Jump to content

Getsugakure

Members
 View Profile  See their activity

  • Posts

    14

  • Joined

  • Last visited

Reputation

0 Neutral
  1. Getsugakure
    Things are running much more smoothly now, thank you !
  2. Getsugakure
    I did not have to reboot! Things are running smoother now--though, I did have a question. There are tons of Windows Live programs installed, a lot with foreign characters. Should I be concerned about those? ?? ??? ?? Windows Live Mesh ActiveX ??? ??? ActiveX ?? Windows Live Mesh ???? ??????? ??????? ???? ??? Windows Live ???? ???? ActiveX ????? ?? Windows Live Mesh ????????? ??????? ???? Windows Live ????? Windows Live ?????? ??????? ?? Windows Live ??????? ?????????? Windows Live Mesh ActiveX ??? ????????? ??????????? ??????? Windows Live Mesh ActiveX ??(????) ??????? Windows Live Mesh ActiveX ??? ???????? ?????????? Windows Live ????????? ActiveX ?? Windows Live Mesh ????????????????????????? (???) ?????????? Windows Live ??????????? ?? Windows Live a ActiveX-kontroll för fjärranslutningar för Windows Live Mesh ActiveX ???????? ?? Windows Live Mesh ?? ?????????? ??????„Windows Live Essentials“ „Windows Live Mail“ „Windows Live Mesh ActiveX“ nuotoliniu ryšiu valdiklis „Windows Live Messenger“ „Windows Live“ fotogalerijaContrôle ActiveX Windows Live Mesh pour connexions à distance Control ActiveX de Windows Live Mesh para conexiones remotas Control ActiveX Windows Live Mesh pentru conexiuni la distan?a Controle ActiveX do Windows Live Mesh para Conexões Remotas Controlo ActiveX do Windows Live Mesh para Ligações RemotasFormant ActiveX programu Windows Live Mesh odpowiedzialny za obsluge polaczen zdalnychFotogalerija Windows LiveGaleria de Fotografias do Windows Live Galeria fotografii uslugi Windows Live Galerie de photos Windows Live Galerie foto Windows Live Galería fotográfica de Windows Live And many more
  3. Getsugakure
    C:\AI_RecycleBin\{DDA7B641-02A5-4604-8059-2EA50F592CC8}\3\Strongvault\StrongVaultApp.exe MSIL/Adware.StrongVault.A application cleaned by deleting - quarantined C:\Program Files\Registry Easy\Recoveryer.dll Win32/Adware.RegistryEasy application cleaned by deleting - quarantined C:\Program Files\Registry Easy\RegEasyCleaner.exe a variant of Win32/Adware.RegistryEasy application cleaned by deleting - quarantined C:\Users\Mike\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZI16WWAA\installer-silent[1].exe a variant of Win32/Adware.CouponAmazing.A application cleaned by deleting - quarantined C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\epgxt7mu.default-1368770609661\extensions\mhavmhhdnz@mhavmhhdnz.org.xpi Win32/TrojanDownloader.Tracur.AD trojan deleted - quarantined
  4. Getsugakure
    Should I have deleted the things that came up in the RougeKiller program? I didn't because it wasn't specifically stated! Here are the logs: Malwarebytes Anti-Rootkit BETA 1.07.0.1005 www.malwarebytes.org Database version: v2013.08.30.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16660 Mike :: MIKE-PC [administrator] 8/30/2013 5:45:40 PM mbar-log-2013-08-30 (17-45-40).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken Scan options disabled: Objects scanned: 273761 Time elapsed: 15 minute(s), 24 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end) --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.07.0.1005 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 10.0.9200.16660 File system is: NTFS Disk drives: C:\ DRIVE_FIXED CPU speed: 2.294000 GHz Memory total: 8360857600, free: 6051758080 --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.07.0.1005 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 10.0.9200.16660 File system is: NTFS Disk drives: C:\ DRIVE_FIXED CPU speed: 2.294000 GHz Memory total: 8360857600, free: 6064099328 Downloaded database version: v2013.08.30.07 Downloaded database version: v2013.08.06.01 ======================================= Initializing... ------------ Kernel report ------------ 08/30/2013 17:24:07 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\system32\DRIVERS\iusb3hcs.sys \SystemRoot\system32\DRIVERS\excsd.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\DRIVERS\compbatt.sys \SystemRoot\system32\DRIVERS\BATTC.SYS \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\DRIVERS\iaStor.sys \SystemRoot\system32\drivers\atapi.sys \SystemRoot\system32\drivers\ataport.SYS \SystemRoot\system32\drivers\msahci.sys \SystemRoot\system32\drivers\PCIIDEX.SYS \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\system32\DRIVERS\MpFilter.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\system32\DRIVERS\nvpciflt.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\drivers\disk.sys \SystemRoot\system32\drivers\CLASSPNP.SYS \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\system32\DRIVERS\excfs.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\drivers\afd.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\vwififlt.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\DRIVERS\tmtdi.sys \SystemRoot\system32\DRIVERS\termdd.sys \??\C:\windows\system32\Drivers\SABI.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\DRIVERS\mssmbios.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\nvlddmkm.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\DRIVERS\igdkmd64.sys \SystemRoot\system32\DRIVERS\iusb3xhc.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\HECIx64.sys \SystemRoot\system32\drivers\usbehci.sys \SystemRoot\system32\drivers\USBPORT.SYS \SystemRoot\system32\DRIVERS\HDAudBus.sys \SystemRoot\system32\DRIVERS\NETwNs64.sys \SystemRoot\system32\DRIVERS\vwifibus.sys \SystemRoot\system32\DRIVERS\Rt64win7.sys \SystemRoot\system32\DRIVERS\CmBatt.sys \SystemRoot\system32\DRIVERS\i8042prt.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\ETD.sys \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\DRIVERS\AMPPAL.sys \SystemRoot\system32\DRIVERS\CompositeBus.sys \SystemRoot\system32\DRIVERS\clwvd.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\DRIVERS\swenum.sys \SystemRoot\system32\DRIVERS\iwdbus.sys \SystemRoot\system32\DRIVERS\umbus.sys \SystemRoot\system32\DRIVERS\WDKMD.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\DRIVERS\iusb3hub.sys \SystemRoot\system32\drivers\RTKVHD64.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\DRIVERS\IntcDAud.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_iaStor.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\System32\cdd.dll \SystemRoot\System32\ATMFD.DLL \SystemRoot\system32\drivers\luafv.sys \SystemRoot\System32\Drivers\usbvideo.sys \SystemRoot\system32\DRIVERS\iBtFltCoex.sys \SystemRoot\system32\DRIVERS\btmhsf.sys \SystemRoot\System32\Drivers\BTHUSB.sys \SystemRoot\System32\Drivers\bthport.sys \SystemRoot\system32\DRIVERS\rfcomm.sys \SystemRoot\system32\drivers\BthEnum.sys \SystemRoot\system32\DRIVERS\bthpan.sys \SystemRoot\system32\DRIVERS\btmaux.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\system32\DRIVERS\vwifimp.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\system32\DRIVERS\acpials.sys \SystemRoot\system32\DRIVERS\WUDFRd.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\system32\DRIVERS\NisDrvWFP.sys \SystemRoot\system32\DRIVERS\asyncmac.sys \??\C:\windows\system32\drivers\mbamchameleon.sys \??\C:\windows\system32\drivers\MBAMSwissArmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll \Windows\System32\autochk.exe \Windows\System32\Wldap32.dll \Windows\System32\sechost.dll \Windows\System32\urlmon.dll \Windows\System32\advapi32.dll \Windows\System32\rpcrt4.dll \Windows\System32\iertutil.dll \Windows\System32\usp10.dll \Windows\System32\imm32.dll \Windows\System32\imagehlp.dll \Windows\System32\msctf.dll \Windows\System32\psapi.dll \Windows\System32\ole32.dll \Windows\System32\oleaut32.dll \Windows\System32\wininet.dll \Windows\System32\shlwapi.dll \Windows\System32\kernel32.dll \Windows\System32\ws2_32.dll \Windows\System32\comdlg32.dll \Windows\System32\user32.dll \Windows\System32\difxapi.dll \Windows\System32\lpk.dll \Windows\System32\clbcatq.dll \Windows\System32\shell32.dll \Windows\System32\msvcrt.dll \Windows\System32\gdi32.dll \Windows\System32\setupapi.dll \Windows\System32\normaliz.dll \Windows\System32\nsi.dll \Windows\System32\crypt32.dll \Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll \Windows\System32\wintrust.dll \Windows\System32\devobj.dll \Windows\System32\KernelBase.dll \Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll \Windows\System32\cfgmgr32.dll \Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll \Windows\System32\comctl32.dll \Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll \Windows\System32\msasn1.dll ----------- End ----------- Done! <<<1>>> Upper Device Name: \Device\Harddisk1\DR1 Upper Device Object: 0xfffffa800ab3a060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IAAStorageDevice-2\ Lower Device Object: 0xfffffa8009861050 Lower Device Driver Name: \Driver\iaStor\ <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa800aa67790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IAAStorageDevice-1\ Lower Device Object: 0xfffffa8009863050 Lower Device Driver Name: \Driver\iaStor\ <<<2>>> Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa800aa67790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa800a97db90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa800aa670b0, DeviceName: Unknown, DriverName: \Driver\excsd\ DevicePointer: 0xfffffa800aa67790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8009863050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\ ------------ End ---------- Alternate DeviceName: Unknown, DriverName: \Driver\excsd\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers... <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 816B67ED Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 204800 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 206848 Numsec = 1907402752 Partition 2 type is Other (0x27) Partition is NOT ACTIVE. Partition starts at LBA: 1907609600 Numsec = 45914112 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 1000204886016 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1953505168-1953525168)... Done! Physical Sector Size: 512 Drive: 1, DevicePointer: 0xfffffa800ab3a060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa800a97eb90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa800ab3a980, DeviceName: Unknown, DriverName: \Driver\excsd\ DevicePointer: 0xfffffa800ab3a060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8009861050, DeviceName: \Device\Ide\IAAStorageDevice-2\, DriverName: \Driver\iaStor\ ------------ End ---------- Alternate DeviceName: Unknown, DriverName: \Driver\excsd\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 Drive 1 Scanning MBR on drive 1... Inspecting partition table: MBR Signature: 55AA Disk Signature: 74F02DEA Partition information: Partition 0 type is Other (0x73) Partition is NOT ACTIVE. Partition starts at LBA: 2048 Numsec = 15644672 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 8012390400 bytes Sector size: 512 bytes Done! Infected: C:\Users\Mike\AppData\Local\Microsoft\{249FD8D6-D903-4788-92E0-6A578C603E21}\afmm.dll --> [Malware.Packer.T] Infected: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{249FD8D6-D903-4788-92E0-6A578C603E21} --> [Malware.Packer.T] Infected: C:\Users\Mike\AppData\Local\Microsoft\{249FD8D6-D903-4788-92E0-6A578C603E21}\afmm.dll --> [Malware.Packer.T] Infected: HKCU\SOFTWARE\CLASSES\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} --> [Hijack.Trojan.Siredef.C] Scan finished Creating System Restore point... Cleaning up... Executing an action fixdamage.exe... Success! Queuing an action fixdamage.exe Removal scheduling successful. System shutdown needed. System shutdown occurred ======================================= --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.07.0.1005 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 10.0.9200.16660 File system is: NTFS Disk drives: C:\ DRIVE_FIXED CPU speed: 2.294000 GHz Memory total: 8360857600, free: 6421667840 ======================================= --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.07.0.1005 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 Account is Administrative Internet Explorer version: 10.0.9200.16660 File system is: NTFS Disk drives: C:\ DRIVE_FIXED CPU speed: 2.294000 GHz Memory total: 8360857600, free: 5988270080 ======================================= Initializing... ------------ Kernel report ------------ 08/30/2013 17:45:35 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_GenuineIntel.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\CLASSPNP.SYS \SystemRoot\System32\drivers\imofugc.sys \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\system32\DRIVERS\iusb3hcs.sys \SystemRoot\system32\DRIVERS\excsd.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\DRIVERS\compbatt.sys \SystemRoot\system32\DRIVERS\BATTC.SYS \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\DRIVERS\iaStor.sys \SystemRoot\system32\drivers\atapi.sys \SystemRoot\system32\drivers\ataport.SYS \SystemRoot\system32\drivers\msahci.sys \SystemRoot\system32\drivers\PCIIDEX.SYS \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\system32\DRIVERS\MpFilter.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\system32\DRIVERS\nvpciflt.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\drivers\disk.sys \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\system32\DRIVERS\excfs.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\drivers\afd.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\vwififlt.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\DRIVERS\tmtdi.sys \SystemRoot\system32\DRIVERS\termdd.sys \??\C:\windows\system32\Drivers\SABI.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\DRIVERS\mssmbios.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\nvlddmkm.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\DRIVERS\igdkmd64.sys \SystemRoot\system32\DRIVERS\HECIx64.sys \SystemRoot\system32\DRIVERS\HDAudBus.sys \SystemRoot\system32\DRIVERS\CmBatt.sys \SystemRoot\system32\DRIVERS\i8042prt.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\ETD.sys \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys \SystemRoot\system32\DRIVERS\intelppm.sys \SystemRoot\system32\DRIVERS\AMPPAL.sys \SystemRoot\system32\DRIVERS\CompositeBus.sys \SystemRoot\system32\DRIVERS\clwvd.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\DRIVERS\swenum.sys \SystemRoot\system32\DRIVERS\iwdbus.sys \SystemRoot\system32\DRIVERS\umbus.sys \SystemRoot\system32\DRIVERS\WDKMD.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\RTKVHD64.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\DRIVERS\IntcDAud.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_iaStor.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\System32\ATMFD.DLL \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\system32\DRIVERS\NisDrvWFP.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\DRIVERS\NETwNs64.sys \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\system32\DRIVERS\vwifibus.sys \SystemRoot\system32\DRIVERS\acpials.sys \SystemRoot\system32\DRIVERS\WUDFRd.sys \SystemRoot\system32\DRIVERS\Rt64win7.sys \SystemRoot\system32\drivers\usbehci.sys \SystemRoot\system32\drivers\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\system32\DRIVERS\vwifimp.sys \SystemRoot\system32\DRIVERS\iusb3xhc.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\iusb3hub.sys \SystemRoot\system32\DRIVERS\iBtFltCoex.sys \SystemRoot\system32\DRIVERS\btmhsf.sys \SystemRoot\System32\Drivers\BTHUSB.sys \SystemRoot\System32\Drivers\bthport.sys \SystemRoot\system32\DRIVERS\rfcomm.sys \SystemRoot\system32\drivers\BthEnum.sys \SystemRoot\system32\DRIVERS\bthpan.sys \SystemRoot\system32\DRIVERS\btmaux.sys \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\System32\Drivers\usbvideo.sys \??\C:\windows\system32\drivers\mbamchameleon.sys \SystemRoot\system32\drivers\spsys.sys \??\C:\windows\system32\drivers\MBAMSwissArmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll \Windows\System32\autochk.exe \Windows\System32\msvcrt.dll \Windows\System32\sechost.dll \Windows\System32\iertutil.dll \Windows\System32\advapi32.dll \Windows\System32\oleaut32.dll \Windows\System32\kernel32.dll \Windows\System32\shell32.dll \Windows\System32\usp10.dll \Windows\System32\imm32.dll \Windows\System32\psapi.dll \Windows\System32\nsi.dll \Windows\System32\comdlg32.dll \Windows\System32\rpcrt4.dll \Windows\System32\ws2_32.dll \Windows\System32\shlwapi.dll \Windows\System32\Wldap32.dll \Windows\System32\difxapi.dll \Windows\System32\wininet.dll \Windows\System32\imagehlp.dll \Windows\System32\ole32.dll \Windows\System32\msctf.dll \Windows\System32\clbcatq.dll \Windows\System32\urlmon.dll \Windows\System32\normaliz.dll \Windows\System32\lpk.dll \Windows\System32\setupapi.dll \Windows\System32\user32.dll \Windows\System32\gdi32.dll \Windows\System32\comctl32.dll \Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll \Windows\System32\wintrust.dll \Windows\System32\devobj.dll \Windows\System32\cfgmgr32.dll \Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll \Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll \Windows\System32\crypt32.dll \Windows\System32\KernelBase.dll \Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll \Windows\System32\msasn1.dll ----------- End ----------- Done! <<<1>>> Upper Device Name: \Device\Harddisk1\DR1 Upper Device Object: 0xfffffa800ab34060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IAAStorageDevice-2\ Lower Device Object: 0xfffffa800985a050 Lower Device Driver Name: \Driver\iaStor\ <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa800aa61790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IAAStorageDevice-1\ Lower Device Object: 0xfffffa800985c050 Lower Device Driver Name: \Driver\iaStor\ <<<2>>> Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa800aa61790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa800a979b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa800aa610b0, DeviceName: Unknown, DriverName: \Driver\excsd\ DevicePointer: 0xfffffa800aa61790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa800985c050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\ ------------ End ---------- Alternate DeviceName: Unknown, DriverName: \Driver\excsd\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers... <<<2>>> <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 816B67ED Partition information: Partition 0 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 2048 Numsec = 204800 Partition file system is NTFS Partition is bootable Partition 1 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 206848 Numsec = 1907402752 Partition 2 type is Other (0x27) Partition is NOT ACTIVE. Partition starts at LBA: 1907609600 Numsec = 45914112 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 1000204886016 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1953505168-1953525168)... Done! Physical Sector Size: 512 Drive: 1, DevicePointer: 0xfffffa800ab34060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa800a97ab90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa800ab34980, DeviceName: Unknown, DriverName: \Driver\excsd\ DevicePointer: 0xfffffa800ab34060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa800985a050, DeviceName: \Device\Ide\IAAStorageDevice-2\, DriverName: \Driver\iaStor\ ------------ End ---------- Alternate DeviceName: Unknown, DriverName: \Driver\excsd\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 Drive 1 Scanning MBR on drive 1... Inspecting partition table: MBR Signature: 55AA Disk Signature: 74F02DEA Partition information: Partition 0 type is Other (0x73) Partition is NOT ACTIVE. Partition starts at LBA: 2048 Numsec = 15644672 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 8012390400 bytes Sector size: 512 bytes Done! Scan finished ======================================= Removal queue found; removal started Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\Bootstrap_0_0_2048_i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_0_r.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_1_i.mbam... Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR_1_r.mbam... Removal finished RogueKiller V8.6.7 [Aug 28 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.adlice.com/forum/ Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Mike [Admin rights] Mode : Scan -- Date : 08/30/2013 20:51:05 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 3 ¤¤¤ [RUN][sUSP PATH] HKCU\[...]\Run : Google Update ("C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe" /c [7]) -> FOUND [RUN][sUSP PATH] HKUS\S-1-5-21-3575110223-3707097088-2884409191-1001\[...]\Run : Google Update ("C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe" /c [7]) -> FOUND [HJ POL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND ¤¤¤ Scheduled tasks : 4 ¤¤¤ [V1][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-3575110223-3707097088-2884409191-1001UA.job : C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> FOUND [V1][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-3575110223-3707097088-2884409191-1001Core.job : C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> FOUND [V2][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-3575110223-3707097088-2884409191-1001Core : C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> FOUND [V2][sUSP PATH] GoogleUpdateTaskUserS-1-5-21-3575110223-3707097088-2884409191-1001UA : C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> FOUND ¤¤¤ Startup Entries : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED 0x0] ¤¤¤ ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST1000LM024 HN-M101MBB +++++ --- User --- [MBR] dd7a4a81deca4c28f20e50a6762c3220 [bSP] 6a4d86d5acfff778e2c8e3feac687f4b : KIWI Image system MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 931349 Mo 2 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 1907609600 | Size: 22419 Mo User = LL1 ... OK! User = LL2 ... OK! +++++ PhysicalDrive1: ST1000LM024 HN-M101MBB +++++ --- User --- [MBR] a9232299b552b7ec6e5a3854e401f884 [bSP] 0a9420da5d388cf72c9f5653515471d4 : Empty MBR Code Partition table: 0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 2048 | Size: 7639 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_S_08302013_205105.txt >>
