Ibbyda

It's running great. I got a little scare when windows decided to download updates without warning but figured that out and all is fine. thank you for your help

I did install Your Uninstaller! 7, but I'm not sure what Babylon is. I went to the folder but it was empty. Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 912062110 Windows 6.1.7601 Service Pack 1 Internet Explorer 9.0.8112.16421 6/21/2012 5:20:50 PM mbam-log-2012-06-21 (17-20-50).txt Scan type: Quick scan Objects scanned: 207635 Time elapsed: 2 minute(s), 18 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

ComboFix 12-06-19.03 - jerry 06/20/2012 8:49.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3948.1944 [GMT -4:00] Running from: c:\users\jerry\Desktop\ComboFix.exe AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B} SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\Install.exe c:\users\Public\Documents\NTILiveUpdateV9.dll c:\users\Public\Documents\NTIMMV9Acer.dll c:\users\Public\Documents\NTIMMV9REGET.dll c:\windows\Installer\{32be1b79-4a5c-39a4-4f00-70a2c67a80d1}\@ c:\windows\Installer\{32be1b79-4a5c-39a4-4f00-70a2c67a80d1}\U\00000001.@ c:\windows\Installer\{32be1b79-4a5c-39a4-4f00-70a2c67a80d1}\U\80000000.@ c:\windows\Installer\{32be1b79-4a5c-39a4-4f00-70a2c67a80d1}\U\800000cb.@ . . ((((((((((((((((((((((((( Files Created from 2012-05-20 to 2012-06-20 ))))))))))))))))))))))))))))))) . . 2012-06-20 12:52 . 2012-06-20 12:52 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-06-20 04:24 . 2011-08-04 17:42 162392 ----a-w- c:\windows\system32\drivers\VvBackd5.sys 2012-06-20 04:24 . 2011-01-05 05:18 66136 ------w- c:\windows\system32\drivers\HCDisk.sys 2012-06-20 04:23 . 2012-06-20 04:23 -------- d-----w- c:\program files\FarStone 2012-06-20 04:21 . 2011-04-18 15:12 24664 ------w- c:\windows\system32\drivers\FarMntIo.sys 2012-06-20 04:21 . 2012-06-20 12:43 -------- d-----w- c:\programdata\Farstone 2012-06-20 02:19 . 2012-06-20 02:38 -------- d-----w- c:\programdata\AVG2012 2012-06-20 01:26 . 2012-06-20 01:26 -------- d--h--w- c:\programdata\Common Files 2012-06-20 01:26 . 2012-06-20 01:26 -------- d-----w- c:\windows\SysWow64\drivers\AVG 2012-06-20 01:25 . 2012-06-20 02:19 -------- d-----w- c:\windows\system32\drivers\AVG 2012-06-20 01:24 . 2012-06-20 02:18 -------- d-----w- c:\program files (x86)\AVG 2012-06-20 01:22 . 2012-06-20 02:28 -------- d-----w- c:\programdata\MFAData 2012-06-20 00:56 . 2012-06-20 00:56 -------- d-----w- c:\programdata\AWIECO 2012-06-20 00:55 . 2012-06-20 00:55 -------- d-----w- c:\program files\AWIECO 2012-06-20 00:55 . 2012-06-20 00:55 274432 ----a-w- c:\programdata\Microsoft\Windows Server\Data\DownloadCache\Client64.msi 2012-06-20 00:27 . 2012-06-20 00:27 -------- d-----w- c:\program files\Windows Server 2012-06-20 00:12 . 2012-06-20 05:27 -------- d-----w- c:\programdata\regid.1986-12.com.adobe 2012-06-18 05:00 . 2012-06-18 05:00 -------- d-----w- c:\windows\NAPP_Dism_Log 2012-06-18 04:40 . 2012-06-18 04:40 -------- d-----w- c:\program files (x86)\Barnes & Noble 2012-06-18 04:38 . 2012-06-18 04:39 -------- d-----w- c:\programdata\CLSK 2012-06-18 04:37 . 2012-06-18 04:37 -------- d-----w- c:\program files (x86)\Cyberlink 2012-06-18 04:37 . 2012-06-18 04:39 -------- d-----w- c:\programdata\CyberLink 2012-06-18 04:34 . 2012-06-18 04:34 -------- d-----w- c:\programdata\NTI Launcher 2012-06-18 04:32 . 2012-06-18 04:32 -------- d-----w- c:\programdata\FLEXnet 2012-06-18 04:32 . 2012-06-18 04:32 -------- d-----w- c:\program files (x86)\Common Files\Macrovision Shared 2012-06-18 04:30 . 2012-06-18 03:03 -------- d-----w- c:\program files (x86)\Microsoft 2012-06-18 04:29 . 2012-06-18 04:29 -------- d-----w- c:\programdata\Atheros 2012-06-18 04:20 . 2012-06-18 04:20 -------- d-----w- c:\program files\Elantech 2012-06-18 04:19 . 2012-06-18 04:19 -------- d-----w- c:\program files\Intel 2012-06-18 04:17 . 2012-06-18 04:18 -------- d-----w- c:\program files (x86)\Launch Manager 2012-06-18 04:14 . 2012-06-18 04:14 -------- d-----w- c:\program files (x86)\Common Files\Atheros 2012-06-18 04:14 . 2012-06-18 04:14 -------- d-----w- c:\program files (x86)\Bluetooth Suite 2012-06-18 04:11 . 2012-06-18 04:11 -------- d-----w- c:\programdata\EgisTec 2012-06-18 04:11 . 2012-06-18 04:11 -------- d-----w- c:\programdata\Intel 2012-06-18 04:06 . 2012-06-18 04:06 -------- d-----w- c:\program files\Common Files\Intel 2012-06-18 04:06 . 2012-06-18 04:06 -------- d-----w- c:\program files (x86)\Common Files\Intel 2012-06-18 03:16 . 2012-06-18 03:16 -------- d-----w- c:\windows\SysWow64\Wat 2012-06-18 03:16 . 2012-06-18 03:16 -------- d-----w- c:\windows\system32\Wat 2012-06-18 03:16 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll 2012-06-18 03:16 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll 2012-06-18 03:01 . 2012-06-18 03:01 -------- d-----w- c:\program files (x86)\Your Uninstaller! 7 2012-06-18 03:01 . 2012-06-18 03:01 -------- d-----w- c:\programdata\Babylon 2012-06-18 02:59 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2012-06-18 02:59 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll 2012-06-18 02:59 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll 2012-06-18 02:59 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll 2012-06-18 02:59 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-06-18 02:59 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll 2012-06-18 02:59 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll 2012-06-18 02:53 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll 2012-06-18 02:52 . 2011-07-16 05:21 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll 2012-06-18 02:51 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll 2012-06-18 02:51 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll 2012-06-18 02:51 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll 2012-06-18 02:50 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll 2012-06-18 02:50 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll 2012-06-18 02:50 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll 2012-06-18 02:50 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll 2012-06-18 02:47 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys 2012-06-18 02:46 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl 2012-06-18 02:46 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl 2012-06-18 02:46 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll 2012-06-18 02:45 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll 2012-06-18 02:45 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll 2012-06-18 02:42 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll 2012-06-18 02:42 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll 2012-06-18 02:42 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys 2012-06-18 02:29 . 2012-06-20 12:43 -------- d-----w- c:\programdata\clear.fi 2012-06-18 02:26 . 2012-06-18 02:26 -------- d-----w- c:\programdata\SeriousBit 2012-06-18 02:25 . 2011-05-18 20:57 41256 ----a-w- c:\windows\system32\drivers\nbdrv.sys 2012-06-18 02:25 . 2012-06-18 02:26 -------- d-----w- c:\program files\NetBalancer 2012-06-18 02:20 . 2012-06-18 02:20 -------- d-----w- c:\program files (x86)\DSUtilities 2012-06-18 02:20 . 2004-03-09 05:00 609824 ----a-w- c:\windows\SysWow64\ComCtl32.ocx 2012-06-18 02:17 . 2012-06-18 02:17 -------- d-----w- c:\programdata\Hewlett-Packard 2012-06-18 02:17 . 2009-07-14 01:41 230400 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpzppw71.dll 2012-06-18 02:07 . 2012-06-18 02:07 -------- d-----w- c:\programdata\OEM_E471269A730D 2012-06-18 02:07 . 2012-06-18 02:07 -------- d-----w- c:\program files (x86)\Times Reader 2012-06-18 02:07 . 2012-06-18 02:07 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR 2012-06-18 02:06 . 2012-06-18 02:09 -------- d-----w- c:\users\jerry 2012-06-18 02:06 . 2012-06-18 02:06 -------- d-----w- C:\Recovery 2012-06-17 22:57 . 2012-06-20 05:39 -------- d-----w- C:\TDSSKiller_Quarantine 2012-06-15 11:25 . 2012-06-15 23:40 -------- d-----w- C:\SRN Micro 2012-06-12 01:31 . 2012-06-20 04:24 4096 --sh--r- C:\RESCUMBR.BIN . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-18 04:34 . 2011-08-26 09:33 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-06-18 02:51 . 2011-03-29 01:36 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hnFAPAlert"="c:\program files (x86)\DSUtilities\hnFAP-Alert\hnFAPAlert.exe" [2011-10-19 139264] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2011-06-21 341360] "BackupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" [2011-04-24 297280] "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-07-01 1103440] "Dolby Advanced Audio v2"="c:\dolby pcee4\pcee4.exe" [2011-02-03 506712] "ArcadeMovieService"="c:\program files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" [2011-05-10 177448] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288] "Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-01-30 821144] "Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-01-30 36760] "AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 DriveClone Network Client IBP;DriveClone Network Client IBP;c:\program files\FarStone\RestoreIT 7\IBP\fsloader.exe [2009-08-18 126976] R2 initMonitor;Windows Server Initialization Service;c:\program files\Windows Server\Bin\SharedServiceHost.exe [2011-03-02 30592] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [x] R2 NetBalancer Windows Service;NetBalancer Windows Service;c:\program files\NetBalancer\SeriousBit.NetBalancer.Service.exe [2012-02-16 10240] R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x] R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x] R3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [x] R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x] R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x] R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x] R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x] R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2011-06-21 173424] R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x] R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x] S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x] S0 VVBackd5;VVBackd5; [x] S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [x] S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x] S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x] S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x] S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x] S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x] S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 arXfrSvc;Windows Server Media Center TV Archive Transfer Service;c:\program files\Windows Server\Bin\Microsoft.HomeServer.Archive.TransferService.exe [2011-03-02 79744] S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-08-02 103584] S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2012\avgfws.exe [2011-11-23 2391832] S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248] S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776] S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2011-07-01 353360] S2 ePowerSvc;ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2011-08-02 872552] S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2011-05-30 36456] S2 HCDisk;HCDisk; [x] S2 HealthAlertsSvc;Windows Server Health Service;c:\program files\Windows Server\Bin\SharedServiceHost.exe [2011-03-02 30592] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-13 13336] S2 LANConfig;Windows Server LAN Configuration;c:\program files\Windows Server\Bin\LANConfigSvc.exe [2011-03-02 27520] S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2011-04-22 244624] S2 NotificationsProviderSvc;Windows Server Notifications Provider Service;c:\program files\Windows Server\Bin\SharedServiceHost.exe [2011-03-02 30592] S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2011-04-24 256832] S2 providers_system;Windows Server Download Service;c:\program files\Windows Server\Bin\SharedServiceHost.exe [2011-03-02 30592] S2 ServiceProviderRegistry;Windows Server Service Provider Registry;c:\program files\Windows Server\Bin\ProviderRegistryService.exe [2012-01-12 40832] S2 SqmProviderSvc;Windows Server SQM Service;c:\program files\Windows Server\Bin\SharedServiceHost.exe [2011-03-02 30592] S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-01 2656280] S2 WhsMcClient;Windows Server Media Center Client Service;c:\program files\Windows Server\Bin\WhsMcClient.exe [2011-03-02 111488] S2 WSConnectorUpdate;Windows Server Connector Update;c:\program files\Windows Server\Bin\WSConnectorUpdate.exe [2011-03-02 228736] S2 WSS_ComputerBackupProviderSvc;Windows Server Client Computer Backup Provider Service;c:\program files\Windows Server\Bin\SharedServiceHost.exe [2011-03-02 30592] S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x] S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x] S3 BackupReader;BackupReader;c:\windows\system32\DRIVERS\BackupReader.sys [x] S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x] S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x] S3 FARMNTIO;FARMNTIO;c:\windows\system32\drivers\farmntio.sys [x] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x] S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [x] S3 Nbdrv;NetBalancer;c:\windows\system32\DRIVERS\nbdrv.sys [x] . . Contents of the 'Scheduled Tasks' folder . 2012-06-20 c:\windows\Tasks\AutoKMS.job - c:\windows\AutoKMS\AutoKMS.exe [2012-06-20 04:46] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-21 167704] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-21 392472] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-21 416024] "AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-08-02 961184] "AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-08-02 798880] "IntelTBRunOnce"="wscript.exe" [2009-07-14 168960] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-10 11785832] "RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-03-09 2189416] "Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-08-02 1831016] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uStart Page = hxxp://acer.msn.com uLocal Page = c:\windows\system32\blank.htm mStart Page = hxxp://acer.msn.com mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 66.82.4.8 66.82.4.12 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Toolbar-Locked - (no file) HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe HKLM-Run-Launchpad - c:\program files (x86)\Windows Server\Bin\Launchpad.exe AddRemove-WTA-209b9556-d362-4c24-9f12-6fc537e8f570 - c:\program files (x86)\Acer Games\Build-a-lot 4 - Power Source\uninstall\uninstaller.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-06-20 15:17:40 ComboFix-quarantined-files.txt 2012-06-20 19:17 . Pre-Run: 497,149,812,736 bytes free Post-Run: 497,544,286,208 bytes free . - - End Of File - - 0C44A8CF59738E0388D0193378AF3090

