DesertLion
-
Posts
9 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by DesertLion
-
-
Finished running every scan I can think of and they all indicate that the problem is resolved. Thank you for your help. It is much appreciated.
-
I am in the process of running various malware/virus scans now. I will let you know tomorrow if anything else pops up. Thanks for all of your help Catbyte. I may yet be persuaded that cats are better than dogs.
ComboFix 12-12-01.02 - Joe 12/03/2012 18:33:35.2.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8182.6595 [GMT -6:00]
Running from: c:\users\Joe\Desktop\ComboFix.exe
Command switches used :: c:\users\Joe\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\programdata\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric.zip"
"c:\programdata\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric1.zip"
"c:\programdata\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric2.zip"
"c:\users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric.zip"
"c:\users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric1.zip"
"c:\users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric2.zip"
"c:\users\Joe\AppData\Local\AOL\AIM\update\install.exe"
"f:\users\Joe\Documents\Installers\vlcmediaplayer-setup.exe"
"f:\users\Joe\Documents\Installers\WormsArmageddon-dm.exe"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric.zip
c:\programdata\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric1.zip
c:\programdata\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric2.zip
c:\users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric.zip
c:\users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric1.zip
c:\users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric2.zip
c:\users\Joe\AppData\Local\AOL\AIM\update\install.exe
f:\users\Joe\Documents\Installers\vlcmediaplayer-setup.exe
f:\users\Joe\Documents\Installers\WormsArmageddon-dm.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-11-04 to 2012-12-04 )))))))))))))))))))))))))))))))
.
.
2012-12-04 00:36 . 2012-12-04 00:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-04 00:23 . 2012-12-04 00:23 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D9912CB4-54D9-4ACC-BB50-85CC8C111901}\offreg.dll
2012-12-03 01:35 . 2012-11-19 07:01 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D9912CB4-54D9-4ACC-BB50-85CC8C111901}\mpengine.dll
2012-12-03 01:21 . 2012-12-03 01:21 -------- d-----w- c:\windows\ERUNT
2012-12-03 01:21 . 2012-12-03 01:21 -------- d-----w- C:\JRT
2012-12-02 23:14 . 2012-12-02 23:14 -------- d-----w- C:\TDSSKiller_Quarantine
2012-12-02 04:45 . 2012-12-02 04:45 -------- d-----w- c:\users\Joe\AppData\Roaming\Malwarebytes
2012-12-02 04:45 . 2012-12-02 04:45 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-12-02 04:45 . 2012-12-02 04:45 -------- d-----w- c:\programdata\Malwarebytes
2012-12-02 04:45 . 2012-09-30 01:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-02 04:10 . 2012-12-02 04:10 -------- d-----w- c:\program files (x86)\PC Tools
2012-12-02 04:08 . 2012-12-02 04:51 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2012-12-02 04:08 . 2012-11-01 21:35 253256 ----a-w- c:\windows\system32\drivers\PCTSD64.sys
2012-12-02 04:08 . 2012-12-02 04:44 -------- d-----w- c:\programdata\PC Tools
2012-12-02 04:08 . 2012-12-02 04:08 -------- d-----w- c:\users\Joe\AppData\Roaming\TestApp
2012-11-19 23:07 . 2012-11-19 23:07 -------- d-----w- c:\programdata\OptiTex
2012-11-17 23:29 . 2012-11-17 23:30 -------- d-----w- c:\users\UpdatusUser
2012-11-17 23:29 . 2012-11-17 23:30 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2012-11-17 23:29 . 2012-12-04 00:12 -------- d-----w- c:\programdata\NVIDIA
2012-11-17 23:29 . 2012-10-02 19:51 3293544 ----a-w- c:\windows\system32\nvsvc64.dll
2012-11-17 23:29 . 2012-10-02 19:51 6200680 ----a-w- c:\windows\system32\nvcpl.dll
2012-11-17 23:29 . 2012-10-02 19:50 891240 ----a-w- c:\windows\system32\nvvsvc.exe
2012-11-17 23:29 . 2012-10-02 19:50 63336 ----a-w- c:\windows\system32\nvshext.dll
2012-11-17 23:29 . 2012-10-02 19:50 2557800 ----a-w- c:\windows\system32\nvsvcr.dll
2012-11-17 23:29 . 2012-10-02 19:50 118120 ----a-w- c:\windows\system32\nvmctray.dll
2012-11-14 12:10 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-14 12:10 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-14 12:10 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-11-14 12:10 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-14 12:05 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-14 12:05 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-14 12:05 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-14 12:05 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-14 12:05 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-14 12:05 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-14 12:05 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-14 12:02 . 2012-10-03 17:56 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-11-14 12:02 . 2012-10-03 17:44 70656 ----a-w- c:\windows\system32\nlaapi.dll
2012-11-14 12:02 . 2012-10-03 17:44 303104 ----a-w- c:\windows\system32\nlasvc.dll
2012-11-14 12:02 . 2012-10-03 17:44 246272 ----a-w- c:\windows\system32\netcorehc.dll
2012-11-14 12:02 . 2012-10-03 17:44 18944 ----a-w- c:\windows\system32\netevent.dll
2012-11-14 12:02 . 2012-10-03 17:44 216576 ----a-w- c:\windows\system32\ncsi.dll
2012-11-14 12:02 . 2012-10-03 17:42 569344 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-11-14 12:02 . 2012-10-03 16:42 18944 ----a-w- c:\windows\SysWow64\netevent.dll
2012-11-14 12:02 . 2012-10-03 16:42 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll
2012-11-14 12:02 . 2012-10-03 16:42 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
2012-11-14 12:02 . 2012-10-03 16:07 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-11-14 12:02 . 2012-01-13 07:12 52224 ----a-w- c:\windows\SysWow64\nlaapi.dll
2012-11-14 11:56 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2012-11-14 11:56 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll
2012-11-14 11:53 . 2012-10-09 18:17 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-11-14 11:53 . 2012-10-09 18:17 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-11-14 11:53 . 2012-10-09 17:40 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2012-11-14 11:53 . 2012-10-09 17:40 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
2012-11-14 11:53 . 2012-10-18 18:25 3149824 ----a-w- c:\windows\system32\win32k.sys
2012-11-06 23:33 . 2012-11-06 23:33 -------- d-----w- c:\windows\[systemFolder]
2012-11-06 01:56 . 2012-11-06 01:56 -------- d-----w- c:\users\Joe\AppData\Roaming\CocotronLibrary
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-19 14:06 . 2012-08-16 01:46 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-19 14:06 . 2012-08-16 01:46 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-14 12:06 . 2012-08-16 00:03 66395536 ----a-w- c:\windows\system32\MRT.exe
2012-10-16 08:38 . 2012-11-28 11:04 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 11:04 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 11:04 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-11 03:23 . 2012-10-11 03:23 1867112 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-10-11 03:23 . 2012-10-11 03:23 18252136 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-10-11 03:23 . 2012-10-11 03:23 1482600 ----a-w- c:\windows\system32\nvdispgenco64.dll
2012-10-11 03:23 . 2012-10-11 03:23 6127464 ----a-w- c:\windows\SysWow64\nvopencl.dll
2012-10-11 03:23 . 2012-10-11 03:23 2574696 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-10-11 03:23 . 2012-10-11 03:23 25256296 ----a-w- c:\windows\system32\nvcompiler.dll
2012-10-11 03:23 . 2012-10-11 03:23 7414632 ----a-w- c:\windows\system32\nvopencl.dll
2012-10-11 03:23 . 2012-10-11 03:23 2731880 ----a-w- c:\windows\system32\nvapi64.dll
2012-10-11 03:23 . 2012-10-11 03:23 14922600 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-10-11 03:23 . 2012-10-11 03:23 9146728 ----a-w- c:\windows\system32\nvcuda.dll
2012-10-11 03:23 . 2012-10-11 03:23 7697768 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-10-11 03:23 . 2012-10-11 03:23 2218344 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-10-11 03:23 . 2012-10-11 03:23 12501352 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-10-11 03:22 . 2012-10-11 03:22 2428776 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-10-11 03:22 . 2012-10-11 03:22 26331496 ----a-w- c:\windows\system32\nvoglv64.dll
2012-10-11 03:22 . 2012-02-10 03:43 1760104 ----a-w- c:\windows\system32\nvdispco64.dll
2012-10-11 03:22 . 2012-10-11 03:22 15309160 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-10-11 03:22 . 2012-10-11 03:22 2747240 ----a-w- c:\windows\system32\nvcuvid.dll
2012-10-11 03:22 . 2012-10-11 03:22 19906920 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-10-11 03:22 . 2012-10-11 03:22 13443944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-10-11 03:22 . 2012-10-11 03:22 17559912 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-10-02 19:15 . 2012-10-02 19:15 430952 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-09-14 19:19 . 2012-10-10 10:08 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-10 10:08 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Calendarscope"="c:\program files (x86)\Calendarscope\csde.exe" [2012-09-17 2848696]
"TivoTransfer"="c:\program files (x86)\TiVo\Desktop\TiVoTransfer.exe" [2010-08-24 608528]
"TranscodingService"="c:\program files (x86)\TiVo\Desktop\Plus\\TranscodingService.exe" [2010-08-24 856336]
"TivoNotify"="c:\program files (x86)\TiVo\Desktop\TiVoNotify.exe" [2010-08-24 437520]
"TivoServer"="c:\program files (x86)\TiVo\Desktop\TiVoServer.exe" [2010-08-24 2264336]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"Memeo Backup Premium"="c:\program files (x86)\Memeo\AutoBackupPro\MemeoLauncher2.exe" [2012-04-14 131072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-30 676936]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-30 25928]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]
R3 USTOR2K;USB Mass Storage Windows Driver;c:\windows\system32\DRIVERS\ustor2k.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-08-16 1255736]
R4 TivoBeacon2;TiVo Beacon Service;c:\program files (x86)\TiVo\Desktop\TiVoBeacon.exe [2010-08-24 1104656]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-30 399432]
S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackupPro\MemeoBackgroundService.exe [2010-03-22 25824]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 UsbFltr;WayTech USB Filter Driver;c:\windows\system32\Drivers\UsbFltr.sys [2007-04-09 12288]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-19 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files (x86)\Spybot - Search & Destroy\SpybotSD.exe [2012-08-16 22:31]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: comiclife.com
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-18182204.sys
WebBrowser-{A13C2648-91D4-4BF3-BC6D-0079707C4389} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-12-03 18:37:16
ComboFix-quarantined-files.txt 2012-12-04 00:37
.
