c:\windows\assembly\GAC_32\Desktop.ini c:\windows\assembly\GAC_64\Desktop.ini c:\windows\Installer\{536f3ba4-5a21-3fb9-2834-3ccacd733c85}\@ c:\windows\Installer\{536f3ba4-5a21-3fb9-2834-3ccacd733c85}\L\00000004.@ c:\windows\Installer\{536f3ba4-5a21-3fb9-2834-3ccacd733c85}\L\201d3dde c:\windows\Installer\{536f3ba4-5a21-3fb9-2834-3ccacd733c85}\n c:\windows\Installer\{536f3ba4-5a21-3fb9-2834-3ccacd733c85}\U\00000004.@ c:\windows\Installer\{536f3ba4-5a21-3fb9-2834-3ccacd733c85}\U\00000008.@ c:\windows\Installer\{536f3ba4-5a21-3fb9-2834-3ccacd733c85}\U\000000cb.@ c:\windows\Installer\{536f3ba4-5a21-3fb9-2834-3ccacd733c85}\U\80000000.@ c:\windows\Installer\{536f3ba4-5a21-3fb9-2834-3ccacd733c85}\U\80000032.@ c:\windows\Installer\{536f3ba4-5a21-3fb9-2834-3ccacd733c85}\U\80000064.@ c:\windows\SysWow64\images . Infected copy of c:\windows\system32\services.exe was found and disinfected Restored copy from - c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe . . ((((((((((((((((((((((((( Files Created from 2012-06-09 to 2012-07-09 ))))))))))))))))))))))))))))))) . . 2012-07-09 06:24 . 2012-07-09 06:24 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-08 18:32 . 2012-07-08 18:32 -------- d-sh--w- c:\windows\SysWow64\%APPDATA% 2012-07-07 00:35 . 2010-11-23 07:18 663424 ----a-w- c:\windows\system32\drivers\emBDA64.sys 2012-07-07 00:35 . 2010-11-23 07:18 118784 ----a-w- c:\windows\system32\emPRP64.ax 2012-07-07 00:35 . 2010-11-23 07:16 114176 ----a-w- c:\windows\SysWow64\emPRP.ax 2012-07-07 00:35 . 2010-09-07 03:25 81920 ----a-w- c:\windows\emMON.exe 2012-06-23 01:24 . 2012-06-23 05:13 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service 2012-06-13 05:34 . 2012-05-18 02:06 2311680 ----a-w- c:\windows\system32\jscript9.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2006-05-03 16:06 163328 --sha-r- c:\windows\SysWOW64\flvDX.dll 2007-02-21 17:47 31232 --sha-r- c:\windows\SysWOW64\msfDX.dll 2008-03-16 19:30 216064 --sha-r- c:\windows\SysWOW64\nbDX.dll 2010-01-07 04:00 107520 --sha-r- c:\windows\SysWOW64\TAKDSDecoder.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) "EnableLinkedConnections"= 1 (0x1) . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-20 136176] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 253600] R3 BrSerIb;Brother MFC Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [2009-07-14 281088] R3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [2009-06-10 15360] R3 cpuz130;cpuz130;c:\users\me\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x] R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x] R3 FLASHSYS;FLASHSYS;c:\program files (x86)\MSI\Live Update 4\LU4\FLASHSYS64.sys [2008-02-15 15192] R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2011-12-09 135584] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-20 136176] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x] R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2010-11-07 24176] R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680] R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.2);c:\windows\system32\DRIVERS\RtTeam60.sys [x] R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\CPUID\RealTemp\WinRing0x64.sys [2008-07-27 14544] S2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x64.sys [2010-07-09 21480] S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-11-02 13784] S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-07-01 2533400] S3 3xHybr64;3xHybrid service;c:\windows\system32\DRIVERS\3xHybr64.sys [2009-08-26 1333376] S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-09-17 270912] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344] . . Contents of the 'Scheduled Tasks' folder . 2012-07-09 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 05:48] . 2012-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-20 03:00] . 2012-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-20 03:00] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-25 9650720] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com/ mLocal Page = c:\windows\SysWOW64\blank.htm TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\me\AppData\Roaming\Mozilla\Firefox\Profiles\djbxap69.Default User\ FF - prefs.js: browser.startup.homepage - about:blank . - - - - ORPHANS REMOVED - - - - . WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file) AddRemove-UnityWebPlayer - c:\users\me\AppData\Local\Unity\WebPlayer\Uninstall.