Ladyrogue
-
Posts
23 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by Ladyrogue
-
-
Okay, everything is cleaned up. I've left feedback and I was wondering if you missed my question up there...
Now, I have one more question relating way back to one of your first posts to me. You said that once a computer had been infected with a backdoor it's considered compromised afterwards, even after cleaning it, as we did here.
Do you personally feel that is true? I use this to play WoW on and would dislike to have my account compromised.
I don't use this for any online banking, just gaming, and as soon as I realized it was infected I changed passwords, while on a clean computer.
Bernice
-
Running fine.... and I am soooo very happy you spent this time helping me. Thank you so very much.
-
Now, I have one more question relating way back to one of your first posts to me. You said that once a computer had been infected with a backdoor it's considered compromised afterwards, even after cleaning it, as we did here.
Do you personally feel that is true?
I don't use this for any online banking, just gaming, and as soon as I realized it was infected I changed passwords, while on a clean computer.
Bernice
-
Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org
Database version: v2012.08.10.08
Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Bernice :: BERNICE-PC [administrator]
Protection: Enabled
8/10/2012 10:51:46 PM
mbam-log-2012-08-10 (22-51-46).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 208934
Time elapsed: 28 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
-
MBAM says clean too!!
-
RogueKiller V7.6.6 [08/10/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User: Bernice [Admin rights]
Mode: Scan -- Date: 08/10/2012 22:48:09
¤¤¤ Bad processes: 0 ¤¤¤
¤¤¤ Registry Entries: 2 ¤¤¤
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [NOT LOADED] ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD64 01AALS-00E8B SCSI Disk Device +++++
--- User ---
[MBR] de56085bf42185de9de7ddf70a5ddde3
[bSP] f7e93078e80b07ffdd0bd575fae681f7 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 610378 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
+++++ PhysicalDrive1: USB2.0 Flash Disk USB Device +++++
--- User ---
[MBR] e64970a9a28ec698d6f98018f36970b7
[bSP] 77941ca9d28c9f93d61142f8e2803fb7 : Standard MBR Code
Partition table:
0 - [ACTIVE] FAT16 (0x06) [VISIBLE] Offset (sectors): 32 | Size: 123 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt
-
Scan result of Farbar Recovery Scan Tool Version: 09-08-2012
Ran by SYSTEM at 10-08-2012 22:34:35
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001
========================== Registry (Whitelisted) =============
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7833120 2009-05-22] (Realtek Semiconductor)
HKLM\...\Run: [skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-05-22] (Realtek Semiconductor Corp.)
HKLM-x32\...\Run: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL [x]
HKLM-x32\...\Run: [CTHelper] CTHELPER.EXE [x]
HKLM-x32\...\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s [85160 2009-06-17] (Elaborate Bytes AG)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation)
HKU\Bernice\...\Run: [DevconDefaultDB] C:\Windows\system32\readreg /PSCONV={NO} /FAIL=1 [x]
HKU\Bernice\...\Run: [googletalk] C:\Users\Bernice\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart [3739648 2007-01-01] (Google)
Tcpip\Parameters: [DhcpNameServer] 209.206.136.8 207.230.192.251
Startup: C:\Users\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
==================== Services (Whitelisted) ======
2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [625184 2009-04-19] ()
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)
3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe" [227232 2010-01-15] (McAfee, Inc.)
2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [207904 2009-04-19] ()
========================== Drivers (Whitelisted) =============
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation)
3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-28] ()
3 NVNET; C:\Windows\System32\DRIVERS\nvmf6264.sys [339360 2009-04-30] (NVIDIA Corporation)
3 catchme; \??\C:\ComboFix\catchme.sys [x]
========================== NetSvcs (Whitelisted) ===========
============ One Month Created Files and Folders ==============
2012-08-10 20:09 - 2012-08-10 20:09 - 00000000 ____D C:\FRST
2012-08-10 18:15 - 2012-08-10 18:15 - 00019205 ____A C:\ComboFix.txt
2012-08-10 17:49 - 2012-08-10 18:05 - 00000000 ____D C:\TDSSKiller_Quarantine
2012-08-10 17:45 - 2012-08-10 17:46 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\Bernice\Desktop\tdsskiller.exe
2012-08-10 17:41 - 2012-08-10 17:41 - 00001650 ____A C:\Users\Bernice\Desktop\RKreport[2].txt
2012-08-10 16:49 - 2012-08-10 18:15 - 00000000 ____D C:\Qoobox
2012-08-10 16:49 - 2012-08-10 16:59 - 00000000 ____D C:\Windows\erdnt
2012-08-10 16:49 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe
2012-08-10 16:49 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe
2012-08-10 16:49 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2012-08-10 16:49 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2012-08-10 16:49 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2012-08-10 16:49 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe
2012-08-10 16:49 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe
2012-08-10 16:49 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe
2012-08-10 16:43 - 2012-08-10 16:43 - 04728003 ____R (Swearware) C:\Users\Bernice\Desktop\ComboFix.exe
2012-08-10 15:47 - 2012-08-10 15:47 - 01439703 ____A (Farbar) C:\Users\Bernice\Downloads\FRST64.exe
2012-08-10 15:35 - 2012-08-10 15:35 - 00001753 ____A C:\Users\Bernice\Desktop\RKreport[1].txt
2012-08-10 15:34 - 2012-08-10 17:41 - 00000000 ____D C:\Users\Bernice\Desktop\RK_Quarantine
2012-08-10 15:33 - 2012-08-10 15:33 - 01558528 ____A C:\Users\Bernice\Desktop\RogueKiller.exe
2012-08-10 15:29 - 2012-08-10 15:28 - 00607260 ____R (Swearware) C:\Users\Bernice\Desktop\dds.com
2012-08-10 15:28 - 2012-08-10 15:27 - 00607260 ____R (Swearware) C:\Users\Bernice\Desktop\dds.scr
2012-08-10 05:13 - 2012-08-10 05:13 - 00001169 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-08-09 17:25 - 2012-08-09 17:25 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-08-07 07:21 - 2012-08-07 07:21 - 00001580 ____A C:\Users\Bernice\Desktop\Peanut butter chicken.txt
2012-08-04 16:02 - 2012-08-04 16:02 - 01124103 ____A C:\Users\Bernice\Downloads\DBM-4.10.14-r7705-Core-and-Cataclysm-Mods.zip
2012-08-02 07:05 - 2012-08-02 07:05 - 02294253 ____A C:\Users\Bernice\Downloads\Grail-035.zip
2012-08-02 07:04 - 2012-08-02 07:04 - 00039092 ____A C:\Users\Bernice\Downloads\Wholly-021.zip
2012-07-28 09:31 - 2012-07-28 09:31 - 00165248 ____A (ArenaNet) C:\Users\Bernice\Downloads\GwSetup.exe
2012-07-24 19:28 - 2012-07-24 19:28 - 48351232 ____A C:\Users\Bernice\Downloads\calibre-0.8.61.msi
2012-07-24 05:52 - 2012-07-24 05:52 - 00000000 ____D C:\Windows\Sun
============ 3 Months Modified Files ========================
2012-08-10 18:32 - 2010-12-20 15:44 - 01206317 ____A C:\Windows\WindowsUpdate.log
2012-08-10 18:20 - 2012-05-04 13:50 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-08-10 18:15 - 2012-08-10 18:15 - 00019205 ____A C:\ComboFix.txt
2012-08-10 18:14 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini
2012-08-10 17:58 - 2009-07-13 20:45 - 00015024 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-10 17:58 - 2009-07-13 20:45 - 00015024 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-10 17:56 - 2009-07-13 21:13 - 00726270 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-10 17:51 - 2009-07-13 21:08 - 00032652 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-08-10 17:51 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-10 17:51 - 2009-07-13 20:51 - 00040649 ____A C:\Windows\setupact.log
2012-08-10 17:46 - 2012-08-10 17:45 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\Bernice\Desktop\tdsskiller.exe
2012-08-10 17:41 - 2012-08-10 17:41 - 00001650 ____A C:\Users\Bernice\Desktop\RKreport[2].txt
2012-08-10 16:55 - 2011-02-07 16:24 - 00006556 ____A C:\Windows\PFRO.log
2012-08-10 16:43 - 2012-08-10 16:43 - 04728003 ____R (Swearware) C:\Users\Bernice\Desktop\ComboFix.exe
2012-08-10 15:47 - 2012-08-10 15:47 - 01439703 ____A (Farbar) C:\Users\Bernice\Downloads\FRST64.exe
2012-08-10 15:35 - 2012-08-10 15:35 - 00001753 ____A C:\Users\Bernice\Desktop\RKreport[1].txt
2012-08-10 15:33 - 2012-08-10 15:33 - 01558528 ____A C:\Users\Bernice\Desktop\RogueKiller.exe
2012-08-10 15:28 - 2012-08-10 15:29 - 00607260 ____R (Swearware) C:\Users\Bernice\Desktop\dds.com
2012-08-10 15:27 - 2012-08-10 15:28 - 00607260 ____R (Swearware) C:\Users\Bernice\Desktop\dds.scr
2012-08-10 05:13 - 2012-08-10 05:13 - 00001169 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-08-07 07:21 - 2012-08-07 07:21 - 00001580 ____A C:\Users\Bernice\Desktop\Peanut butter chicken.txt
2012-08-04 16:02 - 2012-08-04 16:02 - 01124103 ____A C:\Users\Bernice\Downloads\DBM-4.10.14-r7705-Core-and-Cataclysm-Mods.zip
2012-08-02 22:20 - 2012-05-04 13:50 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-08-02 22:20 - 2011-05-25 15:25 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-08-02 07:05 - 2012-08-02 07:05 - 02294253 ____A C:\Users\Bernice\Downloads\Grail-035.zip
2012-08-02 07:04 - 2012-08-02 07:04 - 00039092 ____A C:\Users\Bernice\Downloads\Wholly-021.zip
2012-07-28 09:31 - 2012-07-28 09:31 - 00165248 ____A (ArenaNet) C:\Users\Bernice\Downloads\GwSetup.exe
2012-07-24 19:31 - 2012-02-12 18:51 - 00001016 ____A C:\Users\Public\Desktop\calibre - E-book management.lnk
2012-07-24 19:28 - 2012-07-24 19:28 - 48351232 ____A C:\Users\Bernice\Downloads\calibre-0.8.61.msi
2012-07-10 23:18 - 2009-07-13 20:45 - 00289152 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-10 23:00 - 2010-12-20 16:26 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-10 20:59 - 2012-07-10 20:57 - 108835088 ____A C:\Users\Bernice\Downloads\PRS-T1_Updater_1.0.04.12210(1).exe
2012-07-05 06:21 - 2010-12-26 19:07 - 00540672 __ASH C:\Users\Bernice\Documents\Thumbs.db
2012-07-05 06:17 - 2012-07-05 06:17 - 00011761 ____A C:\Users\Bernice\Documents\Shea.odt
2012-07-03 09:46 - 2011-02-07 06:55 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-24 07:10 - 2012-06-24 07:10 - 47520256 ____A C:\Users\Bernice\Downloads\calibre-0.8.57.msi
2012-06-15 03:20 - 2012-06-15 03:19 - 47544304 ____A C:\Users\Bernice\Downloads\calibre-0.8.56.msi
2012-06-11 19:02 - 2012-07-10 23:02 - 03147264 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-08 21:30 - 2012-07-10 21:45 - 14165504 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 20:46 - 2012-07-10 21:45 - 12868608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-07 16:25 - 2012-06-07 16:25 - 01124103 ____A C:\Users\Bernice\Downloads\DBM-4.10.12-r7536-Core-and-Cataclysm-Mods.zip
2012-06-07 06:17 - 2012-06-07 06:17 - 00010075 ____A C:\Users\Bernice\Downloads\BittensSpellFlashLibrary-2.11.1.zip
2012-06-06 19:58 - 2012-06-06 19:58 - 00007862 ____A C:\Users\Bernice\Downloads\BittensSpellFlash_Priest-2.1.0.zip
2012-06-06 19:57 - 2012-06-06 19:57 - 00074891 ____A C:\Users\Bernice\Downloads\SpellFlash-5.162.zip
2012-06-05 21:50 - 2012-07-10 21:45 - 02003968 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 21:50 - 2012-07-10 21:45 - 01880064 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 21:09 - 2012-07-10 21:45 - 01389568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 21:09 - 2012-07-10 21:45 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-02 14:19 - 2012-06-21 17:49 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-21 17:49 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-21 17:49 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-21 17:49 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-21 17:49 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-21 17:49 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-21 17:49 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 11:19 - 2012-06-21 17:49 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 11:15 - 2012-06-21 17:49 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-01 21:38 - 2012-07-10 21:45 - 00152432 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 21:38 - 2012-07-10 21:45 - 00095088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 21:37 - 2012-07-10 21:45 - 00459216 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 21:27 - 2012-07-10 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 21:27 - 2012-07-10 21:45 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 20:48 - 2012-07-10 21:45 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 20:48 - 2012-07-10 21:45 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 20:47 - 2012-07-10 21:45 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-01 20:42 - 2012-07-10 21:45 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-05-31 08:25 - 2010-12-20 16:04 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-05-20 09:15 - 2012-05-20 09:15 - 04720082 ____A (Skylabs) C:\Users\Bernice\Downloads\OCTGN 3.0.1.6.exe
2012-05-14 19:56 - 2012-06-12 15:17 - 01197568 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-14 19:52 - 2012-06-12 15:17 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-14 19:08 - 2012-06-12 15:17 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-05-14 19:06 - 2012-06-12 15:17 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-05-14 08:57 - 2012-05-14 08:57 - 00001249 ____A C:\Users\Public\Desktop\Diablo III.lnk
2012-05-14 08:53 - 2012-05-14 08:53 - 32288896 ____A (Blizzard Entertainment) C:\Users\Bernice\Downloads\Diablo-III-Setup-enUS.exe
2012-05-14 06:24 - 2012-05-14 06:24 - 07336648 ____A (Blizzard Entertainment) C:\Users\Bernice\Downloads\Diablo-III-8370-enUS-Installer-downloader(1).exe
========================= Known DLLs (Whitelisted) ============
========================= Bamital & volsnap Check ============
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
========================= Memory info ======================
Percentage of memory in use: 14%
Total physical RAM: 4094.55 MB
Available physical RAM: 3494.01 MB
Total Pagefile: 4092.7 MB
Available Pagefile: 3484.54 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB
======================= Partitions =========================
2 Drive c: () (Fixed) (Total:596.07 GB) (Free:457.34 GB) NTFS
4 Drive f: (FLASH DRIVE) (Removable) (Total:0.12 GB) (Free:0.12 GB) FAT
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 596 GB 0 B
Disk 1 Online 123 MB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 596 GB 101 MB
==================================================================================
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy
==================================================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 596 GB Healthy
==================================================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 123 MB 16 KB
==================================================================================
Disk: 1
Partition 1
Type : 06
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F FLASH DRIVE FAT Removable 123 MB Healthy
==================================================================================
Last Boot: 2012-08-06 20:59
======================= End Of Log ==========================
arbar Recovery Scan Tool Version: 09-08-2012
Ran by SYSTEM at 2012-08-10 22:38:43
Running from F:\
================== Search: "services.exe" ===================
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
C:\Windows\erdnt\cache64\services.exe
[2012-08-10 16:59] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
C:\FRST\Quarantine\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06
====== End Of Search ======
I'm getting better at this... goes faster
-
ComboFix 12-08-09.01 - Bernice 08/10/2012 22:10:04.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4095.2861 [GMT -4:00]
Running from: c:\users\Bernice\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-07-11 to 2012-08-11 )))))))))))))))))))))))))))))))
.
.
