Jump to content

eschwebach

Members
  • Posts

    16
  • Joined

  • Last visited

Everything posted by eschwebach

  1. Here are the results: Results of screen317's Security Check version 0.99.50 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.62.0.1300 JavaFX 2.1.1 Java 7 Update 5 Java version out of Date! Adobe Flash Player 11.3.300.271 Flash Player out of Date! Adobe Reader 9 Adobe Reader out of Date! Mozilla Firefox (15.0) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log`````````````````````` Thank you very much for your help!
  2. PC seems to be running fine now. IE is working normally once again. Malwarebytes Anti-Malware (PRO) 1.62.0.1300 www.malwarebytes.org Database version: v2012.09.05.11 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Schwebach :: SCHWEBACH-PC [administrator] Protection: Enabled 9/5/2012 7:36:00 PM mbam-log-2012-09-05 (19-36-00).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 207297 Time elapsed: 2 minute(s), 10 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  3. Mr C, here is the new RogueKiller log: RogueKiller V8.0.2 [08/31/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Schwebach [Admin rights] Mode : Scan -- Date : 09/05/2012 19:15:34 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 10 ¤¤¤ [TASK][sUSP PATH] Carbonite Upgrade Check : "C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe" -> FOUND [TASK][sUSP PATH] {5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} : "C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe" -> FOUND [TASK][PREVRUN] ProgramDataUpdater : C:\Windows\System32\rundll32.exe -> FOUND [TASK][PREVRUN] Proxy : C:\Windows\System32\rundll32.exe -> FOUND [TASK][PREVRUN] SR : C:\Windows\System32\rundll32.exe -> FOUND [TASK][PREVRUN] IpAddressConflict1 : C:\Windows\System32\rundll32.exe -> FOUND [TASK][PREVRUN] IpAddressConflict2 : C:\Windows\System32\rundll32.exe -> FOUND [TASK][PREVRUN] AutomaticBackup : C:\Windows\System32\rundll32.exe -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: Hitachi HDT721010SLA360 +++++ --- User --- [MBR] f6b89eec92b09a30355e356160a177ab [bSP] 96d28c3049c224e94bf4242e094a666b : Windows Vista MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 500 Mo 1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 1026048 | Size: 40960 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 84912128 | Size: 912407 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1].txt >> RKreport[1].txt
  4. I then ran MBAM and it came back with no malicious items. However, my IE still doesn't work correctly so I ran Roguekiller again and here is the ouput. RogueKiller V8.0.2 [08/31/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Schwebach [Admin rights] Mode : Scan -- Date : 09/05/2012 16:50:20 ¤¤¤ Bad processes : 1 ¤¤¤ [sUSP PATH][DLL] rundll32.exe -- C:\Windows\SysWOW64\rundll32.exe : -> KILLED [TermProc] ¤¤¤ Registry Entries : 15 ¤¤¤ [RUN][bLACKLIST DLL] HKCU\[...]\Run : iprol (rundll32.exe "C:\Users\Schwebach\AppData\Roaming\iprol.dll",Warn) -> FOUND [RUN][bLACKLIST DLL] HKLM\[...]\Run : iprol ("C:\Windows\System32\rundll32.exe" "C:\Users\Schwebach\AppData\Roaming\iprol.dll",Warn) -> FOUND [RUN][bLACKLIST DLL] HKLM\[...]\Run : uiews (rundll32.exe "C:\Users\Schwebach\AppData\Roaming\uiews.dll",UpdateTextureState) -> FOUND [RUN][bLACKLIST DLL] HKUS\S-1-5-21-609828940-4030701919-2344594656-1002[...]\Run : iprol (rundll32.exe "C:\Users\Schwebach\AppData\Roaming\iprol.dll",Warn) -> FOUND [TASK][sUSP PATH] Carbonite Upgrade Check : "C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe" -> FOUND [TASK][sUSP PATH] {5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} : "C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe" -> FOUND [HJPOL] HKCU\[...]\System : disableregistrytools (0) -> FOUND [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND [HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND [HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND [HJ SMENU] HKCU\[...]\Advanced : Start_TrackProgs (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-21-609828940-4030701919-2344594656-1002\$f53a53674fca325a714d1f5d6955c7e1\n.) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ZeroAccess ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: Hitachi HDT721010SLA360 +++++ --- User --- [MBR] f6b89eec92b09a30355e356160a177ab [bSP] 96d28c3049c224e94bf4242e094a666b : Windows Vista MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 500 Mo 1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 1026048 | Size: 40960 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 84912128 | Size: 912407 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1].txt >> RKreport[1].txt
  5. I downloaded and ran Tdsskiller and here is the output: 16:33:50.0967 2916 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48 16:33:51.0343 2916 ============================================================ 16:33:51.0343 2916 Current date / time: 2012/09/05 16:33:51.0343 16:33:51.0343 2916 SystemInfo: 16:33:51.0343 2916 16:33:51.0343 2916 OS Version: 6.1.7601 ServicePack: 1.0 16:33:51.0343 2916 Product type: Workstation 16:33:51.0343 2916 ComputerName: SCHWEBACH-PC 16:33:51.0343 2916 UserName: Schwebach 16:33:51.0343 2916 Windows directory: C:\Windows 16:33:51.0343 2916 System windows directory: C:\Windows 16:33:51.0343 2916 Running under WOW64 16:33:51.0343 2916 Processor architecture: Intel x64 16:33:51.0343 2916 Number of processors: 4 16:33:51.0343 2916 Page size: 0x1000 16:33:51.0343 2916 Boot type: Normal boot 16:33:51.0343 2916 ============================================================ 16:33:51.0646 2916 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 16:33:51.0669 2916 ============================================================ 16:33:51.0669 2916 \Device\Harddisk0\DR0: 16:33:51.0669 2916 MBR partitions: 16:33:51.0669 2916 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xFA000 16:33:51.0672 2916 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xFB000, BlocksNum 0x4FFF800 16:33:51.0672 2916 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x50FA800, BlocksNum 0x6F60B800 16:33:51.0672 2916 ============================================================ 16:33:51.0686 2916 C: <-> \Device\Harddisk0\DR0\Partition3 16:33:51.0714 2916 D: <-> \Device\Harddisk0\DR0\Partition2 16:33:51.0714 2916 ============================================================ 16:33:51.0714 2916 Initialize success 16:33:51.0714 2916 ============================================================ 16:34:20.0811 5536 ============================================================ 16:34:20.0812 5536 Scan started 16:34:20.0812 5536 Mode: Manual; SigCheck; TDLFS; 16:34:20.0812 5536 ============================================================ 16:34:21.0219 5536 ================ Scan system memory ======================== 16:34:21.0219 5536 System memory - ok 16:34:21.0220 5536 ================ Scan services ============================= 16:34:21.0372 5536 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 16:34:21.0487 5536 1394ohci - ok 16:34:21.0522 5536 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 16:34:21.0549 5536 ACPI - ok 16:34:21.0577 5536 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 16:34:21.0642 5536 AcpiPmi - ok 16:34:21.0734 5536 [ 34400005DE52842C4D6D4EE978B4D7CE ] AdobeActiveFileMonitor8.0 C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe 16:34:21.0747 5536 AdobeActiveFileMonitor8.0 - ok 16:34:21.0832 5536 [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 16:34:21.0856 5536 AdobeFlashPlayerUpdateSvc - ok 16:34:21.0898 5536 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys 16:34:21.0936 5536 adp94xx - ok 16:34:21.0948 5536 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys 16:34:21.0967 5536 adpahci - ok 16:34:21.0979 5536 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys 16:34:21.0991 5536 adpu320 - ok 16:34:22.0044 5536 [ E005682AE8F8EC4EB05F2A70A16EA1C5 ] AE1000 C:\Windows\system32\DRIVERS\ae1000w7.sys 16:34:22.0063 5536 AE1000 - ok 16:34:22.0092 5536 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 16:34:22.0227 5536 AeLookupSvc - ok 16:34:22.0269 5536 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 16:34:22.0338 5536 AFD - ok 16:34:22.0379 5536 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 16:34:22.0400 5536 agp440 - ok 16:34:22.0425 5536 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 16:34:22.0479 5536 ALG - ok 16:34:22.0519 5536 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 16:34:22.0533 5536 aliide - ok 16:34:22.0695 5536 [ AAA1F9D4CF4C976C21BCA8AFA2BAE6A4 ] AllShare C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe 16:34:22.0812 5536 AllShare ( UnsignedFile.Multi.Generic ) - warning 16:34:22.0812 5536 AllShare - detected UnsignedFile.Multi.Generic (1) 16:34:22.0841 5536 [ F687D4976EFF550FB0BE45A5CB19F18F ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe 16:34:22.0897 5536 AMD External Events Utility - ok 16:34:22.0930 5536 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 16:34:22.0953 5536 amdide - ok 16:34:22.0966 5536 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 16:34:23.0031 5536 AmdK8 - ok 16:34:23.0181 5536 [ 74687C33C4AD25A975BBB1EA1E8B3884 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys 16:34:23.0312 5536 amdkmdag - ok 16:34:23.0329 5536 [ C7F56ED86327A78E7F8A5CC503A98BD6 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys 16:34:23.0353 5536 amdkmdap - ok 16:34:23.0375 5536 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 16:34:23.0405 5536 AmdPPM - ok 16:34:23.0452 5536 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys 16:34:23.0476 5536 amdsata - ok 16:34:23.0499 5536 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys 16:34:23.0517 5536 amdsbs - ok 16:34:23.0529 5536 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys 16:34:23.0539 5536 amdxata - ok 16:34:23.0581 5536 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 16:34:23.0718 5536 AppID - ok 16:34:23.0744 5536 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 16:34:23.0801 5536 AppIDSvc - ok 16:34:23.0845 5536 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll 16:34:23.0883 5536 Appinfo - ok 16:34:23.0982 5536 [ 3DEBBECF665DCDDE3A95D9B902010817 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 16:34:23.0999 5536 Apple Mobile Device - ok 16:34:24.0026 5536 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys 16:34:24.0040 5536 arc - ok 16:34:24.0053 5536 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys 16:34:24.0067 5536 arcsas - ok 16:34:24.0103 5536 aspnet_state - ok 16:34:24.0116 5536 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 16:34:24.0163 5536 AsyncMac - ok 16:34:24.0197 5536 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 16:34:24.0205 5536 atapi - ok 16:34:24.0248 5536 [ 2D648572BA9A610952FCAFBA1E119C2D ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys 16:34:24.0275 5536 AtiHdmiService - ok 16:34:24.0400 5536 [ 74687C33C4AD25A975BBB1EA1E8B3884 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys 16:34:24.0471 5536 atikmdag - ok 16:34:24.0512 5536 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 16:34:24.0587 5536 AudioEndpointBuilder - ok 16:34:24.0594 5536 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 16:34:24.0627 5536 AudioSrv - ok 16:34:24.0666 5536 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 16:34:24.0747 5536 AxInstSV - ok 16:34:24.0774 5536 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys 16:34:24.0827 5536 b06bdrv - ok 16:34:24.0844 5536 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 16:34:24.0882 5536 b57nd60a - ok 16:34:24.0917 5536 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 16:34:24.0958 5536 BDESVC - ok 16:34:25.0003 5536 [ BEC0D79B5C2A8EBDD9D50998D8B47DE7 ] bdisk C:\Windows\syswow64\drivers\bdisk.sys 16:34:25.0011 5536 bdisk - ok 16:34:25.0033 5536 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 16:34:25.0079 5536 Beep - ok 16:34:25.0120 5536 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll 16:34:25.0182 5536 BFE - ok 16:34:25.0205 5536 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 16:34:25.0220 5536 blbdrive - ok 16:34:25.0291 5536 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 16:34:25.0329 5536 Bonjour Service - ok 16:34:25.0359 5536 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 16:34:25.0378 5536 bowser - ok 16:34:25.0392 5536 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys 16:34:25.0479 5536 BrFiltLo - ok 16:34:25.0491 5536 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys 16:34:25.0515 5536 BrFiltUp - ok 16:34:25.0538 5536 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys 16:34:25.0582 5536 BridgeMP - ok 16:34:25.0610 5536 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll 16:34:25.0636 5536 Browser - ok 16:34:25.0645 5536 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 16:34:25.0672 5536 Brserid - ok 16:34:25.0680 5536 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 16:34:25.0702 5536 BrSerWdm - ok 16:34:25.0704 5536 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 16:34:25.0737 5536 BrUsbMdm - ok 16:34:25.0757 5536 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 16:34:25.0768 5536 BrUsbSer - ok 16:34:25.0780 5536 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 16:34:25.0812 5536 BTHMODEM - ok 16:34:25.0841 5536 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 16:34:25.0889 5536 bthserv - ok 16:34:26.0028 5536 [ 33E43A31AC6AC6BA95D4772D8CCA076F ] CarboniteService C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe 16:34:26.0112 5536 CarboniteService - ok 16:34:26.0135 5536 [ F64A6F55E3154DB0082A15ACB7F4214E ] CBUfs C:\Windows\syswow64\DRIVERS\CBUFS.sys 16:34:26.0143 5536 CBUfs - ok 16:34:26.0165 5536 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 16:34:26.0211 5536 cdfs - ok 16:34:26.0248 5536 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys 16:34:26.0276 5536 cdrom - ok 16:34:26.0316 5536 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 16:34:26.0411 5536 CertPropSvc - ok 16:34:26.0429 5536 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys 16:34:26.0456 5536 circlass - ok 16:34:26.0488 5536 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 16:34:26.0502 5536 CLFS - ok 16:34:26.0524 5536 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 16:34:26.0534 5536 clr_optimization_v2.0.50727_32 - ok 16:34:26.0577 5536 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 16:34:26.0587 5536 clr_optimization_v2.0.50727_64 - ok 16:34:26.0667 5536 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 16:34:26.0697 5536 clr_optimization_v4.0.30319_32 - ok 16:34:26.0728 5536 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 16:34:26.0739 5536 clr_optimization_v4.0.30319_64 - ok 16:34:26.0763 5536 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 16:34:26.0789 5536 CmBatt - ok 16:34:26.0813 5536 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 16:34:26.0824 5536 cmdide - ok 16:34:26.0865 5536 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys 16:34:26.0886 5536 CNG - ok 16:34:26.0899 5536 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 16:34:26.0908 5536 Compbatt - ok 16:34:26.0936 5536 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 16:34:26.0965 5536 CompositeBus - ok 16:34:26.0968 5536 COMSysApp - ok 16:34:26.0989 5536 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys 16:34:26.0998 5536 crcdisk - ok 16:34:27.0022 5536 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll 16:34:27.0078 5536 CryptSvc - ok 16:34:27.0129 5536 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 16:34:27.0190 5536 DcomLaunch - ok 16:34:27.0207 5536 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 16:34:27.0253 5536 defragsvc - ok 16:34:27.0302 5536 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 16:34:27.0381 5536 DfsC - ok 16:34:27.0425 5536 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 16:34:27.0487 5536 Dhcp - ok 16:34:27.0508 5536 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 16:34:27.0546 5536 discache - ok 16:34:27.0578 5536 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys 16:34:27.0587 5536 Disk - ok 16:34:27.0617 5536 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 16:34:27.0659 5536 Dnscache - ok 16:34:27.0693 5536 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 16:34:27.0756 5536 dot3svc - ok 16:34:27.0769 5536 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 16:34:27.0810 5536 DPS - ok 16:34:27.0830 5536 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 16:34:27.0843 5536 drmkaud - ok 16:34:27.0877 5536 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 16:34:27.0896 5536 DXGKrnl - ok 16:34:27.0920 5536 [ 416A2007878ED1D6FC5DDDB9E1F6DB3E ] e1express C:\Windows\system32\DRIVERS\e1e6032e.sys 16:34:27.0954 5536 e1express - ok 16:34:27.0979 5536 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 16:34:28.0032 5536 EapHost - ok 16:34:28.0114 5536 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys 16:34:28.0189 5536 ebdrv - ok 16:34:28.0216 5536 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 16:34:28.0263 5536 EFS - ok 16:34:28.0321 5536 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 16:34:28.0399 5536 ehRecvr - ok 16:34:28.0424 5536 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 16:34:28.0454 5536 ehSched - ok 16:34:28.0488 5536 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys 16:34:28.0514 5536 elxstor - ok 16:34:28.0560 5536 [ 7DB097F4F6786307168C0DDDEC43A565 ] EPSON_EB_RPCV4_04 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE 16:34:28.0601 5536 EPSON_EB_RPCV4_04 - ok 16:34:28.0617 5536 [ 258AA65A0862E19B7DE6981FDA3758AD ] EPSON_PM_RPCV4_04 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE 16:34:28.0641 5536 EPSON_PM_RPCV4_04 - ok 16:34:28.0666 5536 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 16:34:28.0687 5536 ErrDev - ok 16:34:28.0714 5536 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 16:34:28.0761 5536 EventSystem - ok 16:34:28.0779 5536 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 16:34:28.0811 5536 exfat - ok 16:34:28.0819 5536 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 16:34:28.0850 5536 fastfat - ok 16:34:28.0885 5536 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 16:34:28.0911 5536 Fax - ok 16:34:28.0928 5536 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys 16:34:28.0943 5536 fdc - ok 16:34:28.0962 5536 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 16:34:28.0992 5536 fdPHost - ok 16:34:29.0003 5536 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 16:34:29.0041 5536 FDResPub - ok 16:34:29.0056 5536 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 16:34:29.0066 5536 FileInfo - ok 16:34:29.0072 5536 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 16:34:29.0123 5536 Filetrace - ok 16:34:29.0199 5536 [ D4C0E5C287AAD7FF3176731A310AB2AF ] Fitbit C:\Program Files (x86)\Fitbit\fitbit.exe 16:34:29.0229 5536 Fitbit - ok 16:34:29.0272 5536 [ ABEDFD48AC042C6AAAD32452E77217A1 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe 16:34:29.0294 5536 FLEXnet Licensing Service - ok 16:34:29.0364 5536 [ B8602C90D3C427D8A86CE60437615CF5 ] FlipShare Service C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe 16:34:29.0379 5536 FlipShare Service - ok 16:34:29.0426 5536 [ AC5FB7094F31534594CAE48306972CBD ] FlipShareServer C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe 16:34:29.0464 5536 FlipShareServer ( UnsignedFile.Multi.Generic ) - warning 16:34:29.0464 5536 FlipShareServer - detected UnsignedFile.Multi.Generic (1) 16:34:29.0489 5536 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 16:34:29.0506 5536 flpydisk - ok 16:34:29.0536 5536 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 16:34:29.0555 5536 FltMgr - ok 16:34:29.0593 5536 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll 16:34:29.0653 5536 FontCache - ok 16:34:29.0684 5536 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 16:34:29.0691 5536 FontCache3.0.0.0 - ok 16:34:29.0714 5536 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 16:34:29.0726 5536 FsDepends - ok 16:34:29.0748 5536 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 16:34:29.0758 5536 Fs_Rec - ok 16:34:29.0795 5536 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 16:34:29.0812 5536 fvevol - ok 16:34:29.0829 5536 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys 16:34:29.0840 5536 gagp30kx - ok 16:34:29.0863 5536 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 16:34:29.0870 5536 GEARAspiWDM - ok 16:34:29.0903 5536 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 16:34:29.0962 5536 gpsvc - ok 16:34:30.0011 5536 [ B9893A68032A6D9ADDB5B98287C630F7 ] grmnusb C:\Windows\system32\drivers\grmnusb.sys 16:34:30.0019 5536 grmnusb - ok 16:34:30.0091 5536 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 16:34:30.0110 5536 gupdate - ok 16:34:30.0126 5536 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 16:34:30.0138 5536 gupdatem - ok 16:34:30.0157 5536 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe 16:34:30.0167 5536 gusvc - ok 16:34:30.0185 5536 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 16:34:30.0234 5536 hcw85cir - ok 16:34:30.0273 5536 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 16:34:30.0325 5536 HdAudAddService - ok 16:34:30.0365 5536 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys 16:34:30.0405 5536 HDAudBus - ok 16:34:30.0428 5536 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys 16:34:30.0443 5536 HidBatt - ok 16:34:30.0454 5536 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys 16:34:30.0475 5536 HidBth - ok 16:34:30.0479 5536 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 16:34:30.0494 5536 HidIr - ok 16:34:30.0506 5536 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll 16:34:30.0542 5536 hidserv - ok 16:34:30.0578 5536 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys 16:34:30.0591 5536 HidUsb - ok 16:34:30.0625 5536 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 16:34:30.0689 5536 hkmsvc - ok 16:34:30.0724 5536 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 16:34:30.0768 5536 HomeGroupListener - ok 16:34:30.0804 5536 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 16:34:30.0823 5536 HomeGroupProvider - ok 16:34:30.0851 5536 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 16:34:30.0864 5536 HpSAMD - ok 16:34:30.0894 5536 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 16:34:30.0944 5536 HTTP - ok 16:34:30.0952 5536 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 16:34:30.0962 5536 hwpolicy - ok 16:34:31.0003 5536 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys 16:34:31.0014 5536 i8042prt - ok 16:34:31.0035 5536 [ ABBF174CB394F5C437410A788B7E404A ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys 16:34:31.0048 5536 iaStor - ok 16:34:31.0082 5536 [ 31A0E93CDF29007D6C6FFFB632F375ED ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe 16:34:31.0094 5536 IAStorDataMgrSvc - ok 16:34:31.0135 5536 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 16:34:31.0158 5536 iaStorV - ok 16:34:31.0199 5536 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 16:34:31.0229 5536 idsvc - ok 16:34:31.0252 5536 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys 16:34:31.0262 5536 iirsp - ok 16:34:31.0309 5536 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 16:34:31.0373 5536 IKEEXT - ok 16:34:31.0447 5536 [ F5872A11EB4F6DB170D636CD4E53CA9F ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys 16:34:31.0505 5536 IntcAzAudAddService - ok 16:34:31.0533 5536 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 16:34:31.0542 5536 intelide - ok 16:34:31.0560 5536 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 16:34:31.0582 5536 intelppm - ok 16:34:31.0607 5536 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 16:34:31.0647 5536 IPBusEnum - ok 16:34:31.0668 5536 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 16:34:31.0719 5536 IpFilterDriver - ok 16:34:31.0769 5536 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 16:34:31.0836 5536 iphlpsvc - ok 16:34:31.0862 5536 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 16:34:31.0894 5536 IPMIDRV - ok 16:34:31.0932 5536 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 16:34:31.0971 5536 IPNAT - ok 16:34:32.0034 5536 [ 46D249F9DB7844CC01050A9345F0F61B ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 16:34:32.0056 5536 iPod Service - ok 16:34:32.0074 5536 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 16:34:32.0097 5536 IRENUM - ok 16:34:32.0111 5536 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 16:34:32.0120 5536 isapnp - ok 16:34:32.0148 5536 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 16:34:32.0161 5536 iScsiPrt - ok 16:34:32.0176 5536 [ 75DDB94A2A24F9F7037D10A2DDA06D36 ] JRAID C:\Windows\system32\DRIVERS\jraid.sys 16:34:32.0184 5536 JRAID - ok 16:34:32.0221 5536 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys 16:34:32.0241 5536 kbdclass - ok 16:34:32.0271 5536 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys 16:34:32.0304 5536 kbdhid - ok 16:34:32.0333 5536 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 16:34:32.0349 5536 KeyIso - ok 16:34:32.0378 5536 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 16:34:32.0392 5536 KSecDD - ok 16:34:32.0421 5536 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 16:34:32.0433 5536 KSecPkg - ok 16:34:32.0446 5536 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 16:34:32.0485 5536 ksthunk - ok 16:34:32.0503 5536 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 16:34:32.0552 5536 KtmRm - ok 16:34:32.0589 5536 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll 16:34:32.0625 5536 LanmanServer - ok 16:34:32.0650 5536 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 16:34:32.0694 5536 LanmanWorkstation - ok 16:34:32.0713 5536 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 16:34:32.0756 5536 lltdio - ok 16:34:32.0797 5536 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 16:34:32.0862 5536 lltdsvc - ok 16:34:32.0882 5536 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 16:34:32.0911 5536 lmhosts - ok 16:34:32.0938 5536 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys 16:34:32.0949 5536 LSI_FC - ok 16:34:32.0954 5536 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys 16:34:32.0964 5536 LSI_SAS - ok 16:34:32.0974 5536 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys 16:34:32.0983 5536 LSI_SAS2 - ok 16:34:32.0988 5536 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys 16:34:32.0998 5536 LSI_SCSI - ok 16:34:33.0019 5536 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 16:34:33.0058 5536 luafv - ok 16:34:33.0096 5536 [ B3944D06EB4B64D57BD7E5FE89415F58 ] LVPr2M64 C:\Windows\system32\DRIVERS\LVPr2M64.sys 16:34:33.0109 5536 LVPr2M64 - ok 16:34:33.0117 5536 [ B3944D06EB4B64D57BD7E5FE89415F58 ] LVPr2Mon C:\Windows\system32\DRIVERS\LVPr2M64.sys 16:34:33.0127 5536 LVPr2Mon - ok 16:34:33.0153 5536 [ 9CD0DC863BE5D40A762F7D84F11A8471 ] LVPrcS64 C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe 16:34:33.0160 5536 LVPrcS64 - ok 16:34:33.0177 5536 [ 8F0DD6EF66EF33E3D58FF8FBC7B6A1A6 ] LVRS64 C:\Windows\system32\DRIVERS\lvrs64.sys 16:34:33.0189 5536 LVRS64 - ok 16:34:33.0282 5536 [ F012F568C99A45F4ECD0B939C621B1A4 ] LVUVC64 C:\Windows\system32\DRIVERS\lvuvc64.sys 16:34:33.0369 5536 LVUVC64 - ok 16:34:33.0415 5536 [ DC8490812A3B72811AE534F423B4C206 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys 16:34:33.0423 5536 MBAMProtector - ok 16:34:33.0477 5536 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 16:34:33.0493 5536 MBAMService - ok 16:34:33.0518 5536 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 16:34:33.0537 5536 Mcx2Svc - ok 16:34:33.0546 5536 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys 16:34:33.0557 5536 megasas - ok 16:34:33.0567 5536 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys 16:34:33.0582 5536 MegaSR - ok 16:34:33.0624 5536 Microsoft SharePoint Workspace Audit Service - ok 16:34:33.0644 5536 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 16:34:33.0682 5536 MMCSS - ok 16:34:33.0685 5536 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 16:34:33.0721 5536 Modem - ok 16:34:33.0731 5536 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 16:34:33.0752 5536 monitor - ok 16:34:33.0779 5536 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys 16:34:33.0787 5536 mouclass - ok 16:34:33.0802 5536 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 16:34:33.0813 5536 mouhid - ok 16:34:33.0835 5536 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 16:34:33.0845 5536 mountmgr - ok 16:34:33.0889 5536 [ E8D79312373F254DC13F3965BDB3D521 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 16:34:33.0898 5536 MozillaMaintenance - ok 16:34:33.0931 5536 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 16:34:33.0944 5536 mpio - ok 16:34:33.0960 5536 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 16:34:33.0997 5536 mpsdrv - ok 16:34:34.0060 5536 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll 16:34:34.0115 5536 MpsSvc - ok 16:34:34.0136 5536 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 16:34:34.0173 5536 MRxDAV - ok 16:34:34.0200 5536 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 16:34:34.0226 5536 mrxsmb - ok 16:34:34.0256 5536 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 16:34:34.0285 5536 mrxsmb10 - ok 16:34:34.0301 5536 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 16:34:34.0316 5536 mrxsmb20 - ok 16:34:34.0339 5536 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 16:34:34.0348 5536 msahci - ok 16:34:34.0376 5536 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 16:34:34.0387 5536 msdsm - ok 16:34:34.0396 5536 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 16:34:34.0425 5536 MSDTC - ok 16:34:34.0463 5536 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 16:34:34.0496 5536 Msfs - ok 16:34:34.0507 5536 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 16:34:34.0555 5536 mshidkmdf - ok 16:34:34.0572 5536 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 16:34:34.0581 5536 msisadrv - ok 16:34:34.0604 5536 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 16:34:34.0643 5536 MSiSCSI - ok 16:34:34.0646 5536 msiserver - ok 16:34:34.0666 5536 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 16:34:34.0705 5536 MSKSSRV - ok 16:34:34.0723 5536 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 16:34:34.0754 5536 MSPCLOCK - ok 16:34:34.0769 5536 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 16:34:34.0802 5536 MSPQM - ok 16:34:34.0836 5536 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 16:34:34.0865 5536 MsRPC - ok 16:34:34.0895 5536 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 16:34:34.0907 5536 mssmbios - ok 16:34:34.0925 5536 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 16:34:34.0974 5536 MSTEE - ok 16:34:34.0981 5536 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys 16:34:35.0004 5536 MTConfig - ok 16:34:35.0015 5536 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 16:34:35.0031 5536 Mup - ok 16:34:35.0068 5536 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 16:34:35.0109 5536 napagent - ok 16:34:35.0131 5536 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 16:34:35.0158 5536 NativeWifiP - ok 16:34:35.0201 5536 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys 16:34:35.0224 5536 NDIS - ok 16:34:35.0232 5536 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 16:34:35.0263 5536 NdisCap - ok 16:34:35.0275 5536 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 16:34:35.0305 5536 NdisTapi - ok 16:34:35.0335 5536 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 16:34:35.0377 5536 Ndisuio - ok 16:34:35.0400 5536 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 16:34:35.0442 5536 NdisWan - ok 16:34:35.0467 5536 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 16:34:35.0499 5536 NDProxy - ok 16:34:35.0514 5536 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 16:34:35.0568 5536 NetBIOS - ok 16:34:35.0595 5536 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 16:34:35.0631 5536 NetBT - ok 16:34:35.0640 5536 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 16:34:35.0652 5536 Netlogon - ok 16:34:35.0683 5536 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 16:34:35.0735 5536 Netman - ok 16:34:35.0748 5536 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 16:34:35.0791 5536 netprofm - ok 16:34:35.0815 5536 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 16:34:35.0824 5536 NetTcpPortSharing - ok 16:34:35.0845 5536 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys 16:34:35.0854 5536 nfrd960 - ok 16:34:35.0890 5536 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll 16:34:35.0936 5536 NlaSvc - ok 16:34:35.0950 5536 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 16:34:35.0980 5536 Npfs - ok 16:34:35.0994 5536 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 16:34:36.0044 5536 nsi - ok 16:34:36.0060 5536 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 16:34:36.0110 5536 nsiproxy - ok 16:34:36.0157 5536 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 16:34:36.0206 5536 Ntfs - ok 16:34:36.0221 5536 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 16:34:36.0251 5536 Null - ok 16:34:36.0287 5536 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys 16:34:36.0298 5536 nvraid - ok 16:34:36.0331 5536 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys 16:34:36.0344 5536 nvstor - ok 16:34:36.0365 5536 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 16:34:36.0377 5536 nv_agp - ok 16:34:36.0407 5536 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 16:34:36.0421 5536 ohci1394 - ok 16:34:36.0459 5536 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 16:34:36.0469 5536 ose - ok 16:34:36.0584 5536 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 16:34:36.0654 5536 osppsvc - ok 16:34:36.0687 5536 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 16:34:36.0720 5536 p2pimsvc - ok 16:34:36.0731 5536 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 16:34:36.0747 5536 p2psvc - ok 16:34:36.0766 5536 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys 16:34:36.0777 5536 Parport - ok 16:34:36.0804 5536 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 16:34:36.0813 5536 partmgr - ok 16:34:36.0834 5536 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 16:34:36.0855 5536 PcaSvc - ok 16:34:36.0883 5536 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 16:34:36.0895 5536 pci - ok 16:34:36.0915 5536 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 16:34:36.0925 5536 pciide - ok 16:34:36.0943 5536 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 16:34:36.0957 5536 pcmcia - ok 16:34:36.0968 5536 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 16:34:36.0978 5536 pcw - ok 16:34:36.0994 5536 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 16:34:37.0050 5536 PEAUTH - ok 16:34:37.0096 5536 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 16:34:37.0121 5536 PerfHost - ok 16:34:37.0172 5536 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 16:34:37.0227 5536 pla - ok 16:34:37.0258 5536 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 16:34:37.0287 5536 PlugPlay - ok 16:34:37.0308 5536 PnkBstrA - ok 16:34:37.0324 5536 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 16:34:37.0349 5536 PNRPAutoReg - ok 16:34:37.0371 5536 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 16:34:37.0384 5536 PNRPsvc - ok 16:34:37.0434 5536 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 16:34:37.0494 5536 PolicyAgent - ok 16:34:37.0514 5536 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 16:34:37.0550 5536 Power - ok 16:34:37.0575 5536 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 16:34:37.0605 5536 PptpMiniport - ok 16:34:37.0617 5536 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys 16:34:37.0633 5536 Processor - ok 16:34:37.0661 5536 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll 16:34:37.0690 5536 ProfSvc - ok 16:34:37.0698 5536 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 16:34:37.0709 5536 ProtectedStorage - ok 16:34:37.0740 5536 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 16:34:37.0777 5536 Psched - ok 16:34:37.0794 5536 [ 4712CC14E720ECCCC0AA16949D18AAF1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys 16:34:37.0801 5536 PxHlpa64 - ok 16:34:37.0840 5536 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys 16:34:37.0873 5536 ql2300 - ok 16:34:37.0879 5536 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys 16:34:37.0890 5536 ql40xx - ok 16:34:37.0910 5536 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 16:34:37.0927 5536 QWAVE - ok 16:34:37.0938 5536 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 16:34:37.0967 5536 QWAVEdrv - ok 16:34:37.0970 5536 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 16:34:38.0014 5536 RasAcd - ok 16:34:38.0025 5536 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 16:34:38.0055 5536 RasAgileVpn - ok 16:34:38.0070 5536 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 16:34:38.0112 5536 RasAuto - ok 16:34:38.0136 5536 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 16:34:38.0176 5536 Rasl2tp - ok 16:34:38.0197 5536 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 16:34:38.0230 5536 RasMan - ok 16:34:38.0249 5536 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 16:34:38.0291 5536 RasPppoe - ok 16:34:38.0305 5536 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 16:34:38.0348 5536 RasSstp - ok 16:34:38.0378 5536 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 16:34:38.0417 5536 rdbss - ok 16:34:38.0427 5536 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 16:34:38.0452 5536 rdpbus - ok 16:34:38.0463 5536 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 16:34:38.0494 5536 RDPCDD - ok 16:34:38.0505 5536 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 16:34:38.0546 5536 RDPENCDD - ok 16:34:38.0573 5536 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 16:34:38.0603 5536 RDPREFMP - ok 16:34:38.0627 5536 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 16:34:38.0652 5536 RDPWD - ok 16:34:38.0679 5536 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 16:34:38.0691 5536 rdyboost - ok 16:34:38.0706 5536 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 16:34:38.0756 5536 RemoteAccess - ok 16:34:38.0785 5536 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 16:34:38.0825 5536 RemoteRegistry - ok 16:34:38.0856 5536 [ 7B04C9843921AB1F695FB395422C5360 ] RimUsb C:\Windows\system32\Drivers\RimUsb_AMD64.sys 16:34:38.0873 5536 RimUsb - ok 16:34:38.0935 5536 [ D6E5C42CC027B2648CCA5BACEABAAB03 ] RoxLiveShare10 C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe 16:34:38.0957 5536 RoxLiveShare10 - ok 16:34:38.0987 5536 [ 9896BA507D905C41820DB90225049B57 ] RoxMediaDB10 C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe 16:34:39.0017 5536 RoxMediaDB10 - ok 16:34:39.0037 5536 [ 4DCA97C64975FD0A3A17090A1A78F688 ] RoxWatch10 C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe 16:34:39.0049 5536 RoxWatch10 - ok 16:34:39.0066 5536 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 16:34:39.0112 5536 RpcEptMapper - ok 16:34:39.0133 5536 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 16:34:39.0161 5536 RpcLocator - ok 16:34:39.0192 5536 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll 16:34:39.0226 5536 RpcSs - ok 16:34:39.0254 5536 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 16:34:39.0310 5536 rspndr - ok 16:34:39.0333 5536 [ 7EA8D2EB9BBFD2AB8A3117A1E96D3B3A ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys 16:34:39.0345 5536 RTL8167 - ok 16:34:39.0357 5536 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 16:34:39.0370 5536 SamSs - ok 16:34:39.0396 5536 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 16:34:39.0406 5536 sbp2port - ok 16:34:39.0428 5536 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 16:34:39.0478 5536 SCardSvr - ok 16:34:39.0505 5536 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 16:34:39.0542 5536 scfilter - ok 16:34:39.0589 5536 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 16:34:39.0671 5536 Schedule - ok 16:34:39.0698 5536 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 16:34:39.0730 5536 SCPolicySvc - ok 16:34:39.0763 5536 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 16:34:39.0804 5536 SDRSVC - ok 16:34:39.0814 5536 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 16:34:39.0860 5536 secdrv - ok 16:34:39.0875 5536 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 16:34:39.0905 5536 seclogon - ok 16:34:39.0927 5536 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll 16:34:39.0968 5536 SENS - ok 16:34:39.0978 5536 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 16:34:40.0024 5536 SensrSvc - ok 16:34:40.0033 5536 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 16:34:40.0054 5536 Serenum - ok 16:34:40.0074 5536 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys 16:34:40.0099 5536 Serial - ok 16:34:40.0121 5536 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys 16:34:40.0131 5536 sermouse - ok 16:34:40.0155 5536 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 16:34:40.0194 5536 SessionEnv - ok 16:34:40.0220 5536 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 16:34:40.0245 5536 sffdisk - ok 16:34:40.0259 5536 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 16:34:40.0280 5536 sffp_mmc - ok 16:34:40.0285 5536 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 16:34:40.0301 5536 sffp_sd - ok 16:34:40.0314 5536 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys 16:34:40.0327 5536 sfloppy - ok 16:34:40.0357 5536 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 16:34:40.0398 5536 SharedAccess - ok 16:34:40.0428 5536 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 16:34:40.0472 5536 ShellHWDetection - ok 16:34:40.0480 5536 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys 16:34:40.0489 5536 SiSRaid2 - ok 16:34:40.0494 5536 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys 16:34:40.0504 5536 SiSRaid4 - ok 16:34:40.0544 5536 [ 4C9F8E72F87F50A6125AAA31B63B2D18 ] SIUSBXP C:\Windows\system32\drivers\SiUSBXp.sys 16:34:40.0551 5536 SIUSBXP - ok 16:34:40.0590 5536 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe 16:34:40.0599 5536 SkypeUpdate - ok 16:34:40.0611 5536 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 16:34:40.0658 5536 Smb - ok 16:34:40.0685 5536 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 16:34:40.0700 5536 SNMPTRAP - ok 16:34:40.0712 5536 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 16:34:40.0720 5536 spldr - ok 16:34:40.0756 5536 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe 16:34:40.0783 5536 Spooler - ok 16:34:40.0869 5536 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 16:34:40.0962 5536 sppsvc - ok 16:34:40.0972 5536 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 16:34:41.0004 5536 sppuinotify - ok 16:34:41.0076 5536 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 16:34:41.0114 5536 srv - ok 16:34:41.0142 5536 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 16:34:41.0180 5536 srv2 - ok 16:34:41.0197 5536 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 16:34:41.0230 5536 srvnet - ok 16:34:41.0261 5536 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 16:34:41.0305 5536 SSDPSRV - ok 16:34:41.0324 5536 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 16:34:41.0357 5536 SstpSvc - ok 16:34:41.0368 5536 Steam Client Service - ok 16:34:41.0384 5536 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys 16:34:41.0394 5536 stexstor - ok 16:34:41.0426 5536 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 16:34:41.0461 5536 stisvc - ok 16:34:41.0509 5536 [ FF5EB78AF7DFB68C2FB363537AAF753E ] stllssvr C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe 16:34:41.0525 5536 stllssvr - ok 16:34:41.0552 5536 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys 16:34:41.0569 5536 swenum - ok 16:34:41.0597 5536 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 16:34:41.0644 5536 swprv - ok 16:34:41.0692 5536 [ 08C793F3E5D4124B0826E822E9CAE633 ] SynchronizationService.exe C:\Program Files (x86)\COMODO\COMODO BackUp\SynchronizationService.exe 16:34:41.0719 5536 SynchronizationService.exe - ok 16:34:41.0774 5536 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 16:34:41.0828 5536 SysMain - ok 16:34:41.0855 5536 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 16:34:41.0872 5536 TabletInputService - ok 16:34:41.0883 5536 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 16:34:41.0923 5536 TapiSrv - ok 16:34:41.0939 5536 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 16:34:41.0969 5536 TBS - ok 16:34:42.0028 5536 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 16:34:42.0086 5536 Tcpip - ok 16:34:42.0107 5536 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 16:34:42.0139 5536 TCPIP6 - ok 16:34:42.0167 5536 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 16:34:42.0211 5536 tcpipreg - ok 16:34:42.0240 5536 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 16:34:42.0267 5536 TDPIPE - ok 16:34:42.0296 5536 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 16:34:42.0312 5536 TDTCP - ok 16:34:42.0342 5536 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 16:34:42.0374 5536 tdx - ok 16:34:42.0397 5536 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys 16:34:42.0406 