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-3475584479-4188768083-1450281213-1000\Software\SecuROM\License information*] "datasecu"=hex:b0,01,18,44,12,84,6b,85,81,b8,7d,79,01,38,df,c3,bc,cb,a0,4f,60, 12,ec,90,44,5d,55,91,fc,30,43,9c,a2,65,47,a9,2e,35,46,a1,aa,49,1e,62,ed,0b,\ "rkeysecu"=hex:83,b3,28,2d,a0,ae,7d,98,65,95,6d,19,2a,ab,3d,b5 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe . ************************************************************************** . Completion time: 2012-07-09 02:29:52 - machine was rebooted ComboFix-quarantined-files.txt 2012-07-09 06:29 . Pre-Run: 207,244,165,120 bytes free Post-Run: 207,293,005,824 bytes free . - - End Of File - - 5E240E064F3D99BE86850278EB154BBF
  6. Okay, I restarted and ran combofix again. This time it worked, and is currently running (I'm on a second computer now). I'll post back when it's done.
  7. I ran combofix but it didn't produce anything. The window came up and it started to run, but then the window just closed and I waited a couple of minutes and nothing happened. Results of screen317's Security Check version 0.99.42 Windows 7 x64 (UAC is disabled!) Out of date service pack!! Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Security Center service is not running! This report may not be accurate! WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.61.0.1400 Java 6 Update 31 Java version out of Date! Adobe Flash Player 11.2.202.228 Flash Player out of Date! Mozilla Firefox 11.0 Firefox out of Date! ````````Process Check: objlist.exe by Laurent```````` `````````````````System Health check````````````````` Total Fragmentation on Drive C: 5% ````````````````````End of Log``````````````````````
  8. Hello, today my PC started showing fake "security alerts," I ran Malwarebytes and it found 4 files, 3 were called "mcinia.exe (Trojan.Lameshield)" and had a registry entry in HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce but those appear to have been successfully deleted. However "Trojan.Dropper.BCMiner" reappears on every restart in "C:\Windows\Installer\{536f3ba4-5a21-3fb9-2834-3ccacd733c85}\U\00000008.@ (Trojan.Dropper.BCMiner)" Below are the DDS logs, thanks for your help. . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31 Run by me at 21:41:30 on 2012-07-08 Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.4055.2815 [GMT -4:00] . SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork C:\Windows\ehome\ehRecvr.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\WUDFHost.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe "C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns "C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ mWinlogon: Userinit=userinit.exe, BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: Mouse Gestures: {a6a49249-57ae-4295-8d4d-18a9502c7d8e} - C:\Program Files (x86)\Internet Explorer\Plugins\Drowse\MouseGestures.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: SimpleAdblock Class: {ffcb3198-32f3-4e8b-9539-4324694ed664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblock.dll {e7df6bff-55a5-4eb7-a673-4ed3e9456d39} mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) mPolicies-system: EnableLinkedConnections = 1 (0x1) IE: {4E660F19-E91E-41E1-88EF-D1DFAB118F67} - {42981F9D-0C9E-4131-BFC7-8FFE874C6AAC} - C:\Program Files (x86)\Internet Explorer\Plugins\Drowse\MouseGestures.dll LSP: mswsock.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{5EC94790-23AB-4F3A-9B09-A556258EA157} : DhcpNameServer = 192.168.1.1 BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO-X64: Mouse Gestures: {A6A49249-57AE-4295-8D4D-18A9502C7D8E} - C:\Program Files (x86)\Internet Explorer\Plugins\Drowse\MouseGestures.dll BHO-X64: Mouse Gestures - No File BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO-X64: SimpleAdblock Class: {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\Common Files\Simple Adblock\SimpleAdblock.dll . