Jump to content

Scavengre

Members
  • Posts

    14
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Problem Resolved Please Close thread MrCharlie You are the MAN!
  2. Excelent assistance, quick responce with easy to follow instructions. Very helpful indeed

  3. ah ok, Well again Thank You very much for the assistance.
  4. Nevermind, I just realized that I have them on a thumb drive so I can just archive them there
  5. Thanks, would it be wise of me to pack them up into a Zip to keep for future reference?
  6. Ran FutureMark (Benchmark Software to task my PC) and rebooted to verify startup.
  7. seems to be running fine. Heavy resource programs are initializing quickly and functioning well. No adverse effects noticable
  8. Malwarebytes Anti-Malware (Trial) 1.62.0.1300 www.malwarebytes.org Database version: v2012.08.10.01 Windows Vista Service Pack 2 x64 NTFS Internet Explorer 8.0.6001.19190 Blue :: BLUE-PC [administrator] Protection: Disabled 8/10/2012 8:14:32 AM mbam-log-2012-08-10 (08-14-32).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 248071 Time elapsed: 5 minute(s), 57 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Looks clean
  9. BTW MrCharlie, Thank you for your help with this, its been most appreciated -Steve
  10. *ComboFix Log* ComboFix 12-08-09.01 - Blue 08/09/2012 19:47:58.1.4 - x64 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6142.3420 [GMT -7:00] Running from: c:\users\Blue\Desktop\ComboFix.exe AV: STOPzilla! *Disabled/Outdated* {17032AB1-6644-0721-EEB5-A39B8B646009} SP: STOPzilla! *Disabled/Outdated* {AC62CB55-407E-08AF-D405-98E9F0E32AB4} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\D74DBDC444.sys c:\users\Blue\AppData\Local\assembly\tmp c:\users\Blue\AppData\Roaming\Microsoft\Windows\Recent\Aquaria.url c:\users\Blue\AppData\Roaming\Microsoft\Windows\Recent\Dungeons of Dredmor.url c:\windows\SysWow64\SETEF10.tmp . . ((((((((((((((((((((((((( Files Created from 2012-07-10 to 2012-08-10 ))))))))))))))))))))))))))))))) . . 2012-08-10 03:09 . 2012-08-10 03:15 -------- d-----w- c:\users\Blue\AppData\Local\Temp 2012-08-10 03:06 . 2012-08-10 03:06 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2012-08-10 00:39 . 2012-07-03 20:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-08-10 00:28 . 2012-08-10 02:40 -------- d-----w- C:\TDSSKiller_Quarantine 2012-08-10 00:10 . 2012-01-12 16:28 74872 ----a-r- c:\windows\system32\drivers\sbapifs.sys 2012-08-09 23:56 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CF6C1A3A-80ED-4ADB-8A92-AC9BBFB3ECEA}\mpengine.dll 2012-08-09 21:40 . 2012-08-09 21:40 -------- d-----w- c:\users\Blue\AppData\Roaming\Malwarebytes 2012-08-09 21:40 . 2012-08-09 21:40 -------- d-----w- c:\programdata\Malwarebytes 2012-08-09 21:40 . 2012-08-10 00:39 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-08-09 06:32 . 2012-08-09 06:32 -------- d-----w- c:\programdata\ALM 2012-08-08 23:50 . 2012-08-08 23:50 -------- d-----w- C:\temp 2012-08-08 23:48 . 2012-08-08 23:48 -------- d-----w- c:\users\Blue\AppData\Local\Trend Micro 2012-08-08 23:44 . 2012-08-08 23:57 -------- d-----w- c:\programdata\Trend Micro 2012-08-08 23:43 . 2012-08-08 23:43 -------- d-----w- c:\program files\Trend Micro 2012-08-08 23:10 . 2012-08-09 07:46 -------- d-----w- c:\program files (x86)\Trend Micro 2012-08-08 18:27 . 2012-08-08 18:54 -------- d-----w- C:\AdobeTemp 2012-08-07 15:29 . 2012-08-07 15:29 23416 ----a-r- c:\windows\SysWow64\SZIO5.dll 2012-08-07 15:29 . 2012-08-07 15:29 546680 ----a-r- c:\windows\SysWow64\SZComp5.dll 2012-08-07 15:28 . 2012-08-07 15:28 497528 ----a-r- c:\windows\SysWow64\SZBase5.dll 2012-07-17 15:36 . 2012-07-17 15:36 29048 ----a-r- c:\windows\SysWow64\IS3XDat5.dll 2012-07-17 15:36 . 2012-07-17 15:36 231288 ----a-r- c:\windows\SysWow64\IS3Win325.dll 2012-07-17 15:36 . 2012-07-17 15:36 391032 ----a-r- c:\windows\SysWow64\IS3UI5.dll 2012-07-17 15:36 . 2012-07-17 15:36 100216 ----a-r- c:\windows\SysWow64\IS3Svc5.dll 2012-07-17 15:36 . 2012-07-17 15:36 132984 ----a-r- c:\windows\SysWow64\IS3HTUI5.dll 2012-07-17 15:36 . 2012-07-17 15:36 104312 ----a-r- c:\windows\SysWow64\IS3Inet5.dll 2012-07-17 15:36 . 2012-07-17 15:36 67448 ----a-r- c:\windows\SysWow64\IS3Hks5.dll 2012-07-17 15:36 . 2012-07-17 15:36 456568 ----a-r- c:\windows\SysWow64\IS3DBA5.dll 2012-07-17 15:36 . 2012-07-17 15:36 812920 ----a-r- c:\windows\SysWow64\IS3Base5.dll 2012-07-14 21:51 . 2012-07-14 21:53 -------- d-----w- c:\users\Blue\AppData\Roaming\TechWizard 2012-07-14 21:49 . 2012-07-14 21:49 260 ----a-w- c:\windows\SysWow64\cmdVBS.vbs 2012-07-14 21:49 . 2012-07-14 21:49 256 ----a-w- c:\windows\SysWow64\MSIevent.bat . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-10 00:39 . 2012-04-05 17:48 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-08-10 00:39 . 2011-05-22 17:27 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-14 19:58 . 2012-06-12 23:50 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys 2012-06-30 19:57 . 2008-08-14 14:57 86584 ----a-w- c:\windows\SysWow64\drivers\adfs.sys 2012-06-30 19:57 . 2008-06-27 14:51 86584 ----a-w- c:\windows\system32\drivers\adfs.sys 2012-06-28 01:07 . 2012-06-28 01:07 677136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll 2012-06-12 23:50 . 2012-06-12 23:50 53248 ----a-r- c:\users\Blue\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe 2012-05-31 19:25 . 2009-10-22 20:15 279656 ------w- c:\windows\system32\MpSigStub.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Blue\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Blue\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Blue\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 94208 ----a-w- c:\users\Blue\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Steam"="c:\program files (x86)\Steam\steam.exe" [2012-08-09 1353080] "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-05-03 17355912] "Starfield Updater"="c:\program files (x86)\Workspace\workspaceupdate.exe" [2012-06-29 34496] "AdobeBridge"="d:\adobe\Adobe Bridge CS4\Bridge.exe" [2008-08-29 13145448] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2008-12-30 17713152] "TurboV"="c:\program files\ASUS\TurboV\TurboV.exe" [2009-01-03 5381632] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208] "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2012-06-30 611712] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920] . c:\users\Blue\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Trillian.lnk - c:\program files (x86)\Trillian\trillian.exe [2012-7-27 2088400] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux1"=wdmaud.drv . R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2012-06-30 288112] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-10 250056] S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;d:\program files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 169312] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs Themes . Contents of the 'Scheduled Tasks' folder . 2012-08-10 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 00:39] . 2012-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-21 21:48] . 2012-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-21 21:48] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\Blue\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\Blue\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\Blue\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2011-02-18 05:12 97792 ----a-w- c:\users\Blue\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\off0] @="{8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5}" [HKEY_CLASSES_ROOT\CLSID\{8E33AEC3-C5F2-43C4-B048-9E3EB19B1DD5}] 2012-06-29 16:02 1308432 ----a-w- c:\program files (x86)\Workspace\offsyncext64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\off1] @="{8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5}" [HKEY_CLASSES_ROOT\CLSID\{8E33AEC4-C5F2-43C4-B048-9E3EB19B1DD5}] 2012-06-29 16:02 1308432 ----a-w- c:\program files (x86)\Workspace\offsyncext64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MacroKeyManager"="WTMKM.exe" [2009-11-04 6103784] "EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler] "{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2010-06-22 253288] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x1 "AppInit_DLLs"=c:\windows\System32\acaptuser64.dll . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs oracleorahome90agent . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=fiber&cd=7.0unattached&bm=ho_central mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html TCP: DhcpNameServer = 192.168.1.1 CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll FF - ProfilePath - c:\users\Blue\AppData\Roaming\Mozilla\Firefox\Profiles\4wm73yo9.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - uTorrentControl2 Customized Web Search FF - user.js: yahoo.homepage.dontask - true FF - user.js: browser.sessionstore.resume_from_crash - false FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(yahoo.ytff.general.dontshowhpoffer, true . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file) URLSearchHooks-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file) URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file) URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file) WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file) HKLM-Run-(Default) - (no file) AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files (x86)\DivX\DivXCodecUninstall.exe AddRemove-{8ADFC4160D694100B5B8A22DE9DCABD9} - c:\program files (x86)\DivX\DivXPlayerUninstall.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-2352975200-1827147773-36085273-1000\Software\SecuROM\License information*] "datasecu"=hex:de,e5,1a,e2,41,8f,71,f9,cb,81,3b,8f,81,91,18,bb,ec,06,84,60,89, fc,e4,45,60,98,df,81,4f,35,44,32,b4,90,cd,42,0b,0a,93,99,c4,af,03,07,eb,cf,\ "rkeysecu"=hex:ea,1b,ce,8d,bb,25,7d,63,d6,3d,38,67,66,f2,25,ba . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}] @Denied: (A 2) (Everyone) . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0] @="Shockwave Flash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}] @Denied: (A 2) (Everyone) @="" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0] @="FlashBroker" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes] "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59, 00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\ . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*] "value"="?\04\01\1e\1344?" . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe c:\program files\ASUS\EPU\EPU.exe c:\program files (x86)\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe c:\program files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe c:\program files (x86)\Bonjour\mDNSResponder.exe c:\program files (x86)\Workspace\offSyncService.exe c:\program files (x86)\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe c:\program files (x86)\Dragon Age\tools\toolssql\MSSQL.1\MSSQL\Binn\sqlservr.exe c:\windows\SysWOW64\PnkBstrA.exe c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe . ************************************************************************** . Completion time: 2012-08-09 20:22:07 - machine was rebooted ComboFix-quarantined-files.txt 2012-08-10 03:22 . Pre-Run: 226,197,213,184 bytes free Post-Run: 226,189,844,480 bytes free . - - End Of File - - 721C15E12E8566FF2DC33EAD1EB7FF23