5536 TermDD - ok 16:34:42.0428 5536 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 16:34:42.0466 5536 TermService - ok 16:34:42.0488 5536 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 16:34:42.0515 5536 Themes - ok 16:34:42.0527 5536 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 16:34:42.0556 5536 THREADORDER - ok 16:34:42.0566 5536 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 16:34:42.0617 5536 TrkWks - ok 16:34:42.0650 5536 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 16:34:42.0696 5536 TrustedInstaller - ok 16:34:42.0727 5536 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 16:34:42.0774 5536 tssecsrv - ok 16:34:42.0806 5536 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 16:34:42.0832 5536 TsUsbFlt - ok 16:34:42.0864 5536 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 16:34:42.0902 5536 tunnel - ok 16:34:42.0917 5536 [ 825E7A1F48FB8BCFBA27C178AAB4E275 ] TurboB C:\Windows\system32\DRIVERS\TurboB.sys 16:34:42.0924 5536 TurboB - ok 16:34:42.0952 5536 [ B206BE1174D5964D49A56BB6C4E0524A ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe 16:34:42.0962 5536 TurboBoost - ok 16:34:42.0981 5536 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys 16:34:42.0992 5536 uagp35 - ok 16:34:43.0023 5536 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 16:34:43.0074 5536 udfs - ok 16:34:43.0092 5536 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 16:34:43.0105 5536 UI0Detect - ok 16:34:43.0134 5536 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 16:34:43.0144 5536 uliagpkx - ok 16:34:43.0177 5536 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys 16:34:43.0206 5536 umbus - ok 16:34:43.0223 5536 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys 16:34:43.0244 5536 UmPass - ok 16:34:43.0257 5536 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 16:34:43.0314 5536 upnphost - ok 16:34:43.0350 5536 [ AA33FC47ED58C34E6E9261E4F850B7EB ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys 16:34:43.0373 5536 USBAAPL64 - ok 16:34:43.0399 5536 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys 16:34:43.0416 5536 usbaudio - ok 16:34:43.0445 5536 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 16:34:43.0487 5536 usbccgp - ok 16:34:43.0512 5536 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 16:34:43.0531 5536 usbcir - ok 16:34:43.0554 5536 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys 16:34:43.0570 5536 usbehci - ok 16:34:43.0598 5536 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 16:34:43.0632 5536 usbhub - ok 16:34:43.0652 5536 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys 16:34:43.0685 5536 usbohci - ok 16:34:43.0719 5536 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 16:34:43.0745 5536 usbprint - ok 16:34:43.0772 5536 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 16:34:43.0796 5536 usbscan - ok 16:34:43.0822 5536 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 16:34:43.0863 5536 USBSTOR - ok 16:34:43.0872 5536 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 16:34:43.0887 5536 usbuhci - ok 16:34:43.0903 5536 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 16:34:43.0951 5536 UxSms - ok 16:34:43.0965 5536 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 16:34:43.0976 5536 VaultSvc - ok 16:34:44.0011 5536 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 16:34:44.0028 5536 vdrvroot - ok 16:34:44.0063 5536 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 16:34:44.0115 5536 vds - ok 16:34:44.0147 5536 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 16:34:44.0159 5536 vga - ok 16:34:44.0173 5536 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 16:34:44.0208 5536 VgaSave - ok 16:34:44.0240 5536 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 16:34:44.0252 5536 vhdmp - ok 16:34:44.0272 5536 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 16:34:44.0282 5536 viaide - ok 16:34:44.0309 5536 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 16:34:44.0319 5536 volmgr - ok 16:34:44.0351 5536 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 16:34:44.0367 5536 volmgrx - ok 16:34:44.0379 5536 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys 16:34:44.0394 5536 volsnap - ok 16:34:44.0412 5536 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys 16:34:44.0425 5536 vsmraid - ok 16:34:44.0473 5536 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 16:34:44.0537 5536 VSS - ok 16:34:44.0549 5536 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys 16:34:44.0575 5536 vwifibus - ok 16:34:44.0597 5536 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 16:34:44.0624 5536 vwififlt - ok 16:34:44.0645 5536 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 16:34:44.0680 5536 W32Time - ok 16:34:44.0689 5536 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys 16:34:44.0699 5536 WacomPen - ok 16:34:44.0730 5536 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 16:34:44.0761 5536 WANARP - ok 16:34:44.0764 5536 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 16:34:44.0793 5536 Wanarpv6 - ok 16:34:44.0839 5536 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe 16:34:44.0868 5536 WatAdminSvc - ok 16:34:44.0913 5536 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 16:34:44.0947 5536 wbengine - ok 16:34:44.0972 5536 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 16:34:44.0994 5536 WbioSrvc - ok 16:34:45.0027 5536 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 16:34:45.0060 5536 wcncsvc - ok 16:34:45.0063 5536 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 16:34:45.0099 5536 WcsPlugInService - ok 16:34:45.0112 5536 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys 16:34:45.0123 5536 Wd - ok 16:34:45.0148 5536 [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys 16:34:45.0169 5536 WDC_SAM - ok 16:34:45.0184 5536 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 16:34:45.0207 5536 Wdf01000 - ok 16:34:45.0232 5536 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 16:34:45.0308 5536 WdiServiceHost - ok 16:34:45.0312 5536 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 16:34:45.0336 5536 WdiSystemHost - ok 16:34:45.0361 5536 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 16:34:45.0388 5536 WebClient - ok 16:34:45.0402 5536 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 16:34:45.0434 5536 Wecsvc - ok 16:34:45.0457 5536 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 16:34:45.0502 5536 wercplsupport - ok 16:34:45.0520 5536 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 16:34:45.0560 5536 WerSvc - ok 16:34:45.0591 5536 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 16:34:45.0621 5536 WfpLwf - ok 16:34:45.0629 5536 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 16:34:45.0638 5536 WIMMount - ok 16:34:45.0649 5536 WinDefend - ok 16:34:45.0652 5536 WinHttpAutoProxySvc - ok 16:34:45.0693 5536 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 16:34:45.0753 5536 Winmgmt - ok 16:34:45.0806 5536 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 16:34:45.0874 5536 WinRM - ok 16:34:45.0913 5536 [ FE88B288356E7B47B74B13372ADD906D ] winusb C:\Windows\system32\DRIVERS\WinUSB.sys 16:34:45.0939 5536 winusb - ok 16:34:45.0971 5536 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 16:34:46.0014 5536 Wlansvc - ok 16:34:46.0053 5536 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 16:34:46.0077 5536 WmiAcpi - ok 16:34:46.0103 5536 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 16:34:46.0127 5536 wmiApSrv - ok 16:34:46.0142 5536 WMPNetworkSvc - ok 16:34:46.0161 5536 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 16:34:46.0182 5536 WPCSvc - ok 16:34:46.0210 5536 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 16:34:46.0229 5536 WPDBusEnum - ok 16:34:46.0251 5536 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 16:34:46.0284 5536 ws2ifsl - ok 16:34:46.0290 5536 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll 16:34:46.0317 5536 wscsvc - ok 16:34:46.0319 5536 WSearch - ok 16:34:46.0354 5536 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 16:34:46.0408 5536 WudfPf - ok 16:34:46.0435 5536 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 16:34:46.0486 5536 WUDFRd - ok 16:34:46.0515 5536 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 16:34:46.0545 5536 wudfsvc - ok 16:34:46.0564 5536 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll 16:34:46.0587 5536 WwanSvc - ok 16:34:46.0603 5536 ================ Scan global =============================== 16:34:46.0621 5536 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 16:34:46.0650 5536 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll 16:34:46.0659 5536 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll 16:34:46.0681 5536 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 16:34:46.0712 5536 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 16:34:46.0717 5536 [Global] - ok 16:34:46.0717 5536 ================ Scan MBR ================================== 16:34:46.0724 5536 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0 16:34:47.0115 5536 \Device\Harddisk0\DR0 - ok 16:34:47.0115 5536 ================ Scan VBR ================================== 16:34:47.0119 5536 [ FBA2CEEF3919A85712BD4B69CD0DC609 ] \Device\Harddisk0\DR0\Partition1 16:34:47.0121 5536 \Device\Harddisk0\DR0\Partition1 - ok 16:34:47.0143 5536 [ D6D83660D2D45B4309B3AD28C9F12FB2 ] \Device\Harddisk0\DR0\Partition2 16:34:47.0144 5536 \Device\Harddisk0\DR0\Partition2 - ok 16:34:47.0155 5536 [ 68D8B7EFC919489596E88FE4DC923F30 ] \Device\Harddisk0\DR0\Partition3 16:34:47.0157 5536 \Device\Harddisk0\DR0\Partition3 - ok 16:34:47.0158 5536 ============================================================ 16:34:47.0158 5536 Scan finished 16:34:47.0158 5536 ============================================================ 16:34:47.0174 5920 Detected object count: 2 16:34:47.0174 5920 Actual detected object count: 2 16:35:59.0293 5920 AllShare ( UnsignedFile.Multi.Generic ) - skipped by user 16:35:59.0293 5920 AllShare ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:35:59.0296 5920 FlipShareServer ( UnsignedFile.Multi.Generic ) - skipped by user 16:35:59.0296 5920 FlipShareServer ( UnsignedFile.Multi.Generic ) - User select action: Skip 16:36:10.0100 3688 Deinitialize success
  6. Here is the output: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-09-2012 Ran by SYSTEM at 2012-09-05 14:40:55 Run:2 Running from L:\ ============================================== C:\$Recycle.Bin\S-1-5-21-609828940-4030701919-2344594656-1002\$f53a53674fca325a714d1f5d6955c7e1 moved successfully. C:\Windows\assembly\GAC_32\Desktop.ini moved successfully. C:\Windows\assembly\GAC_64\Desktop.ini moved successfully. ==== End of Fixlog ====
  7. Here are the requested logs: FRST.txt Scan result of Farbar Recovery Scan Tool (x64) Version: 05-09-2012 Ran by SYSTEM at 05-09-2012 14:07:26 Running from L:\ Windows 7 Home Premium (X64) OS Language: English(US) The current controlset is ControlSet001 ==================== Registry (Whitelisted) =================== HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11057768 2010-07-06] (Realtek Semiconductor) HKLM\...\Run: [iprol] "C:\Windows\System32\rundll32.exe" "C:\Users\Schwebach\AppData\Roaming\iprol.dll",Warn [690688 2012-09-05] () HKLM\...\Run: [uiews] rundll32.exe "C:\Users\Schwebach\AppData\Roaming\uiews.dll",UpdateTextureState [x] HKLM-x32\...\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation) HKLM-x32\...\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe [36864 2007-03-20] () HKLM-x32\...\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-05-27] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [244208 2009-06-10] (Sonic Solutions) HKLM-x32\...\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation) HKLM-x32\...\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide [165208 2010-05-07] (Logitech Inc.) HKLM-x32\...\Run: [intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManager.lnk" [1309 2011-03-09] () HKLM-x32\...\Run: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [948880 2011-03-03] (Carbonite, Inc.) HKLM-x32\...\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" [976320 2009-12-03] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [38872 2012-07-31] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-11] (Adobe Systems Incorporated) HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.) HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-01] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-12-07] (Apple Inc.) HKLM-x32\...\Run: [TkBellExe] "C:\Program Files (x86)\real\realplayer\update\realsched.exe" -osboot [296056 2012-06-04] (RealNetworks, Inc.) HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.) HKU\Schwebach\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-08-19] (Google Inc.) HKU\Schwebach\...\Run: [Logitech Vid HD] "C:\Program Files (x86)\Logitech\Vid\vid.exe" -bootmode [6061400 2010-05-11] (Logitech Inc.) HKU\Schwebach\...\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59240 2011-11-11] (Apple Inc.) HKU\Schwebach\...\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59240 2011-11-11] (Apple Inc.) HKU\Schwebach\...\Run: [Fitbit Service Monitor] C:\Program Files (x86)\Fitbit\fitbit-tray.exe [2164256 2011-10-26] (Fitbit, Inc.) HKU\Schwebach\...\Run: [iprol] rundll32.exe "C:\Users\Schwebach\AppData\Roaming\iprol.dll",Warn [690688 2012-09-05] () Tcpip\Parameters: [DhcpNameServer] 24.159.193.40 24.205.224.36 68.190.192.35 ==================== Services ==================== 2 AllShare; C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [6638080 2010-07-16] () 2 FlipShare Service; "C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe" [460144 2011-05-06] () 2 FlipShareServer; "C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe" [1085440 2011-05-06] () 2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation) 2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75064 2010-10-19] () 2 SynchronizationService.exe; "C:\Program Files (x86)\COMODO\COMODO BackUp\SynchronizationService.exe" [1143032 2010-01-07] () 3 aspnet_state; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [x] ==================== Drivers ================================= 3 AE1000; C:\Windows\System32\DRIVERS\ae1000w7.sys [1101600 2010-02-12] (Ralink Technology Corp.) 0 bdisk; C:\Windows\SysWow64\Drivers\bdisk.sys [74328 2010-01-07] () 0 CBUfs; C:\Windows\SysWow64\Drivers\CBUfs.sys [140760 2010-01-07] (COMODO Security Solutions Inc.) 3 LVPr2M64; C:\Windows\System32\Drivers\LVPr2M64.sys [30304 2010-05-07] () 3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] () 3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation) 2 TurboB; C:\Windows\System32\Drivers\TurboB.sys [13784 2009-11-02] () ==================== NetSvcs (Whitelisted) ================= ==================== One Month Created Files and Folders ====================== 2012-09-05 11:01 - 2012-09-05 11:03 - 00000549 ____A C:\Users\Schwebach\Desktop\Infected by Rootkit.0Access - Please help - Malwarebytes Forum.website 2012-09-05 10:22 - 2012-09-05 10:22 - 00000000 ____D C:\Users\Schwebach\Desktop\RK_Quarantine 2012-09-05 10:19 - 2012-09-05 10:19 - 01378816 ____A C:\Users\Schwebach\Desktop\RogueKiller.exe 2012-09-05 10:00 - 2012-09-05 10:00 - 00023115 ____A C:\Users\Schwebach\Desktop\DDS.txt 2012-09-05 10:00 - 2012-09-05 10:00 - 00008045 ____A C:\Users\Schwebach\Desktop\Attach.txt 2012-09-05 09:58 - 2012-09-05 09:58 - 00607260 ____R (Swearware) C:\Users\Schwebach\Desktop\dds.com 2012-09-05 09:31 - 2012-09-05 09:31 - 00000000 ____A C:\Windows\EEventManager.INI 2012-09-05 09:07 - 2012-09-05 10:16 - 00006527 ____A C:\Users\Schwebach\AppData\Local\chromeupdate.crx 2012-09-05 09:07 - 2012-09-05 09:07 - 00690688 ____A C:\Users\Schwebach\AppData\Roaming\iprol.dll 2012-09-05 09:07 - 2012-09-05 09:07 - 00000000 ____D C:\Users\Schwebach\AppData\Local\{225F403E-F77C-11E1-8270-B8AC6F996F26} 2012-09-05 09:06 - 2012-09-05 09:06 - 00000000 ____D C:\Users\Schwebach\AppData\Roaming\xsecva 2012-09-02 14:04 - 2012-09-05 08:36 - 00000634 ____A C:\Users\Schwebach\Desktop\Google Email.website 2012-08-20 12:18 - 2012-08-20 12:18 - 00002021 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk 2012-08-16 00:02 - 2012-06-28 20:55 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-08-16 00:02 - 2012-06-28 20:09 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-08-16 00:02 - 2012-06-28 19:56 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-08-16 00:02 - 2012-06-28 19:49 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-08-16 00:02 - 2012-06-28 19:49 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-08-16 00:02 - 2012-06-28 19:48 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-08-16 00:02 - 2012-06-28 19:47 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-08-16 00:02 - 2012-06-28 19:45 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-08-16 00:02 - 2012-06-28 19:44 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-08-16 00:02 - 2012-06-28 19:43 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-08-16 00:02 - 2012-06-28 19:42 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-08-16 00:02 - 2012-06-28 19:40 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-08-16 00:02 - 2012-06-28 19:39 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-08-16 00:02 - 2012-06-28 19:35 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-08-16 00:02 - 2012-06-28 16:52 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2012-08-16 00:02 - 2012-06-28 16:27 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2012-08-16 00:02 - 2012-06-28 16:16 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2012-08-16 00:02 - 2012-06-28 16:09 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2012-08-16 00:02 - 2012-06-28 16:09 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2012-08-16 00:02 - 2012-06-28 16:08 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2012-08-16 00:02 - 2012-06-28 16:07 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2012-08-16 00:02 - 2012-06-28 16:06 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2012-08-16 00:02 - 2012-06-28 16:04 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2012-08-16 00:02 - 2012-06-28 16:04 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2012-08-16 00:02 - 2012-06-28 16:01 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2012-08-16 00:02 - 2012-06-28 16:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2012-08-16 00:02 - 2012-06-28 16:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2012-08-16 00:02 - 2012-06-28 15:57 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2012-08-15 16:09 - 2012-07-18 10:15 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-08-15 16:09 - 2012-07-04 14:16 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll 2012-08-15 16:09 - 2012-07-04 14:13 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll 2012-08-15 16:09 - 2012-07-04 14:13 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll 2012-08-15 16:09 - 2012-07-04 13:16 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll 2012-08-15 16:09 - 2012-07-04 13:14 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll 2012-08-15 16:09 - 2012-05-13 21:26 - 00956928 ____A (Microsoft Corporation) C:\Windows\System32\localspl.dll 2012-08-15 16:09 - 2012-05-05 00:36 - 00503808 ____A (Microsoft Corporation) C:\Windows\System32\srcore.dll 2012-08-15 16:09 - 2012-05-04 23:46 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2012-08-15 16:09 - 2012-02-10 22:43 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll 2012-08-15 16:09 - 2012-02-10 22:36 - 00559104 ____A (Microsoft Corporation) C:\Windows\System32\spoolsv.exe 2012-08-15 16:09 - 2012-02-10 22:36 - 00067072 ____A (Microsoft Corporation) C:\Windows\splwow64.exe 2012-08-15 16:09 - 2012-02-10 21:43 - 00492032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll 2012-08-12 20:57 - 2012-08-12 20:57 - 00000000 ____D C:\Program Files (x86)\Oracle 2012-08-12 20:57 - 2012-07-05 19:06 - 00772544 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll 2012-08-12 20:57 - 2012-07-05 19:06 - 00227760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2012-08-12 20:56 - 2012-08-12 20:56 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2012-08-12 20:56 - 2012-08-12 20:56 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe ==================== 3 Months Modified Files ================================ 2012-09-05 11:03 - 2012-09-05 11:01 - 00000549 ____A C:\Users\Schwebach\Desktop\Infected by Rootkit.0Access - Please help - Malwarebytes Forum.website 2012-09-05 11:03 - 2009-07-13 21:13 - 00739744 ____A C:\Windows\System32\PerfStringBackup.INI 2012-09-05 10:50 - 2010-08-19 16:00 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2012-09-05 10:24 - 2012-05-13 07:13 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2012-09-05 10:19 - 2012-09-05 10:19 - 01378816 ____A C:\Users\Schwebach\Desktop\RogueKiller.exe 2012-09-05 10:16 - 2012-09-05 09:07 - 00006527 ____A C:\Users\Schwebach\AppData\Local\chromeupdate.crx 2012-09-05 10:00 - 2012-09-05 10:00 - 00023115 ____A C:\Users\Schwebach\Desktop\DDS.txt 2012-09-05 10:00 - 2012-09-05 10:00 - 00008045 ____A C:\Users\Schwebach\Desktop\Attach.txt 2012-09-05 09:58 - 2012-09-05 09:58 - 00607260 ____R (Swearware) C:\Users\Schwebach\Desktop\dds.com 2012-09-05 09:57 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2012-09-05 09:57 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2012-09-05 09:50 - 2010-08-20 16:14 - 20558199 ____A C:\Windows\SysWOW64\http_ss.log 2012-09-05 09:50 - 2010-08-20 16:14 - 00000074 ____A C:\Windows\SysWOW64\log.log 2012-09-05 09:50 - 2010-08-19 19:51 - 00098684 ____A C:\Windows\PFRO.log 2012-09-05 09:50 - 2010-08-19 16:00 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2012-09-05 09:50 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-09-05 09:50 - 2009-07-13 20:51 - 00067393 ____A C:\Windows\setupact.log 2012-09-05 09:31 - 2012-09-05 09:31 - 00000000 ____A C:\Windows\EEventManager.INI 2012-09-05 09:25 - 2010-07-28 09:55 - 01580746 ____A C:\Windows\WindowsUpdate.log 2012-09-05 09:07 - 2012-09-05 09:07 - 00690688 ____A C:\Users\Schwebach\AppData\Roaming\iprol.dll 2012-09-05 08:36 - 2012-09-02 14:04 - 00000634 ____A C:\Users\Schwebach\Desktop\Google Email.website 2012-08-22 11:36 - 2010-10-11 08:51 - 00077312 ____A C:\Users\Schwebach\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2012-08-20 12:18 - 2012-08-20 12:18 - 00002021 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk 2012-08-16 00:21 - 2009-07-13 20:45 - 00460256 ____A C:\Windows\System32\FNTCACHE.DAT 2012-08-16 00:00 - 2010-08-19 19:57 - 62134624 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2012-08-14 22:24 - 2012-05-13 07:13 