Pre-Run: 913,705,095,168 bytes free
Post-Run: 913,320,488,960 bytes free
.
- - End Of File - - 90565DE443915274D1CF697C2A87EE33
-
I will give it a try after I get home from work tonight.
-
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 3.7.4 (12.02.2012:1)
OS: Windows 7 Professional x64
Ran by Joe on Sun 12/02/2012 at 19:21:39.91
Blog: http://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\escort.dll"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\escortapp.dll"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\escorteng.dll"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\escortlbr.dll"
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{afbcb7e0-f91a-4951-9f31-58fee57a25c4}
~~~ Files
Successfully deleted: [File] "C:\Users\Joe\appdata\local\funmoods-speeddial.crx"
~~~ Folders
Successfully deleted: [Folder] "C:\Users\Joe\appdata\locallow\minibar"
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 12/02/2012 at 19:23:53.91
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# AdwCleaner v2.011 - Logfile created 12/02/2012 at 19:27:00
# Updated 02/12/2012 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Joe - JOE-PC
# Boot Mode : Normal
# Running from : C:\Users\Joe\Desktop\AdwCleaner.exe
# Option [Delete]
***** [services] *****
***** [Files / Folders] *****
***** [Registry] *****
Key Deleted : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
***** [internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16455
[OK] Registry is clean.
-\\ Google Chrome v [unable to get version]
File : C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[s1].txt - [2578 octets] - [02/12/2012 19:27:00]
########## EOF - C:\AdwCleaner[s1].txt - [2638 octets] ##########
ESET Results...
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric1.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric2.zip Win32/Bagle.gen.zip worm
C:\TDSSKiller_Quarantine\02.12.2012_17.13.33\mbr0000\tdlfs0000\tsk0000.dta a variant of Win32/Olmarik.AYI trojan
C:\TDSSKiller_Quarantine\02.12.2012_17.13.33\mbr0000\tdlfs0000\tsk0001.dta a variant of Win64/Olmarik.AM trojan
C:\TDSSKiller_Quarantine\02.12.2012_17.13.33\mbr0000\tdlfs0000\tsk0002.dta a variant of Win32/Rootkit.Kryptik.QM trojan
C:\TDSSKiller_Quarantine\02.12.2012_17.13.33\mbr0000\tdlfs0000\tsk0003.dta Win64/Olmarik.AN trojan
C:\TDSSKiller_Quarantine\02.12.2012_17.13.33\mbr0000\tdlfs0000\tsk0007.dta Win32/Olmarik.AFK trojan
C:\TDSSKiller_Quarantine\02.12.2012_17.13.33\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmarik.AK trojan
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric1.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Spybot - Search & Destroy\Recovery\SmitfraudCgeneric2.zip Win32/Bagle.gen.zip worm
C:\Users\Joe\AppData\Local\AOL\AIM\update\install.exe Win32/OpenCandy application
F:\Users\Joe\Documents\Installers\vlcmediaplayer-setup.exe Win32/DownloadAdmin.A.Gen application
F:\Users\Joe\Documents\Installers\WormsArmageddon-dm.exe a variant of Win32/Adware.Trymedia.A application
-
TDSS Killer...
17:13:33.0524 3636 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
17:13:33.0524 3636 ============================================================
17:13:33.0524 3636 Current date / time: 2012/12/02 17:13:33.0524
17:13:33.0524 3636 SystemInfo:
17:13:33.0524 3636
17:13:33.0524 3636 OS Version: 6.1.7601 ServicePack: 1.0
17:13:33.0524 3636 Product type: Workstation
17:13:33.0524 3636 ComputerName: JOE-PC
17:13:33.0524 3636 UserName: Joe
17:13:33.0524 3636 Windows directory: C:\Windows
17:13:33.0524 3636 System windows directory: C:\Windows
17:13:33.0524 3636 Running under WOW64
17:13:33.0524 3636 Processor architecture: Intel x64
17:13:33.0524 3636 Number of processors: 8
17:13:33.0524 3636 Page size: 0x1000
17:13:33.0524 3636 Boot type: Normal boot
17:13:33.0524 3636 ============================================================
17:13:34.0304 3636 Drive \Device\Harddisk2\DR2 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:13:34.0304 3636 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:13:34.0319 3636 Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:13:34.0335 3636 ============================================================
17:13:34.0335 3636 \Device\Harddisk2\DR2:
17:13:34.0335 3636 MBR partitions:
17:13:34.0335 3636 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
17:13:34.0335 3636 \Device\Harddisk0\DR0:
17:13:34.0335 3636 MBR partitions:
17:13:34.0335 3636 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
17:13:34.0335 3636 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
17:13:34.0335 3636 \Device\Harddisk1\DR1:
17:13:34.0350 3636 MBR partitions:
17:13:34.0350 3636 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x254297C1
17:13:34.0350 3636 ============================================================
17:13:34.0397 3636 C: <-> \Device\Harddisk0\DR0\Partition2
17:13:34.0444 3636 E: <-> \Device\Harddisk1\DR1\Partition1
17:13:34.0460 3636 F: <-> \Device\Harddisk2\DR2\Partition1
17:13:34.0460 3636 ============================================================
17:13:34.0460 3636 Initialize success
17:13:34.0460 3636 ============================================================
17:13:51.0729 3840 ============================================================
17:13:51.0729 3840 Scan started
17:13:51.0729 3840 Mode: Manual; TDLFS;
17:13:51.0729 3840 ============================================================
17:13:52.0150 3840 ================ Scan system memory ========================
17:13:52.0150 3840 System memory - ok
17:13:52.0150 3840 ================ Scan services =============================
17:13:52.0244 3840 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
17:13:52.0244 3840 1394ohci - ok
17:13:52.0259 3840 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
17:13:52.0259 3840 ACPI - ok
17:13:52.0259 3840 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
17:13:52.0259 3840 AcpiPmi - ok
17:13:52.0322 3840 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:13:52.0322 3840 AdobeARMservice - ok
17:13:52.0337 3840 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
17:13:52.0353 3840 adp94xx - ok
17:13:52.0368 3840 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
17:13:52.0368 3840 adpahci - ok
17:13:52.0368 3840 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
17:13:52.0368 3840 adpu320 - ok
17:13:52.0400 3840 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
17:13:52.0400 3840 AeLookupSvc - ok
17:13:52.0431 3840 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
17:13:52.0446 3840 AFD - ok
17:13:52.0446 3840 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
17:13:52.0446 3840 agp440 - ok
17:13:52.0462 3840 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
17:13:52.0462 3840 ALG - ok
17:13:52.0478 3840 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
17:13:52.0478 3840 aliide - ok
17:13:52.0493 3840 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
17:13:52.0493 3840 amdide - ok
17:13:52.0509 3840 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
17:13:52.0509 3840 AmdK8 - ok
17:13:52.0524 3840 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
17:13:52.0524 3840 AmdPPM - ok
17:13:52.0524 3840 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
17:13:52.0524 3840 amdsata - ok
17:13:52.0540 3840 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
17:13:52.0540 3840 amdsbs - ok
17:13:52.0556 3840 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
17:13:52.0556 3840 amdxata - ok
17:13:52.0571 3840 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
17:13:52.0571 3840 AppID - ok
17:13:52.0587 3840 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
17:13:52.0587 3840 AppIDSvc - ok
17:13:52.0618 3840 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
17:13:52.0618 3840 Appinfo - ok
17:13:52.0680 3840 [ F401929EE0CC92BFE7F15161CA535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:13:52.0680 3840 Apple Mobile Device - ok
17:13:52.0712 3840 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
17:13:52.0712 3840 AppMgmt - ok
17:13:52.0727 3840 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
17:13:52.0727 3840 arc - ok
17:13:52.0727 3840 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
17:13:52.0727 3840 arcsas - ok
17:13:52.0774 3840 [ A82C01606DC27D05D9D3BFB6BB807E32 ] AsIO C:\Windows\syswow64\drivers\AsIO.sys
17:13:52.0774 3840 AsIO - ok
17:13:52.0805 3840 [ 26D66E32E78D3059715B3A17BC679CD9 ] AsUpIO C:\Windows\syswow64\drivers\AsUpIO.sys
17:13:52.0805 3840 AsUpIO - ok
17:13:52.0821 3840 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
17:13:52.0821 3840 AsyncMac - ok
17:13:52.0821 3840 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
17:13:52.0821 3840 atapi - ok
17:13:52.0836 3840 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:13:52.0852 3840 AudioEndpointBuilder - ok
17:13:52.0852 3840 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
17:13:52.0852 3840 AudioSrv - ok
17:13:52.0868 3840 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
17:13:52.0883 3840 AxInstSV - ok
17:13:52.0899 3840 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
17:13:52.0899 3840 b06bdrv - ok
17:13:52.0914 3840 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
17:13:52.0914 3840 b57nd60a - ok
17:13:52.0946 3840 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
17:13:52.0946 3840 BDESVC - ok
17:13:52.0946 3840 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
17:13:52.0946 3840 Beep - ok
17:13:52.0977 3840 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
17:13:52.0992 3840 BFE - ok
17:13:53.0008 3840 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
17:13:53.0024 3840 BITS - ok
17:13:53.0024 3840 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
17:13:53.0039 3840 blbdrive - ok
17:13:53.0070 3840 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
17:13:53.0086 3840 Bonjour Service - ok
17:13:53.0102 3840 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
17:13:53.0102 3840 bowser - ok
17:13:53.0117 3840 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:13:53.0117 3840 BrFiltLo - ok
17:13:53.0117 3840 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:13:53.0117 3840 BrFiltUp - ok
17:13:53.0133 3840 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
17:13:53.0133 3840 BridgeMP - ok
17:13:53.0148 3840 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
17:13:53.0148 3840 Browser - ok
17:13:53.0164 3840 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
17:13:53.0164 3840 Brserid - ok
17:13:53.0180 3840 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
17:13:53.0180 3840 BrSerWdm - ok
17:13:53.0180 3840 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
17:13:53.0180 3840 BrUsbMdm - ok
17:13:53.0195 3840 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
17:13:53.0195 3840 BrUsbSer - ok
17:13:53.0211 3840 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
17:13:53.0211 3840 BTHMODEM - ok
17:13:53.0226 3840 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
17:13:53.0226 3840 bthserv - ok
17:13:53.0242 3840 catchme - ok
17:13:53.0258 3840 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
17:13:53.0258 3840 cdfs - ok
17:13:53.0289 3840 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
17:13:53.0289 3840 cdrom - ok
17:13:53.0320 3840 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
17:13:53.0320 3840 CertPropSvc - ok
17:13:53.0336 3840 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
17:13:53.0336 3840 circlass - ok
17:13:53.0351 3840 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
17:13:53.0367 3840 CLFS - ok
17:13:53.0398 3840 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:13:53.0398 3840 clr_optimization_v2.0.50727_32 - ok
17:13:53.0429 3840 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:13:53.0429 3840 clr_optimization_v2.0.50727_64 - ok
