Ibbyda
-
Posts
16 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by Ibbyda
-
-
I did install Your Uninstaller! 7, but I'm not sure what Babylon is. I went to the folder but it was empty.
Malwarebytes' Anti-Malware 1.50.1.1100
Database version: 912062110
Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421
6/21/2012 5:20:50 PM
mbam-log-2012-06-21 (17-20-50).txt
Scan type: Quick scan
Objects scanned: 207635
Time elapsed: 2 minute(s), 18 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
-
ComboFix 12-06-19.03 - jerry 06/20/2012 8:49.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3948.1944 [GMT -4:00]
Running from: c:\users\jerry\Desktop\ComboFix.exe
AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\users\Public\Documents\NTILiveUpdateV9.dll
c:\users\Public\Documents\NTIMMV9Acer.dll
c:\users\Public\Documents\NTIMMV9REGET.dll
c:\windows\Installer\{32be1b79-4a5c-39a4-4f00-70a2c67a80d1}\@
c:\windows\Installer\{32be1b79-4a5c-39a4-4f00-70a2c67a80d1}\U\00000001.@
c:\windows\Installer\{32be1b79-4a5c-39a4-4f00-70a2c67a80d1}\U\80000000.@
c:\windows\Installer\{32be1b79-4a5c-39a4-4f00-70a2c67a80d1}\U\800000cb.@
.
.
((((((((((((((((((((((((( Files Created from 2012-05-20 to 2012-06-20 )))))))))))))))))))))))))))))))
.
.
2012-06-20 12:52 . 2012-06-20 12:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-20 04:24 . 2011-08-04 17:42 162392 ----a-w- c:\windows\system32\drivers\VvBackd5.sys
2012-06-20 04:24 . 2011-01-05 05:18 66136 ------w- c:\windows\system32\drivers\HCDisk.sys
2012-06-20 04:23 . 2012-06-20 04:23 -------- d-----w- c:\program files\FarStone
2012-06-20 04:21 . 2011-04-18 15:12 24664 ------w- c:\windows\system32\drivers\FarMntIo.sys
2012-06-20 04:21 . 2012-06-20 12:43 -------- d-----w- c:\programdata\Farstone
2012-06-20 02:19 . 2012-06-20 02:38 -------- d-----w- c:\programdata\AVG2012
2012-06-20 01:26 . 2012-06-20 01:26 -------- d--h--w- c:\programdata\Common Files
2012-06-20 01:26 . 2012-06-20 01:26 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2012-06-20 01:25 . 2012-06-20 02:19 -------- d-----w- c:\windows\system32\drivers\AVG
2012-06-20 01:24 . 2012-06-20 02:18 -------- d-----w- c:\program files (x86)\AVG
2012-06-20 01:22 . 2012-06-20 02:28 -------- d-----w- c:\programdata\MFAData
2012-06-20 00:56 . 2012-06-20 00:56 -------- d-----w- c:\programdata\AWIECO
2012-06-20 00:55 . 2012-06-20 00:55 -------- d-----w- c:\program files\AWIECO
2012-06-20 00:55 . 2012-06-20 00:55 274432 ----a-w- c:\programdata\Microsoft\Windows Server\Data\DownloadCache\Client64.msi
2012-06-20 00:27 . 2012-06-20 00:27 -------- d-----w- c:\program files\Windows Server
2012-06-20 00:12 . 2012-06-20 05:27 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2012-06-18 05:00 . 2012-06-18 05:00 -------- d-----w- c:\windows\NAPP_Dism_Log
2012-06-18 04:40 . 2012-06-18 04:40 -------- d-----w- c:\program files (x86)\Barnes & Noble
2012-06-18 04:38 . 2012-06-18 04:39 -------- d-----w- c:\programdata\CLSK
2012-06-18 04:37 . 2012-06-18 04:37 -------- d-----w- c:\program files (x86)\Cyberlink
2012-06-18 04:37 . 2012-06-18 04:39 -------- d-----w- c:\programdata\CyberLink
2012-06-18 04:34 . 2012-06-18 04:34 -------- d-----w- c:\programdata\NTI Launcher
2012-06-18 04:32 . 2012-06-18 04:32 -------- d-----w- c:\programdata\FLEXnet
2012-06-18 04:32 . 2012-06-18 04:32 -------- d-----w- c:\program files (x86)\Common Files\Macrovision Shared
2012-06-18 04:30 . 2012-06-18 03:03 -------- d-----w- c:\program files (x86)\Microsoft
2012-06-18 04:29 . 2012-06-18 04:29 -------- d-----w- c:\programdata\Atheros
2012-06-18 04:20 . 2012-06-18 04:20 -------- d-----w- c:\program files\Elantech
2012-06-18 04:19 . 2012-06-18 04:19 -------- d-----w- c:\program files\Intel
2012-06-18 04:17 . 2012-06-18 04:18 -------- d-----w- c:\program files (x86)\Launch Manager
2012-06-18 04:14 . 2012-06-18 04:14 -------- d-----w- c:\program files (x86)\Common Files\Atheros
2012-06-18 04:14 . 2012-06-18 04:14 -------- d-----w- c:\program files (x86)\Bluetooth Suite
2012-06-18 04:11 . 2012-06-18 04:11 -------- d-----w- c:\programdata\EgisTec
2012-06-18 04:11 . 2012-06-18 04:11 -------- d-----w- c:\programdata\Intel
2012-06-18 04:06 . 2012-06-18 04:06 -------- d-----w- c:\program files\Common Files\Intel
2012-06-18 04:06 . 2012-06-18 04:06 -------- d-----w- c:\program files (x86)\Common Files\Intel
2012-06-18 03:16 . 2012-06-18 03:16 -------- d-----w- c:\windows\SysWow64\Wat
2012-06-18 03:16 . 2012-06-18 03:16 -------- d-----w- c:\windows\system32\Wat
2012-06-18 03:16 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-06-18 03:16 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-06-18 03:01 . 2012-06-18 03:01 -------- d-----w- c:\program files (x86)\Your Uninstaller! 7
2012-06-18 03:01 . 2012-06-18 03:01 -------- d-----w- c:\programdata\Babylon
2012-06-18 02:59 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-06-18 02:59 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-06-18 02:59 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-06-18 02:59 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-06-18 02:59 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-06-18 02:59 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-06-18 02:59 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-06-18 02:53 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2012-06-18 02:52 . 2011-07-16 05:21 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-06-18 02:51 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-06-18 02:51 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-06-18 02:51 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-18 02:50 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