  5. Getsugakure
    Thank you for everything you guys do, it really is a great help and I do appreciate it very much! DDS File: DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16660 BrowserJavaVersion: 10.21.2 Run by Mike at 20:59:51 on 2013-08-29 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7974.5645 [GMT -4:00] . AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2} . ============== Running Processes =============== . C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\nvvsvc.exe C:\windows\system32\svchost.exe -k RPCSS c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k GPSvcGroup C:\windows\system32\svchost.exe -k NetworkService C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\windows\system32\nvvsvc.exe C:\windows\system32\WLANExt.exe C:\windows\System32\spoolsv.exe C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\windows\system32\taskhost.exe C:\windows\system32\Dwm.exe C:\windows\Explorer.EXE C:\windows\system32\taskeng.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\Samsung\Easy Software Manager\SWMAgent.exe C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\windows\system32\svchost.exe -k bthsvcs C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe C:\Program Files\Intel\iCLS Client\HeciServer.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\windows\system32\svchost.exe -k imgsvc C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe C:\windows\system32\taskeng.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe C:\windows\system32\wbem\unsecapp.exe C:\windows\system32\wbem\wmiprvse.exe C:\windows\system32\wbem\wmiprvse.exe C:\windows\system32\igfxext.exe C:\windows\system32\igfxsrvc.exe C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\windows\System32\WUDFHost.exe C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe C:\Program Files (x86)\CyberLink\Media+Player10\Media+Player10Serv.exe C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe C:\windows\SysWOW64\rundll32.exe C:\Program Files\Elantech\ETDCtrl.exe C:\windows\system32\hkcmd.exe C:\windows\system32\igfxtray.exe C:\windows\system32\igfxpers.exe C:\windows\system32\rundll32.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe c:\Program Files\Microsoft Security Client\NisSrv.exe C:\Program Files\Samsung\Easy Support Center\SamoyedAgent.exe C:\Program Files\Elantech\ETDCtrlHelper.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Windows\System32\rundll32.exe C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe C:\windows\system32\SearchIndexer.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe C:\windows\SysWOW64\rundll32.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe c:\Program Files\Microsoft Security Client\MpCmdRun.exe C:\windows\system32\taskeng.exe C:\windows\system32\SearchProtocolHost.exe C:\windows\system32\SearchFilterHost.exe C:\windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background uRun: [Facebook Update] "C:\Users\Mike\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver uRun: [Google Update] "C:\Users\Mike\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun uRun: [{249FD8D6-D903-4788-92E0-6A578C603E21}] rundll32 "C:\Users\Mike\AppData\Local\Microsoft\{249FD8D6-D903-4788-92E0-6A578C603E21}\afmm.dll",DllRegisterServer mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRunOnce: [MessengerPlusLiveUninstall] "C:\Users\Mike\AppData\Local\Temp\MsgPlusUninstall.exe" /Cleanup mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent StartupFolder: C:\Users\Mike\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll TCP: NameServer = 199.94.92.10 199.94.95.2 TCP: Interfaces\{DA358377-5BF2-4D49-99C1-FD75878BA89F} : DHCPNameServer = 199.94.92.10 199.94.95.2 TCP: Interfaces\{DA358377-5BF2-4D49-99C1-FD75878BA89F}\16474777966696 : DHCPNameServer = 192.168.5.1 TCP: Interfaces\{DA358377-5BF2-4D49-99C1-FD75878BA89F}\65562796A7F6E602D494649443531303C4029303933302355636572756 : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{DA358377-5BF2-4D49-99C1-FD75878BA89F}\75745756374725F6F6D637 : DHCPNameServer = 4.2.2.1 TCP: Interfaces\{DA358377-5BF2-4D49-99C1-FD75878BA89F}\86F6D656D6 : DHCPNameServer = 10.1.10.1 192.168.0.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll SSODL: WebCheck - <orphaned> mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - x64-Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - x64-Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\epgxt7mu.default-1368770609661\ FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\Mike\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll FF - plugin: C:\Users\Mike\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll FF - plugin: C:\Users\Mike\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll FF - plugin: C:\Users\Mike\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll FF - plugin: C:\Users\Mike\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll FF - plugin: C:\Users\Mike\AppData\Roaming\Mozilla\plugins\npo1d.dll FF - plugin: C:\windows\SysWOW64\Adobe\Director\np32dsw_1203133.dll FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll . ============= SERVICES / DRIVERS =============== . R0 excsd;ExpressCache Storage Filter Driver;C:\windows\System32\drivers\excsd.sys [2012-5-10 80688] R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\windows\System32\drivers\iusb3hcs.sys [2012-4-18 19224] R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2013-6-18 247216] R0 nvpciflt;nvpciflt;C:\windows\System32\drivers\nvpciflt.sys [2012-10-8 30056] R1 excfs;ExpressCache File System Filter Driver;C:\windows\System32\drivers\excfs.sys [2012-5-10 23344] R1 SABI;SAMSUNG Kernel Driver For Windows 7;C:\windows\System32\drivers\SABI.sys [2012-5-10 13824] R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-12-4 659968] R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2012-3-26 1014096] R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2012-3-26 1104208] R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-12-4 135952] R2 ExpressCache;ExpressCache;C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [2011-9-23 79664] R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-2-2 628448] R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2012-5-10 128280] R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2012-5-10 161560] R2 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2013-1-20 139616] R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568] R2 SamsungDeviceConfigurationWinService;SamsungDeviceConfiguration;C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe [2012-5-10 31624] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-5-10 363800] R2 ZeroConfigService;Intel® PROSet/Wireless Zero Configuration Service;C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2011-12-7 594704] R3 acpials;ALS Sensor Filter;C:\windows\System32\drivers\acpials.sys [2010-11-21 9728] R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\windows\System32\drivers\AmpPal.sys [2011-12-4 195584] R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2012-3-26 1304912] R3 btmaux;Intel Bluetooth Auxiliary Service;C:\windows\System32\drivers\btmaux.sys [2012-2-12 95232] R3 btmhsf;btmhsf;C:\windows\System32\drivers\btmhsf.sys [2012-2-12 747008] R3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\System32\drivers\clwvd.sys [2012-2-16 31216] R3 ETD;ELAN PS/2 Port Input Device;C:\windows\System32\drivers\ETD.sys [2012-5-10 280912] R3 ibtfltcoex;ibtfltcoex;C:\windows\System32\drivers\iBtFltCoex.sys [2012-3-20 60928] R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2012-2-6 331264] R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\windows\System32\drivers\iusb3hub.sys [2012-4-18 356632] R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\windows\System32\drivers\iusb3xhc.sys [2012-4-18 789272] R3 iwdbus;IWD Bus Enumerator;C:\windows\System32\drivers\iwdbus.sys [2011-12-20 25496] R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2013-6-20 366600] R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2012-5-10 648808] R3 wdkmd;Intel WiDi KMD;C:\windows\System32\drivers\WDKMD.sys [2011-12-20 42392] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-21 162408] S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\windows\System32\drivers\AmpPal.sys [2011-12-4 195584] S3 BRDriver64;BRDriver64;C:\ProgramData\bitraider\BRDriver64.sys [2013-4-1 74024] S3 BRSptSvc;BitRaider Mini-Support Service;C:\ProgramData\bitraider\BRSptSvc.exe [2013-4-1 952600] S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\windows\System32\drivers\intelaud.sys [2011-12-20 34200] S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-12-7 273168] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2013-4-29 19456] S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2013-4-29 57856] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2013-4-29 30208] S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-12-13 54784] S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-8-21 1255736] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2013-08-30 00:44:01 9515512 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{0FF99B01-C615-47AE-8C44-81644AE403F6}\mpengine.dll 2013-08-29 02:45:10 -------- d-sh--w- C:\$RECYCLE.BIN 2013-08-28 21:55:30 9515512 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2013-08-23 12:37:08 98816 ----a-w- C:\windows\sed.exe 2013-08-23 12:37:08 256000 ----a-w- C:\windows\PEV.exe 2013-08-23 12:37:08 208896 ----a-w- C:\windows\MBR.exe 2013-08-23 12:37:02 -------- d-s---w- C:\ComboFix 2013-08-22 22:43:55 941720 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{998ABF48-8458-47E7-8A84-7D84C6E70DBE}\gapaengine.dll 2013-08-19 01:14:21 -------- d-----w- C:\Program Files\iPod 2013-08-19 01:14:20 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-08-19 01:14:20 -------- d-----w- C:\Program Files\iTunes 2013-08-19 01:14:20 -------- d-----w- C:\Program Files (x86)\iTunes 2013-08-15 16:34:10 -------- d-----w- C:\Users\Mike\AppData\Local\{C6BD18E7-C026-4893-B7A5-5307FBAC6917} 2013-08-14 15:02:59 1767936 ----a-w- C:\windows\SysWow64\wininet.dll 2013-08-14 15:02:58 2241024 ----a-w- C:\windows\System32\wininet.dll 2013-08-14 13:03:17 1888768 ----a-w- C:\windows\System32\WMVDECOD.DLL 2013-08-14 13:03:16 1620992 ----a-w- C:\windows\SysWow64\WMVDECOD.DLL 2013-08-14 13:03:15 1910208 ----a-w- C:\windows\System32\drivers\tcpip.sys 2013-08-14 13:03:14 663552 ----a-w- C:\windows\SysWow64\rpcrt4.dll 2013-08-14 13:03:14 1217024 ----a-w- C:\windows\System32\rpcrt4.dll 2013-08-14 13:03:13 39936 ----a-w- C:\windows\System32\drivers\tssecsrv.sys 2013-08-12 20:06:18 -------- d-----w- C:\Users\Mike\AppData\Local\{14D1ECF4-DEA8-42A9-ABA4-3E59CBCC4F4F} . ==================== Find3M ==================== . 2013-08-20 18:59:36 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-08-20 18:59:36 692104 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe 2013-07-26 05:12:08 3958784 ----a-w- C:\windows\System32\jscript9.dll 2013-07-26 05:12:04 136704 ----a-w- C:\windows\System32\iesysprep.dll 2013-07-26 05:12:03 67072 ----a-w- C:\windows\System32\iesetup.dll 2013-07-26 03:35:08 2706432 ----a-w- C:\windows\System32\mshtml.tlb 2013-07-26 03:12:04 2877440 ----a-w- C:\windows\SysWow64\jscript9.dll 2013-07-26 03:12:00 61440 ----a-w- C:\windows\SysWow64\iesetup.dll 2013-07-26 03:12:00 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll 2013-07-26 02:49:14 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb 2013-07-26 02:39:38 89600 ----a-w- C:\windows\System32\RegisterIEPKEYs.exe 2013-07-26 01:59:38 71680 ----a-w- C:\windows\SysWow64\RegisterIEPKEYs.exe 2013-07-19 01:58:42 2048 ----a-w- C:\windows\System32\tzres.dll 2013-07-19 01:41:01 2048 ----a-w- C:\windows\SysWow64\tzres.dll 2013-07-09 06:03:30 5550528 ----a-w- C:\windows\System32\ntoskrnl.exe 2013-07-09 05:54:22 1732032 ----a-w- C:\windows\System32\ntdll.dll 2013-07-09 05:53:12 243712 ----a-w- C:\windows\System32\wow64.dll 2013-07-09 05:52:52 224256 ----a-w- C:\windows\System32\wintrust.dll 2013-07-09 05:46:20 184320 ----a-w- C:\windows\System32\cryptsvc.dll 2013-07-09 05:46:20 1472512 ----a-w- C:\windows\System32\crypt32.dll 2013-07-09 05:46:20 139776 ----a-w- C:\windows\System32\cryptnet.dll 2013-07-09 05:03:34 3968960 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe 2013-07-09 05:03:34 3913664 ----a-w- C:\windows\SysWow64\ntoskrnl.exe 2013-07-09 04:53:47 1292192 ----a-w- C:\windows\SysWow64\ntdll.dll 2013-07-09 04:52:33 5120 ----a-w- C:\windows\SysWow64\wow32.dll 2013-07-09 04:52:10 175104 ----a-w- C:\windows\SysWow64\wintrust.dll 2013-07-09 04:46:31 140288 ----a-w- C:\windows\SysWow64\cryptsvc.dll 2013-07-09 04:46:31 1166848 ----a-w- C:\windows\SysWow64\crypt32.dll 2013-07-09 04:46:31 103936 ----a-w- C:\windows\SysWow64\cryptnet.dll 2013-07-09 04:45:07 44032 ----a-w- C:\windows\apppatch\acwow64.dll 2013-07-09 02:49:42 25600 ----a-w- C:\windows\SysWow64\setup16.exe 2013-07-09 02:49:41 7680 ----a-w- C:\windows\SysWow64\instnm.exe 2013-07-09 02:49:39 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll 2013-07-09 02:49:38 2048 ----a-w- C:\windows\SysWow64\user.exe 2013-06-19 01:50:08 247216 ----a-w- C:\windows\System32\drivers\MpFilter.sys 2013-06-19 01:50:08 139616 ----a-w- C:\windows\System32\drivers\NisDrvWFP.sys 2013-06-05 03:34:27 3153920 ----a-w- C:\windows\System32\win32k.sys 2013-06-04 06:00:13 624128 ----a-w- C:\windows\System32\qedit.dll 2013-06-04 04:53:07 509440 ----a-w- C:\windows\SysWow64\qedit.dll . ============= FINISH: 21:00:23.55 =============== Attach.txt: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 8/18/2012 3:59:35 PM System Uptime: 8/29/2013 8:47:15 PM (1 hours ago) . Motherboard: SAMSUNG ELECTRONICS CO., LTD. | | 700Z3C/700Z5C Processor: Intel® Core i7-3615QM CPU @ 2.30GHz | CPU Socket - U3E1 | 1196/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 910 GiB total, 619.306 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP170: 8/25/2013 1:03:57 PM - Windows Update RP171: 8/28/2013 5:55:16 PM - Windows Update . ==== Installed Programs ====================== . ?? ??? ?? Windows Live Mesh ActiveX ??? ??? ActiveX ?? Windows Live Mesh ???? ??????? ??????? ???? ??? Windows Live ???? ???? ActiveX ????? ?? Windows Live Mesh ????????? ??????? ???? Windows Live ????? Windows Live ?????? ??????? ?? Windows Live ??????? ?????????? Windows Live Mesh ActiveX ??? ????????? ??????????? ??????? Windows Live Mesh ActiveX ??(????) ??????? Windows Live Mesh ActiveX ??? ???????? ?????????? Windows Live ????????? ActiveX ?? Windows Live Mesh ????????????????????????? (???) ?????????? Windows Live ??????????? ?? Windows Live a ActiveX-kontroll för fjärranslutningar för Windows Live Mesh ActiveX ???????? ?? Windows Live Mesh ?? ?????????? ?????? Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.7) Adobe Shockwave Player 12.0 Agatha Christie - Death on the Nile Amazon Kindle Apple Application Support Apple Mobile Device Support Apple Software Update „Windows Live Essentials“ „Windows Live Mail“ „Windows Live Mesh ActiveX“ nuotoliniu ryšiu valdiklis „Windows Live Messenger“ „Windows Live“ fotogalerija Bejeweled 2 Deluxe BitRaider Web Client Bonjour Build-a-lot Celtx (2.9.1) Chuzzle Deluxe Contrôle ActiveX Windows Live Mesh pour connexions à distance Control ActiveX de Windows Live Mesh para conexiones remotas Control ActiveX Windows Live Mesh pentru conexiuni la distan?a Controle ActiveX do Windows Live Mesh para Conexões Remotas Controlo ActiveX do Windows Live Mesh para Ligações Remotas CyberLink Media Suite CyberLink Media+ Player10 CyberLink MediaShow CyberLink Power2Go CyberLink PowerDirector CyberLink YouCam D3DX10 Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Diner Dash 2 Restaurant Rescue E-POP Easy File Share Easy Migration Easy Settings Easy Software Manager Easy Support Center ETDWare PS/2-X64 10.7.16.1_WHQL ExpressCache Facebook Video Calling 1.2.0.287 Farm Frenzy Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsluge polaczen zdalnych Fotogalerija Windows Live Free PDF to Word Converter 2.0 Galeria de Fotografias do Windows Live Galeria fotografii uslugi Windows Live Galerie de photos Windows Live Galerie foto Windows Live Galería fotográfica de Windows Live Google Chrome Google Talk Plugin Google Update Helper HF pAppLoc version 0.8 Insaniquarium Deluxe Intel PROSet Wireless Intel® Manageability Engine Firmware Recovery Agent Intel® Management Engine Components Intel® OpenCL CPU Runtime Intel® Processor Graphics Intel® PROSet/Wireless for Bluetooth® 3.0 + High Speed Intel® PROSet/Wireless Software for Bluetooth® Technology Intel® Rapid Storage Technology Intel® USB 3.0 eXtensible Host Controller Driver Intel® WiDi Intel® Wireless Display Intel® PROSet/Wireless WiFi Software Intel® Trusted Connect Service Client iTunes Java 7 Update 21 Java Auto Updater John Deere Drive Green Junk Mail filter update Kontrola Windows Live Mesh ActiveX za daljinske veze Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave Malwarebytes Anti-Malware version 1.75.0.1300 Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft IntelliPoint 8.2 Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Office 64-bit Components 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared 64-bit MUI (English) 2010 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Single Image 2010 Microsoft Office Word MUI (English) 2010 Microsoft Security Client Microsoft Security Essentials Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft Windows Application Compatibility Database Mozilla Firefox 23.0.1 (x86 en-US) Mozilla Maintenance Service MSVCRT MSVCRT_amd64 Multimedia POP Norton Online Backup NVIDIA Control Panel 306.97 NVIDIA Graphics Driver 306.97 NVIDIA Install Application NVIDIA Optimus 1.10.8 NVIDIA PhysX NVIDIA Update 1.10.8 NVIDIA Update Components Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená pripojení Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojenia Peggle Penguins! piaip AppLocale Plants vs. Zombies Poczta uslugi Windows Live Podstawowe programy Windows Live Polar Golfer Pošta Windows Live QuickTime Raccolta foto di Windows Live Realtek Ethernet Controller Driver Realtek High Definition Audio Driver Registry Easy v5.6 S?????? f?t???af??? t?? Windows Live Samsung Kies Samsung Recovery Solution 5 SAMSUNG USB Driver for Mobile Phones Scrivener Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628) Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2) Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687276) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition Skype™ 6.6 SmartEdit 2.101 Software Launcher St???e?? e?????? ActiveX t?? Windows Live Mesh ??a ap?µa???sµ??e? s??d?se?? swMSM Unity Web Player Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition Update Installer for WildTangent Games App User Guide Uzak Baglantilar Için Windows Live Mesh ActiveX Denetimi VLC media player 2.0.6 WBPIDownloadManager WildTangent Games WildTangent Games App Windows Live Windows Live ?? Windows Live ?? ??? Windows Live ??? Windows Live ???? Windows Live Communications Platform Windows Live Essentials Windows Live Fotótár Windows Live Foto-galerija Windows Live fotoattelu galerija Windows Live Fotogalerie Windows Live Fotogalleri Windows Live Fotogaléria Windows Live Fotograf Galerisi Windows Live Galeria de Fotos Windows Live Galerija fotografija Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger Windows Live Mesh ActiveX-objekt til fjernforbindelser Windows Live Mesh ActiveX-vezérlo távoli kapcsolatokhoz Windows Live Mesh ActiveX Control for Remote Connections Windows Live Mesh ActiveX kontrola za daljinske veze Windows Live Mesh ActiveX vadikla attalajiem savienojumiem Windows Live Meshin etäyhteyksien ActiveX-komponentti Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Pošta Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live Temel Parçalar Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Liven asennustyökalu Windows Liven sähköposti Windows Liven valokuvavalikoima WinRAR 4.20 (32-bit) Zuma Deluxe . ==== Event Viewer Messages From Past Week ======== . 8/29/2013 8:52:23 PM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). 8/29/2013 8:52:23 PM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure. 8/29/2013 8:47:47 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0xdeaddead (0x000000000f00004b, 0x0000000001a700ac, 0x0000000012a60000, 0x0000000000000000). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 082913-22760-01. 8/27/2013 1:28:22 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "109" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69} 8/27/2013 1:28:21 AM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The pipe has been ended. . ==== End Of File ===========================
  6. Getsugakure
    We actually decided to restore it to factory setting a little while after I posted this!! It's working well now. Thank you!