Attached is the report that was created by TDSKiller. It only found a piece of software that was downloaded after the rootkit started. It was installed to help watch/try to find out what it was. TDSKiller report: 00:16:13.0578 8356 TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31 00:16:15.0588 8356 ============================================================ 00:16:15.0588 8356 Current date / time: 2012/06/20 00:16:15.0588 00:16:15.0588 8356 SystemInfo: 00:16:15.0588 8356 00:16:15.0588 8356 OS Version: 6.1.7601 ServicePack: 1.0 00:16:15.0588 8356 Product type: Workstation 00:16:15.0588 8356 ComputerName: LAPTOP 00:16:15.0588 8356 UserName: jerry 00:16:15.0588 8356 Windows directory: C:\Windows 00:16:15.0588 8356 System windows directory: C:\Windows 00:16:15.0588 8356 Running under WOW64 00:16:15.0588 8356 Processor architecture: Intel x64 00:16:15.0588 8356 Number of processors: 4 00:16:15.0588 8356 Page size: 0x1000 00:16:15.0588 8356 Boot type: Normal boot 00:16:15.0588 8356 ============================================================ 00:16:16.0297 8356 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 00:16:16.0307 8356 Drive \Device\Harddisk1\DR1 - Size: 0x1D11B0000 (7.27 Gb), SectorSize: 0x200, Cylinders: 0x3B4, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 00:16:16.0312 8356 ============================================================ 00:16:16.0313 8356 \Device\Harddisk0\DR0: 00:16:16.0313 8356 MBR partitions: 00:16:16.0313 8356 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2000800, BlocksNum 0x32000 00:16:16.0313 8356 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2032800, BlocksNum 0x48825000 00:16:16.0313 8356 \Device\Harddisk1\DR1: 00:16:16.0314 8356 MBR partitions: 00:16:16.0314 8356 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x1F80, BlocksNum 0xE86E00 00:16:16.0314 8356 ============================================================ 00:16:16.0402 8356 C: <-> \Device\Harddisk0\DR0\Partition1 00:16:16.0402 8356 ============================================================ 00:16:16.0402 8356 Initialize success 00:16:16.0402 8356 ============================================================ 00:16:36.0296 8252 ============================================================ 00:16:36.0296 8252 Scan started 00:16:36.0296 8252 Mode: Manual; SigCheck; TDLFS; 00:16:36.0296 8252 ============================================================ 00:16:36.0768 8252 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys 00:16:36.0934 8252 1394ohci - ok 00:16:37.0000 8252 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 00:16:37.0016 8252 ACPI - ok 00:16:37.0049 8252 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 00:16:37.0140 8252 AcpiPmi - ok 00:16:37.0250 8252 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys 00:16:37.0318 8252 adp94xx - ok 00:16:37.0388 8252 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys 00:16:37.0457 8252 adpahci - ok 00:16:37.0508 8252 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys 00:16:37.0578 8252 adpu320 - ok 00:16:37.0629 8252 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll 00:16:37.0808 8252 AeLookupSvc - ok 00:16:37.0868 8252 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys 00:16:37.0929 8252 AFD - ok 00:16:37.0982 8252 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 00:16:38.0026 8252 agp440 - ok 00:16:38.0063 8252 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe 00:16:38.0096 8252 ALG - ok 00:16:38.0139 8252 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 00:16:38.0173 8252 aliide - ok 00:16:38.0192 8252 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 00:16:38.0206 8252 amdide - ok 00:16:38.0240 8252 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys 00:16:38.0283 8252 AmdK8 - ok 00:16:38.0314 8252 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys 00:16:38.0352 8252 AmdPPM - ok 00:16:38.0372 8252 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys 00:16:38.0418 8252 amdsata - ok 00:16:38.0447 8252 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys 00:16:38.0472 8252 amdsbs - ok 00:16:38.0492 8252 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys 00:16:38.0501 8252 amdxata - ok 00:16:38.0520 8252 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 00:16:38.0718 8252 AppID - ok 00:16:38.0747 8252 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll 00:16:38.0806 8252 AppIDSvc - ok 00:16:38.0833 8252 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll 00:16:38.0883 8252 Appinfo - ok 00:16:38.0914 8252 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys 00:16:38.0925 8252 arc - ok 00:16:38.0943 8252 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys 00:16:38.0954 8252 arcsas - ok 00:16:39.0103 8252 arXfrSvc (5820df4e8da29ada5872708c4f46ecad) C:\Program Files\Windows Server\Bin\Microsoft.HomeServer.Archive.TransferService.exe 00:16:39.0120 8252 arXfrSvc - ok 00:16:39.0397 8252 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 00:16:39.0438 8252 aspnet_state - ok 00:16:39.0465 8252 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 00:16:39.0526 8252 AsyncMac - ok 00:16:39.0581 8252 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 00:16:39.0600 8252 atapi - ok 00:16:39.0632 8252 AthBTPort (185f180536188c1a4ed605234721a5b9) C:\Windows\system32\DRIVERS\btath_flt.sys 00:16:39.0654 8252 AthBTPort - ok 00:16:39.0720 8252 AtherosSvc (944d401b4db9c64e78e9edb6690f7368) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe 00:16:39.0741 8252 AtherosSvc - ok 00:16:39.0958 8252 athr (de9fb3dade8fd39ae2c587df22d36b8e) C:\Windows\system32\DRIVERS\athrx.sys 00:16:40.0130 8252 athr - ok 00:16:40.0312 8252 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 00:16:40.0380 8252 AudioEndpointBuilder - ok 00:16:40.0385 8252 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 00:16:40.0417 8252 AudioSrv - ok 00:16:40.0473 8252 Avgfwfd (96b4456f1dca4eda506ed31c7d2d6b05) C:\Windows\system32\DRIVERS\avgfwd6a.sys 00:16:40.0513 8252 Avgfwfd - ok 00:16:40.0865 8252 avgfws (5cd22eb540f82c70e33e530003f3903b) C:\Program Files (x86)\AVG\AVG2012\avgfws.exe 00:16:40.0996 8252 avgfws - ok 00:16:41.0307 8252 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe 00:16:41.0471 8252 AVGIDSAgent - ok 00:16:41.0626 8252 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys 00:16:41.0652 8252 AVGIDSDriver - ok 00:16:41.0699 8252 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys 00:16:41.0721 8252 AVGIDSEH - ok 00:16:41.0756 8252 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys 00:16:41.0770 8252 AVGIDSFilter - ok 00:16:41.0857 8252 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys 00:16:41.0934 8252 Avgldx64 - ok 00:16:41.0963 8252 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys 00:16:41.0993 8252 Avgmfx64 - ok 00:16:42.0022 8252 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys 00:16:42.0033 8252 Avgrkx64 - ok 00:16:42.0096 8252 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys 00:16:42.0138 8252 Avgtdia - ok 00:16:42.0318 8252 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe 00:16:42.0347 8252 avgwd - ok 00:16:42.0401 8252 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll 00:16:42.0479 8252 AxInstSV - ok 00:16:42.0570 8252 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys 00:16:42.0632 8252 b06bdrv - ok 00:16:42.0695 8252 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 00:16:42.0753 8252 b57nd60a - ok 00:16:42.0802 8252 BackupReader (7729395761f4061a643b573bf7f19aa8) C:\Windows\system32\DRIVERS\BackupReader.sys 00:16:42.0834 8252 BackupReader - ok 00:16:43.0294 8252 BCM43XX (11f844b46b631337395651abe9c4167b) C:\Windows\system32\DRIVERS\bcmwl664.sys 00:16:43.0484 8252 BCM43XX - ok 00:16:43.0624 8252 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll 00:16:43.0672 8252 BDESVC - ok 00:16:43.0726 8252 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 00:16:43.0810 8252 Beep - ok 00:16:43.0910 8252 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll 00:16:43.0959 8252 BFE - ok 00:16:44.0051 8252 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll 00:16:44.0133 8252 BITS - ok 00:16:44.0219 8252 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys 00:16:44.0247 8252 blbdrive - ok 00:16:44.0269 8252 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 00:16:44.0318 8252 bowser - ok 00:16:44.0337 8252 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys 00:16:44.0368 8252 BrFiltLo - ok 00:16:44.0380 8252 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys 00:16:44.0394 8252 BrFiltUp - ok 00:16:44.0439 8252 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll 00:16:44.0487 8252 Browser - ok 00:16:44.0527 8252 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 00:16:44.0584 8252 Brserid - ok 00:16:44.0591 8252 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 00:16:44.0611 8252 BrSerWdm - ok 00:16:44.0614 8252 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 00:16:44.0626 8252 BrUsbMdm - ok 00:16:44.0629 8252 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 00:16:44.0645 8252 BrUsbSer - ok 00:16:44.0712 8252 BTATH_A2DP (d74a81ccf0372c955862692b7af272c9) C:\Windows\system32\drivers\btath_a2dp.sys 00:16:44.0768 8252 BTATH_A2DP - ok 00:16:44.0795 8252 btath_avdt (3118072d09daa1961a9f6549a4e8433a) C:\Windows\system32\drivers\btath_avdt.sys 00:16:44.0832 8252 btath_avdt - ok 00:16:44.0866 8252 BTATH_BUS (e6b734a37ade36fe1a77035f4e484c8c) C:\Windows\system32\DRIVERS\btath_bus.sys 00:16:44.0875 8252 BTATH_BUS - ok 00:16:44.0921 8252 BTATH_HCRP (fb3833e63ff602b69c2ff085846dcf43) C:\Windows\system32\DRIVERS\btath_hcrp.sys 00:16:44.0951 8252 BTATH_HCRP - ok 00:16:44.0996 8252 BTATH_LWFLT (8008d892a2bda67eefbe25e14eb5dc83) C:\Windows\system32\DRIVERS\btath_lwflt.sys 00:16:45.0018 8252 BTATH_LWFLT - ok 00:16:45.0072 8252 BTATH_RCP (58535686697e5e82ec3a87938ac3da54) C:\Windows\system32\DRIVERS\btath_rcp.sys 00:16:45.0108 8252 BTATH_RCP - ok 00:16:45.0186 8252 BtFilter (3df6c4913a683c76f29f376ee814221e) C:\Windows\system32\DRIVERS\btfilter.sys 00:16:45.0255 8252 BtFilter - ok 00:16:45.0290 8252 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys 00:16:45.0344 8252 BthEnum - ok 00:16:45.0390 8252 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys 00:16:45.0414 8252 BTHMODEM - ok 00:16:45.0452 8252 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys 00:16:45.0486 8252 BthPan - ok 00:16:45.0549 8252 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys 00:16:45.0602 8252 BTHPORT - ok 00:16:45.0645 8252 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll 00:16:45.0712 8252 bthserv - ok 00:16:45.0738 8252 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys 00:16:45.0760 8252 BTHUSB - ok 00:16:45.0811 8252 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 00:16:45.0867 8252 cdfs - ok 00:16:45.0909 8252 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys 00:16:45.0942 8252 cdrom - ok 00:16:45.0963 8252 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 00:16:46.0010 8252 CertPropSvc - ok 00:16:46.0037 8252 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys 00:16:46.0050 8252 circlass - ok 00:16:46.0104 8252 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 00:16:46.0140 8252 CLFS - ok 00:16:46.0195 8252 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 00:16:46.0227 8252 clr_optimization_v2.0.50727_32 - ok 00:16:46.0276 8252 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 00:16:46.0304 8252 clr_optimization_v2.0.50727_64 - ok 00:16:46.0533 8252 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 00:16:46.0557 8252 clr_optimization_v4.0.30319_32 - ok 00:16:46.0774 8252 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 00:16:46.0797 8252 clr_optimization_v4.0.30319_64 - ok 00:16:46.0833 8252 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys 00:16:46.0865 8252 CmBatt - ok 00:16:46.0880 8252 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 00:16:46.0897 8252 cmdide - ok 00:16:46.0974 8252 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys 00:16:47.0121 8252 CNG - ok 00:16:47.0154 8252 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys 00:16:47.0168 8252 Compbatt - ok 00:16:47.0204 8252 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys 00:16:47.0241 8252 CompositeBus - ok 00:16:47.0258 8252 COMSysApp - ok 00:16:47.0277 8252 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys 00:16:47.0289 8252 crcdisk - ok 00:16:47.0343 8252 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll 00:16:47.0383 8252 CryptSvc - ok 00:16:47.0455 8252 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 00:16:47.0535 8252 DcomLaunch - ok 00:16:47.0609 8252 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll 00:16:47.0679 8252 defragsvc - ok 00:16:47.0714 8252 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 00:16:47.0766 8252 DfsC - ok 00:16:47.0823 8252 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll 00:16:47.0920 8252 Dhcp - ok 00:16:47.0939 8252 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 00:16:47.0980 8252 discache - ok 00:16:48.0016 8252 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys 00:16:48.0026 8252 Disk - ok 00:16:48.0055 8252 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll 00:16:48.0106 8252 Dnscache - ok 00:16:48.0155 8252 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll 00:16:48.0193 8252 dot3svc - ok 00:16:48.0209 8252 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll 00:16:48.0247 8252 DPS - ok 00:16:48.0283 8252 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 00:16:48.0313 8252 drmkaud - ok 00:16:48.0405 8252 DsiWMIService (9dd3a22f804697606c2b7ff9e912ff6b) C:\Program Files (x86)\Launch Manager\dsiwmis.exe 00:16:48.0441 8252 DsiWMIService - ok 00:16:48.0532 8252 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 00:16:48.0576 8252 DXGKrnl - ok 00:16:48.0614 8252 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll 00:16:48.0657 8252 EapHost - ok 00:16:48.0890 8252 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys 00:16:49.0021 8252 ebdrv - ok 00:16:49.0133 8252 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe 00:16:49.0195 8252 EFS - ok 00:16:49.0296 8252 EgisTec Ticket Service (5332ec2ba1c112bd4bb1f38127848fef) C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe 00:16:49.0363 8252 EgisTec Ticket Service - ok 00:16:49.0475 8252 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe 00:16:49.0574 8252 ehRecvr - ok 00:16:49.0606 8252 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe 00:16:49.0623 8252 ehSched - ok 00:16:49.0745 8252 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys 00:16:49.0824 8252 elxstor - ok 00:16:49.0977 8252 ePowerSvc (48425c93b6f36529707206e4fa680cf3) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe 00:16:50.0017 8252 ePowerSvc - ok 00:16:50.0124 8252 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 00:16:50.0162 8252 ErrDev - ok 00:16:50.0226 8252 ETD (9d8739a2a2173c9d27c499a3fc6eda3f) C:\Windows\system32\DRIVERS\ETD.sys 00:16:50.0295 8252 ETD - ok 00:16:50.0366 8252 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll 00:16:50.0428 8252 EventSystem - ok 00:16:50.0509 8252 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 00:16:50.0590 8252 exfat - ok 00:16:50.0633 8252 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 00:16:50.0724 8252 fastfat - ok 00:16:50.0799 8252 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe 00:16:50.0853 8252 Fax - ok 00:16:50.0881 8252 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys 00:16:50.0907 8252 fdc - ok 00:16:50.0929 8252 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll 00:16:50.0967 8252 fdPHost - ok 00:16:50.0987 8252 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll 00:16:51.0014 8252 FDResPub - ok 00:16:51.0039 8252 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 00:16:51.0048 8252 FileInfo - ok 00:16:51.0059 8252 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 00:16:51.0105 8252 Filetrace - ok 00:16:51.0224 8252 FLEXnet Licensing Service (bb0667b0171b632b97ea759515476f07) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe 00:16:51.0292 8252 FLEXnet Licensing Service - ok 00:16:51.0337 8252 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys 00:16:51.0350 8252 flpydisk - ok 00:16:51.0374 8252 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 00:16:51.0392 8252 FltMgr - ok 00:16:51.0504 8252 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll 00:16:51.0581 8252 FontCache - ok 00:16:51.0649 8252 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 00:16:51.0686 8252 FontCache3.0.0.0 - ok 00:16:51.0726 8252 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 00:16:51.0746 8252 FsDepends - ok 00:16:51.0776 8252 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys 00:16:51.0794 8252 Fs_Rec - ok 00:16:51.0826 8252 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 00:16:51.0857 8252 fvevol - ok 00:16:51.0882 8252 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys 00:16:51.0891 8252 gagp30kx - ok 00:16:51.0988 8252 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll 00:16:52.0072 8252 gpsvc - ok 00:16:52.0134 8252 GREGService (c9b2d1d3f86fd3673ef847def73b6f9e) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe 00:16:52.0155 8252 GREGService - ok 00:16:52.0188 8252 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 00:16:52.0267 8252 hcw85cir - ok 00:16:52.0334 8252 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys 00:16:52.0395 8252 HdAudAddService - ok 00:16:52.0443 8252 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys 00:16:52.0483 8252 HDAudBus - ok 00:16:52.0638 8252 HealthAlertsSvc (d319a833ec173ad83c67885b3ed6c71c) C:\Program Files\Windows Server\Bin\SharedServiceHost.exe 00:16:52.0657 8252 HealthAlertsSvc - ok 00:16:52.0692 8252 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys 00:16:52.0725 8252 HidBatt - ok 00:16:52.0747 8252 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys 00:16:52.0782 8252 HidBth - ok 00:16:52.0788 8252 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys 00:16:52.0806 8252 HidIr - ok 00:16:52.0838 8252 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll 00:16:52.0885 8252 hidserv - ok 00:16:52.0918 8252 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys 00:16:52.0928 8252 HidUsb - ok 00:16:52.0969 8252 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll 00:16:53.0042 8252 hkmsvc - ok 00:16:53.0076 8252 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll 00:16:53.0135 8252 HomeGroupListener - ok 00:16:53.0186 8252 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll 00:16:53.0252 8252 HomeGroupProvider - ok 00:16:53.0309 8252 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 00:16:53.0341 8252 HpSAMD - ok 00:16:53.0412 8252 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 00:16:53.0487 8252 HTTP - ok 00:16:53.0490 8252 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 00:16:53.0502 8252 hwpolicy - ok 00:16:53.0529 8252 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys 00:16:53.0543 8252 i8042prt - ok 00:16:53.0608 8252 iaStor (d469b77687e12fe43e344806740b624d) C:\Windows\system32\drivers\iaStor.sys 00:16:53.0631 8252 iaStor - ok 00:16:53.0688 8252 IAStorDataMgrSvc (983fc69644ddf0486c8dfea262948d1a) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe 00:16:53.0710 8252 IAStorDataMgrSvc - ok 00:16:53.0774 8252 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys 00:16:53.0822 8252 iaStorV - ok 00:16:53.0945 8252 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 00:16:54.0000 8252 idsvc - ok 00:16:54.0686 8252 igfx (9937600a1584ff00565d5379eb4c9edb) C:\Windows\system32\DRIVERS\igdkmd64.sys 00:16:55.0120 8252 igfx - ok 00:16:55.0266 8252 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys 00:16:55.0287 8252 iirsp - ok 00:16:55.0380 8252 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll 00:16:55.0439 8252 IKEEXT - ok 00:16:55.0593 8252 initMonitor (d319a833ec173ad83c67885b3ed6c71c) C:\Program Files\Windows Server\Bin\SharedServiceHost.exe 00:16:55.0606 8252 initMonitor - ok 00:16:55.0824 8252 IntcAzAudAddService (b60accd29f8fafc4a6344cd2bd5ca3a5) C:\Windows\system32\drivers\RTKVHD64.sys 00:16:55.0926 8252 IntcAzAudAddService - ok 00:16:56.0086 8252 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys 00:16:56.0182 8252 IntcDAud - ok 00:16:56.0220 8252 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 00:16:56.0236 8252 intelide - ok 00:16:56.0269 8252 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 00:16:56.0301 8252 intelppm - ok 00:16:56.0350 8252 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll 00:16:56.0383 8252 IPBusEnum - ok 00:16:56.0427 8252 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 00:16:56.0475 8252 IpFilterDriver - ok 00:16:56.0538 8252 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll 00:16:56.0610 8252 iphlpsvc - ok 00:16:56.0618 8252 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 00:16:56.0638 8252 IPMIDRV - ok 00:16:56.0649 8252 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 00:16:56.0677 8252 IPNAT - ok 00:16:56.0701 8252 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 00:16:56.0714 8252 IRENUM - ok 00:16:56.0725 8252 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 00:16:56.0742 8252 isapnp - ok 00:16:56.0777 8252 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 00:16:56.0802 8252 iScsiPrt - ok 00:16:56.0836 8252 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys 00:16:56.0863 8252 kbdclass - ok 00:16:56.0874 8252 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys 00:16:56.0887 8252 kbdhid - ok 00:16:56.0921 8252 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 00:16:56.0929 8252 KeyIso - ok 00:16:56.0945 8252 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys 00:16:56.0955 8252 KSecDD - ok 00:16:56.0986 8252 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys 00:16:57.0021 8252 KSecPkg - ok 00:16:57.0050 8252 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 00:16:57.0102 8252 ksthunk - ok 00:16:57.0171 8252 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll 00:16:57.0268 8252 KtmRm - ok 00:16:57.0320 8252 L1C (0e154da6ca9105354a07d0c576804037) C:\Windows\system32\DRIVERS\L1C62x64.sys 00:16:57.0379 8252 L1C - ok 00:16:57.0512 8252 LANConfig (f11ff47203538dd145faf56a4daf5d75) C:\Program Files\Windows Server\Bin\LANConfigSvc.exe 00:16:57.0533 8252 LANConfig - ok 00:16:57.0596 8252 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll 00:16:57.0665 8252 LanmanServer - ok 00:16:57.0713 8252 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll 00:16:57.0779 8252 LanmanWorkstation - ok 00:16:57.0856 8252 Live Updater Service (b705c7097f9a0ec941d02dce7c7d426c) C:\Program Files\Acer\Acer Updater\UpdaterService.exe 00:16:57.0887 8252 Live Updater Service - ok 00:16:57.0921 8252 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 00:16:58.0001 8252 lltdio - ok 00:16:58.0055 8252 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll 00:16:58.0151 8252 lltdsvc - ok 00:16:58.0172 8252 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll 00:16:58.0200 8252 lmhosts - ok 00:16:58.0338 8252 LMS (50c7ce53ef461870410355f1f2e7d515) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe 00:16:58.0370 8252 LMS - ok 00:16:58.0415 8252 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys 00:16:58.0429 8252 LSI_FC - ok 00:16:58.0455 8252 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys 00:16:58.0469 8252 LSI_SAS - ok 00:16:58.0477 8252 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys 00:16:58.0490 8252 LSI_SAS2 - ok 00:16:58.0509 8252 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys 00:16:58.0541 8252 LSI_SCSI - ok 00:16:58.0570 8252 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 00:16:58.0668 8252 luafv - ok 00:16:58.0671 8252 McAfee SiteAdvisor Service - ok 00:16:58.0706 8252 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll 00:16:58.0728 8252 Mcx2Svc - ok 00:16:58.0733 8252 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys 00:16:58.0741 8252 megasas - ok 00:16:58.0786 8252 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys 00:16:58.0824 8252 MegaSR - ok 00:16:58.0869 8252 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\drivers\HECIx64.sys 00:16:58.0895 8252 MEIx64 - ok 00:16:58.0914 8252 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 00:16:58.0944 8252 MMCSS - ok 00:16:58.0958 8252 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 00:16:58.0996 8252 Modem - ok 00:16:59.0035 8252 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 00:16:59.0067 8252 monitor - ok 00:16:59.0082 8252 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 00:16:59.0098 8252 mouclass - ok 00:16:59.0120 8252 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\drivers\mouhid.sys 00:16:59.0153 8252 mouhid - ok 00:16:59.0193 8252 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 00:16:59.0210 8252 mountmgr - ok 00:16:59.0241 8252 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 00:16:59.0272 8252 mpio - ok 00:16:59.0280 8252 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 00:16:59.0312 8252 mpsdrv - ok 00:16:59.0406 8252 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll 00:16:59.0495 8252 MpsSvc - ok 00:16:59.0509 8252 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 00:16:59.0540 8252 MRxDAV - ok 00:16:59.0554 8252 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys 00:16:59.0593 8252 mrxsmb - ok 00:16:59.0653 8252 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys 00:16:59.0713 8252 mrxsmb10 - ok 00:16:59.0726 8252 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 00:16:59.0742 8252 mrxsmb20 - ok 00:16:59.0769 8252 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 00:16:59.0778 8252 msahci - ok 00:16:59.0792 8252 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 00:16:59.0835 8252 msdsm - ok 00:16:59.0879 8252 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe 00:16:59.0927 8252 MSDTC - ok 00:16:59.0951 8252 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 00:16:59.0997 8252 Msfs - ok 00:17:00.0015 8252 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 00:17:00.0057 8252 mshidkmdf - ok 00:17:00.0060 8252 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 00:17:00.0069 8252 msisadrv - ok 00:17:00.0116 8252 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll 00:17:00.0202 8252 MSiSCSI - ok 00:17:00.0205 8252 msiserver - ok 00:17:00.0234 8252 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 00:17:00.0277 8252 MSKSSRV - ok 00:17:00.0289 8252 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 00:17:00.0331 8252 MSPCLOCK - ok 00:17:00.0356 8252 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 00:17:00.0398 8252 MSPQM - ok 00:17:00.0430 8252 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 00:17:00.0445 8252 MsRPC - ok 00:17:00.0450 8252 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys 00:17:00.0460 8252 mssmbios - ok 00:17:00.0491 8252 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 00:17:00.0537 8252 MSTEE - ok 00:17:00.0550 8252 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys 00:17:00.0560 8252 MTConfig - ok 00:17:00.0567 8252 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 00:17:00.0576 8252 Mup - ok 00:17:00.0579 8252 mwlPSDFilter (c009123b206c56854f4e88596035231d) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys 00:17:00.0587 8252 mwlPSDFilter - ok 00:17:00.0608 8252 mwlPSDNServ (bf3739eeb9f008b1debac115089a53f8) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys 00:17:00.0666 8252 mwlPSDNServ - ok 00:17:00.0677 8252 mwlPSDVDisk (38dd143d95e7a01b86f219dda9c28779) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys 00:17:00.0690 8252 mwlPSDVDisk - ok 00:17:00.0759 8252 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll 00:17:00.0836 8252 napagent - ok 00:17:00.0920 8252 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 00:17:00.0974 8252 NativeWifiP - ok 00:17:01.0030 8252 Nbdrv (37bfe7ce56133f2e8e90ef68157d73c8) C:\Windows\system32\DRIVERS\nbdrv.sys 00:17:01.0093 8252 Nbdrv - ok 00:17:01.0243 8252 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys 00:17:01.0282 8252 NDIS - ok 00:17:01.0313 8252 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 00:17:01.0342 8252 NdisCap - ok 00:17:01.0357 8252 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 00:17:01.0383 8252 NdisTapi - ok 00:17:01.0402 8252 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 00:17:01.0440 8252 Ndisuio - ok 00:17:01.0455 8252 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 00:17:01.0488 8252 NdisWan - ok 00:17:01.0505 8252 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 00:17:01.0530 8252 NDProxy - ok 00:17:01.0591 8252 NetBalancer Windows Service (bc4a5463cdab54967671f500d5f2c79d) C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Service.exe 00:17:01.0624 8252 NetBalancer Windows Service ( UnsignedFile.Multi.Generic ) - warning 00:17:01.0624 8252 NetBalancer Windows Service - detected UnsignedFile.Multi.Generic (1) 00:17:01.0630 8252 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 00:17:01.0663 8252 NetBIOS - ok 00:17:01.0685 8252 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 00:17:01.0715 8252 NetBT - ok 00:17:01.0743 8252 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 00:17:01.0753 8252 Netlogon - ok 00:17:01.0815 8252 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll 00:17:01.0891 8252 Netman - ok 00:17:02.0162 8252 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 00:17:02.0186 8252 NetMsmqActivator - ok 00:17:02.0198 8252 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 00:17:02.0212 8252 NetPipeActivator - ok 00:17:02.0280 8252 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll 00:17:02.0437 8252 netprofm - ok 00:17:02.0440 8252 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 00:17:02.0451 8252 NetTcpActivator - ok 00:17:02.0453 8252 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 00:17:02.0461 8252 NetTcpPortSharing - ok 00:17:02.0531 8252 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys 00:17:02.0564 8252 nfrd960 - ok 00:17:02.0618 8252 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll 00:17:02.0673 8252 NlaSvc - ok 00:17:02.0816 8252 NotificationsProviderSvc (d319a833ec173ad83c67885b3ed6c71c) C:\Program Files\Windows Server\Bin\SharedServiceHost.exe 00:17:02.0838 8252 NotificationsProviderSvc - ok 00:17:02.0856 8252 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 00:17:02.0887 8252 Npfs - ok 00:17:02.0904 8252 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll 00:17:02.0942 8252 nsi - ok 00:17:02.0962 8252 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 00:17:03.0007 8252 nsiproxy - ok 00:17:03.0151 8252 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys 00:17:03.0235 8252 Ntfs - ok 00:17:03.0318 8252 NTI IScheduleSvc (1873214666f6f0a883742df91fbc48c9) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe 00:17:03.0353 8252 NTI IScheduleSvc - ok 00:17:03.0463 8252 NTIDrvr (ee3ba1024594d5d09e314f206b94069e) C:\Windows\system32\drivers\NTIDrvr.sys 00:17:03.0486 8252 NTIDrvr - ok 00:17:03.0491 8252 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 00:17:03.0524 8252 Null - ok 00:17:03.0570 8252 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys 00:17:03.0620 8252 nvraid - ok 00:17:03.0636 8252 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys 00:17:03.0655 8252 nvstor - ok 00:17:03.0681 8252 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 00:17:03.0713 8252 nv_agp - ok 00:17:03.0721 8252 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 00:17:03.0745 8252 ohci1394 - ok 00:17:03.0799 8252 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 00:17:03.0864 8252 p2pimsvc - ok 00:17:03.0934 8252 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll 00:17:03.0984 8252 p2psvc - ok 00:17:03.0994 8252 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys 00:17:04.0009 8252 Parport - ok 00:17:04.0043 8252 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys 00:17:04.0067 8252 partmgr - ok 00:17:04.0086 8252 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll 00:17:04.0122 8252 PcaSvc - ok 00:17:04.0163 8252 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 00:17:04.0205 8252 pci - ok 00:17:04.0228 8252 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 00:17:04.0239 8252 pciide - ok 00:17:04.0283 8252 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys 00:17:04.0318 8252 pcmcia - ok 00:17:04.0325 8252 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 00:17:04.0340 8252 pcw - ok 00:17:04.0382 8252 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 00:17:04.0431 8252 PEAUTH - ok 00:17:04.0516 8252 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe 00:17:04.0555 8252 PerfHost - ok 00:17:04.0697 8252 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll 00:17:04.0795 8252 pla - ok 00:17:04.0871 8252 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll 00:17:04.0936 8252 PlugPlay - ok 00:17:04.0963 8252 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll 00:17:04.0994 8252 PNRPAutoReg - ok 00:17:05.0045 8252 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 00:17:05.0074 8252 PNRPsvc - ok 00:17:05.0142 8252 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll 00:17:05.0211 8252 PolicyAgent - ok 00:17:05.0229 8252 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll 00:17:05.0262 8252 Power - ok 00:17:05.0334 8252 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 00:17:05.0422 8252 PptpMiniport - ok 00:17:05.0442 8252 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys 00:17:05.0462 8252 Processor - ok 00:17:05.0508 8252 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll 00:17:05.0563 8252 ProfSvc - ok 00:17:05.0587 8252 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 00:17:05.0601 8252 ProtectedStorage - ok 00:17:05.0738 8252 providers_system (d319a833ec173ad83c67885b3ed6c71c) C:\Program Files\Windows Server\Bin\SharedServiceHost.exe 00:17:05.0755 8252 providers_system - ok 00:17:05.0808 8252 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 00:17:05.0858 8252 Psched - ok 00:17:06.0006 8252 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys 00:17:06.0098 8252 ql2300 - ok 00:17:06.0225 8252 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys 00:17:06.0271 8252 ql40xx - ok 00:17:06.0315 8252 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll 00:17:06.0354 8252 QWAVE - ok 00:17:06.0373 8252 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 00:17:06.0408 8252 QWAVEdrv - ok 00:17:06.0428 8252 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 00:17:06.0469 8252 RasAcd - ok 00:17:06.0516 8252 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 00:17:06.0579 8252 RasAgileVpn - ok 00:17:06.0589 8252 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll 00:17:06.0639 8252 RasAuto - ok 00:17:06.0668 8252 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 00:17:06.0763 8252 Rasl2tp - ok 00:17:06.0796 8252 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll 00:17:06.0840 8252 RasMan - ok 00:17:06.0849 8252 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 00:17:06.0881 8252 RasPppoe - ok 00:17:06.0904 8252 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 00:17:06.0941 8252 