  11. *tdsskiller log* 19:13:05.0673 5960 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32 19:13:06.0095 5960 ============================================================ 19:13:06.0095 5960 Current date / time: 2012/08/09 19:13:06.0095 19:13:06.0095 5960 SystemInfo: 19:13:06.0095 5960 19:13:06.0095 5960 OS Version: 6.0.6002 ServicePack: 2.0 19:13:06.0095 5960 Product type: Workstation 19:13:06.0095 5960 ComputerName: BLUE-PC 19:13:06.0095 5960 UserName: Blue 19:13:06.0095 5960 Windows directory: C:\Windows 19:13:06.0095 5960 System windows directory: C:\Windows 19:13:06.0095 5960 Running under WOW64 19:13:06.0095 5960 Processor architecture: Intel x64 19:13:06.0095 5960 Number of processors: 4 19:13:06.0095 5960 Page size: 0x1000 19:13:06.0095 5960 Boot type: Normal boot 19:13:06.0095 5960 ============================================================ 19:13:07.0171 5960 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 19:13:07.0171 5960 Drive \Device\Harddisk1\DR4 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 19:13:07.0187 5960 ============================================================ 19:13:07.0187 5960 \Device\Harddisk0\DR0: 19:13:07.0187 5960 MBR partitions: 19:13:07.0187 5960 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x37676000 19:13:07.0187 5960 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x37676800, BlocksNum 0x3D08F800 19:13:07.0187 5960 \Device\Harddisk1\DR4: 19:13:07.0187 5960 MBR partitions: 19:13:07.0187 5960 \Device\Harddisk1\DR4\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x7E1FA80 19:13:07.0187 5960 \Device\Harddisk1\DR4\Partition1: MBR, Type 0x7, StartLBA 0x7E20000, BlocksNum 0xABF87F0 19:13:07.0187 5960 ============================================================ 19:13:07.0218 5960 C: <-> \Device\Harddisk0\DR0\Partition1 19:13:07.0249 5960 D: <-> \Device\Harddisk0\DR0\Partition0 19:13:07.0265 5960 G: <-> \Device\Harddisk1\DR4\Partition0 19:13:07.0296 5960 H: <-> \Device\Harddisk1\DR4\Partition1 19:13:07.0296 5960 ============================================================ 19:13:07.0296 5960 Initialize success 19:13:07.0296 5960 ============================================================ 19:13:13.0645 5288 ============================================================ 19:13:13.0645 5288 Scan started 19:13:13.0645 5288 Mode: Manual; SigCheck; TDLFS; 19:13:13.0645 5288 ============================================================ 19:13:14.0191 5288 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys 19:13:14.0269 5288 ACPI - ok 19:13:14.0300 5288 adfs (d44bcaf639e4e45307c2bc80715273d5) C:\Windows\system32\drivers\adfs.sys 19:13:14.0363 5288 adfs - ok 19:13:14.0487 5288 Adobe Version Cue CS4 (9444a3530c2e88b7ed96a566ff9ccc13) C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe 19:13:14.0503 5288 Adobe Version Cue CS4 - ok 19:13:14.0550 5288 AdobeActiveFileMonitor7.0 (3fd8dc2c9735c2aa70155102cfb93eda) D:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe 19:13:14.0565 5288 AdobeActiveFileMonitor7.0 - ok 19:13:14.0597 5288 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 19:13:14.0597 5288 AdobeARMservice - ok 19:13:14.0706 5288 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 19:13:14.0721 5288 AdobeFlashPlayerUpdateSvc - ok 19:13:14.0784 5288 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys 19:13:14.0799 5288 adp94xx - ok 19:13:14.0815 5288 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys 19:13:14.0831 5288 adpahci - ok 19:13:14.0846 5288 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys 19:13:14.0846 5288 adpu160m - ok 19:13:14.0877 5288 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys 19:13:14.0893 5288 adpu320 - ok 19:13:14.0924 5288 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll 19:13:14.0955 5288 AeLookupSvc - ok 19:13:15.0018 5288 AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys 19:13:15.0065 5288 AFD - ok 19:13:15.0111 5288 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys 19:13:15.0111 5288 agp440 - ok 19:13:15.0127 5288 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys 19:13:15.0127 5288 aic78xx - ok 19:13:15.0205 5288 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe 19:13:15.0314 5288 ALG - ok 19:13:15.0345 5288 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys 19:13:15.0345 5288 aliide - ok 19:13:15.0377 5288 Alpham1 (b3e801135e0c81733542c14d9aa8120a) C:\Windows\system32\DRIVERS\Alpham164.sys 19:13:15.0408 5288 Alpham1 - ok 19:13:15.0423 5288 Alpham2 (6493983fedbc49d9112703ece9b251fe) C:\Windows\system32\DRIVERS\Alpham264.sys 19:13:15.0439 5288 Alpham2 - ok 19:13:15.0439 5288 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys 19:13:15.0439 5288 amdide - ok 19:13:15.0455 5288 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys 19:13:15.0470 5288 AmdK8 - ok 19:13:15.0517 5288 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll 19:13:15.0533 5288 Appinfo - ok 19:13:15.0735 5288 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys 19:13:15.0751 5288 arc - ok 19:13:15.0751 5288 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys 19:13:15.0767 5288 arcsas - ok 19:13:15.0813 5288 AsIO (8065a7659562005127673ac52898675f) C:\Windows\syswow64\drivers\AsIO.sys 19:13:15.0829 5288 AsIO - ok 19:13:15.0876 5288 AsSysCtrlService (edabc3fa8f941d2047da630e95e936c7) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe 19:13:15.0907 5288 AsSysCtrlService ( UnsignedFile.Multi.Generic ) - warning 19:13:15.0907 5288 AsSysCtrlService - detected UnsignedFile.Multi.Generic (1) 19:13:15.0923 5288 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys 19:13:15.0954 5288 AsyncMac - ok 19:13:15.0969 5288 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys 19:13:15.0985 5288 atapi - ok 19:13:15.0985 5288 AtiPcie (db0d3de15edc96e7529fc0d3f7760894) C:\Windows\system32\DRIVERS\AtiPcie.sys 19:13:15.0985 5288 AtiPcie - ok 19:13:16.0032 5288 AudioEndpointBuilder (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll 19:13:16.0047 5288 AudioEndpointBuilder - ok 19:13:16.0047 5288 AudioSrv (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll 19:13:16.0079 5288 AudioSrv - ok 19:13:16.0110 5288 Autodesk Licensing Service (17681266e789ba928cbed70dd58ee4b1) C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe 19:13:16.0125 5288 Autodesk Licensing Service ( UnsignedFile.Multi.Generic ) - warning 19:13:16.0125 5288 Autodesk Licensing Service - detected UnsignedFile.Multi.Generic (1) 19:13:16.0188 5288 Automatic LiveUpdate Scheduler (2843669c89a00950195f51dbb5db0b8e) C:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe 19:13:16.0203 5288 Automatic LiveUpdate Scheduler - ok 19:13:16.0235 5288 BFE (ffb96c2589ffa60473ead78b39fbde29) C:\Windows\System32\bfe.dll 19:13:16.0281 5288 BFE - ok 19:13:16.0359 5288 BITS (6d316f4859634071cc25c4fd4589ad2c) C:\Windows\System32\qmgr.dll 19:13:16.0406 5288 BITS - ok 19:13:16.0422 5288 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys 19:13:16.0453 5288 blbdrive - ok 19:13:16.0500 5288 Bonjour Service (3f56903e124e820aeece6d471583c6c1) C:\Program Files (x86)\Bonjour\mDNSResponder.exe 19:13:16.0515 5288 Bonjour Service - ok 19:13:16.0531 5288 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys 19:13:16.0562 5288 bowser - ok 19:13:16.0578 5288 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys 19:13:16.0593 5288 BrFiltLo - ok 19:13:16.0593 5288 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys 19:13:16.0609 5288 BrFiltUp - ok 19:13:16.0656 5288 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll 19:13:16.0703 5288 Browser - ok 19:13:16.0718 5288 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys 19:13:16.0859 5288 Brserid - ok 19:13:16.0890 5288 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys 19:13:16.0937 5288 BrSerWdm - ok 19:13:16.0968 5288 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys 19:13:16.0999 5288 BrUsbMdm - ok 19:13:16.0999 5288 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys 19:13:17.0030 5288 BrUsbSer - ok 19:13:17.0046 5288 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys 19:13:17.0077 5288 BTHMODEM - ok 19:13:17.0093 5288 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys 19:13:17.0108 5288 cdfs - ok 19:13:17.0139 5288 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys 19:13:17.0155 5288 cdrom - ok 19:13:17.0171 5288 CertPropSvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll 19:13:17.0202 5288 CertPropSvc - ok 19:13:17.0202 5288 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys 19:13:17.0249 5288 circlass - ok 19:13:17.0280 5288 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys 19:13:17.0295 5288 CLFS - ok 19:13:17.0373 5288 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 19:13:17.0373 5288 