2012-06-18 02:50 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2012-06-18 02:50 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
2012-06-18 02:50 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2012-06-18 02:47 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-06-18 02:46 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-06-18 02:46 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-06-18 02:46 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-06-18 02:45 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2012-06-18 02:45 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2012-06-18 02:42 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-06-18 02:42 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-06-18 02:42 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-06-18 02:29 . 2012-06-20 12:43 -------- d-----w- c:\programdata\clear.fi
2012-06-18 02:26 . 2012-06-18 02:26 -------- d-----w- c:\programdata\SeriousBit
2012-06-18 02:25 . 2011-05-18 20:57 41256 ----a-w- c:\windows\system32\drivers\nbdrv.sys
2012-06-18 02:25 . 2012-06-18 02:26 -------- d-----w- c:\program files\NetBalancer
2012-06-18 02:20 . 2012-06-18 02:20 -------- d-----w- c:\program files (x86)\DSUtilities
2012-06-18 02:20 . 2004-03-09 05:00 609824 ----a-w- c:\windows\SysWow64\ComCtl32.ocx
2012-06-18 02:17 . 2012-06-18 02:17 -------- d-----w- c:\programdata\Hewlett-Packard
2012-06-18 02:17 . 2009-07-14 01:41 230400 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpzppw71.dll
2012-06-18 02:07 . 2012-06-18 02:07 -------- d-----w- c:\programdata\OEM_E471269A730D
2012-06-18 02:07 . 2012-06-18 02:07 -------- d-----w- c:\program files (x86)\Times Reader
2012-06-18 02:07 . 2012-06-18 02:07 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2012-06-18 02:06 . 2012-06-18 02:09 -------- d-----w- c:\users\jerry
2012-06-18 02:06 . 2012-06-18 02:06 -------- d-----w- C:\Recovery
2012-06-17 22:57 . 2012-06-20 05:39 -------- d-----w- C:\TDSSKiller_Quarantine
2012-06-15 11:25 . 2012-06-15 23:40 -------- d-----w- C:\SRN Micro
2012-06-12 01:31 . 2012-06-20 04:24 4096 --sh--r- C:\RESCUMBR.BIN
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-18 04:34 . 2011-08-26 09:33 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-18 02:51 . 2011-03-29 01:36 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hnFAPAlert"="c:\program files (x86)\DSUtilities\hnFAP-Alert\hnFAPAlert.exe" [2011-10-19 139264]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2011-06-21 341360]
"BackupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" [2011-04-24 297280]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-07-01 1103440]
"Dolby Advanced Audio v2"="c:\dolby pcee4\pcee4.exe" [2011-02-03 506712]
"ArcadeMovieService"="c:\program files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe" [2011-05-10 177448]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-01-30 821144]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-01-30 36760]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DriveClone Network Client IBP;DriveClone Network Client IBP;c:\program files\FarStone\RestoreIT 7\IBP\fsloader.exe [2009-08-18 126976]
R2 initMonitor;Windows Server Initialization Service;c:\program files\Windows Server\Bin\SharedServiceHost.exe [2011-03-02 30592]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\mcsacore.exe [x]
R2 NetBalancer Windows Service;NetBalancer Windows Service;c:\program files\NetBalancer\SeriousBit.NetBalancer.Service.exe [2012-02-16 10240]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]
R3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]
R3 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2011-06-21 173424]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 AVGIDSEH;AVGIDSEH;c:\windows\system32\DRIVERS\AVGIDSEH.Sys [x]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [x]
S0 VVBackd5;VVBackd5; [x]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [x]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [x]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [x]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 arXfrSvc;Windows Server Media Center TV Archive Transfer Service;c:\program files\Windows Server\Bin\Microsoft.HomeServer.Archive.TransferService.exe [2011-03-02 79744]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-08-02 103584]
S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2012\avgfws.exe [2011-11-23 2391832]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-08-02 192776]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2011-07-01 353360]
S2 ePowerSvc;ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2011-08-02 872552]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2011-05-30 36456]
S2 HCDisk;HCDisk; [x]
S2 HealthAlertsSvc;Windows Server Health Service;c:\program files\Windows Server\Bin\SharedServiceHost.exe [2011-03-02 30592]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-13 13336]
S2 LANConfig;Windows Server LAN Configuration;c:\program files\Windows Server\Bin\LANConfigSvc.exe [2011-03-02 27520]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2011-04-22 244624]
S2 NotificationsProviderSvc;Windows Server Notifications Provider Service;c:\program files\Windows Server\Bin\SharedServiceHost.exe [2011-03-02 30592]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2011-04-24 256832]
S2 providers_system;Windows Server Download Service;c:\program files\Windows Server\Bin\SharedServiceHost.exe [2011-03-02 30592]
S2 ServiceProviderRegistry;Windows Server Service Provider Registry;c:\program files\Windows Server\Bin\ProviderRegistryService.exe [2012-01-12 40832]