RasSstp - ok 00:17:06.0969 8252 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 00:17:06.0999 8252 rdbss - ok 00:17:07.0019 8252 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys 00:17:07.0031 8252 rdpbus - ok 00:17:07.0035 8252 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 00:17:07.0073 8252 RDPCDD - ok 00:17:07.0086 8252 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 00:17:07.0127 8252 RDPENCDD - ok 00:17:07.0131 8252 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 00:17:07.0158 8252 RDPREFMP - ok 00:17:07.0206 8252 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys 00:17:07.0277 8252 RDPWD - ok 00:17:07.0323 8252 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 00:17:07.0344 8252 rdyboost - ok 00:17:07.0371 8252 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll 00:17:07.0417 8252 RemoteAccess - ok 00:17:07.0451 8252 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll 00:17:07.0489 8252 RemoteRegistry - ok 00:17:07.0550 8252 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys 00:17:07.0596 8252 RFCOMM - ok 00:17:07.0618 8252 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll 00:17:07.0676 8252 RpcEptMapper - ok 00:17:07.0704 8252 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe 00:17:07.0714 8252 RpcLocator - ok 00:17:07.0760 8252 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 00:17:07.0807 8252 RpcSs - ok 00:17:07.0839 8252 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 00:17:07.0869 8252 rspndr - ok 00:17:07.0939 8252 RSUSBSTOR (9beb5f18a418ff70659ce2e356829568) C:\Windows\system32\Drivers\RtsUStor.sys 00:17:08.0033 8252 RSUSBSTOR - ok 00:17:08.0065 8252 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 00:17:08.0095 8252 SamSs - ok 00:17:08.0125 8252 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 00:17:08.0140 8252 sbp2port - ok 00:17:08.0179 8252 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll 00:17:08.0225 8252 SCardSvr - ok 00:17:08.0238 8252 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 00:17:08.0278 8252 scfilter - ok 00:17:08.0399 8252 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll 00:17:08.0464 8252 Schedule - ok 00:17:08.0502 8252 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 00:17:08.0531 8252 SCPolicySvc - ok 00:17:08.0547 8252 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll 00:17:08.0579 8252 SDRSVC - ok 00:17:08.0644 8252 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 00:17:08.0710 8252 secdrv - ok 00:17:08.0726 8252 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll 00:17:08.0753 8252 seclogon - ok 00:17:08.0777 8252 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll 00:17:08.0819 8252 SENS - ok 00:17:08.0848 8252 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll 00:17:08.0884 8252 SensrSvc - ok 00:17:08.0923 8252 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys 00:17:08.0954 8252 Serenum - ok 00:17:08.0983 8252 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys 00:17:08.0994 8252 Serial - ok 00:17:09.0007 8252 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys 00:17:09.0031 8252 sermouse - ok 00:17:09.0181 8252 ServiceProviderRegistry (2af4866050e7c07132473aa5e57630eb) C:\Program Files\Windows Server\Bin\ProviderRegistryService.exe 00:17:09.0202 8252 ServiceProviderRegistry - ok 00:17:09.0236 8252 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll 00:17:09.0323 8252 SessionEnv - ok 00:17:09.0337 8252 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 00:17:09.0365 8252 sffdisk - ok 00:17:09.0384 8252 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 00:17:09.0413 8252 sffp_mmc - ok 00:17:09.0417 8252 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys 00:17:09.0429 8252 sffp_sd - ok 00:17:09.0448 8252 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys 00:17:09.0465 8252 sfloppy - ok 00:17:09.0518 8252 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll 00:17:09.0586 8252 SharedAccess - ok 00:17:09.0637 8252 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll 00:17:09.0707 8252 ShellHWDetection - ok 00:17:09.0741 8252 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys 00:17:09.0769 8252 SiSRaid2 - ok 00:17:09.0779 8252 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys 00:17:09.0793 8252 SiSRaid4 - ok 00:17:09.0814 8252 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 00:17:09.0851 8252 Smb - ok 00:17:09.0875 8252 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe 00:17:09.0906 8252 SNMPTRAP - ok 00:17:09.0922 8252 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 00:17:09.0931 8252 spldr - ok 00:17:09.0996 8252 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe 00:17:10.0048 8252 Spooler - ok 00:17:10.0287 8252 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe 00:17:10.0438 8252 sppsvc - ok 00:17:10.0553 8252 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll 00:17:10.0610 8252 sppuinotify - ok 00:17:10.0748 8252 SqmProviderSvc (d319a833ec173ad83c67885b3ed6c71c) C:\Program Files\Windows Server\Bin\SharedServiceHost.exe 00:17:10.0766 8252 SqmProviderSvc - ok 00:17:10.0830 8252 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys 00:17:10.0891 8252 srv - ok 00:17:10.0927 8252 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys 00:17:10.0958 8252 srv2 - ok 00:17:10.0977 8252 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys 00:17:11.0026 8252 srvnet - ok 00:17:11.0084 8252 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll 00:17:11.0180 8252 SSDPSRV - ok 00:17:11.0188 8252 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll 00:17:11.0220 8252 SstpSvc - ok 00:17:11.0232 8252 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys 00:17:11.0240 8252 stexstor - ok 00:17:11.0320 8252 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll 00:17:11.0367 8252 stisvc - ok 00:17:11.0383 8252 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys 00:17:11.0392 8252 swenum - ok 00:17:11.0457 8252 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll 00:17:11.0524 8252 swprv - ok 00:17:11.0669 8252 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll 00:17:11.0765 8252 SysMain - ok 00:17:11.0863 8252 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll 00:17:11.0901 8252 TabletInputService - ok 00:17:11.0945 8252 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll 00:17:12.0023 8252 TapiSrv - ok 00:17:12.0044 8252 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll 00:17:12.0073 8252 TBS - ok 00:17:12.0245 8252 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys 00:17:12.0345 8252 Tcpip - ok 00:17:12.0571 8252 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys 00:17:12.0620 8252 TCPIP6 - ok 00:17:12.0705 8252 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 00:17:12.0752 8252 tcpipreg - ok 00:17:12.0771 8252 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 00:17:12.0796 8252 TDPIPE - ok 00:17:12.0823 8252 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys 00:17:12.0851 8252 TDTCP - ok 00:17:12.0863 8252 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 00:17:12.0890 8252 tdx - ok 00:17:12.0896 8252 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys 00:17:12.0906 8252 TermDD - ok 00:17:12.0996 8252 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll 00:17:13.0123 8252 TermService - ok 00:17:13.0144 8252 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll 00:17:13.0158 8252 Themes - ok 00:17:13.0191 8252 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 00:17:13.0236 8252 THREADORDER - ok 00:17:13.0259 8252 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll 00:17:13.0345 8252 TrkWks - ok 00:17:13.0410 8252 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe 00:17:13.0469 8252 TrustedInstaller - ok 00:17:13.0493 8252 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 00:17:13.0534 8252 tssecsrv - ok 00:17:13.0577 8252 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 00:17:13.0614 8252 TsUsbFlt - ok 00:17:13.0641 8252 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys 00:17:13.0655 8252 TsUsbGD - ok 00:17:13.0706 8252 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 00:17:13.0786 8252 tunnel - ok 00:17:13.0814 8252 TurboB (fd24f98d2898be093fe926604be7db99) C:\Windows\system32\DRIVERS\TurboB.sys 00:17:13.0825 8252 TurboB - ok 00:17:13.0938 8252 TurboBoost (600b406a04d90f577fea8a88d7379f08) C:\Program Files\Intel\TurboBoost\TurboBoost.exe 00:17:13.0961 8252 TurboBoost - ok 00:17:13.0971 8252 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys 00:17:13.0983 8252 uagp35 - ok 00:17:14.0000 8252 UBHelper (a17d5e1a6df4eab0a480f2c490de4c9d) C:\Windows\system32\drivers\UBHelper.sys 00:17:14.0007 8252 UBHelper - ok 00:17:14.0067 8252 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 00:17:14.0147 8252 udfs - ok 00:17:14.0177 8252 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe 00:17:14.0191 8252 UI0Detect - ok 00:17:14.0198 8252 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 00:17:14.0209 8252 uliagpkx - ok 00:17:14.0214 8252 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys 00:17:14.0237 8252 umbus - ok 00:17:14.0274 8252 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys 00:17:14.0308 8252 UmPass - ok 00:17:14.0528 8252 UNS (374ebda379a8f38e0cfc2211611e7167) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe 00:17:14.0634 8252 UNS - ok 00:17:14.0773 8252 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll 00:17:14.0849 8252 upnphost - ok 00:17:14.0906 8252 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys 00:17:14.0947 8252 usbccgp - ok 00:17:14.0991 8252 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 00:17:15.0012 8252 usbcir - ok 00:17:15.0019 8252 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys 00:17:15.0054 8252 usbehci - ok 00:17:15.0099 8252 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\drivers\usbhub.sys 00:17:15.0113 8252 usbhub - ok 00:17:15.0135 8252 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys 00:17:15.0157 8252 usbohci - ok 00:17:15.0177 8252 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys 00:17:15.0194 8252 usbprint - ok 00:17:15.0205 8252 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS 00:17:15.0242 8252 USBSTOR - ok 00:17:15.0269 8252 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys 00:17:15.0292 8252 usbuhci - ok 00:17:15.0330 8252 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys 00:17:15.0346 8252 usbvideo - ok 00:17:15.0371 8252 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll 00:17:15.0411 8252 UxSms - ok 00:17:15.0442 8252 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 00:17:15.0465 8252 VaultSvc - ok 00:17:15.0479 8252 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 00:17:15.0488 8252 vdrvroot - ok 00:17:15.0547 8252 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe 00:17:15.0633 8252 vds - ok 00:17:15.0664 8252 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 00:17:15.0676 8252 vga - ok 00:17:15.0681 8252 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 00:17:15.0708 8252 VgaSave - ok 00:17:15.0726 8252 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 00:17:15.0738 8252 vhdmp - ok 00:17:15.0775 8252 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 00:17:15.0795 8252 viaide - ok 00:17:15.0804 8252 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 00:17:15.0813 8252 volmgr - ok 00:17:15.0868 8252 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 00:17:15.0911 8252 volmgrx - ok 00:17:15.0940 8252 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 00:17:15.0958 8252 volsnap - ok 00:17:16.0000 8252 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys 00:17:16.0028 8252 vsmraid - ok 00:17:16.0182 8252 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe 00:17:16.0285 8252 VSS - ok 00:17:16.0396 8252 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys 00:17:16.0444 8252 vwifibus - ok 00:17:16.0451 8252 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 00:17:16.0477 8252 vwififlt - ok 00:17:16.0547 8252 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll 00:17:16.0592 8252 W32Time - ok 00:17:16.0623 8252 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys 00:17:16.0652 8252 WacomPen - ok 00:17:16.0679 8252 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 00:17:16.0728 8252 WANARP - ok 00:17:16.0730 8252 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 00:17:16.0756 8252 Wanarpv6 - ok 00:17:16.0924 8252 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe 00:17:16.0973 8252 WatAdminSvc - ok 00:17:17.0128 8252 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe 00:17:17.0261 8252 wbengine - ok 00:17:17.0371 8252 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll 00:17:17.0425 8252 WbioSrvc - ok 00:17:17.0469 8252 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll 00:17:17.0531 8252 wcncsvc - ok 00:17:17.0538 8252 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll 00:17:17.0578 8252 WcsPlugInService - ok 00:17:17.0616 8252 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys 00:17:17.0627 8252 Wd - ok 00:17:17.0703 8252 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 00:17:17.0758 8252 Wdf01000 - ok 00:17:17.0774 8252 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 00:17:17.0879 8252 WdiServiceHost - ok 00:17:17.0884 8252 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 00:17:17.0907 8252 WdiSystemHost - ok 00:17:17.0949 8252 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll 00:17:17.0987 8252 WebClient - ok 00:17:18.0009 8252 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll 00:17:18.0043 8252 Wecsvc - ok 00:17:18.0065 8252 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll 00:17:18.0093 8252 wercplsupport - ok 00:17:18.0114 8252 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll 00:17:18.0157 8252 WerSvc - ok 00:17:18.0227 8252 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 00:17:18.0268 8252 WfpLwf - ok 00:17:18.0427 8252 WhsMcClient (12172b572ab4589d44d20052dae82ed7) C:\Program Files\Windows Server\Bin\WhsMcClient.exe 00:17:18.0473 8252 WhsMcClient - ok 00:17:18.0494 8252 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 00:17:18.0511 8252 WIMMount - ok 00:17:18.0561 8252 WinDefend - ok 00:17:18.0578 8252 WinHttpAutoProxySvc - ok 00:17:18.0666 8252 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll 00:17:18.0739 8252 Winmgmt - ok 00:17:18.0978 8252 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll 00:17:19.0099 8252 WinRM - ok 00:17:19.0293 8252 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll 00:17:19.0367 8252 Wlansvc - ok 00:17:19.0438 8252 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe 00:17:19.0488 8252 wlcrasvc - ok 00:17:19.0673 8252 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 00:17:19.0763 8252 wlidsvc - ok 00:17:19.0894 8252 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys 00:17:19.0927 8252 WmiAcpi - ok 00:17:19.0994 8252 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe 00:17:20.0050 8252 wmiApSrv - ok 00:17:20.0100 8252 WMPNetworkSvc - ok 00:17:20.0151 8252 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll 00:17:20.0189 8252 WPCSvc - ok 00:17:20.0216 8252 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll 00:17:20.0270 8252 WPDBusEnum - ok 00:17:20.0293 8252 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 00:17:20.0330 8252 ws2ifsl - ok 00:17:20.0472 8252 WSConnectorUpdate (aaa0f5cde4d5c357a65e14df793fda81) C:\Program Files\Windows Server\Bin\WSConnectorUpdate.exe 00:17:20.0511 8252 WSConnectorUpdate - ok 00:17:20.0535 8252 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll 00:17:20.0561 8252 wscsvc - ok 00:17:20.0563 8252 WSearch - ok 00:17:20.0592 8252 WSS_ComputerBackupProviderSvc (d319a833ec173ad83c67885b3ed6c71c) C:\Program Files\Windows Server\Bin\SharedServiceHost.exe 00:17:20.0603 8252 WSS_ComputerBackupProviderSvc - ok 00:17:20.0790 8252 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll 00:17:20.0903 8252 wuauserv - ok 00:17:21.0050 8252 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 00:17:21.0113 8252 WudfPf - ok 00:17:21.0156 8252 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 00:17:21.0209 8252 WUDFRd - ok 00:17:21.0251 8252 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll 00:17:21.0283 8252 wudfsvc - ok 00:17:21.0314 8252 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll 00:17:21.0353 8252 WwanSvc - ok 00:17:21.0383 8252 MBR (0x1B8) (539b66f28905acf132f9da29db8d6931) \Device\Harddisk0\DR0 00:17:21.0830 8252 \Device\Harddisk0\DR0 - ok 00:17:21.0837 8252 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1 00:17:23.0711 8252 \Device\Harddisk1\DR1 - ok 00:17:23.0716 8252 Boot (0x1200) (ea4db0ec0fe7059d147ab0e081e8e50e) \Device\Harddisk0\DR0\Partition0 00:17:23.0719 8252 \Device\Harddisk0\DR0\Partition0 - ok 00:17:23.0729 8252 Boot (0x1200) (be8921fff7868f83c44b268bb51c20c9) \Device\Harddisk0\DR0\Partition1 00:17:23.0732 8252 \Device\Harddisk0\DR0\Partition1 - ok 00:17:23.0738 8252 Boot (0x1200) (d8ba34611cb2343e480f2fbe657fa275) \Device\Harddisk1\DR1\Partition0 00:17:23.0742 8252 \Device\Harddisk1\DR1\Partition0 - ok 00:17:23.0743 8252 ============================================================ 00:17:23.0743 8252 Scan finished 00:17:23.0743 8252 ============================================================ 00:17:23.0756 7848 Detected object count: 1 00:17:23.0756 7848 Actual detected object count: 1 00:17:48.0277 7848 NetBalancer Windows Service ( UnsignedFile.Multi.Generic ) - skipped by user 00:17:48.0277 7848 NetBalancer Windows Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 00:18:01.0732 8936 Deinitialize success