clr_optimization_v2.0.50727_32 - ok 19:13:17.0420 5288 clr_optimization_v2.0.50727_64 (ce07a466201096f021cd09d631b21540) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 19:13:17.0420 5288 clr_optimization_v2.0.50727_64 - ok 19:13:17.0498 5288 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 19:13:17.0498 5288 clr_optimization_v4.0.30319_32 - ok 19:13:17.0545 5288 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 19:13:17.0561 5288 clr_optimization_v4.0.30319_64 - ok 19:13:17.0576 5288 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys 19:13:17.0576 5288 cmdide - ok 19:13:17.0576 5288 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys 19:13:17.0592 5288 Compbatt - ok 19:13:17.0592 5288 COMSysApp - ok 19:13:17.0873 5288 cpuz130 - ok 19:13:17.0888 5288 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys 19:13:17.0888 5288 crcdisk - ok 19:13:17.0935 5288 CryptSvc (18918613e63f387cde4d95ca7d49dcf7) C:\Windows\system32\cryptsvc.dll 19:13:17.0951 5288 CryptSvc - ok 19:13:17.0997 5288 DAUpdaterSvc (914a7156b0c0f10be645a02e13f576b2) C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe 19:13:18.0013 5288 DAUpdaterSvc - ok 19:13:18.0060 5288 DcomLaunch (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll 19:13:18.0107 5288 DcomLaunch - ok 19:13:18.0185 5288 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys 19:13:18.0200 5288 DfsC - ok 19:13:18.0372 5288 DFSR (c647f468f7de343df8c143655c5557d4) C:\Windows\system32\DFSR.exe 19:13:18.0512 5288 DFSR - ok 19:13:18.0621 5288 Dhcp (3ed0321127ce70acdaabbf77e157c2a7) C:\Windows\System32\dhcpcsvc.dll 19:13:18.0637 5288 Dhcp - ok 19:13:18.0668 5288 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys 19:13:18.0684 5288 disk - ok 19:13:18.0699 5288 Dnscache (06230f1b721494a6df8d47fd395bb1b0) C:\Windows\System32\dnsrslvr.dll 19:13:18.0715 5288 Dnscache - ok 19:13:18.0746 5288 dot3svc (1a7156dd1e850e9914e5e991e3225b94) C:\Windows\System32\dot3svc.dll 19:13:18.0762 5288 dot3svc - ok 19:13:18.0793 5288 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll 19:13:18.0809 5288 DPS - ok 19:13:18.0840 5288 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys 19:13:18.0855 5288 drmkaud - ok 19:13:18.0933 5288 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys 19:13:18.0949 5288 DXGKrnl - ok 19:13:18.0996 5288 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys 19:13:19.0027 5288 E1G60 - ok 19:13:19.0058 5288 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll 19:13:19.0074 5288 EapHost - ok 19:13:19.0089 5288 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys 19:13:19.0105 5288 Ecache - ok 19:13:19.0183 5288 ehRecvr (14ce384d2e27b64c256bda4dc39c312d) C:\Windows\ehome\ehRecvr.exe 19:13:19.0214 5288 ehRecvr - ok 19:13:19.0214 5288 ehSched (b93159c1313d66fdfbbe876f5189cd52) C:\Windows\ehome\ehsched.exe 19:13:19.0230 5288 ehSched - ok 19:13:19.0245 5288 ehstart (f5ee2527d74449868e3c3227a59bcd28) C:\Windows\ehome\ehstart.dll 19:13:19.0261 5288 ehstart - ok 19:13:19.0308 5288 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys 19:13:19.0308 5288 elxstor - ok 19:13:19.0355 5288 EMDMgmt (a9b18b63a4fd6baab83326706d857fab) C:\Windows\system32\emdmgmt.dll 19:13:19.0386 5288 EMDMgmt - ok 19:13:19.0401 5288 ENTECH64 (12c061d9f9621be916d58191872ec281) C:\Windows\system32\DRIVERS\ENTECH64.sys 19:13:19.0401 5288 ENTECH64 - ok 19:13:19.0417 5288 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys 19:13:19.0433 5288 ErrDev - ok 19:13:19.0526 5288 EventSystem (e12f22b73f153dece721cd45ec05b4af) C:\Windows\system32\es.dll 19:13:19.0557 5288 EventSystem - ok 19:13:19.0604 5288 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys 19:13:19.0620 5288 exfat - ok 19:13:19.0651 5288 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys 19:13:19.0682 5288 fastfat - ok 19:13:19.0682 5288 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys 19:13:19.0713 5288 fdc - ok 19:13:19.0713 5288 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll 19:13:19.0729 5288 fdPHost - ok 19:13:19.0745 5288 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll 19:13:19.0791 5288 FDResPub - ok 19:13:19.0947 5288 File Backup (d9d2bfc887ac241e1a4bf019c325552c) C:\Program Files (x86)\Workspace\offSyncService.exe 19:13:19.0979 5288 File Backup - ok 19:13:19.0979 5288 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys 19:13:19.0994 5288 FileInfo - ok 19:13:20.0025 5288 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys 19:13:20.0057 5288 Filetrace - ok 19:13:20.0135 5288 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe 19:13:20.0166 5288 FLEXnet Licensing Service - ok 19:13:20.0353 5288 FLEXnet Licensing Service 64 (1c3fb052a0bb72edaed90785c34d6eed) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe 19:13:20.0384 5288 FLEXnet Licensing Service 64 - ok 19:13:20.0462 5288 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys 19:13:20.0493 5288 flpydisk - ok 19:13:20.0525 5288 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys 19:13:20.0525 5288 FltMgr - ok 19:13:20.0821 5288 FMS (8795fd92b624648dabe7b75129ef8002) C:\Program Files (x86)\Adobe\Flash Media Server 3.5\FMSMaster.exe 19:13:20.0961 5288 FMS ( UnsignedFile.Multi.Generic ) - warning 19:13:20.0961 5288 FMS - detected UnsignedFile.Multi.Generic (1) 19:13:21.0149 5288 FMSAdmin (2db70167c13f2339a63e694291fd1bfd) C:\Program Files (x86)\Adobe\Flash Media Server 3.5\FMSAdmin.exe 19:13:21.0211 5288 FMSAdmin ( UnsignedFile.Multi.Generic ) - warning 19:13:21.0211 5288 FMSAdmin - detected UnsignedFile.Multi.Generic (1) 19:13:21.0507 5288 FMSHttpd (8881574868e648689b7aa88a88716e17) C:\Program Files (x86)\Adobe\Flash Media Server 3.5\Apache2.2\bin\httpd.exe 19:13:21.0523 5288 FMSHttpd ( UnsignedFile.Multi.Generic ) - warning 19:13:21.0523 5288 FMSHttpd - detected UnsignedFile.Multi.Generic (1) 19:13:21.0617 5288 FontCache (be1c5bd1ca7ed015bc6fa1ae67e592c8) C:\Windows\system32\FntCache.dll 19:13:21.0648 5288 FontCache - ok 19:13:21.0741 5288 FontCache3.0.0.0 (bc5b0be5af3510b0fd8c140ee42c6d3e) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 19:13:21.0741 5288 FontCache3.0.0.0 - ok 19:13:21.0788 5288 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys 19:13:21.0819 5288 Fs_Rec - ok 19:13:21.0851 5288 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys 19:13:21.0866 5288 gagp30kx - ok 19:13:21.0913 5288 gpsvc (a0e1b575ba8f504968cd40c0faeb2384) C:\Windows\System32\gpsvc.dll 19:13:21.0944 5288 gpsvc - ok 19:13:21.0991 5288 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 19:13:22.0007 5288 gupdate - ok 19:13:22.0007 5288 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 19:13:22.0007 5288 gupdatem - ok 19:13:22.0053 5288 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys 19:13:22.0085 5288 HdAudAddService - ok 19:13:22.0365 5288 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys 19:13:22.0397 5288 HDAudBus - ok 19:13:22.0475 5288 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys 19:13:22.0521 5288 HidBth - ok 19:13:22.0537 5288 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys 19:13:22.0568 5288 HidIr - ok 19:13:22.0631 5288 hidserv (59361d38a297755d46a540e450202b2a) C:\Windows\system32\hidserv.dll 19:13:22.0646 5288 hidserv - ok 19:13:22.0662 5288 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys 19:13:22.0677 5288 HidUsb - ok 19:13:22.0724 5288 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll 19:13:22.0755 5288 hkmsvc - ok 19:13:22.0787 5288 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys 19:13:22.0787 5288 HpCISSs - ok 19:13:22.0849 5288 hpqcxs08 (ce0fcec4d4d860f36d972759b11eaf0f) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll 19:13:22.0865 5288 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning 19:13:22.0865 5288 hpqcxs08 - detected UnsignedFile.Multi.Generic (1) 19:13:22.0896 5288 hpqddsvc (7da3211ac63edd90b8eca1ca1abfd43b) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll 19:13:22.0896 5288 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning 19:13:22.0896 5288 hpqddsvc - detected UnsignedFile.Multi.Generic (1) 19:13:22.0943 5288 HPSLPSVC (298a6890a7ac415dabb35047d168f13b) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL 19:13:22.0958 5288 HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning 19:13:22.0958 5288 HPSLPSVC - detected UnsignedFile.Multi.Generic (1) 19:13:23.0067 5288 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys 19:13:23.0099 5288 HTTP - ok 19:13:23.0099 5288 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys 19:13:23.0114 5288 i2omp - ok 19:13:23.0130 5288 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys 19:13:23.0145 5288 i8042prt - ok 19:13:23.0255 5288 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys 19:13:23.0270 5288 iaStorV - ok 19:13:23.0348 5288 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe 19:13:23.0364 5288 IDriverT ( UnsignedFile.Multi.Generic ) - warning 19:13:23.0364 5288 IDriverT - detected UnsignedFile.Multi.Generic (1) 19:13:23.0473 5288 idsvc (749f5f8cedca70f2a512945325fc489d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 19:13:23.0489 5288 idsvc - ok 19:13:23.0582 5288 IHA_MessageCenter (5cab9d1ab5c9384d28dff89dbe7a72bb) C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe 19:13:23.0613 5288 IHA_MessageCenter ( UnsignedFile.Multi.Generic ) - warning 19:13:23.0613 5288 IHA_MessageCenter - detected UnsignedFile.Multi.Generic (1) 19:13:23.0660 5288 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys 19:13:23.0660 5288 iirsp - ok 19:13:23.0707 5288 IKEEXT (0c9ea6e654e7b0471741e343a6c671af) C:\Windows\System32\ikeext.dll 19:13:23.0723 5288 IKEEXT - ok 19:13:23.0738 5288 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys 19:13:23.0738 5288 intelide - ok 19:13:23.0754 5288 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys 19:13:23.0769 5288 intelppm - ok 19:13:23.0816 5288 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll 19:13:23.0832 5288 IPBusEnum - ok 19:13:23.0879 5288 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys 19:13:23.0894 5288 IpFilterDriver - ok 