17:13:53.0460 3840 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:13:53.0460 3840 clr_optimization_v4.0.30319_32 - ok
17:13:53.0492 3840 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:13:53.0492 3840 clr_optimization_v4.0.30319_64 - ok
17:13:53.0507 3840 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
17:13:53.0507 3840 CmBatt - ok
17:13:53.0507 3840 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
17:13:53.0507 3840 cmdide - ok
17:13:53.0538 3840 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
17:13:53.0538 3840 CNG - ok
17:13:53.0554 3840 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
17:13:53.0554 3840 Compbatt - ok
17:13:53.0570 3840 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
17:13:53.0570 3840 CompositeBus - ok
17:13:53.0585 3840 COMSysApp - ok
17:13:53.0601 3840 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
17:13:53.0601 3840 crcdisk - ok
17:13:53.0616 3840 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
17:13:53.0616 3840 CryptSvc - ok
17:13:53.0648 3840 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
17:13:53.0648 3840 CSC - ok
17:13:53.0663 3840 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
17:13:53.0679 3840 CscService - ok
17:13:53.0726 3840 [ 958EF96991ABCCFDAC0953C4A24081DC ] DAZContentManagementService C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe
17:13:53.0726 3840 DAZContentManagementService - ok
17:13:53.0757 3840 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
17:13:53.0772 3840 DcomLaunch - ok
17:13:53.0788 3840 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
17:13:53.0788 3840 defragsvc - ok
17:13:53.0819 3840 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
17:13:53.0819 3840 DfsC - ok
17:13:53.0850 3840 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
17:13:53.0850 3840 Dhcp - ok
17:13:53.0866 3840 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
17:13:53.0866 3840 discache - ok
17:13:53.0882 3840 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
17:13:53.0882 3840 Disk - ok
17:13:53.0897 3840 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
17:13:53.0897 3840 Dnscache - ok
17:13:53.0928 3840 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
17:13:53.0928 3840 dot3svc - ok
17:13:53.0944 3840 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
17:13:53.0944 3840 DPS - ok
17:13:53.0960 3840 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
17:13:53.0960 3840 drmkaud - ok
17:13:53.0991 3840 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
17:13:53.0991 3840 DXGKrnl - ok
17:13:54.0022 3840 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
17:13:54.0022 3840 EapHost - ok
17:13:54.0069 3840 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
17:13:54.0116 3840 ebdrv - ok
17:13:54.0131 3840 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
17:13:54.0131 3840 EFS - ok
17:13:54.0162 3840 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
17:13:54.0162 3840 ehRecvr - ok
17:13:54.0178 3840 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
17:13:54.0178 3840 ehSched - ok
17:13:54.0194 3840 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
17:13:54.0194 3840 elxstor - ok
17:13:54.0225 3840 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
17:13:54.0225 3840 ErrDev - ok
17:13:54.0240 3840 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
17:13:54.0240 3840 EventSystem - ok
17:13:54.0256 3840 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
17:13:54.0256 3840 exfat - ok
17:13:54.0256 3840 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
17:13:54.0272 3840 fastfat - ok
17:13:54.0303 3840 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
17:13:54.0303 3840 Fax - ok
17:13:54.0318 3840 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
17:13:54.0318 3840 fdc - ok
17:13:54.0334 3840 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
17:13:54.0334 3840 fdPHost - ok
17:13:54.0334 3840 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
17:13:54.0334 3840 FDResPub - ok
17:13:54.0350 3840 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
17:13:54.0350 3840 FileInfo - ok
17:13:54.0350 3840 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
17:13:54.0365 3840 Filetrace - ok
17:13:54.0365 3840 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
17:13:54.0365 3840 flpydisk - ok
17:13:54.0381 3840 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
17:13:54.0381 3840 FltMgr - ok
17:13:54.0412 3840 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
17:13:54.0428 3840 FontCache - ok
17:13:54.0443 3840 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:13:54.0443 3840 FontCache3.0.0.0 - ok
17:13:54.0459 3840 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
17:13:54.0459 3840 FsDepends - ok
17:13:54.0474 3840 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
17:13:54.0474 3840 Fs_Rec - ok
17:13:54.0506 3840 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
17:13:54.0506 3840 fvevol - ok
17:13:54.0506 3840 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
17:13:54.0521 3840 gagp30kx - ok
17:13:54.0537 3840 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:13:54.0537 3840 GEARAspiWDM - ok
17:13:54.0568 3840 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
17:13:54.0568 3840 gpsvc - ok
17:13:54.0584 3840 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
17:13:54.0584 3840 hcw85cir - ok
17:13:54.0615 3840 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:13:54.0630 3840 HdAudAddService - ok
17:13:54.0646 3840 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
17:13:54.0646 3840 HDAudBus - ok
17:13:54.0646 3840 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
17:13:54.0646 3840 HidBatt - ok
17:13:54.0662 3840 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
17:13:54.0662 3840 HidBth - ok
17:13:54.0662 3840 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
17:13:54.0662 3840 HidIr - ok
17:13:54.0677 3840 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
17:13:54.0677 3840 hidserv - ok
17:13:54.0724 3840 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
17:13:54.0724 3840 HidUsb - ok
17:13:54.0755 3840 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
17:13:54.0755 3840 hkmsvc - ok
17:13:54.0755 3840 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:13:54.0755 3840 HomeGroupListener - ok
17:13:54.0771 3840 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:13:54.0771 3840 HomeGroupProvider - ok
17:13:54.0786 3840 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
17:13:54.0786 3840 HpSAMD - ok
17:13:54.0833 3840 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
17:13:54.0833 3840 HTTP - ok
17:13:54.0849 3840 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
17:13:54.0849 3840 hwpolicy - ok
17:13:54.0864 3840 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
17:13:54.0880 3840 i8042prt - ok
17:13:54.0896 3840 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
17:13:54.0896 3840 iaStorV - ok
17:13:54.0927 3840 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:13:54.0942 3840 idsvc - ok
17:13:54.0942 3840 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
17:13:54.0942 3840 iirsp - ok
17:13:54.0974 3840 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
17:13:54.0974 3840 IKEEXT - ok
17:13:55.0052 3840 [ C2F868881D48A568B525255F084EF063 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
17:13:55.0067 3840 IntcAzAudAddService - ok
17:13:55.0083 3840 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
17:13:55.0083 3840 intelide - ok
17:13:55.0098 3840 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
17:13:55.0098 3840 intelppm - ok
17:13:55.0114 3840 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
17:13:55.0114 3840 IPBusEnum - ok
17:13:55.0130 3840 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:13:55.0130 3840 IpFilterDriver - ok
17:13:55.0161 3840 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
17:13:55.0161 3840 iphlpsvc - ok
17:13:55.0161 3840 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
17:13:55.0161 3840 IPMIDRV - ok
17:13:55.0176 3840 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
17:13:55.0176 3840 IPNAT - ok
17:13:55.0223 3840 [ A9AB99EE7D39725EAFEC82732D2B3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
17:13:55.0223 3840 iPod Service - ok
17:13:55.0239 3840 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
17:13:55.0239 3840 IRENUM - ok
17:13:55.0239 3840 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
17:13:55.0239 3840 isapnp - ok
17:13:55.0270 3840 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
17:13:55.0270 3840 iScsiPrt - ok
17:13:55.0286 3840 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
17:13:55.0286 3840 kbdclass - ok
17:13:55.0301 3840 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
17:13:55.0301 3840 kbdhid - ok
17:13:55.0317 3840 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
17:13:55.0317 3840 KeyIso - ok
17:13:55.0332 3840 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
17:13:55.0332 3840 KSecDD - ok
17:13:55.0332 3840 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
17:13:55.0348 3840 KSecPkg - ok
17:13:55.0348 3840 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
17:13:55.0348 3840 ksthunk - ok
17:13:55.0364 3840 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
17:13:55.0379 3840 KtmRm - ok
17:13:55.0395 3840 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
17:13:55.0395 3840 LanmanServer - ok
17:13:55.0426 3840 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:13:55.0426 3840 LanmanWorkstation - ok
17:13:55.0442 3840 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
17:13:55.0442 3840 lltdio - ok
17:13:55.0457 3840 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
17:13:55.0457 3840 lltdsvc - ok
17:13:55.0473 3840 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
17:13:55.0473 3840 lmhosts - ok
17:13:55.0504 3840 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
17:13:55.0504 3840 LSI_FC - ok
17:13:55.0520 3840 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
17:13:55.0520 3840 LSI_SAS - ok
17:13:55.0520 3840 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:13:55.0520 3840 LSI_SAS2 - ok
17:13:55.0535 3840 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:13:55.0535 3840 LSI_SCSI - ok
17:13:55.0551 3840 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
17:13:55.0551 3840 luafv - ok
17:13:55.0566 3840 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
17:13:55.0566 3840 MBAMProtector - ok
17:13:55.0629 3840 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
17:13:55.0629 3840 MBAMScheduler - ok
17:13:55.0660 3840 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
17:13:55.0660 3840 MBAMService - ok
17:13:55.0676 3840 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
17:13:55.0676 3840 Mcx2Svc - ok
17:13:55.0691 3840 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
17:13:55.0691 3840 megasas - ok
17:13:55.0707 3840 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
17:13:55.0707 3840 MegaSR - ok
17:13:55.0769 3840 [ D0067EAA04400314A1E95D70020F7403 ] MemeoBackgroundService C:\Program Files (x86)\Memeo\AutoBackupPro\MemeoBackgroundService.exe
17:13:55.0769 3840 MemeoBackgroundService - ok
17:13:55.0769 3840 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
17:13:55.0769 3840 MMCSS - ok
17:13:55.0785 3840 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
17:13:55.0785 3840 Modem - ok
17:13:55.0800 3840 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
17:13:55.0800 3840 monitor - ok
17:13:55.0800 3840 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
17:13:55.0800 3840 mouclass - ok
17:13:55.0832 3840 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
17:13:55.0832 3840 mouhid - ok
17:13:55.0863 3840 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