Thank you! I'm pretty sure this took care of my annoying problem, I'm keeping an eye on my metered download and it has not been disappearing for the last 15 min. Report 1 (initial run): RogueKiller V7.5.4 [06/07/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User: jerry [Admin rights] Mode: Scan -- Date: 06/19/2012 18:23:32 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 2 ¤¤¤ [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD6400BPVT-22HXZT3 +++++ --- User --- [MBR] 3ff3acf13e75a738cf0dc981d405b8b0 [bSP] e982c5cf6bcf1b1732993fc3821432b1 : Standard MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 16384 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 33556480 | Size: 100 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 33761280 | Size: 593994 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1].txt >> RKreport[1].txt 2nd run for good measure: RogueKiller V7.5.4 [06/07/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User: jerry [Admin rights] Mode: Remove -- Date: 06/19/2012 18:24:38 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 2 ¤¤¤ [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD6400BPVT-22HXZT3 +++++ --- User --- [MBR] 3ff3acf13e75a738cf0dc981d405b8b0 [bSP] e982c5cf6bcf1b1732993fc3821432b1 : Standard MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 16384 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 33556480 | Size: 100 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 33761280 | Size: 593994 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[2].txt >> RKreport[1].txt ; RKreport[2].txt

Hi, I've been losing precious MBs of my metered download quota to the tune of 400+ MB a day. I've narrowed it down to a scvhost process that starts and stops but can't find the why. The computer is a quad core laptop runing windows 7 64bit home premium. Neither AVG nor Malwarebytes detects anything is wrong. Please help. DDS.TXT +++++++++++++++++++++++++++++++++++++++++++++ DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by jerry at 20:22:21 on 2012-06-16 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3948.1189 [GMT -4:00] . AV: AVG Internet Security 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Internet Security 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B} . ============== Running Processes =============== . C:\PROGRA~2\AVG\AVG2012\avgrsa.exe C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Program Files (x86)\USB Safely Remove\USBSRService.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Bluetooth Suite\adminservice.exe C:\Program Files (x86)\AVG\AVG2012\avgfws.exe C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\FarStone\RestoreIT 7\IBP\fsloader.exe C:\Program Files\FarStone\RestoreIT 7\IBP\VBPTask.exe C:\Program Files (x86)\Launch Manager\dsiwmis.exe C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe C:\Program Files (x86)\Launch Manager\LMutilps32.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Program Files (x86)\Acer\Registration\GREGsvc.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Server\Bin\SharedServiceHost.exe C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe C:\Program Files (x86)\AVG\AVG2012\avgemca.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe C:\Program Files\Acer\Acer Updater\UpdaterService.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Service.exe C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe C:\Program Files\NetLimiter 3\nlsvc.exe C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\System32\tcpsvcs.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe C:\Program Files\Windows Server\Bin\WhsMcClient.exe C:\Program Files\Windows Server\Bin\WSConnectorUpdate.exe C:\Program Files\Windows Server\Bin\LANConfigSvc.exe C:\Program Files\Windows Server\Bin\ProviderRegistryService.exe C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe C:\Program Files\Windows Server\Bin\SharedServiceHost.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\System32\igfxpers.exe C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe C:\Program Files\Elantech\ETDCtrl.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe C:\Program Files\Windows Server\Bin\Launchpad.exe C:\Program Files (x86)\DSUtilities\hnFAP-Alert\hnFAPAlert.exe C:\Windows\system32\igfxext.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE C:\Program Files\Windows Server\Bin\SharedServiceHost.exe C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe C:\Program Files\NetLimiter 3\NLClientApp.exe C:\Program Files (x86)\Firetrust\MailWasher\MailWasherPro.exe C:\Program Files\Windows Server\Bin\SharedServiceHost.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Elantech\ETDCtrlHelper.exe C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe C:\Program Files (x86)\Launch Manager\LManager.exe C:\Dolby PCEE4\pcee4.exe C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe C:\Program Files (x86)\AVG\AVG2012\avgtray.exe C:\Program Files (x86)\AVG Secure Search\vprot.exe C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe C:\Program Files (x86)\Launch Manager\LMworker.exe C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe C:\Program Files (x86)\Firetrust\MailWasher\MailWasherProApp.exe C:\Windows\system32\conhost.exe C:\Program Files\Windows Server\Bin\Microsoft.HomeServer.Archive.TransferService.exe C:\Windows\system32\svchost.exe -k HPService C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Program Files\EgisTec IPS\PMMUpdate.exe C:\Program Files\EgisTec IPS\EgisUpdate.exe C:\Program Files\NetBalancer\SeriousBit.NetBalancer.UI.exe C:\Users\jerry\Downloads\Programs\procexp.exe C:\Users\jerry\Downloads\Programs\procexp64.exe C:\Program Files (x86)\AVG\AVG PC Tuneup\boostspeed.exe C:\Users\jerry\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\jerry\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\jerry\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\jerry\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\jerry\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\jerry\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\jerry\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\jerry\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\vssvc.exe C:\Windows\System32\svchost.exe -k swprv \\.\globalroot\systemroot\Installer\{32be1b79-4a5c-39a4-4f00-70a2c67a80d1}\U C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://acer.msn.com uDefault_Page_URL = hxxp://acer.msn.com mDefault_Page_URL = hxxp://acer.msn.com mStart Page = hxxp://acer.msn.com mWinlogon: Userinit=userinit.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: CIESpeechBHO Class: {8d10f6c4-0e01-4bd4-8601-11ac1fdf8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll {e7df6bff-55a5-4eb7-a673-4ed3e9456d39} uRun: [hnFAPAlert] "C:\Program Files (x86)\DSUtilities\hnFAP-Alert\hnFAPAlert.exe" uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun uRun: [Google Update] "C:\Users\jerry\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" uRun: [Adobe Acrobat Synchronizer] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe" uRun: [NetLimiter] C:\Program Files\NetLimiter 3\NLClientApp.exe /tray uRun: [NetBalancer] C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Tray.exe mRun: [suiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" mRun: [backupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe mRun: [Dolby Advanced Audio v2] "C:\Dolby PCEE4\pcee4.exe" -autostart mRun: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" mRun: [<NO NAME>] mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [brMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN mRun: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray dRunOnce: [isMyWinLockerReboot] msiexec.exe /qn /x{voidguid} StartupFolder: C:\Users\jerry\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAILWA~2.LNK - C:\Program Files (x86)\Firetrust\MailWasher\MailWasherPro.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab TCP: DhcpNameServer = 66.82.4.8 66.82.4.12 TCP: Interfaces\{9C56C13D-F6C3-41B8-B2BF-37359E40AE20} : DhcpNameServer = 66.82.4.8 66.82.4.12 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO-X64: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll BHO-X64: IESpeakDoc - No File BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO-X64: SmartSelect - No File TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll mRun-x64: [suiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" mRun-x64: [backupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe mRun-x64: [Dolby Advanced Audio v2] "C:\Dolby PCEE4\pcee4.exe" -autostart mRun-x64: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" mRun-x64: [(Default)] mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" mRun-x64: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [brMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN mRun-x64: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\jerry\AppData\Roaming\Mozilla\Firefox\Profiles\h4tw4v0c.default\ FF - prefs.js: browser.search.selectedEngine - IMDB FF - prefs.js: browser.startup.homepage - 192.168.0.1/fap_meter/ FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B185205bb-0033-414b-88fb-50d6f4cec9d6%7D&mid=b512b7160e5847d19f136939b218ffc7-1c07acd960f6a939eff9c9e4bab6dabd435d842c&ds=AVG&v=10.2.0.3〈=en&pr=pr&d=2011-12-20%2020%3A39%3A29&sap=ku&q= FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\npsitesafety.dll FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Program Files (x86)\WMZHE\Pure Codec\Real Player\browser\plugins\nppl3260.dll FF - plugin: C:\Program Files (x86)\WMZHE\Pure Codec\Real Player\browser\plugins\nprpjplug.dll FF - plugin: C:\Users\jerry\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll . ============= SERVICES / DRIVERS =============== . R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?] R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?] R0 VVBackd5;VVBackd5;C:\Windows\system32\drivers\VVBackd5.sys --> C:\Windows\system32\drivers\VVBackd5.sys [?] R1 Avgfwfd;AVG network filter service;C:\Windows\system32\DRIVERS\avgfwd6a.sys --> C:\Windows\system32\DRIVERS\avgfwd6a.sys [?] R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?] R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?] R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?] R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\system32\DRIVERS\mwlPSDFilter.sys --> C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [?] R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\system32\DRIVERS\mwlPSDNServ.sys --> C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [?] R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys --> C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [?] R1 nltdi;nltdi;C:\Program Files\NetLimiter 3\nltdi.sys [2010-8-30 88200] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928] R2 arXfrSvc;Windows Server Media Center TV Archive Transfer Service;C:\Program Files\Windows Server\Bin\Microsoft.HomeServer.Archive.TransferService.exe [2011-3-2 79744] R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-8-2 103584] R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2012\avgfws.exe [2011-11-23 2391832] R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248] R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776] R2 DriveClone Network Client IBP;DriveClone Network Client IBP;C:\Program Files\FarStone\RestoreIT 7\IBP\FsLoader.exe [2012-6-13 126976] R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-8-26 353360] R2 ePowerSvc;ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2011-9-30 872552] R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2011-5-29 36456] R2 HCDisk;HCDisk;C:\Windows\system32\drivers\HCDisk.sys --> C:\Windows\system32\drivers\HCDisk.sys [?] R2 HealthAlertsSvc;Windows Server Health Service;C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [2011-3-2 30592] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-8-26 13336] R2 LANConfig;Windows Server LAN Configuration;C:\Program Files\Windows Server\Bin\LANConfigSvc.exe [2011-3-2 27520] R2 Live Updater Service;Live Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2011-8-26 244624] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-6-14 654408] R2 NetBalancer Windows Service;NetBalancer Windows Service;C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Service.exe [2012-6-16 10240] R2 NotificationsProviderSvc;Windows Server Notifications Provider Service;C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [2011-3-2 30592] R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2011-4-23 256832] R2 providers_system;Windows Server Download Service;C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [2011-3-2 30592] R2 ServiceProviderRegistry;Windows Server Service Provider Registry;C:\Program Files\Windows Server\Bin\ProviderRegistryService.exe [2012-1-12 40832] R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-8-26 2656280] R2 USBSafelyRemoveService;USB Safely Remove Assistant;C:\Program Files (x86)\USB Safely Remove\USBSRService.exe [2011-11-26 539032] R2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe [2012-6-11 935480] R2 WhsMcClient;Windows Server Media Center Client Service;C:\Program Files\Windows Server\Bin\WhsMcClient.exe [2011-3-2 111488] R2 WSConnectorUpdate;Windows Server Connector Update;C:\Program Files\Windows Server\Bin\WSConnectorUpdate.exe [2011-3-2 228736] R2 WSS_ComputerBackupProviderSvc;Windows Server Client Computer Backup Provider Service;C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [2011-3-2 30592] R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?] R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?] R3 BackupReader;BackupReader;C:\Windows\system32\DRIVERS\BackupReader.sys --> C:\Windows\system32\DRIVERS\BackupReader.sys [?] R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\system32\DRIVERS\btath_bus.sys --> C:\Windows\system32\DRIVERS\btath_bus.sys [?] R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?] R3 FARMNTIO;FARMNTIO;\??\c:\windows\system32\drivers\farmntio.sys --> c:\windows\system32\drivers\farmntio.sys [?] R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?] R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\drivers\HECIx64.sys --> C:\Windows\system32\drivers\HECIx64.sys [?] R3 Nbdrv;NetBalancer;C:\Windows\system32\DRIVERS\nbdrv.sys --> C:\Windows\system32\DRIVERS\nbdrv.sys [?] R3 NLNdisMP;NLNdisMP;C:\Windows\system32\DRIVERS\nlndis.sys --> C:\Windows\system32\DRIVERS\nlndis.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-29 136176] S2 initMonitor;Windows Server Initialization Service;C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [2011-3-2 30592] S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe --> c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [?] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-11 253088] S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\system32\DRIVERS\btath_flt.sys --> C:\Windows\system32\DRIVERS\btath_flt.sys [?] S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\system32\drivers\btath_a2dp.sys --> C:\Windows\system32\drivers\btath_a2dp.sys [?] S3 btath_avdt;Atheros Bluetooth AVDT Service;C:\Windows\system32\drivers\btath_avdt.sys --> C:\Windows\system32\drivers\btath_avdt.sys [?] S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\system32\DRIVERS\btath_hcrp.sys --> C:\Windows\system32\DRIVERS\btath_hcrp.sys [?] S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\system32\DRIVERS\btath_lwflt.sys --> C:\Windows\system32\DRIVERS\btath_lwflt.sys [?] S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\system32\DRIVERS\btath_rcp.sys --> C:\Windows\system32\DRIVERS\btath_rcp.sys [?] S3 BtFilter;BtFilter;C:\Windows\system32\DRIVERS\btfilter.sys --> C:\Windows\system32\DRIVERS\btfilter.sys [?] S3 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2011-6-21 173424] S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-29 136176] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880] S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-23 129976] S3 NLNdisPT;NetLimiter Ndis Protocol Service;C:\Windows\system32\DRIVERS\nlndis.sys --> C:\Windows\system32\DRIVERS\nlndis.sys [?] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?] S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?] S4 SqmProviderSvc;Windows Server SQM Service;C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [2011-3-2 30592] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2012-06-16 23:33:20 -------- d-----w- C:\Users\jerry\AppData\Roaming\AVG 2012-06-16 22:09:41 -------- d-----w- C:\ProgramData\SeriousBit 2012-06-16 21:57:10 41256 ----a-w- C:\Windows\System32\drivers\nbdrv.sys 2012-06-16 21:57:09 -------- d-----w- C:\Program Files\NetBalancer 2012-06-15 11:25:23 -------- d-----w- C:\SRN Micro 2012-06-14 21:15:13 -------- d-----w- C:\ProgramData\SecTaskMan 2012-06-14 21:15:06 -------- d-----w- C:\Program Files (x86)\Security Task Manager 2012-06-14 12:13:31 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys 2012-06-14 12:09:38 -------- d-----w- C:\Users\jerry\AppData\Local\Adobe 2012-06-14 12:07:41 -------- d-----w- C:\Users\jerry\AppData\Local\Acer 2012-06-14 08:52:20 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll 2012-06-14 08:52:20 366592 ----a-w- C:\Windows\System32\qdvd.dll 2012-06-13 23:37:47 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2012-06-13 23:37:47 1462272 ----a-w- C:\Windows\System32\crypt32.dll 2012-06-13 23:37:47 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2012-06-13 23:37:47 140288 ----a-w- C:\Windows\System32\cryptnet.dll 2012-06-13 23:37:47 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll 2012-06-13 23:37:47 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll 2012-06-13 23:33:43 -------- d-----w- C:\Users\jerry\AppData\Roaming\Malwarebytes 2012-06-13 23:33:37 -------- d-----w- C:\ProgramData\Malwarebytes 2012-06-13 23:33:34 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-06-13 23:33:34 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-06-13 23:19:52 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe 2012-06-13 23:19:52 77312 ----a-w- C:\Windows\System32\rdpwsx.dll 2012-06-13 23:19:52 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll 2012-06-13 23:19:40 209920 ----a-w- C:\Windows\System32\profsvc.dll 2012-06-13 23:19:37 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-06-13 23:19:36 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-06-13 23:19:36 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-06-13 23:19:31 3146752 ----a-w- C:\Windows\System32\win32k.sys 2012-06-13 23:19:29 3216384 ----a-w- C:\Windows\System32\msi.dll 2012-06-13 23:19:29 2342400 ----a-w- C:\Windows\SysWow64\msi.dll 2012-06-13 23:19:29 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2012-06-13 23:04:14 -------- d-----w- C:\Program Files (x86)\WinPcap 2012-06-13 23:02:47 -------- d-----w- C:\Program Files (x86)\Nsasoft 2012-06-13 22:54:22 -------- d-----w- C:\Users\jerry\AppData\Local\Locktime 2012-06-13 22:50:37 -------- d-----w- C:\ProgramData\Locktime 2012-06-13 22:50:37 -------- d-----w- C:\Program Files\NetLimiter 3 2012-06-13 22:28:48 66136 ------w- C:\Windows\System32\drivers\HCDisk.sys 2012-06-13 22:28:48 162392 ----a-w- C:\Windows\System32\drivers\VvBackd5.sys 2012-06-13 22:28:12 -------- d-----w- C:\Program Files\FarStone 2012-06-12 01:40:06 -------- d-----w- C:\Users\jerry\AppData\Local\AVG Secure Search 2012-06-12 01:31:36 4096 --sh--r- C:\RESCUMBR.BIN 2012-06-12 00:57:55 24664 ------w- C:\Windows\System32\drivers\FarMntIo.sys 2012-06-12 00:57:43 -------- d-----w- C:\ProgramData\Farstone 2012-06-12 00:45:02 -------- d-sh--w- C:\Windows\System32\%APPDATA% 2012-05-28 19:29:04 -------- d-----w- C:\Program Files (x86)\PC Drivers HeadQuarters 2012-05-28 00:57:58 -------- d-----w- C:\Program Files (x86)\JTWAIN 2012-05-28 00:09:48 -------- d-----w- C:\Windows\Documalis Free Scanner 1.0 2012-05-27 23:04:24 919616 ----a-w- C:\Windows\SysWow64\gdocrplug.tesseract.dll 2012-05-27 23:04:24 132672 ----a-w- C:\Windows\SysWow64\gdbarcode.1dreader.dll 2012-05-27 23:04:24 117312 ----a-w- C:\Windows\SysWow64\gdbarcode.dmreader.dll 2012-05-27 23:04:23 8112704 ----a-w- C:\Windows\SysWow64\gdpdfplug.dll 2012-05-27 23:04:23 2834496 ----a-w- C:\Windows\SysWow64\gdimgplug.dll 2012-05-27 23:04:23 152848 ----a-w- C:\Windows\SysWow64\comdlg32.ocx 2012-05-27 23:04:23 144960 ----a-w- C:\Windows\SysWow64\gdtwain.dll 2012-05-27 23:04:23 1123392 ----a-w- C:\Windows\SysWow64\gdtwain2s.ocx 2012-05-27 23:04:23 1123392 ----a-w- C:\Windows\SysWow64\gdtwain2.ocx 2012-05-27 23:04:23 -------- d-----w- C:\Program Files (x86)\GdTwain ActiveX 2012-05-27 22:12:08 -------- d-----w- C:\Program Files (x86)\Scanner ActiveX Control 2012-05-27 21:53:45 -------- d-----w- C:\Program Files (x86)\EZTwain 2012-05-27 20:03:58 -------- d-----w- C:\Users\jerry\AppData\Local\ElevatedDiagnostics 2012-05-27 19:20:25 -------- d-----w- C:\Users\jerry\AppData\Local\HP 2012-05-27 19:09:59 224768 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpzpp64w.dll 2012-05-27 18:51:31 -------- d-----w- C:\Program Files (x86)\Common Files\HP 2012-05-27 18:51:30 -------- d-----w- C:\Program Files (x86)\Common Files\Hewlett-Packard 2012-05-27 18:50:59 671816 ----a-w- C:\Windows\SysWow64\hpcdmc32.dll 2012-05-27 18:50:59 233472 ----a-w- C:\Windows\SysWow64\hpzc364w.dll 2012-05-27 18:50:59 131072 ----a-w- C:\Windows\System32\hpz3l64w.dll 2012-05-27 18:50:50 -------- d-----w- C:\Program Files (x86)\HP 2012-05-27 18:49:48 944128 ----a-w- C:\Windows\System32\hpwwiax3.dll 2012-05-27 18:49:48 359256 ----a-w- C:\Windows\System32\hpzids40.dll 2012-05-27 18:49:48 1420288 ----a-w- C:\Windows\System32\hpwtiop3.dll 2012-05-27 18:49:47 540672 ----a-w- C:\Windows\System32\hppldcoi.dll 2012-05-27 18:49:47 488960 ----a-w- C:\Windows\System32\hpovst11.dll 2012-05-27 18:45:32 -------- d-----r- C:\Users\jerry\AppData\Roaming\Brother 2012-05-27 18:38:19 -------- d-----w- C:\Windows\System32\user 2012-05-24 00:48:09 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service 2012-05-24 00:48:07 157352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe 2012-05-24 00:48:07 129976 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe . ==================== Find3M ==================== . 2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll 2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-04-20 23:47:59 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-04-20 23:47:59 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys . ============= FINISH: 20:22:40.57 =============== ATTACH.TXT +++++++++++++++++++++++++++++++++++++++++++++ DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 11/26/2011 10:44:54 AM System Uptime: 6/16/2012 6:08:27 PM (2 hours ago) . Motherboard: Acer | | JE70_HR Processor: Intel® Core i5-2430M CPU @ 2.40GHz | CPU1 | 2401/1333mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 580 GiB total, 184.78 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318} Description: Officejet J6400 series Device ID: ROOT\MULTIFUNCTION\0000 Manufacturer: HP Name: Officejet J6400 series PNP Device ID: ROOT\MULTIFUNCTION\0000 Service: . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . . 6400_Help Acer Backup Manager Acer Crystal Eye Webcam Acer ePower Management Acer eRecovery Management Acer Registration Acer ScreenSaver Acer Updater Adobe Acrobat X Pro - English, Russian Adobe AIR Adobe Flash Player 10 ActiveX Adobe Reader X (10.1.3) MUI Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver AUPEO! AVG PC Tuneup Backup Manager V3 Belarc Advisor 8.2 bpd_scan BPDSoftware BPDSoftware_Ini Brother MFL-Pro Suite MFC-9440CN clear.fi clear.fi Client D3DX10 DBPix 2.0 Control 2.0.3 Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition DeLorme Phone Data 2012 DeLorme Street Atlas USA 2012 Plus Dolby Advanced Audio v2 Ezy Access Ribbon Builder v1.0 BETA Galerie de photos Windows Live Google Chrome Google Earth Google Update Helper hnFAP-Alert Identity Card Intel® Control Center Intel® Management Engine Components Intel® Processor Graphics Intel® Rapid Storage Technology iSEEK AnswerWorks English Runtime J6400_Basic Java Auto Updater Java 6 Update 31 Junk Mail filter update Launch Manager MailWasherPro Malwarebytes Anti-Malware version 1.61.0.1400 Mesh Runtime Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Groove MUI (English) 2010 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Word MUI (English) 2010 Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Mozilla Firefox 12.0 (x86 en-US) Mozilla Maintenance Service MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MyWinLocker 4 MyWinLocker Suite NBMonitor Network Bandwidth Monitor 1.2.2 NOOK for PC NTI Media Maker 9 Pure Codec Quicken 2012 Radmin Viewer 3.4 Realtek High Definition Audio Driver Realtek USB 2.0 Card Reader RestoreIT 7 Scan Security Task Manager 1.8d Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Extended (KB2416472) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition Security Update for Microsoft SharePoint Workspace 2010 (KB2566445) Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition Shredder Skype™ 5.3 Solo Antivirus 11.0 SolSuite 2011 v11.6 Times Reader Toolbox Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553092) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition USB Safely Remove 4.5 Visual Studio 2008 x64 Redistributables VuePrint WebReg Welcome Center Windows Live Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Mail Windows Live Mesh Windows Live Messenger Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Your Uninstaller! 2010 . ==== Event Viewer Messages From Past Week ======== . 6/9/2012 12:49:48 PM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.0.15. The computer with the IP address 192.168.0.4 did not allow the name to be claimed by this computer. 6/16/2012 6:12:28 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891 6/16/2012 6:12:28 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891 6/16/2012 6:09:34 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed. 6/16/2012 6:09:24 PM, Error: Service Control Manager [7000] - The McAfee SiteAdvisor Service service failed to start due to the following error: The system cannot find the file specified. 6/16/2012 6:09:14 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed. 6/16/2012 6:09:08 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service. 6/14/2012 8:22:14 AM, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly. 6/14/2012 7:43:45 PM, Error: Service Control Manager [7000] - The WinPcap Packet Driver (NPF) service failed to start due to the following error: The system cannot find the file specified. 6/14/2012 3:35:13 AM, Error: Service Control Manager [7001] - The Windows Server Media Center TV Archive Transfer Service service depends on the Windows Media Center Receiver Service service which failed to start because of the following error: After starting, the service hung in a start-pending state. 6/13/2012 7:27:34 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1. 6/13/2012 6:55:22 PM, Error: Service Control Manager [7000] - The Windows Server Initialization Service service failed to start due to the following error: The executable program that this service is configured to run in does not implement the service. 6/13/2012 6:54:23 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect. 6/13/2012 6:54:23 PM, Error: Service Control Manager [7000] - The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 6/13/2012 6:38:09 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit. 6/13/2012 6:28:48 PM, Error: Service Control Manager [7030] - The DriveClone Network Client IBP service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 6/13/2012 6:23:14 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Server Initialization Service service to connect. 6/13/2012 6:23:14 PM, Error: Service Control Manager [7000] - The Windows Server Initialization Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 6/13/2012 5:49:24 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x0000000000000003, 0xfffffa8008076350, 0xfffffa8008076630, 0xfffff80003195510). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 061312-47159-01. . ==== End Of File ===========================