S2 SqmProviderSvc;Windows Server SQM Service;c:\program files\Windows Server\Bin\SharedServiceHost.exe [2011-03-02 30592]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S2 WhsMcClient;Windows Server Media Center Client Service;c:\program files\Windows Server\Bin\WhsMcClient.exe [2011-03-02 111488]
S2 WSConnectorUpdate;Windows Server Connector Update;c:\program files\Windows Server\Bin\WSConnectorUpdate.exe [2011-03-02 228736]
S2 WSS_ComputerBackupProviderSvc;Windows Server Client Computer Backup Provider Service;c:\program files\Windows Server\Bin\SharedServiceHost.exe [2011-03-02 30592]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\AVGIDSDriver.Sys [x]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\AVGIDSFilter.Sys [x]
S3 BackupReader;BackupReader;c:\windows\system32\DRIVERS\BackupReader.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 FARMNTIO;FARMNTIO;c:\windows\system32\drivers\farmntio.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [x]
S3 Nbdrv;NetBalancer;c:\windows\system32\DRIVERS\nbdrv.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-20 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS\AutoKMS.exe [2012-06-20 04:46]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-21 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-21 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-21 416024]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-08-02 961184]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-08-02 798880]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-10 11785832]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-03-09 2189416]
"Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-08-02 1831016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://acer.msn.com
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://acer.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 66.82.4.8 66.82.4.12
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
HKLM-Run-Launchpad - c:\program files (x86)\Windows Server\Bin\Launchpad.exe
AddRemove-WTA-209b9556-d362-4c24-9f12-6fc537e8f570 - c:\program files (x86)\Acer Games\Build-a-lot 4 - Power Source\uninstall\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-06-20 15:17:40
ComboFix-quarantined-files.txt 2012-06-20 19:17
.
Pre-Run: 497,149,812,736 bytes free
Post-Run: 497,544,286,208 bytes free
.
- - End Of File - - 0C44A8CF59738E0388D0193378AF3090
-
Attached is the report that was created by TDSKiller. It only found a piece of software that was downloaded after the rootkit started. It was installed to help watch/try to find out what it was.
TDSKiller report:
00:16:13.0578 8356 TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31
00:16:15.0588 8356 ============================================================
00:16:15.0588 8356 Current date / time: 2012/06/20 00:16:15.0588
00:16:15.0588 8356 SystemInfo:
00:16:15.0588 8356
00:16:15.0588 8356 OS Version: 6.1.7601 ServicePack: 1.0
00:16:15.0588 8356 Product type: Workstation
00:16:15.0588 8356 ComputerName: LAPTOP
00:16:15.0588 8356 UserName: jerry
00:16:15.0588 8356 Windows directory: C:\Windows
00:16:15.0588 8356 System windows directory: C:\Windows
00:16:15.0588 8356 Running under WOW64
00:16:15.0588 8356 Processor architecture: Intel x64
00:16:15.0588 8356 Number of processors: 4
00:16:15.0588 8356 Page size: 0x1000
00:16:15.0588 8356 Boot type: Normal boot
00:16:15.0588 8356 ============================================================
00:16:16.0297 8356 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:16:16.0307 8356 Drive \Device\Harddisk1\DR1 - Size: 0x1D11B0000 (7.27 Gb), SectorSize: 0x200, Cylinders: 0x3B4, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
00:16:16.0312 8356 ============================================================
00:16:16.0313 8356 \Device\Harddisk0\DR0:
00:16:16.0313 8356 MBR partitions:
00:16:16.0313 8356 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2000800, BlocksNum 0x32000
00:16:16.0313 8356 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2032800, BlocksNum 0x48825000
00:16:16.0313 8356 \Device\Harddisk1\DR1:
00:16:16.0314 8356 MBR partitions:
00:16:16.0314 8356 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x1F80, BlocksNum 0xE86E00
00:16:16.0314 8356 ============================================================
00:16:16.0402 8356 C: <-> \Device\Harddisk0\DR0\Partition1
00:16:16.0402 8356 ============================================================
00:16:16.0402 8356 Initialize success
00:16:16.0402 8356 ============================================================
00:16:36.0296 8252 ============================================================
00:16:36.0296 8252 Scan started
00:16:36.0296 8252 Mode: Manual; SigCheck; TDLFS;
00:16:36.0296 8252 ============================================================
00:16:36.0768 8252 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
00:16:36.0934 8252 1394ohci - ok
00:16:37.0000 8252 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
00:16:37.0016 8252 ACPI - ok
00:16:37.0049 8252 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
00:16:37.0140 8252 AcpiPmi - ok
00:16:37.0250 8252 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
00:16:37.0318 8252 adp94xx - ok
00:16:37.0388 8252 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
00:16:37.0457 8252 adpahci - ok
00:16:37.0508 8252 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
00:16:37.0578 8252 adpu320 - ok
00:16:37.0629 8252 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
00:16:37.0808 8252 AeLookupSvc - ok
00:16:37.0868 8252 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
00:16:37.0929 8252 AFD - ok
00:16:37.0982 8252 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
00:16:38.0026 8252 agp440 - ok
00:16:38.0063 8252 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
00:16:38.0096 8252 ALG - ok