17:13:55.0863 3840 mountmgr - ok
17:13:55.0878 3840 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
17:13:55.0878 3840 mpio - ok
17:13:55.0894 3840 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
17:13:55.0894 3840 mpsdrv - ok
17:13:55.0910 3840 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
17:13:55.0925 3840 MpsSvc - ok
17:13:55.0941 3840 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
17:13:55.0956 3840 MRxDAV - ok
17:13:55.0972 3840 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
17:13:55.0972 3840 mrxsmb - ok
17:13:55.0988 3840 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:13:55.0988 3840 mrxsmb10 - ok
17:13:56.0003 3840 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:13:56.0003 3840 mrxsmb20 - ok
17:13:56.0019 3840 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
17:13:56.0019 3840 msahci - ok
17:13:56.0034 3840 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
17:13:56.0034 3840 msdsm - ok
17:13:56.0050 3840 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
17:13:56.0050 3840 MSDTC - ok
17:13:56.0050 3840 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
17:13:56.0050 3840 Msfs - ok
17:13:56.0066 3840 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
17:13:56.0066 3840 mshidkmdf - ok
17:13:56.0081 3840 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
17:13:56.0081 3840 msisadrv - ok
17:13:56.0097 3840 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
17:13:56.0097 3840 MSiSCSI - ok
17:13:56.0097 3840 msiserver - ok
17:13:56.0112 3840 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
17:13:56.0112 3840 MSKSSRV - ok
17:13:56.0112 3840 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
17:13:56.0112 3840 MSPCLOCK - ok
17:13:56.0128 3840 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
17:13:56.0128 3840 MSPQM - ok
17:13:56.0159 3840 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
17:13:56.0159 3840 MsRPC - ok
17:13:56.0159 3840 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
17:13:56.0159 3840 mssmbios - ok
17:13:56.0175 3840 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
17:13:56.0175 3840 MSTEE - ok
17:13:56.0175 3840 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
17:13:56.0190 3840 MTConfig - ok
17:13:56.0206 3840 [ 2219A3D695405E7BA2186BA6B9EDE14A ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys
17:13:56.0206 3840 MTsensor - ok
17:13:56.0222 3840 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
17:13:56.0222 3840 Mup - ok
17:13:56.0253 3840 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
17:13:56.0253 3840 napagent - ok
17:13:56.0268 3840 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
17:13:56.0268 3840 NativeWifiP - ok
17:13:56.0315 3840 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
17:13:56.0315 3840 NDIS - ok
17:13:56.0331 3840 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
17:13:56.0331 3840 NdisCap - ok
17:13:56.0346 3840 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
17:13:56.0346 3840 NdisTapi - ok
17:13:56.0378 3840 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
17:13:56.0378 3840 Ndisuio - ok
17:13:56.0393 3840 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
17:13:56.0393 3840 NdisWan - ok
17:13:56.0409 3840 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
17:13:56.0409 3840 NDProxy - ok
17:13:56.0409 3840 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
17:13:56.0424 3840 NetBIOS - ok
17:13:56.0440 3840 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
17:13:56.0440 3840 NetBT - ok
17:13:56.0456 3840 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
17:13:56.0456 3840 Netlogon - ok
17:13:56.0487 3840 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
17:13:56.0487 3840 Netman - ok
17:13:56.0502 3840 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
17:13:56.0502 3840 netprofm - ok
17:13:56.0518 3840 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:13:56.0518 3840 NetTcpPortSharing - ok
17:13:56.0534 3840 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
17:13:56.0534 3840 nfrd960 - ok
17:13:56.0549 3840 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
17:13:56.0549 3840 NlaSvc - ok
17:13:56.0565 3840 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
17:13:56.0565 3840 Npfs - ok
17:13:56.0565 3840 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
17:13:56.0565 3840 nsi - ok
17:13:56.0580 3840 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
17:13:56.0580 3840 nsiproxy - ok
17:13:56.0612 3840 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
17:13:56.0643 3840 Ntfs - ok
17:13:56.0658 3840 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
17:13:56.0658 3840 Null - ok
17:13:56.0674 3840 [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys
17:13:56.0674 3840 NVENETFD - ok
17:13:56.0846 3840 [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:13:56.0892 3840 nvlddmkm - ok
17:13:56.0939 3840 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
17:13:56.0939 3840 nvraid - ok
17:13:56.0955 3840 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
17:13:56.0955 3840 nvstor - ok
17:13:57.0002 3840 [ DDFAFCE89A5C93D04712B86F94E9FCBA ] nvsvc C:\Windows\system32\nvvsvc.exe
17:13:57.0017 3840 nvsvc - ok
17:13:57.0048 3840 [ 84E035225474E48CD3A6A3CE52332095 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
17:13:57.0048 3840 nvUpdatusService - ok
17:13:57.0064 3840 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
17:13:57.0064 3840 nv_agp - ok
17:13:57.0126 3840 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:13:57.0126 3840 odserv - ok
17:13:57.0142 3840 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
17:13:57.0142 3840 ohci1394 - ok
17:13:57.0173 3840 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:13:57.0173 3840 ose - ok
17:13:57.0204 3840 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
17:13:57.0204 3840 p2pimsvc - ok
17:13:57.0220 3840 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
17:13:57.0236 3840 p2psvc - ok
17:13:57.0251 3840 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
17:13:57.0251 3840 Parport - ok
17:13:57.0267 3840 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
17:13:57.0282 3840 partmgr - ok
17:13:57.0282 3840 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
17:13:57.0298 3840 PcaSvc - ok
17:13:57.0298 3840 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
17:13:57.0298 3840 pci - ok
17:13:57.0314 3840 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
17:13:57.0314 3840 pciide - ok
17:13:57.0314 3840 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
17:13:57.0329 3840 pcmcia - ok
17:13:57.0329 3840 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
17:13:57.0329 3840 pcw - ok
17:13:57.0345 3840 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
17:13:57.0345 3840 PEAUTH - ok
17:13:57.0392 3840 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
17:13:57.0423 3840 PeerDistSvc - ok
17:13:57.0454 3840 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
17:13:57.0454 3840 PerfHost - ok
17:13:57.0501 3840 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
17:13:57.0516 3840 pla - ok
17:13:57.0548 3840 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
17:13:57.0548 3840 PlugPlay - ok
17:13:57.0563 3840 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
17:13:57.0563 3840 PNRPAutoReg - ok
17:13:57.0579 3840 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
17:13:57.0579 3840 PNRPsvc - ok
17:13:57.0610 3840 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
17:13:57.0610 3840 PolicyAgent - ok
17:13:57.0626 3840 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
17:13:57.0626 3840 Power - ok
17:13:57.0641 3840 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
17:13:57.0641 3840 PptpMiniport - ok
17:13:57.0657 3840 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
17:13:57.0657 3840 Processor - ok
17:13:57.0688 3840 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
17:13:57.0688 3840 ProfSvc - ok
17:13:57.0704 3840 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:13:57.0704 3840 ProtectedStorage - ok
17:13:57.0719 3840 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
17:13:57.0719 3840 Psched - ok
17:13:57.0735 3840 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
17:13:57.0766 3840 ql2300 - ok
17:13:57.0766 3840 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
17:13:57.0766 3840 ql40xx - ok
17:13:57.0797 3840 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
17:13:57.0797 3840 QWAVE - ok
17:13:57.0813 3840 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
17:13:57.0813 3840 QWAVEdrv - ok
17:13:57.0828 3840 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
17:13:57.0828 3840 RasAcd - ok
17:13:57.0844 3840 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
17:13:57.0844 3840 RasAgileVpn - ok
17:13:57.0844 3840 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
17:13:57.0844 3840 RasAuto - ok
17:13:57.0875 3840 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
17:13:57.0875 3840 Rasl2tp - ok
17:13:57.0891 3840 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
17:13:57.0891 3840 RasMan - ok
17:13:57.0906 3840 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
17:13:57.0906 3840 RasPppoe - ok
17:13:57.0906 3840 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
17:13:57.0906 3840 RasSstp - ok
17:13:57.0938 3840 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
17:13:57.0938 3840 rdbss - ok
17:13:57.0953 3840 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
17:13:57.0953 3840 rdpbus - ok
17:13:57.0969 3840 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
17:13:57.0969 3840 RDPCDD - ok
17:13:57.0984 3840 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
17:13:57.0984 3840 RDPDR - ok
17:13:58.0000 3840 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
17:13:58.0000 3840 RDPENCDD - ok
17:13:58.0016 3840 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
17:13:58.0016 3840 RDPREFMP - ok
17:13:58.0031 3840 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
17:13:58.0031 3840 RDPWD - ok
17:13:58.0047 3840 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
17:13:58.0047 3840 rdyboost - ok
17:13:58.0078 3840 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
17:13:58.0078 3840 RemoteAccess - ok
17:13:58.0078 3840 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
17:13:58.0094 3840 RemoteRegistry - ok
17:13:58.0109 3840 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
17:13:58.0109 3840 RpcEptMapper - ok
17:13:58.0125 3840 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
17:13:58.0140 3840 RpcLocator - ok
17:13:58.0156 3840 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
17:13:58.0156 3840 RpcSs - ok
17:13:58.0156 3840 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
17:13:58.0172 3840 rspndr - ok
17:13:58.0187 3840 [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
17:13:58.0187 3840 RTL8167 - ok
17:13:58.0203 3840 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
17:13:58.0203 3840 s3cap - ok
17:13:58.0218 3840 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
17:13:58.0218 3840 SamSs - ok
17:13:58.0234 3840 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
17:13:58.0234 3840 sbp2port - ok
17:13:58.0281 3840 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
17:13:58.0281 3840 SBSDWSCService - ok
17:13:58.0296 3840 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
17:13:58.0296 3840 SCardSvr - ok
17:13:58.0312 3840 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
17:13:58.0328 3840 scfilter - ok
17:13:58.0343 3840 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
17:13:58.0359 3840 Schedule - ok
17:13:58.0374 3840 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
17:13:58.0374 3840 SCPolicySvc - ok