2012-08-11 04:09 . 2012-08-11 04:09 -------- d-----w- C:\FRST
2012-08-11 02:14 . 2012-08-11 02:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-11 02:14 . 2012-08-11 02:14 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-08-10 01:25 . 2012-08-10 01:25 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-08-07 07:16 . 2012-08-07 07:16 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B033D555-B4ED-4EDC-9523-66351C4A87D4}\offreg.dll
2012-08-07 07:15 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B033D555-B4ED-4EDC-9523-66351C4A87D4}\mpengine.dll
2012-07-24 13:52 . 2012-07-24 13:52 -------- d-----w- c:\windows\Sun
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-03 06:20 . 2012-05-04 21:50 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-03 06:20 . 2011-05-25 23:25 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 07:00 . 2010-12-21 00:26 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-03 17:46 . 2011-02-07 14:55 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-12 03:02 . 2012-07-11 07:02 3147264 ----a-w- c:\windows\system32\win32k.sys
2012-06-09 05:30 . 2012-07-11 05:45 14165504 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 05:50 . 2012-07-11 05:45 2003968 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 05:50 . 2012-07-11 05:45 1880064 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 05:09 . 2012-07-11 05:45 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:09 . 2012-07-11 05:45 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-02 22:19 . 2012-06-22 01:49 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 01:49 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-22 01:49 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 01:49 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 01:49 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-22 01:49 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-22 01:49 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-22 01:49 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-22 01:49 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 05:38 . 2012-07-11 05:45 95088 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:38 . 2012-07-11 05:45 152432 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:37 . 2012-07-11 05:45 459216 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:27 . 2012-07-11 05:45 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:27 . 2012-07-11 05:45 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:48 . 2012-07-11 05:45 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:48 . 2012-07-11 05:45 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:47 . 2012-07-11 05:45 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:42 . 2012-07-11 05:45 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-05-31 16:25 . 2010-12-21 00:04 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-15 03:56 . 2012-06-12 23:17 1197568 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 03:52 . 2012-06-12 23:17 64512 ----a-w- c:\windows\system32\jsproxy.dll
2012-05-15 03:08 . 2012-06-12 23:17 981504 ----a-w- c:\windows\SysWow64\wininet.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-11_00.56.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-07-18 00:27 . 2012-08-11 01:37 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2012-07-18 00:27 . 2012-08-11 00:38 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2012-07-18 00:27 . 2012-08-11 00:38 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2012-07-18 00:27 . 2012-08-11 01:37 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2010-12-21 00:10 . 2012-08-11 01:53 27862 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-08-11 01:53 37674 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-12-21 00:01 . 2012-08-11 01:53 10384 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3792743543-1171466682-3431947034-1001_UserData.bin
- 2010-12-21 15:42 . 2012-08-10 01:15 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-12-21 15:42 . 2012-08-11 00:59 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-12-21 15:42 . 2012-08-10 01:15 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-12-21 15:42 . 2012-08-11 00:59 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-10 01:15 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-11 00:59 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-12-20 23:52 . 2012-08-11 00:56 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-12-20 23:52 . 2012-08-11 01:52 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-12-20 23:52 . 2012-08-11 01:52 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-12-20 23:52 . 2012-08-11 00:56 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-12-20 23:52 . 2012-08-11 00:56 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-12-20 23:52 . 2012-08-11 01:52 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-12-20 23:52 . 2012-08-11 02:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-12-20 23:52 . 2012-08-11 00:56 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-12-20 23:52 . 2012-08-11 02:00 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-12-20 23:52 . 2012-08-11 00:56 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-01-02 21:17 . 2012-08-10 13:21 4152 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2011-01-02 21:17 . 2012-08-11 01:35 4152 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2012-08-11 01:51 . 2012-08-11 01:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-11 00:56 . 2012-08-11 00:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-08-11 01:51 . 2012-08-11 01:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 04:54 . 2012-08-11 01:37 245760 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-08-11 00:57 245760 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-08-11 01:37 933888 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 02:36 . 2012-08-11 01:56 624162 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-08-11 00:41 624162 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-08-11 01:56 106538 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-08-11 00:41 106538 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-08-11 00:55 274392 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-08-11 01:51 274392 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:54 . 2012-08-11 00:57 2637824 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-11 01:37 2637824 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 02:34 . 2012-08-10 01:28 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2012-08-11 02:04 10485760 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2011-03-09 08:16 . 2012-08-11 01:51 39228664 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3792743543-1171466682-3431947034-1001-8192.dat
- 2011-03-09 08:16 . 2012-08-11 00:55 39228664 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3792743543-1171466682-3431947034-1001-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DevconDefaultDB"="c:\windows\system32\readreg" [X]
"googletalk"="c:\users\Bernice\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AsioThk32Reg"="CTASIO.DLL" [2010-03-19 47104]
"CTHelper"="CTHELPER.EXE" [2010-03-19 19456]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-03 250056]
R3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.SYS [2010-03-19 158808]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-12-21 79360]
R3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.SYS [2010-03-19 706648]
R3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\System32\drivers\CTERFXFX.SYS [2010-03-19 141912]
R3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.SYS [2010-03-19 141912]
R3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.SYS [2010-03-19 681048]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-20 113120]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-21 1255736]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2010-11-09 21992]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]
S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\System32\drivers\COMMONFX.SYS [2010-03-19 158808]
S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\System32\drivers\CTAUDFX.SYS [2010-03-19 706648]
S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\System32\drivers\CTSBLFX.SYS [2010-03-19 681048]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 27524474
*Deregistered* - 27524474
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-04 06:20]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-05-23 7833120]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-05-23 1833504]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
LSP: %SYSTEMROOT%\system32\nvLsp.dll
TCP: DhcpNameServer = 209.206.136.8 207.230.192.251
FF - ProfilePath - c:\users\Bernice\AppData\Roaming\Mozilla\Firefox\Profiles\r60pnj1e.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-10 22:15:32
ComboFix-quarantined-files.txt 2012-08-11 02:15
ComboFix2.txt 2012-08-11 01:00
.
Pre-Run: 491,014,553,600 bytes free
Post-Run: 490,952,941,568 bytes free
.
- - End Of File - - EC280633042C5C0D78E4F0DB9A9CFD2C
-
I don't see an option on here to attach files, so I'm sorry, but gonna paste again, as I have done all along.
22:03:58.0968 2352 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
22:03:59.0482 2352 ============================================================
22:03:59.0482 2352 Current date / time: 2012/08/10 22:03:59.0482
22:03:59.0482 2352 SystemInfo:
22:03:59.0482 2352
22:03:59.0482 2352 OS Version: 6.1.7600 ServicePack: 0.0
22:03:59.0482 2352 Product type: Workstation
22:03:59.0482 2352 ComputerName: BERNICE-PC
22:03:59.0482 2352 UserName: Bernice
22:03:59.0482 2352 Windows directory: C:\Windows
22:03:59.0482 2352 System windows directory: C:\Windows
22:03:59.0482 2352 Running under WOW64
22:03:59.0482 2352 Processor architecture: Intel x64
22:03:59.0482 2352 Number of processors: 2
22:03:59.0482 2352 Page size: 0x1000
22:03:59.0482 2352 Boot type: Normal boot
22:03:59.0482 2352 ============================================================
22:04:00.0262 2352 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x14301, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
22:04:00.0262 2352 Drive \Device\Harddisk1\DR1 - Size: 0x7B60000 (0.12 Gb), SectorSize: 0x200, Cylinders: 0xF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:04:00.0262 2352 ============================================================
22:04:00.0262 2352 \Device\Harddisk0\DR0:
22:04:00.0262 2352 MBR partitions:
22:04:00.0262 2352 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
22:04:00.0262 2352 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x4A825000
22:04:00.0262 2352 \Device\Harddisk1\DR1:
22:04:00.0262 2352 MBR partitions:
22:04:00.0262 2352 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x3DAE0
22:04:00.0262 2352 ============================================================
22:04:00.0294 2352 C: <-> \Device\Harddisk0\DR0\Partition1
22:04:00.0294 2352 ============================================================
22:04:00.0294 2352 Initialize success
22:04:00.0294 2352 ============================================================
22:04:07.0594 2140 ============================================================
22:04:07.0594 2140 Scan started
22:04:07.0594 2140 Mode: Manual; SigCheck; TDLFS;
22:04:07.0594 2140 ============================================================
22:04:08.0125 2140 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
22:04:08.0218 2140 1394ohci - ok
22:04:08.0250 2140 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
22:04:08.0265 2140 ACPI - ok
22:04:08.0265 2140 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
22:04:08.0328 2140 AcpiPmi - ok
22:04:08.0390 2140 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
22:04:08.0406 2140 AdobeARMservice - ok
22:04:08.0499 2140 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
22:04:08.0515 2140 AdobeFlashPlayerUpdateSvc - ok
22:04:08.0562 2140 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
22:04:08.0577 2140 adp94xx - ok
22:04:08.0624 2140 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
22:04:08.0624 2140 adpahci - ok
22:04:08.0640 2140 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
22:04:08.0655 2140 adpu320 - ok
22:04:08.0671 2140 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
22:04:08.0780 2140 AeLookupSvc - ok
22:04:08.0827 2140 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
22:04:08.0874 2140 AFD - ok
22:04:08.0889 2140 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
22:04:08.0905 2140 agp440 - ok
22:04:08.0920 2140 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
22:04:08.0967 2140 ALG - ok
22:04:08.0983 2140 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
22:04:08.0983 2140 aliide - ok
22:04:08.0998 2140 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
22:04:08.0998 2140 amdide - ok
22:04:09.0014 2140 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
22:04:09.0045 2140 AmdK8 - ok
22:04:09.0045 2140 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
22:04:09.0061 2140 AmdPPM - ok
22:04:09.0092 2140 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
22:04:09.0108 2140 amdsata - ok
22:04:09.0123 2140 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
22:04:09.0139 2140 amdsbs - ok
22:04:09.0154 2140 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
22:04:09.0154 2140 amdxata - ok
22:04:09.0186 2140 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
22:04:09.0232 2140 AppID - ok
22:04:09.0248 2140 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
22:04:09.0279 2140 AppIDSvc - ok
22:04:09.0295 2140 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
22:04:09.0310 2140 Appinfo - ok
22:04:09.0342 2140 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
22:04:09.0342 2140 arc - ok
22:04:09.0357 2140 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
22:04:09.0373 2140 arcsas - ok
22:04:09.0373 2140 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
22:04:09.0404 2140 AsyncMac - ok
22:04:09.0420 2140 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
22:04:09.0435 2140 atapi - ok
22:04:09.0466 2140 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
22:04:09.0498 2140 AudioEndpointBuilder - ok
22:04:09.0513 2140 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
22:04:09.0544 2140 AudioSrv - ok
22:04:09.0560 2140 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
22:04:09.0576 2140 AxInstSV - ok
22:04:09.0622 2140 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
22:04:09.0654 2140 b06bdrv - ok
22:04:09.0685 2140 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
22:04:09.0716 2140 b57nd60a - ok
22:04:09.0747 2140 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
22:04:09.0778 2140 BDESVC - ok
22:04:09.0778 2140 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
22:04:09.0825 2140 Beep - ok
22:04:09.0856 2140 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
22:04:09.0903 2140 BFE - ok
22:04:09.0919 2140 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
22:04:09.0950 2140 blbdrive - ok
22:04:09.0966 2140 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
22:04:09.0981 2140 bowser - ok
22:04:09.0997 2140 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:04:10.0012 2140 BrFiltLo - ok
22:04:10.0012 2140 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:04:10.0028 2140 BrFiltUp - ok
22:04:10.0153 2140 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
22:04:10.0184 2140 BridgeMP - ok
22:04:10.0215 2140 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
22:04:10.0246 2140 Browser - ok
22:04:10.0262 2140 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
22:04:10.0293 2140 Brserid - ok
22:04:10.0309 2140 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
22:04:10.0324 2140 BrSerWdm - ok
22:04:10.0324 2140 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
22:04:10.0340 2140 BrUsbMdm - ok
22:04:10.0340 2140 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
22:04:10.0371 2140 BrUsbSer - ok
22:04:10.0387 2140 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
22:04:10.0402 2140 BTHMODEM - ok
22:04:10.0434 2140 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
22:04:10.0465 2140 bthserv - ok
22:04:10.0465 2140 catchme - ok
22:04:10.0480 2140 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
22:04:10.0512 2140 cdfs - ok
22:04:10.0543 2140 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
22:04:10.0558 2140 cdrom - ok
22:04:10.0574 2140 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
22:04:10.0605 2140 CertPropSvc - ok
22:04:10.0621 2140 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
22:04:10.0636 2140 circlass - ok
22:04:10.0652 2140 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
22:04:10.0668 2140 CLFS - ok
22:04:10.0714 2140 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:04:10.0730 2140 clr_optimization_v2.0.50727_32 - ok
22:04:10.0777 2140 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:04:10.0792 2140 clr_optimization_v2.0.50727_64 - ok
22:04:10.0839 2140 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:04:10.0839 2140 clr_optimization_v4.0.30319_32 - ok
22:04:10.0870 2140 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:04:10.0870 2140 clr_optimization_v4.0.30319_64 - ok
22:04:10.0902 2140 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
22:04:10.0917 2140 CmBatt - ok
22:04:10.0933 2140 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
22:04:10.0948 2140 cmdide - ok
22:04:10.0980 2140 CNG (ca7720b73446fddec5c69519c1174c98) C:\Windows\system32\Drivers\cng.sys
22:04:10.0995 2140 CNG - ok
22:04:11.0026 2140 COMMONFX (f38acff40e9edc2b3476edd724cea4a0) C:\Windows\system32\drivers\COMMONFX.SYS
22:04:11.0042 2140 COMMONFX - ok
22:04:11.0042 2140 COMMONFX.SYS (f38acff40e9edc2b3476edd724cea4a0) C:\Windows\System32\drivers\COMMONFX.SYS
22:04:11.0042 2140 COMMONFX.SYS - ok
22:04:11.0058 2140 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
22:04:11.0073 2140 Compbatt - ok
22:04:11.0073 2140 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
22:04:11.0104 2140 CompositeBus - ok
22:04:11.0104 2140 COMSysApp - ok
22:04:11.0136 2140 cpuz135 (262969a3fab32b9e17e63e2d17a57744) C:\Windows\system32\drivers\cpuz135_x64.sys
22:04:11.0136 2140 cpuz135 - ok
22:04:11.0151 2140 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
22:04:11.0167 2140 crcdisk - ok
22:04:11.0198 2140 Creative Audio Engine Licensing Service (c0ead9f8ab83d41ff07303c75589c2b8) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
22:04:11.0214 2140 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - warning
22:04:11.0214 2140 Creative Audio Engine Licensing Service - detected UnsignedFile.Multi.Generic (1)
22:04:11.0245 2140 CryptSvc (f02786b66375292e58c8777082d4396d) C:\Windows\system32\cryptsvc.dll
22:04:11.0276 2140 CryptSvc - ok
22:04:11.0307 2140 ctac32k (095c566746217cd1482ede40a70d87d2) C:\Windows\system32\drivers\ctac32k.sys
22:04:11.0323 2140 ctac32k - ok
22:04:11.0370 2140 ctaud2k (157e2196fccd002a2edf3b06df7b0c9a) C:\Windows\system32\drivers\ctaud2k.sys
22:04:11.0385 2140 ctaud2k - ok
22:04:11.0416 2140 CTAUDFX (17979ee857e930cbfdf24a12e89d77a1) C:\Windows\system32\drivers\CTAUDFX.SYS
22:04:11.0432 2140 CTAUDFX - ok
22:04:11.0432 2140 CTAUDFX.SYS (17979ee857e930cbfdf24a12e89d77a1) C:\Windows\System32\drivers\CTAUDFX.SYS
22:04:11.0448 2140 CTAUDFX.SYS - ok
22:04:11.0479 2140 CTAudSvcService (5ce3d0e1d1b3832ee052cfc442eee0fa) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