Scan Log Version of virus signature database: 5190 (20100611) Date: 6/11/2010 Time: 2:21:53 PM Scanned disks, folders and files: Operating memory;C:\Boot sector;C:\;D:\Boot sector;D:\;E:\Boot sector;E:\;F:\Boot sector;F:\;G:\Boot sector;G:\;H:\Boot sector;H:\;J:\Boot sector;J:\;K:\Boot sector;K:\;L:\Boot sector;L:\;M:\Boot sector;M:\ Number of scanned objects: 309316 Number of threats found: 0 Time of completion: 3:39:51 PM Total scanning time: 4678 sec (01:17:58) I think we're good. Thanks again!

Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4185 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 6/10/2010 6:42:19 PM mbam-log-2010-06-10 (18-42-19).txt Scan type: Full scan (C:\|F:\|G:\|H:\|) Objects scanned: 466222 Time elapsed: 1 hour(s), 54 minute(s), 27 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

Thank you so much. I really appreciate your help and patients. ESET and MBAM warnings are both gone.

It's looking good now! No pop ups and I can access windows updates (although I did not install any yet). This computer is a dual boot with windows 7 32bit and 64bit. I have not booted into the 64bit since before all this started. If it turns out it is also infected, can i just do the TDSSKiller on that installation as well? Can I do it as a check to make sure?

15:23:43:773 5672 TDSS rootkit removing tool 2.3.2.0 May 31 2010 10:39:48 15:23:43:773 5672 ================================================================================ 15:23:43:773 5672 SystemInfo: 15:23:43:773 5672 OS Version: 6.1.7600 ServicePack: 0.0 15:23:43:773 5672 Product type: Workstation 15:23:43:773 5672 ComputerName: DAVE-PC 15:23:43:776 5672 UserName: Dave 15:23:43:776 5672 Windows directory: C:\Windows 15:23:43:776 5672 Processor architecture: Intel x86 15:23:43:776 5672 Number of processors: 4 15:23:43:776 5672 Page size: 0x1000 15:23:43:781 5672 Boot type: Normal boot 15:23:43:781 5672 ================================================================================ 15:23:44:159 5672 Initialize success 15:23:44:159 5672 15:23:44:160 5672 Scanning Services ... 15:23:44:923 5672 Raw services enum returned 457 services 15:23:44:929 5672 15:23:44:930 5672 Scanning Drivers ... 15:23:46:369 5672 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys 15:23:46:676 5672 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys 15:23:46:979 5672 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys 15:23:47:320 5672 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys 15:23:47:476 5672 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys 15:23:47:532 5672 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys 15:23:47:551 5672 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys 15:23:47:573 5672 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys 15:23:47:587 5672 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys 15:23:47:599 5672 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys 15:23:47:616 5672 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys 15:23:47:626 5672 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys 15:23:47:634 5672 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys 15:23:47:655 5672 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys 15:23:47:664 5672 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys 15:23:47:674 5672 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys 15:23:47:683 5672 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys 15:23:47:699 5672 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys 15:23:47:727 5672 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys 15:23:47:762 5672 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys 15:23:47:802 5672 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys 15:23:47:824 5672 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys 15:23:47:907 5672 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys 15:23:47:954 5672 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys 15:23:47:972 5672 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys 15:23:48:014 5672 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys 15:23:48:026 5672 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys 15:23:48:051 5672 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys 15:23:48:076 5672 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys 15:23:48:104 5672 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys 15:23:48:131 5672 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys 15:23:48:175 5672 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys 15:23:48:194 5672 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys 15:23:48:224 5672 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys 15:23:48:300 5672 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys 15:23:48:323 5672 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys 15:23:48:345 5672 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys 15:23:48:385 5672 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys 15:23:48:410 5672 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys 15:23:48:448 5672 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys 15:23:48:481 5672 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys 15:23:48:588 5672 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys 15:23:48:665 5672 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys 15:23:48:685 5672 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys 15:23:48:699 5672 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys 15:23:48:723 5672 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys 15:23:48:751 5672 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys 15:23:48:767 5672 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys 15:23:48:805 5672 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys 15:23:48:846 5672 dsnpfd (8c264a7f2bc8b20941f01e06969c6e90) C:\Windows\system32\DRIVERS\dsnpfd.sys 15:23:48:857 5672 dsnpfdMP (8c264a7f2bc8b20941f01e06969c6e90) C:\Windows\system32\DRIVERS\dsnpfd.sys 15:23:48:918 5672 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys 15:23:48:944 5672 E1G60 (22ef8965101685add128f03a2b03ce16) C:\Windows\system32\DRIVERS\E1G60I32.sys 15:23:48:991 5672 eamon (30372bcc67d63bee538cdfeca755d81c) C:\Windows\system32\DRIVERS\eamon.sys 15:23:49:082 5672 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys 15:23:49:155 5672 ehdrv (6504d6afb75fef830dd99e8c4235d54d) C:\Windows\system32\DRIVERS\ehdrv.sys 15:23:49:179 5672 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys 15:23:49:205 5672 epfw (86895d4413316becc2d7944d2749586c) C:\Windows\system32\DRIVERS\epfw.sys 15:23:49:225 5672 Epfwndis (3b47010b2425b69826004767e59045ba) C:\Windows\system32\DRIVERS\Epfwndis.sys 15:23:49:242 5672 epfwwfp (396ce762d1650387a2fe184e245fbba1) C:\Windows\system32\DRIVERS\epfwwfp.sys 15:23:49:264 5672 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys 15:23:49:287 5672 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys 15:23:49:321 5672 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys 15:23:49:336 5672 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys 15:23:49:372 5672 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys 15:23:49:386 5672 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys 15:23:49:407 5672 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys 15:23:49:424 5672 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys 15:23:49:454 5672 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys 15:23:49:472 5672 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys 15:23:49:517 5672 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys 15:23:49:546 5672 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys 15:23:49:586 5672 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys 15:23:49:619 5672 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys 15:23:49:636 5672 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys 15:23:49:661 5672 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys 15:23:49:684 5672 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys 15:23:49:716 5672 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys 15:23:49:738 5672 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys 15:23:49:764 5672 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys 15:23:49:805 5672 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys 15:23:49:847 5672 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys 15:23:49:869 5672 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys 15:23:49:887 5672 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys 15:23:49:930 5672 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys 15:23:49:951 5672 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys 15:23:49:962 5672 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys 15:23:49:995 5672 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys 15:23:50:036 5672 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys 15:23:50:051 5672 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys 15:23:50:093 5672 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys 15:23:50:108 5672 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys 15:23:50:123 5672 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys 15:23:50:149 5672 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys 15:23:50:191 5672 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys 15:23:50:246 5672 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:\Windows\system32\drivers\klmd.sys 15:23:50:292 5672 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys 15:23:50:340 5672 KSecPkg (debdc8c8c7abaa72fe5a7352c5246994) C:\Windows\system32\Drivers\ksecpkg.sys 15:23:50:342 5672 Suspicious file (Forged): C:\Windows\system32\Drivers\ksecpkg.sys. Real md5: debdc8c8c7abaa72fe5a7352c5246994, Fake md5: 365c6154bbbc5377173f1ca7bfb6cc59 15:23:50:343 5672 File "C:\Windows\system32\Drivers\ksecpkg.sys" infected by TDSS rootkit ... 15:23:50:454 5672 Backup copy found, using it.. 15:23:50:491 5672 will be cured on next reboot 15:23:50:511 5672 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys 15:23:50:531 5672 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys 15:23:50:574 5672 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys 15:23:50:615 5672 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys 15:23:50:658 5672 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys 15:23:50:680 5672 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys 15:23:50:723 5672 LVPr2Mon (1a7db7a00a4b0d8da24cd691a4547291) C:\Windows\system32\DRIVERS\LVPr2Mon.sys 15:23:50:749 5672 LVRS (37072ec9299e825f4335cc554b6fac6a) C:\Windows\system32\DRIVERS\lvrs.sys 15:23:50:928 5672 LVUVC (a240e42a7402e927a71b6e8aa4629b13) C:\Windows\system32\DRIVERS\lvuvc.sys 15:23:51:069 5672 MBAMProtector (67b48a903430c6d4fb58cbaca1866601) C:\Windows\system32\drivers\mbam.sys 15:23:51:098 5672 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys 15:23:51:134 5672 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys 15:23:51:178 5672 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys 15:23:51:234 5672 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys 15:23:51:254 5672 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys 15:23:51:278 5672 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys 15:23:51:303 5672 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys 15:23:51:320 5672 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys 15:23:51:345 5672 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys 15:23:51:379 5672 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys 15:23:51:413 5672 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys 15:23:51:429 5672 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys 15:23:51:455 5672 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys 15:23:51:477 5672 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys 15:23:51:492 5672 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys 15:23:51:511 5672 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys 15:23:51:564 5672 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys 15:23:51:585 5672 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys 15:23:51:614 5672 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys 15:23:51:628 5672 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys 15:23:51:636 5672 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys 15:23:51:653 5672 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys 15:23:51:667 5672 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys 15:23:51:690 5672 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys 15:23:51:720 5672 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys 15:23:51:745 5672 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys 15:23:51:789 5672 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys 15:23:51:818 5672 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys 15:23:51:845 5672 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys 15:23:51:868 5672 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys 15:23:51:895 5672 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys 15:23:51:904 5672 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys 15:23:51:932 5672 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys 15:23:51:958 5672 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys 15:23:51:974 5672 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys 15:23:52:009 5672 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys 15:23:52:052 5672 NMgamingmsFltr (dd0216110ae219f333d0f99079a4be42) C:\Windows\system32\drivers\NMgamingms.sys 15:23:52:071 5672 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys 15:23:52:096 5672 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys 15:23:52:146 5672 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys 15:23:52:187 5672 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys 15:23:52:454 5672 nvlddmkm (c8cb6135884cbc2a10225c4c3cef0f95) C:\Windows\system32\DRIVERS\nvlddmkm.sys 15:23:52:586 5672 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys 15:23:52:606 5672 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys 15:23:52:629 5672 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys 15:23:52:694 5672 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys 15:23:52:732 5672 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys 15:23:52:753 5672 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys 15:23:52:776 5672 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys 15:23:52:797 5672 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys 15:23:52:813 5672 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys 15:23:52:841 5672 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys 15:23:52:887 5672 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys 15:23:52:903 5672 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys 15:23:52:941 5672 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys 15:23:52:972 5672 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys 15:23:53:003 5672 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys 15:23:53:023 5672 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys 15:23:53:065 5672 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys 15:23:53:096 5672 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys 15:23:53:125 5672 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys 15:23:53:163 5672 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys 15:23:53:193 5672 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys 15:23:53:218 5672 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys 15:23:53:235 5672 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys 15:23:53:260 5672 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys 15:23:53:270 5672 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys 15:23:53:295 5672 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys 15:23:53:312 5672 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys 15:23:53:321 5672 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys 15:23:53:356 5672 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys 15:23:53:381 5672 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys 15:23:53:395 5672 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys 15:23:53:414 5672 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys 15:23:53:453 5672 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys 15:23:53:551 5672 RTL8167 (3983cea05bb855351d75f5482b6c42ce) C:\Windows\system32\DRIVERS\Rt86win7.sys 15:23:53:590 5672 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys 15:23:53:641 5672 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys 15:23:53:700 5672 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys 15:23:53:748 5672 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 15:23:53:790 5672 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys 15:23:53:846 5672 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys 15:23:53:904 5672 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys 15:23:53:957 5672 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys 15:23:53:967 5672 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys 15:23:54:015 5672 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys 15:23:54:080 5672 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys 15:23:54:115 5672 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys 15:23:54:146 5672 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys 15:23:54:165 5672 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys 15:23:54:204 5672 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys 15:23:54:229 5672 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys 15:23:54:290 5672 srv (50a83ca406c808bd35ac9141a0c7618f) C:\Windows\system32\DRIVERS\srv.sys 15:23:54:328 5672 srv2 (dce7e10feaabd4cae95948b3de5340bb) C:\Windows\system32\DRIVERS\srv2.sys 15:23:54:345 5672 srvnet (bd1433a32792fd0dc450479094fc435a) C:\Windows\system32\DRIVERS\srvnet.sys 15:23:54:365 5672 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys 15:23:54:378 5672 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys 15:23:54:394 5672 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys 15:23:54:421 5672 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys 15:23:54:457 5672 Tcpip (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\drivers\tcpip.sys 15:23:54:489 5672 TCPIP6 (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\DRIVERS\tcpip.sys 15:23:54:521 5672 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys 15:23:54:550 5672 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys 15:23:54:574 5672 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys 15:23:54:595 5672 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys 15:23:54:611 5672 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys 15:23:54:634 5672 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys 15:23:54:654 5672 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys 15:23:54:682 5672 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys 15:23:54:727 5672 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys 15:23:54:760 5672 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys 15:23:54:783 5672 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys 15:23:54:820 5672 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys 15:23:54:876 5672 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys 15:23:54:898 5672 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys 15:23:54:921 5672 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys 15:23:54:943 5672 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys 15:23:54:971 5672 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys 15:23:54:999 5672 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys 15:23:55:032 5672 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys 15:23:55:072 5672 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS 15:23:55:127 5672 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys 15:23:55:159 5672 usbvideo (f642a7e4bf78cfa359cca0a3557c28d7) C:\Windows\system32\Drivers\usbvideo.sys 15:23:55:230 5672 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys 15:23:55:279 5672 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys 15:23:55:309 5672 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys 15:23:55:330 5672 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys 15:23:55:357 5672 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys 15:23:55:408 5672 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys 15:23:55:429 5672 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys 15:23:55:443 5672 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys 15:23:55:477 5672 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys 15:23:55:516 5672 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys 15:23:55:541 5672 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys 15:23:55:576 5672 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys 15:23:55:610 5672 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys 15:23:55:629 5672 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys 15:23:55:657 5672 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys 15:23:55:689 5672 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys 15:23:55:696 5672 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys 15:23:55:754 5672 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys 15:23:55:817 5672 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys 15:23:55:902 5672 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys 15:23:55:921 5672 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys 15:23:55:968 5672 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys 15:23:55:985 5672 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys 15:23:56:023 5672 WSDPrintDevice (553f6ccd7c58eb98d4a8fbdaf283d7a9) C:\Windows\system32\DRIVERS\WSDPrint.sys 15:23:56:048 5672 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys 15:23:56:073 5672 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys 15:23:56:079 5672 Reboot required for cure complete.. 15:23:56:471 5672 Cure on reboot scheduled successfully 15:23:56:471 5672 15:23:56:472 5672 Completed 15:23:56:473 5672 15:23:56:473 5672 Results: 15:23:56:474 5672 Registry objects infected / cured / cured on reboot: 0 / 0 / 0 15:23:56:475 5672 File objects infected / cured / cured on reboot: 1 / 0 / 1 15:23:56:476 5672 15:23:56:481 5672 KLMD(ARK) unloaded successfully

