Megaweapon
-
Posts
5 -
Joined
-
Last visited
-
The computer is running pretty good now. I think startup time was normal today.
-
Here is the log. Sorry it took a while. ComboFix 13-05-28.01 - Cliff 05/28/2013 2:57.5.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7935.6232 [GMT -4:00] Running from: c:\users\Cliff\Desktop\ComboFix.exe Command switches used :: c:\users\Cliff\Desktop\CFScript.txt SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "c:\windows\system32\drivers\99275219.sys" . . ((((((((((((((((((((((((( Files Created from 2013-04-28 to 2013-05-28 ))))))))))))))))))))))))))))))) . . 2013-05-28 07:09 . 2013-05-28 07:09 -------- d-----w- c:\users\Public\AppData\Local\temp 2013-05-28 07:09 . 2013-05-28 07:09 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-05-26 00:11 . 2013-05-26 03:13 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable) 2013-05-24 22:08 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{66AE6ECC-AB3E-4480-8FAF-5FE7C5326255}\mpengine.dll 2013-05-24 03:13 . 2013-05-24 03:13 -------- d-----w- c:\programdata\Licenses 2013-05-24 03:13 . 2011-11-04 09:13 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX 2013-05-24 03:13 . 2009-03-24 16:52 129872 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL 2013-05-24 03:13 . 2013-05-24 03:15 -------- d-----w- c:\program files (x86)\SpywareBlaster 2013-05-23 23:21 . 2013-05-23 23:21 -------- d-----w- c:\windows\ERUNT 2013-05-23 23:21 . 2013-05-23 23:21 -------- d-----w- C:\JRT 2013-05-15 04:49 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys 2013-05-15 04:49 . 2013-04-10 06:01 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2013-05-15 04:49 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll 2013-05-15 04:49 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll 2013-05-15 04:49 . 2013-02-27 06:02 111448 ----a-w- c:\windows\system32\consent.exe 2013-05-15 04:49 . 2013-02-27 05:52 197120 ----a-w- c:\windows\system32\shdocvw.dll 2013-05-15 04:49 . 2013-02-27 05:48 1930752 ----a-w- c:\windows\system32\authui.dll 2013-05-15 04:49 . 2013-02-27 05:47 70144 ----a-w- c:\windows\system32\appinfo.dll 2013-05-15 04:49 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\SysWow64\authui.dll 2013-05-14 23:07 . 2013-05-15 12:56 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird 2013-05-06 22:24 . 2013-05-06 22:24 -------- d-----w- c:\users\Cliff\AppData\Local\Aspyr 2013-05-02 06:33 . 2013-05-02 06:33 -------- d-----w- c:\program files (x86)\Common Files\BioWare 2013-05-02 06:33 . 2013-05-02 06:33 -------- d-----w- c:\users\hedev 2013-05-02 02:26 . 2013-05-02 02:26 -------- d-sh--w- c:\programdata\DSS . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-05-21 23:14 . 2012-07-27 00:29 45856 ----a-w- c:\windows\system32\drivers\avgtpx64.sys 2013-05-15 07:08 . 2010-12-29 14:31 75016696 ----a-w- c:\windows\system32\MRT.exe 2013-05-14 22:43 . 2012-04-15 16:37 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-05-14 22:43 . 2011-06-27 23:25 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-05-03 22:37 . 2011-12-26 19:52 466520 ----a-w- c:\windows\system32\wrap_oal.dll 2013-05-03 22:37 . 2011-12-26 19:52 445016 ----a-w- c:\windows\SysWow64\wrap_oal.dll 2013-05-03 22:37 . 2011-12-26 19:52 122968 ----a-w- c:\windows\system32\OpenAL32.dll 2013-05-03 22:37 . 2011-12-26 19:52 109144 ----a-w- c:\windows\SysWow64\OpenAL32.dll 2013-05-02 06:06 . 2010-12-28 15:53 278800 ------w- c:\windows\system32\MpSigStub.exe 2013-05-02 03:51 . 2009-08-18 16:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll 2013-05-02 03:51 . 2009-08-18 15:24 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2013-04-23 04:09 . 2013-04-23 04:09 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-04-23 04:09 . 2012-07-25 03:36 866720 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2013-04-23 04:09 . 2010-12-29 01:09 788896 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-04-12 14:45 . 2013-04-23 22:33 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys 2013-04-04 18:50 . 2011-05-27 23:53 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-03-19 06:04 . 2013-04-10 12:24 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-03-19 05:46 . 2013-04-10 12:24 43520 ----a-w- c:\windows\system32\csrsrv.dll 2013-03-19 05:04 . 2013-04-10 12:24 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-03-19 05:04 . 2013-04-10 12:24 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2013-03-19 04:47 . 2013-04-10 12:24 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll 2013-03-19 03:06 . 2013-04-10 12:24 112640 ----a-w- c:\windows\system32\smss.exe 2013-02-28 12:03 . 2013-03-13 04:36 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2013-02-28 11:38 . 2013-03-13 04:36 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-03-30 00:01 . 2012-03-29 23:58 3993600 ----a-w- c:\program files (x86)\GUTEB5F.tmp . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2010-11-07 2646128] "SansaDispatch"="c:\users\Cliff\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe" [2011-01-06 79872] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-05-24 5622512] "California Fonts Loader"="c:\program files (x86)\California Font Manager\CaliforniaFonts.exe" [2011-04-02 631016] "Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-05-03 1635752] "Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2012-12-04 3093624] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992] "PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2010-04-12 180224] "ConnectionCenter"="c:\users\Cliff\AppData\Local\Citrix\ICA Client\concentr.exe" [2010-03-11 300400] "WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2010-12-09 74752] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280] "amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-24 926896] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Application Restart 0"="c:\program files (x86)\ASUS\GPU Tweak\Monitor.exe" [2012-02-14 2385408] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-11-06 96256] R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-29 1255736] S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2013-05-21 45856] S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2009-10-05 87600] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-09-09 140672] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-12-19 240640] S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-12-19 361984] S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472] S2 ASGT;ASGT;c:\windows\SysWOW64\ASGT.exe [2012-01-17 55296] S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136] S3 IOMap;IOMap;c:\windows\system32\drivers\IOMap64.sys [2010-02-23 23680] S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2010-11-07 24176] S3 RTL85n64;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\system32\DRIVERS\RTL85n64.sys [2010-03-23 2061856] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-09-28 395264] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - PBFILTER . Contents of the 'Scheduled Tasks' folder . 2013-05-28 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 22:43] . 2013-05-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4240822391-1121041123-2288482998-1001Core.job - c:\users\Cliff\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-10 22:33] . 2013-05-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4240822391-1121041123-2288482998-1001UA.job - c:\users\Cliff\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-10 22:33] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.ask.com/?l=dis&o=14597 mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: &Download by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/201 IE: &Grab video by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/204 IE: Do&wnload selected by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/203 IE: Down&load all by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/202 TCP: DhcpNameServer = 192.168.1.254 CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll FF - ProfilePath - c:\users\Cliff\AppData\Roaming\Mozilla\Firefox\Profiles\zk4zkjei.default\ . - - - - ORPHANS REMOVED - - - - . AddRemove-Giant Savings - c:\program files (x86)\Giant Savings\Uninstall.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-4240822391-1121041123-2288482998-1001\Software\SecuROM\License information*] "datasecu"=hex:af,67,15,1f,3d,a4,ef,cf,7b,bc,34,19,a7,d0,8e,d6,ad,d2,2e,32,ce, b2,98,5a,f4,75,14,b5,22,ce,40,d8,9a,a8,c8,a3,7f,39,47,61,9d,c6,29,94,47,d4,\ "rkeysecu"=hex:43,9a,34,38,a1,39,66,b3,43,5c,28,30,bf,4c,68,79 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\users\Cliff\AppData\Local\Citrix\ICA Client\wfcrun32.exe . ************************************************************************** . Completion time: 2013-05-28 03:18:45 - machine was rebooted ComboFix-quarantined-files.txt 2013-05-28 07:18 ComboFix2.txt 2013-05-26 20:10 ComboFix3.txt 2013-05-26 19:45 ComboFix4.txt 2013-05-26 03:32 ComboFix5.txt 2013-05-28 06:55 . Pre-Run: 356,602,421,248 bytes free Post-Run: 356,316,839,936 bytes free . - - End Of File - - 27B1257751C3AA1502D3EF28939008FB
-
--------------------------------------- Malwarebytes Anti-Rootkit BETA 1.06.0.1003 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7601 Windows 7 Service Pack 1 x64 System is currently in a safe mode Account is Administrative Internet Explorer version: 8.0.7601.17514 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, J:\ DRIVE_FIXED CPU speed: 2.399000 GHz Memory total: 8320638976, free: 7286341632 Downloaded database version: v2013.05.25.09 Downloaded database version: v2013.05.22.01 Initializing... ------------ Kernel report ------------ 05/25/2013 20:11:01 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_AuthenticAMD.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\drivers\ACPI.sys \SystemRoot\system32\drivers\WMILIB.SYS \SystemRoot\system32\drivers\msisadrv.sys \SystemRoot\system32\drivers\pci.sys \SystemRoot\system32\drivers\vdrvroot.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\drivers\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\system32\drivers\pciide.sys \SystemRoot\system32\drivers\PCIIDEX.SYS \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\drivers\atapi.sys \SystemRoot\system32\drivers\ataport.SYS \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\DRIVERS\disk.sys \SystemRoot\system32\DRIVERS\CLASSPNP.SYS \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \??\C:\Windows\system32\drivers\avgtpx64.sys \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\drivers\afd.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\drivers\ws2ifsl.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\HDAudBus.sys \SystemRoot\system32\DRIVERS\yk62x64.sys \SystemRoot\system32\drivers\1394ohci.sys \SystemRoot\system32\drivers\cdrom.sys \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys \SystemRoot\system32\drivers\usbohci.sys \SystemRoot\system32\drivers\USBPORT.SYS \SystemRoot\system32\drivers\usbehci.sys \SystemRoot\system32\drivers\i8042prt.sys \SystemRoot\system32\drivers\kbdclass.sys \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\RTL85n64.sys \SystemRoot\system32\drivers\wmiacpi.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\system32\drivers\CompositeBus.sys \SystemRoot\system32\drivers\mssmbios.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\drivers\termdd.sys \SystemRoot\system32\drivers\swenum.sys \SystemRoot\system32\drivers\ks.sys \SystemRoot\system32\DRIVERS\amdiox64.sys \SystemRoot\system32\drivers\umbus.