19:13:23.0957 5288 iphlpsvc (bf0dbfa9792c5c14fa00f61c75116c1b) C:\Windows\System32\iphlpsvc.dll 19:13:23.0972 5288 iphlpsvc - ok 19:13:23.0972 5288 IpInIp - ok 19:13:24.0050 5288 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys 19:13:24.0066 5288 IPMIDRV - ok 19:13:24.0081 5288 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys 19:13:24.0128 5288 IPNAT - ok 19:13:24.0128 5288 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys 19:13:24.0144 5288 IRENUM - ok 19:13:24.0300 5288 is3srv (8598e4a12eaa945b35365dd2750b9777) C:\Windows\syswow64\drivers\is3srv64.sys 19:13:24.0300 5288 is3srv - ok 19:13:24.0300 5288 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys 19:13:24.0315 5288 isapnp - ok 19:13:24.0347 5288 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys 19:13:24.0362 5288 iScsiPrt - ok 19:13:24.0378 5288 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys 19:13:24.0378 5288 iteatapi - ok 19:13:24.0393 5288 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys 19:13:24.0393 5288 iteraid - ok 19:13:24.0409 5288 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys 19:13:24.0409 5288 kbdclass - ok 19:13:24.0425 5288 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys 19:13:24.0440 5288 kbdhid - ok 19:13:24.0487 5288 KeyIso (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe 19:13:24.0518 5288 KeyIso - ok 19:13:24.0565 5288 KSecDD (2758d174604f597bbc8a217ff667913d) C:\Windows\system32\Drivers\ksecdd.sys 19:13:24.0581 5288 KSecDD - ok 19:13:24.0643 5288 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys 19:13:24.0659 5288 ksthunk - ok 19:13:24.0690 5288 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll 19:13:24.0721 5288 KtmRm - ok 19:13:24.0768 5288 L1E (3e3d1d8dcb2ca53463d34252e99465d3) C:\Windows\system32\DRIVERS\L1E60x64.sys 19:13:24.0783 5288 L1E - ok 19:13:24.0830 5288 LanmanServer (50c7a3cb427e9bb5ed0708a669956ab5) C:\Windows\system32\srvsvc.dll 19:13:24.0846 5288 LanmanServer - ok 19:13:24.0877 5288 LanmanWorkstation (caf86fc1388be1e470f1a7b43e348adb) C:\Windows\System32\wkssvc.dll 19:13:24.0908 5288 LanmanWorkstation - ok 19:13:25.0080 5288 LBTServ (7772dfab22611050b79504e671b06e6e) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe 19:13:25.0095 5288 LBTServ - ok 19:13:25.0127 5288 LHidFilt (241f2648adf090e2a10095bd6d6f5dcb) C:\Windows\system32\DRIVERS\LHidFilt.Sys 19:13:25.0127 5288 LHidFilt - ok 19:13:25.0345 5288 LiveUpdate (36375738dc0b3cd1f764268008e74fdf) C:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_4.EXE 19:13:25.0423 5288 LiveUpdate - ok 19:13:25.0548 5288 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys 19:13:25.0579 5288 lltdio - ok 19:13:25.0610 5288 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll 19:13:25.0626 5288 lltdsvc - ok 19:13:25.0641 5288 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll 19:13:25.0688 5288 lmhosts - ok 19:13:25.0704 5288 LMouFilt (342ed5a4b3326014438f36d22d803737) C:\Windows\system32\DRIVERS\LMouFilt.Sys 19:13:25.0704 5288 LMouFilt - ok 19:13:25.0751 5288 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys 19:13:25.0766 5288 LSI_FC - ok 19:13:25.0782 5288 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys 19:13:25.0782 5288 LSI_SAS - ok 19:13:25.0797 5288 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys 19:13:25.0797 5288 LSI_SCSI - ok 19:13:25.0813 5288 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys 19:13:25.0829 5288 luafv - ok 19:13:25.0875 5288 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys 19:13:25.0891 5288 MBAMProtector - ok 19:13:25.0985 5288 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 19:13:26.0000 5288 MBAMService - ok 19:13:26.0031 5288 Mcx2Svc (76a58df02bd4ea29f189b82d0bef17f8) C:\Windows\system32\Mcx2Svc.dll 19:13:26.0047 5288 Mcx2Svc - ok 19:13:26.0063 5288 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys 19:13:26.0063 5288 megasas - ok 19:13:26.0078 5288 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys 19:13:26.0094 5288 MegaSR - ok 19:13:26.0172 5288 mi-raysat_3dsmax9_32 (aa0c4a2c33ce075df2c272d678734991) C:\Program Files (x86)\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe 19:13:26.0172 5288 mi-raysat_3dsmax9_32 ( UnsignedFile.Multi.Generic ) - warning 19:13:26.0172 5288 mi-raysat_3dsmax9_32 - detected UnsignedFile.Multi.Generic (1) 19:13:26.0187 5288 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll 19:13:26.0203 5288 MMCSS - ok 19:13:26.0219 5288 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys 19:13:26.0265 5288 Modem - ok 19:13:26.0312 5288 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys 19:13:26.0328 5288 monitor - ok 19:13:26.0359 5288 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys 19:13:26.0359 5288 mouclass - ok 19:13:26.0390 5288 moufiltr (21b7acea1bb49c3371dd5427bf309d6a) C:\Windows\system32\DRIVERS\moufiltr.sys 19:13:26.0406 5288 moufiltr - ok 19:13:26.0421 5288 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys 19:13:26.0453 5288 mouhid - ok 19:13:26.0453 5288 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys 19:13:26.0468 5288 MountMgr - ok 19:13:26.0499 5288 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 19:13:26.0515 5288 MozillaMaintenance - ok 19:13:26.0531 5288 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys 19:13:26.0546 5288 mpio - ok 19:13:26.0562 5288 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys 19:13:26.0577 5288 mpsdrv - ok 19:13:26.0609 5288 MpsSvc (897e3baf68ba406a61682ae39c83900c) C:\Windows\system32\mpssvc.dll 19:13:26.0640 5288 MpsSvc - ok 19:13:26.0655 5288 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys 19:13:26.0655 5288 Mraid35x - ok 19:13:26.0702 5288 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys 19:13:26.0718 5288 MRxDAV - ok 19:13:26.0733 5288 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys 19:13:26.0765 5288 mrxsmb - ok 19:13:26.0811 5288 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys 19:13:26.0827 5288 mrxsmb10 - ok 19:13:26.0827 5288 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys 19:13:26.0843 5288 mrxsmb20 - ok 19:13:26.0843 5288 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys 19:13:26.0858 5288 msahci - ok 19:13:26.0874 5288 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys 19:13:26.0874 5288 msdsm - ok 19:13:26.0905 5288 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe 19:13:26.0921 5288 MSDTC - ok 19:13:26.0952 5288 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys 19:13:26.0967 5288 Msfs - ok 19:13:26.0983 5288 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys 19:13:26.0983 5288 msisadrv - ok 19:13:27.0030 5288 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll 19:13:27.0061 5288 MSiSCSI - ok 19:13:27.0061 5288 msiserver - ok 19:13:27.0077 5288 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys 19:13:27.0092 5288 MSKSSRV - ok 19:13:27.0108 5288 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys 19:13:27.0123 5288 MSPCLOCK - ok 19:13:27.0139 5288 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys 19:13:27.0155 5288 MSPQM - ok 19:13:27.0186 5288 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys 19:13:27.0201 5288 MsRPC - ok 19:13:27.0217 5288 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys 19:13:27.0217 5288 mssmbios - ok 19:13:27.0264 5288 MSSQL$BWDATOOLSET - ok 19:13:27.0279 5288 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe 19:13:27.0295 5288 MSSQLServerADHelper - ok 19:13:27.0295 5288 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys 19:13:27.0311 5288 MSTEE - ok 19:13:27.0373 5288 MTsensor (6936198f2cc25b39cf5262436c80df46) C:\Windows\system32\DRIVERS\ASACPI.sys 19:13:27.0389 5288 MTsensor - ok 19:13:27.0529 5288 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys 19:13:27.0529 5288 Mup - ok 19:13:27.0607 5288 napagent (a5b10c845e7538c60c0f5d87a57cb3f5) C:\Windows\system32\qagentRT.dll 19:13:27.0623 5288 napagent - ok 19:13:27.0654 5288 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys 19:13:27.0669 5288 NativeWifiP - ok 19:13:27.0701 5288 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys 19:13:27.0716 5288 NDIS - ok 19:13:27.0716 5288 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys 19:13:27.0732 5288 NdisTapi - ok 19:13:27.0810 5288 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys 19:13:27.0825 5288 Ndisuio - ok 19:13:27.0872 5288 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys 19:13:27.0888 5288 NdisWan - ok 19:13:27.0903 5288 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys 19:13:27.0919 5288 NDProxy - ok 19:13:27.0950 5288 Net Driver HPZ12 (bd94210175c488f18add3e189ee9304c) C:\Windows\system32\HPZinw12.dll 19:13:27.0950 5288 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning 19:13:27.0950 5288 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1) 19:13:27.0966 5288 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys 19:13:27.0981 5288 NetBIOS - ok 19:13:28.0013 5288 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys 19:13:28.0028 5288 netbt - ok 19:13:28.0044 5288 Netlogon (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe 19:13:28.0059 5288 Netlogon - ok 19:13:28.0091 5288 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll 19:13:28.0122 5288 Netman - ok 19:13:28.0169 5288 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll 19:13:28.0200 5288 netprofm - ok 19:13:28.0247 5288 NetTcpPortSharing (74751dda198165947fd7454d83f49825) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 19:13:28.0262 5288 NetTcpPortSharing - ok 19:13:28.0262 5288 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys 19:13:28.0262 5288 nfrd960 - ok 19:13:28.0309 5288 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll 19:13:28.0340 5288 NlaSvc - ok 19:13:28.0356 5288 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys 19:13:28.0371 5288 Npfs - ok 19:13:28.0403 5288 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll 19:13:28.0418 5288 nsi - ok 19:13:28.0434 5288 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys 19:13:28.0465 5288 nsiproxy - ok 19:13:28.0543 5288 