DDS_Attach.zip

During this run beginning just after stage 3 completed an error window continued to pop up "Find String (QREP) Utility has stopped working". Each time it did I clicked "Close the program". I lost count but this must have happened at least 20 times. It did not happen at every stage. Some stages had more than others and some had no error. This did not happen after the reboot. Both Malwarebytes and Eset continue to catch attempts to connect to malicious sites. Here is the ComboFix log file: ComboFix 10-06-09.04 - Dave 06/10/2010 11:12:16.3.4 - x86 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3325.1946 [GMT -4:00] Running from: c:\users\Dave\Desktop\Combo---Fix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . Infected copy of c:\windows\system32\wuauclt.exe was found and disinfected Restored copy from - c:\windows\ERDNT\cache\wuauclt.exe Infected copy of c:\windows\system32\ctfmon.exe was found and disinfected Restored copy from - c:\windows\ERDNT\cache\ctfmon.exe . ((((((((((((((((((((((((( Files Created from 2010-05-10 to 2010-06-10 ))))))))))))))))))))))))))))))) . 2010-06-10 15:24 . 2010-06-10 15:24 -------- d-----w- c:\users\Public\AppData\Local\temp 2010-06-10 15:24 . 2010-06-10 15:24 -------- d-----w- c:\users\Default\AppData\Local\temp 2010-06-10 15:07 . 2010-06-10 15:08 -------- d-----w- C:\32788R22FWJFW 2010-06-10 09:26 . 2010-05-25 18:31 2480736 -c----w- c:\programdata\Microsoft\Windows\WER\ReportQueue\Critical_Windows Defender_bf198b4d16606a9398f328e8c57f8381c5e49721_cab_148db270\everest.exe 2010-06-09 22:38 . 2010-06-09 22:38 -------- d-----w- C:\QUARANTINE 2010-06-09 22:15 . 2010-06-09 22:15 -------- d-----w- c:\program files\Common Files\Cisco Systems 2010-06-09 21:49 . 2010-06-10 05:52 -------- d-----w- c:\programdata\McAfee 2010-06-09 21:48 . 2010-06-09 21:49 -------- d-----w- c:\program files\McAfee 2010-06-09 19:17 . 2010-06-09 19:17 -------- d-----w- c:\program files\Common Files\Java 2010-06-09 19:16 . 2010-06-09 19:16 -------- d-----w- c:\program files\Java 2010-06-09 19:13 . 2010-06-09 19:13 -------- d-----w- c:\program files\Common Files\Adobe 2010-06-09 15:17 . 2010-06-10 15:26 -------- d-----w- c:\users\Dave\AppData\Local\temp 2010-06-09 13:10 . 2010-06-09 13:10 -------- d-----w- c:\program files\FLV Player 2010-06-09 11:53 . 2010-06-09 11:53 -------- d-----w- c:\users\Dave\AppData\Roaming\Nero 2010-06-09 11:49 . 2010-06-09 11:49 -------- d-----w- c:\users\Dave\AppData\Local\Ahead 2010-06-09 11:49 . 2010-06-09 11:49 -------- d-----w- c:\program files\NeroInstall.bak 2010-06-09 11:46 . 2010-06-09 11:47 -------- d-----w- c:\program files\Common Files\Nero 2010-06-09 11:46 . 2010-06-09 11:46 -------- d-----w- c:\programdata\Nero 2010-06-09 11:46 . 2010-06-09 11:46 -------- d-----w- c:\program files\Nero 2010-06-08 03:50 . 2010-06-08 03:50 -------- d-----w- c:\programdata\LightScribe 2010-06-08 03:39 . 2010-06-08 03:41 -------- d-----w- C:\Combo-Fix 2010-06-08 02:51 . 2010-06-08 02:51 -------- d-----w- c:\users\Dave\AppData\Local\Diagnostics 2010-06-07 13:10 . 2010-06-07 13:10 -------- d-----w- c:\users\Dave\AppData\Roaming\Malwarebytes 2010-06-07 13:09 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-06-07 13:09 . 2010-06-07 13:09 -------- d-----w- c:\programdata\Malwarebytes 2010-06-07 13:09 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-06-07 13:09 . 2010-06-07 13:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-06-06 19:20 . 2010-06-06 19:20 -------- d-----w- c:\users\Dave\AppData\Local\Apple Computer 2010-06-06 19:17 . 2010-06-06 19:17 -------- d-----w- c:\users\Dave\AppData\Local\ESET 2010-06-06 19:15 . 2010-06-06 19:20 -------- d-----w- c:\programdata\Apple Computer 2010-06-06 19:15 . 2010-06-06 19:16 -------- d-----w- c:\program files\QuickTime 2010-06-06 19:15 . 2010-06-06 19:15 -------- d-----w- c:\users\Dave\AppData\Local\Apple 2010-06-06 19:15 . 2010-06-06 19:15 -------- d-----w- c:\program files\Apple Software Update 2010-06-06 19:15 . 2010-06-06 19:15 -------- d-----w- c:\programdata\Apple 2010-06-05 07:21 . 2010-02-09 19:37 65602 ----a-w- c:\windows\system32\cook3260.dll 2010-06-05 07:21 . 2010-02-09 19:37 626688 ----a-w- c:\windows\system32\vp7vfw.dll 2010-06-05 07:21 . 2010-02-09 19:37 217127 ----a-w- c:\windows\system32\drv43260.dll 2010-06-05 07:21 . 2010-02-09 19:37 208935 ----a-w- c:\windows\system32\drv33260.dll 2010-06-05 07:21 . 2010-02-09 19:37 176165 ----a-w- c:\windows\system32\drv23260.dll 2010-06-05 07:21 . 2010-02-09 19:37 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll 2010-06-05 07:21 . 2010-02-09 19:37 102439 ----a-w- c:\windows\system32\sipr3260.dll 2010-06-05 07:21 . 2010-06-05 07:21 -------- d-----w- c:\program files\VSO 2010-06-05 07:15 . 2010-06-05 07:18 -------- d-----w- c:\program files\My Video Converter 2010-06-04 06:48 . 2010-06-04 06:58 -------- d-----w- c:\programdata\WebcamMax 2010-06-04 06:48 . 2010-06-04 06:48 -------- d-----w- c:\users\Dave\AppData\Roaming\WebcamMax 2010-06-04 06:46 . 2010-06-04 06:46 -------- d-----w- c:\program files\WebcamMax 2010-06-03 12:17 . 2010-06-10 06:28 -------- d-----w- c:\users\Dave\AppData\Roaming\DisplayFusion 2010-06-03 12:00 . 2010-06-03 12:01 -------- d-----w- c:\users\Dave\AppData\Roaming\Binary Fortress Software 2010-06-03 11:56 . 2010-06-03 12:01 -------- d-----w- c:\program files\DisplayFusion 2010-06-02 00:06 . 2010-06-02 00:29 -------- d-----w- c:\users\Dave\.jbidwatcher 2010-06-01 22:21 . 2010-06-09 19:16 411368 ----a-w- c:\windows\system32\deployJava1.dll 2010-06-01 07:20 . 2010-06-01 07:20 -------- d-----w- c:\users\Dave\AppData\Local\Sony 2010-05-31 23:22 . 2010-05-31 23:22 -------- d-----w- c:\users\Dave\.javaws 2010-05-31 23:21 . 2010-05-31 23:21 -------- d-----w- c:\users\Dave\AppData\Local\Programs 2010-05-31 23:09 . 2010-05-31 23:09 -------- d-----w- c:\programdata\PlotSoft 2010-05-31 23:09 . 2010-05-31 23:09 -------- d-----w- c:\program files\PlotSoft 2010-05-31 22:50 . 2010-05-31 22:50 -------- d-----w- c:\program files\Acro Software 2010-05-28 19:13 . 2010-05-28 19:16 -------- d-----w- C:\New folder 2010-05-28 18:05 . 2010-05-28 18:05 -------- d-----w- c:\users\Dave\AppData\Local\NeoSmart_Technologies 2010-05-28 15:51 . 2010-05-28 15:52 2209198 ----a-w- c:\users\Dave\AppData\Roaming\IDM\DwnlData\Dave\vegaspro90c_64bit_777\vegaspro90c_64bit.exe 2010-05-28 14:57 . 2010-05-28 14:57 -------- d-----w- c:\program files\NeoSmart Technologies 2010-05-28 07:34 . 2010-05-28 07:34 -------- d-----w- c:\program files\Google 2010-05-28 01:05 . 2003-03-19 03:14 499712 ----a-w- c:\windows\system32\msvcp71.dll 2010-05-28 01:05 . 2010-05-28 01:05 -------- d-----w- c:\program files\Real Alternative 2010-05-27 06:43 . 2010-05-27 06:43 -------- d-----w- c:\users\Dave\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1 2010-05-27 06:43 . 2010-06-09 14:31 -------- d-----w- c:\program files\TweetDeck 2010-05-27 06:42 . 2010-06-09 14:31 -------- d-----w- c:\program files\Common Files\Adobe AIR 2010-05-27 04:04 . 2010-04-23 07:13 2048 ----a-w- c:\windows\system32\tzres.dll 2010-05-27 03:46 . 2010-06-09 12:43 -------- d-----w- c:\users\Dave\AppData\Roaming\Vso 2010-05-27 03:46 . 2010-05-27 03:46 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys 2010-05-27 03:46 . 2010-05-27 03:46 47360 ----a-w- c:\users\Dave\AppData\Roaming\pcouffin.sys 2010-05-27 03:46 . 2010-05-27 03:46 -------- d-----w- c:\users\Dave\AppData\Roaming\NVIDIA 2010-05-27 03:45 . 2010-06-09 03:04 -------- d-----w- c:\program files\DVDFab 7 2010-05-26 19:07 . 2010-05-26 19:07 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2 2010-05-26 12:21 . 2010-06-09 14:32 -------- d-----w- c:\program files\Wireshark 2010-05-26 08:47 . 2010-05-28 16:05 -------- d-----w- c:\program files\WS_FTP Password Recoverer 2.5 2010-05-24 20:19 . 2010-05-24 20:19 -------- d-----w- c:\programdata\NCH Software 2010-05-24 20:19 . 2010-05-24 20:19 -------- d-----w- c:\program files\NCH Software 2010-05-24 20:19 . 2010-05-24 20:19 -------- d-----w- c:\users\Dave\AppData\Roaming\NCH Software 2010-05-24 07:10 . 2010-05-22 11:58 28135936 ----a-w- c:\users\Dave\AppData\Roaming\IDM\Activator\Activator\w7lxe.exe 2010-05-24 06:48 . 2010-05-24 06:48 -------- d-----w- c:\users\Dave\AppData\Roaming\URSoft 2010-05-24 06:48 . 2010-05-24 06:48 -------- d-----w- c:\program files\Your Uninstaller 2010 2010-05-24 06:42 . 2010-05-24 06:42 -------- d-----w- C:\temp 2010-05-24 06:41 . 2010-05-24 06:49 -------- d-----w- C:\quiz 2010-05-24 06:41 . 2002-10-18 05:00 110592 ----a-w- c:\windows\system32\tsccvid.dll 2010-05-23 20:48 . 2010-05-23 20:51 -------- d-----w- C:\gig 2010-05-23 06:03 . 2010-05-23 06:03 -------- d-----w- c:\program files\Common Files\Windows Live 2010-05-23 04:38 . 2010-05-23 04:38 -------- d-----w- c:\program files\TNod User & Password Finder 2010-05-23 04:32 . 2010-05-23 04:32 -------- d-----w- c:\program files\ESET 2010-05-22 23:19 . 2010-05-22 23:19 -------- d-----w- c:\program files\Matroska Pack 2010-05-22 23:18 . 2010-05-22 23:18 -------- d-----w- c:\users\Dave\AppData\Roaming\Media Player Classic 2010-05-22 20:15 . 2010-06-10 15:25 -------- d-----w- c:\users\Dave\AppData\Roaming\MailWasherPro 2010-05-22 20:15 . 2010-05-22 20:15 -------- d-----w- c:\program files\FireTrust 2010-05-22 20:08 . 2010-05-22 20:08 -------- d-----w- c:\users\Dave\AppData\Local\LogiShrd 2010-05-22 20:08 . 2010-05-22 20:08 -------- d-----w- c:\users\Dave\AppData\Roaming\Leadertech 2010-05-22 20:06 . 2010-05-26 20:14 -------- d-----w- c:\programdata\LogiShrd 2010-05-22 20:06 . 2010-05-22 20:08 -------- d-----w- c:\program files\Logitech 2010-05-22 20:04 . 2010-05-22 20:04 -------- d-----w- c:\program files\Common Files\LightScribe 2010-05-22 19:56 . 2010-05-22 19:56 -------- d-----w- c:\users\Dave\AppData\Roaming\Acoustica 2010-05-22 19:54 . 2010-05-22 19:57 -------- d-----w- c:\program files\Acoustica CD Label Maker 2010-05-22 19:54 . 2007-12-21 21:07 348160 ----a-w- c:\windows\system32\msvcr71.dll 2010-05-22 19:32 . 2003-04-18 23:06 8192 ----a-w- c:\windows\system32\srvany.exe 2010-05-22 14:25 . 2010-05-22 14:25 -------- d-----w- c:\program files\Microsoft IntelliType Pro 2010-05-22 13:33 . 2010-05-22 13:33 -------- d-----w- c:\windows\PCHEALTH 2010-05-22 13:33 . 2010-05-22 13:33 -------- d-----w- c:\program files\Microsoft.NET 2010-05-22 13:33 . 2010-05-22 13:33 -------- d-----w- c:\program files\Microsoft Analysis Services 2010-05-22 13:33 . 2010-05-28 17:37 -------- d-----w- c:\users\Dave\AppData\Local\Microsoft Help 2010-05-22 13:32 . 2010-05-22 13:35 -------- d-----w- c:\programdata\Microsoft Help 2010-05-22 13:32 . 2010-05-22 13:32 -------- d-----r- C:\MSOCache 2010-05-22 12:59 . 2010-05-22 12:59 -------- d-----w- c:\programdata\DeskSoft 2010-05-22 12:57 . 2010-05-22 12:59 -------- d-----w- c:\program files\BWMeter 2010-05-22 12:57 . 2010-05-22 12:57 28552 ----a-w- c:\windows\system32\drivers\dsnpfd.sys 2010-05-22 12:57 . 2010-05-22 12:57 -------- d-----w- c:\users\Dave\AppData\Roaming\DeskSoft 2010-05-22 07:53 . 2010-06-09 19:13 -------- d-----w- c:\users\Dave\AppData\Local\Adobe 2010-05-22 07:19 . 2010-05-22 07:19 214448 ----a-w- c:\users\Dave\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll 2010-05-22 07:19 . 2010-06-01 07:33 -------- d-----w- c:\users\Dave\AppData\Roaming\IDM 2010-05-22 07:19 . 2010-06-10 15:25 -------- d-----w- c:\users\Dave\AppData\Roaming\DMCache 2010-05-22 07:19 . 2010-05-22 07:19 -------- d-----w- c:\program files\Internet Download Manager 2010-05-22 07:06 . 2010-05-22 07:06 -------- d-----w- c:\program files\Common Files\Software Update Utility 2010-05-22 07:02 . 2010-05-22 07:02 -------- d-----w- c:\programdata\NVIDIA 2010-05-22 07:01 . 2010-05-22 07:01 -------- d-----w- c:\windows\system32\Macromed 2010-05-22 07:01 . 2010-06-10 05:52 -------- d-sh--w- c:\windows\Installer 2010-05-22 07:01 . 2010-05-22 07:01 -------- d-----w- c:\program files\NVIDIA Corporation 2010-05-22 06:56 . 2010-06-05 21:30 -------- d-----w- c:\program files\AIM Toolbar 2010-05-22 06:55 . 2010-05-22 07:06 -------- d-----w- c:\users\Dave\AppData\Local\AIM . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-06-10 15:25 . 2010-05-22 05:45 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs 2010-05-22 05:48 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail 2010-05-22 00:00 . 2010-05-22 00:00 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf 2010-05-21 21:04 . 2010-05-21 21:04 -------- d-sh--we c:\programdata\Templates 2010-05-21 21:04 . 2010-05-21 21:04 -------- d-sh--we c:\programdata\Start Menu 2010-05-21 21:04 . 2010-05-21 21:04 -------- d-sh--we c:\programdata\Favorites 2010-05-21 21:04 . 2010-05-21 21:04 -------- d-sh--we c:\programdata\Documents 2010-05-21 21:04 . 2010-05-21 21:04 -------- d-sh--we c:\programdata\Desktop 2010-05-12 15:21 . 2009-10-14 09:58 221568 ------w- c:\windows\system32\MpSigStub.exe 2010-04-29 18:47 . 2010-04-29 18:47 3600384 ----a-w- c:\windows\system32\GPhotos.scr 2010-04-03 22:27 . 2010-04-03 22:27 985704 ----a-w- c:\windows\system32\nvsvc.dll 2010-04-03 22:27 . 2010-04-03 22:27 66664 ----a-w- c:\windows\system32\nvshext.dll 2010-04-03 22:27 . 2010-04-03 22:27 13683816 ----a-w- c:\windows\system32\nvcpl.dll 2010-04-03 22:27 . 2010-04-03 22:27 129640 ----a-w- c:\windows\system32\nvvsvc.exe 2010-04-03 22:27 . 2010-04-03 22:27 110696 ----a-w- c:\windows\system32\nvmctray.dll 2010-03-26 00:07 . 