00:16:38.0139 8252 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
00:16:38.0173 8252 aliide - ok
00:16:38.0192 8252 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
00:16:38.0206 8252 amdide - ok
00:16:38.0240 8252 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
00:16:38.0283 8252 AmdK8 - ok
00:16:38.0314 8252 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
00:16:38.0352 8252 AmdPPM - ok
00:16:38.0372 8252 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
00:16:38.0418 8252 amdsata - ok
00:16:38.0447 8252 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
00:16:38.0472 8252 amdsbs - ok
00:16:38.0492 8252 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
00:16:38.0501 8252 amdxata - ok
00:16:38.0520 8252 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
00:16:38.0718 8252 AppID - ok
00:16:38.0747 8252 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
00:16:38.0806 8252 AppIDSvc - ok
00:16:38.0833 8252 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
00:16:38.0883 8252 Appinfo - ok
00:16:38.0914 8252 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
00:16:38.0925 8252 arc - ok
00:16:38.0943 8252 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
00:16:38.0954 8252 arcsas - ok
00:16:39.0103 8252 arXfrSvc (5820df4e8da29ada5872708c4f46ecad) C:\Program Files\Windows Server\Bin\Microsoft.HomeServer.Archive.TransferService.exe
00:16:39.0120 8252 arXfrSvc - ok
00:16:39.0397 8252 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
00:16:39.0438 8252 aspnet_state - ok
00:16:39.0465 8252 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
00:16:39.0526 8252 AsyncMac - ok
00:16:39.0581 8252 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
00:16:39.0600 8252 atapi - ok
00:16:39.0632 8252 AthBTPort (185f180536188c1a4ed605234721a5b9) C:\Windows\system32\DRIVERS\btath_flt.sys
00:16:39.0654 8252 AthBTPort - ok
00:16:39.0720 8252 AtherosSvc (944d401b4db9c64e78e9edb6690f7368) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
00:16:39.0741 8252 AtherosSvc - ok
00:16:39.0958 8252 athr (de9fb3dade8fd39ae2c587df22d36b8e) C:\Windows\system32\DRIVERS\athrx.sys
00:16:40.0130 8252 athr - ok
00:16:40.0312 8252 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
00:16:40.0380 8252 AudioEndpointBuilder - ok
00:16:40.0385 8252 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
00:16:40.0417 8252 AudioSrv - ok
00:16:40.0473 8252 Avgfwfd (96b4456f1dca4eda506ed31c7d2d6b05) C:\Windows\system32\DRIVERS\avgfwd6a.sys
00:16:40.0513 8252 Avgfwfd - ok
00:16:40.0865 8252 avgfws (5cd22eb540f82c70e33e530003f3903b) C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
00:16:40.0996 8252 avgfws - ok
00:16:41.0307 8252 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
00:16:41.0471 8252 AVGIDSAgent - ok
00:16:41.0626 8252 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
00:16:41.0652 8252 AVGIDSDriver - ok
00:16:41.0699 8252 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
00:16:41.0721 8252 AVGIDSEH - ok
00:16:41.0756 8252 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
00:16:41.0770 8252 AVGIDSFilter - ok
00:16:41.0857 8252 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys
00:16:41.0934 8252 Avgldx64 - ok
00:16:41.0963 8252 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys
00:16:41.0993 8252 Avgmfx64 - ok
00:16:42.0022 8252 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys
00:16:42.0033 8252 Avgrkx64 - ok
00:16:42.0096 8252 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys
00:16:42.0138 8252 Avgtdia - ok
00:16:42.0318 8252 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
00:16:42.0347 8252 avgwd - ok
00:16:42.0401 8252 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
00:16:42.0479 8252 AxInstSV - ok
00:16:42.0570 8252 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
00:16:42.0632 8252 b06bdrv - ok
00:16:42.0695 8252 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
00:16:42.0753 8252 b57nd60a - ok
00:16:42.0802 8252 BackupReader (7729395761f4061a643b573bf7f19aa8) C:\Windows\system32\DRIVERS\BackupReader.sys
00:16:42.0834 8252 BackupReader - ok
00:16:43.0294 8252 BCM43XX (11f844b46b631337395651abe9c4167b) C:\Windows\system32\DRIVERS\bcmwl664.sys
00:16:43.0484 8252 BCM43XX - ok
00:16:43.0624 8252 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
00:16:43.0672 8252 BDESVC - ok
00:16:43.0726 8252 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
00:16:43.0810 8252 Beep - ok
00:16:43.0910 8252 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
00:16:43.0959 8252 BFE - ok
00:16:44.0051 8252 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
00:16:44.0133 8252 BITS - ok
00:16:44.0219 8252 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
00:16:44.0247 8252 blbdrive - ok
00:16:44.0269 8252 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
00:16:44.0318 8252 bowser - ok
00:16:44.0337 8252 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
00:16:44.0368 8252 BrFiltLo - ok
00:16:44.0380 8252 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
00:16:44.0394 8252 BrFiltUp - ok
00:16:44.0439 8252 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
00:16:44.0487 8252 Browser - ok
00:16:44.0527 8252 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
00:16:44.0584 8252 Brserid - ok
00:16:44.0591 8252 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
00:16:44.0611 8252 BrSerWdm - ok
00:16:44.0614 8252 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
00:16:44.0626 8252 BrUsbMdm - ok
00:16:44.0629 8252 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
00:16:44.0645 8252 BrUsbSer - ok
00:16:44.0712 8252 BTATH_A2DP (d74a81ccf0372c955862692b7af272c9) C:\Windows\system32\drivers\btath_a2dp.sys