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\System32\drivers\dxg.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\framebuf.dll \SystemRoot\System32\ATMFD.DLL \SystemRoot\system32\drivers\WudfPf.sys \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\USBSTOR.SYS \SystemRoot\system32\DRIVERS\hidusb.sys \SystemRoot\system32\DRIVERS\HIDCLASS.SYS \SystemRoot\system32\DRIVERS\HIDPARSE.SYS \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\mouhid.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\System32\drivers\mpsdrv.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\system32\DRIVERS\cdfs.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_dumpata.sys \SystemRoot\System32\Drivers\dump_atapi.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\mbamswissarmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll \Windows\System32\autochk.exe \Windows\System32\normaliz.dll \Windows\System32\nsi.dll \Windows\System32\imm32.dll \Windows\System32\Wldap32.dll \Windows\System32\urlmon.dll \Windows\System32\kernel32.dll \Windows\System32\setupapi.dll \Windows\System32\sechost.dll \Windows\System32\ole32.dll \Windows\System32\shlwapi.dll \Windows\System32\shell32.dll \Windows\System32\difxapi.dll \Windows\System32\wininet.dll \Windows\System32\lpk.dll \Windows\System32\psapi.dll \Windows\System32\usp10.dll \Windows\System32\user32.dll \Windows\System32\clbcatq.dll \Windows\System32\comdlg32.dll \Windows\System32\advapi32.dll \Windows\System32\oleaut32.dll \Windows\System32\ws2_32.dll \Windows\System32\rpcrt4.dll \Windows\System32\msvcrt.dll \Windows\System32\imagehlp.dll \Windows\System32\iertutil.dll \Windows\System32\gdi32.dll \Windows\System32\msctf.dll \Windows\System32\crypt32.dll \Windows\System32\comctl32.dll \Windows\System32\devobj.dll \Windows\System32\KernelBase.dll \Windows\System32\cfgmgr32.dll \Windows\System32\wintrust.dll \Windows\System32\msasn1.dll \Windows\SysWOW64\normaliz.dll ----------- End ----------- Done! <<<1>>> Upper Device Name: \Device\Harddisk6\DR6 Upper Device Object: 0xfffffa8009198790 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000080\ Lower Device Object: 0xfffffa8008917240 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk5\DR5 Upper Device Object: 0xfffffa8008fca060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\0000007c\ Lower Device Object: 0xfffffa8008811370 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk4\DR4 Upper Device Object: 0xfffffa8008fc9060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\0000007b\ Lower Device Object: 0xfffffa80087e7060 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk3\DR3 Upper Device Object: 0xfffffa8008fc8060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\0000007a\ Lower Device Object: 0xfffffa80087c8060 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk2\DR2 Upper Device Object: 0xfffffa8008fc7060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000079\ Lower Device Object: 0xfffffa8008f90060 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk1\DR1 Upper Device Object: 0xfffffa8008fc5060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\00000078\ Lower Device Object: 0xfffffa8008f3b060 Lower Device Driver Name: \Driver\USBSTOR\ <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa8007a6f060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\ Lower Device Object: 0xfffffa80077be060 Lower Device Driver Name: \Driver\atapi\ <<<2>>> Device number: 0, partition: 2 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa8007a6f060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8007a6fb90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8007a6f060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa800732ce40, DeviceName: Unknown, DriverName: \Driver\ACPI\ DevicePointer: 0xfffffa80077be060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes <<<2>>> Device number: 0, partition: 2 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning drivers directory: C:\Windows\system32\drivers... <<<2>>> Device number: 0, partition: 2 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 5052995B Partition information: Partition 0 type is Other (0x27) Partition is NOT ACTIVE. Partition starts at LBA: 2048 Numsec = 30720000 Partition 1 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 30722048 Numsec = 1922799616 Partition file system is NTFS Partition is bootable Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 1000204886016 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1953505168-1953525168)... Done! Physical Sector Size: 0 Drive: 1, DevicePointer: 0xfffffa8008fc5060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa80088723a0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8008fc5060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8008f3b060, DeviceName: \Device\00000078\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 2, DevicePointer: 0xfffffa8008fc7060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa80088a7040, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8008fc7060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8008f90060, DeviceName: \Device\00000079\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 3, DevicePointer: 0xfffffa8008fc8060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8008fc8b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8008fc8060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa80087c8060, DeviceName: \Device\0000007a\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 4, DevicePointer: 0xfffffa8008fc9060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8008fc9b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8008fc9060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa80087e7060, DeviceName: \Device\0000007b\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 0 Drive: 5, DevicePointer: 0xfffffa8008fca060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8008fcab90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8008fca060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8008811370, DeviceName: \Device\0000007c\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Physical Sector Size: 512 Drive: 6, DevicePointer: 0xfffffa8009198790, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8009195040, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8009198790, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8008917240, DeviceName: \Device\00000080\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Alternate DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\ Upper DeviceData: 0x0, 0x0, 0x0 Lower DeviceData: 0x0, 0x0, 0x0 Drive 6 Scanning MBR on drive 6... Inspecting partition table: MBR Signature: 55AA Disk Signature: 23F15 Partition information: Partition 0 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 2048 Numsec = 1953456128 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 1000170586112 bytes Sector size: 512 bytes Done! Scan finished ======================================= Removal queue found; removal started Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam... Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_1_30722048_i.mbam... Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam... Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_6_i.mbam... Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_6_r.mbam... Removal finished ComboFix 13-05-25.02 - Cliff 05/25/2013 23:17:21.2.4 - x64 NETWORK Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7935.6990 [GMT -4:00] Running from: c:\users\Cliff\Downloads\ComboFix.exe SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((( Files Created from 2013-04-26 to 2013-05-26 ))))))))))))))))))))))))))))))) . . 2013-05-26 03:28 . 2013-05-26 03:28 -------- d-----w- c:\users\Public\AppData\Local\temp 2013-05-26 03:28 . 2013-05-26 03:28 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-05-26 00:11 . 2013-05-26 03:13 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable) 2013-05-24 22:08 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{66AE6ECC-AB3E-4480-8FAF-5FE7C5326255}\mpengine.dll 2013-05-24 03:13 . 2013-05-24 03:13 -------- d-----w- c:\programdata\Licenses 2013-05-24 03:13 . 2011-11-04 09:13 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX 2013-05-24 03:13 . 2009-03-24 16:52 129872 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL 2013-05-24 03:13 . 2013-05-24 03:15 -------- d-----w- c:\program files (x86)\SpywareBlaster 2013-05-23 23:21 . 2013-05-23 23:21 -------- d-----w- c:\windows\ERUNT 2013-05-23 23:21 . 2013-05-23 23:21 -------- d-----w- C:\JRT 2013-05-15 04:49 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys 2013-05-15 04:49 . 2013-04-10 06:01 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys 2013-05-15 04:49 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll 2013-05-15 04:49 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll 2013-05-15 04:49 . 2013-02-27 06:02 111448 ----a-w- c:\windows\system32\consent.exe 2013-05-15 04:49 . 2013-02-27 05:52 197120 ----a-w- c:\windows\system32\shdocvw.dll 2013-05-15 04:49 . 2013-02-27 05:48 1930752 ----a-w- c:\windows\system32\authui.dll 2013-05-15 04:49 . 2013-02-27 05:47 70144 ----a-w- c:\windows\system32\appinfo.dll 2013-05-15 04:49 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\SysWow64\authui.dll 2013-05-14 23:07 . 2013-05-15 12:56 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird 2013-05-06 22:24 . 2013-05-06 22:24 -------- d-----w- c:\users\Cliff\AppData\Local\Aspyr 2013-05-02 06:33 . 2013-05-02 06:33 -------- d-----w- c:\program files (x86)\Common Files\BioWare 2013-05-02 06:33 . 2013-05-02 06:33 -------- d-----w- c:\users\hedev 2013-05-02 02:26 . 2013-05-02 02:26 -------- d-sh--w- c:\programdata\DSS . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-05-21 23:14 . 2012-07-27 00:29 45856 ----a-w- c:\windows\system32\drivers\avgtpx64.sys 2013-05-15 07:08 . 2010-12-29 14:31 75016696 ----a-w- c:\windows\system32\MRT.exe 2013-05-14 22:43 . 2012-04-15 16:37 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-05-14 22:43 . 2011-06-27 23:25 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-05-03 22:37 . 2011-12-26 19:52 466520 ----a-w- c:\windows\system32\wrap_oal.dll 2013-05-03 22:37 . 2011-12-26 19:52 445016 ----a-w- c:\windows\SysWow64\wrap_oal.dll 2013-05-03 22:37 . 2011-12-26 19:52 122968 ----a-w- c:\windows\system32\OpenAL32.dll 2013-05-03 22:37 . 2011-12-26 19:52 109144 ----a-w- c:\windows\SysWow64\OpenAL32.dll 2013-05-02 06:06 . 2010-12-28 15:53 278800 ------w- c:\windows\system32\MpSigStub.exe 2013-05-02 03:51 . 2009-08-18 16:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll 2013-05-02 03:51 . 2009-08-18 15:24 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll 2013-04-23 04:09 . 2013-04-23 04:09 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-04-23 04:09 . 2012-07-25 03:36 866720 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2013-04-23 04:09 . 2010-12-29 01:09 788896 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-04-12 14:45 . 2013-04-23 22:33 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys 2013-04-04 18:50 . 2011-05-27 23:53 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-03-19 06:04 . 2013-04-10 12:24 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-03-19 05:46 . 2013-04-10 12:24 43520 ----a-w- c:\windows\system32\csrsrv.dll 2013-03-19 05:04 . 2013-04-10 12:24 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-03-19 05:04 . 2013-04-10 12:24 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2013-03-19 04:47 . 2013-04-10 12:24 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll 2013-03-19 03:06 . 