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2012-08-14 22:24 - 2011-08-07 15:40 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2012-08-12 20:56 - 2012-08-12 20:56 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2012-08-12 20:56 - 2012-08-12 20:56 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2012-08-10 17:09 - 2009-07-13 21:08 - 00032550 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2012-07-25 20:59 - 2012-07-25 18:35 - 00007604 ____A C:\Users\Schwebach\AppData\Local\Resmon.ResmonCfg 2012-07-25 19:20 - 2012-07-25 19:20 - 04147200 ____A C:\Users\Schwebach\Downloads\install_flash_player_10_plugin.msi 2012-07-21 17:53 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini 2012-07-20 19:06 - 2012-07-20 19:06 - 16801656 ____A (Mozilla) C:\Users\Schwebach\Downloads\Firefox Setup 14.0.1.exe 2012-07-18 10:15 - 2012-08-15 16:09 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-07-12 00:04 - 2012-07-12 00:04 - 00264764 ____A C:\Windows\msxml4-KB2721691-enu.LOG 2012-07-05 19:06 - 2012-08-12 20:57 - 00772544 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll 2012-07-05 19:06 - 2012-08-12 20:57 - 00227760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2012-07-05 19:06 - 2011-03-05 19:51 - 00687544 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll 2012-07-04 14:16 - 2012-08-15 16:09 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\netapi32.dll 2012-07-04 14:13 - 2012-08-15 16:09 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\browser.dll 2012-07-04 14:13 - 2012-08-15 16:09 - 00059392 ____A (Microsoft Corporation) C:\Windows\System32\browcli.dll 2012-07-04 13:16 - 2012-08-15 16:09 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll 2012-07-04 13:14 - 2012-08-15 16:09 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll 2012-07-03 10:46 - 2010-08-19 18:18 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-06-28 20:55 - 2012-08-16 00:02 - 17809920 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-06-28 20:09 - 2012-08-16 00:02 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-06-28 19:56 - 2012-08-16 00:02 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-06-28 19:49 - 2012-08-16 00:02 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-06-28 19:49 - 2012-08-16 00:02 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-06-28 19:48 - 2012-08-16 00:02 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-06-28 19:47 - 2012-08-16 00:02 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-06-28 19:45 - 2012-08-16 00:02 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-06-28 19:44 - 2012-08-16 00:02 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-06-28 19:43 - 2012-08-16 00:02 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-06-28 19:42 - 2012-08-16 00:02 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-06-28 19:40 - 2012-08-16 00:02 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-06-28 19:39 - 2012-08-16 00:02 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-06-28 19:35 - 2012-08-16 00:02 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-06-28 16:52 - 2012-08-16 00:02 - 12317184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2012-06-28 16:27 - 2012-08-16 00:02 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2012-06-28 16:16 - 2012-08-16 00:02 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2012-06-28 16:09 - 2012-08-16 00:02 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2012-06-28 16:09 - 2012-08-16 00:02 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2012-06-28 16:08 - 2012-08-16 00:02 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2012-06-28 16:07 - 2012-08-16 00:02 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2012-06-28 16:06 - 2012-08-16 00:02 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2012-06-28 16:04 - 2012-08-16 00:02 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2012-06-28 16:04 - 2012-08-16 00:02 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2012-06-28 16:01 - 2012-08-16 00:02 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2012-06-28 16:01 - 2012-08-16 00:02 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2012-06-28 16:00 - 2012-08-16 00:02 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2012-06-28 15:57 - 2012-08-16 00:02 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2012-06-25 13:04 - 2012-06-25 13:04 - 01394248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml4.dll 2012-06-08 21:43 - 2012-07-11 01:04 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll 2012-06-08 20:41 - 2012-07-11 01:04 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll ZeroAccess: C:\$Recycle.Bin\S-1-5-21-609828940-4030701919-2344594656-1002\$f53a53674fca325a714d1f5d6955c7e1 ZeroAccess: C:\Windows\assembly\GAC_32\Desktop.ini ZeroAccess: C:\Windows\assembly\GAC_64\Desktop.ini ==================== Known DLLs (Whitelisted) ================= ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2012-08-31 21:00:22 Restore point made on: 2012-08-31 22:10:10 Restore point made on: 2012-09-01 09:29:28 Restore point made on: 2012-09-02 17:38:53 Restore point made on: 2012-09-03 13:24:02 Restore point made on: 2012-09-04 02:13:02 Restore point made on: 2012-09-04 02:26:47 Restore point made on: 2012-09-04 21:56:47 Restore point made on: 2012-09-05 00:00:32 Restore point made on: 2012-09-05 00:01:16 Restore point made on: 2012-09-05 08:59:13 Restore point made on: 2012-09-05 10:02:14 Restore point made on: 2012-09-05 10:05:57 Restore point made on: 2012-09-05 11:01:49 ==================== Memory info =========================== Percentage of memory in use: 9% Total physical RAM: 8183.08 MB Available physical RAM: 7377.71 MB Total Pagefile: 8181.23 MB Available Pagefile: 7364.38 MB Total Virtual: 8192 MB Available Virtual: 8191.91 MB ==================== Partitions ============================ 1 Drive c: (WINDOWS) (Fixed) (Total:891.02 GB) (Free:715.52 GB) NTFS 2 Drive d: (ImageBackup) (Fixed) (Total:40 GB) (Free:35.35 GB) NTFS 9 Drive l: () (Removable) (Total:7.45 GB) (Free:7.14 GB) FAT32 10 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS 11 Drive y: (SYSTEM) (Fixed) (Total:0.49 GB) (Free:0.44 GB) NTFS ==>[system with boot components (obtained from reading drive)] Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 931 GB 1024 KB Disk 1 No Media 0 B 0 B Disk 2 No Media 0 B 0 B Disk 3 No Media 0 B 0 B Disk 4 No Media 0 B 0 B Disk 5 No Media 0 B 0 B Disk 6 Online 7640 MB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 500 MB 1024 KB Partition 0 Extended 40 GB 501 MB Partition 3 Logical 39 GB 502 MB Partition 2 Primary 891 GB 40 GB ================================================================================== Disk: 0 Partition 1 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 Y SYSTEM NTFS Partition 500 MB Healthy ================================================================================== Disk: 0 Partition 3 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 D ImageBackup NTFS Partition 39 GB Healthy ================================================================================== Disk: 0 Partition 2 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 C WINDOWS NTFS Partition 891 GB Healthy ================================================================================== Partitions of Disk 6: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- * Partition 1 Primary 7640 MB 0 B ================================================================================== Disk: 6 There is no partition selected. There is no partition selected. Please select a partition and try again. ================================================================================== Last Boot: 2012-08-26 21:44 ==================== End Of Log ============================= Search.txt Farbar Recovery Scan Tool (x64) Version: 05-09-2012 Ran by SYSTEM at 2012-09-05 14:08:51 Running from L:\ ================== Search: "services.exe" =================== C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB C:\Windows\System32\services.exe [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB C:\Windows\erdnt\cache64\services.exe [2012-07-21 17:55] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB C:\FRST\Quarantine\services.exe [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06 ====== End Of Search ======
  8. I ran RogueKiller but no report was generated on my desktop. I see a faolder called RK_Quarantine but the only file in the folder is the license agreement. Please advise, and thank you for the help.
  9. Seems to be running just fine. Thank you very much. Donation is on it's way.
  10. Malwarebytes Anti-Malware (PRO) 1.62.0.1300 www.malwarebytes.org Database version: v2012.07.21.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Schwebach :: SCHWEBACH-PC [administrator] Protection: Enabled 7/22/2012 8:31:29 AM mbam-log-2012-07-22 (08-31-29).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 197903 Time elapsed: 1 minute(s), 19 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  11. Thanks: ComboFix 12-07-21.01 - Schwebach 07/21/2012 20:39:26.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8183.6000 [GMT -5:00] Running from: c:\users\Schwebach\Desktop\ComboFix.exe SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Schwebach\WINDOWS D:\Autorun.inf . . ((((((((((((((((((((((((( Files Created from 2012-06-22 to 2012-07-22 ))))))))))))))))))))))))))))))) . . 2012-07-21 19:06 . 2012-07-21 19:06 -------- d-----w- C:\FRST 2012-07-21 03:17 . 2012-07-21 03:17 -------- d-----w- c:\users\Schwebach\AppData\Local\Macromedia 2012-07-21 03:08 . 2012-07-21 03:08 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service 2012-07-21 03:07 . 2012-07-14 00:17 68576 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll 2012-07-21 03:07 . 2012-07-14 00:17 157608 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe 2012-07-21 03:07 . 2012-07-14 00:16 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll 2012-07-21 03:07 . 2012-07-14 00:16 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll 2012-07-21 03:07 . 2012-07-14 00:17 573920 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll 2012-07-21 03:07 . 2012-07-14 00:17 113120 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe 2012-07-21 03:07 . 2012-07-14 00:16 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll 2012-07-21 03:07 . 2012-07-14 00:16 1998168 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_43.dll 2012-07-21 01:43 . 2012-07-21 01:43 115712 ----a-w- c:\programdata\Microsoft\Windows\DRM\2BE1.tmp.dat 2012-07-21 01:40 . 2012-07-21 01:40 115712 ----a-w- c:\programdata\Microsoft\Windows\DRM\5F40.tmp.dat 2012-07-20 05:02 . 2012-07-20 05:02 -------- d-sh--w- c:\windows\SysWow64\%APPDATA% 2012-07-17 10:37 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DB64BF19-3848-4F40-AE7C-D3CFA760ADE7}\mpengine.dll 2012-07-15 19:20 . 2012-07-15 19:20 -------- d-----w- c:\program files (x86)\Garmin 2012-07-12 08:04 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys 2012-07-11 09:05 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll 2012-07-11 09:05 . 2012-06-06 06:06 1881600 ----a-w- c:\windows\system32\msxml3.dll 2012-07-11 09:05 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll 2012-07-11 09:05 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll 2012-07-11 09:05 . 2010-06-26 03:55 2048 ----a-w- c:\windows\system32\msxml3r.dll 2012-07-11 09:05 . 2010-06-26 03:24 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll 2012-06-25 21:04 . 2012-06-25 21:04 1394248 ----a-w- c:\windows\SysWow64\msxml4.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-12 14:24 . 2012-05-13 15:13 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-07-12 14:24 . 2011-08-07 23:40 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-12 08:02 . 2010-08-20 03:57 59701280 ----a-w- c:\windows\system32\MRT.exe 2012-07-03 18:46 . 2010-08-20 02:18 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-04 15:22 . 2012-06-04 15:22 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll 2012-06-04 15:22 . 2012-06-04 15:22 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll 2012-06-02 22:19 . 2012-06-21 14:24 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-02 22:19 . 2012-06-21 14:24 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 22:19 . 2012-06-21 14:24 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 22:19 . 2012-06-21 14:24 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 22:19 . 2012-06-21 14:24 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 22:15 . 2012-06-21 14:24 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:15 . 2012-06-21 14:24 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 20:19 . 2012-06-21 14:24 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 20:15 . 2012-06-21 14:24 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-05-31 17:25 . 2010-08-19 22:51 279656 ------w- c:\windows\system32\MpSigStub.exe 2012-05-04 11:06 . 2012-06-13 18:50 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-04 10:03 . 2012-06-13 18:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-05-04 10:03 . 2012-06-13 18:50 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-05-01 05:40 . 2012-06-13 18:50 209920 ----a-w- c:\windows\system32\profsvc.dll 2012-04-28 03:55 . 2012-06-13 18:50 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-04-26 05:41 . 2012-06-13 18:50 77312 ----a-w- c:\windows\system32\rdpwsx.dll 2012-04-26 05:41 . 2012-06-13 18:50 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-04-26 05:34 . 2012-06-13 18:50 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-04-24 05:37 . 2012-06-13 18:50 184320 ----a-w- c:\windows\system32\cryptsvc.dll 2012-04-24 05:37 . 2012-06-13 18:50 140288 ----a-w- c:\windows\system32\cryptnet.dll 2012-04-24 05:37 . 2012-06-13 18:50 1462272 ----a-w- c:\windows\system32\crypt32.dll 2012-04-24 04:36 . 2012-06-13 18:50 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll 2012-04-24 04:36 . 2012-06-13 18:50 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll 2012-04-24 04:36 . 2012-06-13 18:50 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green] @="{95A27763-F62A-4114-9072-E81D87DE3B68}" [HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}] 2011-03-04 01:52 762000 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial] @="{E300CD91-100F-4E67-9AF3-1384A6124015}" [HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}] 2011-03-04 01:52 762000 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow] @="{5E529433-B50E-4bef-A63B-16A6B71B071A}" [HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}] 2011-03-04 01:52 762000 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files (x86)\steam\steam.exe" [2011-08-02 1242448] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-08-20 39408] "Logitech Vid HD"="c:\program files (x86)\Logitech\Vid\vid.exe" [2010-05-11 6061400] "iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2011-11-12 59240] "ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2011-11-12 59240] "Fitbit Service Monitor"="c:\program files (x86)\Fitbit\fitbit-tray.exe" [2011-10-26 2164256] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696] "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-27 98304] "RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2009-06-10 244208] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208] "Intel AppUp(SM) center"="c:\program files (x86)\Intel\IntelAppStore\bin\serviceManager.lnk" [2011-03-09 1309] "Carbonite Backup"="c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe" [2011-03-04 948880] "EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2012-06-04 296056] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux2"=wdmaud.drv . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-20 136176] R2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2009-06-10 309744] R2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2009-06-10 166384] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-20 136176] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-14 113120] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-10 1124848] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-20 1255736] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464] S0 bdisk;C.O.M.O.D.O. Disk Raw Access Filter;c:\windows\SysWOW64\drivers\bdisk.sys [2010-01-08 74328] S0 CBUfs;CBUfs;c:\windows\sysWOW64\DRIVERS\CBUFS.sys [2010-01-08 140760] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312] S2 AllShare;SAMSUNG AllShare Service;c:\program files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [2010-07-16 6638080] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-05-27 203264] S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2009-09-14 166400] S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2009-09-14 128512] S2 Fitbit;Fitbit Data Uploader;c:\program files (x86)\Fitbit\fitbit.exe [2011-10-26 788000] S2 FlipShareServer;FlipShare Server;c:\program files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [2011-05-06 1085440] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336] S2 LVPrcS64;Process Monitor;c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe [2010-05-07 197976] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944] S2 SynchronizationService.exe;Comodo BackUp Service;c:\program files (x86)\COMODO\COMODO BackUp\SynchronizationService.exe [2010-01-08 1143032] S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-11-02 13784] S3 AE1000;Linksys AE1000 Driver;c:\windows\system32\DRIVERS\ae1000w7.sys [2010-02-12 1101600] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-05-27 6856192] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-05-27 264192] S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2010-05-07 30304] S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2010-07-07 339040] S3 LVUVC64;Logitech QuickCam Pro 9000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2010-07-07 6465632] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-05 346144] S3 SIUSBXP;SIUSBXP;c:\windows\system32\drivers\SiUSBXp.sys [2011-12-01 26856] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . Contents of the 'Scheduled Tasks' folder . 2012-07-22 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-13 14:24] . 2012-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-20 00:00] . 2012-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-20 00:00] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green] @="{95A27763-F62A-4114-9072-E81D87DE3B68}" [HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}] 2011-03-04 01:36 1174672 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial] @="{E300CD91-100F-4E67-9AF3-1384A6124015}" [HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}] 2011-03-04 01:36 1174672 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow] @="{5E529433-B50E-4bef-A63B-16A6B71B071A}" [HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}] 2011-03-04 01:36 1174672 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-06 11057768] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com/ uDefault_Search_URL = hxxp://www.google.com/ie mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 24.159.193.40 24.205.224.36 68.190.192.35 FF - ProfilePath - c:\users\Schwebach\AppData\Roaming\Mozilla\Firefox\Profiles\4zfmrble.default\ . - - - - ORPHANS REMOVED - - - - . AddRemove-FITBIT&10C4&84C4 - c:\program files (x86)\Fitbit\Base Station\DriverUninstaller.exe USBXpress\FITBIT&10C4&84C4 AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Samsung\SAMSUNG PC Share Manager\http_ss_win_pro.exe c:\program files (x86)\Flip Video\FlipShare\FlipShareService.exe c:\windows\SysWOW64\PnkBstrA.exe . ************************************************************************** . Completion time: 2012-07-21 21:15:36 - machine was rebooted ComboFix-quarantined-files.txt 2012-07-22 02:15 . Pre-Run: 771,823,271,936 bytes free Post-Run: 773,185,654,784 bytes free . - - End Of File - - 5F675511173B90250A98EFBCA4733F87