17:13:58.0406 3840 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
17:13:58.0406 3840 SDRSVC - ok
17:13:58.0421 3840 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
17:13:58.0421 3840 secdrv - ok
17:13:58.0437 3840 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
17:13:58.0437 3840 seclogon - ok
17:13:58.0452 3840 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
17:13:58.0452 3840 SENS - ok
17:13:58.0468 3840 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
17:13:58.0468 3840 SensrSvc - ok
17:13:58.0484 3840 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
17:13:58.0484 3840 Serenum - ok
17:13:58.0484 3840 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
17:13:58.0484 3840 Serial - ok
17:13:58.0499 3840 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
17:13:58.0499 3840 sermouse - ok
17:13:58.0530 3840 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
17:13:58.0530 3840 SessionEnv - ok
17:13:58.0546 3840 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
17:13:58.0546 3840 sffdisk - ok
17:13:58.0546 3840 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
17:13:58.0562 3840 sffp_mmc - ok
17:13:58.0562 3840 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
17:13:58.0562 3840 sffp_sd - ok
17:13:58.0577 3840 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
17:13:58.0577 3840 sfloppy - ok
17:13:58.0593 3840 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
17:13:58.0593 3840 SharedAccess - ok
17:13:58.0608 3840 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:13:58.0608 3840 ShellHWDetection - ok
17:13:58.0624 3840 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:13:58.0624 3840 SiSRaid2 - ok
17:13:58.0640 3840 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
17:13:58.0640 3840 SiSRaid4 - ok
17:13:58.0655 3840 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
17:13:58.0655 3840 Smb - ok
17:13:58.0686 3840 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
17:13:58.0686 3840 SNMPTRAP - ok
17:13:58.0686 3840 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
17:13:58.0686 3840 spldr - ok
17:13:58.0718 3840 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
17:13:58.0718 3840 Spooler - ok
17:13:58.0764 3840 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
17:13:58.0796 3840 sppsvc - ok
17:13:58.0827 3840 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
17:13:58.0827 3840 sppuinotify - ok
17:13:58.0842 3840 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
17:13:58.0842 3840 srv - ok
17:13:58.0858 3840 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
17:13:58.0874 3840 srv2 - ok
17:13:58.0874 3840 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
17:13:58.0889 3840 srvnet - ok
17:13:58.0905 3840 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
17:13:58.0905 3840 SSDPSRV - ok
17:13:58.0920 3840 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
17:13:58.0920 3840 SstpSvc - ok
17:13:58.0967 3840 [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
17:13:58.0967 3840 Stereo Service - ok
17:13:58.0983 3840 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
17:13:58.0983 3840 stexstor - ok
17:13:58.0998 3840 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
17:13:58.0998 3840 stisvc - ok
17:13:59.0014 3840 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
17:13:59.0014 3840 storflt - ok
17:13:59.0045 3840 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
17:13:59.0045 3840 StorSvc - ok
17:13:59.0061 3840 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
17:13:59.0061 3840 storvsc - ok
17:13:59.0076 3840 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
17:13:59.0076 3840 swenum - ok
17:13:59.0092 3840 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
17:13:59.0092 3840 swprv - ok
17:13:59.0139 3840 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
17:13:59.0170 3840 SysMain - ok
17:13:59.0170 3840 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:13:59.0170 3840 TabletInputService - ok
17:13:59.0186 3840 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
17:13:59.0201 3840 TapiSrv - ok
17:13:59.0217 3840 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
17:13:59.0217 3840 TBS - ok
17:13:59.0248 3840 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
17:13:59.0264 3840 Tcpip - ok
17:13:59.0295 3840 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
17:13:59.0295 3840 TCPIP6 - ok
17:13:59.0310 3840 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
17:13:59.0310 3840 tcpipreg - ok
17:13:59.0326 3840 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
17:13:59.0326 3840 TDPIPE - ok
17:13:59.0342 3840 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
17:13:59.0342 3840 TDTCP - ok
17:13:59.0357 3840 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
17:13:59.0357 3840 tdx - ok
17:13:59.0373 3840 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
17:13:59.0373 3840 TermDD - ok
17:13:59.0388 3840 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
17:13:59.0404 3840 TermService - ok
17:13:59.0420 3840 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
17:13:59.0420 3840 Themes - ok
17:13:59.0420 3840 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
17:13:59.0420 3840 THREADORDER - ok
17:13:59.0482 3840 [ 4DE3FAEE834E9EF5151A71866F6DB55D ] TivoBeacon2 C:\Program Files (x86)\TiVo\Desktop\TiVoBeacon.exe
17:13:59.0498 3840 TivoBeacon2 - ok
17:13:59.0513 3840 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
17:13:59.0513 3840 TrkWks - ok
17:13:59.0544 3840 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:13:59.0544 3840 TrustedInstaller - ok
17:13:59.0560 3840 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
17:13:59.0560 3840 tssecsrv - ok
17:13:59.0591 3840 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
17:13:59.0591 3840 TsUsbFlt - ok
17:13:59.0607 3840 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
17:13:59.0622 3840 tunnel - ok
17:13:59.0622 3840 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
17:13:59.0622 3840 uagp35 - ok
17:13:59.0638 3840 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
17:13:59.0654 3840 udfs - ok
17:13:59.0669 3840 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
17:13:59.0669 3840 UI0Detect - ok
17:13:59.0685 3840 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
17:13:59.0685 3840 uliagpkx - ok
17:13:59.0700 3840 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
17:13:59.0700 3840 umbus - ok
17:13:59.0716 3840 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
17:13:59.0716 3840 UmPass - ok
17:13:59.0732 3840 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
17:13:59.0732 3840 UmRdpService - ok
17:13:59.0747 3840 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
17:13:59.0747 3840 upnphost - ok
17:13:59.0763 3840 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
17:13:59.0778 3840 USBAAPL64 - ok
17:13:59.0778 3840 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
17:13:59.0778 3840 usbccgp - ok
17:13:59.0810 3840 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
17:13:59.0810 3840 usbcir - ok
17:13:59.0810 3840 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
17:13:59.0810 3840 usbehci - ok
17:13:59.0841 3840 [ 68BAD03835873D4BBBDE95CBB135A395 ] UsbFltr C:\Windows\system32\Drivers\UsbFltr.sys
17:13:59.0841 3840 UsbFltr - ok
17:13:59.0856 3840 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
17:13:59.0856 3840 usbhub - ok
17:13:59.0856 3840 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
17:13:59.0856 3840 usbohci - ok
17:13:59.0872 3840 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
17:13:59.0872 3840 usbprint - ok
17:13:59.0888 3840 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:13:59.0888 3840 USBSTOR - ok
17:13:59.0888 3840 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
17:13:59.0888 3840 usbuhci - ok
17:13:59.0903 3840 USTOR2K - ok
17:13:59.0919 3840 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
17:13:59.0919 3840 UxSms - ok
17:13:59.0919 3840 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
17:13:59.0919 3840 VaultSvc - ok
17:13:59.0950 3840 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
17:13:59.0950 3840 vdrvroot - ok
17:13:59.0981 3840 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
17:13:59.0997 3840 vds - ok
17:13:59.0997 3840 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
17:14:00.0012 3840 vga - ok
17:14:00.0012 3840 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
17:14:00.0012 3840 VgaSave - ok
17:14:00.0044 3840 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
17:14:00.0044 3840 vhdmp - ok
17:14:00.0059 3840 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
17:14:00.0059 3840 viaide - ok
17:14:00.0075 3840 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
17:14:00.0075 3840 vmbus - ok
17:14:00.0075 3840 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
17:14:00.0090 3840 VMBusHID - ok
17:14:00.0106 3840 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
17:14:00.0106 3840 volmgr - ok
17:14:00.0137 3840 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
17:14:00.0137 3840 volmgrx - ok
17:14:00.0153 3840 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
17:14:00.0153 3840 volsnap - ok
17:14:00.0168 3840 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
17:14:00.0168 3840 vsmraid - ok
17:14:00.0200 3840 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
17:14:00.0231 3840 VSS - ok
17:14:00.0231 3840 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
17:14:00.0231 3840 vwifibus - ok
17:14:00.0278 3840 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
17:14:00.0278 3840 W32Time - ok
17:14:00.0278 3840 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
17:14:00.0293 3840 WacomPen - ok
17:14:00.0309 3840 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
17:14:00.0309 3840 WANARP - ok
17:14:00.0309 3840 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
17:14:00.0309 3840 Wanarpv6 - ok
17:14:00.0340 3840 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
17:14:00.0371 3840 WatAdminSvc - ok
17:14:00.0402 3840 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
17:14:00.0434 3840 wbengine - ok
17:14:00.0449 3840 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
17:14:00.0449 3840 WbioSrvc - ok
17:14:00.0480 3840 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
17:14:00.0480 3840 wcncsvc - ok
17:14:00.0480 3840 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:14:00.0480 3840 WcsPlugInService - ok
17:14:00.0496 3840 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
17:14:00.0496 3840 Wd - ok
17:14:00.0527 3840 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
17:14:00.0543 3840 Wdf01000 - ok
17:14:00.0543 3840 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
17:14:00.0558 3840 WdiServiceHost - ok
17:14:00.0558 3840 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
17:14:00.0558 3840 WdiSystemHost - ok
17:14:00.0574 3840 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
17:14:00.0574 3840 WebClient - ok
17:14:00.0590 3840 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
17:14:00.0590 3840 Wecsvc - ok
17:14:00.0605 3840 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
17:14:00.0605 3840 wercplsupport - ok
17:14:00.0621 3840 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
17:14:00.0621 3840 WerSvc - ok
17:14:00.0636 3840 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
17:14:00.0636 3840 WfpLwf - ok
17:14:00.0652 3840 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
17:14:00.0652 3840 WIMMount - ok
17:14:00.0652 3840 WinDefend - ok
17:14:00.0668 3840 WinHttpAutoProxySvc - ok
17:14:00.0699 3840 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
17:14:00.0699 3840 Winmgmt - ok
17:14:00.0746 3840 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
17:14:00.0761 3840 WinRM - ok