22:04:11.0494 2140 CTAudSvcService ( UnsignedFile.Multi.Generic ) - warning
22:04:11.0494 2140 CTAudSvcService - detected UnsignedFile.Multi.Generic (1)
22:04:11.0510 2140 CTERFXFX (fe3eae37536c02d087e5c5d339663779) C:\Windows\system32\drivers\CTERFXFX.SYS
22:04:11.0526 2140 CTERFXFX - ok
22:04:11.0526 2140 CTERFXFX.SYS (fe3eae37536c02d087e5c5d339663779) C:\Windows\System32\drivers\CTERFXFX.SYS
22:04:11.0541 2140 CTERFXFX.SYS - ok
22:04:11.0541 2140 ctprxy2k (4e4fdab4a7cf5af56e3fa1fe35e8ad3c) C:\Windows\system32\drivers\ctprxy2k.sys
22:04:11.0557 2140 ctprxy2k - ok
22:04:11.0588 2140 CTSBLFX (4a7de2e30b2b9253933a157401ec76d5) C:\Windows\system32\drivers\CTSBLFX.SYS
22:04:11.0604 2140 CTSBLFX - ok
22:04:11.0604 2140 CTSBLFX.SYS (4a7de2e30b2b9253933a157401ec76d5) C:\Windows\System32\drivers\CTSBLFX.SYS
22:04:11.0619 2140 CTSBLFX.SYS - ok
22:04:11.0635 2140 ctsfm2k (065ade032a044d518ab1407d3586b7d5) C:\Windows\system32\drivers\ctsfm2k.sys
22:04:11.0650 2140 ctsfm2k - ok
22:04:11.0697 2140 DAUpdaterSvc (80861969541971176e005d2c09dae851) C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
22:04:11.0697 2140 DAUpdaterSvc - ok
22:04:11.0744 2140 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
22:04:11.0775 2140 DcomLaunch - ok
22:04:11.0822 2140 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
22:04:11.0853 2140 defragsvc - ok
22:04:11.0869 2140 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
22:04:11.0916 2140 DfsC - ok
22:04:11.0947 2140 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
22:04:11.0994 2140 Dhcp - ok
22:04:11.0994 2140 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
22:04:12.0040 2140 discache - ok
22:04:12.0056 2140 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
22:04:12.0072 2140 Disk - ok
22:04:12.0103 2140 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
22:04:12.0118 2140 Dnscache - ok
22:04:12.0150 2140 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
22:04:12.0181 2140 dot3svc - ok
22:04:12.0196 2140 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
22:04:12.0228 2140 DPS - ok
22:04:12.0259 2140 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
22:04:12.0274 2140 drmkaud - ok
22:04:12.0337 2140 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
22:04:12.0352 2140 DXGKrnl - ok
22:04:12.0368 2140 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
22:04:12.0399 2140 EapHost - ok
22:04:12.0571 2140 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
22:04:12.0633 2140 ebdrv - ok
22:04:12.0711 2140 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
22:04:12.0742 2140 EFS - ok
22:04:12.0805 2140 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
22:04:12.0820 2140 ehRecvr - ok
22:04:12.0852 2140 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
22:04:12.0852 2140 ehSched - ok
22:04:12.0898 2140 ElbyCDIO (9a47ac3dfcf81d30922cdaaf1c2d579f) C:\Windows\system32\Drivers\ElbyCDIO.sys
22:04:12.0914 2140 ElbyCDIO - ok
22:04:12.0945 2140 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
22:04:12.0976 2140 elxstor - ok
22:04:12.0992 2140 emupia (f380ff5d6d80cecc6dbbc15569757613) C:\Windows\system32\drivers\emupia2k.sys
22:04:13.0008 2140 emupia - ok
22:04:13.0008 2140 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
22:04:13.0039 2140 ErrDev - ok
22:04:13.0070 2140 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
22:04:13.0101 2140 EventSystem - ok
22:04:13.0132 2140 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
22:04:13.0148 2140 exfat - ok
22:04:13.0179 2140 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
22:04:13.0210 2140 fastfat - ok
22:04:13.0273 2140 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
22:04:13.0320 2140 Fax - ok
22:04:13.0335 2140 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
22:04:13.0351 2140 fdc - ok
22:04:13.0366 2140 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
22:04:13.0382 2140 fdPHost - ok
22:04:13.0398 2140 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
22:04:13.0429 2140 FDResPub - ok
22:04:13.0460 2140 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
22:04:13.0460 2140 FileInfo - ok
22:04:13.0476 2140 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
22:04:13.0507 2140 Filetrace - ok
22:04:13.0522 2140 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
22:04:13.0538 2140 flpydisk - ok
22:04:13.0554 2140 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
22:04:13.0569 2140 FltMgr - ok
22:04:13.0632 2140 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll
22:04:13.0678 2140 FontCache - ok
22:04:13.0725 2140 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:04:13.0741 2140 FontCache3.0.0.0 - ok
22:04:13.0834 2140 ForceWare Intelligent Application Manager (IAM) (a9ff65ea14e4cabfcc1bb8ece111a249) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
22:04:13.0850 2140 ForceWare Intelligent Application Manager (IAM) - ok
22:04:13.0897 2140 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
22:04:13.0912 2140 FsDepends - ok
22:04:13.0928 2140 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys
22:04:13.0944 2140 Fs_Rec - ok
22:04:13.0975 2140 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
22:04:13.0990 2140 fvevol - ok
22:04:13.0990 2140 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
22:04:14.0006 2140 gagp30kx - ok
22:04:14.0068 2140 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
22:04:14.0100 2140 gpsvc - ok
22:04:14.0146 2140 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
22:04:14.0146 2140 gusvc - ok
22:04:14.0224 2140 ha10kx2k (82b68f585110ae8500a6d23623ae1f74) C:\Windows\system32\drivers\ha10kx2k.sys
22:04:14.0256 2140 ha10kx2k - ok
22:04:14.0318 2140 hap16v2k (83f647f9ace9192556f758e528024f68) C:\Windows\system32\drivers\hap16v2k.sys
22:04:14.0334 2140 hap16v2k - ok
22:04:14.0349 2140 hap17v2k (e815d29361de89d24c8dbe3e5a7006c9) C:\Windows\system32\drivers\hap17v2k.sys
22:04:14.0365 2140 hap17v2k - ok
22:04:14.0380 2140 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
22:04:14.0412 2140 hcw85cir - ok
22:04:14.0458 2140 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
22:04:14.0474 2140 HdAudAddService - ok
22:04:14.0505 2140 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
22:04:14.0521 2140 HDAudBus - ok
22:04:14.0521 2140 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
22:04:14.0536 2140 HidBatt - ok
22:04:14.0568 2140 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
22:04:14.0583 2140 HidBth - ok
22:04:14.0599 2140 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
22:04:14.0614 2140 HidIr - ok
22:04:14.0646 2140 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
22:04:14.0677 2140 hidserv - ok
22:04:14.0677 2140 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
22:04:14.0708 2140 HidUsb - ok
22:04:14.0724 2140 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
22:04:14.0755 2140 hkmsvc - ok
22:04:14.0770 2140 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
22:04:14.0802 2140 HomeGroupListener - ok
22:04:14.0817 2140 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
22:04:14.0848 2140 HomeGroupProvider - ok
22:04:14.0864 2140 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
22:04:14.0880 2140 HpSAMD - ok
22:04:14.0958 2140 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
22:04:14.0989 2140 HTTP - ok
22:04:15.0004 2140 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
22:04:15.0004 2140 hwpolicy - ok
22:04:15.0036 2140 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
22:04:15.0051 2140 i8042prt - ok
22:04:15.0082 2140 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
22:04:15.0098 2140 iaStorV - ok
22:04:15.0192 2140 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:04:15.0207 2140 idsvc - ok
22:04:15.0223 2140 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
22:04:15.0223 2140 iirsp - ok
22:04:15.0301 2140 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
22:04:15.0348 2140 IKEEXT - ok
22:04:15.0441 2140 IntcAzAudAddService (d42d651676883181400e22957a7e0b1e) C:\Windows\system32\drivers\RTKVHD64.sys
22:04:15.0457 2140 IntcAzAudAddService - ok
22:04:15.0519 2140 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
22:04:15.0535 2140 intelide - ok
22:04:15.0550 2140 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
22:04:15.0566 2140 intelppm - ok
22:04:15.0582 2140 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
22:04:15.0613 2140 IPBusEnum - ok
22:04:15.0628 2140 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:04:15.0660 2140 IpFilterDriver - ok
22:04:15.0722 2140 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
22:04:15.0753 2140 iphlpsvc - ok
22:04:15.0769 2140 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
22:04:15.0784 2140 IPMIDRV - ok
22:04:15.0800 2140 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
22:04:15.0831 2140 IPNAT - ok
22:04:15.0862 2140 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
22:04:15.0862 2140 IRENUM - ok
22:04:15.0878 2140 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
22:04:15.0894 2140 isapnp - ok
22:04:15.0925 2140 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
22:04:15.0940 2140 iScsiPrt - ok
22:04:15.0956 2140 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
22:04:15.0956 2140 kbdclass - ok
22:04:15.0987 2140 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
22:04:16.0003 2140 kbdhid - ok
22:04:16.0034 2140 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
22:04:16.0050 2140 KeyIso - ok
22:04:16.0081 2140 KSecDD (4f4b5fde429416877de7143044582eb5) C:\Windows\system32\Drivers\ksecdd.sys
22:04:16.0081 2140 KSecDD - ok
22:04:16.0096 2140 KSecPkg (6f40465a44ecdc1731befafec5bdd03c) C:\Windows\system32\Drivers\ksecpkg.sys
22:04:16.0112 2140 KSecPkg - ok
22:04:16.0128 2140 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
22:04:16.0159 2140 ksthunk - ok
22:04:16.0174 2140 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
22:04:16.0221 2140 KtmRm - ok
22:04:16.0252 2140 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll
22:04:16.0268 2140 LanmanServer - ok
22:04:16.0299 2140 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
22:04:16.0346 2140 LanmanWorkstation - ok
22:04:16.0377 2140 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
22:04:16.0393 2140 lltdio - ok
22:04:16.0424 2140 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
22:04:16.0455 2140 lltdsvc - ok
22:04:16.0455 2140 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
22:04:16.0486 2140 lmhosts - ok
22:04:16.0518 2140 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
22:04:16.0518 2140 LSI_FC - ok
22:04:16.0533 2140 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
22:04:16.0533 2140 LSI_SAS - ok
22:04:16.0549 2140 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:04:16.0549 2140 LSI_SAS2 - ok
22:04:16.0564 2140 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:04:16.0580 2140 LSI_SCSI - ok
22:04:16.0596 2140 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
22:04:16.0627 2140 luafv - ok
22:04:16.0642 2140 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys
22:04:16.0642 2140 MBAMProtector - ok
22:04:16.0705 2140 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
22:04:16.0720 2140 MBAMService - ok
22:04:16.0752 2140 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
22:04:16.0767 2140 McComponentHostService - ok
22:04:16.0783 2140 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
22:04:16.0814 2140 Mcx2Svc - ok
22:04:16.0830 2140 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
22:04:16.0830 2140 megasas - ok
22:04:16.0861 2140 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
22:04:16.0861 2140 MegaSR - ok
22:04:16.0892 2140 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
22:04:16.0923 2140 MMCSS - ok
22:04:16.0939 2140 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
22:04:16.0954 2140 Modem - ok
22:04:16.0986 2140 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
22:04:17.0001 2140 monitor - ok
22:04:17.0017 2140 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
22:04:17.0032 2140 mouclass - ok
22:04:17.0048 2140 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
22:04:17.0064 2140 mouhid - ok
22:04:17.0079 2140 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
22:04:17.0095 2140 mountmgr - ok
22:04:17.0142 2140 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
22:04:17.0142 2140 MozillaMaintenance - ok
22:04:17.0157 2140 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
22:04:17.0173 2140 mpio - ok
22:04:17.0188 2140 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
22:04:17.0204 2140 mpsdrv - ok
22:04:17.0266 2140 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
22:04:17.0313 2140 MpsSvc - ok
22:04:17.0329 2140 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
22:04:17.0344 2140 MRxDAV - ok
22:04:17.0376 2140 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
22:04:17.0391 2140 mrxsmb - ok
22:04:17.0422 2140 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:04:17.0438 2140 mrxsmb10 - ok
22:04:17.0454 2140 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:04:17.0485 2140 mrxsmb20 - ok
22:04:17.0500 2140 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
22:04:17.0516 2140 msahci - ok
22:04:17.0532 2140 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
22:04:17.0532 2140 msdsm - ok
22:04:17.0547 2140 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
22:04:17.0578 2140 MSDTC - ok
22:04:17.0594 2140 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
22:04:17.0625 2140 Msfs - ok
22:04:17.0625 2140 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
22:04:17.0672 2140 mshidkmdf - ok
22:04:17.0688 2140 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
22:04:17.0688 2140 msisadrv - ok
22:04:17.0719 2140 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
22:04:17.0734 2140 MSiSCSI - ok
22:04:17.0734 2140 msiserver - ok
22:04:17.0750 2140 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
22:04:17.0781 2140 MSKSSRV - ok
22:04:17.0797 2140 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
22:04:17.0828 2140 MSPCLOCK - ok
22:04:17.0828 2140 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
22:04:17.0859 2140 MSPQM - ok
22:04:17.0890 2140 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
22:04:17.0906 2140 MsRPC - ok
22:04:17.0922 2140 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
22:04:17.0922 2140 mssmbios - ok
22:04:17.0937 2140 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
22:04:17.0984 2140 MSTEE - ok
22:04:17.0984 2140 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
22:04:18.0000 2140 MTConfig - ok
22:04:18.0031 2140 MTsensor (03b7145c889603537e9ffeabb1ad1089) C:\Windows\system32\DRIVERS\ASACPI.sys
22:04:18.0062 2140 MTsensor - ok
22:04:18.0078 2140 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
22:04:18.0093 2140 Mup - ok
22:04:18.0124 2140 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
22:04:18.0171 2140 napagent - ok
22:04:18.0202 2140 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
22:04:18.0234 2140 NativeWifiP - ok
22:04:18.0280 2140 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
22:04:18.0312 2140 NDIS - ok
22:04:18.0327 2140 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
22:04:18.0358 2140 NdisCap - ok
22:04:18.0358 2140 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
22:04:18.0390 2140 NdisTapi - ok
22:04:18.0405 2140 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
22:04:18.0421 2140 Ndisuio - ok
22:04:18.0436 2140 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
22:04:18.0468 2140 NdisWan - ok
22:04:18.0468 2140 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
22:04:18.0499 2140 NDProxy - ok
22:04:18.0514 2140 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
22:04:18.0561 2140 NetBIOS - ok
22:04:18.0577 2140 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
22:04:18.0624 2140 NetBT - ok
22:04:18.0639 2140 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
22:04:18.0655 2140 Netlogon - ok
22:04:18.0686 2140 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
22:04:18.0717 2140 Netman - ok
22:04:18.0748 2140 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
22:04:18.0795 2140 netprofm - ok
22:04:18.0842 2140 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:04:18.0842 2140 NetTcpPortSharing - ok
22:04:18.0858 2140 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
22:04:18.0858 2140 nfrd960 - ok
22:04:18.0889 2140 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
22:04:18.0920 2140 NlaSvc - ok
22:04:18.0936 2140 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
22:04:18.0967 2140 Npfs - ok
22:04:18.0967 2140 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
22:04:18.0998 2140 nsi - ok
22:04:19.0014 2140 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
22:04:19.0029 2140 nsiproxy - ok
22:04:19.0092 2140 nSvcIp (c04f5def37e55f6a34428b050f44d3d6) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
22:04:19.0107 2140 nSvcIp - ok
22:04:19.0185 2140 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
22:04:19.0232 2140 Ntfs - ok
22:04:19.0310 2140 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
22:04:19.0341 2140 Null - ok
22:04:19.0388 2140 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
22:04:19.0419 2140 NVENETFD - ok
22:04:19.0981 2140 nvlddmkm (bbe872a814b00798c2d568d46c42a71b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:04:20.0121 2140 nvlddmkm - ok
22:04:20.0199 2140 NVNET (956a1f47826514c1ea0c295fe13c7377) C:\Windows\system32\DRIVERS\nvmf6264.sys
22:04:20.0215 2140 NVNET - ok
22:04:20.0230 2140 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
22:04:20.0246 2140 nvraid - ok
22:04:20.0262 2140 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
22:04:20.0277 2140 nvstor - ok
22:04:20.0293 2140 nvstor64 (7c7eef51979658ce15bbc04f96a77d56) C:\Windows\system32\DRIVERS\nvstor64.sys
22:04:20.0293 2140 nvstor64 - ok
22:04:20.0371 2140 NVSvc (0393e59488c67f704336f3ff06e2b7bd) C:\Windows\system32\nvvsvc.exe
22:04:20.0386 2140 NVSvc - ok
22:04:20.0402 2140 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
22:04:20.0418 2140 nv_agp - ok
22:04:20.0418 2140 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
22:04:20.0449 2140 ohci1394 - ok
22:04:20.0464 2140 ossrv (85ea378116e2c4385993ba5124536ffc) C:\Windows\system32\drivers\ctoss2k.sys
22:04:20.0464 2140 ossrv - ok
22:04:20.0511 2140 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
22:04:20.0527 2140 p2pimsvc - ok
22:04:20.0558 2140 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
22:04:20.0574 2140 p2psvc - ok
22:04:20.0589 2140 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
22:04:20.0605 2140 Parport - ok
22:04:20.0636 2140 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys
22:04:20.0636 2140 partmgr - ok
22:04:20.0652 2140 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
22:04:20.0683 2140 PcaSvc - ok
22:04:20.0683 2140 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
22:04:20.0698 2140 pci - ok
22:04:20.0714 2140 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
22:04:20.0714 2140 pciide - ok
22:04:20.0745 2140 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
22:04:20.0745 2140 pcmcia - ok
22:04:20.0761 2140 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
22:04:20.0776 2140 pcw - ok
22:04:20.0808 2140 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
22:04:20.0854 2140 PEAUTH - ok
22:04:20.0917 2140 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