  12. Here is the report: 07:59:21.0996 6960 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11 07:59:22.0294 6960 ============================================================ 07:59:22.0294 6960 Current date / time: 2012/07/22 07:59:22.0294 07:59:22.0294 6960 SystemInfo: 07:59:22.0294 6960 07:59:22.0294 6960 OS Version: 6.1.7601 ServicePack: 1.0 07:59:22.0294 6960 Product type: Workstation 07:59:22.0294 6960 ComputerName: SCHWEBACH-PC 07:59:22.0294 6960 UserName: Schwebach 07:59:22.0294 6960 Windows directory: C:\Windows 07:59:22.0295 6960 System windows directory: C:\Windows 07:59:22.0295 6960 Running under WOW64 07:59:22.0295 6960 Processor architecture: Intel x64 07:59:22.0295 6960 Number of processors: 4 07:59:22.0295 6960 Page size: 0x1000 07:59:22.0295 6960 Boot type: Normal boot 07:59:22.0295 6960 ============================================================ 07:59:22.0611 6960 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 07:59:22.0626 6960 Drive \Device\Harddisk5\DR5 - Size: 0x1DD800000 (7.46 Gb), SectorSize: 0x200, Cylinders: 0x3CD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 07:59:22.0638 6960 ============================================================ 07:59:22.0638 6960 \Device\Harddisk0\DR0: 07:59:22.0639 6960 MBR partitions: 07:59:22.0639 6960 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xFA000 07:59:22.0646 6960 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xFB000, BlocksNum 0x4FFF800 07:59:22.0646 6960 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x50FA800, BlocksNum 0x6F60B800 07:59:22.0646 6960 \Device\Harddisk5\DR5: 07:59:22.0646 6960 MBR partitions: 07:59:22.0646 6960 ============================================================ 07:59:22.0668 6960 C: <-> \Device\Harddisk0\DR0\Partition2 07:59:22.0695 6960 D: <-> \Device\Harddisk0\DR0\Partition1 07:59:22.0695 6960 ============================================================ 07:59:22.0695 6960 Initialize success 07:59:22.0695 6960 ============================================================ 07:59:59.0746 0588 ============================================================ 07:59:59.0746 0588 Scan started 07:59:59.0746 0588 Mode: Manual; 07:59:59.0746 0588 ============================================================ 08:00:00.0689 0588 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys 08:00:00.0694 0588 1394ohci - ok 08:00:00.0757 0588 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 08:00:00.0761 0588 ACPI - ok 08:00:00.0811 0588 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 08:00:00.0813 0588 AcpiPmi - ok 08:00:00.0923 0588 AdobeActiveFileMonitor8.0 (34400005de52842c4d6d4ee978b4d7ce) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe 08:00:00.0925 0588 AdobeActiveFileMonitor8.0 - ok 08:00:01.0049 0588 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 08:00:01.0051 0588 AdobeFlashPlayerUpdateSvc - ok 08:00:01.0102 0588 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 08:00:01.0107 0588 adp94xx - ok 08:00:01.0127 0588 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 08:00:01.0131 0588 adpahci - ok 08:00:01.0149 0588 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 08:00:01.0152 0588 adpu320 - ok 08:00:01.0227 0588 AE1000 (e005682ae8f8ec4eb05f2a70a16ea1c5) C:\Windows\system32\DRIVERS\ae1000w7.sys 08:00:01.0237 0588 AE1000 - ok 08:00:01.0261 0588 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll 08:00:01.0262 0588 AeLookupSvc - ok 08:00:01.0313 0588 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys 08:00:01.0318 0588 AFD - ok 08:00:01.0353 0588 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 08:00:01.0356 0588 agp440 - ok 08:00:01.0369 0588 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe 08:00:01.0371 0588 ALG - ok 08:00:01.0403 0588 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 08:00:01.0403 0588 aliide - ok 08:00:01.0735 0588 AllShare (aaa1f9d4cf4c976c21bca8afa2bae6a4) C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe 08:00:01.0761 0588 AllShare - ok 08:00:01.0836 0588 AMD External Events Utility (f687d4976eff550fb0be45a5cb19f18f) C:\Windows\system32\atiesrxx.exe 08:00:01.0837 0588 AMD External Events Utility - ok 08:00:01.0866 0588 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 08:00:01.0866 0588 amdide - ok 08:00:01.0886 0588 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 08:00:01.0888 0588 AmdK8 - ok 08:00:02.0154 0588 amdkmdag (74687c33c4ad25a975bbb1ea1e8b3884) C:\Windows\system32\DRIVERS\atikmdag.sys 08:00:02.0207 0588 amdkmdag - ok 08:00:02.0297 0588 amdkmdap (c7f56ed86327a78e7f8a5cc503a98bd6) C:\Windows\system32\DRIVERS\atikmpag.sys 08:00:02.0300 0588 amdkmdap - ok 08:00:02.0320 0588 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 08:00:02.0322 0588 AmdPPM - ok 08:00:02.0359 0588 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys 08:00:02.0362 0588 amdsata - ok 08:00:02.0386 0588 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 08:00:02.0400 0588 amdsbs - ok 08:00:02.0415 0588 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys 08:00:02.0416 0588 amdxata - ok 08:00:02.0467 0588 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 08:00:02.0470 0588 AppID - ok 08:00:02.0488 0588 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll 08:00:02.0490 0588 AppIDSvc - ok 08:00:02.0525 0588 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll 08:00:02.0526 0588 Appinfo - ok 08:00:02.0635 0588 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 08:00:02.0636 0588 Apple Mobile Device - ok 08:00:02.0649 0588 Scan interrupted by user! 08:00:02.0650 0588 Scan interrupted by user! 08:00:02.0650 0588 Scan interrupted by user! 08:00:02.0650 0588 ============================================================ 08:00:02.0650 0588 Scan finished 08:00:02.0650 0588 ============================================================ 08:00:02.0656 3284 Detected object count: 0 08:00:02.0656 3284 Actual detected object count: 0 08:00:06.0882 0728 ============================================================ 08:00:06.0882 0728 Scan started 08:00:06.0882 0728 Mode: Manual; SigCheck; TDLFS; 08:00:06.0882 0728 ============================================================ 08:00:07.0121 0728 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys 08:00:07.0193 0728 1394ohci - ok 08:00:07.0229 0728 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 08:00:07.0242 0728 ACPI - ok 08:00:07.0270 0728 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 08:00:07.0298 0728 AcpiPmi - ok 08:00:07.0364 0728 AdobeActiveFileMonitor8.0 (34400005de52842c4d6d4ee978b4d7ce) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe 08:00:07.0380 0728 AdobeActiveFileMonitor8.0 - ok 08:00:07.0448 0728 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 08:00:07.0464 0728 AdobeFlashPlayerUpdateSvc - ok 08:00:07.0501 0728 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 08:00:07.0523 0728 adp94xx - ok 08:00:07.0538 0728 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 08:00:07.0552 0728 adpahci - ok 08:00:07.0562 0728 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 08:00:07.0574 0728 adpu320 - ok 08:00:07.0644 0728 AE1000 (e005682ae8f8ec4eb05f2a70a16ea1c5) C:\Windows\system32\DRIVERS\ae1000w7.sys 08:00:07.0666 0728 AE1000 - ok 08:00:07.0685 0728 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll 08:00:07.0737 0728 AeLookupSvc - ok 08:00:07.0777 0728 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys 08:00:07.0812 0728 AFD - ok 08:00:07.0837 0728 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 08:00:07.0849 0728 agp440 - ok 08:00:07.0860 0728 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe 08:00:07.0897 0728 ALG - ok 08:00:07.0919 0728 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 08:00:07.0930 0728 aliide - ok 08:00:08.0258 0728 AllShare (aaa1f9d4cf4c976c21bca8afa2bae6a4) C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe 08:00:08.0338 0728 AllShare ( UnsignedFile.Multi.Generic ) - warning 08:00:08.0338 0728 AllShare - detected UnsignedFile.Multi.Generic (1) 08:00:08.0411 0728 AMD External Events Utility (f687d4976eff550fb0be45a5cb19f18f) C:\Windows\system32\atiesrxx.exe 08:00:08.0449 0728 AMD External Events Utility - ok 08:00:08.0473 0728 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 08:00:08.0485 0728 amdide - ok 08:00:08.0509 0728 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 08:00:08.0540 0728 AmdK8 - ok 08:00:08.0813 0728 amdkmdag (74687c33c4ad25a975bbb1ea1e8b3884) C:\Windows\system32\DRIVERS\atikmdag.sys 08:00:08.0888 0728 amdkmdag - ok 08:00:08.0976 0728 amdkmdap (c7f56ed86327a78e7f8a5cc503a98bd6) C:\Windows\system32\DRIVERS\atikmpag.sys 08:00:09.0016 0728 amdkmdap - ok 08:00:09.0035 0728 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 08:00:09.0072 0728 AmdPPM - ok 08:00:09.0097 0728 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys 08:00:09.0109 0728 amdsata - ok 08:00:09.0119 0728 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 08:00:09.0134 0728 amdsbs - ok 08:00:09.0146 0728 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys 08:00:09.0163 0728 amdxata - ok 08:00:09.0189 0728 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 08:00:09.0232 0728 AppID - ok 08:00:09.0244 0728 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll 08:00:09.0294 0728 AppIDSvc - ok 08:00:09.0322 0728 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll 08:00:09.0370 0728 Appinfo - ok 08:00:09.0468 0728 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 08:00:09.0494 0728 Apple Mobile Device - ok 08:00:09.0521 0728 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 08:00:09.0537 0728 arc - ok 08:00:09.0545 0728 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 08:00:09.0560 0728 arcsas - ok 08:00:09.0596 0728 aspnet_state - ok 08:00:09.0613 0728 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 08:00:09.0652 0728 AsyncMac - ok 08:00:09.0697 0728 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 08:00:09.0711 0728 atapi - ok 08:00:09.0759 0728 AtiHdmiService (2d648572ba9a610952fcafba1e119c2d) C:\Windows\system32\drivers\AtiHdmi.sys 08:00:09.0779 0728 AtiHdmiService - ok 08:00:10.0036 0728 atikmdag (74687c33c4ad25a975bbb1ea1e8b3884) C:\Windows\system32\DRIVERS\atikmdag.sys 08:00:10.0107 0728 atikmdag - ok 08:00:10.0213 0728 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 08:00:10.0285 0728 AudioEndpointBuilder - ok 08:00:10.0291 0728 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 08:00:10.0334 0728 AudioSrv - ok 08:00:10.0377 0728 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll 08:00:10.0405 0728 AxInstSV - ok 08:00:10.0454 0728 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 08:00:10.0493 0728 b06bdrv - ok 08:00:10.0526 0728 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 08:00:10.0573 0728 b57nd60a - ok 08:00:10.0620 0728 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll 08:00:10.0662 0728 BDESVC - ok 08:00:10.0748 0728 bdisk (bec0d79b5c2a8ebdd9d50998d8b47de7) C:\Windows\syswow64\drivers\bdisk.sys 08:00:10.0759 0728 bdisk - ok 08:00:10.0783 0728 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 08:00:10.0822 0728 Beep - ok 08:00:10.0864 0728 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll 08:00:10.0908 0728 BFE - ok 08:00:10.0974 0728 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll 08:00:11.0031 0728 BITS - ok 08:00:11.0081 0728 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 08:00:11.0108 0728 blbdrive - ok 08:00:11.0184 0728 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe 08:00:11.0204 0728 Bonjour Service - ok 08:00:11.0236 0728 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 08:00:11.0252 0728 bowser - ok 08:00:11.0270 0728 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 08:00:11.0322 0728 BrFiltLo - ok 08:00:11.0324 0728 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 08:00:11.0347 0728 BrFiltUp - ok 08:00:11.0377 0728 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys 08:00:11.0416 0728 BridgeMP - ok 08:00:11.0441 0728 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll 08:00:11.0504 0728 Browser - ok 08:00:11.0520 0728 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 08:00:11.0543 0728 Brserid - ok 08:00:11.0556 0728 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 08:00:11.0586 0728 BrSerWdm - ok 08:00:11.0589 0728 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 08:00:11.0631 0728 BrUsbMdm - ok 08:00:11.0635 0728 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 08:00:11.0671 0728 BrUsbSer - ok 08:00:11.0677 0728 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 08:00:11.0713 0728 BTHMODEM - ok 08:00:11.0743 0728 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll 08:00:11.0795 0728 bthserv - ok 08:00:12.0077 0728 CarboniteService (33e43a31ac6ac6ba95d4772d8cca076f) C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe 08:00:12.0161 0728 CarboniteService - ok 08:00:12.0186 0728 catchme - ok 08:00:12.0273 0728 CBUfs (f64a6f55e3154db0082a15acb7f4214e) C:\Windows\syswow64\DRIVERS\CBUFS.sys 08:00:12.0287 0728 CBUfs - ok 08:00:12.0352 0728 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 08:00:12.0402 0728 cdfs - ok 08:00:12.0443 0728 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys 08:00:12.0475 0728 cdrom - ok 08:00:12.0517 0728 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 08:00:12.0566 0728 CertPropSvc - ok 08:00:12.0595 0728 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 08:00:12.0616 0728 circlass - ok 08:00:12.0645 0728 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 08:00:12.0661 0728 CLFS - ok 08:00:12.0700 0728 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 08:00:12.0712 0728 clr_optimization_v2.0.50727_32 - ok 08:00:12.0752 0728 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 08:00:12.0763 0728 clr_optimization_v2.0.50727_64 - ok 08:00:12.0823 0728 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 08:00:12.0837 0728 clr_optimization_v4.0.30319_32 - ok 08:00:12.0875 0728 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 08:00:12.0885 0728 clr_optimization_v4.0.30319_64 - ok 08:00:12.0904 0728 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 08:00:12.0944 0728 CmBatt - ok 08:00:12.0973 0728 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 08:00:12.0985 0728 cmdide - ok 08:00:13.0027 0728 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys 08:00:13.0051 0728 CNG - ok 08:00:13.0063 0728 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 08:00:13.0074 0728 Compbatt - ok 08:00:13.0143 0728 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys 08:00:13.0193 0728 CompositeBus - ok 08:00:13.0211 0728 COMSysApp - ok 08:00:13.0221 0728 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 08:00:13.0234 0728 crcdisk - ok 08:00:13.0264 0728 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll 08:00:13.0297 0728 CryptSvc - ok 08:00:13.0343 0728 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 08:00:13.0389 0728 DcomLaunch - ok 08:00:13.0420 0728 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll 08:00:13.0477 0728 defragsvc - ok 08:00:13.0519 0728 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 08:00:13.0566 0728 DfsC - ok 08:00:13.0628 0728 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll 08:00:13.0670 0728 Dhcp - ok 08:00:13.0690 0728 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 08:00:13.0730 0728 discache - ok 08:00:13.0752 0728 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 08:00:13.0765 0728 Disk - ok 08:00:13.0803 0728 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll 08:00:13.0828 0728 Dnscache - ok 08:00:13.0867 0728 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll 08:00:13.0924 0728 dot3svc - ok 08:00:13.0938 0728 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll 08:00:13.0986 0728 DPS - ok 08:00:14.0012 0728 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 08:00:14.0031 0728 drmkaud - ok 08:00:14.0087 0728 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 08:00:14.0116 0728 DXGKrnl - ok 08:00:14.0140 0728 e1express (416a2007878ed1d6fc5dddb9e1f6db3e) C:\Windows\system32\DRIVERS\e1e6032e.sys 08:00:14.0187 0728 e1express - ok 08:00:14.0213 0728 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll 08:00:14.0260 0728 EapHost - ok 08:00:14.0400 0728 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 08:00:14.0469 0728 ebdrv - ok 08:00:14.0557 0728 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe 08:00:14.0593 0728 EFS - ok 08:00:14.0664 0728 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe 08:00:14.0703 0728 ehRecvr - ok 08:00:14.0732 0728 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe 08:00:14.0759 0728 ehSched - ok 08:00:14.0815 0728 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 08:00:14.0850 0728 elxstor - ok 08:00:14.0904 0728 EPSON_EB_RPCV4_04 (7db097f4f6786307168c0dddec43a565) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE 08:00:14.0927 0728 EPSON_EB_RPCV4_04 - ok 08:00:14.0953 0728 EPSON_PM_RPCV4_04 (258aa65a0862e19b7de6981fda3758ad) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE 08:00:14.0982 0728 EPSON_PM_RPCV4_04 - ok 08:00:15.0005 0728 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 08:00:15.0034 0728 ErrDev - ok 08:00:15.0071 0728 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll 08:00:15.0117 0728 EventSystem - ok 08:00:15.0143 0728 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 08:00:15.0194 0728 exfat - ok 08:00:15.0209 0728 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 08:00:15.0271 0728 fastfat - ok 08:00:15.0339 0728 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe 08:00:15.0366 0728 Fax - ok 08:00:15.0371 0728 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 08:00:15.0404 0728 fdc - ok 08:00:15.0427 0728 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll 08:00:15.0475 0728 fdPHost - ok 08:00:15.0485 0728 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll 08:00:15.0535 0728 FDResPub - ok 08:00:15.0547 0728 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 08:00:15.0561 0728 FileInfo - ok 08:00:15.0579 0728 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 08:00:15.0624 0728 Filetrace - ok 08:00:15.0717 0728 Fitbit (d4c0e5c287aad7ff3176731a310ab2af) C:\Program Files (x86)\Fitbit\fitbit.exe 08:00:15.0742 0728 Fitbit - ok 08:00:15.0804 0728 FLEXnet Licensing Service (abedfd48ac042c6aaad32452e77217a1) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe 08:00:15.0831 0728 FLEXnet Licensing Service - ok 08:00:15.0914 0728 FlipShare Service (b8602c90d3c427d8a86ce60437615cf5) C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe 08:00:15.0933 0728 FlipShare Service - ok 08:00:15.0995 0728 FlipShareServer (ac5fb7094f31534594cae48306972cbd) C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe 08:00:16.0036 0728 FlipShareServer ( UnsignedFile.Multi.Generic ) - warning 08:00:16.0037 0728 FlipShareServer - detected UnsignedFile.Multi.Generic (1) 08:00:16.0112 0728 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 08:00:16.0136 0728 flpydisk - ok 08:00:16.0175 0728 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 08:00:16.0195 0728 FltMgr - ok 08:00:16.0265 0728 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll 08:00:16.0312 0728 FontCache - ok 08:00:16.0382 0728 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 08:00:16.0400 0728 FontCache3.0.0.0 - ok 08:00:16.0437 0728 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 08:00:16.0451 0728 FsDepends - ok 08:00:16.0471 0728 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys 08:00:16.0486 0728 Fs_Rec - ok 08:00:16.0523 0728 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 08:00:16.0542 0728 fvevol - ok 08:00:16.0553 0728 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 08:00:16.0569 0728 gagp30kx - ok 08:00:16.0603 0728 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 08:00:16.0612 0728 GEARAspiWDM - ok 08:00:16.0661 0728 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll 08:00:16.0725 0728 gpsvc - ok 08:00:16.0766 0728 grmnusb (b9893a68032a6d9addb5b98287c630f7) C:\Windows\system32\drivers\grmnusb.sys 08:00:16.0777 0728 grmnusb - ok 08:00:16.0842 0728 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 08:00:16.0853 0728 gupdate - ok 08:00:16.0867 0728 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 08:00:16.0878 0728 gupdatem - ok 08:00:16.0918 0728 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe 08:00:16.0930 0728 gusvc - ok 08:00:16.0943 0728 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 08:00:16.0982 0728 hcw85cir - ok 08:00:17.0031 0728 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys 08:00:17.0060 0728 HdAudAddService - ok 08:00:17.0107 0728 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys 08:00:17.0149 0728 HDAudBus - ok 08:00:17.0185 0728 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 08:00:17.0216 0728 HidBatt - ok 08:00:17.0222 0728 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 08:00:17.0242 0728 HidBth - ok 08:00:17.0245 0728 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 08:00:17.0269 0728 HidIr - ok 08:00:17.0296 0728 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll 08:00:17.0342 0728 hidserv - ok 08:00:17.0386 0728 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys 08:00:17.0406 0728 HidUsb - ok 08:00:17.0436 0728 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll 08:00:17.0509 0728 hkmsvc - ok 08:00:17.0538 0728 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll 08:00:17.0574 0728 HomeGroupListener - ok 08:00:17.0608 0728 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll 08:00:17.0637 0728 HomeGroupProvider - ok 08:00:17.0675 0728 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 08:00:17.0689 0728 HpSAMD - ok 08:00:17.0745 0728 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 08:00:17.0797 0728 HTTP - ok 08:00:17.0809 0728 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 08:00:17.0822 0728 hwpolicy - ok 08:00:17.0853 0728 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys 08:00:17.0872 0728 i8042prt - ok 08:00:17.0912 0728 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys 08:00:17.0928 0728 iaStor - ok 08:00:17.0979 0728 IAStorDataMgrSvc (31a0e93cdf29007d6c6fffb632f375ed) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe 08:00:17.0991 0728 IAStorDataMgrSvc - ok 08:00:18.0037 0728 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys 08:00:18.0056 0728 iaStorV - ok 08:00:18.0139 0728 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 08:00:18.0161 0728 idsvc - ok 08:00:18.0192 0728 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 08:00:18.0205 0728 iirsp - ok 08:00:18.0264 0728 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll 08:00:18.0323 0728 IKEEXT - ok 08:00:18.0446 0728 IntcAzAudAddService (f5872a11eb4f6db170d636cd4e53ca9f) C:\Windows\system32\drivers\RTKVHD64.sys 08:00:18.0503 0728 IntcAzAudAddService - ok 08:00:18.0577 0728 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 08:00:18.0590 0728 intelide - ok 08:00:18.0618 0728 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 08:00:18.0647 0728 intelppm - ok 08:00:18.0665 0728 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll 08:00:18.0709 0728 IPBusEnum - ok 08:00:18.0734 0728 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 08:00:18.0789 0728 IpFilterDriver - ok 08:00:18.0853 0728 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll 08:00:18.0903 0728 iphlpsvc - ok 08:00:18.0928 0728 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 08:00:18.0961 0728 IPMIDRV - ok 08:00:18.0998 0728 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 08:00:19.0041 0728 IPNAT - ok 08:00:19.0156 0728 iPod Service (46d249f9db7844cc01050a9345f0f61b) C:\Program Files\iPod\bin\iPodService.exe 08:00:19.0180 0728 iPod Service - ok 08:00:19.0205 0728 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 08:00:19.0237 0728 IRENUM - ok 08:00:19.0259 0728 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 08:00:19.0270 0728 isapnp - ok 08:00:19.0302 0728 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 08:00:19.0320 0728 iScsiPrt - ok 08:00:19.0336 0728 JRAID (75ddb94a2a24f9f7037d10a2dda06d36) C:\Windows\system32\DRIVERS\jraid.sys 08:00:19.0348 0728 JRAID - ok 08:00:19.0379 0728 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys 08:00:19.0393 0728 kbdclass - ok 08:00:19.0429 0728 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys 08:00:19.0459 0728 kbdhid - ok 08:00:19.0490 0728 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 08:00:19.0508 0728 KeyIso - ok 08:00:19.0537 0728 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys 08:00:19.0549 0728 KSecDD - ok 08:00:19.0577 0728 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys 08:00:19.0591 0728 KSecPkg - ok 08:00:19.0612 0728 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 08:00:19.0658 0728 ksthunk - ok 08:00:19.0695 0728 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll 08:00:19.0754 0728 KtmRm - ok 08:00:19.0805 0728 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll 08:00:19.0865 0728 LanmanServer - ok 08:00:19.0894 0728 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll 08:00:19.0941 0728 LanmanWorkstation - ok 08:00:19.0955 0728 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 08:00:19.0992 0728 lltdio - ok 08:00:20.0027 0728 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll 08:00:20.0082 0728 lltdsvc - ok 08:00:20.0099 0728 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll 08:00:20.0134 0728 lmhosts - ok 08:00:20.0156 0728 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 08:00:20.0169 0728 LSI_FC - ok 