2013-04-10 12:24 112640 ----a-w- c:\windows\system32\smss.exe 2013-02-28 12:03 . 2013-03-13 04:36 1638912 ----a-w- c:\windows\system32\mshtml.tlb 2013-02-28 11:38 . 2013-03-13 04:36 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb 2012-03-30 00:01 . 2012-03-29 23:58 3993600 ----a-w- c:\program files (x86)\GUTEB5F.tmp . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2010-11-07 2646128] "SansaDispatch"="c:\users\Cliff\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe" [2011-01-06 79872] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-05-24 5622512] "California Fonts Loader"="c:\program files (x86)\California Font Manager\CaliforniaFonts.exe" [2011-04-02 631016] "Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-05-03 1635752] "Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2012-12-04 3093624] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992] "PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2010-04-12 180224] "ConnectionCenter"="c:\users\Cliff\AppData\Local\Citrix\ICA Client\concentr.exe" [2010-03-11 300400] "WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2010-12-09 74752] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280] "amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-24 926896] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] "GrpConv"="grpconv -o" [X] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "Application Restart 0"="c:\program files (x86)\ASUS\GPU Tweak\Monitor.exe" [2012-02-14 2385408] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2009-10-05 87600] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368] R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-12-19 240640] R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-12-19 361984] R2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472] R2 ASGT;ASGT;c:\windows\SysWOW64\ASGT.exe [2012-01-17 55296] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-11-06 96256] R3 IOMap;IOMap;c:\windows\system32\drivers\IOMap64.sys [2010-02-23 23680] R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-29 1255736] S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2013-05-21 45856] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-09-09 140672] S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136] S3 RTL85n64;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\system32\DRIVERS\RTL85n64.sys [2010-03-23 2061856] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-09-28 395264] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - 99275219 *Deregistered* - 99275219 . Contents of the 'Scheduled Tasks' folder . 2013-05-25 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 22:43] . 2013-05-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4240822391-1121041123-2288482998-1001Core.job - c:\users\Cliff\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-10 22:33] . 2013-05-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4240822391-1121041123-2288482998-1001UA.job - c:\users\Cliff\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-10 22:33] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.ask.com/?l=dis&o=14597 mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: &Download by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/201 IE: &Grab video by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/204 IE: Do&wnload selected by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/203 IE: Down&load all by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/202 TCP: DhcpNameServer = 192.168.1.254 CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll FF - ProfilePath - c:\users\Cliff\AppData\Roaming\Mozilla\Firefox\Profiles\zk4zkjei.default\ . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKLM-RunOnce-<NO NAME> - (no file) AddRemove-Giant Savings - c:\program files (x86)\Giant Savings\Uninstall.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-4240822391-1121041123-2288482998-1001\Software\SecuROM\License information*] "datasecu"=hex:af,67,15,1f,3d,a4,ef,cf,7b,bc,34,19,a7,d0,8e,d6,ad,d2,2e,32,ce, b2,98,5a,f4,75,14,b5,22,ce,40,d8,9a,a8,c8,a3,7f,39,47,61,9d,c6,29,94,47,d4,\ "rkeysecu"=hex:43,9a,34,38,a1,39,66,b3,43,5c,28,30,bf,4c,68,79 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2013-05-25 23:32:25 ComboFix-quarantined-files.txt 2013-05-26 03:32 ComboFix2.txt 2013-05-23 23:01 ComboFix3.txt 2011-05-28 00:16 . Pre-Run: 359,366,868,992 bytes free Post-Run: 359,073,325,056 bytes free . - - End Of File - - 840E6BFE8F626DD7B6ACD1728E8B73CF
-
Thank you D-FRED-BROWN! It was running fine, but the long startup worried me. I'm in safe mode now but about to go back to normal to play some games. I do have a question. What should I use to protect my system for free? Here are the logs: 20:07:01.0704 1284 TDSS rootkit removing tool 2.8.17.0 Apr 11 2013 11:56:34 20:07:02.0094 1284 ============================================================ 20:07:02.0094 1284 Current date / time: 2013/05/25 20:07:02.0094 20:07:02.0094 1284 SystemInfo: 20:07:02.0094 1284 20:07:02.0094 1284 OS Version: 6.1.7601 ServicePack: 1.0 20:07:02.0094 1284 Product type: Workstation 20:07:02.0094 1284 ComputerName: CLIFF-PC 20:07:02.0094 1284 UserName: Cliff 20:07:02.0094 1284 Windows directory: C:\Windows 20:07:02.0094 1284 System windows directory: C:\Windows 20:07:02.0094 1284 Running under WOW64 20:07:02.0094 1284 Processor architecture: Intel x64 20:07:02.0094 1284 Number of processors: 4 20:07:02.0094 1284 Page size: 0x1000 20:07:02.0094 1284 Boot type: Safe boot with network 20:07:02.0094 1284 ============================================================ 20:07:03.0092 1284 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 20:07:03.0123 1284 Drive \Device\Harddisk6\DR6 - Size: 0xE8DED00000 (931.48 Gb), SectorSize: 0x200, Cylinders: 0x1DAFD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 20:07:03.0435 1284 ============================================================ 20:07:03.0435 1284 \Device\Harddisk0\DR0: 20:07:03.0435 1284 MBR partitions: 20:07:03.0435 1284 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D4C800, BlocksNum 0x729B9800 20:07:03.0435 1284 \Device\Harddisk6\DR6: 20:07:03.0700 1284 MBR partitions: 20:07:03.0700 1284 \Device\Harddisk6\DR6\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x746F6000 20:07:03.0700 1284 ============================================================ 20:07:03.0716 1284 C: <-> \Device\Harddisk0\DR0\Partition1 20:07:03.0747 1284 J: <-> \Device\Harddisk6\DR6\Partition1 20:07:03.0747 1284 ============================================================ 20:07:03.0747 1284 Initialize success 20:07:03.0747 1284 ============================================================ 20:07:20.0689 1272 ============================================================ 20:07:20.0689 1272 Scan started 20:07:20.0689 1272 Mode: Manual; 20:07:20.0689 1272 ============================================================ 20:07:21.0219 1272 ================ Scan system memory ======================== 20:07:21.0219 1272 System memory - ok 20:07:21.0219 1272 ================ Scan services ============================= 20:07:21.0297 1272 [ 581D88B25C4D4121824FED2CA38E562F ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE 20:07:21.0297 1272 !SASCORE - ok 20:07:21.0406 1272 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 20:07:21.0406 1272 1394ohci - ok 20:07:21.0422 1272 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 20:07:21.0422 1272 ACPI - ok 20:07:21.0500 1272 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 20:07:21.0500 1272 AcpiPmi - ok 20:07:21.0594 1272 [ B1EA9681502EE57F87DB71D726288A5B ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 20:07:21.0625 1272 AdobeARMservice - ok 20:07:21.0859 1272 [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 20:07:21.0859 1272 AdobeFlashPlayerUpdateSvc - ok 20:07:21.0921 1272 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys 20:07:21.0921 1272 adp94xx - ok 20:07:21.0952 1272 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys 20:07:21.0952 1272 adpahci - ok 20:07:21.0984 1272 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys 20:07:21.0984 1272 adpu320 - ok 20:07:22.0030 1272 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 20:07:22.0030 1272 AeLookupSvc - ok 20:07:22.0093 1272 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 20:07:22.0093 1272 AFD - ok 20:07:22.0155 1272 [ B65F8DBA54F251906BBE8611B5A0E7AB ] AgereModemAudio C:\Program Files\LSI SoftModem\agr64svc.exe 20:07:22.0155 1272 AgereModemAudio - ok 20:07:22.0202 1272 [ A6AB6F0ACE87DA76B4C401813D18BE95 ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys 20:07:22.0218 1272 AgereSoftModem - ok 20:07:22.0249 1272 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 20:07:22.0249 1272 agp440 - ok 20:07:22.0264 1272 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 20:07:22.0264 1272 ALG - ok 20:07:22.0311 1272 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 20:07:22.0311 1272 aliide - ok 20:07:22.0358 1272 [ 4EAAAAB8759644D572522FBCDD196A13 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe 20:07:22.0358 1272 AMD External Events Utility - ok 20:07:22.0420 1272 AMD FUEL Service - ok 20:07:22.0436 1272 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 20:07:22.0436 1272 amdide - ok 20:07:22.0467 1272 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys 20:07:22.0467 1272 amdiox64 - ok 20:07:22.0530 1272 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 20:07:22.0530 1272 AmdK8 - ok 20:07:22.0748 1272 [ 22A14DF59FB8D0BE918C597988AF4296 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys 20:07:22.0935 1272 amdkmdag - ok 20:07:23.0013 1272 [ EE22D3ED6D55A855E709F811CCCA97ED ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys 20:07:23.0013 1272 amdkmdap - ok 20:07:23.0060 1272 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 20:07:23.0060 1272 AmdPPM - ok 20:07:23.0107 1272 [ 6EC6D772EAE38DC17C14AED9B178D24B ] amdsata C:\Windows\system32\drivers\amdsata.sys 20:07:23.0107 1272 amdsata - ok 20:07:23.0122 1272 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys 20:07:23.0138 1272 amdsbs - ok 20:07:23.0154 1272 [ 1142A21DB581A84EA5597B03A26EBAA0 ] amdxata C:\Windows\system32\drivers\amdxata.sys 20:07:23.0154 1272 amdxata - ok 20:07:23.0185 1272 [ 5A528A540B1AEE8B1C77ED65094E8CDF ] AODDriver4.2 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys 20:07:23.0216 1272 AODDriver4.2 - ok 20:07:23.0263 1272 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 20:07:23.0263 1272 AppID - ok 20:07:23.0310 1272 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 20:07:23.0310 1272 AppIDSvc - ok 20:07:23.0356 1272 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll 20:07:23.0356 1272 Appinfo - ok 20:07:23.0450 1272 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 20:07:23.0450 1272 Apple Mobile Device - ok 20:07:23.0481 1272 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys 20:07:23.0481 1272 arc - ok 20:07:23.0512 1272 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys 20:07:23.0512 1272 arcsas - ok 20:07:23.0575 1272 [ E536856E96A7605EBF580D62A868E5FE ] ASGT C:\Windows\SysWOW64\ASGT.exe 20:07:23.0575 1272 ASGT - ok 20:07:23.0715 1272 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 20:07:23.0731 1272 aspnet_state - ok 20:07:23.0762 1272 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 20:07:23.0762 1272 AsyncMac - ok 20:07:23.0793 1272 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 20:07:23.0793 1272 atapi - ok 20:07:23.0856 1272 [ 437F55435623D4D54D36197F5AD8B435 