00:16:44.0768 8252 BTATH_A2DP - ok
00:16:44.0795 8252 btath_avdt (3118072d09daa1961a9f6549a4e8433a) C:\Windows\system32\drivers\btath_avdt.sys
00:16:44.0832 8252 btath_avdt - ok
00:16:44.0866 8252 BTATH_BUS (e6b734a37ade36fe1a77035f4e484c8c) C:\Windows\system32\DRIVERS\btath_bus.sys
00:16:44.0875 8252 BTATH_BUS - ok
00:16:44.0921 8252 BTATH_HCRP (fb3833e63ff602b69c2ff085846dcf43) C:\Windows\system32\DRIVERS\btath_hcrp.sys
00:16:44.0951 8252 BTATH_HCRP - ok
00:16:44.0996 8252 BTATH_LWFLT (8008d892a2bda67eefbe25e14eb5dc83) C:\Windows\system32\DRIVERS\btath_lwflt.sys
00:16:45.0018 8252 BTATH_LWFLT - ok
00:16:45.0072 8252 BTATH_RCP (58535686697e5e82ec3a87938ac3da54) C:\Windows\system32\DRIVERS\btath_rcp.sys
00:16:45.0108 8252 BTATH_RCP - ok
00:16:45.0186 8252 BtFilter (3df6c4913a683c76f29f376ee814221e) C:\Windows\system32\DRIVERS\btfilter.sys
00:16:45.0255 8252 BtFilter - ok
00:16:45.0290 8252 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\DRIVERS\BthEnum.sys
00:16:45.0344 8252 BthEnum - ok
00:16:45.0390 8252 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
00:16:45.0414 8252 BTHMODEM - ok
00:16:45.0452 8252 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
00:16:45.0486 8252 BthPan - ok
00:16:45.0549 8252 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\system32\Drivers\BTHport.sys
00:16:45.0602 8252 BTHPORT - ok
00:16:45.0645 8252 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
00:16:45.0712 8252 bthserv - ok
00:16:45.0738 8252 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\system32\Drivers\BTHUSB.sys
00:16:45.0760 8252 BTHUSB - ok
00:16:45.0811 8252 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
00:16:45.0867 8252 cdfs - ok
00:16:45.0909 8252 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
00:16:45.0942 8252 cdrom - ok
00:16:45.0963 8252 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
00:16:46.0010 8252 CertPropSvc - ok
00:16:46.0037 8252 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
00:16:46.0050 8252 circlass - ok
00:16:46.0104 8252 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
00:16:46.0140 8252 CLFS - ok
00:16:46.0195 8252 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:16:46.0227 8252 clr_optimization_v2.0.50727_32 - ok
00:16:46.0276 8252 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
00:16:46.0304 8252 clr_optimization_v2.0.50727_64 - ok
00:16:46.0533 8252 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:16:46.0557 8252 clr_optimization_v4.0.30319_32 - ok
00:16:46.0774 8252 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
00:16:46.0797 8252 clr_optimization_v4.0.30319_64 - ok
00:16:46.0833 8252 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
00:16:46.0865 8252 CmBatt - ok
00:16:46.0880 8252 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
00:16:46.0897 8252 cmdide - ok
00:16:46.0974 8252 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
00:16:47.0121 8252 CNG - ok
00:16:47.0154 8252 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
00:16:47.0168 8252 Compbatt - ok
00:16:47.0204 8252 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
00:16:47.0241 8252 CompositeBus - ok
00:16:47.0258 8252 COMSysApp - ok
00:16:47.0277 8252 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
00:16:47.0289 8252 crcdisk - ok
00:16:47.0343 8252 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
00:16:47.0383 8252 CryptSvc - ok
00:16:47.0455 8252 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
00:16:47.0535 8252 DcomLaunch - ok
00:16:47.0609 8252 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
00:16:47.0679 8252 defragsvc - ok
00:16:47.0714 8252 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
00:16:47.0766 8252 DfsC - ok
00:16:47.0823 8252 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
00:16:47.0920 8252 Dhcp - ok
00:16:47.0939 8252 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
00:16:47.0980 8252 discache - ok
00:16:48.0016 8252 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
00:16:48.0026 8252 Disk - ok
00:16:48.0055 8252 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
00:16:48.0106 8252 Dnscache - ok
00:16:48.0155 8252 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
00:16:48.0193 8252 dot3svc - ok
00:16:48.0209 8252 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
00:16:48.0247 8252 DPS - ok
00:16:48.0283 8252 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
00:16:48.0313 8252 drmkaud - ok
00:16:48.0405 8252 DsiWMIService (9dd3a22f804697606c2b7ff9e912ff6b) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
00:16:48.0441 8252 DsiWMIService - ok
00:16:48.0532 8252 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
00:16:48.0576 8252 DXGKrnl - ok
00:16:48.0614 8252 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
00:16:48.0657 8252 EapHost - ok
00:16:48.0890 8252 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
00:16:49.0021 8252 ebdrv - ok
00:16:49.0133 8252 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
00:16:49.0195 8252 EFS - ok
00:16:49.0296 8252 EgisTec Ticket Service (5332ec2ba1c112bd4bb1f38127848fef) C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
00:16:49.0363 8252 EgisTec Ticket Service - ok
00:16:49.0475 8252 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
00:16:49.0574 8252 ehRecvr - ok
00:16:49.0606 8252 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
00:16:49.0623 8252 ehSched - ok
00:16:49.0745 8252 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
00:16:49.0824 8252 elxstor - ok
00:16:49.0977 8252 ePowerSvc (48425c93b6f36529707206e4fa680cf3) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
00:16:50.0017 8252 ePowerSvc - ok
00:16:50.0124 8252 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