17:14:00.0792 3840 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
17:14:00.0808 3840 Wlansvc - ok
17:14:00.0839 3840 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
17:14:00.0839 3840 WmiAcpi - ok
17:14:00.0870 3840 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
17:14:00.0870 3840 wmiApSrv - ok
17:14:00.0886 3840 WMPNetworkSvc - ok
17:14:00.0902 3840 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
17:14:00.0902 3840 WPCSvc - ok
17:14:00.0933 3840 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
17:14:00.0933 3840 WPDBusEnum - ok
17:14:00.0948 3840 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
17:14:00.0948 3840 ws2ifsl - ok
17:14:00.0964 3840 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
17:14:00.0964 3840 wscsvc - ok
17:14:00.0980 3840 WSearch - ok
17:14:01.0026 3840 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
17:14:01.0042 3840 wuauserv - ok
17:14:01.0058 3840 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
17:14:01.0058 3840 WudfPf - ok
17:14:01.0073 3840 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
17:14:01.0073 3840 WUDFRd - ok
17:14:01.0104 3840 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
17:14:01.0104 3840 wudfsvc - ok
17:14:01.0120 3840 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
17:14:01.0120 3840 WwanSvc - ok
17:14:01.0120 3840 ================ Scan global ===============================
17:14:01.0136 3840 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
17:14:01.0167 3840 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
17:14:01.0182 3840 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
17:14:01.0198 3840 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
17:14:01.0214 3840 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
17:14:01.0214 3840 [Global] - ok
17:14:01.0214 3840 ================ Scan MBR ==================================
17:14:01.0214 3840 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk2\DR2
17:14:01.0307 3840 \Device\Harddisk2\DR2 - ok
17:14:01.0323 3840 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
17:14:01.0323 3840 Suspicious mbr (Forged): \Device\Harddisk0\DR0
17:14:01.0370 3840 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
17:14:01.0370 3840 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
17:14:01.0432 3840 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
17:14:01.0432 3840 \Device\Harddisk0\DR0 - detected TDSS File System (1)
17:14:01.0432 3840 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
17:14:01.0635 3840 \Device\Harddisk1\DR1 - ok
17:14:01.0635 3840 ================ Scan VBR ==================================
17:14:01.0635 3840 [ B1FE8DBABFD3A74283B7D3E455C52A3D ] \Device\Harddisk2\DR2\Partition1
17:14:01.0635 3840 \Device\Harddisk2\DR2\Partition1 - ok
17:14:01.0635 3840 [ 16EFC8C64E0CF222BA05584B82E62A82 ] \Device\Harddisk0\DR0\Partition1
17:14:01.0635 3840 \Device\Harddisk0\DR0\Partition1 - ok
17:14:01.0635 3840 [ 94D9420588193CF908B782161F6A7BFC ] \Device\Harddisk0\DR0\Partition2
17:14:01.0635 3840 \Device\Harddisk0\DR0\Partition2 - ok
17:14:01.0635 3840 [ E69EB3FEE1D4493D8900E2FF4CE2E6A8 ] \Device\Harddisk1\DR1\Partition1
17:14:01.0635 3840 \Device\Harddisk1\DR1\Partition1 - ok
17:14:01.0635 3840 ============================================================
17:14:01.0635 3840 Scan finished
17:14:01.0635 3840 ============================================================
17:14:01.0650 3424 Detected object count: 2
17:14:01.0650 3424 Actual detected object count: 2
17:14:36.0829 3424 \Device\Harddisk0\DR0\# - copied to quarantine
17:14:36.0829 3424 \Device\Harddisk0\DR0 - copied to quarantine
17:14:36.0875 3424 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
17:14:36.0875 3424 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
17:14:36.0875 3424 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
17:14:36.0891 3424 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
17:14:36.0891 3424 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
17:14:36.0891 3424 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
17:14:36.0891 3424 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
17:14:36.0891 3424 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
17:14:36.0891 3424 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
17:14:36.0891 3424 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
17:14:36.0891 3424 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
17:14:36.0891 3424 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
17:14:36.0922 3424 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
17:14:36.0922 3424 \Device\Harddisk0\DR0 - ok
17:14:42.0523 3424 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
17:14:42.0523 3424 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
17:14:42.0523 3424 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
17:15:16.0843 3820 Deinitialize success
17:16:44.0622 2536 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
17:16:44.0732 2536 ============================================================
17:16:44.0732 2536 Current date / time: 2012/12/02 17:16:44.0732
17:16:44.0732 2536 SystemInfo:
17:16:44.0732 2536
17:16:44.0732 2536 OS Version: 6.1.7601 ServicePack: 1.0
17:16:44.0732 2536 Product type: Workstation
17:16:44.0732 2536 ComputerName: JOE-PC
17:16:44.0732 2536 UserName: Joe
17:16:44.0732 2536 Windows directory: C:\Windows
17:16:44.0732 2536 System windows directory: C:\Windows
17:16:44.0732 2536 Running under WOW64
17:16:44.0732 2536 Processor architecture: Intel x64
17:16:44.0732 2536 Number of processors: 8
17:16:44.0732 2536 Page size: 0x1000
17:16:44.0732 2536 Boot type: Normal boot
17:16:44.0732 2536 ============================================================
17:16:45.0621 2536 BG loaded
17:16:45.0917 2536 Drive \Device\Harddisk2\DR2 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:16:45.0917 2536 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:16:45.0933 2536 Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:16:45.0948 2536 ============================================================
17:16:45.0948 2536 \Device\Harddisk2\DR2:
17:16:45.0948 2536 MBR partitions:
17:16:45.0948 2536 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
17:16:45.0948 2536 \Device\Harddisk0\DR0:
17:16:45.0948 2536 MBR partitions:
17:16:45.0948 2536 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
17:16:45.0948 2536 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
17:16:45.0948 2536 \Device\Harddisk1\DR1:
17:16:45.0948 2536 MBR partitions:
17:16:45.0948 2536 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x254297C1
17:16:45.0948 2536 ============================================================
17:16:45.0995 2536 C: <-> \Device\Harddisk0\DR0\Partition2
17:16:46.0026 2536 E: <-> \Device\Harddisk1\DR1\Partition1
17:16:46.0026 2536 F: <-> \Device\Harddisk2\DR2\Partition1
17:16:46.0026 2536 ============================================================
17:16:46.0026 2536 Initialize success
17:16:46.0026 2536 ============================================================
Malwarebytes Anti-Rootkit 1.1.0.1009
Database version: v2012.12.02.04
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Joe :: JOE-PC [administrator]
12/2/2012 5:26:16 PM
mbar-log-2012-12-02 (17-26-16).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: PUP | PUM | P2P
Objects scanned: 27175
Time elapsed: 4 minute(s), 43 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Malwarebytes Anti-Rootkit 1.1.0.1009
Database version: v2012.12.02.04
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Joe :: JOE-PC [administrator]
12/2/2012 5:34:45 PM
mbar-log-2012-12-02 (17-34-45).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: PUP | PUM | P2P
Objects scanned: 27164
Time elapsed: 4 minute(s), 51 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
-
Hi again. I was unable to disable all of the norton services as they were grayed out in my services menu. Rather than fight through that, I've temporarily uninstalled Norton Antivirus so that I could run ComboFix.
ComboFix 12-12-01.02 - Joe 12/02/2012 10:35:35.1.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.12278.10313 [GMT -6:00]
Running from: c:\users\Joe\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Joe\AppData\Local\TempDIR
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-11-02 to 2012-12-02 )))))))))))))))))))))))))))))))
.
.
2012-12-02 16:38 . 2012-12-02 16:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-02 04:45 . 2012-12-02 04:45 -------- d-----w- c:\users\Joe\AppData\Roaming\Malwarebytes
2012-12-02 04:45 . 2012-12-02 04:45 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-12-02 04:45 . 2012-12-02 04:45 -------- d-----w- c:\programdata\Malwarebytes
2012-12-02 04:45 . 2012-09-30 01:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-02 04:10 . 2012-12-02 04:10 -------- d-----w- c:\program files (x86)\PC Tools
2012-12-02 04:08 . 2012-12-02 04:51 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2012-12-02 04:08 . 2012-11-01 21:35 253256 ----a-w- c:\windows\system32\drivers\PCTSD64.sys
2012-12-02 04:08 . 2012-12-02 04:44 -------- d-----w- c:\programdata\PC Tools
2012-12-02 04:08 . 2012-12-02 04:08 -------- d-----w- c:\users\Joe\AppData\Roaming\TestApp
2012-11-19 23:07 . 2012-11-19 23:07 -------- d-----w- c:\programdata\OptiTex
2012-11-17 23:29 . 2012-11-17 23:30 -------- d-----w- c:\users\UpdatusUser
2012-11-17 23:29 . 2012-11-17 23:30 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2012-11-17 23:29 . 2012-12-02 14:43 -------- d-----w- c:\programdata\NVIDIA
2012-11-17 23:29 . 2012-10-02 19:51 3293544 ----a-w- c:\windows\system32\nvsvc64.dll
2012-11-17 23:29 . 2012-10-02 19:51 6200680 ----a-w- c:\windows\system32\nvcpl.dll
2012-11-17 23:29 . 2012-10-02 19:50 891240 ----a-w- c:\windows\system32\nvvsvc.exe
2012-11-17 23:29 . 2012-10-02 19:50 63336 ----a-w- c:\windows\system32\nvshext.dll
2012-11-17 23:29 . 2012-10-02 19:50 2557800 ----a-w- c:\windows\system32\nvsvcr.dll
2012-11-17 23:29 . 2012-10-02 19:50 118120 ----a-w- c:\windows\system32\nvmctray.dll
2012-11-14 12:10 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-14 12:10 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-14 12:10 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-11-14 12:10 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-14 12:05 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-14 12:05 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-14 12:05 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-14 12:05 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-14 12:05 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-14 12:05 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-14 12:05 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-14 12:02 . 2012-10-03 17:56 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-11-14 12:02 . 2012-10-03 17:44 70656 ----a-w- c:\windows\system32\nlaapi.dll
2012-11-14 12:02 . 2012-10-03 17:44 303104 ----a-w- c:\windows\system32\nlasvc.dll
2012-11-14 12:02 . 2012-10-03 17:44 246272 ----a-w- c:\windows\system32\netcorehc.dll
2012-11-14 12:02 . 2012-10-03 17:44 18944 ----a-w- c:\windows\system32\netevent.dll
2012-11-14 12:02 . 2012-10-03 17:44 216576 ----a-w- c:\windows\system32\ncsi.dll
2012-11-14 12:02 . 2012-10-03 17:42 569344 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-11-14 12:02 . 2012-10-03 16:42 18944 ----a-w- c:\windows\SysWow64\netevent.dll
2012-11-14 12:02 . 2012-10-03 16:42 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll
2012-11-14 12:02 . 2012-10-03 16:42 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
2012-11-14 12:02 . 2012-10-03 16:07 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-11-14 12:02 . 2012-01-13 07:12 52224 ----a-w- c:\windows\SysWow64\nlaapi.dll