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys 20:07:23.0856 1272 AtiHDAudioService - ok 20:07:23.0918 1272 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 20:07:23.0934 1272 AudioEndpointBuilder - ok 20:07:23.0949 1272 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 20:07:23.0949 1272 AudioSrv - ok 20:07:23.0996 1272 [ 3B5657B6C11CDA87F664DD6F7DD0702D ] avgtp C:\Windows\system32\drivers\avgtpx64.sys 20:07:23.0996 1272 avgtp - ok 20:07:24.0043 1272 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 20:07:24.0043 1272 AxInstSV - ok 20:07:24.0105 1272 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys 20:07:24.0105 1272 b06bdrv - ok 20:07:24.0136 1272 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 20:07:24.0136 1272 b57nd60a - ok 20:07:24.0168 1272 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 20:07:24.0183 1272 BDESVC - ok 20:07:24.0199 1272 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 20:07:24.0199 1272 Beep - ok 20:07:24.0246 1272 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll 20:07:24.0261 1272 BFE - ok 20:07:24.0308 1272 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll 20:07:24.0417 1272 BITS - ok 20:07:24.0448 1272 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 20:07:24.0448 1272 blbdrive - ok 20:07:24.0480 1272 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 20:07:24.0495 1272 Bonjour Service - ok 20:07:24.0558 1272 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 20:07:24.0558 1272 bowser - ok 20:07:24.0589 1272 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys 20:07:24.0589 1272 BrFiltLo - ok 20:07:24.0604 1272 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys 20:07:24.0604 1272 BrFiltUp - ok 20:07:24.0651 1272 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys 20:07:24.0667 1272 BridgeMP - ok 20:07:24.0698 1272 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll 20:07:24.0698 1272 Browser - ok 20:07:24.0714 1272 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 20:07:24.0714 1272 Brserid - ok 20:07:24.0729 1272 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 20:07:24.0729 1272 BrSerWdm - ok 20:07:24.0760 1272 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 20:07:24.0760 1272 BrUsbMdm - ok 20:07:24.0776 1272 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 20:07:24.0776 1272 BrUsbSer - ok 20:07:24.0792 1272 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 20:07:24.0792 1272 BTHMODEM - ok 20:07:24.0823 1272 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 20:07:24.0823 1272 bthserv - ok 20:07:24.0823 1272 catchme - ok 20:07:24.0854 1272 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 20:07:24.0854 1272 cdfs - ok 20:07:24.0885 1272 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys 20:07:24.0885 1272 cdrom - ok 20:07:24.0932 1272 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 20:07:24.0932 1272 CertPropSvc - ok 20:07:24.0979 1272 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys 20:07:24.0979 1272 circlass - ok 20:07:24.0995 1272 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 20:07:25.0010 1272 CLFS - ok 20:07:25.0073 1272 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 20:07:25.0073 1272 clr_optimization_v2.0.50727_32 - ok 20:07:25.0135 1272 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 20:07:25.0135 1272 clr_optimization_v2.0.50727_64 - ok 20:07:25.0213 1272 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 20:07:25.0275 1272 clr_optimization_v4.0.30319_32 - ok 20:07:25.0307 1272 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 20:07:25.0322 1272 clr_optimization_v4.0.30319_64 - ok 20:07:25.0353 1272 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 20:07:25.0353 1272 CmBatt - ok 20:07:25.0385 1272 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 20:07:25.0385 1272 cmdide - ok 20:07:25.0431 1272 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys 20:07:25.0431 1272 CNG - ok 20:07:25.0447 1272 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 20:07:25.0447 1272 Compbatt - ok 20:07:25.0478 1272 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 20:07:25.0478 1272 CompositeBus - ok 20:07:25.0509 1272 COMSysApp - ok 20:07:25.0525 1272 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys 20:07:25.0525 1272 crcdisk - ok 20:07:25.0556 1272 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll 20:07:25.0556 1272 CryptSvc - ok 20:07:25.0603 1272 [ BA8E5B2291C01EF71CA80E25F0C79D55 ] ctxusbm C:\Windows\system32\DRIVERS\ctxusbm.sys 20:07:25.0603 1272 ctxusbm - ok 20:07:25.0650 1272 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 20:07:25.0665 1272 DcomLaunch - ok 20:07:25.0712 1272 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 20:07:25.0712 1272 defragsvc - ok 20:07:25.0743 1272 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 20:07:25.0743 1272 DfsC - ok 20:07:25.0759 1272 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 20:07:25.0775 1272 Dhcp - ok 20:07:25.0806 1272 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 20:07:25.0806 1272 discache - ok 20:07:25.0821 1272 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys 20:07:25.0821 1272 Disk - ok 20:07:25.0868 1272 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 20:07:25.0868 1272 Dnscache - ok 20:07:25.0899 1272 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 20:07:25.0915 1272 dot3svc - ok 20:07:25.0946 1272 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 20:07:25.0946 1272 DPS - ok 20:07:25.0993 1272 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 20:07:25.0993 1272 drmkaud - ok 20:07:26.0055 1272 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 20:07:26.0071 1272 DXGKrnl - ok 20:07:26.0102 1272 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 20:07:26.0102 1272 EapHost - ok 20:07:26.0180 1272 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys 20:07:26.0211 1272 ebdrv - ok 20:07:26.0243 1272 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 20:07:26.0243 1272 EFS - ok 20:07:26.0321 1272 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 20:07:26.0321 1272 ehRecvr - ok 20:07:26.0367 1272 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 20:07:26.0367 1272 ehSched - ok 20:07:26.0414 1272 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys 20:07:26.0430 1272 elxstor - ok 20:07:26.0508 1272 [ 1E345F2A2D95DA3190596E691CDE9342 ] EPSON_PM_RPCV4_01 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE 20:07:26.0508 1272 EPSON_PM_RPCV4_01 - ok 20:07:26.0555 1272 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 20:07:26.0555 1272 ErrDev - ok 20:07:26.0633 1272 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 20:07:26.0633 1272 EventSystem - ok 20:07:26.0648 1272 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 20:07:26.0648 1272 exfat - ok 20:07:26.0695 1272 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 20:07:26.0695 1272 fastfat - ok 20:07:26.0742 1272 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 20:07:26.0757 1272 Fax - ok 20:07:26.0773 1272 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys 20:07:26.0789 1272 fdc - ok 20:07:26.0804 1272 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 20:07:26.0820 1272 fdPHost - ok 20:07:26.0867 1272 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 20:07:26.0867 1272 FDResPub - ok 20:07:26.0898 1272 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 20:07:26.0898 1272 FileInfo - ok 20:07:26.0929 1272 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 20:07:26.0929 1272 Filetrace - ok 20:07:26.0945 1272 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 20:07:26.0945 1272 flpydisk - ok 20:07:26.0976 1272 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 20:07:26.0976 1272 FltMgr - ok 20:07:27.0023 1272 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll 20:07:27.0038 1272 FontCache - ok 20:07:27.0085 1272 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 20:07:27.0085 1272 FontCache3.0.0.0 - ok 20:07:27.0132 1272 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 20:07:27.0132 1272 FsDepends - ok 20:07:27.0163 1272 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 20:07:27.0163 1272 Fs_Rec - ok 20:07:27.0225 1272 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 20:07:27.0225 1272 fvevol - ok 20:07:27.0272 1272 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys 20:07:27.0272 1272 gagp30kx - ok 20:07:27.0319 1272 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 20:07:27.0319 1272 GEARAspiWDM - ok 20:07:27.0366 1272 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 20:07:27.0381 1272 gpsvc - ok 20:07:27.0397 1272 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 20:07:27.0413 1272 hcw85cir - ok 20:07:27.0428 1272 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 20:07:27.0444 1272 HdAudAddService - ok 20:07:27.0491 1272 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 20:07:27.0491 1272 HDAudBus - ok 20:07:27.0522 1272 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys 20:07:27.0522 1272 HidBatt - ok 20:07:27.0537 1272 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys 20:07:27.0537 1272 HidBth - ok 20:07:27.0553 1272 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 20:07:27.0553 1272 HidIr - ok 20:07:27.0600 1272 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll 20:07:27.0600 1272 hidserv - ok 20:07:27.0647 1272 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 20:07:27.0647 1272 HidUsb - ok 20:07:27.0678 1272 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 20:07:27.0678 1272 hkmsvc - ok 20:07:27.0725 1272 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 20:07:27.0725 1272 HomeGroupListener - ok 20:07:27.0771 1272 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 20:07:27.0771 1272 HomeGroupProvider - ok 20:07:27.0803 1272 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 20:07:27.0803 1272 HpSAMD - ok 20:07:27.0849 1272 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 20:07:27.0849 1272 HTTP - ok 20:07:27.0865 1272 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 20:07:27.0865 1272 hwpolicy - ok 20:07:27.0912 1272 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys 20:07:27.0912 1272 i8042prt - ok 20:07:27.0959 1272 [ 1D004CB1DA6323B1F55CAEF7F94B61D9 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys 20:07:27.0959 1272 iaStor - ok 20:07:28.0005 1272 [ 3DF4395A7CF8B7A72A5F4606366B8C2D ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 20:07:28.0021 1272 iaStorV - ok 20:07:28.0099 1272 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe 20:07:28.0099 1272 IDriverT - ok 20:07:28.0177 1272 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 20:07:28.0177 1272 idsvc - ok 20:07:28.0224 1272 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys 20:07:28.0224 1272 iirsp - ok 20:07:28.0271 1272 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 20:07:28.0286 1272 IKEEXT - ok 20:07:28.0302 1272 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 20:07:28.0302 1272 intelide - ok 20:07:28.0333 1272 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 20:07:28.0333 1272 intelppm - ok 20:07:28.0395 1272 [ A01C412699B6F21645B2885C2BAE4454 ] IOMap C:\Windows\system32\drivers\IOMap64.sys 20:07:28.0395 1272 IOMap - ok 20:07:28.0442 1272 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 20:07:28.0442 1272 IPBusEnum - ok 20:07:28.0489 1272 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 20:07:28.0489 1272 IpFilterDriver - ok 20:07:28.0536 1272 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 20:07:28.0536 1272 iphlpsvc - ok 