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys 19:13:28.0559 5288 Ntfs - ok 19:13:28.0699 5288 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys 19:13:28.0715 5288 Null - ok 19:13:29.0339 5288 nvlddmkm (0eb204639119370f5f8f2871fbf4e14b) C:\Windows\system32\DRIVERS\nvlddmkm.sys 19:13:29.0822 5288 nvlddmkm - ok 19:13:29.0947 5288 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys 19:13:29.0947 5288 nvraid - ok 19:13:29.0963 5288 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys 19:13:29.0963 5288 nvstor - ok 19:13:30.0025 5288 nvsvc (32ff8ee6dcee5c0cb91ff892fb1ca364) C:\Windows\system32\nvvsvc.exe 19:13:30.0041 5288 nvsvc - ok 19:13:30.0181 5288 nvUpdatusService (bd012dc22c78be1071bc21eb125d782f) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe 19:13:30.0228 5288 nvUpdatusService - ok 19:13:30.0259 5288 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys 19:13:30.0275 5288 nv_agp - ok 19:13:30.0275 5288 NwlnkFlt - ok 19:13:30.0275 5288 NwlnkFwd - ok 19:13:30.0384 5288 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys 19:13:30.0415 5288 ohci1394 - ok 19:13:30.0477 5288 p2pimsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll 19:13:30.0509 5288 p2pimsvc - ok 19:13:30.0524 5288 p2psvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll 19:13:30.0540 5288 p2psvc - ok 19:13:30.0571 5288 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys 19:13:30.0602 5288 Parport - ok 19:13:30.0680 5288 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys 19:13:30.0680 5288 partmgr - ok 19:13:30.0758 5288 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll 19:13:30.0774 5288 PcaSvc - ok 19:13:30.0789 5288 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys 19:13:30.0805 5288 pci - ok 19:13:30.0836 5288 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys 19:13:30.0836 5288 pciide - ok 19:13:30.0852 5288 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys 19:13:30.0852 5288 pcmcia - ok 19:13:30.0883 5288 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys 19:13:30.0930 5288 PEAUTH - ok 19:13:31.0008 5288 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe 19:13:31.0023 5288 PerfHost - ok 19:13:31.0164 5288 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll 19:13:31.0195 5288 pla - ok 19:13:31.0242 5288 PlugPlay (fe6b0f59215c9fd9f9d26539c58c8b82) C:\Windows\system32\umpnpmgr.dll 19:13:31.0257 5288 PlugPlay - ok 19:13:31.0304 5288 Pml Driver HPZ12 (7fe2afb17d91cf39843d6766ea31cfc7) C:\Windows\system32\HPZipm12.dll 19:13:31.0304 5288 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning 19:13:31.0304 5288 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1) 19:13:31.0304 5288 PnkBstrA - ok 19:13:31.0367 5288 PNRPAutoReg (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll 19:13:31.0382 5288 PNRPAutoReg - ok 19:13:31.0398 5288 PNRPsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll 19:13:31.0413 5288 PNRPsvc - ok 19:13:31.0491 5288 PolicyAgent (89a5560671c2d8b4a4b51f3e1aa069d8) C:\Windows\System32\ipsecsvc.dll 19:13:31.0523 5288 PolicyAgent - ok 19:13:31.0585 5288 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys 19:13:31.0601 5288 PptpMiniport - ok 19:13:31.0663 5288 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\DRIVERS\processr.sys 19:13:31.0694 5288 Processor - ok 19:13:31.0741 5288 ProfSvc (e058ce4fc2449d8bfa14739c83b7ff2a) C:\Windows\system32\profsvc.dll 19:13:31.0757 5288 ProfSvc - ok 19:13:31.0788 5288 ProtectedStorage (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe 19:13:31.0803 5288 ProtectedStorage - ok 19:13:31.0913 5288 PS3 Media Server (eb21a4f28e4135498b3ce981883a0a44) C:\Program Files (x86)\PS3 Media Server\win32\service\wrapper.exe 19:13:31.0944 5288 PS3 Media Server ( UnsignedFile.Multi.Generic ) - warning 19:13:31.0944 5288 PS3 Media Server - detected UnsignedFile.Multi.Generic (1) 19:13:31.0959 5288 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys 19:13:31.0975 5288 PSched - ok 19:13:32.0069 5288 PSI_SVC_2_x64 (788cb65d49d1162c5ee6814afe5b0a70) c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe 19:13:32.0069 5288 PSI_SVC_2_x64 - ok 19:13:32.0100 5288 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys 19:13:32.0100 5288 PxHlpa64 - ok 19:13:32.0162 5288 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys 19:13:32.0193 5288 ql2300 - ok 19:13:32.0225 5288 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys 19:13:32.0240 5288 ql40xx - ok 19:13:32.0271 5288 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll 19:13:32.0287 5288 QWAVE - ok 19:13:32.0287 5288 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys 19:13:32.0303 5288 QWAVEdrv - ok 19:13:32.0334 5288 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys 19:13:32.0365 5288 RasAcd - ok 19:13:32.0427 5288 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll 19:13:32.0443 5288 RasAuto - ok 19:13:32.0474 5288 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys 19:13:32.0490 5288 Rasl2tp - ok 19:13:32.0505 5288 RasMan (3ad83e4046c43be510de681588acb8af) C:\Windows\System32\rasmans.dll 19:13:32.0521 5288 RasMan - ok 19:13:32.0552 5288 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys 19:13:32.0568 5288 RasPppoe - ok 19:13:32.0646 5288 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys 19:13:32.0661 5288 RasSstp - ok 19:13:32.0693 5288 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys 19:13:32.0708 5288 rdbss - ok 19:13:32.0708 5288 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys 19:13:32.0724 5288 RDPCDD - ok 19:13:32.0755 5288 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys 19:13:32.0771 5288 rdpdr - ok 19:13:32.0786 5288 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys 19:13:32.0802 5288 RDPENCDD - ok 19:13:32.0833 5288 RDPWD (5c141fc457f1ac833664789235aca673) C:\Windows\system32\drivers\RDPWD.sys 19:13:32.0849 5288 RDPWD - ok 19:13:32.0864 5288 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll 19:13:32.0895 5288 RemoteAccess - ok 19:13:32.0911 5288 RemoteRegistry (44b9d8ec2f3ef3a0efb00857af70d861) C:\Windows\system32\regsvc.dll 19:13:32.0927 5288 RemoteRegistry - ok 19:13:32.0942 5288 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe 19:13:32.0958 5288 RpcLocator - ok 19:13:33.0020 5288 RpcSs (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll 19:13:33.0036 5288 RpcSs - ok 19:13:33.0051 5288 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys 19:13:33.0083 5288 rspndr - ok 19:13:33.0129 5288 SamSs (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe 19:13:33.0129 5288 SamSs - ok 19:13:33.0161 5288 sbapifs (6e342316e72f4b6fa39c99e06373a1a3) C:\Windows\system32\DRIVERS\sbapifs.sys 19:13:33.0161 5288 sbapifs - ok 19:13:33.0176 5288 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys 19:13:33.0192 5288 sbp2port - ok 19:13:33.0223 5288 SBRE (9aceb2a2362fc87a3825963e61ba9076) C:\Windows\system32\drivers\SBREdrv.sys 19:13:33.0223 5288 SBRE - ok 19:13:33.0239 5288 SCardSvr (fd1cdcf108d5ef3366f00d18b70fb89b) C:\Windows\System32\SCardSvr.dll 19:13:33.0254 5288 SCardSvr - ok 19:13:33.0363 5288 Schedule (0f838c811ad295d2a4489b9993096c63) C:\Windows\system32\schedsvc.dll 19:13:33.0410 5288 Schedule - ok 19:13:33.0426 5288 SCPolicySvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll 19:13:33.0457 5288 SCPolicySvc - ok 19:13:33.0519 5288 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll 19:13:33.0535 5288 SDRSVC - ok 19:13:33.0551 5288 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 19:13:33.0582 5288 secdrv - ok 19:13:33.0597 5288 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll 19:13:33.0613 5288 seclogon - ok 19:13:33.0629 5288 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\System32\sens.dll 19:13:33.0644 5288 SENS - ok 19:13:33.0660 5288 Serenum (2449316316411d65bd2c761a6ffb2ce2) C:\Windows\system32\DRIVERS\serenum.sys 19:13:33.0675 5288 Serenum - ok 19:13:33.0707 5288 Serial (4b438170be2fc8e0bd35ee87a960f84f) C:\Windows\system32\DRIVERS\serial.sys 19:13:33.0722 5288 Serial - ok 19:13:33.0738 5288 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys 19:13:33.0753 5288 sermouse - ok 19:13:33.0769 5288 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll 19:13:33.0800 5288 SessionEnv - ok 19:13:33.0800 5288 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys 19:13:33.0831 5288 sffdisk - ok 19:13:33.0831 5288 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys 19:13:33.0878 5288 sffp_mmc - ok 19:13:33.0878 5288 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys 19:13:33.0909 5288 sffp_sd - ok 19:13:33.0909 5288 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys 19:13:33.0941 5288 sfloppy - ok 19:13:33.0987 5288 SharedAccess (4c5aee179da7e1ee9a9ccb9da289af34) C:\Windows\System32\ipnathlp.dll 19:13:34.0034 5288 SharedAccess - ok 19:13:34.0112 5288 ShellHWDetection (56793271ecdedd350c5add305603e963) C:\Windows\System32\shsvcs.dll 19:13:34.0128 5288 ShellHWDetection - ok 19:13:34.0128 5288 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys 19:13:34.0143 5288 SiSRaid2 - ok 19:13:34.0159 5288 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys 19:13:34.0159 5288 SiSRaid4 - ok 19:13:34.0362 5288 Skype C2C Service (192d93ee7ae6a3c599c96cd8d736e914) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe 19:13:34.0424 5288 Skype C2C Service - ok 19:13:34.0565 5288 SkypeUpdate (68ea68d03bf58389fe6ad2b38fad798c) C:\Program Files (x86)\Skype\Updater\Updater.exe 19:13:34.0565 5288 SkypeUpdate - ok 19:13:34.0736 5288 slsvc (a9a27a8e257b45a604fdad4f26fe7241) C:\Windows\system32\SLsvc.exe 19:13:34.0799 5288 slsvc - ok 19:13:34.0861 5288 SLUINotify (fd74b4b7c2088e390a30c85a896fc3af) C:\Windows\system32\SLUINotify.dll 19:13:34.0892 5288 SLUINotify - ok 19:13:34.0955 5288 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys 19:13:34.0970 5288 Smb - ok 19:13:34.0986 5288 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe 19:13:35.0001 5288 SNMPTRAP - ok 19:13:35.0017 5288 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys 19:13:35.0017 5288 spldr - ok 19:13:35.0048 5288 