22:04:20.0932 2140 PerfHost - ok
22:04:21.0010 2140 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
22:04:21.0057 2140 pla - ok
22:04:21.0088 2140 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
22:04:21.0120 2140 PlugPlay - ok
22:04:21.0135 2140 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
22:04:21.0151 2140 PNRPAutoReg - ok
22:04:21.0166 2140 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
22:04:21.0182 2140 PNRPsvc - ok
22:04:21.0229 2140 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
22:04:21.0260 2140 PolicyAgent - ok
22:04:21.0291 2140 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
22:04:21.0322 2140 Power - ok
22:04:21.0369 2140 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
22:04:21.0400 2140 PptpMiniport - ok
22:04:21.0416 2140 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
22:04:21.0432 2140 Processor - ok
22:04:21.0463 2140 ProfSvc (97293447431311c06703368ad0f6c4be) C:\Windows\system32\profsvc.dll
22:04:21.0494 2140 ProfSvc - ok
22:04:21.0525 2140 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
22:04:21.0541 2140 ProtectedStorage - ok
22:04:21.0556 2140 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
22:04:21.0572 2140 Psched - ok
22:04:21.0650 2140 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
22:04:21.0681 2140 ql2300 - ok
22:04:21.0759 2140 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
22:04:21.0759 2140 ql40xx - ok
22:04:21.0790 2140 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
22:04:21.0806 2140 QWAVE - ok
22:04:21.0822 2140 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
22:04:21.0837 2140 QWAVEdrv - ok
22:04:21.0853 2140 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
22:04:21.0868 2140 RasAcd - ok
22:04:21.0900 2140 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
22:04:21.0946 2140 RasAgileVpn - ok
22:04:21.0962 2140 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
22:04:22.0009 2140 RasAuto - ok
22:04:22.0024 2140 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
22:04:22.0056 2140 Rasl2tp - ok
22:04:22.0087 2140 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
22:04:22.0118 2140 RasMan - ok
22:04:22.0134 2140 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
22:04:22.0165 2140 RasPppoe - ok
22:04:22.0180 2140 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
22:04:22.0212 2140 RasSstp - ok
22:04:22.0243 2140 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
22:04:22.0274 2140 rdbss - ok
22:04:22.0290 2140 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
22:04:22.0305 2140 rdpbus - ok
22:04:22.0321 2140 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
22:04:22.0336 2140 RDPCDD - ok
22:04:22.0352 2140 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
22:04:22.0383 2140 RDPENCDD - ok
22:04:22.0399 2140 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
22:04:22.0430 2140 RDPREFMP - ok
22:04:22.0446 2140 RDPWD (447de7e3dea39d422c1504f245b668b1) C:\Windows\system32\drivers\RDPWD.sys
22:04:22.0477 2140 RDPWD - ok
22:04:22.0492 2140 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
22:04:22.0508 2140 rdyboost - ok
22:04:22.0539 2140 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
22:04:22.0570 2140 RemoteAccess - ok
22:04:22.0602 2140 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
22:04:22.0633 2140 RemoteRegistry - ok
22:04:22.0648 2140 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
22:04:22.0680 2140 RpcEptMapper - ok
22:04:22.0695 2140 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
22:04:22.0711 2140 RpcLocator - ok
22:04:22.0742 2140 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
22:04:22.0773 2140 RpcSs - ok
22:04:22.0789 2140 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
22:04:22.0820 2140 rspndr - ok
22:04:22.0851 2140 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
22:04:22.0867 2140 SamSs - ok
22:04:22.0867 2140 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
22:04:22.0882 2140 sbp2port - ok
22:04:22.0898 2140 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
22:04:22.0945 2140 SCardSvr - ok
22:04:22.0960 2140 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
22:04:22.0992 2140 scfilter - ok
22:04:23.0070 2140 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
22:04:23.0101 2140 Schedule - ok
22:04:23.0116 2140 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
22:04:23.0148 2140 SCPolicySvc - ok
22:04:23.0163 2140 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
22:04:23.0194 2140 SDRSVC - ok
22:04:23.0226 2140 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
22:04:23.0257 2140 secdrv - ok
22:04:23.0272 2140 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
22:04:23.0304 2140 seclogon - ok
22:04:23.0319 2140 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
22:04:23.0350 2140 SENS - ok
22:04:23.0366 2140 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
22:04:23.0382 2140 SensrSvc - ok
22:04:23.0397 2140 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
22:04:23.0413 2140 Serenum - ok
22:04:23.0444 2140 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
22:04:23.0460 2140 Serial - ok
22:04:23.0475 2140 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
22:04:23.0475 2140 sermouse - ok
22:04:23.0491 2140 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
22:04:23.0522 2140 SessionEnv - ok
22:04:23.0538 2140 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
22:04:23.0553 2140 sffdisk - ok
22:04:23.0553 2140 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
22:04:23.0569 2140 sffp_mmc - ok
22:04:23.0584 2140 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
22:04:23.0584 2140 sffp_sd - ok
22:04:23.0600 2140 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
22:04:23.0616 2140 sfloppy - ok
22:04:23.0662 2140 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
22:04:23.0709 2140 SharedAccess - ok
22:04:23.0740 2140 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
22:04:23.0772 2140 ShellHWDetection - ok
22:04:23.0787 2140 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:04:23.0787 2140 SiSRaid2 - ok
22:04:23.0803 2140 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
22:04:23.0818 2140 SiSRaid4 - ok
22:04:23.0834 2140 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
22:04:23.0850 2140 Smb - ok
22:04:23.0881 2140 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
22:04:23.0896 2140 SNMPTRAP - ok
22:04:23.0912 2140 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
22:04:23.0928 2140 spldr - ok
22:04:23.0959 2140 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
22:04:24.0006 2140 Spooler - ok
22:04:24.0162 2140 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
22:04:24.0224 2140 sppsvc - ok
22:04:24.0286 2140 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
22:04:24.0333 2140 sppuinotify - ok
22:04:24.0380 2140 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
22:04:24.0411 2140 srv - ok
22:04:24.0442 2140 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
22:04:24.0458 2140 srv2 - ok
22:04:24.0458 2140 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
22:04:24.0489 2140 srvnet - ok
22:04:24.0520 2140 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
22:04:24.0552 2140 SSDPSRV - ok
22:04:24.0567 2140 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
22:04:24.0598 2140 SstpSvc - ok
22:04:24.0645 2140 Stereo Service (8d01686ae82b466f4cd074f31f2942ca) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
22:04:24.0661 2140 Stereo Service - ok
22:04:24.0661 2140 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
22:04:24.0676 2140 stexstor - ok
22:04:24.0723 2140 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
22:04:24.0754 2140 stisvc - ok
22:04:24.0754 2140 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
22:04:24.0770 2140 swenum - ok
22:04:24.0801 2140 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
22:04:24.0848 2140 swprv - ok
22:04:24.0926 2140 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
22:04:24.0973 2140 SysMain - ok
22:04:25.0035 2140 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
22:04:25.0051 2140 TabletInputService - ok
22:04:25.0066 2140 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
22:04:25.0098 2140 TapiSrv - ok
22:04:25.0113 2140 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
22:04:25.0144 2140 TBS - ok
22:04:25.0269 2140 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys
22:04:25.0300 2140 Tcpip - ok
22:04:25.0410 2140 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys
22:04:25.0441 2140 TCPIP6 - ok
22:04:25.0488 2140 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
22:04:25.0503 2140 tcpipreg - ok
22:04:25.0534 2140 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
22:04:25.0534 2140 TDPIPE - ok
22:04:25.0550 2140 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
22:04:25.0581 2140 TDTCP - ok
22:04:25.0581 2140 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
22:04:25.0628 2140 tdx - ok
22:04:25.0628 2140 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
22:04:25.0644 2140 TermDD - ok
22:04:25.0690 2140 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
22:04:25.0737 2140 TermService - ok
22:04:25.0753 2140 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
22:04:25.0784 2140 Themes - ok
22:04:25.0800 2140 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
22:04:25.0831 2140 THREADORDER - ok
22:04:25.0846 2140 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
22:04:25.0862 2140 TrkWks - ok
22:04:25.0893 2140 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
22:04:25.0909 2140 TrustedInstaller - ok
22:04:25.0909 2140 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
22:04:25.0956 2140 tssecsrv - ok
22:04:25.0987 2140 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
22:04:26.0018 2140 tunnel - ok
22:04:26.0034 2140 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
22:04:26.0049 2140 uagp35 - ok
22:04:26.0080 2140 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
22:04:26.0112 2140 udfs - ok
22:04:26.0127 2140 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
22:04:26.0143 2140 UI0Detect - ok
22:04:26.0158 2140 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
22:04:26.0158 2140 uliagpkx - ok
22:04:26.0190 2140 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
22:04:26.0205 2140 umbus - ok
22:04:26.0205 2140 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
22:04:26.0221 2140 UmPass - ok
22:04:26.0236 2140 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
22:04:26.0283 2140 upnphost - ok
22:04:26.0314 2140 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\drivers\usbccgp.sys
22:04:26.0346 2140 usbccgp - ok
22:04:26.0361 2140 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
22:04:26.0377 2140 usbcir - ok
22:04:26.0392 2140 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
22:04:26.0408 2140 usbehci - ok
22:04:26.0439 2140 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
22:04:26.0439 2140 usbhub - ok
22:04:26.0470 2140 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\DRIVERS\usbohci.sys
22:04:26.0486 2140 usbohci - ok
22:04:26.0486 2140 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
22:04:26.0502 2140 usbprint - ok
22:04:26.0517 2140 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:04:26.0548 2140 USBSTOR - ok
22:04:26.0564 2140 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys
22:04:26.0580 2140 usbuhci - ok
22:04:26.0580 2140 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
22:04:26.0611 2140 UxSms - ok
22:04:26.0642 2140 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
22:04:26.0658 2140 VaultSvc - ok
22:04:26.0689 2140 VClone (84bb306b7863883018d7f3eb0c453bd5) C:\Windows\system32\DRIVERS\VClone.sys
22:04:26.0704 2140 VClone - ok
22:04:26.0704 2140 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
22:04:26.0720 2140 vdrvroot - ok
22:04:26.0767 2140 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
22:04:26.0798 2140 vds - ok
22:04:26.0814 2140 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
22:04:26.0829 2140 vga - ok
22:04:26.0829 2140 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
22:04:26.0860 2140 VgaSave - ok
22:04:26.0876 2140 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
22:04:26.0892 2140 vhdmp - ok
22:04:26.0907 2140 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
22:04:26.0907 2140 viaide - ok
22:04:26.0923 2140 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
22:04:26.0938 2140 volmgr - ok
22:04:26.0954 2140 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
22:04:26.0970 2140 volmgrx - ok
22:04:27.0001 2140 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
22:04:27.0016 2140 volsnap - ok
22:04:27.0032 2140 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
22:04:27.0048 2140 vsmraid - ok
22:04:27.0110 2140 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
22:04:27.0157 2140 VSS - ok
22:04:27.0250 2140 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
22:04:27.0266 2140 vwifibus - ok
22:04:27.0297 2140 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
22:04:27.0328 2140 W32Time - ok
22:04:27.0328 2140 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
22:04:27.0344 2140 WacomPen - ok
22:04:27.0360 2140 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
22:04:27.0391 2140 WANARP - ok
22:04:27.0391 2140 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
22:04:27.0422 2140 Wanarpv6 - ok
22:04:27.0500 2140 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
22:04:27.0531 2140 WatAdminSvc - ok
22:04:27.0609 2140 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
22:04:27.0656 2140 wbengine - ok
22:04:27.0703 2140 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
22:04:27.0718 2140 WbioSrvc - ok
22:04:27.0750 2140 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
22:04:27.0781 2140 wcncsvc - ok
22:04:27.0781 2140 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
22:04:27.0796 2140 WcsPlugInService - ok
22:04:27.0828 2140 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
22:04:27.0843 2140 Wd - ok
22:04:27.0874 2140 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
22:04:27.0906 2140 Wdf01000 - ok
22:04:27.0937 2140 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
22:04:27.0952 2140 WdiServiceHost - ok
22:04:27.0952 2140 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
22:04:27.0968 2140 WdiSystemHost - ok
22:04:27.0999 2140 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
22:04:28.0015 2140 WebClient - ok
22:04:28.0046 2140 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
22:04:28.0077 2140 Wecsvc - ok
22:04:28.0077 2140 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
22:04:28.0124 2140 wercplsupport - ok
22:04:28.0140 2140 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
22:04:28.0171 2140 WerSvc - ok
22:04:28.0186 2140 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
22:04:28.0202 2140 WfpLwf - ok
22:04:28.0218 2140 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
22:04:28.0218 2140 WIMMount - ok
22:04:28.0233 2140 WinDefend - ok
22:04:28.0233 2140 WinHttpAutoProxySvc - ok
22:04:28.0296 2140 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
22:04:28.0311 2140 Winmgmt - ok
22:04:28.0420 2140 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
22:04:28.0483 2140 WinRM - ok
22:04:28.0592 2140 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
22:04:28.0639 2140 Wlansvc - ok
22:04:28.0654 2140 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
22:04:28.0654 2140 WmiAcpi - ok
22:04:28.0686 2140 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
22:04:28.0701 2140 wmiApSrv - ok
22:04:28.0717 2140 WMPNetworkSvc - ok
22:04:28.0732 2140 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
22:04:28.0748 2140 WPCSvc - ok
22:04:28.0748 2140 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
22:04:28.0764 2140 WPDBusEnum - ok
22:04:28.0779 2140 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
22:04:28.0810 2140 ws2ifsl - ok
22:04:28.0826 2140 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\system32\wscsvc.dll
22:04:28.0873 2140 wscsvc - ok
22:04:28.0873 2140 WSearch - ok
22:04:29.0013 2140 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
22:04:29.0060 2140 wuauserv - ok
22:04:29.0138 2140 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
22:04:29.0154 2140 WudfPf - ok
22:04:29.0185 2140 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
22:04:29.0216 2140 WUDFRd - ok
22:04:29.0232 2140 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
22:04:29.0263 2140 wudfsvc - ok
22:04:29.0278 2140 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
22:04:29.0294 2140 WwanSvc - ok
22:04:29.0325 2140 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
22:04:29.0528 2140 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
22:04:29.0528 2140 \Device\Harddisk0\DR0 - detected TDSS File System (1)
22:04:29.0528 2140 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk1\DR1
22:04:31.0338 2140 \Device\Harddisk1\DR1 - ok
22:04:31.0338 2140 Boot (0x1200) (e528edaff4cf373d91acd231b0efee17) \Device\Harddisk0\DR0\Partition0
22:04:31.0338 2140 \Device\Harddisk0\DR0\Partition0 - ok
22:04:31.0338 2140 Boot (0x1200) (a07ea1c78792c2271933de3d95aa78e1) \Device\Harddisk0\DR0\Partition1
22:04:31.0338 2140 \Device\Harddisk0\DR0\Partition1 - ok
22:04:31.0353 2140 Boot (0x1200) (15f9c330526e34cbeabcddef13a60174) \Device\Harddisk1\DR1\Partition0
22:04:31.0353 2140 \Device\Harddisk1\DR1\Partition0 - ok
22:04:31.0353 2140 ============================================================
22:04:31.0353 2140 Scan finished
22:04:31.0353 2140 ============================================================
22:04:31.0353 1404 Detected object count: 3
22:04:31.0353 1404 Actual detected object count: 3
22:05:00.0073 1404 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
22:05:00.0073 1404 Creative Audio Engine Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:05:00.0073 1404 CTAudSvcService ( UnsignedFile.Multi.Generic ) - skipped by user
22:05:00.0073 1404 CTAudSvcService ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:05:00.0120 1404 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
22:05:00.0120 1404 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
22:05:00.0120 1404 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
22:05:00.0135 1404 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
22:05:00.0135 1404 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
22:05:00.0151 1404 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
22:05:00.0151 1404 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
22:05:00.0151 1404 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
22:05:00.0151 1404 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
22:05:00.0151 1404 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
22:05:00.0151 1404 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
22:05:00.0151 1404 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
22:05:00.0151 1404 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
22:05:00.0151 1404 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
22:05:00.0166 1404 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
22:05:00.0166 1404 \Device\Harddisk0\DR0\TDLFS - deleted
22:05:00.0166 1404 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Delete
-
And my java updater notification keeps telling me it wants to update, but I'm suspicious of it as well... Is it okay to allow it to do so?