20:07:28.0583 1272 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 20:07:28.0583 1272 IPMIDRV - ok 20:07:28.0629 1272 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 20:07:28.0629 1272 IPNAT - ok 20:07:28.0707 1272 [ 0F261EC4F514926177C70C1832374231 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 20:07:28.0707 1272 iPod Service - ok 20:07:28.0723 1272 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 20:07:28.0723 1272 IRENUM - ok 20:07:28.0754 1272 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 20:07:28.0754 1272 isapnp - ok 20:07:28.0817 1272 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 20:07:28.0817 1272 iScsiPrt - ok 20:07:28.0848 1272 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys 20:07:28.0848 1272 kbdclass - ok 20:07:28.0863 1272 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys 20:07:28.0863 1272 kbdhid - ok 20:07:28.0879 1272 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 20:07:28.0879 1272 KeyIso - ok 20:07:28.0910 1272 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 20:07:28.0926 1272 KSecDD - ok 20:07:28.0941 1272 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 20:07:28.0941 1272 KSecPkg - ok 20:07:29.0004 1272 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 20:07:29.0004 1272 ksthunk - ok 20:07:29.0051 1272 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 20:07:29.0051 1272 KtmRm - ok 20:07:29.0097 1272 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll 20:07:29.0097 1272 LanmanServer - ok 20:07:29.0144 1272 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 20:07:29.0144 1272 LanmanWorkstation - ok 20:07:29.0160 1272 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 20:07:29.0160 1272 lltdio - ok 20:07:29.0175 1272 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 20:07:29.0191 1272 lltdsvc - ok 20:07:29.0191 1272 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 20:07:29.0191 1272 lmhosts - ok 20:07:29.0253 1272 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys 20:07:29.0253 1272 LSI_FC - ok 20:07:29.0269 1272 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys 20:07:29.0269 1272 LSI_SAS - ok 20:07:29.0316 1272 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys 20:07:29.0316 1272 LSI_SAS2 - ok 20:07:29.0331 1272 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys 20:07:29.0331 1272 LSI_SCSI - ok 20:07:29.0363 1272 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 20:07:29.0363 1272 luafv - ok 20:07:29.0409 1272 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 20:07:29.0409 1272 Mcx2Svc - ok 20:07:29.0425 1272 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys 20:07:29.0425 1272 megasas - ok 20:07:29.0425 1272 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys 20:07:29.0441 1272 MegaSR - ok 20:07:29.0472 1272 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 20:07:29.0487 1272 MMCSS - ok 20:07:29.0519 1272 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 20:07:29.0519 1272 Modem - ok 20:07:29.0565 1272 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 20:07:29.0565 1272 monitor - ok 20:07:29.0597 1272 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 20:07:29.0597 1272 mouclass - ok 20:07:29.0612 1272 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 20:07:29.0612 1272 mouhid - ok 20:07:29.0643 1272 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 20:07:29.0643 1272 mountmgr - ok 20:07:29.0675 1272 [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 20:07:29.0675 1272 MozillaMaintenance - ok 20:07:29.0721 1272 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 20:07:29.0721 1272 mpio - ok 20:07:29.0753 1272 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 20:07:29.0753 1272 mpsdrv - ok 20:07:29.0924 1272 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll 20:07:29.0955 1272 MpsSvc - ok 20:07:30.0033 1272 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 20:07:30.0033 1272 MRxDAV - ok 20:07:30.0080 1272 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 20:07:30.0096 1272 mrxsmb - ok 20:07:30.0189 1272 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 20:07:30.0221 1272 mrxsmb10 - ok 20:07:30.0236 1272 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 20:07:30.0267 1272 mrxsmb20 - ok 20:07:30.0314 1272 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 20:07:30.0330 1272 msahci - ok 20:07:30.0377 1272 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 20:07:30.0377 1272 msdsm - ok 20:07:30.0455 1272 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 20:07:30.0470 1272 MSDTC - ok 20:07:30.0517 1272 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 20:07:30.0533 1272 Msfs - ok 20:07:30.0548 1272 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 20:07:30.0564 1272 mshidkmdf - ok 20:07:30.0642 1272 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 20:07:30.0657 1272 msisadrv - ok 20:07:30.0720 1272 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 20:07:30.0751 1272 MSiSCSI - ok 20:07:30.0751 1272 msiserver - ok 20:07:30.0798 1272 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 20:07:30.0798 1272 MSKSSRV - ok 20:07:30.0813 1272 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 20:07:30.0829 1272 MSPCLOCK - ok 20:07:30.0860 1272 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 20:07:30.0860 1272 MSPQM - ok 20:07:30.0907 1272 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 20:07:30.0923 1272 MsRPC - ok 20:07:30.0954 1272 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 20:07:30.0954 1272 mssmbios - ok 20:07:30.0969 1272 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 20:07:30.0969 1272 MSTEE - ok 20:07:30.0985 1272 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys 20:07:30.0985 1272 MTConfig - ok 20:07:30.0985 1272 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 20:07:30.0985 1272 Mup - ok 20:07:31.0047 1272 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 20:07:31.0047 1272 napagent - ok 20:07:31.0094 1272 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 20:07:31.0110 1272 NativeWifiP - ok 20:07:31.0125 1272 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys 20:07:31.0141 1272 NDIS - ok 20:07:31.0172 1272 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 20:07:31.0172 1272 NdisCap - ok 20:07:31.0188 1272 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 20:07:31.0188 1272 NdisTapi - ok 20:07:31.0235 1272 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 20:07:31.0250 1272 Ndisuio - ok 20:07:31.0281 1272 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 20:07:31.0281 1272 NdisWan - ok 20:07:31.0313 1272 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 20:07:31.0313 1272 NDProxy - ok 20:07:31.0375 1272 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 20:07:31.0375 1272 NetBIOS - ok 20:07:31.0406 1272 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 20:07:31.0422 1272 NetBT - ok 20:07:31.0422 1272 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 20:07:31.0422 1272 Netlogon - ok 20:07:31.0469 1272 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 20:07:31.0469 1272 Netman - ok 20:07:31.0515 1272 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 20:07:31.0578 1272 NetMsmqActivator - ok 20:07:31.0578 1272 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 20:07:31.0578 1272 NetPipeActivator - ok 20:07:31.0609 1272 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 20:07:31.0609 1272 netprofm - ok 20:07:31.0609 1272 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 20:07:31.0609 1272 NetTcpActivator - ok 20:07:31.0625 1272 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 20:07:31.0625 1272 NetTcpPortSharing - ok 20:07:31.0656 1272 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys 20:07:31.0656 1272 nfrd960 - ok 20:07:31.0703 1272 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll 20:07:31.0703 1272 NlaSvc - ok 20:07:31.0718 1272 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 20:07:31.0718 1272 Npfs - ok 20:07:31.0781 1272 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 20:07:31.0781 1272 nsi - ok 20:07:31.0796 1272 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 20:07:31.0796 1272 nsiproxy - ok 20:07:31.0859 1272 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 20:07:31.0890 1272 Ntfs - ok 20:07:31.0937 1272 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 20:07:31.0937 1272 Null - ok 20:07:31.0983 1272 [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48 ] nvraid C:\Windows\system32\drivers\nvraid.sys 20:07:31.0983 1272 nvraid - ok 20:07:32.0030 1272 [ F7CD50FE7139F07E77DA8AC8033D1832 ] nvstor C:\Windows\system32\drivers\nvstor.sys 20:07:32.0046 1272 nvstor - ok 20:07:32.0139 1272 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 20:07:32.0139 1272 nv_agp - ok 20:07:32.0233 1272 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 20:07:32.0249 1272 ohci1394 - ok 20:07:32.0295 1272 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 20:07:32.0295 1272 p2pimsvc - ok 20:07:32.0311 1272 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 20:07:32.0327 1272 p2psvc - ok 20:07:32.0373 1272 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys 20:07:32.0373 1272 Parport - ok 20:07:32.0389 1272 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 20:07:32.0389 1272 partmgr - ok 20:07:32.0405 1272 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 20:07:32.0405 1272 PcaSvc - ok 20:07:32.0436 1272 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 20:07:32.0451 1272 pci - ok 20:07:32.0483 1272 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 20:07:32.0483 1272 pciide - ok 20:07:32.0498 1272 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 20:07:32.0498 1272 pcmcia - ok 20:07:32.0514 1272 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 20:07:32.0514 1272 pcw - ok 20:07:32.0561 1272 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 20:07:32.0561 1272 PEAUTH - ok 20:07:32.0654 1272 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 20:07:32.0654 1272 PerfHost - ok 20:07:32.0732 1272 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 20:07:32.0748 1272 pla - ok 20:07:32.0795 1272 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 20:07:32.0795 1272 PlugPlay - ok 20:07:32.0810 1272 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 20:07:32.0810 1272 PNRPAutoReg - ok 20:07:32.0826 1272 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 20:07:32.0826 1272 PNRPsvc - ok 20:07:32.0857 1272 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 20:07:32.0857 1272 PolicyAgent - ok 20:07:32.0904 1272 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 20:07:32.0904 1272 Power - ok 20:07:32.0951 1272 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 20:07:32.0951 1272 PptpMiniport - ok 20:07:32.0966 1272 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys 20:07:32.0966 1272 Processor - ok 20:07:32.0997 1272 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\Windows\system32\profsvc.dll 20:07:32.0997 1272 ProfSvc - ok 20:07:33.0013 1272 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 20:07:33.0013 1272 ProtectedStorage - ok 20:07:33.0060 1272 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 20:07:33.0060 1272 Psched - ok 20:07:33.0107 1272 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys 20:07:33.0138 1272 ql2300 - ok 20:07:33.0138 1272 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys 20:07:33.0138 1272 ql40xx - ok 20:07:33.0185 1272 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 20:07:33.0185 1272 QWAVE - ok 20:07:33.0200 