Spooler (f66ff751e7efc816d266977939ef5dc3) C:\Windows\System32\spoolsv.exe 19:13:35.0079 5288 Spooler - ok 19:13:35.0126 5288 SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe 19:13:35.0126 5288 SQLBrowser - ok 19:13:35.0157 5288 SQLWriter (3c432a96363097870995e2a3c8b66abd) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe 19:13:35.0157 5288 SQLWriter - ok 19:13:35.0189 5288 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys 19:13:35.0220 5288 srv - ok 19:13:35.0267 5288 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys 19:13:35.0282 5288 srv2 - ok 19:13:35.0313 5288 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys 19:13:35.0313 5288 srvnet - ok 19:13:35.0329 5288 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll 19:13:35.0360 5288 SSDPSRV - ok 19:13:35.0360 5288 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll 19:13:35.0391 5288 SstpSvc - ok 19:13:35.0423 5288 Steam Client Service - ok 19:13:35.0469 5288 Stereo Service (fc0a58529a02b1eed55ddc58696b7908) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe 19:13:35.0469 5288 Stereo Service - ok 19:13:35.0501 5288 StillCam (14b4db4381e4a55f570d8bb699b791d6) C:\Windows\system32\DRIVERS\serscan.sys 19:13:35.0516 5288 StillCam - ok 19:13:35.0579 5288 stisvc (15825c1fbfb8779992cb65087f316af5) C:\Windows\System32\wiaservc.dll 19:13:35.0594 5288 stisvc - ok 19:13:35.0594 5288 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys 19:13:35.0594 5288 swenum - ok 19:13:35.0672 5288 swprv (6de37f4de19d4efd9c48c43addbc949a) C:\Windows\System32\swprv.dll 19:13:35.0688 5288 swprv - ok 19:13:35.0735 5288 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys 19:13:35.0735 5288 Symc8xx - ok 19:13:35.0750 5288 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys 19:13:35.0750 5288 Sym_hi - ok 19:13:35.0766 5288 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys 19:13:35.0766 5288 Sym_u3 - ok 19:13:35.0828 5288 SysMain (92d7a8b0f87b036f17d25885937897a6) C:\Windows\system32\sysmain.dll 19:13:35.0875 5288 SysMain - ok 19:13:35.0984 5288 szkg5 (8598e4a12eaa945b35365dd2750b9777) C:\Windows\syswow64\DRIVERS\szkg64.sys 19:13:35.0984 5288 szkg5 - ok 19:13:36.0062 5288 szserver (67f86bef497c02a765ab439495599717) C:\Program Files (x86)\STOPzilla!\SZServer.exe 19:13:36.0078 5288 szserver - ok 19:13:36.0187 5288 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll 19:13:36.0203 5288 TabletInputService - ok 19:13:36.0249 5288 TapiSrv (cc2562b4d55e0b6a4758c65407f63b79) C:\Windows\System32\tapisrv.dll 19:13:36.0265 5288 TapiSrv - ok 19:13:36.0296 5288 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll 19:13:36.0359 5288 TBS - ok 19:13:36.0483 5288 Tcpip (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\drivers\tcpip.sys 19:13:36.0515 5288 Tcpip - ok 19:13:36.0624 5288 Tcpip6 (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\DRIVERS\tcpip.sys 19:13:36.0655 5288 Tcpip6 - ok 19:13:36.0873 5288 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys 19:13:36.0889 5288 tcpipreg - ok 19:13:36.0920 5288 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys 19:13:36.0951 5288 TDPIPE - ok 19:13:36.0998 5288 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys 19:13:37.0014 5288 TDTCP - ok 19:13:37.0029 5288 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys 19:13:37.0045 5288 tdx - ok 19:13:37.0092 5288 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys 19:13:37.0092 5288 TermDD - ok 19:13:37.0170 5288 TermService (5cdd30bc217082dac71a9878d9bfd566) C:\Windows\System32\termsrv.dll 19:13:37.0185 5288 TermService - ok 19:13:37.0217 5288 Themes (56793271ecdedd350c5add305603e963) C:\Windows\system32\shsvcs.dll 19:13:37.0232 5288 Themes - ok 19:13:37.0248 5288 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll 19:13:37.0263 5288 THREADORDER - ok 19:13:37.0295 5288 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll 19:13:37.0326 5288 TrkWks - ok 19:13:37.0419 5288 TrustedInstaller (66328b08ef5a9305d8ede36b93930369) C:\Windows\servicing\TrustedInstaller.exe 19:13:37.0451 5288 TrustedInstaller - ok 19:13:37.0451 5288 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys 19:13:37.0482 5288 tssecsrv - ok 19:13:37.0482 5288 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys 19:13:37.0544 5288 tunmp - ok 19:13:37.0560 5288 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys 19:13:37.0560 5288 tunnel - ok 19:13:37.0607 5288 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys 19:13:37.0607 5288 uagp35 - ok 19:13:37.0653 5288 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys 19:13:37.0669 5288 udfs - ok 19:13:37.0669 5288 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe 19:13:37.0700 5288 UI0Detect - ok 19:13:37.0700 5288 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys 19:13:37.0716 5288 uliagpkx - ok 19:13:37.0731 5288 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys 19:13:37.0747 5288 uliahci - ok 19:13:37.0763 5288 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys 19:13:37.0763 5288 UlSata - ok 19:13:37.0778 5288 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys 19:13:37.0794 5288 ulsata2 - ok 19:13:37.0809 5288 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys 19:13:37.0841 5288 umbus - ok 19:13:37.0841 5288 UMPass (01abe05c401e70795b43a8933b44831e) C:\Windows\system32\DRIVERS\umpass.sys 19:13:37.0872 5288 UMPass - ok 19:13:37.0887 5288 upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll 19:13:37.0919 5288 upnphost - ok 19:13:37.0981 5288 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys 19:13:37.0997 5288 usbaudio - ok 19:13:38.0012 5288 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys 19:13:38.0043 5288 usbccgp - ok 19:13:38.0059 5288 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys 19:13:38.0090 5288 usbcir - ok 19:13:38.0199 5288 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys 19:13:38.0215 5288 usbehci - ok 19:13:38.0246 5288 usbfilter (db07f39cb6f36b46ea681e754a0ec588) C:\Windows\system32\DRIVERS\usbfilter.sys 19:13:38.0246 5288 usbfilter - ok 19:13:38.0277 5288 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys 19:13:38.0293 5288 usbhub - ok 19:13:38.0309 5288 usbohci (e406b003a354776d317762694956b0fc) C:\Windows\system32\DRIVERS\usbohci.sys 19:13:38.0324 5288 usbohci - ok 19:13:38.0324 5288 usbprint (acfee697af477021bb3ec78c5431fed2) C:\Windows\system32\drivers\usbprint.sys 19:13:38.0355 5288 usbprint - ok 19:13:38.0371 5288 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS 19:13:38.0387 5288 USBSTOR - ok 19:13:38.0387 5288 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys 19:13:38.0418 5288 usbuhci - ok 19:13:38.0433 5288 UxSms (d76e231e4850bb3f88a3d9a78df191e3) C:\Windows\System32\uxsms.dll 19:13:38.0449 5288 UxSms - ok 19:13:38.0496 5288 vds (294945381dfa7ce58cecf0a9896af327) C:\Windows\System32\vds.exe 19:13:38.0511 5288 vds - ok 19:13:38.0511 5288 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys 19:13:38.0543 5288 vga - ok 19:13:38.0543 5288 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys 19:13:38.0574 5288 VgaSave - ok 19:13:38.0589 5288 vhidmini (c2c95d62c90ca809240112b41c1765f2) C:\Windows\system32\DRIVERS\walvhid.sys 19:13:38.0621 5288 vhidmini - ok 19:13:38.0683 5288 VIAHdAudAddService (4a441cef86dd95692984fce11d8fd530) C:\Windows\system32\drivers\viahduaa.sys 19:13:38.0777 5288 VIAHdAudAddService - ok 19:13:38.0777 5288 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys 19:13:38.0792 5288 viaide - ok 19:13:38.0792 5288 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys 19:13:38.0792 5288 volmgr - ok 19:13:38.0823 5288 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys 19:13:38.0839 5288 volmgrx - ok 19:13:38.0901 5288 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys 19:13:38.0917 5288 volsnap - ok 19:13:38.0933 5288 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys 19:13:38.0933 5288 vsmraid - ok 19:13:39.0011 5288 VSS (b75232dad33bfd95bf6f0a3e6bff51e1) C:\Windows\system32\vssvc.exe 19:13:39.0042 5288 VSS - ok 19:13:39.0182 5288 W32Time (f14a7de2ea41883e250892e1e5230a9a) C:\Windows\system32\w32time.dll 19:13:39.0198 5288 W32Time - ok 19:13:39.0213 5288 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys 19:13:39.0245 5288 WacomPen - ok 19:13:39.0338 5288 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys 19:13:39.0354 5288 Wanarp - ok 19:13:39.0354 5288 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys 19:13:39.0369 5288 Wanarpv6 - ok 19:13:39.0401 5288 wcncsvc (b4e4c37d0aa6100090a53213ee2bf1c1) C:\Windows\System32\wcncsvc.dll 19:13:39.0416 5288 wcncsvc - ok 19:13:39.0479 5288 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll 19:13:39.0494 5288 WcsPlugInService - ok 19:13:39.0494 5288 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys 19:13:39.0510 5288 Wd - ok 19:13:39.0557 5288 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys 19:13:39.0588 5288 Wdf01000 - ok 19:13:39.0603 5288 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll 19:13:39.0635 5288 WdiServiceHost - ok 19:13:39.0635 5288 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll 19:13:39.0650 5288 WdiSystemHost - ok 19:13:39.0713 5288 WebClient (3e6d05381cf35f75ebb055544a8ed9ac) C:\Windows\System32\webclnt.dll 19:13:39.0728 5288 WebClient - ok 19:13:39.0759 5288 Wecsvc (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll 19:13:39.0775 5288 Wecsvc - ok 19:13:39.0822 5288 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll 19:13:39.0853 5288 wercplsupport - ok 19:13:39.0869 5288 WerSvc (66b9ecebc46683f47edc06333c075fef) C:\Windows\System32\WerSvc.dll 19:13:39.0884 5288 WerSvc - ok 19:13:39.0915 5288 WinDefend - ok 19:13:39.0915 5288 WinHttpAutoProxySvc - ok 19:13:39.0962 5288 Winmgmt (d2e7296ed1bd26d8db2799770c077a02) C:\Windows\system32\wbem\WMIsvc.dll 19:13:39.0978 5288 Winmgmt - ok 19:13:40.0118 5288 WinRM (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll 19:13:40.0149 5288 WinRM - ok 19:13:40.0290 5288 Wlansvc (ec339c8115e91baed835957e9a677f16) C:\Windows\System32\wlansvc.dll 19:13:40.0337 5288 Wlansvc - ok 19:13:40.0368 5288 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys 19:13:40.0383 5288 WmiAcpi - ok 19:13:40.0461 5288 wmiApSrv (21fa389e65a852698b6a1341f36ee02d) C:\Windows\system32\wbem\WmiApSrv.exe 19:13:40.0477 5288 wmiApSrv - ok 19:13:40.0477 5288 WMPNetworkSvc - ok 19:13:40.0508 5288 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll 19:13:40.0524 5288 WPCSvc - ok 19:13:40.0555 5288 WPDBusEnum (490a18b4e4d53dc10879deaa8e8b70d9) C:\Windows\system32\wpdbusenum.dll 19:13:40.0571 5288 WPDBusEnum - ok 19:13:40.0602 5288 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys 19:13:40.0617 5288 WpdUsb - ok 19:13:40.0742 5288 WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe 19:13:40.0758 5288 WPFFontCache_v0400 - ok 19:13:40.0758 5288 WPRO_40_1340 - ok 19:13:40.0773 5288 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys 19:13:40.0789 5288 ws2ifsl - ok 19:13:40.0820 5288 wscsvc (9ea3e6d0ef7a5c2b9181961052a4b01a) C:\Windows\System32\wscsvc.dll 19:13:40.0836 5288 wscsvc - ok 19:13:40.0836 5288 WSearch - ok 19:13:40.0836 5288 WTService - ok 19:13:41.0039 5288 wuauserv (fb3796754fe00f0bdc87a36f164a5f4d) C:\Windows\system32\wuaueng.dll 19:13:41.0085 5288 wuauserv - ok 19:13:41.0210 5288 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys 19:13:41.0241 5288 WUDFRd - ok 19:13:41.0257 5288 wudfsvc (6cbd51ff913c851d56ed9dc7f2a27dde) C:\Windows\System32\WUDFSvc.dll 19:13:41.0288 5288 wudfsvc - ok 19:13:41.0304 5288 xusb21 (38f55d07b1d3391065c40ec065f984e2) C:\Windows\system32\DRIVERS\xusb21.sys 19:13:41.0319 5288 xusb21 - ok 19:13:41.0413 5288 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe 19:13:41.0429 5288 YahooAUService - ok 19:13:41.0475 5288 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0 19:13:41.0787 5288 \Device\Harddisk0\DR0 ( TDSS File System ) - warning 19:13:41.0787 5288 \Device\Harddisk0\DR0 - detected TDSS File System (1) 19:13:41.0819 5288 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR4 19:13:42.0489 5288 \Device\Harddisk1\DR4 - ok 19:13:42.0505 5288 Boot (0x1200) (2f103581a4010648c7d6a790f2dc42e4) \Device\Harddisk0\DR0\Partition0 19:13:42.0521 5288 \Device\Harddisk0\DR0\Partition0 - ok 19:13:42.0521 5288 Boot (0x1200) (424ec361e96ec87e3f8bf7c2fd5b45b2) \Device\Harddisk0\DR0\Partition1 19:13:42.0521 5288 \Device\Harddisk0\DR0\Partition1 - ok 19:13:42.0521 5288 Boot (0x1200) (905ff5c8808d549532c4f558f0d43674) \Device\Harddisk1\DR4\Partition0 19:13:42.0521 5288 \Device\Harddisk1\DR4\Partition0 - ok 19:13:42.0536 5288 Boot (0x1200) (eab693952dfc164a5355ceef9f082bde) \Device\Harddisk1\DR4\Partition1 19:13:42.0552 5288 \Device\Harddisk1\DR4\Partition1 - ok 19:13:42.0552 5288 ============================================================ 19:13:42.0552 5288 Scan finished 19:13:42.0552 5288 ============================================================ 19:13:42.0552 4028 Detected object count: 15 19:13:42.0552 4028 Actual detected object count: 15 19:14:23.0580 4028 AsSysCtrlService ( UnsignedFile.Multi.Generic ) - skipped by user 19:14:23.0580 4028 AsSysCtrlService ( UnsignedFile.Multi.Generic ) - User select action: Skip 19:14:23.0580 4028 Autodesk Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user 19:14:23.0580 4028 Autodesk Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 19:14:23.0580 4028 FMS ( UnsignedFile.Multi.Generic ) - skipped by user 19:14:23.0580 4028 FMS ( UnsignedFile.Multi.Generic ) - User select action: Skip 19:14:23.0580 4028 FMSAdmin ( UnsignedFile.Multi.Generic ) - skipped by user 19:14:23.0580 4028 FMSAdmin ( UnsignedFile.Multi.Generic ) - User select action: Skip 19:14:23.0595 4028 FMSHttpd ( UnsignedFile.Multi.Generic ) - skipped by user 19:14:23.0595 4028 FMSHttpd ( UnsignedFile.Multi.Generic ) - User select action: Skip 19:14:23.0595 4028 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user 19:14:23.0595 4028 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip 19:14:23.0595 4028 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user 19:14:23.0595 4028 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 19:14:23.0595 4028 HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user 19:14:23.0595 4028 HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip 19:14:23.0595 4028 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user 19:14:23.0595 4028 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 19:14:23.0595 4028 IHA_MessageCenter ( UnsignedFile.Multi.Generic ) - skipped by user 19:14:23.0595 4028 IHA_MessageCenter ( UnsignedFile.Multi.Generic ) - User select action: Skip 19:14:23.0595 4028 mi-raysat_3dsmax9_32 ( UnsignedFile.Multi.Generic ) - skipped by user 19:14:23.0595 4028 mi-raysat_3dsmax9_32 ( UnsignedFile.Multi.Generic ) - User select action: Skip 19:14:23.0595 4028 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user 19:14:23.0595 4028 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 19:14:23.0595 4028 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user 19:14:23.0595 4028 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 19:14:23.0595 4028 PS3 Media Server ( UnsignedFile.Multi.Generic ) - skipped by user 19:14:23.0595 4028 PS3 Media Server ( UnsignedFile.Multi.Generic ) - User select action: Skip 19:14:23.0595 4028 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user 19:14:23.0595 4028 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
  12. 15 Items detected, All "Unasigned" do you want the log? No option for "Cure" was given
  13. *DDS Log* . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 8.0.6001.19190 BrowserJavaVersion: 1.6.0_31 Run by Blue at 18:45:46 on 2012-08-09 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6142.3547 [GMT -7:00] . AV: STOPzilla! *Enabled/Outdated* {17032AB1-6644-0721-EEB5-A39B8B646009} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: STOPzilla! *Enabled/Outdated* {AC62CB55-407E-08AF-D405-98E9F0E32AB4} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Program Files (x86)\STOPzilla!\SZServer.exe C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\AUDIODG.EXE C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\SYSTEM32\WISPTIS.EXE C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Program Files\ASUS\EPU\EPU.exe C:\Windows\SYSTEM32\WISPTIS.EXE C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe C:\Windows\Explorer.EXE D:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe C:\Program Files (x86)\Bonjour\mDNSResponder.exe C:\Program Files (x86)\Workspace\offSyncService.exe C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe C:\Program Files (x86)\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe C:\Program Files (x86)\Dragon Age\tools\toolssql\MSSQL.1\MSSQL\Binn\sqlservr.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\SysWOW64\PnkBstrA.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Windows\System32\atwtusb.exe C:\Windows\system32\atwtusb.exe C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Windows\system32\svchost.exe -k HPService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\System32\WTMKM.exe C:\Program Files (x86)\STOPzilla!\STOPzilla.exe C:\Program Files\Logitech\SetPointP\SetPoint.exe C:\Windows\ehome\ehtray.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe C:\Program Files (x86)\Workspace\workspaceupdate.exe C:\Windows\ehome\ehmsas.exe C:\Program Files (x86)\Trillian\trillian.exe C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\ASUS\TurboV\TurboV.exe C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\NOTEPAD.EXE C:\Windows\system32\msiexec.exe c:\program files\windows defender\MpCmdRun.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\FirewallControlPanel.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\REGSVR32.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=fiber&cd=7.0unattached&bm=ho_central uInternet Settings,ProxyOverride = *.local uURLSearchHooks: H - No File uURLSearchHooks: H - No File uURLSearchHooks: H - No File uURLSearchHooks: H - No File uURLSearchHooks: H - No File mWinlogon: Userinit=c:\windows\syswow64\userinit.exe, BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - D:\Adobe\/Adobe Contribute CS4/contributeieplugin.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - D:\Adobe\/Adobe Contribute CS4/contributeieplugin.dll TB: {00000000-0000-0000-0000-000000000000} - No File TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File TB: {687578B9-7132-4A7A-80E4-30EE31099E03} - No File uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun uRun: [starfield Updater] "C:\Program Files (x86)\Workspace\workspaceupdate.exe" uRun: [AdobeBridge] "D:\Adobe\Adobe Bridge CS4\Bridge.exe" -stealth mRun: [HDAudDeck] "C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" -r mRun: [TurboV] "C:\Program Files\ASUS\TurboV\TurboV.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun: [<NO NAME>] mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin mRun: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~2\Server\bin\VERSIO~2.EXE mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray StartupFolder: C:\Users\Blue\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Trillian.lnk - C:\Program Files (x86)\Trillian\trillian.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{ACE086FD-E64E-4058-8B42-5DF7F25AC8C2} : DhcpNameServer = 192.168.1.1 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO-X64: 0x1 - No File BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - D:\Adobe\/Adobe Contribute CS4/contributeieplugin.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll BHO-X64: Increase performance and video formats for your HTML5 <video> - No File BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO-X64: SkypeIEPluginBHO - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll BHO-X64: HP Smart BHO Class - No File TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - D:\Adobe\/Adobe Contribute CS4/contributeieplugin.dll TB-X64: {00000000-0000-0000-0000-000000000000} - No File TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File TB-X64: {687578B9-7132-4A7A-80E4-30EE31099E03} - No File mRun-x64: [HDAudDeck] "C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" -r mRun-x64: [TurboV] "C:\Program Files\ASUS\TurboV\TurboV.exe" mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun-x64: [(Default)] mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin mRun-x64: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~2\Server\bin\VERSIO~2.EXE mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Blue\AppData\Roaming\Mozilla\Firefox\Profiles\4wm73yo9.