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\me\AppData\Roaming\Mozilla\Firefox\Profiles\djbxap69.Default User\ FF - prefs.js: browser.startup.homepage - about:blank FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll FF - plugin: C:\Users\me\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_228.dll . ============= SERVICES / DRIVERS =============== . R2 cpuz134;cpuz134;\??\C:\Windows\system32\drivers\cpuz134_x64.sys --> C:\Windows\system32\drivers\cpuz134_x64.sys [?] R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?] R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-9-16 2533400] R3 3xHybr64;3xHybrid service;C:\Windows\system32\DRIVERS\3xHybr64.sys --> C:\Windows\system32\DRIVERS\3xHybr64.sys [?] R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?] R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-19 136176] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-4 253600] S3 BrSerIb;Brother MFC Serial Interface Driver(WDM);C:\Windows\system32\DRIVERS\BrSerIb.sys --> C:\Windows\system32\DRIVERS\BrSerIb.sys [?] S3 BrUsbSIb;Brother MFC Serial USB Driver(WDM);C:\Windows\system32\DRIVERS\BrUsbSIb.sys --> C:\Windows\system32\DRIVERS\BrUsbSIb.sys [?] S3 FLASHSYS;FLASHSYS;C:\Program Files (x86)\MSI\Live Update 4\LU4\Flashsys64.sys [2010-9-20 15192] S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2010-12-19 135584] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-19 136176] S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992] S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files\CPUID\RealTemp\WinRing0x64.sys [2010-9-18 14544] . =============== Created Last 30 ================ . 2012-07-08 18:32:33 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA% 2012-07-07 00:35:36 81920 ----a-w- C:\Windows\emMON.exe 2012-07-07 00:35:36 663424 ----a-w- C:\Windows\System32\drivers\emBDA64.sys 2012-07-07 00:35:36 118784 ----a-w- C:\Windows\System32\emPRP64.ax 2012-07-07 00:35:36 114176 ----a-w- C:\Windows\SysWow64\emPRP.ax 2012-06-23 01:24:15 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service 2012-06-13 05:34:59 887296 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll . ==================== Find3M ==================== . 2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll 2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-05-15 01:32:20 3144192 ----a-w- C:\Windows\System32\win32k.sys 2012-05-04 10:52:22 5505392 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-05-04 10:08:16 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-05-04 10:08:15 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-04-28 03:50:40 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2012-04-26 05:34:38 76288 ----a-w- C:\Windows\System32\rdpwsx.dll 2012-04-26 05:34:37 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll 2012-04-26 05:28:32 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe 2006-05-03 16:06:54 163328 --sha-r- C:\Windows\SysWOW64\flvDX.dll 2007-02-21 17:47:16 31232 --sha-r- C:\Windows\SysWOW64\msfDX.dll 2008-03-16 19:30:52 216064 --sha-r- C:\Windows\SysWOW64\nbDX.dll 2010-01-07 04:00:00 107520 --sha-r- C:\Windows\SysWOW64\TAKDSDecoder.dll . ============= FINISH: 21:41:40.83 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume5 Install Date: 09.16.2010 11:20:58 PM System Uptime: 07.08.2012 9:14:09 PM (0 hours ago) . Motherboard: MSI | | H55-G43(MS-7638) Processor: Intel® Core™ i5 CPU 760 @ 2.80GHz | CPU 1 | 2801/133mhz . ==== Disk Partitions ========================= . A: is Removable B: is CDROM () C: is FIXED (NTFS) - 298 GiB total, 193.011 GiB free. D: is FIXED (NTFS) - 112 GiB total, 54.94 GiB free. . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e967-e325-11ce-bfc1-08002be10318} Description: Disk drive Device ID: USBSTOR\DISK&VEN_GENERIC-&PROD_COMPACT_FLASH&REV_1.00\20060413092100000&0 Manufacturer: (Standard disk drives) Name: Generic- Compact Flash USB Device PNP Device ID: USBSTOR\DISK&VEN_GENERIC-&PROD_COMPACT_FLASH&REV_1.00\20060413092100000&0 Service: disk . Class GUID: {4d36e967-e325-11ce-bfc1-08002be10318} Description: Disk drive Device ID: USBSTOR\DISK&VEN_GENERIC-&PROD_MS/MS-PRO&REV_1.00\20060413092100000&3 Manufacturer: (Standard disk drives) Name: Generic- MS/MS-Pro USB Device PNP Device ID: USBSTOR\DISK&VEN_GENERIC-&PROD_MS/MS-PRO&REV_1.00\20060413092100000&3 Service: disk . Class