1272 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 20:07:33.0200 1272 QWAVEdrv - ok 20:07:33.0216 1272 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 20:07:33.0216 1272 RasAcd - ok 20:07:33.0247 1272 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 20:07:33.0247 1272 RasAgileVpn - ok 20:07:33.0263 1272 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 20:07:33.0263 1272 RasAuto - ok 20:07:33.0309 1272 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 20:07:33.0309 1272 Rasl2tp - ok 20:07:33.0341 1272 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 20:07:33.0341 1272 RasMan - ok 20:07:33.0403 1272 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 20:07:33.0403 1272 RasPppoe - ok 20:07:33.0419 1272 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 20:07:33.0419 1272 RasSstp - ok 20:07:33.0465 1272 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 20:07:33.0465 1272 rdbss - ok 20:07:33.0497 1272 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 20:07:33.0497 1272 rdpbus - ok 20:07:33.0512 1272 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 20:07:33.0512 1272 RDPCDD - ok 20:07:33.0528 1272 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 20:07:33.0528 1272 RDPENCDD - ok 20:07:33.0528 1272 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 20:07:33.0528 1272 RDPREFMP - ok 20:07:33.0575 1272 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 20:07:33.0575 1272 RDPWD - ok 20:07:33.0621 1272 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 20:07:33.0621 1272 rdyboost - ok 20:07:33.0668 1272 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 20:07:33.0668 1272 RemoteAccess - ok 20:07:33.0715 1272 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 20:07:33.0715 1272 RemoteRegistry - ok 20:07:33.0746 1272 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 20:07:33.0746 1272 RpcEptMapper - ok 20:07:33.0762 1272 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 20:07:33.0762 1272 RpcLocator - ok 20:07:33.0809 1272 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\System32\rpcss.dll 20:07:33.0809 1272 RpcSs - ok 20:07:33.0855 1272 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 20:07:33.0855 1272 rspndr - ok 20:07:33.0933 1272 [ CFBABCC8E8B72F9D1693FF583A09C79B ] RTL85n64 C:\Windows\system32\DRIVERS\RTL85n64.sys 20:07:33.0949 1272 RTL85n64 - ok 20:07:33.0965 1272 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 20:07:33.0965 1272 SamSs - ok 20:07:33.0980 1272 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS 20:07:33.0980 1272 SASDIFSV - ok 20:07:33.0996 1272 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS 20:07:33.0996 1272 SASKUTIL - ok 20:07:34.0043 1272 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 20:07:34.0043 1272 sbp2port - ok 20:07:34.0089 1272 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 20:07:34.0089 1272 SCardSvr - ok 20:07:34.0136 1272 [ 6CE6F98EA3D07A9C2CE3CD0A5A86352D ] SCDEmu C:\Windows\system32\drivers\SCDEmu.sys 20:07:34.0136 1272 SCDEmu - ok 20:07:34.0183 1272 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 20:07:34.0183 1272 scfilter - ok 20:07:34.0230 1272 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 20:07:34.0245 1272 Schedule - ok 20:07:34.0292 1272 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 20:07:34.0292 1272 SCPolicySvc - ok 20:07:34.0339 1272 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 20:07:34.0339 1272 SDRSVC - ok 20:07:34.0401 1272 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 20:07:34.0401 1272 secdrv - ok 20:07:34.0433 1272 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 20:07:34.0448 1272 seclogon - ok 20:07:34.0479 1272 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll 20:07:34.0479 1272 SENS - ok 20:07:34.0495 1272 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 20:07:34.0495 1272 SensrSvc - ok 20:07:34.0511 1272 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 20:07:34.0511 1272 Serenum - ok 20:07:34.0526 1272 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys 20:07:34.0526 1272 Serial - ok 20:07:34.0557 1272 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys 20:07:34.0557 1272 sermouse - ok 20:07:34.0620 1272 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 20:07:34.0620 1272 SessionEnv - ok 20:07:34.0667 1272 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 20:07:34.0667 1272 sffdisk - ok 20:07:34.0682 1272 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 20:07:34.0682 1272 sffp_mmc - ok 20:07:34.0698 1272 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 20:07:34.0698 1272 sffp_sd - ok 20:07:34.0729 1272 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys 20:07:34.0729 1272 sfloppy - ok 20:07:34.0776 1272 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 20:07:34.0791 1272 SharedAccess - ok 20:07:34.0838 1272 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 20:07:34.0854 1272 ShellHWDetection - ok 20:07:34.0869 1272 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys 20:07:34.0869 1272 SiSRaid2 - ok 20:07:34.0885 1272 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys 20:07:34.0885 1272 SiSRaid4 - ok 20:07:34.0901 1272 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 20:07:34.0901 1272 Smb - ok 20:07:34.0963 1272 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 20:07:34.0963 1272 SNMPTRAP - ok 20:07:34.0963 1272 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 20:07:34.0963 1272 spldr - ok 20:07:35.0025 1272 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe 20:07:35.0041 1272 Spooler - ok 20:07:35.0135 1272 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 20:07:35.0166 1272 sppsvc - ok 20:07:35.0213 1272 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 20:07:35.0213 1272 sppuinotify - ok 20:07:35.0244 1272 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 20:07:35.0244 1272 srv - ok 20:07:35.0259 1272 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 20:07:35.0275 1272 srv2 - ok 20:07:35.0291 1272 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 20:07:35.0291 1272 srvnet - ok 20:07:35.0322 1272 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 20:07:35.0322 1272 SSDPSRV - ok 20:07:35.0353 1272 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 20:07:35.0369 1272 SstpSvc - ok 20:07:35.0431 1272 Steam Client Service - ok 20:07:35.0478 1272 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys 20:07:35.0478 1272 stexstor - ok 20:07:35.0525 1272 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 20:07:35.0525 1272 stisvc - ok 20:07:35.0556 1272 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys 20:07:35.0571 1272 swenum - ok 20:07:35.0665 1272 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe 20:07:35.0665 1272 SwitchBoard - ok 20:07:35.0712 1272 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 20:07:35.0712 1272 swprv - ok 20:07:35.0774 1272 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 20:07:35.0805 1272 SysMain - ok 20:07:35.0837 1272 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 20:07:35.0837 1272 TabletInputService - ok 20:07:35.0852 1272 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 20:07:35.0868 1272 TapiSrv - ok 20:07:35.0883 1272 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 20:07:35.0883 1272 TBS - ok 20:07:35.0961 1272 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 20:07:35.0977 1272 Tcpip - ok 20:07:35.0993 1272 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 20:07:36.0008 1272 TCPIP6 - ok 20:07:36.0055 1272 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 20:07:36.0055 1272 tcpipreg - ok 20:07:36.0102 1272 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 20:07:36.0102 1272 TDPIPE - ok 20:07:36.0133 1272 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 20:07:36.0133 1272 TDTCP - ok 20:07:36.0164 1272 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 20:07:36.0180 1272 tdx - ok 20:07:36.0227 1272 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys 20:07:36.0242 1272 TermDD - ok 20:07:36.0289 1272 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 20:07:36.0305 1272 TermService - ok 20:07:36.0351 1272 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 20:07:36.0351 1272 Themes - ok 20:07:36.0398 1272 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 20:07:36.0398 1272 THREADORDER - ok 20:07:36.0414 1272 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 20:07:36.0414 1272 TrkWks - ok 20:07:36.0461 1272 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 20:07:36.0461 1272 TrustedInstaller - ok 20:07:36.0507 1272 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 20:07:36.0507 1272 tssecsrv - ok 20:07:36.0570 1272 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 20:07:36.0570 1272 TsUsbFlt - ok 20:07:36.0601 1272 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 20:07:36.0601 1272 tunnel - ok 20:07:36.0648 1272 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys 20:07:36.0648 1272 uagp35 - ok 20:07:36.0679 1272 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 20:07:36.0695 1272 udfs - ok 20:07:36.0741 1272 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 20:07:36.0741 1272 UI0Detect - ok 20:07:36.0788 1272 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 20:07:36.0788 1272 uliagpkx - ok 20:07:36.0819 1272 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys 20:07:36.0835 1272 umbus - ok 20:07:36.0835 1272 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys 20:07:36.0835 1272 UmPass - ok 20:07:36.0897 1272 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 20:07:36.0913 1272 upnphost - ok 20:07:36.0929 1272 [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys 20:07:36.0929 1272 USBAAPL64 - ok 20:07:36.0975 1272 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys 20:07:36.0975 1272 usbaudio - ok 20:07:36.0991 1272 [ 481DFF26B4DCA8F4CBAC1F7DCE1D6829 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 20:07:36.0991 1272 usbccgp - ok 20:07:37.0007 1272 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 20:07:37.0007 1272 usbcir - ok 20:07:37.0038 1272 [ 74EE782B1D9C241EFE425565854C661C ] usbehci C:\Windows\system32\drivers\usbehci.sys 20:07:37.0038 1272 usbehci - ok 20:07:37.0069 1272 [ DC96BD9CCB8403251BCF25047573558E ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 20:07:37.0069 1272 usbhub - ok 20:07:37.0085 1272 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\drivers\usbohci.sys 20:07:37.0085 1272 usbohci - ok 20:07:37.0116 1272 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 20:07:37.0116 1272 usbprint - ok 20:07:37.0163 1272 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 20:07:37.0163 1272 usbscan - ok 20:07:37.0209 1272 [ D76510CFA0FC09023077F22C2F979D86 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 20:07:37.0209 1272 USBSTOR - ok 20:07:37.0225 1272 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 20:07:37.0225 1272 usbuhci - ok 20:07:37.0256 1272 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 20:07:37.0272 1272 UxSms - ok 20:07:37.0287 1272 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 20:07:37.0303 1272 VaultSvc - ok 20:07:37.0365 1272 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 20:07:37.0365 1272 vdrvroot - ok 20:07:37.0428 1272 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 20:07:37.0443 1272 vds - ok 20:07:37.0459 1272 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 20:07:37.0475 1272 vga - ok 20:07:37.0475 1272 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 20:07:37.0475 1272 VgaSave - ok 20:07:37.0490 