-
21:47:32.0416 0268 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
21:47:32.0900 0268 ============================================================
21:47:32.0900 0268 Current date / time: 2012/08/10 21:47:32.0900
21:47:32.0900 0268 SystemInfo:
21:47:32.0900 0268
21:47:32.0900 0268 OS Version: 6.1.7600 ServicePack: 0.0
21:47:32.0900 0268 Product type: Workstation
21:47:32.0900 0268 ComputerName: BERNICE-PC
21:47:32.0900 0268 UserName: Bernice
21:47:32.0900 0268 Windows directory: C:\Windows
21:47:32.0900 0268 System windows directory: C:\Windows
21:47:32.0900 0268 Running under WOW64
21:47:32.0900 0268 Processor architecture: Intel x64
21:47:32.0900 0268 Number of processors: 2
21:47:32.0900 0268 Page size: 0x1000
21:47:32.0900 0268 Boot type: Normal boot
21:47:32.0900 0268 ============================================================
21:47:33.0571 0268 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x14301, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
21:47:33.0571 0268 Drive \Device\Harddisk1\DR1 - Size: 0x7B60000 (0.12 Gb), SectorSize: 0x200, Cylinders: 0xF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
21:47:33.0571 0268 ============================================================
21:47:33.0571 0268 \Device\Harddisk0\DR0:
21:47:33.0571 0268 MBR partitions:
21:47:33.0571 0268 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
21:47:33.0571 0268 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x4A825000
21:47:33.0571 0268 \Device\Harddisk1\DR1:
21:47:33.0571 0268 MBR partitions:
21:47:33.0571 0268 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x3DAE0
21:47:33.0571 0268 ============================================================
21:47:33.0586 0268 C: <-> \Device\Harddisk0\DR0\Partition1
21:47:33.0586 0268 ============================================================
21:47:33.0586 0268 Initialize success
21:47:33.0586 0268 ============================================================
21:47:55.0598 3348 ============================================================
21:47:55.0598 3348 Scan started
21:47:55.0598 3348 Mode: Manual; TDLFS;
21:47:55.0598 3348 ============================================================
21:47:56.0113 3348 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
21:47:56.0113 3348 1394ohci - ok
21:47:56.0144 3348 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
21:47:56.0144 3348 ACPI - ok
21:47:56.0159 3348 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
21:47:56.0159 3348 AcpiPmi - ok
21:47:56.0222 3348 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
21:47:56.0222 3348 AdobeARMservice - ok
21:47:56.0331 3348 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
21:47:56.0331 3348 AdobeFlashPlayerUpdateSvc - ok
21:47:56.0378 3348 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
21:47:56.0378 3348 adp94xx - ok
21:47:56.0409 3348 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
21:47:56.0409 3348 adpahci - ok
21:47:56.0425 3348 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
21:47:56.0425 3348 adpu320 - ok
21:47:56.0456 3348 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
21:47:56.0456 3348 AeLookupSvc - ok
21:47:56.0503 3348 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
21:47:56.0518 3348 AFD - ok
21:47:56.0534 3348 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
21:47:56.0534 3348 agp440 - ok
21:47:56.0534 3348 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
21:47:56.0549 3348 ALG - ok
21:47:56.0549 3348 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
21:47:56.0549 3348 aliide - ok
21:47:56.0565 3348 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
21:47:56.0565 3348 amdide - ok
21:47:56.0581 3348 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
21:47:56.0581 3348 AmdK8 - ok
21:47:56.0581 3348 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
21:47:56.0581 3348 AmdPPM - ok
21:47:56.0596 3348 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
21:47:56.0596 3348 amdsata - ok
21:47:56.0627 3348 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
21:47:56.0627 3348 amdsbs - ok
21:47:56.0643 3348 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
21:47:56.0643 3348 amdxata - ok
21:47:56.0659 3348 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
21:47:56.0659 3348 AppID - ok
21:47:56.0705 3348 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
21:47:56.0705 3348 AppIDSvc - ok
21:47:56.0783 3348 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
21:47:56.0783 3348 Appinfo - ok
21:47:56.0799 3348 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
21:47:56.0799 3348 arc - ok
21:47:56.0815 3348 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
21:47:56.0815 3348 arcsas - ok
21:47:56.0830 3348 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:47:56.0830 3348 AsyncMac - ok
21:47:56.0893 3348 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
21:47:56.0893 3348 atapi - ok
21:47:56.0939 3348 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
21:47:56.0939 3348 AudioEndpointBuilder - ok
21:47:56.0939 3348 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
21:47:56.0955 3348 AudioSrv - ok
21:47:56.0986 3348 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
21:47:56.0986 3348 AxInstSV - ok
21:47:57.0017 3348 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
21:47:57.0017 3348 b06bdrv - ok
21:47:57.0033 3348 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:47:57.0033 3348 b57nd60a - ok
21:47:57.0064 3348 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
21:47:57.0064 3348 BDESVC - ok
21:47:57.0080 3348 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:47:57.0080 3348 Beep - ok
21:47:57.0127 3348 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
21:47:57.0127 3348 BFE - ok
21:47:57.0142 3348 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
21:47:57.0142 3348 blbdrive - ok
21:47:57.0173 3348 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
21:47:57.0173 3348 bowser - ok
21:47:57.0173 3348 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:47:57.0173 3348 BrFiltLo - ok
21:47:57.0189 3348 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:47:57.0189 3348 BrFiltUp - ok
21:47:57.0205 3348 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
21:47:57.0205 3348 BridgeMP - ok
21:47:57.0236 3348 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
21:47:57.0236 3348 Browser - ok
21:47:57.0251 3348 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:47:57.0251 3348 Brserid - ok
21:47:57.0267 3348 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:47:57.0267 3348 BrSerWdm - ok
21:47:57.0267 3348 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:47:57.0267 3348 BrUsbMdm - ok
21:47:57.0267 3348 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:47:57.0267 3348 BrUsbSer - ok
21:47:57.0298 3348 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
21:47:57.0298 3348 BTHMODEM - ok
21:47:57.0314 3348 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
21:47:57.0314 3348 bthserv - ok
21:47:57.0314 3348 catchme - ok
21:47:57.0345 3348 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:47:57.0345 3348 cdfs - ok
21:47:57.0376 3348 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
21:47:57.0376 3348 cdrom - ok
21:47:57.0407 3348 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
21:47:57.0407 3348 CertPropSvc - ok
21:47:57.0407 3348 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
21:47:57.0407 3348 circlass - ok
21:47:57.0439 3348 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:47:57.0439 3348 CLFS - ok
21:47:57.0485 3348 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:47:57.0485 3348 clr_optimization_v2.0.50727_32 - ok
21:47:57.0532 3348 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
21:47:57.0548 3348 clr_optimization_v2.0.50727_64 - ok
21:47:57.0595 3348 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:47:57.0595 3348 clr_optimization_v4.0.30319_32 - ok
21:47:57.0626 3348 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
21:47:57.0626 3348 clr_optimization_v4.0.30319_64 - ok
21:47:57.0641 3348 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
21:47:57.0641 3348 CmBatt - ok
21:47:57.0657 3348 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
21:47:57.0657 3348 cmdide - ok
21:47:57.0688 3348 CNG (ca7720b73446fddec5c69519c1174c98) C:\Windows\system32\Drivers\cng.sys
21:47:57.0688 3348 CNG - ok
21:47:57.0719 3348 COMMONFX (f38acff40e9edc2b3476edd724cea4a0) C:\Windows\system32\drivers\COMMONFX.SYS
21:47:57.0719 3348 COMMONFX - ok
21:47:57.0719 3348 COMMONFX.SYS (f38acff40e9edc2b3476edd724cea4a0) C:\Windows\System32\drivers\COMMONFX.SYS
21:47:57.0719 3348 COMMONFX.SYS - ok
21:47:57.0719 3348 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
21:47:57.0735 3348 Compbatt - ok
21:47:57.0751 3348 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
21:47:57.0751 3348 CompositeBus - ok
21:47:57.0751 3348 COMSysApp - ok
21:47:57.0782 3348 cpuz135 (262969a3fab32b9e17e63e2d17a57744) C:\Windows\system32\drivers\cpuz135_x64.sys
21:47:57.0782 3348 cpuz135 - ok
21:47:57.0797 3348 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
21:47:57.0797 3348 crcdisk - ok
21:47:57.0829 3348 Creative Audio Engine Licensing Service (c0ead9f8ab83d41ff07303c75589c2b8) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
21:47:57.0829 3348 Creative Audio Engine Licensing Service - ok
21:47:57.0860 3348 CryptSvc (f02786b66375292e58c8777082d4396d) C:\Windows\system32\cryptsvc.dll
21:47:57.0860 3348 CryptSvc - ok
21:47:57.0907 3348 ctac32k (095c566746217cd1482ede40a70d87d2) C:\Windows\system32\drivers\ctac32k.sys
21:47:57.0907 3348 ctac32k - ok
21:47:57.0953 3348 ctaud2k (157e2196fccd002a2edf3b06df7b0c9a) C:\Windows\system32\drivers\ctaud2k.sys
21:47:57.0953 3348 ctaud2k - ok
21:47:58.0047 3348 CTAUDFX (17979ee857e930cbfdf24a12e89d77a1) C:\Windows\system32\drivers\CTAUDFX.SYS
21:47:58.0047 3348 CTAUDFX - ok
21:47:58.0047 3348 CTAUDFX.SYS (17979ee857e930cbfdf24a12e89d77a1) C:\Windows\System32\drivers\CTAUDFX.SYS
21:47:58.0063 3348 CTAUDFX.SYS - ok
21:47:58.0109 3348 CTAudSvcService (5ce3d0e1d1b3832ee052cfc442eee0fa) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
21:47:58.0109 3348 CTAudSvcService - ok
21:47:58.0125 3348 CTERFXFX (fe3eae37536c02d087e5c5d339663779) C:\Windows\system32\drivers\CTERFXFX.SYS
21:47:58.0125 3348 CTERFXFX - ok
21:47:58.0125 3348 CTERFXFX.SYS (fe3eae37536c02d087e5c5d339663779) C:\Windows\System32\drivers\CTERFXFX.SYS
21:47:58.0125 3348 CTERFXFX.SYS - ok
21:47:58.0141 3348 ctprxy2k (4e4fdab4a7cf5af56e3fa1fe35e8ad3c) C:\Windows\system32\drivers\ctprxy2k.sys
21:47:58.0141 3348 ctprxy2k - ok
21:47:58.0172 3348 CTSBLFX (4a7de2e30b2b9253933a157401ec76d5) C:\Windows\system32\drivers\CTSBLFX.SYS
21:47:58.0172 3348 CTSBLFX - ok
21:47:58.0172 3348 CTSBLFX.SYS (4a7de2e30b2b9253933a157401ec76d5) C:\Windows\System32\drivers\CTSBLFX.SYS
21:47:58.0187 3348 CTSBLFX.SYS - ok
21:47:58.0203 3348 ctsfm2k (065ade032a044d518ab1407d3586b7d5) C:\Windows\system32\drivers\ctsfm2k.sys
21:47:58.0203 3348 ctsfm2k - ok
21:47:58.0250 3348 DAUpdaterSvc (80861969541971176e005d2c09dae851) C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
21:47:58.0250 3348 DAUpdaterSvc - ok
21:47:58.0297 3348 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
21:47:58.0297 3348 DcomLaunch - ok
21:47:58.0328 3348 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
21:47:58.0328 3348 defragsvc - ok
21:47:58.0359 3348 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
21:47:58.0359 3348 DfsC - ok
21:47:58.0390 3348 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
21:47:58.0390 3348 Dhcp - ok
21:47:58.0406 3348 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:47:58.0406 3348 discache - ok
21:47:58.0421 3348 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
21:47:58.0421 3348 Disk - ok
21:47:58.0453 3348 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
21:47:58.0453 3348 Dnscache - ok
21:47:58.0484 3348 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
21:47:58.0484 3348 dot3svc - ok
21:47:58.0499 3348 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
21:47:58.0499 3348 DPS - ok
21:47:58.0531 3348 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:47:58.0531 3348 drmkaud - ok
21:47:58.0593 3348 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
21:47:58.0609 3348 DXGKrnl - ok
21:47:58.0624 3348 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
21:47:58.0624 3348 EapHost - ok
21:47:58.0765 3348 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
21:47:58.0780 3348 ebdrv - ok
21:47:58.0889 3348 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
21:47:58.0889 3348 EFS - ok
21:47:58.0952 3348 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
21:47:58.0952 3348 ehRecvr - ok
21:47:58.0967 3348 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
21:47:58.0967 3348 ehSched - ok
21:47:59.0030 3348 ElbyCDIO (9a47ac3dfcf81d30922cdaaf1c2d579f) C:\Windows\system32\Drivers\ElbyCDIO.sys
21:47:59.0030 3348 ElbyCDIO - ok
21:47:59.0061 3348 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
21:47:59.0061 3348 elxstor - ok
21:47:59.0092 3348 emupia (f380ff5d6d80cecc6dbbc15569757613) C:\Windows\system32\drivers\emupia2k.sys
21:47:59.0092 3348 emupia - ok
21:47:59.0108 3348 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
21:47:59.0108 3348 ErrDev - ok
21:47:59.0139 3348 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
21:47:59.0139 3348 EventSystem - ok
21:47:59.0155 3348 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:47:59.0155 3348 exfat - ok
21:47:59.0186 3348 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:47:59.0186 3348 fastfat - ok
21:47:59.0233 3348 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
21:47:59.0248 3348 Fax - ok
21:47:59.0264 3348 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
21:47:59.0264 3348 fdc - ok
21:47:59.0279 3348 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
21:47:59.0279 3348 fdPHost - ok
21:47:59.0295 3348 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
21:47:59.0295 3348 FDResPub - ok
21:47:59.0311 3348 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:47:59.0311 3348 FileInfo - ok
21:47:59.0326 3348 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:47:59.0326 3348 Filetrace - ok
21:47:59.0326 3348 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
21:47:59.0326 3348 flpydisk - ok
21:47:59.0357 3348 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
21:47:59.0357 3348 FltMgr - ok
21:47:59.0420 3348 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll
21:47:59.0451 3348 FontCache - ok
21:47:59.0513 3348 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
21:47:59.0513 3348 FontCache3.0.0.0 - ok
21:47:59.0607 3348 ForceWare Intelligent Application Manager (IAM) (a9ff65ea14e4cabfcc1bb8ece111a249) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
21:47:59.0607 3348 ForceWare Intelligent Application Manager (IAM) - ok
21:47:59.0654 3348 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:47:59.0654 3348 FsDepends - ok
21:47:59.0716 3348 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys
21:47:59.0732 3348 Fs_Rec - ok
21:47:59.0763 3348 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
21:47:59.0763 3348 fvevol - ok
21:47:59.0779 3348 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:47:59.0779 3348 gagp30kx - ok
21:47:59.0825 3348 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
21:47:59.0841 3348 gpsvc - ok
21:47:59.0888 3348 gusvc (c1b577b2169900f4cf7190c39f085794) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
21:47:59.0888 3348 gusvc - ok
21:47:59.0966 3348 ha10kx2k (82b68f585110ae8500a6d23623ae1f74) C:\Windows\system32\drivers\ha10kx2k.sys
21:47:59.0966 3348 ha10kx2k - ok
21:48:00.0044 3348 hap16v2k (83f647f9ace9192556f758e528024f68) C:\Windows\system32\drivers\hap16v2k.sys
21:48:00.0044 3348 hap16v2k - ok
21:48:00.0075 3348 hap17v2k (e815d29361de89d24c8dbe3e5a7006c9) C:\Windows\system32\drivers\hap17v2k.sys
21:48:00.0075 3348 hap17v2k - ok
21:48:00.0091 3348 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:48:00.0091 3348 hcw85cir - ok
21:48:00.0122 3348 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
21:48:00.0122 3348 HdAudAddService - ok
21:48:00.0153 3348 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:48:00.0153 3348 HDAudBus - ok
21:48:00.0153 3348 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
21:48:00.0153 3348 HidBatt - ok
21:48:00.0169 3348 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
21:48:00.0169 3348 HidBth - ok
21:48:00.0184 3348 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
21:48:00.0184 3348 HidIr - ok
21:48:00.0184 3348 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
21:48:00.0184 3348 hidserv - ok
21:48:00.0215 3348 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
21:48:00.0215 3348 HidUsb - ok
21:48:00.0215 3348 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
21:48:00.0215 3348 hkmsvc - ok
21:48:00.0231 3348 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
21:48:00.0247 3348 HomeGroupListener - ok
21:48:00.0262 3348 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
21:48:00.0262 3348 HomeGroupProvider - ok
21:48:00.0293 3348 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
21:48:00.0293 3348 HpSAMD - ok
21:48:00.0356 3348 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
21:48:00.0356 3348 HTTP - ok
21:48:00.0371 3348 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
21:48:00.0371 3348 hwpolicy - ok
21:48:00.0387 3348 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
21:48:00.0387 3348 i8042prt - ok
21:48:00.0434 3348 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
21:48:00.0434 3348 iaStorV - ok
21:48:00.0512 3348 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
21:48:00.0512 3348 idsvc - ok
21:48:00.0527 3348 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
21:48:00.0527 3348 iirsp - ok
21:48:00.0574 3348 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
21:48:00.0590 3348 IKEEXT - ok
21:48:00.0683 3348 IntcAzAudAddService (d42d651676883181400e22957a7e0b1e) C:\Windows\system32\drivers\RTKVHD64.sys
21:48:00.0699 3348 IntcAzAudAddService - ok
21:48:00.0761 3348 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
21:48:00.0761 3348 intelide - ok
21:48:00.0793 3348 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
21:48:00.0793 3348 intelppm - ok
21:48:00.0793 3348 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
21:48:00.0808 3348 IPBusEnum - ok
21:48:00.0824 3348 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:48:00.0824 3348 IpFilterDriver - ok
21:48:00.0871 3348 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
21:48:00.0871 3348 iphlpsvc - ok
21:48:00.0886 3348 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
21:48:00.0886 3348 IPMIDRV - ok
21:48:00.0902 3348 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:48:00.0902 3348 IPNAT - ok
21:48:00.0917 3348 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:48:00.0917 3348 IRENUM - ok
21:48:00.0949 3348 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
21:48:00.0949 3348 isapnp - ok
21:48:00.0964 3348 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
21:48:00.0964 3348 iScsiPrt - ok
21:48:00.0980 3348 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
21:48:00.0995 3348 kbdclass - ok
21:48:00.0995 3348 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
21:48:00.0995 3348 kbdhid - ok
21:48:01.0027 3348 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
21:48:01.0027 3348 KeyIso - ok
21:48:01.0058 3348 KSecDD (4f4b5fde429416877de7143044582eb5) C:\Windows\system32\Drivers\ksecdd.sys
21:48:01.0073 3348 KSecDD - ok