08:00:20.0175 0728 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 08:00:20.0188 0728 LSI_SAS - ok 08:00:20.0194 0728 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 08:00:20.0208 0728 LSI_SAS2 - ok 08:00:20.0215 0728 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 08:00:20.0229 0728 LSI_SCSI - ok 08:00:20.0246 0728 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 08:00:20.0291 0728 luafv - ok 08:00:20.0320 0728 LVPr2M64 (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys 08:00:20.0330 0728 LVPr2M64 - ok 08:00:20.0337 0728 LVPr2Mon (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys 08:00:20.0349 0728 LVPr2Mon - ok 08:00:20.0411 0728 LVPrcS64 (9cd0dc863be5d40a762f7d84f11a8471) C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe 08:00:20.0430 0728 LVPrcS64 - ok 08:00:20.0452 0728 LVRS64 (8f0dd6ef66ef33e3d58ff8fbc7b6a1a6) C:\Windows\system32\DRIVERS\lvrs64.sys 08:00:20.0471 0728 LVRS64 - ok 08:00:20.0773 0728 LVUVC64 (f012f568c99a45f4ecd0b939c621b1a4) C:\Windows\system32\DRIVERS\lvuvc64.sys 08:00:20.0950 0728 LVUVC64 - ok 08:00:21.0045 0728 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys 08:00:21.0060 0728 MBAMProtector - ok 08:00:21.0169 0728 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 08:00:21.0198 0728 MBAMService - ok 08:00:21.0236 0728 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll 08:00:21.0260 0728 Mcx2Svc - ok 08:00:21.0279 0728 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 08:00:21.0294 0728 megasas - ok 08:00:21.0310 0728 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 08:00:21.0326 0728 MegaSR - ok 08:00:21.0374 0728 Microsoft SharePoint Workspace Audit Service - ok 08:00:21.0404 0728 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 08:00:21.0469 0728 MMCSS - ok 08:00:21.0473 0728 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 08:00:21.0521 0728 Modem - ok 08:00:21.0547 0728 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 08:00:21.0577 0728 monitor - ok 08:00:21.0606 0728 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys 08:00:21.0619 0728 mouclass - ok 08:00:21.0635 0728 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 08:00:21.0653 0728 mouhid - ok 08:00:21.0687 0728 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 08:00:21.0701 0728 mountmgr - ok 08:00:21.0740 0728 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 08:00:21.0751 0728 MozillaMaintenance - ok 08:00:21.0775 0728 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 08:00:21.0794 0728 mpio - ok 08:00:21.0810 0728 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 08:00:21.0855 0728 mpsdrv - ok 08:00:21.0917 0728 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll 08:00:21.0976 0728 MpsSvc - ok 08:00:22.0008 0728 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 08:00:22.0046 0728 MRxDAV - ok 08:00:22.0085 0728 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys 08:00:22.0110 0728 mrxsmb - ok 08:00:22.0145 0728 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys 08:00:22.0182 0728 mrxsmb10 - ok 08:00:22.0204 0728 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 08:00:22.0227 0728 mrxsmb20 - ok 08:00:22.0247 0728 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 08:00:22.0259 0728 msahci - ok 08:00:22.0285 0728 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 08:00:22.0299 0728 msdsm - ok 08:00:22.0322 0728 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe 08:00:22.0358 0728 MSDTC - ok 08:00:22.0395 0728 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 08:00:22.0434 0728 Msfs - ok 08:00:22.0447 0728 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 08:00:22.0505 0728 mshidkmdf - ok 08:00:22.0522 0728 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 08:00:22.0535 0728 msisadrv - ok 08:00:22.0573 0728 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll 08:00:22.0614 0728 MSiSCSI - ok 08:00:22.0617 0728 msiserver - ok 08:00:22.0641 0728 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 08:00:22.0684 0728 MSKSSRV - ok 08:00:22.0690 0728 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 08:00:22.0729 0728 MSPCLOCK - ok 08:00:22.0746 0728 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 08:00:22.0786 0728 MSPQM - ok 08:00:22.0819 0728 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 08:00:22.0836 0728 MsRPC - ok 08:00:22.0869 0728 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys 08:00:22.0881 0728 mssmbios - ok 08:00:22.0899 0728 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 08:00:22.0942 0728 MSTEE - ok 08:00:22.0945 0728 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 08:00:22.0966 0728 MTConfig - ok 08:00:22.0990 0728 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 08:00:23.0004 0728 Mup - ok 08:00:23.0043 0728 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll 08:00:23.0092 0728 napagent - ok 08:00:23.0120 0728 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 08:00:23.0150 0728 NativeWifiP - ok 08:00:23.0195 0728 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys 08:00:23.0222 0728 NDIS - ok 08:00:23.0241 0728 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 08:00:23.0279 0728 NdisCap - ok 08:00:23.0291 0728 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 08:00:23.0328 0728 NdisTapi - ok 08:00:23.0368 0728 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 08:00:23.0417 0728 Ndisuio - ok 08:00:23.0444 0728 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 08:00:23.0491 0728 NdisWan - ok 08:00:23.0525 0728 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 08:00:23.0559 0728 NDProxy - ok 08:00:23.0581 0728 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 08:00:23.0631 0728 NetBIOS - ok 08:00:23.0668 0728 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 08:00:23.0708 0728 NetBT - ok 08:00:23.0731 0728 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 08:00:23.0747 0728 Netlogon - ok 08:00:23.0783 0728 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll 08:00:23.0830 0728 Netman - ok 08:00:23.0856 0728 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll 08:00:23.0909 0728 netprofm - ok 08:00:23.0958 0728 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 08:00:23.0969 0728 NetTcpPortSharing - ok 08:00:23.0987 0728 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 08:00:23.0999 0728 nfrd960 - ok 08:00:24.0044 0728 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll 08:00:24.0092 0728 NlaSvc - ok 08:00:24.0123 0728 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 08:00:24.0162 0728 Npfs - ok 08:00:24.0176 0728 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll 08:00:24.0230 0728 nsi - ok 08:00:24.0251 0728 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 08:00:24.0303 0728 nsiproxy - ok 08:00:24.0381 0728 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys 08:00:24.0422 0728 Ntfs - ok 08:00:24.0487 0728 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 08:00:24.0526 0728 Null - ok 08:00:24.0564 0728 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys 08:00:24.0578 0728 nvraid - ok 08:00:24.0592 0728 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys 08:00:24.0609 0728 nvstor - ok 08:00:24.0641 0728 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 08:00:24.0654 0728 nv_agp - ok 08:00:24.0682 0728 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 08:00:24.0708 0728 ohci1394 - ok 08:00:24.0757 0728 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 08:00:24.0768 0728 ose - ok 08:00:25.0005 0728 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 08:00:25.0082 0728 osppsvc - ok 08:00:25.0170 0728 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 08:00:25.0190 0728 p2pimsvc - ok 08:00:25.0216 0728 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll 08:00:25.0239 0728 p2psvc - ok 08:00:25.0275 0728 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 08:00:25.0293 0728 Parport - ok 08:00:25.0321 0728 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys 08:00:25.0338 0728 partmgr - ok 08:00:25.0354 0728 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll 08:00:25.0381 0728 PcaSvc - ok 08:00:25.0411 0728 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 08:00:25.0425 0728 pci - ok 08:00:25.0447 0728 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 08:00:25.0457 0728 pciide - ok 08:00:25.0474 0728 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 08:00:25.0488 0728 pcmcia - ok 08:00:25.0501 0728 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 08:00:25.0514 0728 pcw - ok 08:00:25.0538 0728 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 08:00:25.0598 0728 PEAUTH - ok 08:00:25.0644 0728 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe 08:00:25.0670 0728 PerfHost - ok 08:00:25.0749 0728 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll 08:00:25.0814 0728 pla - ok 08:00:25.0859 0728 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll 08:00:25.0896 0728 PlugPlay - ok 08:00:25.0919 0728 PnkBstrA - ok 08:00:25.0941 0728 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll 08:00:25.0974 0728 PNRPAutoReg - ok 08:00:26.0005 0728 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 08:00:26.0024 0728 PNRPsvc - ok 08:00:26.0067 0728 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll 08:00:26.0118 0728 PolicyAgent - ok 08:00:26.0141 0728 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll 08:00:26.0188 0728 Power - ok 08:00:26.0235 0728 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 08:00:26.0273 0728 PptpMiniport - ok 08:00:26.0292 0728 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 08:00:26.0317 0728 Processor - ok 08:00:26.0359 0728 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll 08:00:26.0398 0728 ProfSvc - ok 08:00:26.0423 0728 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 08:00:26.0444 0728 ProtectedStorage - ok 08:00:26.0477 0728 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 08:00:26.0522 0728 Psched - ok 08:00:26.0544 0728 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys 08:00:26.0556 0728 PxHlpa64 - ok 08:00:26.0628 0728 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 08:00:26.0665 0728 ql2300 - ok 08:00:26.0728 0728 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 08:00:26.0744 0728 ql40xx - ok 08:00:26.0772 0728 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll 08:00:26.0801 0728 QWAVE - ok 08:00:26.0812 0728 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 08:00:26.0838 0728 QWAVEdrv - ok 08:00:26.0842 0728 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 08:00:26.0884 0728 RasAcd - ok 08:00:26.0900 0728 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 08:00:26.0946 0728 RasAgileVpn - ok 08:00:26.0962 0728 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll 08:00:27.0003 0728 RasAuto - ok 08:00:27.0029 0728 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 08:00:27.0075 0728 Rasl2tp - ok 08:00:27.0095 0728 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll 08:00:27.0134 0728 RasMan - ok 08:00:27.0158 0728 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 08:00:27.0206 0728 RasPppoe - ok 08:00:27.0223 0728 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 08:00:27.0268 0728 RasSstp - ok 08:00:27.0309 0728 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 08:00:27.0359 0728 rdbss - ok 08:00:27.0368 0728 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 08:00:27.0397 0728 rdpbus - ok 08:00:27.0404 0728 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 08:00:27.0447 0728 RDPCDD - ok 08:00:27.0461 0728 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 08:00:27.0513 0728 RDPENCDD - ok 08:00:27.0539 0728 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 08:00:27.0574 0728 RDPREFMP - ok 08:00:27.0605 0728 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys 08:00:27.0624 0728 RDPWD - ok 08:00:27.0656 0728 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 08:00:27.0671 0728 rdyboost - ok 08:00:27.0690 0728 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll 08:00:27.0743 0728 RemoteAccess - ok 08:00:27.0778 0728 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll 08:00:27.0816 0728 RemoteRegistry - ok 08:00:27.0906 0728 RoxLiveShare10 (d6e5c42cc027b2648cca5baceabaab03) C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe 08:00:27.0920 0728 RoxLiveShare10 - ok 08:00:27.0970 0728 RoxMediaDB10 (9896ba507d905c41820db90225049b57) C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe 08:00:27.0993 0728 RoxMediaDB10 - ok 08:00:28.0022 0728 RoxWatch10 (4dca97c64975fd0a3a17090a1a78f688) C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe 08:00:28.0034 0728 RoxWatch10 - ok 08:00:28.0100 0728 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll 08:00:28.0151 0728 RpcEptMapper - ok 08:00:28.0173 0728 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe 08:00:28.0204 0728 RpcLocator - ok 08:00:28.0251 0728 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 08:00:28.0293 0728 RpcSs - ok 08:00:28.0313 0728 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 08:00:28.0374 0728 rspndr - ok 08:00:28.0408 0728 RTL8167 (7ea8d2eb9bbfd2ab8a3117a1e96d3b3a) C:\Windows\system32\DRIVERS\Rt64win7.sys 08:00:28.0427 0728 RTL8167 - ok 08:00:28.0456 0728 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 08:00:28.0472 0728 SamSs - ok 08:00:28.0497 0728 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 08:00:28.0511 0728 sbp2port - ok 08:00:28.0531 0728 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll 08:00:28.0583 0728 SCardSvr - ok 08:00:28.0604 0728 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 08:00:28.0649 0728 scfilter - ok 08:00:28.0705 0728 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll 08:00:28.0767 0728 Schedule - ok 08:00:28.0798 0728 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 08:00:28.0837 0728 SCPolicySvc - ok 08:00:28.0865 0728 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll 08:00:28.0885 0728 SDRSVC - ok 08:00:28.0941 0728 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 08:00:28.0989 0728 secdrv - ok 08:00:29.0007 0728 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll 08:00:29.0041 0728 seclogon - ok 08:00:29.0060 0728 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll 08:00:29.0110 0728 SENS - ok 08:00:29.0152 0728 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll 08:00:29.0170 0728 SensrSvc - ok 08:00:29.0231 0728 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 08:00:29.0269 0728 Serenum - ok 08:00:29.0292 0728 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 08:00:29.0313 0728 Serial - ok 08:00:29.0337 0728 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 08:00:29.0355 0728 sermouse - ok 08:00:29.0381 0728 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll 08:00:29.0428 0728 SessionEnv - ok 08:00:29.0452 0728 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 08:00:29.0476 0728 sffdisk - ok 08:00:29.0482 0728 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 08:00:29.0513 0728 sffp_mmc - ok 08:00:29.0516 0728 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys 08:00:29.0541 0728 sffp_sd - ok 08:00:29.0547 0728 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 08:00:29.0575 0728 sfloppy - ok 08:00:29.0630 0728 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll 08:00:29.0682 0728 SharedAccess - ok 08:00:29.0718 0728 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll 08:00:29.0762 0728 ShellHWDetection - ok 08:00:29.0771 0728 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 08:00:29.0785 0728 SiSRaid2 - ok 08:00:29.0799 0728 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 08:00:29.0814 0728 SiSRaid4 - ok 08:00:29.0851 0728 SIUSBXP (4c9f8e72f87f50a6125aaa31b63b2d18) C:\Windows\system32\drivers\SiUSBXp.sys 08:00:29.0861 0728 SIUSBXP - ok 08:00:29.0873 0728 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 08:00:29.0923 0728 Smb - ok 08:00:29.0950 0728 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe 08:00:29.0974 0728 SNMPTRAP - ok 08:00:29.0985 0728 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 08:00:29.0999 0728 spldr - ok 08:00:30.0043 0728 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe 08:00:30.0085 0728 Spooler - ok 08:00:30.0224 0728 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe 08:00:30.0310 0728 sppsvc - ok 08:00:30.0372 0728 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll 08:00:30.0414 0728 sppuinotify - ok 08:00:30.0465 0728 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys 08:00:30.0497 0728 srv - ok 08:00:30.0524 0728 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys 08:00:30.0548 0728 srv2 - ok 08:00:30.0565 0728 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys 08:00:30.0596 0728 srvnet - ok 08:00:30.0639 0728 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll 08:00:30.0695 0728 SSDPSRV - ok 08:00:30.0716 0728 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll 08:00:30.0752 0728 SstpSvc - ok 08:00:30.0783 0728 Steam Client Service - ok 08:00:30.0800 0728 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 08:00:30.0811 0728 stexstor - ok 08:00:30.0863 0728 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll 08:00:30.0911 0728 stisvc - ok 08:00:30.0950 0728 stllssvr (ff5eb78af7dfb68c2fb363537aaf753e) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe 08:00:30.0961 0728 stllssvr - ok 08:00:30.0984 0728 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys 08:00:30.0996 0728 swenum - ok 08:00:31.0032 0728 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll 08:00:31.0083 0728 swprv - ok 08:00:31.0171 0728 SynchronizationService.exe (08c793f3e5d4124b0826e822e9cae633) C:\Program Files (x86)\COMODO\COMODO BackUp\SynchronizationService.exe 08:00:31.0205 0728 SynchronizationService.exe - ok 08:00:31.0343 0728 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll 08:00:31.0402 0728 SysMain - ok 08:00:31.0448 0728 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll 08:00:31.0473 0728 TabletInputService - ok 08:00:31.0499 0728 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll 08:00:31.0547 0728 TapiSrv - ok 08:00:31.0564 0728 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll 08:00:31.0609 0728 TBS - ok 08:00:31.0719 0728 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys 08:00:31.0763 0728 Tcpip - ok 08:00:31.0851 0728 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys 08:00:31.0887 0728 TCPIP6 - ok 08:00:31.0933 0728 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 08:00:31.0984 0728 tcpipreg - ok 08:00:32.0014 0728 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 08:00:32.0037 0728 TDPIPE - ok 08:00:32.0061 0728 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys 08:00:32.0088 0728 TDTCP - ok 08:00:32.0118 0728 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 08:00:32.0154 0728 tdx - ok 08:00:32.0180 0728 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys 08:00:32.0192 0728 TermDD - ok 08:00:32.0223 0728 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll 08:00:32.0263 0728 TermService - ok 08:00:32.0288 0728 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll 08:00:32.0317 0728 Themes - ok 08:00:32.0335 0728 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 08:00:32.0373 0728 THREADORDER - ok 08:00:32.0382 0728 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll 08:00:32.0434 0728 TrkWks - ok 08:00:32.0488 0728 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe 08:00:32.0542 0728 TrustedInstaller - ok 08:00:32.0568 0728 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 08:00:32.0611 0728 tssecsrv - ok 08:00:32.0647 0728 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 08:00:32.0673 0728 TsUsbFlt - ok 08:00:32.0706 0728 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 08:00:32.0750 0728 tunnel - ok 08:00:32.0765 0728 TurboB (825e7a1f48fb8bcfba27c178aab4e275) C:\Windows\system32\DRIVERS\TurboB.sys 08:00:32.0776 0728 TurboB - ok 08:00:32.0828 0728 TurboBoost (b206be1174d5964d49a56bb6c4e0524a) C:\Program Files\Intel\TurboBoost\TurboBoost.exe 08:00:32.0839 0728 TurboBoost - ok 08:00:32.0856 0728 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 08:00:32.0869 0728 uagp35 - ok 08:00:32.0908 0728 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 08:00:32.0954 0728 udfs - ok 08:00:32.0974 0728 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe 08:00:32.0991 0728 UI0Detect - ok 08:00:33.0018 0728 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 08:00:33.0030 0728 uliagpkx - ok 08:00:33.0060 0728 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys 08:00:33.0081 0728 umbus - ok 08:00:33.0096 0728 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 08:00:33.0119 0728 UmPass - ok 08:00:33.0148 0728 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll 08:00:33.0202 0728 upnphost - ok 08:00:33.0247 0728 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys 08:00:33.0271 0728 USBAAPL64 - ok 08:00:33.0300 0728 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys 08:00:33.0322 0728 usbaudio - ok 08:00:33.0345 0728 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys 08:00:33.0369 0728 usbccgp - ok 08:00:33.0405 0728 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 08:00:33.0423 0728 usbcir - ok 08:00:33.0444 0728 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys 08:00:33.0461 0728 usbehci - ok 08:00:33.0503 0728 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys 08:00:33.0547 0728 usbhub - ok 08:00:33.0568 0728 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys 08:00:33.0607 0728 usbohci - ok 08:00:33.0634 0728 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 08:00:33.0666 0728 usbprint - ok 08:00:33.0696 0728 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys 08:00:33.0730 0728 usbscan - ok 08:00:33.0756 0728 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS 08:00:33.0787 0728 USBSTOR - ok 08:00:33.0822 0728 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys 08:00:33.0845 0728 usbuhci - ok 08:00:33.0860 0728 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll 08:00:33.0913 0728 UxSms - ok 08:00:33.0938 0728 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 08:00:33.0957 0728 VaultSvc - ok 08:00:33.0992 0728 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 08:00:34.0005 0728 vdrvroot - ok 08:00:34.0044 0728 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe 08:00:34.0086 0728 vds - ok 08:00:34.0111 0728 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 08:00:34.0130 0728 vga - ok 08:00:34.0138 0728 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 08:00:34.0182 0728 VgaSave - ok 08:00:34.0207 0728 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 08:00:34.0223 0728 vhdmp - ok 08:00:34.0251 0728 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 