  7. Getsugakure
    . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 6/4/2012 10:35:46 AM System Uptime: 3/14/2013 5:00:00 PM (0 hours ago) . Motherboard: Dell Inc. | | 008DD8 Processor: Intel® Core i5-2450M CPU @ 2.50GHz | U3E1 | 2501/1333mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 447 GiB total, 17.509 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP69: 2/28/2013 3:00:12 AM - Windows Update RP70: 3/11/2013 9:38:24 PM - Scheduled Checkpoint RP71: 3/13/2013 10:15:14 AM - Windows Update . ==== Installed Programs ====================== . AccelerometerP11 Accidental Damage Services Agreement Adobe AIR Adobe Community Help Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Photoshop Elements 9 Adobe Premiere Elements 9 Adobe Reader X MUI Advanced Audio FX Engine Banctec Service Agreement CCleaner Complete Care Business Service Agreement Consumer In-Home Service Agreement D3DX10 Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Dell DataSafe Local Backup Dell DataSafe Local Backup - Support Software Dell DataSafe Online Dell Edoc Viewer Dell Getting Started Guide Dell Home Systems Service Agreement Dell Support Center Elements 9 Organizer Elements STI Installer Facebook Video Calling 1.2.0.287 Google Chrome HP Deskjet 3050A J611 series Basic Device Software HP Deskjet 3050A J611 series Help HP Deskjet 3050A J611 series Product Improvement Study HP Update InfoAtoms Install LoJack for Laptops Intel PROSet Wireless Intel® Management Engine Components Intel® Processor Graphics Intel® PROSet/Wireless Software for Bluetooth® Technology Intel® PROSet/Wireless WiFi Software Intel® Rapid Storage Technology Intel® Turbo Boost Technology Monitor 2.0 Intel® WiDi Intel® Wireless Display Java 7 Update 9 Java Auto Updater Junk Mail filter update Malwarebytes Anti-Malware version 1.70.0.1100 McAfee SecurityCenter Mesh Runtime Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Application Error Reporting Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Home and Student 2010 Microsoft Office Office 64-bit Components 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared 64-bit MUI (English) 2010 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Single Image 2010 Microsoft Office Word MUI (English) 2010 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft_VC80_CRT_x86 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFCLOC_x86 Microsoft_VC90_CRT_x86 MSVCRT MSVCRT_amd64 PlayReady PC Runtime x86 Premium Service Agreement QualxServ Service Agreement Quickset64 RealNetworks - Microsoft Visual C++ 2008 Runtime Realtek High Definition Audio Driver RealUpgrade 1.1 Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2736428) Security Update for Microsoft .NET Framework 4 Extended (KB2742595) Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition Shared C Run-time for x64 Skype™ 6.1 SmartSound Quicktracks for Premiere Elements 9.0 Synaptics Pointing Device Driver Torch Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition VC80CRTRedist - 8.0.50727.6195 VLC media player 2.0.5 Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Media Player Firefox Plugin . ==== Event Viewer Messages From Past Week ======== . 3/14/2013 5:28:40 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the McShield service. 3/14/2013 4:59:44 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 3/14/2013 4:13:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40} 3/14/2013 4:10:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 3/14/2013 4:10:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 3/14/2013 4:10:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 3/14/2013 4:10:20 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 21 3/14/2013 4:10:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 3/14/2013 4:10:02 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr Wanarpv6 . ==== End Of File ===========================
  8. Getsugakure
    This computer is super slow and has issues doing basic tasks like web browsing and just normal day to day things. Applications freeze and whenever I try to scan with Malaware Bytes, the app freezes. Please help!!!! In this post is the DDS next will be the attach. DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16470 BrowserJavaVersion: 10.9.2 Run by Elaine Tedesco at 17:28:08 on 2013-03-14 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6092.3944 [GMT -4:00] . AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892} SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\WLANExt.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork c:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\mfevtps.exe C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe C:\Windows\System32\rundll32.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Users\Elaine Tedesco\AppData\Local\Facebook\Update\FacebookUpdate.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\mcafee.com\agent\mcagent.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe C:\Program Files\Intel\TurboBoost\TurboBoost.exe C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_6_602_180_ActiveX.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Windows\system32\WerFault.exe C:\Program Files\mcafee\VirusScan\mcods.exe C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe C:\Program Files (x86)\Java\jre7\bin\javaw.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Windows\system32\taskeng.exe C:\Users\Elaine Tedesco\AppData\Local\Torch\Application\torch.exe C:\Users\Elaine Tedesco\AppData\Local\Torch\Update\23.0.0.2585\TorchUpdate.exe C:\Users\Elaine Tedesco\AppData\Local\Torch\Application\torch.exe C:\Users\Elaine Tedesco\AppData\Local\Torch\Application\torch.exe C:\Users\Elaine Tedesco\AppData\Local\Torch\Application\torch.exe C:\Users\Elaine Tedesco\AppData\Local\Torch\Application\torch.exe C:\Users\Elaine Tedesco\AppData\Local\Torch\Application\torch.exe C:\Users\Elaine Tedesco\AppData\Local\Torch\Application\torch.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uSearch Bar = Preserve uSearch Page = hxxp://feed.snap.do/?publisher=VertiTechnology&dpid=VertiTechnology&co=US&userid=5ec0710b-aef9-419b-9096-2274da08a376&searchtype=ds&q={searchTerms} uSearchAssistant = hxxp://feed.snap.do/?publisher=VertiTechnology&dpid=VertiTechnology&co=US&userid=5ec0710b-aef9-419b-9096-2274da08a376&searchtype=ds&q={searchTerms} mWinlogon: Userinit = userinit.exe BHO: InfoAtoms: {103089DA-0F31-4A8B-843F-7D24A7FE8345} - BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Babylon toolbar helper: {2EECD738-5844-4a99-B4B6-146BF802613B} - BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll BHO: Incredibar.com Helper Object: {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll TB: Incredibar Toolbar: {F9639E4A-801B-4843-AEE3-03D9DA199E77} - TB: Babylon Toolbar: {98889811-442D-49dd-99D7-DC866BE87DBC} - TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file> uRun: [Google Update] "C:\Users\Elaine Tedesco\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [Facebook Update] "C:\Users\Elaine Tedesco\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot mRun: [TwinitySetup] C:\Users\Elaine Tedesco\Downloads\TwinitySetup.exe StartupFolder: C:\Users\ELAINE~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\INTEL(~1.LNK - C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab TCP: NameServer = 199.94.92.10 199.94.95.2 TCP: Interfaces\{3E0338D6-7256-4F29-9291-BA41821DD6FA} : DHCPNameServer = 192.168.0.2 192.168.0.3 TCP: Interfaces\{C451731D-56B5-4275-9440-A5BCDE0EB8EB} : DHCPNameServer = 199.94.92.10 199.94.95.2 TCP: Interfaces\{C451731D-56B5-4275-9440-A5BCDE0EB8EB}\030313630313237303837314F5548545 : DHCPNameServer = 192.168.11.1 TCP: Interfaces\{C451731D-56B5-4275-9440-A5BCDE0EB8EB}\452435 : DHCPNameServer = 207.191.50.10 4.2.2.2 TCP: Interfaces\{C451731D-56B5-4275-9440-A5BCDE0EB8EB}\74F62746F6E6 : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{C451731D-56B5-4275-9440-A5BCDE0EB8EB}\74F62746F6E6D2537484A7 : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{C451731D-56B5-4275-9440-A5BCDE0EB8EB}\C456562656E6370213 : DHCPNameServer = 192.168.2.1 TCP: Interfaces\{C451731D-56B5-4275-9440-A5BCDE0EB8EB}\E4544574541425 : DHCPNameServer = 192.168.1.1 Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file> x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX3 x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe x64-Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe x64-Run: [intelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray x64-Run: [bTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp x64-Run: [QuickSet] c:\Program Files\Dell\QuickSet\QuickSet.exe x64-Run: [intelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/x64/RACtrl.cab?rnd=3427686049 x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - <orphaned> x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> . ============= SERVICES / DRIVERS =============== . R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2011-3-13 771096] R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2011-3-13 339776] R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-4-16 55856] R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\System32\drivers\stdcfltn.sys [2012-4-16 21616] R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-9-30 169408] R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2012-4-16 98208] R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-10-19 661504] R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-10-18 936272] R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-10-18 1001808] R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-10-20 135440] R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-11-29 16120] R3 Acceler;Accelerometer Service;C:\Windows\System32\drivers\Accelern.sys [2012-4-16 27760] R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\Windows\System32\drivers\AmpPal.sys [2011-10-19 195072] R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-10-18 1354064] R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\drivers\btmaux.sys [2011-8-29 53760] R3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2011-10-10 288768] R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2011-3-13 69672] R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2012-4-16 176096] R3 iBtFltCoex;iBtFltCoex;C:\Windows\System32\drivers\iBtFltCoex.sys [2011-10-11 59904] R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-4-16 317440] R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2011-5-17 25496] R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2012-4-16 77936] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-3-14 24176] R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2011-3-13 309400] R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2011-3-13 515528] R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2012-4-16 337512] R3 tihub3;TI USB3 Hub Service;C:\Windows\System32\drivers\tihub3.sys [2012-4-16 136000] R3 tixhci;TI XHCI Service;C:\Windows\System32\drivers\tixhci.sys [2012-4-16 406336] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\Windows\System32\drivers\AmpPal.sys [2011-10-19 195072] S3 Delldiag;Delldiag;C:\__de11ctstestfolder20120wdcsa__\WBT\WBT_W64\dddriver.sys [2012-12-27 16256] S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2012-9-29 196440] S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2012-4-16 158976] S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2011-5-17 34200] S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2011-3-13 106112] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232] . =============== Created Last 30 ================ . 2013-03-14 20:16:33 -------- d-----w- C:\Users\Elaine Tedesco\AppData\Local\ElevatedDiagnostics 2013-03-14 19:46:26 -------- d-----w- C:\Users\Elaine Tedesco\AppData\Roaming\Malwarebytes 2013-03-14 19:46:14 -------- d-----w- C:\ProgramData\Malwarebytes 2013-03-14 19:46:13 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-03-14 19:46:12 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-03-14 19:45:34 -------- d-----w- C:\Users\Elaine Tedesco\AppData\Local\Programs 2013-03-14 19:43:16 -------- d-----w- C:\Program Files\CCleaner 2013-02-15 15:52:01 -------- d-----w- C:\Program Files (x86)\VideoLAN 2013-02-14 16:05:36 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll 2013-02-14 16:05:36 768000 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll 2013-02-13 16:14:07 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe 2013-02-13 16:14:07 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2013-02-13 16:14:06 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2013-02-13 16:13:54 3153408 ----a-w- C:\Windows\System32\win32k.sys 2013-02-13 16:13:50 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2013-02-13 16:13:50 215040 ----a-w- C:\Windows\System32\winsrv.dll 2013-02-13 16:13:50 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2013-02-13 16:13:49 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2013-02-13 16:13:49 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2013-02-13 16:13:46 2048 ----a-w- C:\Windows\SysWow64\user.exe 2013-02-13 16:13:44 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2013-02-13 16:13:43 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS . ==================== Find3M ==================== . 2013-03-14 13:16:34 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-03-14 13:16:34 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll 2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll 2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll 2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll 2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll 2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll 2013-02-02 06:57:02 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2013-02-02 06:47:24 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2013-02-02 06:47:19 1392128 ----a-w- C:\Windows\System32\wininet.dll 2013-02-02 06:42:18 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2013-02-02 06:41:51 599040 ----a-w- C:\Windows\System32\vbscript.dll 2013-02-02 06:38:01 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2013-02-02 03:38:35 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-02-02 03:30:32 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2013-02-02 03:30:21 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-02-02 03:26:47 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2013-02-02 03:26:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2013-02-02 03:23:28 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-01-13 21:17:03 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-01-13 21:17:02 2560 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-01-13 21:16:42 10752 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll 2013-01-13 21:12:46 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-01-13 21:11:21 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll 2013-01-13 21:11:08 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-01-13 21:11:07 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll 2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-01-13 20:35:31 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-01-13 20:35:31 2560 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-01-13 20:35:18 10752 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll 2013-01-13 20:32:07 3584 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-01-13 20:31:48 4096 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll 2013-01-13 20:31:41 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-01-13 20:31:40 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll 2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-01-13 20:31:00 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll 2013-01-13 20:22:22 1988096 ----a-w- C:\Windows\SysWow64\d3d10warp.dll 2013-01-13 20:20:31 293376 ----a-w- C:\Windows\SysWow64\dxgi.dll 2013-01-13 20:09:00 249856 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll 2013-01-13 20:08:43 220160 ----a-w- C:\Windows\SysWow64\d3d10core.dll 2013-01-13 20:08:35 1504768 ----a-w- C:\Windows\SysWow64\d3d11.dll 2013-01-13 19:59:04 1643520 ----a-w- C:\Windows\System32\DWrite.dll 2013-01-13 19:58:28 1175552 ----a-w- C:\Windows\System32\FntCache.dll 2013-01-13 19:54:01 604160 ----a-w- C:\Windows\SysWow64\d3d10level9.dll 2013-01-13 19:53:58 207872 ----a-w- C:\Windows\SysWow64\WindowsCodecsExt.dll 2013-01-13 19:53:14 187392 ----a-w- C:\Windows\SysWow64\UIAnimation.dll 2013-01-13 19:51:30 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll 2013-01-13 19:49:17 363008 ----a-w- C:\Windows\System32\dxgi.dll 2013-01-13 19:48:47 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll 2013-01-13 19:46:25 1080832 ----a-w- C:\Windows\SysWow64\d3d10.dll 2013-01-13 19:43:21 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll 2013-01-13 19:38:39 333312 ----a-w- C:\Windows\System32\d3d10_1core.dll 2013-01-13 19:38:32 1887232 ----a-w- C:\Windows\System32\d3d11.dll 2013-01-13 19:38:21 296960 ----a-w- C:\Windows\System32\d3d10core.dll 2013-01-13 19:37:57 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll 2013-01-13 19:25:04 245248 ----a-w- C:\Windows\System32\WindowsCodecsExt.dll 2013-01-13 19:24:33 648192 ----a-w- C:\Windows\System32\d3d10level9.dll 2013-01-13 19:24:30 221184 ----a-w- C:\Windows\System32\UIAnimation.dll 2013-01-13 19:20:42 194560 ----a-w- C:\Windows\System32\d3d10_1.dll 2013-01-13 19:20:04 1238528 ----a-w- C:\Windows\System32\d3d10.dll 2013-01-13 19:15:40 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll 2013-01-13 19:10:36 3928064 ----a-w- C:\Windows\System32\d2d1.dll 2013-01-13 19:02:06 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll 2013-01-13 18:34:58 364544 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll 2013-01-13 18:32:43 465920 ----a-w- C:\Windows\System32\WMPhoto.dll 2013-01-13 18:09:52 522752 ----a-w- C:\Windows\System32\XpsGdiConverter.dll 2013-01-13 17:26:42 1158144 ----a-w- C:\Windows\SysWow64\XpsPrint.dll 2013-01-13 17:05:09 1682432 ----a-w- C:\Windows\System32\XpsPrint.dll 2013-01-04 06:11:21 2284544 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll 2013-01-04 06:11:13 2776576 ----a-w- C:\Windows\System32\msmpeg2vdec.dll 2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll 2012-12-26 15:55:26 69672 ----a-w- C:\Windows\System32\drivers\cfwids.sys 2012-12-26 15:52:44 339776 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys 2012-12-26 15:52:34 182312 ----a-w- C:\Windows\System32\mfevtps.exe 2012-12-26 15:51:34 10288 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys 2012-12-26 15:51:24 106112 ----a-w- C:\Windows\System32\drivers\mferkdet.sys 2012-12-26 15:50:48 771096 ----a-w- C:\Windows\System32\drivers\mfehidk.sys 2012-12-26 15:49:42 515528 ----a-w- C:\Windows\System32\drivers\mfefirek.sys 2012-12-26 15:49:00 309400 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys 2012-12-26 15:48:30 178840 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys 2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll 2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll 2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll 2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll . ============= FINISH: 17:29:14.38 ===============
  9. Getsugakure
    Sorry for the late reply--I didn't get an email for this one. Everything seemed fine after I turned the internet capability back onto my computer, but about three hours in, I got another notification from Malaware Bytes saying: "Successfully blocked access to a potentially malicious website: 173.192.183.196 | Type: outgoing | Port: 52139, Process: firefox.exe" The IP and program changed. Don't know what to do.