2012-11-14 11:56 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2012-11-14 11:56 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll
2012-11-14 11:53 . 2012-10-09 18:17 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-11-14 11:53 . 2012-10-09 18:17 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-11-14 11:53 . 2012-10-09 17:40 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2012-11-14 11:53 . 2012-10-09 17:40 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
2012-11-14 11:53 . 2012-10-18 18:25 3149824 ----a-w- c:\windows\system32\win32k.sys
2012-11-06 23:33 . 2012-11-06 23:33 -------- d-----w- c:\windows\[systemFolder]
2012-11-06 01:56 . 2012-11-06 01:56 -------- d-----w- c:\users\Joe\AppData\Roaming\CocotronLibrary
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-19 14:06 . 2012-08-16 01:46 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-19 14:06 . 2012-08-16 01:46 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-14 12:06 . 2012-08-16 00:03 66395536 ----a-w- c:\windows\system32\MRT.exe
2012-10-16 08:38 . 2012-11-28 11:04 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 11:04 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 11:04 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-11 03:23 . 2012-10-11 03:23 1867112 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-10-11 03:23 . 2012-10-11 03:23 18252136 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-10-11 03:23 . 2012-10-11 03:23 1482600 ----a-w- c:\windows\system32\nvdispgenco64.dll
2012-10-11 03:23 . 2012-10-11 03:23 6127464 ----a-w- c:\windows\SysWow64\nvopencl.dll
2012-10-11 03:23 . 2012-10-11 03:23 2574696 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-10-11 03:23 . 2012-10-11 03:23 25256296 ----a-w- c:\windows\system32\nvcompiler.dll
2012-10-11 03:23 . 2012-10-11 03:23 7414632 ----a-w- c:\windows\system32\nvopencl.dll
2012-10-11 03:23 . 2012-10-11 03:23 2731880 ----a-w- c:\windows\system32\nvapi64.dll
2012-10-11 03:23 . 2012-10-11 03:23 14922600 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-10-11 03:23 . 2012-10-11 03:23 9146728 ----a-w- c:\windows\system32\nvcuda.dll
2012-10-11 03:23 . 2012-10-11 03:23 7697768 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-10-11 03:23 . 2012-10-11 03:23 2218344 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-10-11 03:23 . 2012-10-11 03:23 12501352 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-10-11 03:22 . 2012-10-11 03:22 2428776 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-10-11 03:22 . 2012-10-11 03:22 26331496 ----a-w- c:\windows\system32\nvoglv64.dll
2012-10-11 03:22 . 2012-02-10 03:43 1760104 ----a-w- c:\windows\system32\nvdispco64.dll
2012-10-11 03:22 . 2012-10-11 03:22 15309160 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-10-11 03:22 . 2012-10-11 03:22 2747240 ----a-w- c:\windows\system32\nvcuvid.dll
2012-10-11 03:22 . 2012-10-11 03:22 19906920 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-10-11 03:22 . 2012-10-11 03:22 13443944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-10-11 03:22 . 2012-10-11 03:22 17559912 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-10-02 19:15 . 2012-10-02 19:15 430952 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-09-14 19:19 . 2012-10-10 10:08 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-10 10:08 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Calendarscope"="c:\program files (x86)\Calendarscope\csde.exe" [2012-09-17 2848696]
"TivoTransfer"="c:\program files (x86)\TiVo\Desktop\TiVoTransfer.exe" [2010-08-24 608528]
"TranscodingService"="c:\program files (x86)\TiVo\Desktop\Plus\\TranscodingService.exe" [2010-08-24 856336]
"TivoNotify"="c:\program files (x86)\TiVo\Desktop\TiVoNotify.exe" [2010-08-24 437520]
"TivoServer"="c:\program files (x86)\TiVo\Desktop\TiVoServer.exe" [2010-08-24 2264336]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"Memeo Backup Premium"="c:\program files (x86)\Memeo\AutoBackupPro\MemeoLauncher2.exe" [2012-04-14 131072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S4 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\NAVx64\1402000.013\ccSetx64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMBR
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-19 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files (x86)\Spybot - Search & Destroy\SpybotSD.exe [2012-08-16 22:31]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: comiclife.com
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{A13C2648-91D4-4BF3-BC6D-0079707C4389} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_110_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_110.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-12-02 10:40:19
ComboFix-quarantined-files.txt 2012-12-02 16:40
.
Pre-Run: 908,337,442,816 bytes free
Post-Run: 908,470,022,144 bytes free
.
- - End Of File - - 35FE22B65D62B1408DE6ECDAF29463D2
-
aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-12-02 09:51:39
-----------------------------
09:51:39.533 OS Version: Windows x64 6.1.7601 Service Pack 1
09:51:39.533 Number of processors: 8 586 0x1A05
09:51:39.533 ComputerName: JOE-PC UserName: Joe
09:51:41.311 Initialize success
09:51:49.862 AVAST engine download error: 0
09:52:02.248 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3
09:52:02.264 Disk 0 Vendor: ST31000528AS CC37 Size: 953869MB BusType: 3
09:52:02.264 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP3T1L0-5
09:52:02.264 Disk 1 Vendor: ST3320620AS 3.AAE Size: 305245MB BusType: 3
09:52:02.264 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP2T1L0-7
09:52:02.264 Disk 2 Vendor: Hitachi_HDS721010CLA332 JP4OA25C Size: 953869MB BusType: 3
09:52:02.264 Device \Driver\atapi -> MajorFunction fffffa800b89a5e8
09:52:02.264 Disk 0 MBR read successfully
09:52:02.264 Disk 0 MBR scan
09:52:02.264 Disk 0 Windows 7 default MBR code
09:52:02.279 Disk 0 MBR hidden
09:52:02.279 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
09:52:02.295 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953767 MB offset 206848
09:52:02.310 Disk 0 scanning C:\Windows\system32\drivers
09:52:07.989 Service scanning
09:52:18.082 Modules scanning
09:52:18.082 Disk 0 trace - called modules:
09:52:18.082 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa800b89a5e8]<<
09:52:18.082 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800adfd790]
09:52:18.082 3 CLASSPNP.SYS[fffff88001b8d43f] -> nt!IofCallDriver -> [0xfffffa800abba520]
09:52:18.082 5 ACPI.sys[fffff88000d4c7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-3[0xfffffa800abbf060]
09:52:18.098 \Driver\atapi[0xfffffa8009d75e70] -> IRP_MJ_CREATE -> 0xfffffa800b89a5e8
09:52:18.098 Scan finished successfully
09:52:33.058 Disk 0 MBR has been saved successfully to "C:\Users\Joe\Desktop\MBR.dat"
09:52:33.058 The log file has been saved successfully to "C:\Users\Joe\Desktop\aswMBR.txt"
-
Hi, when someone has a moment, I am needing some expert assistance to deal with this issue. Spybot located it, but does not seem to be able to completely remove it - as it comes back after a restart. I have disconnected the infected PC from the internet and am working from a laptop. Per the sticky topic at the head of the forum, I have pasted the dds output below. My appologies in advance if I overlooked a step or instruction for posting issues. Thank you for your time.
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16455
Run by Joe at 9:13:52 on 2012-12-02
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.12278.10210 [GMT -6:00]
.
AV: Norton AntiVirus *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton AntiVirus *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Memeo\AutoBackupPro\MemeoBackgroundService.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton AntiVirus\Engine\20.2.0.19\ccSvcHst.exe
C:\Program Files (x86)\Norton Identity Safe\Engine\2013.2.0.18\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\Norton AntiVirus\Engine\20.2.0.19\ccSvcHst.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Norton Identity Safe\Engine\2013.2.0.18\ccSvcHst.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Calendarscope\csde.exe
C:\Program Files (x86)\TiVo\Desktop\TiVoTransfer.exe
C:\Program Files (x86)\TiVo\Desktop\TiVoNotify.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Memeo\AutoBackupPro\MemeoBackup.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton AntiVirus\Engine\20.2.0.19\ips\ipsbho.dll
BHO: Norton Identity Protection: {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.2.0.18\CoIEPlg.dll
TB: Norton Identity Safe Toolbar: {A13C2648-91D4-4BF3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.2.0.18\CoIEPlg.dll
TB: Norton Identity Safe Toolbar: {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.2.0.18\CoIEPlg.dll
uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [Calendarscope] "C:\Program Files (x86)\Calendarscope\csde.exe"
uRun: [TivoTransfer] C:\Program Files (x86)\TiVo\Desktop\TiVoTransfer.exe
uRun: [TranscodingService] C:\Program Files (x86)\TiVo\Desktop\Plus\\TranscodingService.exe
uRun: [TivoNotify] C:\Program Files (x86)\TiVo\Desktop\TiVoNotify.exe /service /registry /auto:TivoNotify
uRun: [TivoServer] C:\Program Files (x86)\TiVo\Desktop\TiVoServer.exe /service /registry
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Memeo Backup Premium] C:\Program Files (x86)\Memeo\AutoBackupPro\MemeoLauncher2.exe --silent --no_ui
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://javadl-esd.sun.com/update/1.4.2/jinstall-1_4-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{A6CC02DE-205E-408F-AC2A-557803A57E90} : DHCPNameServer = 192.168.1.1
SSODL: WebCheck - <orphaned>
x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NAVx64\1402000.013\symds64.sys [2012-10-20 493216]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NAVx64\1402000.013\symefa64.sys [2012-10-20 1133216]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.1.2\Definitions\BASHDefs\20121106.001\BHDrvx64.sys [2012-10-23 1384608]
R1 ccSet_NAV;Norton AntiVirus Settings Manager;C:\Windows\System32\drivers\NAVx64\1402000.013\ccsetx64.sys [2012-10-20 168096]
R1 ccSet_NST;Norton Identity Safe Settings Manager;C:\Windows\System32\drivers\NSTx64\7DD02000.012\ccSetx64.sys [2012-10-29 168096]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.1.1.2\Definitions\IPSDefs\20121130.001\IDSviA64.sys [2012-11-30 513184]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NAVx64\1402000.013\ironx64.sys [2012-10-20 224416]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NAVx64\1402000.013\symnets.sys [2012-10-20 432800]
R2 DAZContentManagementService;DAZ Content Management Service;C:\Program Files\DAZ 3D\Content Management Service\ContentManagementServer.exe [2012-9-8 22528]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-1 399432]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-1 676936]
R2 MemeoBackgroundService;MemeoBackgroundService;C:\Program Files (x86)\Memeo\AutoBackupPro\MemeoBackgroundService.exe [2010-3-22 25824]
R2 NAV;Norton AntiVirus;C:\Program Files (x86)\Norton AntiVirus\Engine\20.2.0.19\ccsvchst.exe [2012-10-20 143928]
R2 NCO;Norton Identity Safe;C:\Program Files (x86)\Norton Identity Safe\Engine\2013.2.0.18\ccSvcHst.exe [2012-10-29 143928]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-8-15 1153368]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-8-15 138912]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-12-1 25928]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 UsbFltr;WayTech USB Filter Driver;C:\Windows\System32\drivers\UsbFltr.sys [2007-4-9 12288]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-8-16 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-4-25 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-8-15 1255736]
S4 TivoBeacon2;TiVo Beacon Service;C:\Program Files (x86)\TiVo\Desktop\TiVoBeacon.exe [2010-8-24 1104656]
.