GUID: {4d36e967-e325-11ce-bfc1-08002be10318} Description: Disk drive Device ID: USBSTOR\DISK&VEN_GENERIC-&PROD_SM/XD-PICTURE&REV_1.00\20060413092100000&1 Manufacturer: (Standard disk drives) Name: Generic- SM/xD-Picture USB Device PNP Device ID: USBSTOR\DISK&VEN_GENERIC-&PROD_SM/XD-PICTURE&REV_1.00\20060413092100000&1 Service: disk . ==== System Restore Points =================== . RP240: 07.03.2012 10:44:18 AM - Scheduled Checkpoint . ==== Installed Programs ====================== . Sansa Media Converter 3DMark 11 3DMark06 Adobe AIR ASUS Wireless Router WL-520GU Utilities AviSynth 2.5 BioShock 2 Brother MFL-Pro Suite MFC-3360C ControlCenter DAEMON Tools Lite Data Lifeguard Diagnostic for Windows 1.24 Foxit Reader Fraps (remove only) Futuremark SystemInfo Google Earth Plug-in Google Update Helper H.264 Encoder HD Tune Pro 4.61 Intel® Management Engine Components Internet TV for Windows Media Center IrfanView (remove only) Java Auto Updater Java™ 6 Update 31 Junk Mail filter update Karen's Directory Printer Liveupdate4 Malwarebytes Anti-Malware version 1.61.0.1400 Microsoft Choice Guard Microsoft Games for Windows - LIVE Microsoft Games for Windows - LIVE Redistributable Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Mouse Gestures for Internet Explorer (x64) Mouse Gestures for Internet Explorer (x86) Mozilla Firefox 11.0 (x86 en-US) MSI TV@nywhere Pro BDA Driver MSVCRT Octoshape add-in for Adobe Flash Player On2 VP7 Personal Edition OpenAL OpenOffice.org 3.2 Paint Shop Pro 7 ESD Pazera Free MP4 to AVI Converter 1.6 Portal PowerISO RarMonkey Realtek High Definition Audio Driver Red Faction Armageddon Red Faction: Guerrilla Rename-It! Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Simple Adblock SpeedFan (remove only) Steam SUPER © v2012.build.51 (April 7, 2012) version v2012.build.51 TmNationsForever TrackMania 2 TrueCrypt Unity Web Player Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) video4fuze 0.6 VLC media player 2.0.0 Winamp Windows Live Communications Platform Windows Live Essentials Windows Live Mail Windows Media Center Add-in for Flash Windows Media Center Add-in for Silverlight Windows Media Player Firefox Plugin Windows Movie Maker 2.6 . ==== Event Viewer Messages From Past Week ======== . 07.08.2012 9:14:37 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service. 07.08.2012 9:14:35 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed. 07.08.2012 9:14:34 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed. 07.08.2012 8:35:37 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 07.08.2012 8:19:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE- 924B-0704BD730D5F} 07.08.2012 8:19:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040 -7C35AD3180EF} 07.08.2012 8:19:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5 -505054503030} 07.08.2012 8:19:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7 -5C22C517CE39} 07.08.2012 8:19:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9- A5B4-001185AD2B89} 07.08.2012 8:19:56 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0- 00805FC1270E} 07.08.2012 8:19:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1- B726-00C04FB926AF} 07.08.2012 8:19:41 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821- 461A-A407-50B198B896DC} 07.08.2012 8:19:31 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss SCDEmu spldr tdx truecrypt Wanarpv6 WfpLwf 07.08.2012 8:19:30 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 07.08.2012 8:19:30 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 07.08.2012 8:19:30 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 07.08.2012 8:19:30 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 07.08.2012 8:19:30 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 07.08.2012 8:19:30 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning. 07.08.2012 8:19:30 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 07.08.2012 8:19:30 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 07.08.2012 8:19:30 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 07.08.2012 8:19:30 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. . ==== End Of File ===========================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.