00:16:50.0162 8252 ErrDev - ok
00:16:50.0226 8252 ETD (9d8739a2a2173c9d27c499a3fc6eda3f) C:\Windows\system32\DRIVERS\ETD.sys
00:16:50.0295 8252 ETD - ok
00:16:50.0366 8252 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
00:16:50.0428 8252 EventSystem - ok
00:16:50.0509 8252 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
00:16:50.0590 8252 exfat - ok
00:16:50.0633 8252 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
00:16:50.0724 8252 fastfat - ok
00:16:50.0799 8252 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
00:16:50.0853 8252 Fax - ok
00:16:50.0881 8252 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
00:16:50.0907 8252 fdc - ok
00:16:50.0929 8252 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
00:16:50.0967 8252 fdPHost - ok
00:16:50.0987 8252 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
00:16:51.0014 8252 FDResPub - ok
00:16:51.0039 8252 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
00:16:51.0048 8252 FileInfo - ok
00:16:51.0059 8252 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
00:16:51.0105 8252 Filetrace - ok
00:16:51.0224 8252 FLEXnet Licensing Service (bb0667b0171b632b97ea759515476f07) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
00:16:51.0292 8252 FLEXnet Licensing Service - ok
00:16:51.0337 8252 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
00:16:51.0350 8252 flpydisk - ok
00:16:51.0374 8252 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
00:16:51.0392 8252 FltMgr - ok
00:16:51.0504 8252 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
00:16:51.0581 8252 FontCache - ok
00:16:51.0649 8252 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
00:16:51.0686 8252 FontCache3.0.0.0 - ok
00:16:51.0726 8252 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
00:16:51.0746 8252 FsDepends - ok
00:16:51.0776 8252 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
00:16:51.0794 8252 Fs_Rec - ok
00:16:51.0826 8252 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
00:16:51.0857 8252 fvevol - ok
00:16:51.0882 8252 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
00:16:51.0891 8252 gagp30kx - ok
00:16:51.0988 8252 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
00:16:52.0072 8252 gpsvc - ok
00:16:52.0134 8252 GREGService (c9b2d1d3f86fd3673ef847def73b6f9e) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
00:16:52.0155 8252 GREGService - ok
00:16:52.0188 8252 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
00:16:52.0267 8252 hcw85cir - ok
00:16:52.0334 8252 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
00:16:52.0395 8252 HdAudAddService - ok
00:16:52.0443 8252 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
00:16:52.0483 8252 HDAudBus - ok
00:16:52.0638 8252 HealthAlertsSvc (d319a833ec173ad83c67885b3ed6c71c) C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
00:16:52.0657 8252 HealthAlertsSvc - ok
00:16:52.0692 8252 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
00:16:52.0725 8252 HidBatt - ok
00:16:52.0747 8252 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
00:16:52.0782 8252 HidBth - ok
00:16:52.0788 8252 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
00:16:52.0806 8252 HidIr - ok
00:16:52.0838 8252 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
00:16:52.0885 8252 hidserv - ok
00:16:52.0918 8252 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
00:16:52.0928 8252 HidUsb - ok
00:16:52.0969 8252 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
00:16:53.0042 8252 hkmsvc - ok
00:16:53.0076 8252 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
00:16:53.0135 8252 HomeGroupListener - ok
00:16:53.0186 8252 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
00:16:53.0252 8252 HomeGroupProvider - ok
00:16:53.0309 8252 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
00:16:53.0341 8252 HpSAMD - ok
00:16:53.0412 8252 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
00:16:53.0487 8252 HTTP - ok
00:16:53.0490 8252 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
00:16:53.0502 8252 hwpolicy - ok
00:16:53.0529 8252 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
00:16:53.0543 8252 i8042prt - ok
00:16:53.0608 8252 iaStor (d469b77687e12fe43e344806740b624d) C:\Windows\system32\drivers\iaStor.sys
00:16:53.0631 8252 iaStor - ok
00:16:53.0688 8252 IAStorDataMgrSvc (983fc69644ddf0486c8dfea262948d1a) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
00:16:53.0710 8252 IAStorDataMgrSvc - ok
00:16:53.0774 8252 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
00:16:53.0822 8252 iaStorV - ok
00:16:53.0945 8252 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
00:16:54.0000 8252 idsvc - ok
00:16:54.0686 8252 igfx (9937600a1584ff00565d5379eb4c9edb) C:\Windows\system32\DRIVERS\igdkmd64.sys
00:16:55.0120 8252 igfx - ok
00:16:55.0266 8252 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
00:16:55.0287 8252 iirsp - ok
00:16:55.0380 8252 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
00:16:55.0439 8252 IKEEXT - ok
00:16:55.0593 8252 initMonitor (d319a833ec173ad83c67885b3ed6c71c) C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
00:16:55.0606 8252 initMonitor - ok
00:16:55.0824 8252 IntcAzAudAddService (b60accd29f8fafc4a6344cd2bd5ca3a5) C:\Windows\system32\drivers\RTKVHD64.sys
00:16:55.0926 8252 IntcAzAudAddService - ok
00:16:56.0086 8252 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
00:16:56.0182 8252 IntcDAud - ok
00:16:56.0220 8252 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
00:16:56.0236 8252 intelide - ok
00:16:56.0269 8252 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
00:16:56.0301 8252 intelppm - ok
00:16:56.0350 8252 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
00:16:56.0383 8252 IPBusEnum - ok