21:48:01.0073 3348 KSecPkg (6f40465a44ecdc1731befafec5bdd03c) C:\Windows\system32\Drivers\ksecpkg.sys
21:48:01.0073 3348 KSecPkg - ok
21:48:01.0089 3348 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:48:01.0089 3348 ksthunk - ok
21:48:01.0120 3348 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
21:48:01.0136 3348 KtmRm - ok
21:48:01.0229 3348 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll
21:48:01.0245 3348 LanmanServer - ok
21:48:01.0292 3348 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
21:48:01.0292 3348 LanmanWorkstation - ok
21:48:01.0307 3348 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:48:01.0307 3348 lltdio - ok
21:48:01.0323 3348 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
21:48:01.0323 3348 lltdsvc - ok
21:48:01.0339 3348 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
21:48:01.0339 3348 lmhosts - ok
21:48:01.0370 3348 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:48:01.0370 3348 LSI_FC - ok
21:48:01.0385 3348 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:48:01.0385 3348 LSI_SAS - ok
21:48:01.0385 3348 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:48:01.0385 3348 LSI_SAS2 - ok
21:48:01.0401 3348 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:48:01.0401 3348 LSI_SCSI - ok
21:48:01.0417 3348 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:48:01.0417 3348 luafv - ok
21:48:01.0432 3348 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys
21:48:01.0432 3348 MBAMProtector - ok
21:48:01.0495 3348 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
21:48:01.0495 3348 MBAMService - ok
21:48:01.0557 3348 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
21:48:01.0557 3348 McComponentHostService - ok
21:48:01.0588 3348 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
21:48:01.0588 3348 Mcx2Svc - ok
21:48:01.0588 3348 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
21:48:01.0588 3348 megasas - ok
21:48:01.0619 3348 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
21:48:01.0619 3348 MegaSR - ok
21:48:01.0635 3348 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:48:01.0635 3348 MMCSS - ok
21:48:01.0651 3348 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:48:01.0651 3348 Modem - ok
21:48:01.0666 3348 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:48:01.0666 3348 monitor - ok
21:48:01.0666 3348 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
21:48:01.0666 3348 mouclass - ok
21:48:01.0682 3348 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
21:48:01.0682 3348 mouhid - ok
21:48:01.0697 3348 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
21:48:01.0697 3348 mountmgr - ok
21:48:01.0760 3348 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
21:48:01.0760 3348 MozillaMaintenance - ok
21:48:01.0822 3348 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
21:48:01.0822 3348 mpio - ok
21:48:01.0838 3348 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:48:01.0838 3348 mpsdrv - ok
21:48:01.0900 3348 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
21:48:01.0900 3348 MpsSvc - ok
21:48:01.0916 3348 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
21:48:01.0916 3348 MRxDAV - ok
21:48:01.0947 3348 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:48:01.0947 3348 mrxsmb - ok
21:48:01.0978 3348 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:48:01.0978 3348 mrxsmb10 - ok
21:48:01.0994 3348 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:48:01.0994 3348 mrxsmb20 - ok
21:48:02.0009 3348 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
21:48:02.0009 3348 msahci - ok
21:48:02.0025 3348 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
21:48:02.0025 3348 msdsm - ok
21:48:02.0041 3348 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
21:48:02.0041 3348 MSDTC - ok
21:48:02.0056 3348 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:48:02.0056 3348 Msfs - ok
21:48:02.0056 3348 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:48:02.0056 3348 mshidkmdf - ok
21:48:02.0072 3348 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
21:48:02.0072 3348 msisadrv - ok
21:48:02.0103 3348 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
21:48:02.0103 3348 MSiSCSI - ok
21:48:02.0103 3348 msiserver - ok
21:48:02.0119 3348 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:48:02.0119 3348 MSKSSRV - ok
21:48:02.0134 3348 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:48:02.0134 3348 MSPCLOCK - ok
21:48:02.0134 3348 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:48:02.0134 3348 MSPQM - ok
21:48:02.0165 3348 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
21:48:02.0165 3348 MsRPC - ok
21:48:02.0181 3348 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
21:48:02.0181 3348 mssmbios - ok
21:48:02.0197 3348 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:48:02.0197 3348 MSTEE - ok
21:48:02.0197 3348 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
21:48:02.0197 3348 MTConfig - ok
21:48:02.0228 3348 MTsensor (03b7145c889603537e9ffeabb1ad1089) C:\Windows\system32\DRIVERS\ASACPI.sys
21:48:02.0228 3348 MTsensor - ok
21:48:02.0259 3348 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:48:02.0259 3348 Mup - ok
21:48:02.0275 3348 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
21:48:02.0290 3348 napagent - ok
21:48:02.0306 3348 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:48:02.0321 3348 NativeWifiP - ok
21:48:02.0384 3348 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
21:48:02.0384 3348 NDIS - ok
21:48:02.0399 3348 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:48:02.0399 3348 NdisCap - ok
21:48:02.0399 3348 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:48:02.0399 3348 NdisTapi - ok
21:48:02.0415 3348 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
21:48:02.0415 3348 Ndisuio - ok
21:48:02.0462 3348 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
21:48:02.0462 3348 NdisWan - ok
21:48:02.0477 3348 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
21:48:02.0477 3348 NDProxy - ok
21:48:02.0493 3348 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:48:02.0493 3348 NetBIOS - ok
21:48:02.0509 3348 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
21:48:02.0509 3348 NetBT - ok
21:48:02.0540 3348 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
21:48:02.0540 3348 Netlogon - ok
21:48:02.0587 3348 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
21:48:02.0587 3348 Netman - ok
21:48:02.0618 3348 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
21:48:02.0618 3348 netprofm - ok
21:48:02.0680 3348 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:48:02.0680 3348 NetTcpPortSharing - ok
21:48:02.0696 3348 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
21:48:02.0696 3348 nfrd960 - ok
21:48:02.0711 3348 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
21:48:02.0711 3348 NlaSvc - ok
21:48:02.0727 3348 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:48:02.0727 3348 Npfs - ok
21:48:02.0727 3348 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
21:48:02.0727 3348 nsi - ok
21:48:02.0743 3348 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:48:02.0743 3348 nsiproxy - ok
21:48:02.0805 3348 nSvcIp (c04f5def37e55f6a34428b050f44d3d6) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
21:48:02.0821 3348 nSvcIp - ok
21:48:02.0899 3348 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
21:48:02.0914 3348 Ntfs - ok
21:48:02.0992 3348 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:48:02.0992 3348 Null - ok
21:48:03.0039 3348 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
21:48:03.0039 3348 NVENETFD - ok
21:48:03.0601 3348 nvlddmkm (bbe872a814b00798c2d568d46c42a71b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:48:03.0647 3348 nvlddmkm - ok
21:48:03.0710 3348 NVNET (956a1f47826514c1ea0c295fe13c7377) C:\Windows\system32\DRIVERS\nvmf6264.sys
21:48:03.0710 3348 NVNET - ok
21:48:03.0741 3348 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
21:48:03.0741 3348 nvraid - ok
21:48:03.0757 3348 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
21:48:03.0772 3348 nvstor - ok
21:48:03.0788 3348 nvstor64 (7c7eef51979658ce15bbc04f96a77d56) C:\Windows\system32\DRIVERS\nvstor64.sys
21:48:03.0788 3348 nvstor64 - ok
21:48:03.0850 3348 NVSvc (0393e59488c67f704336f3ff06e2b7bd) C:\Windows\system32\nvvsvc.exe
21:48:03.0850 3348 NVSvc - ok
21:48:03.0881 3348 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
21:48:03.0881 3348 nv_agp - ok
21:48:03.0897 3348 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
21:48:03.0897 3348 ohci1394 - ok
21:48:03.0913 3348 ossrv (85ea378116e2c4385993ba5124536ffc) C:\Windows\system32\drivers\ctoss2k.sys
21:48:03.0913 3348 ossrv - ok
21:48:03.0944 3348 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:48:03.0959 3348 p2pimsvc - ok
21:48:03.0991 3348 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
21:48:03.0991 3348 p2psvc - ok
21:48:04.0006 3348 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
21:48:04.0006 3348 Parport - ok
21:48:04.0037 3348 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys
21:48:04.0037 3348 partmgr - ok
21:48:04.0053 3348 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
21:48:04.0069 3348 PcaSvc - ok
21:48:04.0069 3348 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
21:48:04.0069 3348 pci - ok
21:48:04.0084 3348 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
21:48:04.0084 3348 pciide - ok
21:48:04.0115 3348 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
21:48:04.0115 3348 pcmcia - ok
21:48:04.0131 3348 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:48:04.0131 3348 pcw - ok
21:48:04.0162 3348 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:48:04.0178 3348 PEAUTH - ok
21:48:04.0225 3348 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
21:48:04.0225 3348 PerfHost - ok
21:48:04.0303 3348 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
21:48:04.0318 3348 pla - ok
21:48:04.0349 3348 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
21:48:04.0349 3348 PlugPlay - ok
21:48:04.0365 3348 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
21:48:04.0365 3348 PNRPAutoReg - ok
21:48:04.0381 3348 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
21:48:04.0381 3348 PNRPsvc - ok
21:48:04.0427 3348 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
21:48:04.0427 3348 PolicyAgent - ok
21:48:04.0459 3348 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
21:48:04.0459 3348 Power - ok
21:48:04.0505 3348 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
21:48:04.0505 3348 PptpMiniport - ok
21:48:04.0505 3348 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
21:48:04.0505 3348 Processor - ok
21:48:04.0537 3348 ProfSvc (97293447431311c06703368ad0f6c4be) C:\Windows\system32\profsvc.dll
21:48:04.0552 3348 ProfSvc - ok
21:48:04.0568 3348 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
21:48:04.0568 3348 ProtectedStorage - ok
21:48:04.0583 3348 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
21:48:04.0583 3348 Psched - ok
21:48:04.0661 3348 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
21:48:04.0661 3348 ql2300 - ok
21:48:04.0739 3348 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
21:48:04.0739 3348 ql40xx - ok
21:48:04.0755 3348 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
21:48:04.0755 3348 QWAVE - ok
21:48:04.0771 3348 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:48:04.0771 3348 QWAVEdrv - ok
21:48:04.0786 3348 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:48:04.0786 3348 RasAcd - ok
21:48:04.0802 3348 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:48:04.0802 3348 RasAgileVpn - ok
21:48:04.0817 3348 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
21:48:04.0817 3348 RasAuto - ok
21:48:04.0833 3348 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:48:04.0833 3348 Rasl2tp - ok
21:48:04.0864 3348 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
21:48:04.0864 3348 RasMan - ok
21:48:04.0880 3348 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:48:04.0880 3348 RasPppoe - ok
21:48:04.0895 3348 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:48:04.0895 3348 RasSstp - ok
21:48:04.0911 3348 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
21:48:04.0911 3348 rdbss - ok
21:48:04.0927 3348 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
21:48:04.0927 3348 rdpbus - ok
21:48:04.0942 3348 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:48:04.0942 3348 RDPCDD - ok
21:48:04.0958 3348 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:48:04.0958 3348 RDPENCDD - ok
21:48:04.0973 3348 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:48:04.0973 3348 RDPREFMP - ok
21:48:04.0989 3348 RDPWD (447de7e3dea39d422c1504f245b668b1) C:\Windows\system32\drivers\RDPWD.sys
21:48:04.0989 3348 RDPWD - ok
21:48:05.0020 3348 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
21:48:05.0020 3348 rdyboost - ok
21:48:05.0051 3348 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
21:48:05.0051 3348 RemoteAccess - ok
21:48:05.0067 3348 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
21:48:05.0067 3348 RemoteRegistry - ok
21:48:05.0083 3348 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
21:48:05.0083 3348 RpcEptMapper - ok
21:48:05.0098 3348 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
21:48:05.0098 3348 RpcLocator - ok
21:48:05.0161 3348 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
21:48:05.0161 3348 RpcSs - ok
21:48:05.0176 3348 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:48:05.0176 3348 rspndr - ok
21:48:05.0207 3348 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
21:48:05.0207 3348 SamSs - ok
21:48:05.0207 3348 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
21:48:05.0223 3348 sbp2port - ok
21:48:05.0239 3348 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
21:48:05.0239 3348 SCardSvr - ok
21:48:05.0254 3348 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
21:48:05.0254 3348 scfilter - ok
21:48:05.0317 3348 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
21:48:05.0332 3348 Schedule - ok
21:48:05.0363 3348 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
21:48:05.0363 3348 SCPolicySvc - ok
21:48:05.0379 3348 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
21:48:05.0379 3348 SDRSVC - ok
21:48:05.0410 3348 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:48:05.0410 3348 secdrv - ok
21:48:05.0426 3348 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
21:48:05.0426 3348 seclogon - ok
21:48:05.0426 3348 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
21:48:05.0441 3348 SENS - ok
21:48:05.0441 3348 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
21:48:05.0441 3348 SensrSvc - ok
21:48:05.0473 3348 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
21:48:05.0473 3348 Serenum - ok
21:48:05.0504 3348 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
21:48:05.0504 3348 Serial - ok
21:48:05.0504 3348 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
21:48:05.0504 3348 sermouse - ok
21:48:05.0535 3348 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
21:48:05.0535 3348 SessionEnv - ok
21:48:05.0535 3348 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
21:48:05.0535 3348 sffdisk - ok
21:48:05.0551 3348 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
21:48:05.0551 3348 sffp_mmc - ok
21:48:05.0566 3348 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
21:48:05.0566 3348 sffp_sd - ok
21:48:05.0566 3348 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
21:48:05.0566 3348 sfloppy - ok
21:48:05.0613 3348 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
21:48:05.0613 3348 SharedAccess - ok
21:48:05.0644 3348 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
21:48:05.0644 3348 ShellHWDetection - ok
21:48:05.0660 3348 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:48:05.0660 3348 SiSRaid2 - ok
21:48:05.0675 3348 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
21:48:05.0675 3348 SiSRaid4 - ok
21:48:05.0691 3348 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:48:05.0691 3348 Smb - ok
21:48:05.0738 3348 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
21:48:05.0738 3348 SNMPTRAP - ok
21:48:05.0753 3348 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:48:05.0753 3348 spldr - ok
21:48:05.0785 3348 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
21:48:05.0800 3348 Spooler - ok
21:48:05.0972 3348 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
21:48:06.0003 3348 sppsvc - ok
21:48:06.0065 3348 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
21:48:06.0065 3348 sppuinotify - ok
21:48:06.0112 3348 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
21:48:06.0128 3348 srv - ok
21:48:06.0143 3348 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
21:48:06.0143 3348 srv2 - ok
21:48:06.0159 3348 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
21:48:06.0159 3348 srvnet - ok
21:48:06.0206 3348 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
21:48:06.0206 3348 SSDPSRV - ok
21:48:06.0221 3348 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
21:48:06.0221 3348 SstpSvc - ok
21:48:06.0284 3348 Stereo Service (8d01686ae82b466f4cd074f31f2942ca) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
21:48:06.0284 3348 Stereo Service - ok
21:48:06.0299 3348 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
21:48:06.0299 3348 stexstor - ok
21:48:06.0331 3348 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
21:48:06.0346 3348 stisvc - ok
21:48:06.0362 3348 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
21:48:06.0362 3348 swenum - ok
21:48:06.0393 3348 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
21:48:06.0409 3348 swprv - ok
21:48:06.0487 3348 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
21:48:06.0518 3348 SysMain - ok
21:48:06.0565 3348 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
21:48:06.0580 3348 TabletInputService - ok
21:48:06.0596 3348 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
21:48:06.0611 3348 TapiSrv - ok
21:48:06.0611 3348 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
21:48:06.0627 3348 TBS - ok
21:48:06.0736 3348 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys
21:48:06.0752 3348 Tcpip - ok
21:48:07.0001 3348 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys
21:48:07.0017 3348 TCPIP6 - ok
21:48:07.0048 3348 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
21:48:07.0048 3348 tcpipreg - ok
21:48:07.0064 3348 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:48:07.0064 3348 TDPIPE - ok
21:48:07.0095 3348 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
21:48:07.0095 3348 TDTCP - ok
21:48:07.0111 3348 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
21:48:07.0111 3348 tdx - ok
21:48:07.0111 3348 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
21:48:07.0111 3348 TermDD - ok
21:48:07.0173 3348 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
21:48:07.0189 3348 TermService - ok
21:48:07.0189 3348 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
21:48:07.0189 3348 Themes - ok
21:48:07.0220 3348 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
21:48:07.0220 3348 THREADORDER - ok
21:48:07.0220 3348 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
21:48:07.0235 3348 TrkWks - ok
21:48:07.0251 3348 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
21:48:07.0251 3348 TrustedInstaller - ok
21:48:07.0267 3348 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:48:07.0267 3348 tssecsrv - ok
21:48:07.0298 3348 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
21:48:07.0298 3348 tunnel - ok
21:48:07.0313 3348 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
21:48:07.0313 3348 uagp35 - ok