  10. Getsugakure
    Here it is! Thank you! ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=324257af08ee4548b9a7eb034feb1772 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-07-19 12:06:56 # local_time=2012-07-19 08:06:56 (-0500, Eastern Daylight Time) # country="United States" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=1024 16777215 100 0 0 0 0 0 # compatibility_mode=5893 16776574 100 94 0 94242343 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=146054 # found=18 # cleaned=18 # scan_time=723 C:\TDSSKiller_Quarantine\18.07.2012_08.03.56\mbr0000\tdlfs0000\tsk0000.dta a variant of Win32/Olmarik.AYI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\TDSSKiller_Quarantine\18.07.2012_08.03.56\mbr0000\tdlfs0000\tsk0001.dta Win64/Olmarik.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\TDSSKiller_Quarantine\18.07.2012_08.03.56\mbr0000\tdlfs0000\tsk0002.dta Win32/Olmarik.AYH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\TDSSKiller_Quarantine\18.07.2012_08.03.56\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\TDSSKiller_Quarantine\18.07.2012_08.03.56\mbr0000\tdlfs0000\tsk0004.dta a variant of Win32/Rootkit.Kryptik.MY trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\TDSSKiller_Quarantine\18.07.2012_08.03.56\mbr0000\tdlfs0000\tsk0005.dta Win64/Olmarik.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\TDSSKiller_Quarantine\18.07.2012_08.03.56\mbr0000\tdlfs0000\tsk0009.dta Win32/Olmarik.AFK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\TDSSKiller_Quarantine\18.07.2012_08.03.56\mbr0000\tdlfs0000\tsk0010.dta Win64/Olmarik.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\TDSSKiller_Quarantine\18.07.2012_08.03.56\mbr0000\tdlfs0000\tsk0014.dta a variant of Win32/Olmarik.AYI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\TDSSKiller_Quarantine\18.07.2012_20.46.07\tdlfs0000\tsk0000.dta a variant of Win32/Olmarik.AYI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\TDSSKiller_Quarantine\18.07.2012_20.46.07\tdlfs0000\tsk0001.dta Win64/Olmarik.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\TDSSKiller_Quarantine\18.07.2012_20.46.07\tdlfs0000\tsk0002.dta Win32/Olmarik.AYH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\TDSSKiller_Quarantine\18.07.2012_20.46.07\tdlfs0000\tsk0003.dta Win64/Olmarik.AL trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\TDSSKiller_Quarantine\18.07.2012_20.46.07\tdlfs0000\tsk0004.dta a variant of Win32/Rootkit.Kryptik.MY trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\TDSSKiller_Quarantine\18.07.2012_20.46.07\tdlfs0000\tsk0005.dta Win64/Olmarik.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\TDSSKiller_Quarantine\18.07.2012_20.46.07\tdlfs0000\tsk0009.dta Win32/Olmarik.AFK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\TDSSKiller_Quarantine\18.07.2012_20.46.07\tdlfs0000\tsk0010.dta Win64/Olmarik.AK trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\TDSSKiller_Quarantine\18.07.2012_20.46.07\tdlfs0000\tsk0014.dta a variant of Win32/Olmarik.AYI trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
  11. Getsugakure
    Again--thanks so much for the quick reply! ComboFix 12-07-18.04 - Mike 07/18/2012 20:58:31.3.8 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.16332.13620 [GMT -4:00] Running from: c:\users\Mike\Downloads\ComboFix.exe AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} FW: AVG Internet Security 2012 *Enabled* {621CC794-9486-F902-D092-0484E8EA828B} SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( Files Created from 2012-06-19 to 2012-07-19 ))))))))))))))))))))))))))))))) . . 2012-07-19 01:00 . 2012-07-19 01:00 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2012-07-19 01:00 . 2012-07-19 01:00 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-17 00:44 . 2012-07-17 00:46 -------- d-----w- c:\users\Mike\AppData\Roaming\AVG 2012-07-17 00:32 . 2012-07-17 00:32 -------- d-----w- c:\users\Mike\AppData\Roaming\Malwarebytes 2012-07-17 00:32 . 2012-07-17 00:32 -------- d-----w- c:\programdata\Malwarebytes 2012-07-17 00:32 . 2012-07-17 00:32 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-07-17 00:32 . 2012-07-03 17:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-07-15 21:49 . 2012-07-15 21:49 -------- d-----w- c:\users\Mike\AppData\Local\AVG Secure Search 2012-07-15 21:49 . 2012-07-15 21:49 -------- d-----w- c:\programdata\AVG Secure Search 2012-07-15 21:49 . 2012-07-15 21:49 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search 2012-07-15 21:49 . 2012-07-15 21:49 -------- d-----w- c:\program files (x86)\AVG Secure Search 2012-07-15 21:49 . 2012-07-15 21:49 -------- d-----w- c:\windows\SysWow64\drivers\AVG 2012-07-15 21:49 . 2012-07-17 12:01 -------- d-----w- c:\windows\system32\drivers\AVG 2012-07-15 21:49 . 2012-07-15 21:49 -------- d-----w- C:\$AVG 2012-07-15 21:43 . 2003-06-13 03:25 7062 ----a-w- c:\windows\SysWow64\audiopid.vxd 2012-07-15 21:43 . 2012-07-15 21:43 -------- d-----w- c:\programdata\Creative 2012-07-14 15:49 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9070812E-7C8F-472E-A7EB-4F24695CD157}\mpengine.dll 2012-07-12 11:45 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys 2012-07-11 21:02 . 2012-07-11 21:02 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll 2012-07-11 21:02 . 2012-07-11 21:02 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll 2012-07-10 23:50 . 2012-07-10 23:50 -------- d-----w- c:\users\Mike\AppData\Roaming\IDT 2012-07-08 21:43 . 2012-07-12 11:50 -------- d-----w- c:\program files (x86)\Diablo III 2012-07-08 21:43 . 2012-07-08 21:43 -------- d-----w- c:\programdata\Blizzard Entertainment 2012-07-08 21:43 . 2012-07-08 21:43 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment 2012-07-08 21:43 . 2012-07-08 21:43 -------- d-----w- c:\programdata\Battle.net 2012-06-21 17:52 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-21 17:52 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-21 17:52 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-21 17:52 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-21 17:52 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-21 17:52 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-21 17:52 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-21 17:52 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-21 17:52 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-12 11:44 . 2012-04-05 19:28 59701280 ----a-w- c:\windows\system32\MRT.exe 2012-07-12 00:25 . 2012-04-18 19:16 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-07-12 00:25 . 2012-03-06 00:10 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-12 00:25 . 2012-04-18 19:25 9822920 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2012-05-31 16:25 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe 2012-05-04 11:06 . 2012-06-12 21:41 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-04 10:03 . 2012-06-12 21:41 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-05-04 10:03 . 2012-06-12 21:41 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-05-01 05:40 . 2012-06-12 21:41 209920 ----a-w- c:\windows\system32\profsvc.dll 2012-04-28 03:55 . 2012-06-12 21:41 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-04-26 05:41 . 2012-06-12 21:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll 2012-04-26 05:41 . 2012-06-12 21:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-04-26 05:34 . 2012-06-12 21:41 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-04-24 05:37 . 2012-06-12 21:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2012-04-24 05:37 . 2012-06-12 21:41 140288 ----a-w- c:\windows\system32\cryptnet.dll 2012-04-24 05:37 . 2012-06-12 21:41 1462272 ----a-w- c:\windows\system32\crypt32.dll 2012-04-24 04:36 . 2012-06-12 21:41 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll 2012-04-24 04:36 . 2012-06-12 21:41 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2012-04-24 04:36 . 2012-06-12 21:41 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll . . ((((((((((((((((((((((((((((( SnapShot@2012-07-19_00.54.50 ))))))))))))))))))))))))))))))))))))))))) . - 2009-07-14 04:54 . 2012-07-17 20:36 98304 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:54 . 2012-07-19 00:56 98304 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 02:36 . 2012-07-19 00:59 660318 c:\windows\system32\perfh009.dat - 2009-07-14 02:36 . 2012-07-19 00:48 660318 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2012-07-19 00:59 121214 c:\windows\system32\perfc009.dat - 2009-07-14 02:36 . 2012-07-19 00:48 121214 c:\windows\system32\perfc009.dat + 2009-07-14 04:54 . 2012-07-19 00:56 2408448 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2012-07-17 20:36 2408448 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2012-07-19 00:56 1654784 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:54 . 2012-07-17 20:36 1654784 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] 2012-07-15 21:49 2074208 ----a-w- c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-15 2074208] . [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1] [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-05-23 1242448] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-09-14 283160] "AlienwareOn-ScreenDisplay"="c:\program files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe" [2011-09-03 1636208] "Integrated Webcam Live! Central"="c:\program files (x86)\Integrated Webcam\Live! Central\WebcamInt.exe" [2011-04-13 503942] "RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112] "Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888] "amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824] "AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008] "vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-07-15 1107552] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bigfoot Killer Network Manager.lnk - c:\program files\Bigfoot Networks\Killer Network Manager\KillerNetManager.exe [2011-11-8 568832] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "mixer1"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\avgidsagent.exe [2012-07-04 5160568] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056] R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-08-17 344616] R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-02-27 158976] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-11 113120] R3 rkhdrv40;Rootkit Unhooker Driver; [x] R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-17 1255736] S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-04-19 28480] S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-01-31 36944] S0 EMSC;COMPAL Embedded System Control;c:\windows\system32\DRIVERS\EMSC.SYS [2009-06-26 16752] S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-07-05 25960] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856] S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2010-08-20 21616] S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [2011-05-23 48992] S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-02-22 289872] S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2011-12-23 47696] S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-03-19 383808] S1 BfLwf;Bigfoot Networks Bandwidth Control;c:\windows\system32\DRIVERS\bflwfx64.sys [2011-11-08 69224] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600] S2 AlienFusionService;Alienware Fusion Service;c:\program files\Alienware\Command Center\AlienFusionService.exe [2011-03-22 15296] S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2012\avgfws.exe [2012-06-13 2321560] S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288] S2 Bigfoot Networks Killer Service;Bigfoot Networks Killer Service;c:\program files\Bigfoot Networks\Killer Network Manager\BFNService.exe [2011-11-08 467456] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-14 13336] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-07-05 1997416] S2 SftService;SoftThinks Agent Service;c:\program files (x86)\AlienRespawn\sftservice.EXE [2011-09-22 1692480] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-06-27 378472] S2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-07-15 935008] S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-09-07 27760] S3 Ak27x64;Killer Wireless-N 1102 device driver;c:\windows\system32\DRIVERS\Ak27x64.sys [2011-11-08 2740328] S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2011-12-23 124496] S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfiltera.sys [2011-12-23 29776] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2011-01-20 176096] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-11-30 76912] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904] S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-12-09 56344] S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-03-04 82432] S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-03-04 181760] S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-05-04 337512] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - 39061743 *Deregistered* - 39061743 . Contents of the 'Scheduled Tasks' folder . 2012-07-19 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-18 00:25] . 2012-07-15 c:\windows\Tasks\PCDoctorBackgroundMonitorTask-Delay.job - c:\program files\AlienAutopsy\uaclauncher.exe [2012-04-13 05:57] . 2012-07-15 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job - c:\program files\AlienAutopsy\uaclauncher.exe [2012-04-13 05:57] . 2012-07-19 c:\windows\Tasks\SystemToolsDailyTest.job - c:\program files\AlienAutopsy\uaclauncher.exe [2012-04-13 05:57] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU] "NVHotkey"="c:\windows\system32\nvHotkey.dll" [2011-06-26 315496] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-13 168216] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-13 392472] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-13 416024] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-03-17 1128448] "Command Center Controllers"="c:\program files\Alienware\Command Center\AWCCStartupOrchestrator.exe" [2011-04-13 13256] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=c:\windows\System32\nvinitx.dll . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com/ mLocal Page = c:\windows\SysWOW64\blank.htm LSP: %SYSTEMROOT%\system32\BfLLR.dll Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com TCP: DhcpNameServer = 10.1.10.1 192.168.0.1 Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll FF - ProfilePath - c:\users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\g5xi2azl.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B76185820-38ca-49f5-b45a-e41da4444338%7D&mid=ff47a873bf9747d097a94dfe4bb609ca-5e7f89c4b940a95ad5bfa65298698b7a74485dc2&ds=AVG&v=11.1.0.12〈=en&pr=pr&d=2012-07-15%2017%3A49%3A54&sap=ku&q= FF - prefs.js: network.proxy.type - 0 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-07-18 21:01:24 ComboFix-quarantined-files.txt 2012-07-19 01:01 ComboFix2.txt 2012-07-19 00:55 ComboFix3.txt 2012-07-17 01:01 . Pre-Run: 94,081,810,432 bytes free Post-Run: 94,027,280,384 bytes free . - - End Of File - - 33F6B5C9C889903C0227656A15E68FD9
  12. Getsugakure
    . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by Mike at 8:09:07 on 2012-07-18 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.16332.14242 [GMT -4:00] . AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files\IDT\WDM\STacSV64.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\IDT\WDM\AESTSr64.exe C:\Program Files (x86)\AVG\AVG2012\avgfws.exe C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe C:\Program Files\Bigfoot Networks\Killer Network Manager\BFNService.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\AlienRespawn\sftservice.EXE C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\taskhost.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\userinit.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\AVG\AVG PC Tuneup\BoostSpeed.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\IDT\WDM\sttray64.exe C:\Program Files (x86)\Steam\Steam.exe C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Bigfoot Networks\Killer Network Manager\KillerNetManager.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe C:\Program Files (x86)\Integrated Webcam\Live! Central\WebcamInt.exe C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe C:\Program Files (x86)\AVG\AVG2012\avgtray.exe C:\Program Files (x86)\AVG Secure Search\vprot.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\AlienRespawn\TOASTER.EXE C:\Program Files\Alienware\Command Center\AWCCServiceController.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\DSUpd.exe C:\Program Files (x86)\AlienRespawn\COMPONENTS\SCHEDULER\STSERVICE.EXE C:\Windows\sysWOW64\wbem\wmiprvse.exe C:\Program Files (x86)\Common Files\Steam\SteamService.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe C:\Windows\system32\conhost.exe C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe C:\Windows\system32\conhost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll {e7df6bff-55a5-4eb7-a673-4ed3e9456d39} uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun: [AlienwareOn-ScreenDisplay] C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe mRun: [integrated Webcam Live! Central] "C:\Program Files (x86)\Integrated Webcam\Live! Central\WebcamInt.exe" /mode2 mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BIGFOO~1.LNK - C:\Program Files (x86)\Bigfoot Networks\Killer Network Manager\KillerNetManager.exe mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll LSP: %SYSTEMROOT%\system32\BfLLR.dll Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab TCP: DhcpNameServer = 10.1.10.1 192.168.0.1 TCP: Interfaces\{DFF67BDC-67BE-4CD2-9FC3-32A1E22E330A} : DhcpNameServer = 10.1.10.1 192.168.0.1 Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll BHO-X64: AVG Do Not Track - No File BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun-x64: [AlienwareOn-ScreenDisplay] C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe mRun-x64: [integrated Webcam Live! Central] "C:\Program Files (x86)\Integrated Webcam\Live! Central\WebcamInt.exe" /mode2 mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\g5xi2azl.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B76185820-38ca-49f5-b45a-e41da4444338%7D&mid=ff47a873bf9747d097a94dfe4bb609ca-5e7f89c4b940a95ad5bfa65298698b7a74485dc2&ds=AVG&v=11.1.0.12〈=en&pr=pr&d=2012-07-15%2017%3A49%3A54&sap=ku&q= FF - prefs.js: network.proxy.type - 0 FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\npsitesafety.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll . ============= SERVICES / DRIVERS =============== . R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?] R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?] R0 EMSC;COMPAL Embedded System Control;C:\Windows\System32\drivers\EMSC.sys [2009-6-26 13680] R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?] R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?] R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\system32\DRIVERS\stdcfltn.sys --> C:\Windows\system32\DRIVERS\stdcfltn.sys [?] R1 Avgfwfd;AVG network filter service;C:\Windows\system32\DRIVERS\avgfwd6a.sys --> C:\Windows\system32\DRIVERS\avgfwd6a.sys [?] R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?] R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?] R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?] R1 BfLwf;Bigfoot Networks Bandwidth Control;C:\Windows\system32\DRIVERS\bflwfx64.sys --> C:\Windows\system32\DRIVERS\bflwfx64.