1272 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 20:07:37.0506 1272 vhdmp - ok 20:07:37.0506 1272 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 20:07:37.0521 1272 viaide - ok 20:07:37.0537 1272 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 20:07:37.0537 1272 volmgr - ok 20:07:37.0568 1272 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 20:07:37.0568 1272 volmgrx - ok 20:07:37.0584 1272 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys 20:07:37.0599 1272 volsnap - ok 20:07:37.0615 1272 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys 20:07:37.0615 1272 vsmraid - ok 20:07:37.0693 1272 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 20:07:37.0709 1272 VSS - ok 20:07:37.0740 1272 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys 20:07:37.0740 1272 vwifibus - ok 20:07:37.0802 1272 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 20:07:37.0802 1272 W32Time - ok 20:07:37.0833 1272 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys 20:07:37.0833 1272 WacomPen - ok 20:07:37.0974 1272 [ D70A492306861004A0DB1024CE634837 ] wampapache c:\wamp\bin\apache\apache2.2.17\bin\httpd.exe 20:07:37.0989 1272 wampapache - ok 20:07:38.0036 1272 wampmysqld - ok 20:07:38.0067 1272 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 20:07:38.0083 1272 WANARP - ok 20:07:38.0083 1272 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 20:07:38.0083 1272 Wanarpv6 - ok 20:07:38.0145 1272 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe 20:07:38.0161 1272 WatAdminSvc - ok 20:07:38.0223 1272 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 20:07:38.0239 1272 wbengine - ok 20:07:38.0270 1272 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 20:07:38.0270 1272 WbioSrvc - ok 20:07:38.0333 1272 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 20:07:38.0348 1272 wcncsvc - ok 20:07:38.0348 1272 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 20:07:38.0348 1272 WcsPlugInService - ok 20:07:38.0395 1272 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys 20:07:38.0395 1272 Wd - ok 20:07:38.0411 1272 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 20:07:38.0426 1272 Wdf01000 - ok 20:07:38.0426 1272 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 20:07:38.0426 1272 WdiServiceHost - ok 20:07:38.0457 1272 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 20:07:38.0457 1272 WdiSystemHost - ok 20:07:38.0489 1272 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 20:07:38.0504 1272 WebClient - ok 20:07:38.0551 1272 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 20:07:38.0551 1272 Wecsvc - ok 20:07:38.0567 1272 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 20:07:38.0567 1272 wercplsupport - ok 20:07:38.0582 1272 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 20:07:38.0582 1272 WerSvc - ok 20:07:38.0629 1272 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 20:07:38.0629 1272 WfpLwf - ok 20:07:38.0645 1272 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 20:07:38.0645 1272 WIMMount - ok 20:07:38.0691 1272 WinDefend - ok 20:07:38.0723 1272 WinHttpAutoProxySvc - ok 20:07:38.0785 1272 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 20:07:38.0785 1272 Winmgmt - ok 20:07:38.0863 1272 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 20:07:38.0879 1272 WinRM - ok 20:07:38.0941 1272 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 20:07:38.0941 1272 WinUsb - ok 20:07:39.0003 1272 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 20:07:39.0019 1272 Wlansvc - ok 20:07:39.0159 1272 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 20:07:39.0175 1272 wlidsvc - ok 20:07:39.0222 1272 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 20:07:39.0222 1272 WmiAcpi - ok 20:07:39.0269 1272 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 20:07:39.0269 1272 wmiApSrv - ok 20:07:39.0300 1272 WMPNetworkSvc - ok 20:07:39.0331 1272 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 20:07:39.0331 1272 WPCSvc - ok 20:07:39.0378 1272 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 20:07:39.0378 1272 WPDBusEnum - ok 20:07:39.0425 1272 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 20:07:39.0425 1272 ws2ifsl - ok 20:07:39.0456 1272 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll 20:07:39.0456 1272 wscsvc - ok 20:07:39.0471 1272 WSearch - ok 20:07:39.0549 1272 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 20:07:39.0565 1272 wuauserv - ok 20:07:39.0581 1272 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 20:07:39.0581 1272 WudfPf - ok 20:07:39.0659 1272 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 20:07:39.0659 1272 WUDFRd - ok 20:07:39.0705 1272 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 20:07:39.0705 1272 wudfsvc - ok 20:07:39.0752 1272 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll 20:07:39.0815 1272 WwanSvc - ok 20:07:39.0861 1272 [ 4A5CE13408945E525503B5F73D29B9C5 ] xnacc C:\Windows\system32\DRIVERS\xnacc.sys 20:07:39.0861 1272 xnacc - ok 20:07:39.0877 1272 [ 2EE48CFCE7CA8E0DB4C44C7476C0943B ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys 20:07:39.0877 1272 xusb21 - ok 20:07:39.0939 1272 [ 64F88AF327AA74E03658AE32B48CCB8B ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys 20:07:39.0939 1272 yukonw7 - ok 20:07:39.0955 1272 ================ Scan global =============================== 20:07:40.0017 1272 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 20:07:40.0064 1272 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll 20:07:40.0064 1272 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll 20:07:40.0111 1272 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 20:07:40.0127 1272 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 20:07:40.0127 1272 [Global] - ok 20:07:40.0127 1272 ================ Scan MBR ================================== 20:07:40.0158 1272 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 20:07:40.0298 1272 \Device\Harddisk0\DR0 - ok 20:07:40.0314 1272 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk6\DR6 20:07:40.0314 1272 \Device\Harddisk6\DR6 - ok 20:07:40.0314 1272 ================ Scan VBR ================================== 20:07:40.0314 1272 [ BE8ACCF99A71914D85C02BF0ADF93D22 ] \Device\Harddisk0\DR0\Partition1 20:07:40.0314 1272 \Device\Harddisk0\DR0\Partition1 - ok 20:07:40.0345 1272 [ 88D4D6BF121381C1CFEA1B29A66B31E5 ] \Device\Harddisk6\DR6\Partition1 20:07:40.0345 1272 \Device\Harddisk6\DR6\Partition1 - ok 20:07:40.0345 1272 ============================================================ 20:07:40.0345 1272 Scan finished 20:07:40.0345 1272 ============================================================ 20:07:40.0345 1068 Detected object count: 0 20:07:40.0345 1068 Actual detected object count: 0 20:09:54.0662 1320 Deinitialize success Malwarebytes Anti-Rootkit BETA 1.06.0.1003 www.malwarebytes.org Database version: v2013.05.25.09 Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking) Internet Explorer 8.0.7601.17514 Cliff :: CLIFF-PC [administrator] 5/25/2013 8:11:07 PM mbar-log-2013-05-25 (20-11-07).txt Scan type: Quick scan Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P Scan options disabled: Deep Anti-Rootkit Scan | PUP Objects scanned: 259591 Time elapsed: 14 minute(s), 16 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) Physical Sectors Detected: 0 (No malicious items detected) (end)
-
Hi, I had several unwanted programs a couple of days ago. Yesterday I left the computer in safe mode all day and ran Malwarebytes, AdwCleaner, Junkware Removal Tool, and the ESET Online Scanner. I basically followed the instructions at the following page because that user had PUP.CrossFire.SA which I also had. Right now Malwarebytes says the system is clean, but I'm not sure. My CPU isn't used as much as it was before, but my computer still took forever to start up. So I think there is probably something else. Can someone please take a look at this and tell me if I am still infected? Thank you DDS.txt: DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.21.2 Run by Cliff at 18:17:01 on 2013-05-24 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7935.5518 [GMT -4:00] . SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\atieclxx.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskhost.exe C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\LSI SoftModem\agr64svc.exe C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Windows\SysWOW64\ASGT.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\ASUS\GPU Tweak\GPUTweak.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k secsvcs c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\PeerBlock\peerblock.exe c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Users\Cliff\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE C:\Program Files (x86)\Steam\Steam.exe C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe C:\Program Files (x86)\PowerISO\PWRISOVM.EXE C:\Users\Cliff\AppData\Local\Citrix\ICA Client\concentr.exe C:\Program Files (x86)\Winamp\winampa.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Users\Cliff\AppData\Local\Citrix\ICA Client\wfcrun32.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\WUDFHost.exe C:\Program Files (x86)\ASUS\GPU Tweak\Monitor.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\taskmgr.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\SpywareBlaster\spywareblaster.exe C:\Program Files (x86)\SpywareBlaster\spywareblaster.exe C:\Windows\servicing\TrustedInstaller.exe C:\Windows\system32\svchost.exe -k SDRSVC C:\Users\Cliff\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Cliff\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe C:\Windows\SysWOW64\NOTEPAD.EXE C:\Users\Cliff\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files (x86)\iTunes\iTunes.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\notepad.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.ask.com/?l=dis&o=14597 BHO: Octh Class: {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll uRun: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe uRun: [sansaDispatch] C:\Users\Cliff\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe uRun: [California Fonts Loader] "C:\Program Files (x86)\California Font Manager\CaliforniaFonts.exe" /scanfolder uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE mRun: [ConnectionCenter] "C:\Users\Cliff\AppData\Local\Citrix\ICA Client\concentr.exe" /startup mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" dRunOnce: [Application Restart #0] C:\Program Files (x86)\ASUS\GPU Tweak\Monitor.exe /RestartByRestartManager:80D9D54A-8865-4744-9CB5-55740FB7F385 uPolicies-Explorer: NoDrives = dword:0 uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoDrives = dword:0 mPolicies-System: ConsentPromptBehaviorAdmin = dword:0 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableLUA = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: PromptOnSecureDesktop = dword:0 IE: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201 IE: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204 IE: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203 IE: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202 . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab TCP: NameServer = 192.168.1.254 TCP: Interfaces\{C43941BF-B033-4A7B-A42A-CC1F9C84C4D3} : DHCPNameServer = 192.168.1.254 Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Cliff\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Cliff\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - <orphaned> CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\Windows\SysWow64\shell32.