21:48:07.0345 3348 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
21:48:07.0345 3348 udfs - ok
21:48:07.0360 3348 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
21:48:07.0360 3348 UI0Detect - ok
21:48:07.0376 3348 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
21:48:07.0376 3348 uliagpkx - ok
21:48:07.0391 3348 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
21:48:07.0391 3348 umbus - ok
21:48:07.0407 3348 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
21:48:07.0407 3348 UmPass - ok
21:48:07.0438 3348 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
21:48:07.0438 3348 upnphost - ok
21:48:07.0469 3348 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\drivers\usbccgp.sys
21:48:07.0469 3348 usbccgp - ok
21:48:07.0469 3348 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
21:48:07.0469 3348 usbcir - ok
21:48:07.0501 3348 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
21:48:07.0501 3348 usbehci - ok
21:48:07.0532 3348 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
21:48:07.0532 3348 usbhub - ok
21:48:07.0532 3348 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\DRIVERS\usbohci.sys
21:48:07.0532 3348 usbohci - ok
21:48:07.0547 3348 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
21:48:07.0547 3348 usbprint - ok
21:48:07.0563 3348 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:48:07.0563 3348 USBSTOR - ok
21:48:07.0579 3348 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys
21:48:07.0579 3348 usbuhci - ok
21:48:07.0579 3348 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
21:48:07.0579 3348 UxSms - ok
21:48:07.0610 3348 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
21:48:07.0610 3348 VaultSvc - ok
21:48:07.0641 3348 VClone (84bb306b7863883018d7f3eb0c453bd5) C:\Windows\system32\DRIVERS\VClone.sys
21:48:07.0641 3348 VClone - ok
21:48:07.0641 3348 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
21:48:07.0641 3348 vdrvroot - ok
21:48:07.0672 3348 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
21:48:07.0688 3348 vds - ok
21:48:07.0719 3348 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:48:07.0719 3348 vga - ok
21:48:07.0719 3348 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:48:07.0719 3348 VgaSave - ok
21:48:07.0750 3348 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
21:48:07.0750 3348 vhdmp - ok
21:48:07.0766 3348 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
21:48:07.0766 3348 viaide - ok
21:48:07.0766 3348 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
21:48:07.0781 3348 volmgr - ok
21:48:07.0797 3348 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
21:48:07.0797 3348 volmgrx - ok
21:48:07.0828 3348 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
21:48:07.0828 3348 volsnap - ok
21:48:07.0844 3348 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
21:48:07.0844 3348 vsmraid - ok
21:48:07.0922 3348 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
21:48:07.0937 3348 VSS - ok
21:48:08.0015 3348 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
21:48:08.0015 3348 vwifibus - ok
21:48:08.0047 3348 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
21:48:08.0062 3348 W32Time - ok
21:48:08.0062 3348 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
21:48:08.0062 3348 WacomPen - ok
21:48:08.0093 3348 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
21:48:08.0093 3348 WANARP - ok
21:48:08.0093 3348 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
21:48:08.0093 3348 Wanarpv6 - ok
21:48:08.0187 3348 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
21:48:08.0203 3348 WatAdminSvc - ok
21:48:08.0281 3348 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
21:48:08.0296 3348 wbengine - ok
21:48:08.0343 3348 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
21:48:08.0343 3348 WbioSrvc - ok
21:48:08.0374 3348 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
21:48:08.0390 3348 wcncsvc - ok
21:48:08.0390 3348 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
21:48:08.0390 3348 WcsPlugInService - ok
21:48:08.0405 3348 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
21:48:08.0405 3348 Wd - ok
21:48:08.0452 3348 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:48:08.0452 3348 Wdf01000 - ok
21:48:08.0452 3348 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:48:08.0468 3348 WdiServiceHost - ok
21:48:08.0468 3348 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
21:48:08.0468 3348 WdiSystemHost - ok
21:48:08.0499 3348 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
21:48:08.0499 3348 WebClient - ok
21:48:08.0515 3348 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
21:48:08.0515 3348 Wecsvc - ok
21:48:08.0530 3348 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
21:48:08.0546 3348 wercplsupport - ok
21:48:08.0546 3348 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
21:48:08.0546 3348 WerSvc - ok
21:48:08.0561 3348 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:48:08.0561 3348 WfpLwf - ok
21:48:08.0577 3348 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:48:08.0577 3348 WIMMount - ok
21:48:08.0593 3348 WinDefend - ok
21:48:08.0593 3348 WinHttpAutoProxySvc - ok
21:48:08.0639 3348 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
21:48:08.0639 3348 Winmgmt - ok
21:48:08.0749 3348 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
21:48:08.0780 3348 WinRM - ok
21:48:08.0920 3348 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
21:48:08.0936 3348 Wlansvc - ok
21:48:08.0936 3348 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
21:48:08.0936 3348 WmiAcpi - ok
21:48:08.0967 3348 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
21:48:08.0967 3348 wmiApSrv - ok
21:48:08.0983 3348 WMPNetworkSvc - ok
21:48:08.0998 3348 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
21:48:08.0998 3348 WPCSvc - ok
21:48:08.0998 3348 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
21:48:09.0014 3348 WPDBusEnum - ok
21:48:09.0014 3348 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:48:09.0014 3348 ws2ifsl - ok
21:48:09.0045 3348 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\system32\wscsvc.dll
21:48:09.0045 3348 wscsvc - ok
21:48:09.0045 3348 WSearch - ok
21:48:09.0185 3348 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
21:48:09.0217 3348 wuauserv - ok
21:48:09.0279 3348 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
21:48:09.0279 3348 WudfPf - ok
21:48:09.0310 3348 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:48:09.0310 3348 WUDFRd - ok
21:48:09.0326 3348 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
21:48:09.0326 3348 wudfsvc - ok
21:48:09.0357 3348 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
21:48:09.0357 3348 WwanSvc - ok
21:48:09.0357 3348 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
21:48:09.0388 3348 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
21:48:09.0388 3348 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
21:48:09.0404 3348 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
21:48:09.0404 3348 \Device\Harddisk0\DR0 - detected TDSS File System (1)
21:48:09.0419 3348 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk1\DR1
21:48:11.0213 3348 \Device\Harddisk1\DR1 - ok
21:48:11.0213 3348 Boot (0x1200) (e528edaff4cf373d91acd231b0efee17) \Device\Harddisk0\DR0\Partition0
21:48:11.0213 3348 \Device\Harddisk0\DR0\Partition0 - ok
21:48:11.0229 3348 Boot (0x1200) (a07ea1c78792c2271933de3d95aa78e1) \Device\Harddisk0\DR0\Partition1
21:48:11.0229 3348 \Device\Harddisk0\DR0\Partition1 - ok
21:48:11.0229 3348 Boot (0x1200) (15f9c330526e34cbeabcddef13a60174) \Device\Harddisk1\DR1\Partition0
21:48:11.0229 3348 \Device\Harddisk1\DR1\Partition0 - ok
21:48:11.0229 3348 ============================================================
21:48:11.0229 3348 Scan finished
21:48:11.0229 3348 ============================================================
21:48:11.0245 3268 Detected object count: 2
21:48:11.0245 3268 Actual detected object count: 2
21:49:49.0348 3268 \Device\Harddisk0\DR0\# - copied to quarantine
21:49:49.0348 3268 \Device\Harddisk0\DR0 - copied to quarantine
21:49:49.0379 3268 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
21:49:49.0379 3268 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
21:49:49.0379 3268 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
21:49:49.0379 3268 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
21:49:49.0394 3268 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
21:49:49.0394 3268 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
21:49:49.0394 3268 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
21:49:49.0394 3268 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
21:49:49.0394 3268 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
21:49:49.0394 3268 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
21:49:49.0410 3268 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
21:49:49.0410 3268 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
21:49:49.0410 3268 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
21:49:49.0410 3268 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
21:49:49.0410 3268 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
21:49:49.0441 3268 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
21:49:49.0441 3268 \Device\Harddisk0\DR0 - ok
21:49:55.0026 3268 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
21:49:55.0026 3268 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
21:49:55.0026 3268 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
21:50:57.0988 5068 Deinitialize success
-
RogueKiller V7.6.6 [08/10/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User: Bernice [Admin rights]
Mode: Scan -- Date: 08/10/2012 19:35:09
¤¤¤ Bad processes: 1 ¤¤¤
[sVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc]
¤¤¤ Registry Entries: 2 ¤¤¤
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] @ : c:\windows\installer\{1f47eb10-4447-ed96-c74a-469d77c68f8d}\@ --> FOUND
[ZeroAccess][FOLDER] U : c:\windows\installer\{1f47eb10-4447-ed96-c74a-469d77c68f8d}\U --> FOUND
[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_32\desktop.ini --> FOUND
[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_64\desktop.ini --> FOUND
[susp.ASLR][ASLR WIPED-OFF] services.exe : c:\windows\system32\services.exe --> FOUND
¤¤¤ Driver: [NOT LOADED] ¤¤¤
¤¤¤ Infection : ZeroAccess ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD64 01AALS-00E8B SCSI Disk Device +++++
--- User ---
[MBR] de56085bf42185de9de7ddf70a5ddde3
[bSP] f7e93078e80b07ffdd0bd575fae681f7 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 610378 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Finished : << RKreport[1].txt >>
RKreport[1].txt
-
I did it one more time, rebooted, scanned, and it's still there.
-
Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org
Database version: v2012.08.10.08
Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Bernice :: BERNICE-PC [administrator]
Protection: Enabled
8/10/2012 9:31:03 PM
mbam-log-2012-08-10 (21-31-03).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 208968
Time elapsed: 1 minute(s), 28 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.
(end)
Still one left
-
Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org
Database version: v2012.08.10.08
Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Bernice :: BERNICE-PC [administrator]
Protection: Disabled
8/10/2012 9:25:32 PM
mbam-log-2012-08-10 (21-25-32).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 209025
Time elapsed: 59 second(s)
Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 3760 -> Delete on reboot.
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.
(end)
Seems to be running okay currently, but it found two objects as you will see here. Want me to reboot as it requests?
-
This seems to be a big log!
ComboFix 12-08-09.01 - Bernice 08/10/2012 20:51:04.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4095.2961 [GMT -4:00]
Running from: c:\users\Bernice\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\Bernice\AppData\Local\assembly\tmp
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-11 to 2012-08-11 )))))))))))))))))))))))))))))))
.
.
2012-08-11 04:09 . 2012-08-11 04:09 -------- d-----w- C:\FRST
2012-08-10 01:25 . 2012-08-10 01:25 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-08-07 07:16 . 2012-08-07 07:16 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B033D555-B4ED-4EDC-9523-66351C4A87D4}\offreg.dll
2012-08-07 07:15 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B033D555-B4ED-4EDC-9523-66351C4A87D4}\mpengine.dll
2012-07-24 13:52 . 2012-07-24 13:52 -------- d-----w- c:\windows\Sun
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-03 06:20 . 2012-05-04 21:50 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-03 06:20 . 2011-05-25 23:25 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 07:00 . 2010-12-21 00:26 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-03 17:46 . 2011-02-07 14:55 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-12 03:02 . 2012-07-11 07:02 3147264 ----a-w- c:\windows\system32\win32k.sys
2012-06-09 05:30 . 2012-07-11 05:45 14165504 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 05:50 . 2012-07-11 05:45 2003968 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 05:50 . 2012-07-11 05:45 1880064 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 05:09 . 2012-07-11 05:45 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:09 . 2012-07-11 05:45 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-02 22:19 . 2012-06-22 01:49 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 01:49 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-22 01:49 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 01:49 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 01:49 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-22 01:49 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-22 01:49 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-22 01:49 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-22 01:49 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 05:38 . 2012-07-11 05:45 95088 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:38 . 2012-07-11 05:45 152432 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:37 . 2012-07-11 05:45 459216 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:27 . 2012-07-11 05:45 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:27 . 2012-07-11 05:45 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:48 . 2012-07-11 05:45 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:48 . 2012-07-11 05:45 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:47 . 2012-07-11 05:45 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:42 . 2012-07-11 05:45 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-05-31 16:25 . 2010-12-21 00:04 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-15 03:56 . 2012-06-12 23:17 1197568 ----a-w- c:\windows\system32\wininet.dll
2012-05-15 03:52 . 2012-06-12 23:17 64512 ----a-w- c:\windows\system32\jsproxy.dll
2012-05-15 03:08 . 2012-06-12 23:17 981504 ----a-w- c:\windows\SysWow64\wininet.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DevconDefaultDB"="c:\windows\system32\readreg" [X]
"googletalk"="c:\users\Bernice\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AsioThk32Reg"="CTASIO.DLL" [2010-03-19 47104]
"CTHelper"="CTHELPER.EXE" [2010-03-19 19456]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-03 250056]
R3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.SYS [2010-03-19 158808]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-12-21 79360]
R3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.SYS [2010-03-19 706648]
R3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\System32\drivers\CTERFXFX.SYS [2010-03-19 141912]
R3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.SYS [2010-03-19 141912]
R3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.SYS [2010-03-19 681048]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-07-26 25832]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-20 113120]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-21 1255736]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2010-11-09 21992]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]
S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\System32\drivers\COMMONFX.SYS [2010-03-19 158808]
S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\System32\drivers\CTAUDFX.SYS [2010-03-19 706648]
S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\System32\drivers\CTSBLFX.SYS [2010-03-19 681048]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-04 06:20]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-05-23 7833120]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-05-23 1833504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
LSP: %SYSTEMROOT%\system32\nvLsp.dll
TCP: DhcpNameServer = 209.206.136.8 207.230.192.251
FF - ProfilePath - c:\users\Bernice\AppData\Roaming\Mozilla\Firefox\Profiles\r60pnj1e.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-Spotify - c:\users\Bernice\AppData\Roaming\Spotify\Spotify.exe
Wow6432Node-HKCU-Run-NCsoft - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\\.\globalroot\systemroot\svchost.exe
.
**************************************************************************
.
Completion time: 2012-08-10 21:00:50 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-11 01:00
.
Pre-Run: 490,335,031,296 bytes free
Post-Run: 491,265,798,144 bytes free
.
- - End Of File - - E8A22271CE4C9D386D1655660B59D12A
-
Okay, I assume we're getting closer to "Fixed"
Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 09-08-2012
Ran by SYSTEM at 2012-08-10 20:36:26 Run:1
Running from F:\
==============================================
C:\Windows\Installer\{1f47eb10-4447-ed96-c74a-469d77c68f8d} moved successfully.
C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.
C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe
==== End of Fixlog ====
-
Okay, I did as you said. One hitch, I typed Exit into the search box, and hit enter, causing it to scan again and write FRST.txt again, After the Search.txt... I don't know if that would change the results you're looking for or not.
Scan result of Farbar Recovery Scan Tool Version: 09-08-2012
Ran by SYSTEM at 10-08-2012 20:15:30
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001
========================== Registry (Whitelisted) =============
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [7833120 2009-05-22] (Realtek Semiconductor)
HKLM\...\Run: [skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe [1833504 2009-05-22] (Realtek Semiconductor Corp.)
HKLM-x32\...\Run: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL [x]
HKLM-x32\...\Run: [CTHelper] CTHELPER.EXE [x]
HKLM-x32\...\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s [85160 2009-06-17] (Elaborate Bytes AG)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation)
HKU\Bernice\...\Run: [DevconDefaultDB] C:\Windows\system32\readreg /PSCONV={NO} /FAIL=1 [x]
HKU\Bernice\...\Run: [spotify] "C:\Users\Bernice\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart [x]
HKU\Bernice\...\Run: [googletalk] C:\Users\Bernice\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart [3739648 2007-01-01] (Google)
HKU\Bernice\...\Run: [NCsoft] [x]
Tcpip\Parameters: [DhcpNameServer] 209.206.136.8 207.230.192.251
Startup: C:\Users\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
==================== Services (Whitelisted) ======
2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [625184 2009-04-19] ()
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)