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - uTorrentControl2 Customized Web Search FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll FF - plugin: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\npdeployJava1.dll FF - plugin: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\npdnu.dll FF - plugin: C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\plugins\npdnupdater2.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll FF - plugin: C:\Program Files (x86)\Virtual Earth 3D\npVE3D.dll FF - plugin: C:\Users\Blue\AppData\Roaming\Mozilla\Firefox\Profiles\4wm73yo9.default\extensions\DeviceDetection@logitech.com\plugins\npLogitechDeviceDetection.dll FF - plugin: C:\Users\Blue\AppData\Roaming\Mozilla\plugins\npoff.dll FF - plugin: C:\Users\Blue\AppData\Roaming\Mozilla\Plugins\npoff.dll FF - plugin: C:\Users\Blue\AppData\Roaming\Mozilla\Plugins\npoff64.dll FF - plugin: C:\Users\Blue\AppData\Roaming\Mozilla\plugins\npoff64.dll FF - plugin: C:\Users\Blue\AppData\Roaming\Mozilla\plugins\npwbe.dll FF - plugin: C:\Users\Blue\AppData\Roaming\Mozilla\Plugins\npwbe.dll FF - plugin: C:\Users\Blue\AppData\Roaming\Mozilla\Plugins\npwbe64.dll FF - plugin: C:\Users\Blue\AppData\Roaming\Mozilla\plugins\npwbe64.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll . ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - true FF - user.js: browser.sessionstore.resume_from_crash - false FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(yahoo.ytff.general.dontshowhpoffer, true ============= SERVICES / DRIVERS =============== . R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?] R1 SBRE;SBRE;\??\C:\Windows\system32\drivers\SBREdrv.sys --> C:\Windows\system32\drivers\SBREdrv.sys [?] R2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;D:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-9-16 169312] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928] R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe [2008-8-15 86016] R2 File Backup;File Backup Service;C:\Program Files (x86)\Workspace\offSyncService.exe [2012-5-17 1174824] R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504] R2 IHA_MessageCenter;IHA_MessageCenter;C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2012-6-11 335888] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-8-9 655944] R2 MSSQL$BWDATOOLSET;SQL Server (BWDATOOLSET);C:\Program Files (x86)\Dragon Age\tools\toolssql\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408] R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-5-8 2348352] R2 PSI_SVC_2_x64;Protexis Licensing V2 x64;C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe [2010-11-30 336824] R2 sbapifs;sbapifs;C:\Windows\system32\DRIVERS\sbapifs.sys --> C:\Windows\system32\DRIVERS\sbapifs.sys [?] R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-4-9 3063968] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-2-29 382272] R2 WTService;WTService;C:\Windows\System32\atwtusb.exe -s --> C:\Windows\System32\atwtusb.exe -s [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?] R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\system32\drivers\viahduaa.sys --> C:\Windows\system32\drivers\viahduaa.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-12-21 135664] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-4-5 158856] S3 Adobe Version Cue CS4;Adobe Version Cue CS4;C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-8-15 288112] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-5 250056] S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832] S3 ENTECH64;ENTECH64;\??\C:\Windows\system32\DRIVERS\ENTECH64.sys --> C:\Windows\system32\DRIVERS\ENTECH64.sys [?] S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2012-6-30 1038088] S3 FMS;Flash Media Server (FMS);C:\Program Files (x86)\Adobe\Flash Media Server 3.5\FMSMaster.exe [2009-11-4 2428928] S3 FMSAdmin;Flash Media Administration Server;C:\Program Files (x86)\Adobe\Flash Media Server 3.5\FMSAdmin.exe [2009-11-4 2596864] S3 FMSHttpd;FMSHttpd;C:\Program Files (x86)\Adobe\Flash Media Server 3.5\Apache2.2\bin\httpd.exe [2009-11-4 24635] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-12-21 135664] S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-26 113120] S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968] S3 PS3 Media Server;PS3 Media Server;C:\Program Files (x86)\PS3 Media Server\win32\service\wrapper.exe [2008-8-17 217088] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768] S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-10 89920] . =============== File Associations =============== . JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %* . =============== Created Last 30 ================ . 2012-08-10 01:45:30 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CF6C1A3A-80ED-4ADB-8A92-AC9BBFB3ECEA}\offreg.dll 2012-08-10 00:39:03 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-08-10 00:28:57 -------- d-----w- C:\TDSSKiller_Quarantine 2012-08-10 00:10:01 74872 ----a-r- C:\Windows\System32\drivers\sbapifs.sys 2012-08-09 23:56:23 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CF6C1A3A-80ED-4ADB-8A92-AC9BBFB3ECEA}\mpengine.dll 2012-08-09 21:40:33 -------- d-----w- C:\Users\Blue\AppData\Roaming\Malwarebytes 2012-08-09 21:40:18 -------- d-----w- C:\ProgramData\Malwarebytes 2012-08-09 21:40:17 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-08-09 06:32:44 -------- d-----w- C:\ProgramData\ALM 2012-08-08 23:50:14 -------- d-----w- C:\temp 2012-08-08 23:48:21 -------- d-----w- C:\Users\Blue\AppData\Local\Trend Micro 2012-08-08 23:44:08 -------- d-----w- C:\ProgramData\Trend Micro 2012-08-08 23:43:34 -------- d-----w- C:\Program Files\Trend Micro 2012-08-08 23:10:12 -------- d-----w- C:\Program Files (x86)\Trend Micro 2012-08-08 18:27:37 -------- d-----w- C:\AdobeTemp 2012-08-07 15:29:12 23416 ----a-r- C:\Windows\SysWow64\SZIO5.dll 2012-08-07 15:29:02 546680 ----a-r- C:\Windows\SysWow64\SZComp5.dll 2012-08-07 15:28:56 497528 ----a-r- C:\Windows\SysWow64\SZBase5.dll 2012-07-17 15:36:16 29048 ----a-r- C:\Windows\SysWow64\IS3XDat5.dll 2012-07-17 15:36:16 231288 ----a-r- C:\Windows\SysWow64\IS3Win325.dll 2012-07-17 15:36:14 391032 ----a-r- C:\Windows\SysWow64\IS3UI5.dll 2012-07-17 15:36:12 100216 ----a-r- C:\Windows\SysWow64\IS3Svc5.dll 2012-07-17 15:36:06 132984 ----a-r- C:\Windows\SysWow64\IS3HTUI5.dll 2012-07-17 15:36:06 104312 ----a-r- C:\Windows\SysWow64\IS3Inet5.dll 2012-07-17 15:36:04 67448 ----a-r- C:\Windows\SysWow64\IS3Hks5.dll 2012-07-17 15:36:04 456568 ----a-r- C:\Windows\SysWow64\IS3DBA5.dll 2012-07-17 15:36:02 812920 ----a-r- C:\Windows\SysWow64\IS3Base5.dll 2012-07-14 21:51:35 -------- d-----w- C:\Users\Blue\AppData\Roaming\TechWizard 2012-07-14 21:49:20 260 ----a-w- C:\Windows\SysWow64\cmdVBS.vbs 2012-07-14 21:49:20 256 ----a-w- C:\Windows\SysWow64\MSIevent.bat . ==================== Find3M ==================== . 2012-08-10 00:39:53 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-08-10 00:39:53 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-07-14 19:58:05 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys 2012-06-30 19:57:07 86584 ----a-w- C:\Windows\SysWow64\drivers\adfs.sys 2012-06-30 19:57:07 86584 ----a-w- C:\Windows\System32\drivers\adfs.sys 2012-05-31 19:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe . ============= FINISH: 18:46:25.38 =============== *RogueKiller Log* RogueKiller V7.6.5 [08/03/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows Vista (6.0.6002 Service Pack 2) 64 bits version Started in : Normal mode User: Blue [Admin rights] Mode: Scan -- Date: 08/09/2012 18:55:11 ¤¤¤ Bad processes: 1 ¤¤¤ [sUSP PATH] c2c_service.exe -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -> KILLED [TermProc] ¤¤¤ Registry Entries: 4 ¤¤¤ [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ 127.0.0.1 localhost ::1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: SAMSUNG HD103UJ ATA Device +++++ --- User --- [MBR] 9ad95bbe26b845c22155cee2f62bc4b4 [bSP] 638e5a80e020404c80f0c466e267f1f7 : Windows Vista MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 453868 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 929523712 | Size: 499999 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1].txt >> RKreport[1].txt
  14. Online or offline? Or does it not matter with these?
  15. Recently I went to open Adobe Illustrator and was hit with a BSOD. PAGE_FAULT_IN_NONPAGED_AREA Stop:0x00000050 ( 0xFFFFFA60F04CAC20, 0X0000000000000001, 0XFFFFFA8007D4A2E6, 0X0000000000000005) Then my AVM software detected SVCHost infected. Malwarebytes was ran offline (updated with current database) with all other protection disabled *Malwarebytes Log* Malwarebytes Anti-Malware (Trial) 1.62.0.1300 www.malwarebytes.org Database version: v2012.08.10.01 Windows Vista Service Pack 2 x64 NTFS Internet Explorer 8.0.6001.19190 Blue :: BLUE-PC [administrator] Protection: Disabled 8/9/2012 5:39:37 PM mbam-log-2012-08-09 (17-39-37).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 245033 Time elapsed: 6 minute(s), 2 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\sp (TrojanProxy.Agent) -> Quarantined and deleted successfully. Registry Values Detected: 1 HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost|netsvc (TrojanProxy.Agent) -> Data: SPService^^ -> Quarantined and deleted successfully. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Computer Boots up REALLY slow, after rebooting Malwarebytes gives error dialog: [shell_NotifyIcon] Failed to perform desired action. Error Code: 0 Steve
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.