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned> x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned> x64-Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Cliff\AppData\Roaming\Mozilla\Firefox\Profiles\zk4zkjei.default\ FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll FF - plugin: C:\Users\Cliff\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll FF - plugin: C:\Users\Cliff\AppData\Roaming\Mozilla\plugins\npicaN.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll . ============= SERVICES / DRIVERS =============== . R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-7-26 45856] R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2009-10-5 87600] R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928] R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368] R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-7-18 140672] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-12-19 240640] R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-12-19 361984] R2 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472] R2 ASGT;ASGT;C:\Windows\SysWOW64\ASGT.exe [2012-1-17 55296] R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2010-12-28 46136] R3 IOMap;IOMap;C:\Windows\System32\drivers\IOMap64.sys [2012-10-10 23680] R3 pbfilter;pbfilter;C:\Program Files\PeerBlock\pbfilter.sys [2010-12-28 24176] R3 RTL85n64;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;C:\Windows\System32\drivers\RTL85n64.sys [2010-3-23 2061856] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-9-28 395264] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-11-6 96256] S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-20 59392] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-12-29 1255736] . =============== File Associations =============== . ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\dreamweaver.exe", "%1" . =============== Created Last 30 ================ . 2013-05-24 22:08:45 9460464 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{66AE6ECC-AB3E-4480-8FAF-5FE7C5326255}\mpengine.dll 2013-05-24 03:13:42 -------- d-----w- C:\ProgramData\Licenses 2013-05-24 03:13:40 129872 ----a-w- C:\Windows\SysWow64\MSSTDFMT.DLL 2013-05-24 03:13:40 1070352 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX 2013-05-24 03:13:39 -------- d-----w- C:\Program Files (x86)\SpywareBlaster 2013-05-23 23:22:48 -------- d-sh--w- C:\$RECYCLE.BIN 2013-05-23 23:21:49 -------- d-----w- C:\Windows\ERUNT 2013-05-23 23:21:32 -------- d-----w- C:\JRT 2013-05-15 04:49:14 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys 2013-05-15 04:49:14 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys 2013-05-15 04:49:14 144384 ----a-w- C:\Windows\System32\cdd.dll 2013-05-15 04:49:04 1930752 ----a-w- C:\Windows\System32\authui.dll 2013-05-15 04:49:04 111448 ----a-w- C:\Windows\System32\consent.exe 2013-05-15 04:49:03 70144 ----a-w- C:\Windows\System32\appinfo.dll 2013-05-15 04:49:03 1796096 ----a-w- C:\Windows\SysWow64\authui.dll 2013-05-06 22:24:06 -------- d-----w- C:\Users\Cliff\AppData\Local\Aspyr 2013-05-02 06:33:20 -------- d-----w- C:\Program Files (x86)\Common Files\BioWare 2013-05-02 02:26:03 -------- d-sh--w- C:\ProgramData\DSS . ==================== Find3M ==================== . 2013-05-21 23:14:19 45856 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys 2013-05-14 22:43:14 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-05-14 22:43:14 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-05-03 22:37:15 466520 ----a-w- C:\Windows\System32\wrap_oal.dll 2013-05-03 22:37:15 445016 ----a-w- C:\Windows\SysWow64\wrap_oal.dll 2013-05-03 22:37:15 122968 ----a-w- C:\Windows\System32\OpenAL32.dll 2013-05-03 22:37:15 109144 ----a-w- C:\Windows\SysWow64\OpenAL32.dll 2013-05-02 06:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe 2013-04-23 04:09:50 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2013-04-23 04:09:49 866720 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll 2013-04-23 04:09:49 788896 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys 2013-04-10 05:51:43 1188864 ----a-w- C:\Windows\System32\wininet.dll 2013-04-10 05:08:12 981504 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-04-10 03:30:50 3153920 ----a-w- C:\Windows\System32\win32k.sys 2013-04-04 18:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe 2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll 2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll 2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe 2013-02-28 12:03:52 1638912 ----a-w- C:\Windows\System32\mshtml.tlb 2013-02-28 11:38:43 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-03-30 00:01:28 3993600 ----a-w- C:\Program Files (x86)\GUTEB5F.tmp . ============= FINISH: 18:23:38.70 =============== Attach.txt: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 12/28/2010 3:16:38 PM System Uptime: 5/24/2013 6:01:09 PM (0 hours ago) . Motherboard: Gateway | | RS780 Processor: AMD Phenom™ 9750 Quad-Core Processor | AM2 | 2400/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 917 GiB total, 337.098 GiB free. D: is CDROM () E: is CDROM () F: is Removable G: is Removable H: is CDROM () I: is Removable J: is FIXED (NTFS) - 931 GiB total, 419.423 GiB free. K: is Removable L: is Removable . ==== Disabled Device Manager Items ============= . Class GUID: Description: WD SES Device USB Device Device ID: USBSTOR\OTHER&VEN_WD&PROD_SES_DEVICE&REV_1010\575832314331323935303531&1 Manufacturer: Name: WD SES Device USB Device PNP Device ID: USBSTOR\OTHER&VEN_WD&PROD_SES_DEVICE&REV_1010\575832314331323935303531&1 Service: . Class GUID: {4d36e968-e325-11ce-bfc1-08002be10318} Description: ATI Radeon HD 3200 Graphics Device ID: PCI\VEN_1002&DEV_9610&SUBSYS_01551025&REV_00\4&456635&0&2808 Manufacturer: ATI Technologies Inc. Name: ATI Radeon HD 3200 Graphics PNP Device ID: PCI\VEN_1002&DEV_9610&SUBSYS_01551025&REV_00\4&456635&0&2808 Service: amdkmdap . Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318} Description: AMD High Definition Audio Device Device ID: HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1003\5&BE39BAB&0&0001 Manufacturer: Advanced Micro Devices Name: AMD High Definition Audio Device PNP Device ID: HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1003\5&BE39BAB&0&0001 Service: AtiHDAudioService . Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318} Description: Microsoft PS/2 Mouse Device ID: ACPI\PNP0F03\4&2A700557&0 Manufacturer: Microsoft Name: Microsoft PS/2 Mouse PNP Device ID: ACPI\PNP0F03\4&2A700557&0 Service: i8042prt . ==== System Restore Points =================== . RP897: 5/15/2013 12:39:47 AM - Installed DirectX RP898: 5/15/2013 12:41:25 AM - Windows Update RP899: 5/15/2013 3:01:23 AM - Windows Update RP900: 5/19/2013 11:49:12 AM - Windows Backup RP901: 5/21/2013 7:24:41 PM - Windows Update . ==== Installed Programs ====================== . 7-Zip 9.20 (x64 edition) Adobe AIR Adobe Community Help Adobe Creative Suite 5 Design Premium Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Media Player Adobe Reader XI Amazon MP3 Downloader 1.0.10 AMD Accelerated Video Transcoding AMD APP SDK Runtime AMD Catalyst Install Manager AMD Drag and Drop Transcoding AMD Fuel AMD Media Foundation Decoders AMD VISION Engine Control Center Any Video Converter 5 5.0.3 Apple Application Support Apple Mobile Device Support Apple Software Update Aptana Studio 3 ASUS GPU Tweak ASUS Utility ASUS VGA Driver AviSynth 2.5 Batman: Arkham City™ Beat Hazard Beatport Downloader BioShock BIT.TRIP Presents... Runner2: Future Legend of Rhythm Alien BitTorrent Bonjour Borderlands 2 Burnout™ Paradise The Ultimate Box California Font Manager 2.4.2 Canon iP2700 series Printer Driver Castle Crashers Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish CCleaner Citrix online plug-in - web Citrix online plug-in (DV) Citrix online plug-in (HDX) Citrix online plug-in (USB) Citrix online plug-in (Web) Citrix XenApp Web Plugin Core FTP LE (x64) Darksiders DarksidersInstaller DebugMode Wink Devil May Cry 3 Special Edition DEVIL MAY CRY 4 Diablo III DiRT 2 DiRT 3 Driver Fusion Dual-Core Optimizer DVDFab 8.0.6.8 (05/01/2011) EPSON Printer Software EPSON Scan F1 2012 Demo Fallout 3 - Game of the Year Edition ffdshow v1.1.3572 [2010-09-13] FileZilla Client 3.6.0.2 FLAC 1.2.1b (remove only) FLAC To MP3 V4.0.4 FormatFactory 2.96 Freemake Video Converter version 2.1.5 Full DVD Ripper 9 Free GameFly Giant Savings GIMP 2.6.11 Google Chrome GPL Ghostscript Haali Media Splitter Half-Life 2 HiJackThis iCloud Inkscape 0.48.2 iTunes Jamestown: Legend of the Lost Colony Java 7 Update 21 Java Auto Updater Java™ 6 Update 22 Just Cause 2 League of Legends Live 8.2 LSI PCI-SV92PP Soft Modem Malwarebytes Anti-Malware version 1.75.0.1300 Mark of the Ninja MediaCoder Web Video Edition 0.8.14 MediaCoder x64 0.8.15 Metro 2033 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Games for Windows - LIVE Redistributable Microsoft Games for Windows Marketplace Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft XNA Framework Redistributable 4.0 Refresh Microsoft_VC80_ATL_x86 Microsoft_VC80_ATL_x86_x64 Microsoft_VC80_CRT_x86 Microsoft_VC80_CRT_x86_x64 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFC_x86_x64 Microsoft_VC80_MFCLOC_x86 Microsoft_VC80_MFCLOC_x86_x64 Microsoft_VC90_ATL_x86 Microsoft_VC90_ATL_x86_x64 Microsoft_VC90_CRT_x86 Microsoft_VC90_CRT_x86_x64 Microsoft_VC90_MFC_x86 Microsoft_VC90_MFC_x86_x64 Miro Video Converter Monaco Mount & Blade: Warband Mozilla Firefox 21.0 (x86 en-US) Mozilla Maintenance Service Mozilla Thunderbird 17.0.6 (x86 en-US) NexusFont 2.5 (ver 2.5.8.1582) Notepad++ NVIDIA PhysX OpenAL OpenOffice.org 3.3 Orbit Downloader Pando Media Booster PCWheel PeerBlock 1.1 (r518) Portal Portal 2 PowerISO Psychonauts QuickTime Rapture3D 2.3.26 Game Red Faction: Guerrilla Safari Sansa Updater Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2736428) Security Update for Microsoft .NET Framework 4 Extended (KB2742595) Serif FontManager 2 Sonic Generations SpywareBlaster 5.0 Stacking Star Wars: The Force Unleashed Ultimate Sith Edition Star Wars: The Old Republic Steam Super Meat Boy v1.5 SUPERAntiSpyware Team Fortress 2 TechPowerUp GPU-Z The Binding of Isaac The Showdown Effect Demo The Witcher: Enhanced Edition Trine 2 ViewSonic Windows 7 x64 Signed Files VLC media player 2.0.4 WampServer 2.1 Winamp Winamp Detector Plug-in Windows Live ID Sign-in Assistant Windows Media Player Firefox Plugin Windows Resource Kit Tools - SubInAcl.exe WinRAR archiver Wise Registry Cleaner 5.9.4 XCOM: Enemy Unknown . ==== Event Viewer Messages From Past Week ======== . 5/24/2013 5:58:41 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 5/23/2013 10:41:42 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 5/23/2013 10:41:41 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 5/23/2013 10:41:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 5/23/2013 10:41:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 5/23/2013 10:41:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 5/23/2013 10:41:19 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ctxusbm discache SASDIFSV SASKUTIL SCDEmu spldr Wanarpv6 5/23/2013 10:29:49 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097} 5/23/2013 10:05:58 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avipbb ctxusbm discache SASDIFSV SASKUTIL SCDEmu spldr Wanarpv6 . ==== End Of File =========================== Here is the link for the page I was following: http://forums.malwar...pic=122651&st=0 Thank you