=============== Created Last 30 ================
.
2012-12-02 14:44:16 20480 ----a-w- C:\Windows\svchost.exe
2012-12-02 04:45:42 -------- d-----w- C:\Users\Joe\AppData\Roaming\Malwarebytes
2012-12-02 04:45:30 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-12-02 04:45:30 -------- d-----w- C:\ProgramData\Malwarebytes
2012-12-02 04:45:30 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-12-02 04:10:43 -------- d-----w- C:\Program Files (x86)\PC Tools
2012-12-02 04:08:35 253256 ----a-w- C:\Windows\System32\drivers\PCTSD64.sys
2012-12-02 04:08:35 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2012-12-02 04:08:23 -------- d-----w- C:\ProgramData\PC Tools
2012-12-02 04:08:22 -------- d-----w- C:\Users\Joe\AppData\Roaming\TestApp
2012-11-19 23:07:28 -------- d-----w- C:\ProgramData\OptiTex
2012-11-17 23:29:56 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2012-11-17 23:29:41 891240 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-11-17 23:29:41 63336 ----a-w- C:\Windows\System32\nvshext.dll
2012-11-17 23:29:41 6200680 ----a-w- C:\Windows\System32\nvcpl.dll
2012-11-17 23:29:41 3293544 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-11-17 23:29:41 2557800 ----a-w- C:\Windows\System32\nvsvcr.dll
2012-11-17 23:29:41 118120 ----a-w- C:\Windows\System32\nvmctray.dll
2012-11-14 12:10:44 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2012-11-14 12:10:44 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2012-11-14 12:10:44 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2012-11-14 12:10:44 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2012-11-14 12:05:54 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2012-11-14 12:05:54 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2012-11-14 12:05:54 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2012-11-14 12:05:54 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2012-11-14 12:05:53 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2012-11-14 12:05:53 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2012-11-14 12:05:53 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2012-11-14 12:02:22 70656 ----a-w- C:\Windows\System32\nlaapi.dll
2012-11-14 12:02:22 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll
2012-11-14 12:02:22 52224 ----a-w- C:\Windows\SysWow64\nlaapi.dll
2012-11-14 12:02:22 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
2012-11-14 12:02:22 303104 ----a-w- C:\Windows\System32\nlasvc.dll
2012-11-14 12:02:22 246272 ----a-w- C:\Windows\System32\netcorehc.dll
2012-11-14 12:02:22 216576 ----a-w- C:\Windows\System32\ncsi.dll
2012-11-14 12:02:22 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-11-14 12:02:22 18944 ----a-w- C:\Windows\SysWow64\netevent.dll
2012-11-14 12:02:22 18944 ----a-w- C:\Windows\System32\netevent.dll
2012-11-14 12:02:22 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll
2012-11-14 12:02:22 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
2012-11-14 11:56:36 95744 ----a-w- C:\Windows\System32\synceng.dll
2012-11-14 11:56:36 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
2012-11-14 11:53:17 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2012-11-14 11:53:17 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
2012-11-14 11:53:17 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
2012-11-14 11:53:17 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
2012-11-14 11:53:16 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-11-06 23:33:02 -------- d-----w- C:\Windows\[systemFolder]
2012-11-06 01:56:53 -------- d-----w- C:\Users\Joe\AppData\Roaming\CocotronLibrary
.
==================== Find3M ====================
.
2012-11-19 14:06:57 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-11-19 14:06:57 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll
2012-10-11 03:22:54 2428776 ----a-w- C:\Windows\SysWow64\nvapi.dll
2012-10-11 03:22:52 26331496 ----a-w- C:\Windows\System32\nvoglv64.dll
2012-10-11 03:22:52 1760104 ----a-w- C:\Windows\System32\nvdispco64.dll
2012-10-11 03:22:32 15309160 ----a-w- C:\Windows\SysWow64\nvd3dum.dll
2012-10-11 03:22:26 2747240 ----a-w- C:\Windows\System32\nvcuvid.dll
2012-10-11 03:22:24 19906920 ----a-w- C:\Windows\SysWow64\nvoglv32.dll
2012-10-11 03:22:18 13443944 ----a-w- C:\Windows\System32\drivers\nvlddmkm.sys
2012-10-11 03:22:14 17559912 ----a-w- C:\Windows\SysWow64\nvcompiler.dll
2012-10-09 01:00:02 776864 ----a-w- C:\Windows\System32\drivers\NAVx64\1402000.013\srtsp64.sys
2012-10-08 11:31:03 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-10-08 11:23:52 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-10-08 11:22:55 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-10-08 11:18:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-10-08 11:17:35 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-10-08 11:13:33 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-10-08 07:56:24 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-10-08 07:48:03 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-10-08 07:47:44 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-10-08 07:44:05 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-10-08 07:43:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-10-08 07:40:56 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-10-04 01:40:35 1133216 ----a-w- C:\Windows\System32\drivers\NAVx64\1402000.013\symefa64.sys
2012-10-04 01:40:20 493216 ----a-w- C:\Windows\System32\drivers\NAVx64\1402000.013\symds64.sys
2012-10-04 01:19:14 168096 ----a-w- C:\Windows\System32\drivers\NAVx64\1402000.013\ccsetx64.sys
2012-10-04 01:19:14 168096 ----a-r- C:\Windows\System32\drivers\NSTx64\7DD02000.012\ccSetx64.sys
2012-10-02 19:15:52 430952 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-09-08 03:27:07 177312 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2012-09-07 02:05:14 432800 ----a-w- C:\Windows\System32\drivers\NAVx64\1402000.013\symnets.sys
2012-09-07 01:48:08 224416 ----a-w- C:\Windows\System32\drivers\NAVx64\1402000.013\ironx64.sys
.
============= FINISH: 9:14:14.85 ===============
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 8/15/2012 8:47:12 PM
System Uptime: 12/2/2012 8:42:46 AM (1 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P6T
Processor: Intel® Core i7 CPU 960 @ 3.20GHz | LGA1366 | 3201/133mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 931 GiB total, 847.567 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 298 GiB total, 90.369 GiB free.
F: is FIXED (NTFS) - 932 GiB total, 711.069 GiB free.
G: is Removable
H: is Removable
I: is Removable
K: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP32: 9/4/2012 5:59:17 PM - Windows Update
RP33: 9/12/2012 5:16:23 AM - Windows Update
RP34: 9/22/2012 8:33:03 AM - Windows Update
RP35: 9/26/2012 7:12:18 AM - Windows Update
RP36: 10/4/2012 7:42:28 PM - Scheduled Checkpoint
RP37: 10/6/2012 11:34:52 AM - Installed Comic Life
RP38: 10/6/2012 2:44:50 PM - Windows Update
RP39: 10/7/2012 8:32:26 AM - Windows Update
RP40: 10/8/2012 6:00:28 AM - Windows Update
RP41: 10/10/2012 5:58:16 AM - Windows Update
RP42: 10/17/2012 8:00:04 PM - Scheduled Checkpoint
RP43: 10/25/2012 6:48:59 AM - Scheduled Checkpoint
RP44: 11/1/2012 8:27:28 PM - Scheduled Checkpoint
RP45: 11/5/2012 7:55:49 PM - Installed Comic Life 2
RP46: 11/6/2012 5:32:33 PM - Installed Memeo LifeAgent Explorer Extension
RP47: 11/14/2012 6:05:09 AM - Windows Update
RP48: 11/17/2012 5:28:02 PM - Windows Update
RP49: 11/25/2012 8:54:13 PM - Scheduled Checkpoint
RP50: 11/28/2012 6:04:15 AM - Windows Update
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Reader X (10.1.4)
AIM for Windows
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
Calendarscope
Canon MX880 series MP Drivers
CCleaner
Comic Life
Comic Life 2
Cool & Quiet
DAZ Content Management Service
DAZ Studio 4.5 (64bit)
Dynamic Clothing Control DS4 (64bit)
GIMP 2.8.2
iTunes
Java 7 Update 7 (64-bit)
Malwarebytes Anti-Malware version 1.65.1.1000
Memeo Backup Premium
Memeo LifeAgent Explorer Extension
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Norton AntiVirus
Norton Identity Safe
NVIDIA 3D Vision Driver 306.97
NVIDIA Control Panel 306.97
NVIDIA Graphics Driver 306.97
NVIDIA Install Application
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.10.8
NVIDIA Update Components
Real Alternative 1.50
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition
Spybot - Search & Destroy
TiVo Desktop 2.8.3
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760413) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VLC media player 2.0.0
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
12/1/2012 5:54:29 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
12/1/2012 5:54:28 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
12/1/2012 5:54:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/1/2012 5:54:18 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
12/1/2012 5:54:07 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AsIO AsUpIO BHDrvx64 ccSet_NAV ccSet_NST discache eeCtrl IDSVia64 spldr SRTSP SRTSPX SymIRON SymNetS Wanarpv6
12/1/2012 3:29:49 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffffa800b8afbb0, 0x0000000000000000, 0x000000007ef98000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 120112-29109-01.
12/1/2012 2:57:37 PM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.
12/1/2012 2:57:37 PM, Error: Schannel [36874] - An TLS 1.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
12/1/2012 10:15:28 PM, Error: PCTCore [280] -
12/1/2012 10:10:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
11/30/2012 9:31:01 PM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
.
==== End Of File ===========================
Infected with SmitFraud-C.generic
in Resolved Malware Removal Logs
Posted
I'll execute the cleanup steps. Thank you again for your time.