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-3-5 89600] R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2012\avgfws.exe [2012-6-13 2321560] R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288] R2 Bigfoot Networks Killer Service;Bigfoot Networks Killer Service;C:\Program Files\Bigfoot Networks\Killer Network Manager\BFNService.exe [2011-11-8 467456] R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Accelern.sys --> C:\Windows\system32\DRIVERS\Accelern.sys [?] R3 Ak27x64;Killer Wireless-N 1102 device driver;C:\Windows\system32\DRIVERS\Ak27x64.sys --> C:\Windows\system32\DRIVERS\Ak27x64.sys [?] R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?] R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?] R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?] R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?] R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?] R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?] R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?] R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?] R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?] S2 AlienFusionService;Alienware Fusion Service;C:\Program Files\Alienware\Command Center\AlienFusionService.exe [2011-3-22 15296] S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-7-4 5160568] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-3-5 13336] S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-16 655944] S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2012-3-5 1997416] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-18 250056] S3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\system32\drivers\btwampfl.sys --> C:\Windows\system32\drivers\btwampfl.sys [?] S3 Impcd;Impcd;C:\Windows\system32\drivers\Impcd.sys --> C:\Windows\system32\drivers\Impcd.sys [?] S3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-6-13 113120] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?] . =============== Created Last 30 ================ . 2012-07-18 12:08:58 -------- d-----w- C:\Users\Mike\AppData\Local\{2D473A61-F10A-493B-BA28-1068E29D2877} 2012-07-18 12:06:18 -------- d-----w- C:\Users\Mike\AppData\Local\{AB6016D3-C0B5-4699-BFC9-4020EA337629} 2012-07-18 12:05:07 -------- d-----w- C:\TDSSKiller_Quarantine 2012-07-17 12:08:58 24448 ----a-w- C:\Windows\SysWow64\drivers\rkhdrv40.sys 2012-07-17 12:08:26 -------- d-----w- C:\RkUnhooker 2012-07-17 11:57:47 -------- d-----w- C:\Users\Mike\AppData\Local\{A1F1F9BD-F417-4D59-B7BF-3F279AFB61CD} 2012-07-17 11:57:36 -------- d-----w- C:\Users\Mike\AppData\Local\{0A132535-9755-4203-A623-216AC1A79FDD} 2012-07-17 04:17:28 -------- d-sh--w- C:\$RECYCLE.BIN 2012-07-17 00:44:54 -------- d-----w- C:\Users\Mike\AppData\Roaming\AVG 2012-07-17 00:32:46 -------- d-----w- C:\Users\Mike\AppData\Roaming\Malwarebytes 2012-07-17 00:32:43 -------- d-----w- C:\ProgramData\Malwarebytes 2012-07-17 00:32:42 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-07-17 00:32:42 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-07-16 20:38:24 -------- d-----w- C:\Users\Mike\AppData\Local\{67C4C9D0-3A40-42E0-BB76-C0FACD339A98} 2012-07-16 20:38:13 -------- d-----w- C:\Users\Mike\AppData\Local\{A301D35D-28A1-4354-ADB5-4328D43A36B5} 2012-07-15 21:49:57 -------- d-----w- C:\Users\Mike\AppData\Local\AVG Secure Search 2012-07-15 21:49:54 -------- d-----w- C:\ProgramData\AVG Secure Search 2012-07-15 21:49:54 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search 2012-07-15 21:49:53 -------- d-----w- C:\Program Files (x86)\AVG Secure Search 2012-07-15 21:49:50 -------- d-----w- C:\Windows\SysWow64\drivers\AVG 2012-07-15 21:49:43 -------- d-----w- C:\Windows\System32\drivers\AVG 2012-07-15 21:49:43 -------- d-----w- C:\$AVG 2012-07-15 21:43:28 7062 ----a-w- C:\Windows\SysWow64\audiopid.vxd 2012-07-15 19:13:13 -------- d-----w- C:\Users\Mike\AppData\Local\{2EB5DE1C-44EE-415D-8025-2B5F9B888B21} 2012-07-15 19:13:02 -------- d-----w- C:\Users\Mike\AppData\Local\{96539822-02C8-4559-A875-09D7568B31C7} 2012-07-15 03:39:43 -------- d-----w- C:\Users\Mike\AppData\Local\{038237A0-8DC0-4870-A9EB-71AC8CA1D833} 2012-07-15 03:39:33 -------- d-----w- C:\Users\Mike\AppData\Local\{E3FD9DCD-8003-4CF5-AEE8-FD50D5CE49F1} 2012-07-14 15:49:42 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9070812E-7C8F-472E-A7EB-4F24695CD157}\mpengine.dll 2012-07-14 15:39:08 -------- d-----w- C:\Users\Mike\AppData\Local\{999F1D89-1E64-4AEC-A0BA-0AB75BAA3194} 2012-07-14 15:38:58 -------- d-----w- C:\Users\Mike\AppData\Local\{FC6E4C32-8AD5-44D0-9CF1-0A8921771937} 2012-07-12 11:45:50 3148800 ----a-w- C:\Windows\System32\win32k.sys 2012-07-11 21:02:12 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll 2012-07-11 21:02:12 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll 2012-07-11 20:40:11 -------- d-----w- C:\Users\Mike\AppData\Local\{7CA062AB-1136-457F-AD21-EC3602D481C5} 2012-07-11 20:40:00 -------- d-----w- C:\Users\Mike\AppData\Local\{8B08E07F-FF71-4424-86E3-A84587EFDE8A} 2012-07-10 23:50:17 -------- d-----w- C:\Users\Mike\AppData\Roaming\IDT 2012-07-10 23:34:54 -------- d-----w- C:\Users\Mike\AppData\Local\{1012B80F-8B4B-4BB3-8941-6307EF586C80} 2012-07-10 23:34:43 -------- d-----w- C:\Users\Mike\AppData\Local\{31679D84-3EF8-4D39-BB91-5F22B2847FE3} 2012-07-08 21:43:31 -------- d-----w- C:\ProgramData\Blizzard Entertainment 2012-07-08 21:43:31 -------- d-----w- C:\Program Files (x86)\Diablo III 2012-07-08 21:43:31 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment 2012-07-08 21:43:03 -------- d-----w- C:\ProgramData\Battle.net 2012-07-08 21:34:20 -------- d-----w- C:\Users\Mike\AppData\Local\{220060F2-D19C-482E-B02A-F4701E9B6C71} 2012-07-08 21:34:08 -------- d-----w- C:\Users\Mike\AppData\Local\{2B0E87B8-6B4A-4B5E-BEAE-747F24AEE784} 2012-06-23 00:21:42 -------- d-----w- C:\Users\Mike\AppData\Local\{389BBC0C-266C-48ED-A282-0DA6DDBD556A} 2012-06-22 11:24:58 -------- d-----w- C:\Users\Mike\AppData\Local\{B5622D7D-5F39-45F3-ADCE-FD26A7D7AA2E} 2012-06-22 11:24:47 -------- d-----w- C:\Users\Mike\AppData\Local\{47B7DFD3-5C27-4D95-8FCC-47E92D46AF79} 2012-06-21 17:52:50 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2012-06-21 17:52:48 99840 ----a-w- C:\Windows\System32\wudriver.dll 2012-06-21 17:52:48 36864 ----a-w- C:\Windows\System32\wuapp.exe 2012-06-21 17:52:48 186752 ----a-w- C:\Windows\System32\wuwebv.dll . ==================== Find3M ==================== . 2012-07-12 00:25:07 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-12 00:25:07 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-07-12 00:25:02 9822920 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe 2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll 2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll 2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll 2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll 2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll 2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll 2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll 2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys 2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll 2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll 2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll 2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll 2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll 2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll 2012-05-31 16:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe 2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll 2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll 2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll 2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe 2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll 2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll 2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll 2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll . ============= FINISH: 8:09:55.42 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 3/10/2012 11:03:20 AM System Uptime: 7/18/2012 8:08:16 AM (0 hours ago) . Motherboard: Alienware | | M17xR3 Processor: Intel® Core i7-2760QM CPU @ 2.40GHz | CPU1 | 2401/1600mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 229 GiB total, 88.158 GiB free. D: is FIXED (NTFS) - 699 GiB total, 467.01 GiB free. E: is CDROM (UDF) F: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Advanced Audio FX Engine AlienRespawn AlienRespawn - Support Software Alienware M17x Manual Alienware On-Screen Display Apple Application Support Apple Software Update Assassin's Creed Assassin's Creed II AVG PC Tuneup Banctec Service Agreement Batman: Arkham Asylum Batman: Arkham City™ Bigfoot Networks Killer Network Manager Command Center D3DX10 DC Universe Online Live Diablo III DirectX 9 Runtime Dual-Core Optimizer EMSC IDT Audio Integrated Webcam Live! Central Intel® Processor Graphics Intel® Rapid Storage Technology Java Auto Updater Java 7 Update 1 Malwarebytes Anti-Malware version 1.62.0.1300 Microsoft Games for Windows - LIVE Redistributable Microsoft Games for Windows Marketplace Microsoft Silverlight Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Mozilla Firefox 13.0.1 (x86 en-US) Mozilla Maintenance Service MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) NVIDIA PhysX NVIDIA Stereoscopic 3D Driver PhotoShowExpress QuickTime Rootkit Unhooker Uninstall Roxio Activation Module Roxio BackOnTrack Roxio Burn Roxio Creator Starter Roxio Express Labeler 3 Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Sonic CinePlayer Decoder Pack Star Wars: The Old Republic Steam The Elder Scrolls V: Skyrim Ubisoft Game Launcher Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Visual Studio 2008 x64 Redistributables Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Messenger Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack WinRAR 4.20 (32-bit) . ==== Event Viewer Messages From Past Week ======== . 7/18/2012 8:09:43 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service. 7/17/2012 8:08:58 AM, Error: Application Popup [1060] - \SystemRoot\SysWow64\Drivers\rkhdrv40.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. 7/17/2012 5:01:01 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgfws service. 7/17/2012 4:36:53 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000009f (0x0000000000000003, 0xfffffa800d7faa10, 0xfffff80000b9c3d8, 0xfffffa801d7a7ab0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 071712-23244-01. 7/16/2012 8:59:45 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 7/16/2012 8:59:26 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. 7/16/2012 8:54:01 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. . ==== End Of File ===========================
  13. Getsugakure
    Thanks for the speedy reply! 08:03:56.0937 11116 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11 08:03:56.0968 11116 ============================================================ 08:03:56.0968 11116 Current date / time: 2012/07/18 08:03:56.0968 08:03:56.0968 11116 SystemInfo: 08:03:56.0968 11116 08:03:56.0968 11116 OS Version: 6.1.7601 ServicePack: 1.0 08:03:56.0968 11116 Product type: Workstation 08:03:56.0968 11116 ComputerName: MIKE-PC 08:03:56.0968 11116 UserName: Mike 08:03:56.0968 11116 Windows directory: C:\Windows 08:03:56.0968 11116 System windows directory: C:\Windows 08:03:56.0968 11116 Running under WOW64 08:03:56.0968 11116 Processor architecture: Intel x64 08:03:56.0968 11116 Number of processors: 8 08:03:56.0968 11116 Page size: 0x1000 08:03:56.0968 11116 Boot type: Normal boot 08:03:56.0968 11116 ============================================================ 08:03:57.0124 11116 Drive \Device\Harddisk0\DR0 - Size: 0x3B9E656000 (238.47 Gb), SectorSize: 0x200, Cylinders: 0x799A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 08:03:57.0421 11116 Drive \Device\Harddisk1\DR1 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 08:03:57.0483 11116 Drive \Device\Harddisk2\DR4 - Size: 0x78748E00 (1.88 Gb), SectorSize: 0x200, Cylinders: 0xF5, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 08:03:57.0483 11116 ============================================================ 08:03:57.0483 11116 \Device\Harddisk0\DR0: 08:03:57.0483 11116 MBR partitions: 08:03:57.0483 11116 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1378000 08:03:57.0483 11116 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x138C000, BlocksNum 0x1C966000 08:03:57.0483 11116 \Device\Harddisk1\DR1: 08:03:57.0483 11116 MBR partitions: 08:03:57.0483 11116 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x2000, BlocksNum 0x57542000 08:03:57.0483 11116 \Device\Harddisk2\DR4: 08:03:57.0483 11116 MBR partitions: 08:03:57.0483 11116 \Device\Harddisk2\DR4\Partition0: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x3C0E76 08:03:57.0483 11116 ============================================================ 08:03:57.0483 11116 C: <-> \Device\Harddisk0\DR0\Partition1 08:03:57.0499 11116 D: <-> \Device\Harddisk1\DR1\Partition0 08:03:57.0499 11116 ============================================================ 08:03:57.0499 11116 Initialize success 08:03:57.0499 11116 ============================================================ 08:04:15.0361 2824 ============================================================ 08:04:15.0361 2824 Scan started 08:04:15.0361 2824 Mode: Manual; SigCheck; TDLFS; 08:04:15.0361 2824 ============================================================ 08:04:15.0517 2824 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys 08:04:15.0563 2824 1394ohci - ok 08:04:15.0563 2824 Acceler (7a505465bbb1eb8b5ad4d76e8749383b) C:\Windows\system32\DRIVERS\Accelern.sys 08:04:15.0579 2824 Acceler - ok 08:04:15.0579 2824 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 08:04:15.0595 2824 ACPI - ok 08:04:15.0595 2824 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 08:04:15.0610 2824 AcpiPmi - ok 08:04:15.0626 2824 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 08:04:15.0641 2824 AdobeFlashPlayerUpdateSvc - ok 08:04:15.0657 2824 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys 08:04:15.0673 2824 adp94xx - ok 08:04:15.0673 2824 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys 08:04:15.0688 2824 adpahci - ok 08:04:15.0704 2824 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys 08:04:15.0704 2824 adpu320 - ok 08:04:15.0704 2824 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll 08:04:15.0735 2824 AeLookupSvc - ok 08:04:15.0735 2824 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe 08:04:15.0751 2824 AESTFilters - ok 08:04:15.0766 2824 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys 08:04:15.0782 2824 AFD - ok 08:04:15.0782 2824 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 08:04:15.0782 2824 agp440 - ok 08:04:15.0860 2824 Ak27x64 (3a6471dc6859ae05aa8bf63c10a95ec1) C:\Windows\system32\DRIVERS\Ak27x64.sys 08:04:15.0907 2824 Ak27x64 - ok 08:04:15.0922 2824 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe 08:04:15.0922 2824 ALG - ok 08:04:15.0938 2824 AlienFusionService (73fd38c98996fa971bad46376610fa67) C:\Program Files\Alienware\Command Center\AlienFusionService.exe 08:04:15.0938 2824 AlienFusionService - ok 08:04:15.0953 2824 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 08:04:15.0953 2824 aliide - ok 08:04:15.0953 2824 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 08:04:15.0969 2824 amdide - ok 08:04:15.0969 2824 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys 08:04:15.0969 2824 AmdK8 - ok 08:04:15.0985 2824 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys 08:04:15.0985 2824 AmdPPM - ok 08:04:15.0985 2824 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys 08:04:16.0000 2824 amdsata - ok 08:04:16.0000 2824 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys 08:04:16.0016 2824 amdsbs - ok 08:04:16.0016 2824 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys 08:04:16.0016 2824 amdxata - ok 08:04:16.0031 2824 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 08:04:16.0047 2824 AppID - ok 08:04:16.0047 2824 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll 08:04:16.0078 2824 AppIDSvc - ok 08:04:16.0078 2824 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll 08:04:16.0094 2824 Appinfo - ok 08:04:16.0109 2824 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys 08:04:16.0109 2824 arc - ok 08:04:16.0125 2824 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys 08:04:16.0125 2824 arcsas - ok 08:04:16.0141 2824 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 08:04:16.0141 2824 aspnet_state - ok 08:04:16.0141 2824 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 08:04:16.0172 2824 AsyncMac - ok 08:04:16.0172 2824 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 08:04:16.0172 2824 atapi - ok 08:04:16.0203 2824 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 08:04:16.0219 2824 AudioEndpointBuilder - ok 08:04:16.0234 2824 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 08:04:16.0250 2824 AudioSrv - ok 08:04:16.0250 2824 Avgfwfd (96b4456f1dca4eda506ed31c7d2d6b05) C:\Windows\system32\DRIVERS\avgfwd6a.sys 08:04:16.0265 2824 Avgfwfd - ok 08:04:16.0328 2824 avgfws (bd5d11cedbcde4fa97d2387e7069b1ff) C:\Program Files (x86)\AVG\AVG2012\avgfws.exe 08:04:16.0359 2824 avgfws - ok 08:04:16.0499 2824 AVGIDSAgent (d67719bcfde5798f5c30d14efed3bcaf) C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe 08:04:16.0546 2824 AVGIDSAgent - ok 08:04:16.0577 2824 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\Windows\system32\DRIVERS\avgidsdrivera.sys 08:04:16.0593 2824 AVGIDSDriver - ok 08:04:16.0593 2824 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\Windows\system32\DRIVERS\avgidsfiltera.sys 08:04:16.0609 2824 AVGIDSFilter - ok 08:04:16.0609 2824 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\Windows\system32\DRIVERS\avgidsha.sys 08:04:16.0624 2824 AVGIDSHA - ok 08:04:16.0624 2824 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\Windows\system32\DRIVERS\avgldx64.sys 08:04:16.0640 2824 Avgldx64 - ok 08:04:16.0640 2824 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\Windows\system32\DRIVERS\avgmfx64.sys 08:04:16.0655 2824 Avgmfx64 - ok 08:04:16.0655 2824 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\Windows\system32\DRIVERS\avgrkx64.sys 08:04:16.0671 2824 Avgrkx64 - ok 08:04:16.0671 2824 Avgtdia (1bee674ad792b1c63bb0dac5fa724b23) C:\Windows\system32\DRIVERS\avgtdia.sys 08:04:16.0687 2824 Avgtdia - ok 08:04:16.0702 2824 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe 08:04:16.0718 2824 avgwd - ok 08:04:16.0718 2824 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll 08:04:16.0733 2824 AxInstSV - ok 08:04:16.0749 2824 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys 08:04:16.0765 2824 b06bdrv - ok 08:04:16.0765 2824 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 08:04:16.0780 2824 b57nd60a - ok 08:04:16.0780 2824 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll 08:04:16.0796 2824 BDESVC - ok 08:04:16.0796 2824 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 08:04:16.0827 2824 Beep - ok 08:04:16.0843 2824 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll 08:04:16.0874 2824 BFE - ok 08:04:16.0874 2824 BfLwf (be24e62bed109ca1a53b8d8d380df02a) C:\Windows\system32\DRIVERS\bflwfx64.sys 08:04:16.0889 2824 BfLwf - ok 08:04:16.0905 2824 Bigfoot Networks Killer Service (6be709db43808f4d3e43621c8f4c764a) C:\Program Files\Bigfoot Networks\Killer Network Manager\BFNService.exe 08:04:16.0905 2824 Bigfoot Networks Killer Service ( UnsignedFile.Multi.Generic ) - warning 08:04:16.0905 2824 Bigfoot Networks Killer Service - detected UnsignedFile.Multi.Generic (1) 08:04:16.0936 2824 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll 08:04:16.0967 2824 BITS - ok 08:04:16.0967 2824 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 08:04:16.0967 2824 blbdrive - ok 08:04:16.0983 2824 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 08:04:16.0983 2824 bowser - ok 08:04:16.0983 2824 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys 08:04:16.0999 2824 BrFiltLo - ok 08:04:16.0999 2824 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys 08:04:17.0014 2824 BrFiltUp - ok 08:04:17.0014 2824 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys 08:04:17.0030 2824 BridgeMP - ok 08:04:17.0045 2824 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll 08:04:17.0061 2824 Browser - ok 08:04:17.0077 2824 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 08:04:17.0092 2824 Brserid - ok 08:04:17.0092 2824 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 08:04:17.0092 2824 BrSerWdm - ok 08:04:17.0092 2824 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 08:04:17.0108 2824 BrUsbMdm - ok 08:04:17.0108 2824 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 08:04:17.0123 2824 BrUsbSer - ok 08:04:17.0123 2824 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys 08:04:17.0123 2824 BthEnum - ok 08:04:17.0139 2824 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys 08:04:17.0139 2824 BTHMODEM - ok 08:04:17.0155 2824 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys 08:04:17.0155 2824 BthPan - ok 08:04:17.0170 2824 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys 08:04:17.0186 2824 BTHPORT - ok 08:04:17.0186 2824 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll 08:04:17.0217 2824 bthserv - ok 08:04:17.0217 2824 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys 08:04:17.0217 2824 BTHUSB - ok 08:04:17.0233 2824 btwampfl (7a2ce8c1bf4daa1f2766e21e9ca11078) C:\Windows\system32\drivers\btwampfl.sys 08:04:17.0248 2824 btwampfl - ok 08:04:17.0248 2824 btwavdt (d895dc213edbda5fcc53aad1f1e0e63b) C:\Windows\system32\drivers\btwavdt.sys 08:04:17.0264 2824 btwavdt - ok 08:04:17.0264 2824 btwrchid (6d7aa2bde0135599c5f230d69db3b420) C:\Windows\system32\drivers\btwrchid.sys 08:04:17.0279 2824 btwrchid - ok 08:04:17.0279 2824 catchme - ok 08:04:17.0279 2824 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 08:04:17.0311 2824 cdfs - ok 08:04:17.0311 2824 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys 08:04:17.0326 2824 cdrom - ok 08:04:17.0326 2824 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 08:04:17.0373 2824 CertPropSvc - ok 08:04:17.0389 2824 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys 08:04:17.0389 2824 circlass - ok 08:04:17.0404 2824 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 08:04:17.0420 2824 CLFS - ok 08:04:17.0420 2824 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 08:04:17.0435 2824 clr_optimization_v2.0.50727_32 - ok 08:04:17.0435 2824 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 08:04:17.0435 2824 clr_optimization_v2.0.50727_64 - ok 08:04:17.0451 2824 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 08:04:17.0451 2824 clr_optimization_v4.0.30319_32 - ok 08:04:17.0467 2824 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 08:04:17.0467 2824 clr_optimization_v4.0.30319_64 - ok 08:04:17.0482 2824 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 08:04:17.0482 2824 CmBatt - ok 08:04:17.0482 2824 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 08:04:17.0498 2824 cmdide - ok 08:04:17.0513 2824 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys 08:04:17.0529 2824 CNG - ok 08:04:17.0529 2824 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 08:04:17.0529 2824 Compbatt - ok 08:04:17.0529 2824 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys 08:04:17.0545 2824 CompositeBus - ok 08:04:17.0545 2824 COMSysApp - ok 08:04:17.0545 2824 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys 08:04:17.0560 2824 crcdisk - ok 08:04:17.0560 2824 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll 08:04:17.0576 2824 CryptSvc - ok 08:04:17.0576 2824 CtClsFlt (bc3d4f90978cd7c8eabd1baf3bf7873a) C:\Windows\system32\DRIVERS\CtClsFlt.sys 08:04:17.0591 2824 CtClsFlt - ok 08:04:17.0607 2824 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 08:04:17.0623 2824 DcomLaunch - ok 08:04:17.0654 2824 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll 08:04:17.0669 2824 defragsvc - ok 08:04:17.0685 2824 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 08:04:17.0701 2824 DfsC - ok 08:04:17.0716 2824 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll 08:04:17.0732 2824 Dhcp - ok 08:04:17.0732 2824 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 08:04:17.0763 2824 discache - ok 08:04:17.0763 2824 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys 08:04:17.0779 2824 Disk - ok 08:04:17.0779 2824 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll 08:04:17.0794 2824 Dnscache - ok 08:04:17.0794 2824 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll 08:04:17.0825 2824 dot3svc - ok 08:04:17.0825 2824 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll 08:04:17.0841 2824 DPS - ok 08:04:17.0857 2824 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 08:04:17.0857 2824 drmkaud - ok 08:04:17.0888 2824 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 08:04:17.0903 2824 DXGKrnl - ok 08:04:17.0903 2824 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll 08:04:17.0935 2824 EapHost - ok 08:04:18.0013 2824 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys 08:04:18.0059 2824 ebdrv - ok 08:04:18.0075 2824 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe 08:04:18.0075 2824 EFS - ok 08:04:18.0106 2824 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe 08:04:18.0122 2824 ehRecvr - ok 08:04:18.0122 2824 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe 08:04:18.0137 2824 ehSched - ok 08:04:18.0153 2824 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys 08:04:18.0169 2824 elxstor - ok 08:04:18.0169 2824 EMSC (e47d9d7e6e53892fc97282482f4ae307) C:\Windows\system32\DRIVERS\EMSC.SYS 08:04:18.0169 2824 EMSC - ok 08:04:18.0169 2824 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 08:04:18.0184 2824 ErrDev - ok 08:04:18.0200 2824 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll 08:04:18.0215 2824 EventSystem - ok 08:04:18.0231 2824 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 08:04:18.0247 2824 exfat - ok 08:04:18.0262 2824 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 08:04:18.0278 2824 fastfat - ok 08:04:18.0309 2824 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe 08:04:18.0309 2824 Fax - ok 08:04:18.0325 2824 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys 08:04:18.0325 2824 fdc - ok 08:04:18.0325 2824 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll 08:04:18.0356 2824 fdPHost - ok 08:04:18.0356 2824 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll 08:04:18.0371 2824 FDResPub - ok 08:04:18.0387 2824 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 08:04:18.0387 2824 FileInfo - ok 08:04:18.0387 2824 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 08:04:18.0418 2824 Filetrace - ok 08:04:18.0418 2824 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys 08:04:18.0418 2824 flpydisk - ok 08:04:18.0434 2824 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 08:04:18.0434 2824 FltMgr - ok 08:04:18.0465 2824 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll 08:04:18.0496 2824 FontCache - ok 08:04:18.0496 2824 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 08:04:18.0496 2824 FontCache3.0.0.0 - ok 08:04:18.0512 2824 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 08:04:18.0512 2824 FsDepends - ok 08:04:18.0512 2824 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys 08:04:18.0527 2824 Fs_Rec - ok 08:04:18.0527 2824 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 08:04:18.0543 2824 fvevol - ok 08:04:18.0543 2824 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys 08:04:18.0543 2824 gagp30kx - ok 08:04:18.0574 2824 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll 08:04:18.0605 2824 gpsvc - ok 08:04:18.0605 2824 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 08:04:18.0605 2824 hcw85cir - ok 08:04:18.0621 2824 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys 08:04:18.0621 2824 HDAudBus - ok 08:04:18.0621 2824 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys 08:04:18.0637 2824 HidBatt - ok 08:04:18.0637 2824 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys 08:04:18.0652 2824 HidBth - ok 08:04:18.0652 2824 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys 08:04:18.0668 2824 HidIr - ok 08:04:18.0668 2824 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll 08:04:18.0683 2824 hidserv - ok 08:04:18.0699 2824 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys 08:04:18.0699 2824 HidUsb - ok 08:04:18.0699 2824 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll 08:04:18.0730 2824 hkmsvc - ok 08:04:18.0730 2824 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll 08:04:18.0746 2824 HomeGroupListener - ok 08:04:18.0761 2824 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll 08:04:18.0761 2824 HomeGroupProvider - ok 08:04:18.0761 2824 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 08:04:18.0777 2824 HpSAMD - ok 08:04:18.0793 2824 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 08:04:18.0824 2824 HTTP - ok 08:04:18.0824 2824 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 08:04:18.0824 2824 hwpolicy - ok 08:04:18.0839 2824 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys 08:04:18.0839 2824 i8042prt - ok 08:04:18.0855 2824 iaStor (f7ce9be72edac499b713eca6dae5d26f) C:\Windows\system32\DRIVERS\iaStor.sys 08:04:18.0871 2824 iaStor - ok 08:04:18.0871 2824 IAStorDataMgrSvc (b25f192ea1f84a316eb7c19efcccf33d) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe 08:04:18.0886 2824 IAStorDataMgrSvc - ok 08:04:18.0886 2824 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys 08:04:18.0902 2824 iaStorV - ok 08:04:18.0902 2824 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe 08:04:18.0902 2824 IDriverT ( UnsignedFile.Multi.Generic ) - warning 08:04:18.0902 2824 IDriverT - detected UnsignedFile.Multi.Generic (1) 08:04:18.0933 2824 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 08:04:18.0949 2824 idsvc - ok 08:04:19.0261 2824 igfx (174bcac474de13b2650e444cf124828e) C:\Windows\system32\DRIVERS\igdkmd64.sys 08:04:19.0385 2824 igfx - ok 08:04:19.0401 2824 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys 08:04:19.0401 2824 iirsp - ok 08:04:19.0432 2824 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll 08:04:19.0463 2824 IKEEXT - ok 08:04:19.0463 2824 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\drivers\Impcd.sys 08:04:19.0479 2824 Impcd - ok 08:04:19.0479 2824 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys 08:04:19.0495 2824 IntcDAud - ok 08:04:19.0495 2824 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 08:04:19.0495 2824 intelide - ok 08:04:19.0510 2824 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 08:04:19.0510 2824 intelppm - ok 08:04:19.0510 2824 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll 08:04:19.0541 2824 IPBusEnum - ok 08:04:19.0541 2824 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 08:04:19.0557 2824 IpFilterDriver - ok 08:04:19.0573 2824 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll 08:04:19.0604 2824 iphlpsvc - ok 08:04:19.0604 2824 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 08:04:19.0619 2824 IPMIDRV - ok 08:04:19.0619 2824 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 08:04:19.0651 2824 IPNAT - ok 08:04:19.0651 2824 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 08:04:19.0666 2824 IRENUM - ok 08:04:19.0666 2824 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 08:04:19.0666 2824 isapnp - ok 08:04:19.0682 2824 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 08:04:19.0682 2824 iScsiPrt - ok 08:04:19.0697 2824 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys 08:04:19.0697 2824 kbdclass - ok 08:04:19.0697 2824 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys 08:04:19.0713 2824 kbdhid - ok 08:04:19.0713 2824 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 08:04:19.0713 2824 KeyIso - ok 08:04:19.0729 2824 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys 08:04:19.0729 2824 KSecDD - ok 08:04:19.0744 2824 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys 08:04:19.0744 2824 KSecPkg - ok 08:04:19.0744 2824 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 08:04:19.0775 2824 ksthunk - ok 08:04:19.0791 2824 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll 08:04:19.0807 2824 KtmRm - ok 08:04:19.0822 2824 L1C (ebed8b3ff4a823c1a6eebeed7b29353f) C:\Windows\system32\DRIVERS\L1C62x64.sys 08:04:19.0822 2824 L1C - ok 08:04:19.0838 2824 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll 08:04:19.0853 2824 LanmanServer - ok 08:04:19.0869 2824 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll 08:04:19.0885 2824 LanmanWorkstation - ok 08:04:19.0885 2824 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 08:04:19.0916 2824 lltdio - ok 08:04:19.0931 2824 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll 08:04:19.0947 2824 lltdsvc - ok 08:04:19.0947 2824 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll 08:04:19.0978 2824 lmhosts - ok 08:04:19.0978 2824 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys 08:04:19.0994 2824 LSI_FC - ok 08:04:19.0994 2824 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys 08:04:19.0994 2824 LSI_SAS - ok 08:04:20.0009 2824 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys 08:04:20.0009 2824 LSI_SAS2 - ok 08:04:20.0009 2824 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys 08:04:20.0025 2824 LSI_SCSI - ok 08:04:20.0025 2824 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 08:04:20.0056 2824 luafv - ok 08:04:20.0056 2824 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys 08:04:20.0072 2824 MBAMProtector - ok 08:04:20.0087 2824 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 08:04:20.0103 2824 MBAMService - ok 08:04:20.0103 2824 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll 08:04:20.0119 2824 Mcx2Svc - ok 08:04:20.0119 2824 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys 08:04:20.0119 2824 megasas - ok 08:04:20.0134 2824 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys 08:04:20.0134 2824 MegaSR - ok 08:04:20.0150 2824 MEIx64 (1c6e73fc46b509eff9d0086aa37132df) C:\Windows\system32\DRIVERS\HECIx64.sys 08:04:20.0150 2824 MEIx64 - ok 08:04:20.0165 2824 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 08:04:20.0181 2824 MMCSS - ok 08:04:20.0181 2824 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 08:04:20.0212 2824 Modem - ok 08:04:20.0212 2824 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 08:04:20.0212 2824 monitor - ok 08:04:20.0228 2824 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 08:04:20.0228 2824 mouclass - ok 08:04:20.0228 2824 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 08:04:20.0243 2824 mouhid - ok 08:04:20.0243 2824 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 08:04:20.0259 2824 mountmgr - ok 08:04:20.0259 2824 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 08:04:20.0259 2824 MozillaMaintenance - ok 08:04:20.0275 2824 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 08:04:20.0275 2824 mpio - ok 08:04:20.0290 2824 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 08:04:20.0306 2824 mpsdrv - ok 08:04:20.0321 2824 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll 08:04:20.0353 2824 MpsSvc - ok 08:04:20.0368 2824 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 08:04:20.0368 2824 MRxDAV - ok 08:04:20.0384 2824 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys 08:04:20.0384 2824 mrxsmb - ok 08:04:20.0399 2824 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys 08:04:20.0399 2824 mrxsmb10 - ok 08:04:20.0415 2824 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 08:04:20.0415 2824 mrxsmb20 - ok 08:04:20.0415 2824 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 08:04:20.0431 2824 msahci - ok 08:04:20.0431 2824 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 08:04:20.0431 2824 msdsm - ok 08:04:20.0446 2824 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe 08:04:20.0446 2824 MSDTC - ok 08:04:20.0462 2824 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 08:04:20.0477 2824 Msfs - ok 08:04:20.0477 2824 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 08:04:20.0509 2824 mshidkmdf - ok 08:04:20.0509 2824 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 08:04:20.0509 2824 msisadrv - ok 08:04:20.0524 2824 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll 08:04:20.0540 2824 MSiSCSI - ok 08:04:20.0540 2824 msiserver - ok 08:04:20.0540 2824 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 08:04:20.0571 2824 MSKSSRV - ok 08:04:20.0571 2824 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 08:04:20.0587 2824 MSPCLOCK - ok 08:04:20.0602 2824 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 08:04:20.0618 2824 MSPQM - ok 08:04:20.0633 2824 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 08:04:20.0633 2824 MsRPC - ok 08:04:20.0649 2824 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys 08:04:20.0649 2824 mssmbios - ok 08:04:20.0649 2824 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 08:04:20.0680 2824 MSTEE - ok 08:04:20.0680 2824 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys 08:04:20.0680 2824 MTConfig - ok 08:04:20.0680 2824 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 08:04:20.0696 2824 Mup - ok 08:04:20.0711 2824 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll 08:04:20.0727 2824 napagent - ok 08:04:20.0743 2824 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 08:04:20.0758 2824 NativeWifiP - ok 08:04:20.0789 2824 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys 08:04:20.0805 2824 NDIS - ok 08:04:20.0805 2824 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 08:04:20.0821 2824 NdisCap - ok 08:04:20.0821 2824 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 08:04:20.0852 2824 NdisTapi - ok 08:04:20.0852 2824 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 08:04:20.0867 2824 Ndisuio - ok 08:04:20.0883 2824 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 08:04:20.0899 2824 NdisWan - ok 08:04:20.0899 2824 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 08:04:20.0930 2824 NDProxy - ok 08:04:20.0930 2824 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 08:04:20.0961 2824 NetBIOS - ok 08:04:20.0961 2824 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 08:04:20.0992 2824 NetBT - ok 08:04:20.0992 2824 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 08:04:20.0992 2824 Netlogon - ok 08:04:21.0008 2824 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll 08:04:21.0039 2824 Netman - ok 08:04:21.0039 2824 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 08:04:21.0055 2824 NetMsmqActivator - ok 08:04:21.0055 2824 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 08:04:21.0055 2824 NetPipeActivator - ok 08:04:21.0070 2824 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll 08:04:21.0101 2824 netprofm - ok 08:04:21.0101 2824 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 08:04:21.0101 2824 NetTcpActivator - ok 08:04:21.0101 2824 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 08:04:21.0117 2824 NetTcpPortSharing - ok 08:04:21.0117 2824 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys 08:04:21.0117 2824 nfrd960 - ok 08:04:21.0133 2824 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll 08:04:21.0164 2824 NlaSvc - ok 08:04:21.0164 2824 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 08:04:21.0179 2824 Npfs - ok 08:04:21.0179 2824 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll 08:04:21.0211 2824 nsi - ok 08:04:21.0211 2824 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 08:04:21.0226 2824 nsiproxy - ok 08:04:21.0289 2824 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys 08:04:21.0320 2824 Ntfs - ok 08:04:21.0335 2824 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 08:04:21.0367 2824 Null - ok 08:04:21.0367 2824 nusb3hub (0ebc9d13cd96c15b1b18d8678a609e4b) C:\Windows\system32\DRIVERS\nusb3hub.sys 08:04:21.0367 2824 nusb3hub - ok 08:04:21.0382 2824 nusb3xhc (7bdec000d56d485021d9c1e63c2f81ca) C:\Windows\system32\DRIVERS\nusb3xhc.sys 08:04:21.0382 2824 nusb3xhc - ok 08:04:21.0741 2824 nvlddmkm (a36c4ce37da2e80db2de20f604d3f417) C:\Windows\system32\DRIVERS\nvlddmkm.sys 08:04:21.0866 2824 nvlddmkm - ok 08:04:21.0897 2824 nvpciflt (a618b3d198611c1bcaa9e0f44aa65cb3) C:\Windows\system32\DRIVERS\nvpciflt.sys 08:04:21.0897 2824 nvpciflt - ok 08:04:21.0913 2824 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys 08:04:21.0913 2824 nvraid - ok 08:04:21.0928 2824 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys 08:04:21.0928 2824 nvstor - ok 08:04:21.0959 2824 NVSvc (540d760b87a2638f2f1e614e78acc08a) C:\Windows\system32\nvvsvc.exe 08:04:21.0975 2824 NVSvc - ok 08:04:22.0037 2824 nvUpdatusService (1bfc0ef8b25eeb49d924e444a4299193) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe 08:04:22.0053 2824 nvUpdatusService - ok 08:04:22.0084 2824 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 08:04:22.0084 2824 nv_agp - ok 08:04:22.0100 2824 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 08:04:22.0100 2824 ohci1394 - ok 08:04:22.0115 2824 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 08:04:22.0131 2824 p2pimsvc - ok 08:04:22.0131 2824 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll 08:04:22.0147 2824 p2psvc - ok 08:04:22.0147 2824 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys 08:04:22.0162 2824 Parport - ok 08:04:22.0162 2824 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys 08:04:22.0178 2824 partmgr - ok 08:04:22.0178 2824 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll 08:04:22.0193 2824 PcaSvc - ok 08:04:22.0193 2824 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 08:04:22.0209 2824 pci - ok 08:04:22.0209 2824 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 08:04:22.0209 2824 pciide - ok 08:04:22.0225 2824 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys 08:04:22.0240 2824 pcmcia - ok 08:04:22.0240 2824 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 08:04:22.0240 2824 pcw - ok 08:04:22.0256 2824 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 08:04:22.0287 2824 PEAUTH - ok 08:04:22.0303 2824 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe 08:04:22.0318 2824 PerfHost - ok 08:04:22.0349 2824 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll 08:04:22.0396 2824 pla - ok 08:04:22.0396 2824 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll 08:04:22.0412 2824 PlugPlay - ok 08:04:22.0412 2824 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll 08:04:22.0427 2824 PNRPAutoReg - ok 08:04:22.0427 2824 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 08:04:22.0443 2824 PNRPsvc - ok 08:04:22.0459 2824 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll 08:04:22.0490 2824 PolicyAgent - ok 08:04:22.0490 2824 Power (a2cca4fb273e6050f17a0a416cff2fcd) C:\Windows\system32\umpo.dll 08:04:22.0505 2824 Power - ok 08:04:22.0505 2824 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 08:04:22.0537 2824 PptpMiniport - ok 08:04:22.0537 2824 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys 08:04:22.0552 2824 Processor - ok 08:04:22.0552 2824 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll 08:04:22.0568 2824 ProfSvc - ok 08:04:22.0568 2824 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 08:04:22.0568 2824 ProtectedStorage - ok 08:04:22.0583 2824 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 08:04:22.0599 2824 Psched - ok 08:04:22.0599 2824 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys 08:04:22.0615 2824 PxHlpa64 - ok 08:04:22.0661 2824 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys 08:04:22.0677 2824 ql2300 - ok 08:04:22.0708 2824 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys 08:04:22.0708 2824 ql40xx - ok 08:04:22.0724 2824 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll 08:04:22.0739 2824 QWAVE - ok 08:04:22.0739 2824 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 08:04:22.0755 2824 QWAVEdrv - ok 08:04:22.0755 2824 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 08:04:22.0771 2824 RasAcd - ok 08:04:22.0786 2824 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 08:04:22.0802 2824 RasAgileVpn - ok 08:04:22.0802 2824 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll 08:04:22.0833 2824 RasAuto - ok 08:04:22.0833 2824 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 08:04:22.0864 2824 Rasl2tp - ok 08:04:22.0864 2824 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll 08:04:22.0895 2824 RasMan - ok 08:04:22.0895 2824 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 08:04:22.0927 2824 RasPppoe - ok 08:04:22.0927 2824 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 08:04:22.0942 2824 RasSstp - ok 08:04:22.0958 2824 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 08:04:22.0989 2824 rdbss - ok 08:04:22.0989 2824 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys 08:04:22.0989 2824 rdpbus - ok 08:04:22.0989 2824 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 08:04:23.0020 2824 RDPCDD - ok 08:04:23.0020 2824 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 08:04:23.0051 2824 RDPENCDD - ok 08:04:23.0051 2824 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 08:04:23.0067 2824 RDPREFMP - ok 08:04:23.0083 2824 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys 08:04:23.0083 2824 RDPWD - ok 08:04:23.0098 2824 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 08:04:23.0098 2824 rdyboost - ok 08:04:23.0098 2824 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll 08:04:23.0129 2824 RemoteAccess - ok 08:04:23.0129 2824 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll 08:04:23.0161 2824 RemoteRegistry - ok 08:04:23.0161 2824 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys 08:04:23.0176 2824 RFCOMM - ok 08:04:23.0176 2824 rkhdrv40 - ok 08:04:23.0223 2824 RoxMediaDB12OEM (3c957189b31c34d3ad21967b12b6aed7) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe 08:04:23.0239 2824 RoxMediaDB12OEM - ok 08:04:23.0254 2824 RoxWatch12 (2b73088cc2ca757a172b425c9398e5bc) C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe 08:04:23.0254 2824 RoxWatch12 - ok 08:04:23.0285 2824 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll 08:04:23.0301 2824 RpcEptMapper - ok 08:04:23.0301 2824 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe 08:04:23.0317 2824 RpcLocator - ok 08:04:23.0332 2824 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 08:04:23.0348 2824 RpcSs - ok 08:04:23.0363 2824 RSPCIESTOR (9d21618e7a3b2c75cf1a2ecbbe723730) C:\Windows\system32\DRIVERS\RtsPStor.sys 08:04:23.0379 2824 RSPCIESTOR - ok 08:04:23.0379 2824 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 08:04:23.0410 2824 rspndr - ok 08:04:23.0410 2824 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 08:04:23.0410 2824 SamSs - ok 08:04:23.0426 2824 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 08:04:23.0426 2824 sbp2port - ok 08:04:23.0441 2824 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll 08:04:23.0457 2824 SCardSvr - ok 08:04:23.0473 2824 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 08:04:23.0488 2824 scfilter - ok 08:04:23.0504 2824 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll 08:04:23.0535 2824 Schedule - ok 08:04:23.0551 2824 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 08:04:23.0566 2824 SCPolicySvc - ok 08:04:23.0566 2824 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys 08:04:23.0582 2824 sdbus - ok 08:04:23.0582 2824 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll 08:04:23.0597 2824 SDRSVC - ok 08:04:23.0597 2824 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 08:04:23.0629 2824 secdrv - ok 08:04:23.0629 2824 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll 08:04:23.0644 2824 seclogon - ok 08:04:23.0660 2824 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll 08:04:23.0675 2824 SENS - ok 08:04:23.0675 2824 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll 08:04:23.0691 2824 SensrSvc - ok 08:04:23.0691 2824 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys 08:04:23.0691 2824 Serenum - ok 08:04:23.0707 2824 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys 08:04:23.0707 2824 Serial - ok 08:04:23.0707 2824 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys 08:04:23.0722 2824 sermouse - ok 08:04:23.0722 2824 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll 08:04:23.0753 2824 SessionEnv - ok 08:04:23.0753 2824 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 08:04:23.0769 2824 sffdisk - ok 08:04:23.0769 2824 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 08:04:23.0769 2824 sffp_mmc - ok 08:04:23.0785 2824 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys 08:04:23.0785 2824 sffp_sd - ok 08:04:23.0785 2824 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys 08:04:23.0800 2824 sfloppy - ok 08:04:23.0847 2824 SftService (29ddea72c5bdf61d62f4d438dc0e497c) C:\Program Files (x86)\AlienRespawn\sftservice.EXE 08:04:23.0863 2824 SftService - ok 08:04:23.0909 2824 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll 08:04:23.0941 2824 SharedAccess - ok 08:04:23.0941 2824 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll 08:04:23.0972 2824 ShellHWDetection - ok 08:04:23.0972 2824 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys 08:04:23.0987 2824 SiSRaid2 - ok 08:04:23.0987 2824 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys 08:04:23.0987 2824 SiSRaid4 - ok 08:04:24.0003 2824 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 08:04:24.0019 2824 Smb - ok 08:04:24.0034 2824 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe 08:04:24.0034 2824 SNMPTRAP - ok 08:04:24.0034 2824 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 08:04:24.0050 2824 spldr - ok 08:04:24.0065 2824 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe 08:04:24.0097 2824 Spooler - ok 08:04:24.0175 2824 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe 08:04:24.0237 2824 sppsvc - ok 08:04:24.0253 2824 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll 08:04:24.0284 2824 sppuinotify - ok 08:04:24.0299 2824 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys 08:04:24.0315 2824 srv - ok 08:04:24.0331 2824 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys 08:04:24.0331 2824 srv2 - ok 08:04:24.0346 2824 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys 08:04:24.0346 2824 srvnet - ok 08:04:24.0362 2824 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll 08:04:24.0377 2824 SSDPSRV - ok 08:04:24.0377 2824 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll 08:04:24.0409 2824 SstpSvc - ok 08:04:24.0424 2824 STacSV (e82994866a370a480607637f28b82835) C:\Program Files\IDT\WDM\STacSV64.exe 08:04:24.0424 2824 STacSV - ok 08:04:24.0424 2824 stdcfltn (92e7f6666633d2dd91d527503daa7be0) C:\Windows\system32\DRIVERS\stdcfltn.sys 08:04:24.0440 2824 stdcfltn - ok 08:04:24.0440 2824 Steam Client Service - ok 08:04:24.0455 2824 Stereo Service (f52e2b5b8df49efbcedb54f698845ec0) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe 08:04:24.0471 2824 Stereo Service - ok 08:04:24.0471 2824 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys 08:04:24.0487 2824 stexstor - ok 08:04:24.0502 2824 STHDA (3ad0ed8b19cd76d2254de5fb298e3c26) C:\Windows\system32\DRIVERS\stwrt64.sys 08:04:24.0502 2824 STHDA - ok 08:04:24.0533 2824 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll 08:04:24.0533 2824 stisvc - ok 08:04:24.0549 2824 stllssvr (7731f46ec0d687a931cba063e8f90ef0) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe 08:04:24.0549 2824 stllssvr - ok 08:04:24.0549 2824 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys 08:04:24.0565 2824 swenum - ok 08:04:24.0580 2824 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll 08:04:24.0611 2824 swprv - ok 08:04:24.0643 2824 SynTP (d8205430cfd64fdb7d691d3bb74fd18f) C:\Windows\system32\DRIVERS\SynTP.sys 08:04:24.0674 2824 SynTP - ok 08:04:24.0736 2824 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll 08:04:24.0767 2824 SysMain - ok 08:04:24.0783 2824 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll 08:04:24.0799 2824 TabletInputService - ok 08:04:24.0814 2824 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll 08:04:24.0830 2824 TapiSrv - ok 08:04:24.0830 2824 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll 08:04:24.0861 2824 TBS - ok 08:04:24.0908 2824 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys 08:04:24.0939 2824 Tcpip - ok 08:04:25.0017 2824 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys 08:04:25.0033 2824 TCPIP6 - ok 08:04:25.0064 2824 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 08:04:25.0079 2824 tcpipreg - ok 08:04:25.0079 2824 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 08:04:25.0095 2824 TDPIPE - ok 08:04:25.0095 2824 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys 08:04:25.0095 2824 TDTCP - ok 08:04:25.0111 2824 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 08:04:25.0126 2824 tdx - ok 08:04:25.0126 2824 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys 08:04:25.0142 2824 TermDD - ok 08:04:25.0157 2824 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll 08:04:25.0189 2824 TermService - ok 08:04:25.0189 2824 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll 08:04:25.0204 2824 Themes - ok 08:04:25.0204 2824 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 08:04:25.0235 2824 THREADORDER - ok 08:04:25.0235 2824 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll 08:04:25.0267 2824 TrkWks - ok 08:04:25.0267 2824 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe 08:04:25.0298 2824 TrustedInstaller - ok 08:04:25.0298 2824 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 08:04:25.0313 2824 tssecsrv - ok 08:04:25.0329 2824 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 08:04:25.0329 2824 TsUsbFlt - ok 08:04:25.0329 2824 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys 08:04:25.0345 2824 TsUsbGD - ok 08:04:25.0345 2824 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 08:04:25.0376 2824 tunnel - ok 08:04:25.0376 2824 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys 08:04:25.0376 2824 uagp35 - ok 08:04:25.0407 2824 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 08:04:25.0423 2824 udfs - ok 08:04:25.0438 2824 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe 08:04:25.0438 2824 UI0Detect - ok 08:04:25.0438 2824 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 08:04:25.0454 2824 uliagpkx - ok 08:04:25.0454 2824 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys 08:04:25.0469 2824 umbus - ok 08:04:25.0469 2824 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys 08:04:25.0469 2824 UmPass - ok 08:04:25.0485 2824 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll 08:04:25.0516 2824 upnphost - ok 08:04:25.0516 2824 usbccgp (19ad7990c0b67e48dac5b26f99628223) C:\Windows\system32\DRIVERS\usbccgp.sys 08:04:25.0516 2824 usbccgp - ok 08:04:25.0532 2824 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 08:04:25.0532 2824 usbcir - ok 08:04:25.0547 2824 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys 08:04:25.0547 2824 usbehci - ok 08:04:25.0563 2824 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys 08:04:25.0579 2824 usbhub - ok 08:04:25.0579 2824 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys 08:04:25.0579 2824 usbohci - ok 08:04:25.0594 2824 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys 08:04:25.0594 2824 usbprint - ok 08:04:25.0610 2824 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS 08:04:25.0610 2824 USBSTOR - ok 08:04:25.0610 2824 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys 08:04:25.0625 2824 usbuhci - ok 08:04:25.0625 2824 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys 08:04:25.0641 2824 usbvideo - ok 08:04:25.0641 2824 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll 08:04:25.0672 2824 UxSms - ok 08:04:25.0672 2824 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 08:04:25.0672 2824 VaultSvc - ok 08:04:25.0688 2824 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 08:04:25.0688 2824 vdrvroot - ok 08:04:25.0703 2824 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe 08:04:25.0735 2824 vds - ok 08:04:25.0735 2824 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 08:04:25.0750 2824 vga - ok 08:04:25.0750 2824 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 08:04:25.0766 2824 VgaSave - ok 08:04:25.0781 2824 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 08:04:25.0781 2824 vhdmp - ok 08:04:25.0797 2824 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 08:04:25.0797 2824 viaide - ok 08:04:25.0797 2824 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 08:04:25.0813 2824 volmgr - ok 08:04:25.0828 2824 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 08:04:25.0828 2824 volmgrx - ok 08:04:25.0844 2824 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 08:04:25.0844 2824 volsnap - ok 08:04:25.0859 2824 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys 08:04:25.0859 2824 vsmraid - ok 08:04:25.0906 2824 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe 08:04:25.0953 2824 VSS - ok 08:04:25.0984 2824 vToolbarUpdater11.2.0 (8ed347bad8d1fb7c40b593bfb01786d2) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe 08:04:26.0000 2824 vToolbarUpdater11.2.0 - ok 08:04:26.0015 2824 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys 08:04:26.0031 2824 vwifibus - ok 08:04:26.0031 2824 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 08:04:26.0047 2824 vwififlt - ok 08:04:26.0047 2824 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll 08:04:26.0078 2824 W32Time - ok 08:04:26.0078 2824 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys 08:04:26.0093 2824 WacomPen - ok 08:04:26.0093 2824 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 08:04:26.0109 2824 WANARP - ok 08:04:26.0125 2824 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 08:04:26.0140 2824 Wanarpv6 - ok 08:04:26.0171 2824 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe 08:04:26.0203 2824 WatAdminSvc - ok 08:04:26.0234 2824 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe 08:04:26.0265 2824 wbengine - ok 08:04:26.0281 2824 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll 08:04:26.0296 2824 WbioSrvc - ok 08:04:26.0312 2824 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll 08:04:26.0327 2824 wcncsvc - ok 08:04:26.0327 2824 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll 08:04:26.0327 2824 WcsPlugInService - ok 08:04:26.0343 2824 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys 08:04:26.0343 2824 Wd - ok 08:04:26.0359 2824 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 08:04:26.0374 2824 Wdf01000 - ok 08:04:26.0390 2824 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 08:04:26.0390 2824 WdiServiceHost - ok 08:04:26.0390 2824 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 08:04:26.0405 2824 WdiSystemHost - ok 08:04:26.0421 2824 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll 08:04:26.0437 2824 WebClient - ok 08:04:26.0437 2824 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll 08:04:26.0468 2824 Wecsvc - ok 08:04:26.0468 2824 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll 08:04:26.0483 2824 wercplsupport - ok 08:04:26.0499 2824 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll 08:04:26.0515 2824 WerSvc - ok 08:04:26.0530 2824 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 08:04:26.0546 2824 WfpLwf - ok 08:04:26.0561 2824 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys 08:04:26.0561 2824 WimFltr - ok 08:04:26.0561 2824 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 08:04:26.0577 2824 WIMMount - ok 08:04:26.0577 2824 WinDefend - ok 08:04:26.0577 2824 WinHttpAutoProxySvc - ok 08:04:26.0593 2824 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll 08:04:26.0608 2824 Winmgmt - ok 08:04:26.0671 2824 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll 08:04:26.0717 2824 WinRM - ok 08:04:26.0749 2824 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys 08:04:26.0749 2824 WinUsb - ok 08:04:26.0780 2824 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll 08:04:26.0795 2824 Wlansvc - ok 08:04:26.0873 2824 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 08:04:26.0889 2824 wlidsvc - ok 08:04:26.0920 2824 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys 08:04:26.0920 2824 WmiAcpi - ok 08:04:26.0936 2824 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe 08:04:26.0951 2824 wmiApSrv - ok 08:04:26.0951 2824 WMPNetworkSvc - ok 08:04:26.0951 2824 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll 08:04:26.0967 2824 WPCSvc - ok 08:04:26.0967 2824 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll 08:04:26.0983 2824 WPDBusEnum - ok 08:04:26.0983 2824 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 08:04:26.0998 2824 ws2ifsl - ok 08:04:27.0014 2824 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll 08:04:27.0014 2824 wscsvc - ok 08:04:27.0014 2824 WSearch - ok 08:04:27.0092 2824 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll 08:04:27.0123 2824 wuauserv - ok 08:04:27.0154 2824 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 08:04:27.0170 2824 WudfPf - ok 08:04:27.0185 2824 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 08:04:27.0201 2824 WUDFRd - ok 08:04:27.0201 2824 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll 08:04:27.0232 2824 wudfsvc - ok 08:04:27.0232 2824 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll 08:04:27.0248 2824 WwanSvc - ok 08:04:27.0263 2824 