3 McComponentHostService; "C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe" [227232 2010-01-15] (McAfee, Inc.)
2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [207904 2009-04-19] ()
========================== Drivers (Whitelisted) =============
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation)
3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-28] ()
3 NVNET; C:\Windows\System32\DRIVERS\nvmf6264.sys [339360 2009-04-30] (NVIDIA Corporation)
========================== NetSvcs (Whitelisted) ===========
============ One Month Created Files and Folders ==============
2012-08-10 15:47 - 2012-08-10 15:47 - 01439703 ____A (Farbar) C:\Users\Bernice\Downloads\FRST64.exe
2012-08-10 15:35 - 2012-08-10 15:35 - 00001753 ____A C:\Users\Bernice\Desktop\RKreport[1].txt
2012-08-10 15:34 - 2012-08-10 15:35 - 00000000 ____D C:\Users\Bernice\Desktop\RK_Quarantine
2012-08-10 15:33 - 2012-08-10 15:33 - 01558528 ____A C:\Users\Bernice\Desktop\RogueKiller.exe
2012-08-10 15:29 - 2012-08-10 15:28 - 00607260 ____R (Swearware) C:\Users\Bernice\Desktop\dds.com
2012-08-10 15:28 - 2012-08-10 15:27 - 00607260 ____R (Swearware) C:\Users\Bernice\Desktop\dds.scr
2012-08-10 05:13 - 2012-08-10 05:13 - 00001169 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-08-09 17:25 - 2012-08-09 17:25 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-08-07 07:21 - 2012-08-07 07:21 - 00001580 ____A C:\Users\Bernice\Desktop\Peanut butter chicken.txt
2012-08-04 16:02 - 2012-08-04 16:02 - 01124103 ____A C:\Users\Bernice\Downloads\DBM-4.10.14-r7705-Core-and-Cataclysm-Mods.zip
2012-08-02 07:05 - 2012-08-02 07:05 - 02294253 ____A C:\Users\Bernice\Downloads\Grail-035.zip
2012-08-02 07:04 - 2012-08-02 07:04 - 00039092 ____A C:\Users\Bernice\Downloads\Wholly-021.zip
2012-07-28 09:31 - 2012-07-28 09:31 - 00165248 ____A (ArenaNet) C:\Users\Bernice\Downloads\GwSetup.exe
2012-07-24 19:28 - 2012-07-24 19:28 - 48351232 ____A C:\Users\Bernice\Downloads\calibre-0.8.61.msi
2012-07-24 05:52 - 2012-07-24 05:52 - 00000000 ____D C:\Windows\Sun
============ 3 Months Modified Files ========================
2012-08-10 16:04 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-10 16:04 - 2009-07-13 20:51 - 00040313 ____A C:\Windows\setupact.log
2012-08-10 16:03 - 2009-07-13 20:45 - 00015024 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-10 16:03 - 2009-07-13 20:45 - 00015024 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-10 15:50 - 2010-12-20 15:44 - 01158100 ____A C:\Windows\WindowsUpdate.log
2012-08-10 15:48 - 2009-07-13 21:13 - 00726270 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-10 15:47 - 2012-08-10 15:47 - 01439703 ____A (Farbar) C:\Users\Bernice\Downloads\FRST64.exe
2012-08-10 15:35 - 2012-08-10 15:35 - 00001753 ____A C:\Users\Bernice\Desktop\RKreport[1].txt
2012-08-10 15:33 - 2012-08-10 15:33 - 01558528 ____A C:\Users\Bernice\Desktop\RogueKiller.exe
2012-08-10 15:28 - 2012-08-10 15:29 - 00607260 ____R (Swearware) C:\Users\Bernice\Desktop\dds.com
2012-08-10 15:27 - 2012-08-10 15:28 - 00607260 ____R (Swearware) C:\Users\Bernice\Desktop\dds.scr
2012-08-10 15:20 - 2012-05-04 13:50 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-08-10 11:49 - 2011-02-07 16:24 - 00006004 ____A C:\Windows\PFRO.log
2012-08-10 05:13 - 2012-08-10 05:13 - 00001169 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-08-07 07:21 - 2012-08-07 07:21 - 00001580 ____A C:\Users\Bernice\Desktop\Peanut butter chicken.txt
2012-08-04 16:02 - 2012-08-04 16:02 - 01124103 ____A C:\Users\Bernice\Downloads\DBM-4.10.14-r7705-Core-and-Cataclysm-Mods.zip
2012-08-02 22:20 - 2012-05-04 13:50 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-08-02 22:20 - 2011-05-25 15:25 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-08-02 07:05 - 2012-08-02 07:05 - 02294253 ____A C:\Users\Bernice\Downloads\Grail-035.zip
2012-08-02 07:04 - 2012-08-02 07:04 - 00039092 ____A C:\Users\Bernice\Downloads\Wholly-021.zip
2012-07-28 09:31 - 2012-07-28 09:31 - 00165248 ____A (ArenaNet) C:\Users\Bernice\Downloads\GwSetup.exe
2012-07-24 19:31 - 2012-02-12 18:51 - 00001016 ____A C:\Users\Public\Desktop\calibre - E-book management.lnk
2012-07-24 19:28 - 2012-07-24 19:28 - 48351232 ____A C:\Users\Bernice\Downloads\calibre-0.8.61.msi
2012-07-10 23:18 - 2009-07-13 20:45 - 00289152 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-10 23:00 - 2010-12-20 16:26 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-10 20:59 - 2012-07-10 20:57 - 108835088 ____A C:\Users\Bernice\Downloads\PRS-T1_Updater_1.0.04.12210(1).exe
2012-07-05 06:21 - 2010-12-26 19:07 - 00540672 __ASH C:\Users\Bernice\Documents\Thumbs.db
2012-07-05 06:17 - 2012-07-05 06:17 - 00011761 ____A C:\Users\Bernice\Documents\Shea.odt
2012-07-03 09:46 - 2011-02-07 06:55 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-24 07:10 - 2012-06-24 07:10 - 47520256 ____A C:\Users\Bernice\Downloads\calibre-0.8.57.msi
2012-06-15 03:20 - 2012-06-15 03:19 - 47544304 ____A C:\Users\Bernice\Downloads\calibre-0.8.56.msi
2012-06-11 19:02 - 2012-07-10 23:02 - 03147264 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-08 21:30 - 2012-07-10 21:45 - 14165504 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 20:46 - 2012-07-10 21:45 - 12868608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-07 16:25 - 2012-06-07 16:25 - 01124103 ____A C:\Users\Bernice\Downloads\DBM-4.10.12-r7536-Core-and-Cataclysm-Mods.zip
2012-06-07 06:17 - 2012-06-07 06:17 - 00010075 ____A C:\Users\Bernice\Downloads\BittensSpellFlashLibrary-2.11.1.zip
2012-06-06 19:58 - 2012-06-06 19:58 - 00007862 ____A C:\Users\Bernice\Downloads\BittensSpellFlash_Priest-2.1.0.zip
2012-06-06 19:57 - 2012-06-06 19:57 - 00074891 ____A C:\Users\Bernice\Downloads\SpellFlash-5.162.zip
2012-06-05 21:50 - 2012-07-10 21:45 - 02003968 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 21:50 - 2012-07-10 21:45 - 01880064 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 21:09 - 2012-07-10 21:45 - 01389568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 21:09 - 2012-07-10 21:45 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-02 14:19 - 2012-06-21 17:49 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-21 17:49 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-21 17:49 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-21 17:49 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-21 17:49 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-21 17:49 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-21 17:49 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 11:19 - 2012-06-21 17:49 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 11:15 - 2012-06-21 17:49 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-01 21:38 - 2012-07-10 21:45 - 00152432 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 21:38 - 2012-07-10 21:45 - 00095088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 21:37 - 2012-07-10 21:45 - 00459216 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 21:27 - 2012-07-10 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 21:27 - 2012-07-10 21:45 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 20:48 - 2012-07-10 21:45 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 20:48 - 2012-07-10 21:45 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 20:47 - 2012-07-10 21:45 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-01 20:42 - 2012-07-10 21:45 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-05-31 08:25 - 2010-12-20 16:04 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-05-20 09:15 - 2012-05-20 09:15 - 04720082 ____A (Skylabs) C:\Users\Bernice\Downloads\OCTGN 3.0.1.6.exe
2012-05-14 19:56 - 2012-06-12 15:17 - 01197568 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-14 19:52 - 2012-06-12 15:17 - 00064512 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-14 19:08 - 2012-06-12 15:17 - 00981504 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-05-14 19:06 - 2012-06-12 15:17 - 00048128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-05-14 08:57 - 2012-05-14 08:57 - 00001249 ____A C:\Users\Public\Desktop\Diablo III.lnk
2012-05-14 08:53 - 2012-05-14 08:53 - 32288896 ____A (Blizzard Entertainment) C:\Users\Bernice\Downloads\Diablo-III-Setup-enUS.exe
2012-05-14 06:24 - 2012-05-14 06:24 - 07336648 ____A (Blizzard Entertainment) C:\Users\Bernice\Downloads\Diablo-III-8370-enUS-Installer-downloader(1).exe
ZeroAccess:
C:\Windows\Installer\{1f47eb10-4447-ed96-c74a-469d77c68f8d}
C:\Windows\Installer\{1f47eb10-4447-ed96-c74a-469d77c68f8d}\@
C:\Windows\Installer\{1f47eb10-4447-ed96-c74a-469d77c68f8d}\U
C:\Windows\Installer\{1f47eb10-4447-ed96-c74a-469d77c68f8d}\U\00000004.@
C:\Windows\Installer\{1f47eb10-4447-ed96-c74a-469d77c68f8d}\U\80000000.@
C:\Windows\Installer\{1f47eb10-4447-ed96-c74a-469d77c68f8d}\U\80000064.@
ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini
ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini
========================= Known DLLs (Whitelisted) ============
========================= Bamital & volsnap Check ============
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
========================= Memory info ======================
Percentage of memory in use: 17%
Total physical RAM: 4094.55 MB
Available physical RAM: 3373.75 MB
Total Pagefile: 4092.7 MB
Available Pagefile: 3452.85 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB
======================= Partitions =========================
2 Drive c: () (Fixed) (Total:596.07 GB) (Free:456.06 GB) NTFS
4 Drive f: (FLASH DRIVE) (Removable) (Total:0.12 GB) (Free:0.12 GB) FAT
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
6 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 596 GB 0 B
Disk 1 Online 123 MB 0 B
Partitions of Disk 0:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 596 GB 101 MB
==================================================================================
Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y System Rese NTFS Partition 100 MB Healthy
==================================================================================
Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 596 GB Healthy
==================================================================================
Partitions of Disk 1:
===============
Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 123 MB 16 KB
==================================================================================
Disk: 1
Partition 1
Type : 06
Hidden: No
Active: Yes
Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F FLASH DRIVE FAT Removable 123 MB Healthy
==================================================================================
Last Boot: 2012-08-06 20:59
======================= End Of Log ==========================
And
Farbar Recovery Scan Tool Version: 09-08-2012
Ran by SYSTEM at 2012-08-10 20:13:58
Running from F:\
================== Search: "services.exe" ===================
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB
C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06
====== End Of Search ======
-
That did help. I will be a bit. Doing the rest of what you told me to do now... I appreciate your helpfulness.
-
I'm confused as to how to make a restore point.... When I clicked on "System Restore" to get options it was going to roll back to a prior point.... Can you assist me with the first part of your directions? I've copied the 64 bit version to a flash drive, so I guess I got a BIT ahead of myself, but then noticed your first directions and stopped until you have a chance to clarify.
-
Thank you very much for the timely reply.
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_31
Run by Bernice at 19:31:50 on 2012-08-10
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4095.2492 [GMT -4:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Users\Bernice\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Windows\SysWOW64\CtHelper.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
-netsvcs
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\taskmgr.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe
C:\Windows\notepad.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [DevconDefaultDB] C:\Windows\system32\readreg /PSCONV={NO} /FAIL=1
uRun: [spotify] "C:\Users\Bernice\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
uRun: [googletalk] C:\Users\Bernice\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
uRun: [NCsoft]
mRun: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL
mRun: [CTHelper] CTHELPER.EXE
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
LSP: %SYSTEMROOT%\system32\nvLsp.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPID.cab
TCP: DhcpNameServer = 209.206.136.8 207.230.192.251
TCP: Interfaces\{62798B1D-B62C-43FE-91AD-343A086A0FE9} : DhcpNameServer = 209.206.136.8 207.230.192.251
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL
mRun-x64: [CTHelper] CTHELPER.EXE
mRun-x64: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRunOnce-x64: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Bernice\AppData\Roaming\Mozilla\Firefox\Profiles\r60pnj1e.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files\Mozilla Firefox\plugins\np_gp.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-2-7 655944]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]
R3 COMMONFX.SYS;COMMONFX.SYS;C:\Windows\system32\drivers\COMMONFX.SYS --> C:\Windows\system32\drivers\COMMONFX.SYS [?]
R3 CTAUDFX.SYS;CTAUDFX.SYS;C:\Windows\system32\drivers\CTAUDFX.SYS --> C:\Windows\system32\drivers\CTAUDFX.SYS [?]
R3 CTSBLFX.SYS;CTSBLFX.SYS;C:\Windows\system32\drivers\CTSBLFX.SYS --> C:\Windows\system32\drivers\CTSBLFX.SYS [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-4 250056]
S3 COMMONFX;COMMONFX;C:\Windows\system32\drivers\COMMONFX.SYS --> C:\Windows\system32\drivers\COMMONFX.SYS [?]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-12-20 79360]
S3 CTAUDFX;CTAUDFX;C:\Windows\system32\drivers\CTAUDFX.SYS --> C:\Windows\system32\drivers\CTAUDFX.SYS [?]
S3 CTERFXFX.SYS;CTERFXFX.SYS;C:\Windows\system32\drivers\CTERFXFX.SYS --> C:\Windows\system32\drivers\CTERFXFX.SYS [?]
S3 CTERFXFX;CTERFXFX;C:\Windows\system32\drivers\CTERFXFX.SYS --> C:\Windows\system32\drivers\CTERFXFX.SYS [?]
S3 CTSBLFX;CTSBLFX;C:\Windows\system32\drivers\CTSBLFX.SYS --> C:\Windows\system32\drivers\CTSBLFX.SYS [?]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe [2011-2-19 25832]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-28 113120]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-08-10 22:59:31 20480 ------w- C:\Windows\svchost.exe
2012-08-10 01:25:38 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-08-07 07:16:06 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B033D555-B4ED-4EDC-9523-66351C4A87D4}\offreg.dll
2012-08-07 07:15:08 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B033D555-B4ED-4EDC-9523-66351C4A87D4}\mpengine.dll
.
==================== Find3M ====================
.
2012-08-03 06:20:13 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-03 06:20:13 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-03 17:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-12 03:02:52 3147264 ----a-w- C:\Windows\System32\win32k.sys
2012-06-06 05:50:50 2003968 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 05:50:50 1880064 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 05:09:46 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:09:46 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 05:38:26 95088 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:38:24 152432 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:37:45 459216 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:27:02 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:27:00 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:48:39 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:48:35 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:47:31 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:42:51 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-31 16:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-05-15 03:56:59 1197568 ----a-w- C:\Windows\System32\wininet.dll
2012-05-15 03:08:48 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
.
============= FINISH: 19:32:19.71 ===============
And
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 12/20/2010 6:52:34 PM
System Uptime: 8/10/2012 6:58:16 PM (1 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P5N-D
Processor: Intel® Core2 Duo CPU E6850 @ 3.00GHz | Socket 775 | 3000/333mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 596 GiB total, 454.926 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description:
Device ID: PCI\VEN_1102&DEV_7003&SUBSYS_00401102&REV_04\4&14591D7E&0&3180
Manufacturer:
Name:
PNP Device ID: PCI\VEN_1102&DEV_7003&SUBSYS_00401102&REV_04\4&14591D7E&0&3180
Service:
.
==== System Restore Points ===================
.
RP243: 7/17/2012 5:22:19 AM - Windows Update
RP245: 7/17/2012 8:39:22 PM - Windows Defender Checkpoint
RP246: 7/24/2012 3:17:58 AM - Windows Update
RP247: 7/24/2012 11:30:24 PM - Installed calibre
RP248: 7/31/2012 3:14:11 AM - Windows Update
RP249: 8/7/2012 3:14:23 AM - Windows Update
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3)
calibre
City of Heroes
CoffeeCup Free FTP
Coupon Printer for Windows
Creative Audio Console
Creative Software AutoUpdate
Diablo III
Dragon Age: Origins
GIMP 2.6.11
Google Talk (remove only)
Hoyle Card Games 5
Java Auto Updater
Java 6 Update 31
Malwarebytes Anti-Malware version 1.62.0.1300
McAfee Security Scan Plus
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
mIRC
Mozilla Firefox 14.0.1 (x86 en-US)
Mozilla Maintenance Service
Mumble 1.2.3
NCsoft Launcher
NVIDIA ForceWare Network Access Manager
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
OpenAL
OpenOffice.org 3.2
PDF to ePub Converter 2.2.3
Pegasus Mail
Pegasus Mail HTML Renderer 2.4.0.3
PhotoFiltre
Picasa 3
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Ventrilo Client
VirtualCloneDrive
World of Warcraft Beta
Yahoo! Messenger
.
==== Event Viewer Messages From Past Week ========
.
8/10/2012 6:59:40 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
8/10/2012 6:59:40 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
.
==== End Of File ===========================
RogueKiller V7.6.6 [08/10/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User: Bernice [Admin rights]
Mode: Scan -- Date: 08/10/2012 19:35:09
¤¤¤ Bad processes: 1 ¤¤¤
[sVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc]
¤¤¤ Registry Entries: 2 ¤¤¤
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] @ : c:\windows\installer\{1f47eb10-4447-ed96-c74a-469d77c68f8d}\@ --> FOUND
[ZeroAccess][FOLDER] U : c:\windows\installer\{1f47eb10-4447-ed96-c74a-469d77c68f8d}\U --> FOUND
[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_32\desktop.ini --> FOUND
[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_64\desktop.ini --> FOUND
[susp.ASLR][ASLR WIPED-OFF] services.exe : c:\windows\system32\services.exe --> FOUND
¤¤¤ Driver: [NOT LOADED] ¤¤¤
¤¤¤ Infection : ZeroAccess ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD64 01AALS-00E8B SCSI Disk Device +++++
--- User ---
[MBR] de56085bf42185de9de7ddf70a5ddde3
[bSP] f7e93078e80b07ffdd0bd575fae681f7 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 610378 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Finished : << RKreport[1].txt >>
RKreport[1].txt
I hope I did all this correctly,
Bernice
-
I'm having difficulties removing these... This is the log when I finish with Malwarebytes Anti-malware
Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org
Database version: v2012.08.10.08
Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
Bernice :: BERNICE-PC [administrator]
Protection: Enabled
8/10/2012 7:00:04 PM
mbam-log-2012-08-10 (19-00-04).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 206292
Time elapsed: 2 minute(s), 54 second(s)
Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 2760 -> Delete on reboot.
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 4
C:\Windows\Installer\{1f47eb10-4447-ed96-c74a-469d77c68f8d}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
C:\Windows\Installer\{1f47eb10-4447-ed96-c74a-469d77c68f8d}\U\000000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Windows\Installer\{1f47eb10-4447-ed96-c74a-469d77c68f8d}\U\80000032.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.
(end)
RootKit.0Access, Trojan.Agent, and Trojan.Dropper.BCMiner
in Resolved Malware Removal Logs
Posted
Thank you very much. Everything is still running fine and you've left me with a sense of accomplishment I appreciate all the time you spent with me.
Bernice