00:16:56.0427 8252 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:16:56.0475 8252 IpFilterDriver - ok
00:16:56.0538 8252 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
00:16:56.0610 8252 iphlpsvc - ok
00:16:56.0618 8252 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
00:16:56.0638 8252 IPMIDRV - ok
00:16:56.0649 8252 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
00:16:56.0677 8252 IPNAT - ok
00:16:56.0701 8252 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
00:16:56.0714 8252 IRENUM - ok
00:16:56.0725 8252 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
00:16:56.0742 8252 isapnp - ok
00:16:56.0777 8252 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
00:16:56.0802 8252 iScsiPrt - ok
00:16:56.0836 8252 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
00:16:56.0863 8252 kbdclass - ok
00:16:56.0874 8252 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
00:16:56.0887 8252 kbdhid - ok
00:16:56.0921 8252 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:16:56.0929 8252 KeyIso - ok
00:16:56.0945 8252 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
00:16:56.0955 8252 KSecDD - ok
00:16:56.0986 8252 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
00:16:57.0021 8252 KSecPkg - ok
00:16:57.0050 8252 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
00:16:57.0102 8252 ksthunk - ok
00:16:57.0171 8252 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
00:16:57.0268 8252 KtmRm - ok
00:16:57.0320 8252 L1C (0e154da6ca9105354a07d0c576804037) C:\Windows\system32\DRIVERS\L1C62x64.sys
00:16:57.0379 8252 L1C - ok
00:16:57.0512 8252 LANConfig (f11ff47203538dd145faf56a4daf5d75) C:\Program Files\Windows Server\Bin\LANConfigSvc.exe
00:16:57.0533 8252 LANConfig - ok
00:16:57.0596 8252 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
00:16:57.0665 8252 LanmanServer - ok
00:16:57.0713 8252 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
00:16:57.0779 8252 LanmanWorkstation - ok
00:16:57.0856 8252 Live Updater Service (b705c7097f9a0ec941d02dce7c7d426c) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
00:16:57.0887 8252 Live Updater Service - ok
00:16:57.0921 8252 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
00:16:58.0001 8252 lltdio - ok
00:16:58.0055 8252 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
00:16:58.0151 8252 lltdsvc - ok
00:16:58.0172 8252 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
00:16:58.0200 8252 lmhosts - ok
00:16:58.0338 8252 LMS (50c7ce53ef461870410355f1f2e7d515) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
00:16:58.0370 8252 LMS - ok
00:16:58.0415 8252 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
00:16:58.0429 8252 LSI_FC - ok
00:16:58.0455 8252 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
00:16:58.0469 8252 LSI_SAS - ok
00:16:58.0477 8252 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
00:16:58.0490 8252 LSI_SAS2 - ok
00:16:58.0509 8252 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
00:16:58.0541 8252 LSI_SCSI - ok
00:16:58.0570 8252 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
00:16:58.0668 8252 luafv - ok
00:16:58.0671 8252 McAfee SiteAdvisor Service - ok
00:16:58.0706 8252 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
00:16:58.0728 8252 Mcx2Svc - ok
00:16:58.0733 8252 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
00:16:58.0741 8252 megasas - ok
00:16:58.0786 8252 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
00:16:58.0824 8252 MegaSR - ok
00:16:58.0869 8252 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\drivers\HECIx64.sys
00:16:58.0895 8252 MEIx64 - ok
00:16:58.0914 8252 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
00:16:58.0944 8252 MMCSS - ok
00:16:58.0958 8252 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
00:16:58.0996 8252 Modem - ok
00:16:59.0035 8252 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
00:16:59.0067 8252 monitor - ok
00:16:59.0082 8252 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
00:16:59.0098 8252 mouclass - ok
00:16:59.0120 8252 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\drivers\mouhid.sys
00:16:59.0153 8252 mouhid - ok
00:16:59.0193 8252 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
00:16:59.0210 8252 mountmgr - ok
00:16:59.0241 8252 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
00:16:59.0272 8252 mpio - ok
00:16:59.0280 8252 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
00:16:59.0312 8252 mpsdrv - ok
00:16:59.0406 8252 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
00:16:59.0495 8252 MpsSvc - ok
00:16:59.0509 8252 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
00:16:59.0540 8252 MRxDAV - ok
00:16:59.0554 8252 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
00:16:59.0593 8252 mrxsmb - ok
00:16:59.0653 8252 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:16:59.0713 8252 mrxsmb10 - ok
00:16:59.0726 8252 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:16:59.0742 8252 mrxsmb20 - ok
00:16:59.0769 8252 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
00:16:59.0778 8252 msahci - ok
00:16:59.0792 8252 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
00:16:59.0835 8252 msdsm - ok
00:16:59.0879 8252 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
00:16:59.0927 8252 MSDTC - ok
00:16:59.0951 8252 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
00:16:59.0997 8252 Msfs - ok
00:17:00.0015 8252 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
00:17:00.0057 8252 mshidkmdf - ok
00:17:00.0060 8252 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
00:17:00.0069 8252 msisadrv - ok
00:17:00.0116 8252 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
00:17:00.0202 8252 MSiSCSI - ok