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0 08:04:27.0263 2824 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected 08:04:27.0263 2824 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0) 08:04:27.0295 2824 \Device\Harddisk0\DR0 ( TDSS File System ) - warning 08:04:27.0295 2824 \Device\Harddisk0\DR0 - detected TDSS File System (1) 08:04:27.0622 2824 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1 08:04:27.0841 2824 \Device\Harddisk1\DR1 - ok 08:04:27.0841 2824 MBR (0x1B8) (739b36f7a373fc81121d831231b6d311) \Device\Harddisk2\DR4 08:04:30.0118 2824 \Device\Harddisk2\DR4 - ok 08:04:30.0118 2824 Boot (0x1200) (e3419eb8c50f42ea4f99814e7d867476) \Device\Harddisk0\DR0\Partition0 08:04:30.0118 2824 \Device\Harddisk0\DR0\Partition0 - ok 08:04:30.0118 2824 Boot (0x1200) (30d4a5491dc0796a2600e48e0f798374) \Device\Harddisk0\DR0\Partition1 08:04:30.0134 2824 \Device\Harddisk0\DR0\Partition1 - ok 08:04:30.0165 2824 Boot (0x1200) (2bd3842d5c7b2e0a669e3a6265342e08) \Device\Harddisk1\DR1\Partition0 08:04:30.0165 2824 \Device\Harddisk1\DR1\Partition0 - ok 08:04:30.0181 2824 Boot (0x1200) (f27ced69bffbeec7ebb30bfc88986791) \Device\Harddisk2\DR4\Partition0 08:04:30.0181 2824 \Device\Harddisk2\DR4\Partition0 - ok 08:04:30.0181 2824 ============================================================ 08:04:30.0181 2824 Scan finished 08:04:30.0181 2824 ============================================================ 08:04:30.0181 1776 Detected object count: 4 08:04:30.0181 1776 Actual detected object count: 4 08:05:07.0090 1776 Bigfoot Networks Killer Service ( UnsignedFile.Multi.Generic ) - skipped by user 08:05:07.0090 1776 Bigfoot Networks Killer Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 08:05:07.0090 1776 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user 08:05:07.0090 1776 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 08:05:07.0511 1776 \Device\Harddisk0\DR0\# - copied to quarantine 08:05:07.0511 1776 \Device\Harddisk0\DR0 - copied to quarantine 08:05:07.0527 1776 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine 08:05:07.0527 1776 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine 08:05:07.0543 1776 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine 08:05:07.0543 1776 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine 08:05:07.0558 1776 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine 08:05:07.0574 1776 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine 08:05:07.0574 1776 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine 08:05:07.0574 1776 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine 08:05:07.0574 1776 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine 08:05:07.0574 1776 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine 08:05:07.0574 1776 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine 08:05:07.0574 1776 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine 08:05:07.0574 1776 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine 08:05:07.0574 1776 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine 08:05:07.0589 1776 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine 08:05:07.0589 1776 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot 08:05:07.0589 1776 \Device\Harddisk0\DR0 - ok 08:05:07.0621 1776 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure 08:05:07.0621 1776 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user 08:05:07.0621 1776 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip 08:05:11.0349 1692 Deinitialize success ------------------------------------------------------------------------------------------------------------------------------------------------------------- Malwarebytes Anti-Malware (Trial) 1.62.0.1300 www.malwarebytes.org Database version: v2012.07.17.14 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Mike :: MIKE-PC [administrator] Protection: Enabled 7/18/2012 8:06:25 AM mbam-log-2012-07-18 (08-06-25).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 237376 Time elapsed: 47 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully. (end)
  14. Getsugakure
    My Alienware M17x is my gaming laptop. Recently, I found there were sounds playing with no applications running, downloaded Malware and AVG Pro. Malwarebytes continually pops up saying "Successfully blocked access to a potentially malicious website: 206.161.121.3 | Type: outgoing | Port: 59873, ProcessL svchost.exe". Decided it was time to seek help. Please and Thank you! . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by Mike at 17:12:19 on 2012-07-17 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.16332.12634 [GMT -4:00] . AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files\IDT\WDM\STacSV64.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\IDT\WDM\AESTSr64.exe C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe C:\Program Files\Bigfoot Networks\Killer Network Manager\BFNService.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\AlienRespawn\sftservice.EXE C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\taskhost.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\AVG\AVG PC Tuneup\BoostSpeed.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\IDT\WDM\sttray64.exe C:\Program Files\Bigfoot Networks\Killer Network Manager\KillerNetManager.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe C:\Program Files\Alienware\Command Center\AWCCServiceController.exe C:\Program Files (x86)\Integrated Webcam\Live! Central\WebcamInt.exe C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe C:\Program Files (x86)\AVG\AVG2012\avgtray.exe C:\Program Files (x86)\AVG Secure Search\vprot.exe C:\Program Files (x86)\AlienRespawn\TOASTER.EXE C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\AlienRespawn\COMPONENTS\SCHEDULER\STSERVICE.EXE C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\DSUpd.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher32.exe C:\Program Files\Alienware\Command Center\AWCCApplicationWatcher64.exe C:\Windows\system32\conhost.exe C:\Windows\system32\conhost.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe -netsvcs C:\Windows\system32\conhost.exe C:\Program Files\Alienware\Command Center\AlienFusionService.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe C:\Program Files\Alienware\Command Center\AlienFusionController.exe C:\Windows\system32\svchost.exe -k SDRSVC C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll {e7df6bff-55a5-4eb7-a673-4ed3e9456d39} uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun: [AlienwareOn-ScreenDisplay] C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe mRun: [integrated Webcam Live! Central] "C:\Program Files (x86)\Integrated Webcam\Live! Central\WebcamInt.exe" /mode2 mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BIGFOO~1.LNK - C:\Program Files (x86)\Bigfoot Networks\Killer Network Manager\KillerNetManager.exe mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll LSP: %SYSTEMROOT%\system32\BfLLR.dll Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab TCP: DhcpNameServer = 10.1.10.1 192.168.0.1 TCP: Interfaces\{DFF67BDC-67BE-4CD2-9FC3-32A1E22E330A} : DhcpNameServer = 10.1.10.1 192.168.0.1 Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll BHO-X64: AVG Do Not Track - No File BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun-x64: [AlienwareOn-ScreenDisplay] C:\Program Files (x86)\Alienware On-Screen Display\AlienwareOn-ScreenDisplay.exe mRun-x64: [integrated Webcam Live! Central] "C:\Program Files (x86)\Integrated Webcam\Live! Central\WebcamInt.exe" /mode2 mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" mRun-x64: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray AppInit_DLLs-X64: C:\Windows\SysWOW64\nvinit.dll . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Mike\AppData\Roaming\Mozilla\Firefox\Profiles\g5xi2azl.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B76185820-38ca-49f5-b45a-e41da4444338%7D&mid=ff47a873bf9747d097a94dfe4bb609ca-5e7f89c4b940a95ad5bfa65298698b7a74485dc2&ds=AVG&v=11.1.0.12〈=en&pr=pr&d=2012-07-15%2017%3A49%3A54&sap=ku&q= FF - prefs.js: network.proxy.type - 0 FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\npsitesafety.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll . ============= SERVICES / DRIVERS =============== . R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?] R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?] R0 EMSC;COMPAL Embedded System Control;C:\Windows\System32\drivers\EMSC.sys [2009-6-26 13680] R0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys --> C:\Windows\system32\DRIVERS\nvpciflt.sys [?] R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?] R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\system32\DRIVERS\stdcfltn.sys --> C:\Windows\system32\DRIVERS\stdcfltn.sys [?] R1 Avgfwfd;AVG network filter service;C:\Windows\system32\DRIVERS\avgfwd6a.sys --> C:\Windows\system32\DRIVERS\avgfwd6a.sys [?] R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?] R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?] R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?] R1 BfLwf;Bigfoot Networks Bandwidth Control;C:\Windows\system32\DRIVERS\bflwfx64.sys --> C:\Windows\system32\DRIVERS\bflwfx64.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-3-5 89600] R2 AlienFusionService;Alienware Fusion Service;C:\Program Files\Alienware\Command Center\AlienFusionService.exe [2011-3-22 15296] R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288] R2 Bigfoot Networks Killer Service;Bigfoot Networks Killer Service;C:\Program Files\Bigfoot Networks\Killer Network Manager\BFNService.exe [2011-11-8 467456] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-3-5 13336] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-16 655944] R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2012-3-5 1997416] R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\AlienRespawn\SftService.exe [2012-3-5 1692480] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-6-26 378472] R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe [2012-7-15 935008] R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Accelern.sys --> C:\Windows\system32\DRIVERS\Accelern.sys [?] R3 Ak27x64;Killer Wireless-N 1102 device driver;C:\Windows\system32\DRIVERS\Ak27x64.sys --> C:\Windows\system32\DRIVERS\Ak27x64.sys [?] R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?] R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?] R3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\system32\drivers\btwampfl.sys --> C:\Windows\system32\drivers\btwampfl.sys [?] R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?] R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?] R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?] R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?] R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?] R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?] S2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2012\avgfws.exe [2012-6-13 2321560] S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-7-4 5160568] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-18 250056] S3 Impcd;Impcd;C:\Windows\system32\drivers\Impcd.sys --> C:\Windows\system32\drivers\Impcd.sys [?] S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-6-13 113120] S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] . =============== Created Last 30 ================ . 2012-07-17 20:37:53 20480 ----a-w- C:\Windows\svchost.exe 2012-07-17 12:08:58 24448 ----a-w- C:\Windows\SysWow64\drivers\rkhdrv40.sys 2012-07-17 12:08:26 -------- d-----w- C:\RkUnhooker 2012-07-17 11:57:47 -------- d-----w- C:\Users\Mike\AppData\Local\{A1F1F9BD-F417-4D59-B7BF-3F279AFB61CD} 2012-07-17 11:57:36 -------- d-----w- C:\Users\Mike\AppData\Local\{0A132535-9755-4203-A623-216AC1A79FDD} 2012-07-17 04:17:28 -------- d-sh--w- C:\$RECYCLE.BIN 2012-07-17 00:44:54 -------- d-----w- C:\Users\Mike\AppData\Roaming\AVG 2012-07-17 00:32:46 -------- d-----w- C:\Users\Mike\AppData\Roaming\Malwarebytes 2012-07-17 00:32:43 -------- d-----w- C:\ProgramData\Malwarebytes 2012-07-17 00:32:42 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-07-17 00:32:42 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-07-16 20:38:24 -------- d-----w- C:\Users\Mike\AppData\Local\{67C4C9D0-3A40-42E0-BB76-C0FACD339A98} 2012-07-16 20:38:13 -------- d-----w- C:\Users\Mike\AppData\Local\{A301D35D-28A1-4354-ADB5-4328D43A36B5} 2012-07-15 21:49:57 -------- d-----w- C:\Users\Mike\AppData\Local\AVG Secure Search 2012-07-15 21:49:54 -------- d-----w- C:\ProgramData\AVG Secure Search 2012-07-15 21:49:54 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search 2012-07-15 21:49:53 -------- d-----w- C:\Program Files (x86)\AVG Secure Search 2012-07-15 21:49:50 -------- d-----w- C:\Windows\SysWow64\drivers\AVG 2012-07-15 21:49:43 -------- d-----w- C:\Windows\System32\drivers\AVG 2012-07-15 21:49:43 -------- d-----w- C:\$AVG 2012-07-15 21:43:28 7062 ----a-w- C:\Windows\SysWow64\audiopid.vxd 2012-07-15 19:13:13 -------- d-----w- C:\Users\Mike\AppData\Local\{2EB5DE1C-44EE-415D-8025-2B5F9B888B21} 2012-07-15 19:13:02 -------- d-----w- C:\Users\Mike\AppData\Local\{96539822-02C8-4559-A875-09D7568B31C7} 2012-07-15 03:39:43 -------- d-----w- C:\Users\Mike\AppData\Local\{038237A0-8DC0-4870-A9EB-71AC8CA1D833} 2012-07-15 03:39:33 -------- d-----w- C:\Users\Mike\AppData\Local\{E3FD9DCD-8003-4CF5-AEE8-FD50D5CE49F1} 2012-07-14 15:49:42 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9070812E-7C8F-472E-A7EB-4F24695CD157}\mpengine.dll 2012-07-14 15:39:08 -------- d-----w- C:\Users\Mike\AppData\Local\{999F1D89-1E64-4AEC-A0BA-0AB75BAA3194} 2012-07-14 15:38:58 -------- d-----w- C:\Users\Mike\AppData\Local\{FC6E4C32-8AD5-44D0-9CF1-0A8921771937} 2012-07-12 11:45:50 3148800 ----a-w- C:\Windows\System32\win32k.sys 2012-07-11 21:02:12 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll 2012-07-11 21:02:12 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll 2012-07-11 20:40:11 -------- d-----w- C:\Users\Mike\AppData\Local\{7CA062AB-1136-457F-AD21-EC3602D481C5} 2012-07-11 20:40:00 -------- d-----w- C:\Users\Mike\AppData\Local\{8B08E07F-FF71-4424-86E3-A84587EFDE8A} 2012-07-10 23:50:17 -------- d-----w- C:\Users\Mike\AppData\Roaming\IDT 2012-07-10 23:34:54 -------- d-----w- C:\Users\Mike\AppData\Local\{1012B80F-8B4B-4BB3-8941-6307EF586C80} 2012-07-10 23:34:43 -------- d-----w- C:\Users\Mike\AppData\Local\{31679D84-3EF8-4D39-BB91-5F22B2847FE3} 2012-07-08 21:43:31 -------- d-----w- C:\ProgramData\Blizzard Entertainment 2012-07-08 21:43:31 -------- d-----w- C:\Program Files (x86)\Diablo III 2012-07-08 21:43:31 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment 2012-07-08 21:43:03 -------- d-----w- C:\ProgramData\Battle.net 2012-07-08 21:34:20 -------- d-----w- C:\Users\Mike\AppData\Local\{220060F2-D19C-482E-B02A-F4701E9B6C71} 2012-07-08 21:34:08 -------- d-----w- C:\Users\Mike\AppData\Local\{2B0E87B8-6B4A-4B5E-BEAE-747F24AEE784} 2012-06-23 00:21:42 -------- d-----w- C:\Users\Mike\AppData\Local\{389BBC0C-266C-48ED-A282-0DA6DDBD556A} 2012-06-22 11:24:58 -------- d-----w- C:\Users\Mike\AppData\Local\{B5622D7D-5F39-45F3-ADCE-FD26A7D7AA2E} 2012-06-22 11:24:47 -------- d-----w- C:\Users\Mike\AppData\Local\{47B7DFD3-5C27-4D95-8FCC-47E92D46AF79} 2012-06-21 17:52:50 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2012-06-21 17:52:48 99840 ----a-w- C:\Windows\System32\wudriver.dll 2012-06-21 17:52:48 36864 ----a-w- C:\Windows\System32\wuapp.exe 2012-06-21 17:52:48 186752 ----a-w- C:\Windows\System32\wuwebv.dll . ==================== Find3M ==================== . 2012-07-12 00:25:07 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-12 00:25:07 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-07-12 00:25:02 9822920 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe 2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll 2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll 2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll 2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll 2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll 2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll 2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll 2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys 2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll 2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll 2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll 2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll 2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll 2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll 2012-05-31 16:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe 2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll 2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll 2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll 2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe 2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll 2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll 2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll 2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll 2012-04-19 08:50:26 28480 ----a-w- C:\Windows\System32\drivers\avgidsha.sys . ============= FINISH: 17:12:36.94 =============== ----------------------------------------------------------------------------------------------------------------------------------------------------------------- . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 3/10/2012 11:03:20 AM System Uptime: 7/17/2012 4:36:30 PM (1 hours ago) . Motherboard: Alienware | | M17xR3 Processor: Intel® Core i7-2760QM CPU @ 2.40GHz | CPU1 | 2401/1600mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 229 GiB total, 88.269 GiB free. D: is FIXED (NTFS) - 699 GiB total, 467.01 GiB free. E: is CDROM (UDF) . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Advanced Audio FX Engine AlienRespawn AlienRespawn - Support Software Alienware M17x Manual Alienware On-Screen Display Apple Application Support Apple Software Update Assassin's Creed Assassin's Creed II AVG PC Tuneup Banctec Service Agreement Batman: Arkham Asylum Batman: Arkham City™ Bigfoot Networks Killer Network Manager Command Center D3DX10 DC Universe Online Live Diablo III DirectX 9 Runtime Dual-Core Optimizer EMSC IDT Audio Integrated Webcam Live! Central Intel® Processor Graphics Intel® Rapid Storage Technology Java Auto Updater Java 7 Update 1 Malwarebytes Anti-Malware version 1.62.0.1300 Microsoft Games for Windows - LIVE Redistributable Microsoft Games for Windows Marketplace Microsoft Silverlight Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Mozilla Firefox 13.0.1 (x86 en-US) Mozilla Maintenance Service MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) NVIDIA PhysX NVIDIA Stereoscopic 3D Driver PhotoShowExpress QuickTime Rootkit Unhooker Uninstall Roxio Activation Module Roxio BackOnTrack Roxio Burn Roxio Creator Starter Roxio Express Labeler 3 Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Sonic CinePlayer Decoder Pack Star Wars: The Old Republic Steam The Elder Scrolls V: Skyrim Ubisoft Game Launcher Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Visual Studio 2008 x64 Redistributables Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Messenger Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack WinRAR 4.20 (32-bit) . ==== Event Viewer Messages From Past Week ======== . 7/17/2012 8:08:58 AM, Error: Application Popup [1060] - \SystemRoot\SysWow64\Drivers\rkhdrv40.SYS has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. 7/17/2012 5:01:01 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgfws service. 7/17/2012 4:37:58 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service. 7/17/2012 4:36:53 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000009f (0x0000000000000003, 0xfffffa800d7faa10, 0xfffff80000b9c3d8, 0xfffffa801d7a7ab0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 071712-23244-01. 7/16/2012 8:59:45 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 7/16/2012 8:59:26 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. 7/16/2012 8:54:01 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. . ==== End Of File =========================== Attach.txt DDS.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.