08:00:34.0263 0728 viaide - ok 08:00:34.0299 0728 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 08:00:34.0317 0728 volmgr - ok 08:00:34.0357 0728 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 08:00:34.0378 0728 volmgrx - ok 08:00:34.0401 0728 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 08:00:34.0417 0728 volsnap - ok 08:00:34.0438 0728 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 08:00:34.0454 0728 vsmraid - ok 08:00:34.0529 0728 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe 08:00:34.0590 0728 VSS - ok 08:00:34.0664 0728 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys 08:00:34.0691 0728 vwifibus - ok 08:00:34.0704 0728 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 08:00:34.0739 0728 vwififlt - ok 08:00:34.0776 0728 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll 08:00:34.0818 0728 W32Time - ok 08:00:34.0829 0728 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 08:00:34.0861 0728 WacomPen - ok 08:00:34.0905 0728 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 08:00:34.0946 0728 WANARP - ok 08:00:34.0949 0728 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 08:00:34.0989 0728 Wanarpv6 - ok 08:00:35.0063 0728 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe 08:00:35.0096 0728 WatAdminSvc - ok 08:00:35.0190 0728 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe 08:00:35.0226 0728 wbengine - ok 08:00:35.0298 0728 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll 08:00:35.0322 0728 WbioSrvc - ok 08:00:35.0357 0728 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll 08:00:35.0400 0728 wcncsvc - ok 08:00:35.0417 0728 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll 08:00:35.0449 0728 WcsPlugInService - ok 08:00:35.0472 0728 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 08:00:35.0486 0728 Wd - ok 08:00:35.0524 0728 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys 08:00:35.0538 0728 WDC_SAM - ok 08:00:35.0569 0728 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 08:00:35.0591 0728 Wdf01000 - ok 08:00:35.0614 0728 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 08:00:35.0644 0728 WdiServiceHost - ok 08:00:35.0647 0728 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 08:00:35.0668 0728 WdiSystemHost - ok 08:00:35.0697 0728 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll 08:00:35.0728 0728 WebClient - ok 08:00:35.0746 0728 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll 08:00:35.0796 0728 Wecsvc - ok 08:00:35.0815 0728 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll 08:00:35.0869 0728 wercplsupport - ok 08:00:35.0911 0728 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll 08:00:35.0959 0728 WerSvc - ok 08:00:35.0997 0728 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 08:00:36.0036 0728 WfpLwf - ok 08:00:36.0046 0728 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 08:00:36.0063 0728 WIMMount - ok 08:00:36.0078 0728 WinDefend - ok 08:00:36.0082 0728 WinHttpAutoProxySvc - ok 08:00:36.0129 0728 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll 08:00:36.0167 0728 Winmgmt - ok 08:00:36.0262 0728 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll 08:00:36.0338 0728 WinRM - ok 08:00:36.0450 0728 winusb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys 08:00:36.0487 0728 winusb - ok 08:00:36.0539 0728 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll 08:00:36.0592 0728 Wlansvc - ok 08:00:36.0633 0728 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys 08:00:36.0652 0728 WmiAcpi - ok 08:00:36.0705 0728 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe 08:00:36.0733 0728 wmiApSrv - ok 08:00:36.0764 0728 WMPNetworkSvc - ok 08:00:36.0775 0728 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll 08:00:36.0796 0728 WPCSvc - ok 08:00:36.0819 0728 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll 08:00:36.0840 0728 WPDBusEnum - ok 08:00:36.0858 0728 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 08:00:36.0895 0728 ws2ifsl - ok 08:00:36.0916 0728 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll 08:00:36.0940 0728 wscsvc - ok 08:00:36.0943 0728 WSearch - ok 08:00:37.0060 0728 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll 08:00:37.0118 0728 wuauserv - ok 08:00:37.0215 0728 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 08:00:37.0264 0728 WudfPf - ok 08:00:37.0287 0728 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 08:00:37.0342 0728 WUDFRd - ok 08:00:37.0374 0728 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll 08:00:37.0410 0728 wudfsvc - ok 08:00:37.0435 0728 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll 08:00:37.0472 0728 WwanSvc - ok 08:00:37.0497 0728 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0 08:00:37.0871 0728 \Device\Harddisk0\DR0 - ok 08:00:37.0877 0728 MBR (0x1B8) (5ea978854b06a98f85feac56e59420ca) \Device\Harddisk5\DR5 08:00:39.0617 0728 \Device\Harddisk5\DR5 - ok 08:00:39.0620 0728 Boot (0x1200) (fba2ceef3919a85712bd4b69cd0dc609) \Device\Harddisk0\DR0\Partition0 08:00:39.0621 0728 \Device\Harddisk0\DR0\Partition0 - ok 08:00:39.0632 0728 Boot (0x1200) (d6d83660d2d45b4309b3ad28c9f12fb2) \Device\Harddisk0\DR0\Partition1 08:00:39.0634 0728 \Device\Harddisk0\DR0\Partition1 - ok 08:00:39.0644 0728 Boot (0x1200) (68d8b7efc919489596e88fe4dc923f30) \Device\Harddisk0\DR0\Partition2 08:00:39.0646 0728 \Device\Harddisk0\DR0\Partition2 - ok 08:00:39.0647 0728 ============================================================ 08:00:39.0647 0728 Scan finished 08:00:39.0647 0728 ============================================================ 08:00:39.0655 2116 Detected object count: 2 08:00:39.0655 2116 Actual detected object count: 2 08:06:50.0557 2116 AllShare ( UnsignedFile.Multi.Generic ) - skipped by user 08:06:50.0557 2116 AllShare ( UnsignedFile.Multi.Generic ) - User select action: Skip 08:06:50.0559 2116 FlipShareServer ( UnsignedFile.Multi.Generic ) - skipped by user 08:06:50.0559 2116 FlipShareServer ( UnsignedFile.Multi.Generic ) - User select action: Skip
  13. Done, here is the log: Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 20-07-2012 01 Ran by SYSTEM at 2012-07-21 17:26:27 Run:1 Running from K:\ ============================================== C:\Windows\Installer\{f53a5367-4fca-325a-714d-1f5d6955c7e1} moved successfully. C:\Users\Schwebach\AppData\Local\{f53a5367-4fca-325a-714d-1f5d6955c7e1} moved successfully. C:\Windows\assembly\GAC_32\Desktop.ini moved successfully. C:\Windows\assembly\GAC_64\Desktop.ini moved successfully. C:\Windows\System32\services.exe moved successfully. C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe ==== End of Fixlog ====
  14. Thank you Mr C. I would like to try and remove it first. Here are the requested logs: FRST.exe Scan result of Farbar Recovery Scan Tool Version: 20-07-2012 01 Ran by SYSTEM at 21-07-2012 11:06:20 Running from K:\ Windows 7 Home Premium (X64) OS Language: English(US) The current controlset is ControlSet001 ========================== Registry (Whitelisted) ============= HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11057768 2010-07-06] (Realtek Semiconductor) HKLM-x32\...\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation) HKLM-x32\...\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe [36864 2007-03-20] () HKLM-x32\...\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-05-27] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [] [x] HKLM-x32\...\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [244208 2009-06-10] (Sonic Solutions) HKLM-x32\...\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation) HKLM-x32\...\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide [165208 2010-05-07] (Logitech Inc.) HKLM-x32\...\Run: [intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManager.lnk" [1309 2011-03-09] () HKLM-x32\...\Run: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [948880 2011-03-03] (Carbonite, Inc.) HKLM-x32\...\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" [976320 2009-12-03] (SEIKO EPSON CORPORATION) HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2012-03-27] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated) HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.) HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-01] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-12-07] (Apple Inc.) HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot [296056 2012-06-04] (RealNetworks, Inc.) HKU\Schwebach\...\Run: [steam] "c:\program files (x86)\steam\steam.exe" -silent [1242448 2011-08-02] (Valve Corporation) HKU\Schwebach\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-08-19] (Google Inc.) HKU\Schwebach\...\Run: [Logitech Vid HD] "C:\Program Files (x86)\Logitech\Vid\vid.exe" -bootmode [6061400 2010-05-11] (Logitech Inc.) HKU\Schwebach\...\Run: [EPSON NX620 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGAA.EXE /FU "C:\Windows\TEMP\E_SD5C5.tmp" /EF "HKCU" [224768 2010-01-12] (SEIKO EPSON CORPORATION) HKU\Schwebach\...\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59240 2011-11-11] (Apple Inc.) HKU\Schwebach\...\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59240 2011-11-11] (Apple Inc.) HKU\Schwebach\...\Run: [Fitbit Service Monitor] C:\Program Files (x86)\Fitbit\fitbit-tray.exe [2164256 2011-10-26] (Fitbit, Inc.) Tcpip\Parameters: [DhcpNameServer] 24.159.193.40 24.205.224.36 68.190.192.35 ==================== Services (Whitelisted) ====== 2 AdobeActiveFileMonitor8.0; C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [169312 2009-10-09] (Adobe Systems Incorporated) 2 AllShare; C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [6638080 2010-07-16] () 2 CarboniteService; "C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe" [6315664 2011-03-03] (Carbonite, Inc. (www.carbonite.com)) 2 FlipShare Service; "C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe" [460144 2011-05-06] () 2 FlipShareServer; "C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe" [1085440 2011-05-06] () 2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation) 2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75064 2010-10-19] () 3 stllssvr; "C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe" [74392 2009-04-30] (MicroVision Development, Inc.) 2 SynchronizationService.exe; "C:\Program Files (x86)\COMODO\COMODO BackUp\SynchronizationService.exe" [1143032 2010-01-07] () 3 aspnet_state; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [x] ========================== Drivers (Whitelisted) ============= 3 AE1000; C:\Windows\System32\DRIVERS\ae1000w7.sys [1101600 2010-02-12] (Ralink Technology Corp.) 0 bdisk; C:\Windows\SysWow64\Drivers\bdisk.sys [74328 2010-01-07] () 0 CBUfs; C:\Windows\SysWow64\Drivers\CBUfs.sys [140760 2010-01-07] (COMODO Security Solutions Inc.) 3 LVPr2M64; C:\Windows\System32\Drivers\LVPr2M64.sys [30304 2010-05-07] () 3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] () 3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation) 2 TurboB; C:\Windows\System32\Drivers\TurboB.sys [13784 2009-11-02] () ========================== NetSvcs (Whitelisted) =========== ============ One Month Created Files and Folders ============== 2012-07-21 11:06 - 2012-07-21 11:06 - 00000000 ____D C:\FRST 2012-07-21 07:05 - 2012-07-21 07:05 - 00008863 ____A C:\Users\Schwebach\Desktop\Attach.txt 2012-07-21 07:04 - 2012-07-21 07:04 - 00025877 ____A C:\Users\Schwebach\Desktop\DDS.txt 2012-07-21 07:03 - 2012-07-21 07:03 - 00607260 ____R (Swearware) C:\Users\Schwebach\Desktop\dds.com 2012-07-21 06:49 - 2012-07-21 06:49 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\Schwebach\Desktop\tdsskiller.exe 2012-07-21 06:48 - 2012-07-21 06:48 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\Schwebach\Downloads\tdsskiller.exe 2012-07-20 19:17 - 2012-07-20 19:17 - 00000000 ____D C:\Users\Schwebach\AppData\Local\Macromedia 2012-07-20 19:08 - 2012-07-20 19:08 - 00001137 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk 2012-07-20 19:08 - 2012-07-20 19:08 - 00000000 ____D C:\Users\All Users\Mozilla 2012-07-20 19:08 - 2012-07-20 19:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2012-07-20 19:06 - 2012-07-20 19:06 - 16801656 ____A (Mozilla) C:\Users\Schwebach\Downloads\Firefox Setup 14.0.1.exe 2012-07-19 21:02 - 2012-07-19 21:02 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA% 2012-07-15 11:20 - 2012-07-15 11:20 - 00000000 ____D C:\Program Files (x86)\Garmin 2012-07-12 00:04 - 2012-07-12 00:04 - 00264764 ____A C:\Windows\msxml4-KB2721691-enu.LOG 2012-07-12 00:04 - 2012-06-11 19:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-07-12 00:01 - 2012-06-02 04:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-07-12 00:01 - 2012-06-02 04:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-07-12 00:01 - 2012-06-02 04:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-07-12 00:01 - 2012-06-02 04:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-07-12 00:01 - 2012-06-02 04:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-07-12 00:01 - 2012-06-02 04:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-07-12 00:01 - 2012-06-02 04:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-07-12 00:01 - 2012-06-02 04:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-07-12 00:01 - 2012-06-02 04:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-07-12 00:01 - 2012-06-02 04:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-07-12 00:01 - 2012-06-02 03:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-07-12 00:01 - 2012-06-02 03:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-07-12 00:01 - 2012-06-02 03:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-07-12 00:01 - 2012-06-02 03:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-07-12 00:01 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2012-07-12 00:01 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2012-07-12 00:01 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2012-07-12 00:01 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2012-07-12 00:01 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2012-07-12 00:01 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2012-07-12 00:01 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2012-07-12 00:01 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2012-07-12 00:01 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2012-07-12 00:01 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2012-07-12 00:01 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2012-07-12 00:01 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2012-07-12 00:01 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2012-07-12 00:01 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2012-07-11 01:05 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll 2012-07-11 01:05 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll 2012-07-11 01:05 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2012-07-11 01:05 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2012-07-11 01:05 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll 2012-07-11 01:05 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2012-07-11 01:04 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll 2012-07-11 01:04 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2012-07-11 01:04 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll 2012-07-11 01:04 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll 2012-07-11 01:04 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys 2012-07-11 01:04 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys 2012-07-11 01:04 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys 2012-07-11 01:04 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll 2012-07-11 01:04 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll 2012-07-11 01:04 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2012-07-11 01:04 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2012-07-11 01:04 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2012-07-11 01:04 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2012-06-25 13:04 - 2012-06-25 13:04 - 01394248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml4.dll 2012-06-21 06:24 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll 2012-06-21 06:24 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll 2012-06-21 06:24 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe 2012-06-21 06:24 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll 2012-06-21 06:24 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll 2012-06-21 06:24 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll 2012-06-21 06:24 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll 2012-06-21 06:24 - 2012-06-02 12:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll 2012-06-21 06:24 - 2012-06-02 12:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe ============ 3 Months Modified Files ======================== 2012-07-21 08:02 - 2010-07-28 09:55 - 01705043 ____A C:\Windows\WindowsUpdate.log 2012-07-21 08:02 - 2009-07-13 21:13 - 00739918 ____A C:\Windows\System32\PerfStringBackup.INI 2012-07-21 07:50 - 2010-08-19 16:00 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2012-07-21 07:24 - 2012-05-13 07:13 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2012-07-21 07:05 - 2012-07-21 07:05 - 00008863 ____A C:\Users\Schwebach\Desktop\Attach.txt 2012-07-21 07:04 - 2012-07-21 07:04 - 00025877 ____A C:\Users\Schwebach\Desktop\DDS.txt 2012-07-21 07:03 - 2012-07-21 07:03 - 00607260 ____R (Swearware) C:\Users\Schwebach\Desktop\dds.com 2012-07-21 06:49 - 2012-07-21 06:49 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\Schwebach\Desktop\tdsskiller.exe 2012-07-21 06:48 - 2012-07-21 06:48 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\Schwebach\Downloads\tdsskiller.exe 2012-07-21 06:26 - 2010-08-19 16:00 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2012-07-21 05:12 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2012-07-21 05:12 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2012-07-21 05:05 - 2010-08-20 16:14 - 20554329 ____A C:\Windows\SysWOW64\http_ss.log 2012-07-21 05:05 - 2010-08-20 16:14 - 00000074 ____A C:\Windows\SysWOW64\log.log 2012-07-21 05:05 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-07-21 05:05 - 2009-07-13 20:51 - 00063485 ____A C:\Windows\setupact.log 2012-07-21 04:42 - 2010-08-19 19:51 - 00096592 ____A C:\Windows\PFRO.log 2012-07-20 19:08 - 2012-07-20 19:08 - 00001137 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk 2012-07-20 19:06 - 2012-07-20 19:06 - 16801656 ____A (Mozilla) C:\Users\Schwebach\Downloads\Firefox Setup 14.0.1.exe 2012-07-12 06:24 - 2012-05-13 07:13 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2012-07-12 06:24 - 2011-08-07 15:40 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2012-07-12 00:21 - 2009-07-13 20:45 - 00460256 ____A C:\Windows\System32\FNTCACHE.DAT 2012-07-12 00:04 - 2012-07-12 00:04 - 00264764 ____A C:\Windows\msxml4-KB2721691-enu.LOG 2012-07-12 00:02 - 2010-08-19 19:57 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2012-07-03 10:46 - 2010-08-19 18:18 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-06-25 13:04 - 2012-06-25 13:04 - 01394248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml4.dll 2012-06-11 19:08 - 2012-07-12 00:04 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-06-08 21:43 - 2012-07-11 01:04 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll 2012-06-08 20:41 - 2012-07-11 01:04 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2012-06-05 22:06 - 2012-07-11 01:05 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll 2012-06-05 22:06 - 2012-07-11 01:05 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll 2012-06-05 22:02 - 2012-07-11 01:04 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll 2012-06-05 21:05 - 2012-07-11 01:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2012-06-05 21:05 - 2012-07-11 01:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2012-06-05 21:03 - 2012-07-11 01:04 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll 2012-06-04 07:23 - 2012-06-04 07:23 - 00198832 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll 2012-06-04 07:23 - 2012-06-04 07:23 - 00001042 ____A C:\Users\Public\Desktop\RealPlayer.lnk 2012-06-04 07:22 - 2012-06-04 07:22 - 00499712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll 2012-06-04 07:22 - 2012-06-04 07:22 - 00348160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll 2012-06-04 07:22 - 2012-06-04 07:22 - 00272896 ____A (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll 2012-06-04 07:22 - 2012-06-04 07:22 - 00006656 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5016.dll 2012-06-04 07:22 - 2012-06-04 07:22 - 00005632 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5032.dll 2012-06-02 14:19 - 2012-06-21 06:24 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll 2012-06-02 14:19 - 2012-06-21 06:24 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll 2012-06-02 14:19 - 2012-06-21 06:24 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe 2012-06-02 14:19 - 2012-06-21 06:24 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll 2012-06-02 14:19 - 2012-06-21 06:24 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll 2012-06-02 14:15 - 2012-06-21 06:24 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll 2012-06-02 14:15 - 2012-06-21 06:24 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll 2012-06-02 12:19 - 2012-06-21 06:24 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll 2012-06-02 12:15 - 2012-06-21 06:24 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe 2012-06-02 04:49 - 2012-07-12 00:01 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-06-02 04:17 - 2012-07-12 00:01 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-06-02 04:12 - 2012-07-12 00:01 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-06-02 04:05 - 2012-07-12 00:01 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-06-02 04:05 - 2012-07-12 00:01 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-06-02 04:04 - 2012-07-12 00:01 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-06-02 04:04 - 2012-07-12 00:01 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-06-02 04:03 - 2012-07-12 00:01 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-06-02 04:01 - 2012-07-12 00:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-06-02 04:00 - 2012-07-12 00:01 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-06-02 03:59 - 2012-07-12 00:01 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-06-02 03:57 - 2012-07-12 00:01 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-06-02 03:57 - 2012-07-12 00:01 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-06-02 03:54 - 2012-07-12 00:01 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-06-02 