2010-03-26 00:07 20768 ----a-w- c:\windows\system32\MFEOtlk.dll 2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat 2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe . ((((((((((((((((((((((((((((( SnapShot@2010-06-09_15.20.27 ))))))))))))))))))))))))))))))))))))))))) . + 2010-05-21 22:25 . 2010-06-10 06:14 29252 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 04:55 . 2010-06-10 15:27 35458 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2010-06-09 19:14 . 2010-06-09 19:14 84661 c:\windows\System32\Macromed\Flash\uninstall_plugin.exe - 2010-05-22 00:03 . 2010-06-09 14:15 49152 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-05-22 00:03 . 2010-06-10 06:12 49152 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 04:41 . 2010-06-10 06:12 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:41 . 2010-06-09 14:15 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:34 . 2010-06-09 20:20 73256 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat - 2010-05-21 22:31 . 2010-06-09 15:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-05-21 22:31 . 2010-06-10 06:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-05-22 15:06 . 2010-06-10 15:07 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat - 2010-05-22 15:06 . 2010-06-09 14:05 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat - 2010-05-22 15:06 . 2010-06-09 14:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat + 2010-05-22 15:06 . 2010-06-10 15:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat - 2010-05-22 15:06 . 2010-06-09 14:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat + 2010-05-22 15:06 . 2010-06-10 15:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat - 2010-05-21 22:31 . 2010-06-09 15:12 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2010-05-21 22:31 . 2010-06-10 15:07 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2010-05-21 22:31 . 2010-06-09 15:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-05-21 22:31 . 2010-06-10 06:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2010-05-21 21:08 . 2010-06-10 15:27 7024 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2225359714-1735385368-1201117027-1000_UserData.bin + 2010-06-10 06:12 . 2010-06-10 15:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2010-06-09 14:15 . 2010-06-09 15:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2010-06-09 14:15 . 2010-06-09 15:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2010-06-10 06:12 . 2010-06-10 15:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2010-06-09 15:19 . 2009-10-07 05:47 109080 c:\windows\temp\logishrd\LVPrcInj01.dll + 2010-06-10 15:25 . 2009-10-07 05:47 109080 c:\windows\temp\logishrd\LVPrcInj01.dll - 2009-07-14 02:05 . 2010-06-09 14:19 615122 c:\windows\System32\perfh009.dat + 2009-07-14 02:05 . 2010-06-10 06:17 615122 c:\windows\System32\perfh009.dat - 2009-07-14 02:05 . 2010-06-09 14:19 103496 c:\windows\System32\perfc009.dat + 2009-07-14 02:05 . 2010-06-10 06:17 103496 c:\windows\System32\perfc009.dat + 2010-01-27 01:07 . 2010-01-27 01:07 256280 c:\windows\System32\Macromed\Flash\NPSWF32_FlashUtil.exe + 2010-06-09 19:16 . 2010-06-09 19:16 153376 c:\windows\System32\javaws.exe + 2010-06-09 19:16 . 2010-06-09 19:16 145184 c:\windows\System32\javaw.exe + 2010-06-09 19:16 . 2010-06-09 19:16 145184 c:\windows\System32\java.exe - 2009-10-14 09:58 . 2010-06-09 14:32 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat + 2009-10-14 09:58 . 2010-06-10 06:27 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat + 2010-05-22 00:03 . 2010-06-10 06:12 425984 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2010-05-22 00:03 . 2010-06-09 14:15 425984 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2010-06-09 19:17 . 2010-06-09 19:17 183808 c:\windows\Installer\b3fc6c.msi + 2010-06-09 19:15 . 2010-06-09 19:15 581120 c:\windows\Installer\b3fc63.msi + 2009-07-14 02:03 . 2010-06-10 14:20 7077888 c:\windows\System32\SMI\Store\Machine\schema.dat - 2009-07-14 02:03 . 2010-06-09 14:28 7077888 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT + 2010-01-27 01:07 . 2010-01-27 01:07 3884312 c:\windows\System32\Macromed\Flash\NPSWF32.dll + 2010-01-04 18:41 . 2010-01-04 18:41 3972608 c:\windows\Installer\b3fc5e.msi . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}] 2010-02-28 06:20 561552 ----a-w- c:\progra~1\MICROS~2\Office14\URLREDIR.DLL [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504] "DisplayFusion"="c:\program files\DisplayFusion\DisplayFusion.exe" [2010-03-17 800944] "IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2010-04-29 3220912] "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-06-01 1501064] "LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304] "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-09-11 2054360] "TNOD UP"="c:\program files\TNod User & Password Finder\TNODUP.exe" [2010-04-01 1811968] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] c:\users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ BWMeter.lnk - c:\program files\BWMeter\BWMeter.exe [2010-5-22 1171968] everest.exe - Shortcut.lnk - i:\downloads\Everest\5.50.2154\Everest\everest.exe [2010-5-28 2480736] MailWasherPro.lnk - c:\program files\FireTrust\MailWasher Pro\MailWasher.exe [2010-5-22 19121072] c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ iReboot 1.1.1.lnk - c:\program files\NeoSmart Technologies\iReboot\iReboot.exe [2009-9-15 232960] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) [HKLM\~\startupfolder\C:^Users^Dave^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk] path=c:\users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk backup=c:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup backupExtension=.Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2009-01-05 20:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebcamMaxAutoRun] 2009-12-31 03:50 1561232 ----a-w- c:\program files\WebcamMax\WebcamMax.exe R3 dsnpfd;Dsnpfd Service;c:\windows\system32\DRIVERS\dsnpfd.sys [2010-05-22 28552] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000] R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920] R4 KMService;KMService;c:\windows\system32\srvany.exe [2003-04-18 8192] S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-09-11 108792] S2 BWMeterConSvc;BWMeter Connections Service;c:\program files\BWMeter\BWMeterConSvc.exe [2010-05-22 62464] S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2009-09-11 735960] S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2009-09-11 38240] S2 iReboot;iReboot Background Service;c:\program files\NeoSmart Technologies\iReboot\iRebootd.exe [2009-09-15 17408] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-04-29 304464] S3 dsnpfdMP;dsnpfdMP;c:\windows\system32\DRIVERS\dsnpfd.sys [2010-05-22 28552] S3 EverestDriver;Lavalys EVEREST Kernel Driver;i:\downloads\Everest\5.50.2154\Everest\kerneld.wnt [2010-05-21 27760] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-04-29 20952] S3 NMgamingmsFltr;USB Optical Mouse;c:\windows\system32\drivers\NMgamingms.sys [2009-07-24 9472] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-02 139776] --- Other Services/Drivers In Memory --- *NewlyCreated* - EVERESTDRIVER [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2009-03-17 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uDefault_Search_URL = hxxp://www.google.com/ie uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105 LSP: c:\windows\system32\idmmbc.dll Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL FF - ProfilePath - c:\users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Dave\ FF - prefs.js: browser.search.selectedEngine - eBay FF - prefs.js: browser.startup.homepage - hxxp://sirocco.accuweather.com/nx_mosaic_640x480_public/sir/inmaSIRNY_.gif|http://192.168.0.1/fap_meter/ FF - prefs.js: network.proxy.type - 4 FF - component: c:\users\Dave\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll FF - component: c:\users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Dave\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll FF - plugin: c:\progra~1\MICROS~2\Office14\NPAUTHZ.DLL FF - plugin: c:\progra~1\MICROS~2\Office14\NPSPWRAP.DLL FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\users\Dave\AppData\Local\Google\Google Earth\plugin\npgeplugin.dll ---- FIREFOX POLICIES ---- c:\program files\Shiretoko\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr ef", true); c:\program files\Shiretoko\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", ""); c:\program files\Shiretoko\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false); c:\program files\Shiretoko\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false); c:\program files\Shiretoko\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", ""); c:\program files\Shiretoko\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", ""); c:\program files\Shiretoko\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-f-CN", ""); . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EverestDriver] "ImagePath"="\??\i:\downloads\Everest\5.50.2154\Everest\kerneld.wnt" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'Explorer.exe'(1632) c:\program files\DisplayFusion\DisplayFusionHookx86.dll c:\windows\system32\idmmbc.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\nvvsvc.exe c:\windows\system32\nvvsvc.exe c:\windows\system32\taskhost.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe c:\windows\system32\sppsvc.exe c:\windows\system32\conhost.exe c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe c:\program files\Common Files\Nero\Lib\NMIndexingService.exe . ************************************************************************** . Completion time: 2010-06-10 11:28:54 - machine was rebooted ComboFix-quarantined-files.txt 2010-06-10 15:28 ComboFix2.txt 2010-06-09 15:23 Pre-Run: 1,204,200,792,064 bytes free Post-Run: 1,204,147,245,056 bytes free - - End Of File - - 2E856C191F28D950E39B0CA9A21C6084

I forgot to mention I seem to be blocked from accessing Windows Updates. Attempting to download updates results in error Code80072EFE Here is the GMER.LOG GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-06-10 10:06:03 Windows 6.1.7600 Running: 128efx3u.exe; Driver: C:\Users\Dave\AppData\Local\Temp\kxldapow.sys ---- System - GMER 1.0.15 ---- INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C26AF8 INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C26104 INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C263F4 INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C0F2D8 INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C0E898 INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C261DC INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C26958 INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C266F8 INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C26F2C INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C271A8 ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82C86599 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CAAF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text peauth.sys A7222C9D 28 Bytes [84, 89, CB, 9F, 7E, FE, 59, ...] .text peauth.sys A7222CC1 28 Bytes [84, 89, CB, 9F, 7E, FE, 59, ...] PAGE peauth.sys A7228B9B 72 Bytes [49, 1F, D4, 05, 56, 98, C1, ...] PAGE peauth.sys A7228BEC 111 Bytes [99, 4B, C6, 7C, F9, D5, 58, ...] PAGE peauth.sys A722902C 102 Bytes [10, D5, FD, A4, 49, CF, 62, ...] ---- User code sections - GMER 1.0.15 ---- .text C:\Windows\system32\svchost.exe[1052] ntdll.dll!NtProtectVirtualMemory 773B5360 5 Bytes JMP 0029000A .text C:\Windows\system32\svchost.exe[1052] ntdll.dll!NtWriteVirtualMemory 773B5EE0 5 Bytes JMP 002A000A .text C:\Windows\system32\svchost.exe[1052] ntdll.dll!KiUserExceptionDispatcher 773B6448 5 Bytes JMP 0027000A .text C:\Windows\system32\svchost.exe[1052] ole32.dll!CoCreateInstance 765457FC 5 Bytes JMP 0091000A .text C:\Windows\system32\svchost.exe[1052] USER32.dll!GetCursorPos 772AC198 5 Bytes JMP 00F0000A .text C:\Windows\system32\wuauclt.exe[1152] ntdll.dll!NtProtectVirtualMemory 773B5360 5 Bytes JMP 0010000A .text C:\Windows\system32\wuauclt.exe[1152] ntdll.dll!NtWriteVirtualMemory 773B5EE0 5 Bytes JMP 0019000A .text C:\Windows\system32\wuauclt.exe[1152] ntdll.dll!KiUserExceptionDispatcher 773B6448 5 Bytes JMP 000F000A .text C:\Windows\Explorer.EXE[1584] ntdll.dll!NtProtectVirtualMemory 773B5360 5 Bytes JMP 0040000A .text C:\Windows\Explorer.EXE[1584] ntdll.dll!NtWriteVirtualMemory 773B5EE0 5 Bytes JMP 0041000A .text C:\Windows\Explorer.EXE[1584] ntdll.dll!KiUserExceptionDispatcher 773B6448 5 Bytes JMP 000D000A .text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[1908] kernel32.dll!SetUnhandledExceptionFilter 75C53142 4 Bytes [C2, 04, 00, 00] ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET) Device \Driver\ACPI_HAL \Device\00000057 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume8 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume9 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) ---- EOF - GMER 1.0.15 ----

Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 4185 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 6/10/2010 3:16:20 AM mbam-log-2010-06-10 (03-16-20).txt Scan type: Quick scan Objects scanned: 123368 Time elapsed: 6 minute(s), 13 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)