01:07 - 2012-07-12 00:01 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2012-06-02 00:43 - 2012-07-12 00:01 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2012-06-02 00:33 - 2012-07-12 00:01 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2012-06-02 00:26 - 2012-07-12 00:01 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2012-06-02 00:25 - 2012-07-12 00:01 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2012-06-02 00:25 - 2012-07-12 00:01 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2012-06-02 00:23 - 2012-07-12 00:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2012-06-02 00:21 - 2012-07-12 00:01 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2012-06-02 00:20 - 2012-07-12 00:01 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2012-06-02 00:19 - 2012-07-12 00:01 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2012-06-02 00:19 - 2012-07-12 00:01 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2012-06-02 00:17 - 2012-07-12 00:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2012-06-02 00:16 - 2012-07-12 00:01 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2012-06-02 00:14 - 2012-07-12 00:01 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2012-06-01 21:50 - 2012-07-11 01:04 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys 2012-06-01 21:48 - 2012-07-11 01:04 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys 2012-06-01 21:48 - 2012-07-11 01:04 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys 2012-06-01 21:45 - 2012-07-11 01:04 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll 2012-06-01 21:44 - 2012-07-11 01:04 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll 2012-06-01 20:40 - 2012-07-11 01:04 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2012-06-01 20:40 - 2012-07-11 01:04 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2012-06-01 20:39 - 2012-07-11 01:04 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2012-06-01 20:34 - 2012-07-11 01:04 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2012-05-31 09:25 - 2010-08-19 14:51 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe 2012-05-13 07:14 - 2012-05-13 07:14 - 00002021 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk 2012-05-10 09:47 - 2012-05-10 09:47 - 00353357 ____A C:\Users\Schwebach\Documents\021457069 - House FINAL PLANS - 2005.11.04.tif 2012-05-04 03:06 - 2012-06-13 10:50 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2012-05-04 02:03 - 2012-06-13 10:50 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2012-05-04 02:03 - 2012-06-13 10:50 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2012-05-01 07:39 - 2012-05-01 07:39 - 01927240 ____A (Fitbit, Inc. ) C:\Users\Schwebach\Downloads\Fitbit-Uploader-For-Windows-2.1.0.exe 2012-04-30 21:40 - 2012-06-13 10:50 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll 2012-04-30 18:53 - 2012-04-30 18:53 - 00013560 ____A C:\Users\Schwebach\Desktop\Copy of 1st Grade deposit.xlsx 2012-04-27 19:55 - 2012-06-13 10:50 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys 2012-04-25 21:41 - 2012-06-13 10:50 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll 2012-04-25 21:41 - 2012-06-13 10:50 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll 2012-04-25 21:34 - 2012-06-13 10:50 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe 2012-04-24 20:13 - 2010-10-11 08:51 - 00076288 ____A C:\Users\Schwebach\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2012-04-23 21:37 - 2012-06-13 10:50 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2012-04-23 21:37 - 2012-06-13 10:50 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll 2012-04-23 21:37 - 2012-06-13 10:50 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll 2012-04-23 20:36 - 2012-06-13 10:50 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2012-04-23 20:36 - 2012-06-13 10:50 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2012-04-23 20:36 - 2012-06-13 10:50 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll ZeroAccess: C:\Windows\Installer\{f53a5367-4fca-325a-714d-1f5d6955c7e1} C:\Windows\Installer\{f53a5367-4fca-325a-714d-1f5d6955c7e1}\@ C:\Windows\Installer\{f53a5367-4fca-325a-714d-1f5d6955c7e1}\L C:\Windows\Installer\{f53a5367-4fca-325a-714d-1f5d6955c7e1}\U C:\Windows\Installer\{f53a5367-4fca-325a-714d-1f5d6955c7e1}\L\00000004.@ C:\Windows\Installer\{f53a5367-4fca-325a-714d-1f5d6955c7e1}\L\1afb2d56 C:\Windows\Installer\{f53a5367-4fca-325a-714d-1f5d6955c7e1}\L\201d3dde C:\Windows\Installer\{f53a5367-4fca-325a-714d-1f5d6955c7e1}\U\00000004.@ C:\Windows\Installer\{f53a5367-4fca-325a-714d-1f5d6955c7e1}\U\00000008.@ C:\Windows\Installer\{f53a5367-4fca-325a-714d-1f5d6955c7e1}\U\000000cb.@ C:\Windows\Installer\{f53a5367-4fca-325a-714d-1f5d6955c7e1}\U\80000000.@ C:\Windows\Installer\{f53a5367-4fca-325a-714d-1f5d6955c7e1}\U\80000032.@ C:\Windows\Installer\{f53a5367-4fca-325a-714d-1f5d6955c7e1}\U\80000064.@ ZeroAccess: C:\Users\Schwebach\AppData\Local\{f53a5367-4fca-325a-714d-1f5d6955c7e1} C:\Users\Schwebach\AppData\Local\{f53a5367-4fca-325a-714d-1f5d6955c7e1}\@ C:\Users\Schwebach\AppData\Local\{f53a5367-4fca-325a-714d-1f5d6955c7e1}\L C:\Users\Schwebach\AppData\Local\{f53a5367-4fca-325a-714d-1f5d6955c7e1}\n C:\Users\Schwebach\AppData\Local\{f53a5367-4fca-325a-714d-1f5d6955c7e1}\U ZeroAccess: C:\Windows\assembly\GAC_32\Desktop.ini ZeroAccess: C:\Windows\assembly\GAC_64\Desktop.ini ========================= Known DLLs (Whitelisted) ============ ========================= Bamital & volsnap Check ============ C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!. C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ========================= Memory info ====================== Percentage of memory in use: 9% Total physical RAM: 8183.08 MB Available physical RAM: 7375.64 MB Total Pagefile: 8181.23 MB Available Pagefile: 7363.41 MB Total Virtual: 8192 MB Available Virtual: 8191.9 MB ======================= Partitions ========================= 1 Drive c: (WINDOWS) (Fixed) (Total:891.02 GB) (Free:719.52 GB) NTFS 2 Drive d: (ImageBackup) (Fixed) (Total:40 GB) (Free:35.35 GB) NTFS 8 Drive k: () (Removable) (Total:7.45 GB) (Free:7.14 GB) FAT32 10 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS 11 Drive y: (SYSTEM) (Fixed) (Total:0.49 GB) (Free:0.44 GB) NTFS ==>[system with boot components (obtained from reading drive)] Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 931 GB 1024 KB Disk 1 No Media 0 B 0 B Disk 2 No Media 0 B 0 B Disk 3 No Media 0 B 0 B Disk 4 No Media 0 B 0 B Disk 5 Online 7640 MB 0 B Disk 6 No Media 0 B 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 500 MB 1024 KB Partition 0 Extended 40 GB 501 MB Partition 3 Logical 39 GB 502 MB Partition 2 Primary 891 GB 40 GB ================================================================================== Disk: 0 Partition 1 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 Y SYSTEM NTFS Partition 500 MB Healthy ================================================================================== Disk: 0 Partition 3 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 D ImageBackup NTFS Partition 39 GB Healthy ================================================================================== Disk: 0 Partition 2 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 C WINDOWS NTFS Partition 891 GB Healthy ================================================================================== Partitions of Disk 5: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- * Partition 1 Primary 7640 MB 0 B ================================================================================== Disk: 5 There is no partition selected. There is no partition selected. Please select a partition and try again. ================================================================================== ========================================================== Last Boot: 2012-07-17 21:59 ======================= End Of Log ========================== Search.txt Farbar Recovery Scan Tool Version: 20-07-2012 01 Ran by SYSTEM at 2012-07-21 11:08:56 Running from K:\ ================== Search: "services.exe" =================== C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB C:\Windows\System32\services.exe [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06 ====== End Of Search ======
  15. Hello all, I am infected with the Trojan.Dropper.BCMiner virus and multiple attempts to remove it via Malware Bytes as failed. I would appreciate any help in removing the virus. Thank You Here are the logs for DDS and Attach DDS . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31 Run by Schwebach at 10:04:01 on 2012-07-21 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8183.5968 [GMT -5:00] . SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\atieclxx.exe C:\Windows\System32\spoolsv.exe C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\http_ss_win_pro.exe C:\Windows\system32\conhost.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE C:\Program Files (x86)\Fitbit\fitbit.exe C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe C:\Program Files (x86)\Common Files\Logishrd\LVMVFM\LVPrS64H.exe C:\Windows\SysWOW64\PnkBstrA.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\COMODO\COMODO BackUp\SynchronizationService.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files (x86)\Steam\steam.exe C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files (x86)\Logitech\Vid\Vid.exe C:\Windows\System32\spool\drivers\x64\3\E_IATIGAA.EXE C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe C:\Program Files (x86)\Fitbit\fitbit-tray.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManager.exe C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\real\realplayer\Update\realsched.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files (x86)\Common Files\Steam\SteamService.exe "C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Windows\system32\vssvc.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . uSearch Page = hxxp://www.google.com uStart Page = hxxp://www.google.com/ uSearch Bar = hxxp://www.google.com/ie uDefault_Search_URL = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mWinlogon: Userinit=userinit.exe, BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll uRun: [steam] "c:\program files (x86)\steam\steam.exe" -silent uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" uRun: [Logitech Vid HD] "C:\Program Files (x86)\Logitech\Vid\vid.exe" -bootmode uRun: [EPSON NX620 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGAA.EXE /FU "C:\Windows\TEMP\E_SD5C5.tmp" /EF "HKCU" uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe uRun: [Fitbit Service Monitor] C:\Program Files (x86)\Fitbit\fitbit-tray.exe mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [<no name="">] mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide mRun: [intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManager.lnk" mRun: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll LSP: mswsock.dll DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://samsclubus.pnimedia.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab TCP: DhcpNameServer = 24.159.193.40 24.205.224.36 68.190.192.35 TCP: Interfaces\{98B4A98E-73B0-4CB6-BF7A-9ACA5083698E} : DhcpNameServer = 24.159.193.40 24.205.224.36 68.190.192.35 TCP: Interfaces\{9B3509C1-E37B-4502-9308-A8675CE5DD61} : DhcpNameServer = 24.159.193.40 24.205.224.36 68.190.192.35 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO-X64: 0x1 - No File BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO-X64: SkypeIEPluginBHO - No File BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun-x64: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun-x64: [(Default)] mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun-x64: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide mRun-x64: [intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManager.lnk" mRun-x64: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe mRun-x64: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Schwebach\AppData\Roaming\Mozilla\Firefox\Profiles\4zfmrble.default\ FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll . ============= SERVICES / DRIVERS =============== . R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-9 169312] R2 AllShare;SAMSUNG AllShare Service;C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [2010-7-16 6638080] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] R2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2011-9-10 166400] R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2011-9-10 128512] R2 Fitbit;Fitbit Data Uploader;C:\Program Files (x86)\Fitbit\fitbit.exe [2012-5-1 788000] R2 FlipShareServer;FlipShare Server;C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [2011-5-6 1085440] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-7-28 13336] R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe [2010-5-7 197976] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-14 655944] R2 SynchronizationService.exe;Comodo BackUp Service;C:\Program Files (x86)\COMODO\COMODO BackUp\SynchronizationService.exe [2010-1-7 1143032] R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?] R3 AE1000;Linksys AE1000 Driver;C:\Windows\system32\DRIVERS\ae1000w7.sys --> C:\Windows\system32\DRIVERS\ae1000w7.sys [?] R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?] R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?] R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys --> C:\Windows\system32\DRIVERS\LVPr2M64.sys [?] R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?] R3 LVUVC64;Logitech QuickCam Pro 9000(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] R3 SIUSBXP;SIUSBXP;C:\Windows\system32\drivers\SiUSBXp.sys --> C:\Windows\system32\drivers\SiUSBXp.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-8-19 136176] S2 RoxLiveShare10;LiveShare P2P Server 10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2009-6-10 309744] S2 RoxWatch10;Roxio Hard Drive Watcher 10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2009-6-10 166384] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-13 250056] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-8-19 136176] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880] S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-7-20 113120] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-6-10 1124848] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-2 126352] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?] . =============== Created Last 30 ================ . 2012-07-21 03:17:40 -------- d-----w- C:\Users\Schwebach\AppData\Local\Macromedia 2012-07-21 03:08:22 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service 2012-07-21 03:07:58 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll 2012-07-21 03:07:58 68576 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll 2012-07-21 03:07:58 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll 2012-07-21 03:07:58 157608 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe 2012-07-21 03:07:57 573920 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll 2012-07-21 03:07:57 2106216 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_43.dll 2012-07-21 03:07:57 1998168 ----a-w- C:\Program Files (x86)\Mozilla Firefox\d3dx9_43.dll 2012-07-21 03:07:57 113120 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe 2012-07-21 01:43:35 115712 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\2BE1.tmp.dat 2012-07-21 01:40:32 115712 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\5F40.tmp.dat 2012-07-20 05:02:47 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA% 2012-07-17 10:37:28 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DB64BF19-3848-4F40-AE7C-D3CFA760ADE7}\mpengine.dll 2012-07-15 19:20:40 -------- d-----w- C:\Program Files (x86)\Garmin 2012-07-12 08:04:27 3148800 ----a-w- C:\Windows\System32\win32k.sys 2012-07-11 09:05:01 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll 2012-07-11 09:05:01 2048 ----a-w- C:\Windows\System32\msxml3r.dll 2012-07-11 09:05:01 2004480 ----a-w- C:\Windows\System32\msxml6.dll 2012-07-11 09:05:01 1881600 ----a-w- C:\Windows\System32\msxml3.dll 2012-07-11 09:05:01 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll 2012-07-11 09:05:01 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll 2012-06-25 21:04:24 1394248 ----a-w- C:\Windows\SysWow64\msxml4.dll . ==================== Find3M ==================== . 2012-07-12 14:24:07 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-12 14:24:07 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-07-03 18:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll 2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll 2012-06-04 15:22:12 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll 2012-06-04 15:22:12 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll 2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll 2012-06-02 20:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll 2012-06-02 20:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe 2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll 2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys 2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll 2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll 2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll 2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll 2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll 2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll 2012-05-31 17:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe 2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll 2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll 2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll 2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe 2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll 2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll 2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll 2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll . ============= FINISH: 10:04:35.34 =============== ATTACH . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 8/19/2010 2:29:43 PM System Uptime: 7/21/2012 8:05:18 AM (2 hours ago) . Motherboard: MSI | | P55-CD53 (MS-7586) Processor: Intel® Core i5 CPU 650 @ 3.20GHz | CPU1 | 3201/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 891 GiB total, 719.559 GiB free. D: is FIXED (NTFS) - 40 GiB total, 35.353 GiB free. E: is CDROM () F: is Removable G: is Removable H: is Removable I: is Removable J: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP264: 7/10/2012 5:49:55 AM - Windows Update RP265: 7/12/2012 3:00:13 AM - Windows Update RP266: 7/17/2012 5:36:48 AM - Windows Update . ==== Installed Programs ====================== . Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Photoshop Elements 8.0 Adobe Reader 9.5.1 Adobe Shockwave Player 11.6 Amazon MP3 Downloader 1.0.10 Angry Birds Apple Application Support Apple Software Update ATI Catalyst Registration Call of Duty® 4 - Modern Warfare Call of Duty: Black Ops Call of Duty: Black Ops - Multiplayer Call of Duty: Modern Warfare 2 Call of Duty: Modern Warfare 2 - Multiplayer CameraHelperMsi Carbonite Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center Graphics Previews Vista Catalyst Control Center InstallProxy ccc-core-static CCC Help English COMODO BackUp Coupon Printer for Windows Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition DirectX 9 Runtime Epson Event Manager EPSON Scan erLT ExpertGPS 4.34 FirstClass® Client Fitbit Base Station (Driver Removal) Fitbit v2.1.0 FlipShare Garmin BaseCamp Garmin Communicator Plugin Garmin Trip and Waypoint Manager v5 Google Earth Google Toolbar for Internet Explorer Google Update Helper InstaCodecs Intel AppUp(SM) center Intel® Control Center Intel® Rapid Storage Technology Java Auto Updater Java 6 Update 31 JMicron JMB36X Driver K-Lite Codec Pack 6.4.0 (Full) Korean Fonts Support For Adobe Reader 9 Logitech Vid Logitech Webcam Software LWS Facebook LWS Gallery LWS Help_main LWS Launcher LWS Motion Detection LWS Pictures And Video LWS Video Mask Maker LWS Webcam Software LWS WLM Plugin LWS YouTube Plugin Malwarebytes Anti-Malware version 1.62.0.1300 MediaMan MediaMonkey 3.2 Microsoft .NET Framework 1.1 Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Groove MUI (English) 2010 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Word MUI (English) 2010 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Mozilla Firefox 14.0.1 (x86 en-US) Mozilla Maintenance Service MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP3 Parser (KB2721691) MSXML 4.0 SP3 Parser (KB973685) My Little Artist Picasa 3 PunkBuster Services Quake Live Internet Explorer Plugin QuickTime RealNetworks - Microsoft Visual C++ 2008 Runtime RealPlayer Realtek Ethernet Controller Driver For Windows 7 Realtek High Definition Audio Driver RealUpgrade 1.1 Roxio Activation Module Roxio BackOnTrack Roxio Central Audio Roxio Central Copy Roxio Central Core Roxio Central Data Roxio Central Tools Roxio Creator XE Roxio Express Labeler 3 Roxio Update Manager SAMSUNG PC Share Manager Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2553431) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition Security Update for Microsoft SharePoint Workspace 2010 (KB2566445) Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition Skype Toolbars Skype™ 4.2 Steam swMSM Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553092) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition WinRAR 4.00 (32-bit) . ==== Event Viewer Messages From Past Week ======== . 7/21/2012 9:29:38 AM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891 7/21/2012 9:29:38 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891 7/21/2012 8:05:35 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed. 7/21/2012 8:05:35 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed. 7/21/2012 8:05:32 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service. 7/14/2012 9:40:46 PM, Error: Schannel [36887] - The following fatal alert was received: 40. 7/14/2012 10:18:32 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk6\DR6. . ==== End Of File ===========================</no> Here is the MBAM log: Malwarebytes Anti-Malware (PRO) 1.62.0.1300 www.malwarebytes.org Database version: v2012.07.21.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Schwebach :: SCHWEBACH-PC [administrator] Protection: Enabled 7/21/2012 10:18:54 AM mbam-log-2012-07-21 (10-21-53).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 195861 Time elapsed: 2 minute(s), 12 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Windows\Installer\{f53a5367-4fca-325a-714d-1f5d6955c7e1}\U\00000008.@ (Trojan.Dropper.BCMiner) -> No action taken. (end)
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.