00:17:00.0205 8252 msiserver - ok
00:17:00.0234 8252 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
00:17:00.0277 8252 MSKSSRV - ok
00:17:00.0289 8252 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
00:17:00.0331 8252 MSPCLOCK - ok
00:17:00.0356 8252 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
00:17:00.0398 8252 MSPQM - ok
00:17:00.0430 8252 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
00:17:00.0445 8252 MsRPC - ok
00:17:00.0450 8252 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
00:17:00.0460 8252 mssmbios - ok
00:17:00.0491 8252 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
00:17:00.0537 8252 MSTEE - ok
00:17:00.0550 8252 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
00:17:00.0560 8252 MTConfig - ok
00:17:00.0567 8252 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
00:17:00.0576 8252 Mup - ok
00:17:00.0579 8252 mwlPSDFilter (c009123b206c56854f4e88596035231d) C:\Windows\system32\DRIVERS\mwlPSDFilter.sys
00:17:00.0587 8252 mwlPSDFilter - ok
00:17:00.0608 8252 mwlPSDNServ (bf3739eeb9f008b1debac115089a53f8) C:\Windows\system32\DRIVERS\mwlPSDNServ.sys
00:17:00.0666 8252 mwlPSDNServ - ok
00:17:00.0677 8252 mwlPSDVDisk (38dd143d95e7a01b86f219dda9c28779) C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys
00:17:00.0690 8252 mwlPSDVDisk - ok
00:17:00.0759 8252 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
00:17:00.0836 8252 napagent - ok
00:17:00.0920 8252 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
00:17:00.0974 8252 NativeWifiP - ok
00:17:01.0030 8252 Nbdrv (37bfe7ce56133f2e8e90ef68157d73c8) C:\Windows\system32\DRIVERS\nbdrv.sys
00:17:01.0093 8252 Nbdrv - ok
00:17:01.0243 8252 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys
00:17:01.0282 8252 NDIS - ok
00:17:01.0313 8252 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
00:17:01.0342 8252 NdisCap - ok
00:17:01.0357 8252 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
00:17:01.0383 8252 NdisTapi - ok
00:17:01.0402 8252 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
00:17:01.0440 8252 Ndisuio - ok
00:17:01.0455 8252 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
00:17:01.0488 8252 NdisWan - ok
00:17:01.0505 8252 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
00:17:01.0530 8252 NDProxy - ok
00:17:01.0591 8252 NetBalancer Windows Service (bc4a5463cdab54967671f500d5f2c79d) C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Service.exe
00:17:01.0624 8252 NetBalancer Windows Service ( UnsignedFile.Multi.Generic ) - warning
00:17:01.0624 8252 NetBalancer Windows Service - detected UnsignedFile.Multi.Generic (1)
00:17:01.0630 8252 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
00:17:01.0663 8252 NetBIOS - ok
00:17:01.0685 8252 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
00:17:01.0715 8252 NetBT - ok
00:17:01.0743 8252 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:17:01.0753 8252 Netlogon - ok
00:17:01.0815 8252 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
00:17:01.0891 8252 Netman - ok
00:17:02.0162 8252 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:17:02.0186 8252 NetMsmqActivator - ok
00:17:02.0198 8252 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:17:02.0212 8252 NetPipeActivator - ok
00:17:02.0280 8252 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
00:17:02.0437 8252 netprofm - ok
00:17:02.0440 8252 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:17:02.0451 8252 NetTcpActivator - ok
00:17:02.0453 8252 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
00:17:02.0461 8252 NetTcpPortSharing - ok
00:17:02.0531 8252 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
00:17:02.0564 8252 nfrd960 - ok
00:17:02.0618 8252 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
00:17:02.0673 8252 NlaSvc - ok
00:17:02.0816 8252 NotificationsProviderSvc (d319a833ec173ad83c67885b3ed6c71c) C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
00:17:02.0838 8252 NotificationsProviderSvc - ok
00:17:02.0856 8252 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
00:17:02.0887 8252 Npfs - ok
00:17:02.0904 8252 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
00:17:02.0942 8252 nsi - ok
00:17:02.0962 8252 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
00:17:03.0007 8252 nsiproxy - ok
00:17:03.0151 8252 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
00:17:03.0235 8252 Ntfs - ok
00:17:03.0318 8252 NTI IScheduleSvc (1873214666f6f0a883742df91fbc48c9) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
00:17:03.0353 8252 NTI IScheduleSvc - ok
00:17:03.0463 8252 NTIDrvr (ee3ba1024594d5d09e314f206b94069e) C:\Windows\system32\drivers\NTIDrvr.sys
00:17:03.0486 8252 NTIDrvr - ok
00:17:03.0491 8252 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
00:17:03.0524 8252 Null - ok
00:17:03.0570 8252 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
00:17:03.0620 8252 nvraid - ok
00:17:03.0636 8252 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
00:17:03.0655 8252 nvstor - ok
00:17:03.0681 8252 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
00:17:03.0713 8252 nv_agp - ok
00:17:03.0721 8252 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
00:17:03.0745 8252 ohci1394 - ok
00:17:03.0799 8252 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
00:17:03.0864 8252 p2pimsvc - ok
00:17:03.0934 8252 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
00:17:03.0984 8252 p2psvc - ok
00:17:03.0994 8252 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
00:17:04.0009 8252 Parport - ok
00:17:04.0043 8252 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
00:17:04.0067 8252 partmgr - ok
00:17:04.0086 8252 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
00:17:04.0122 8252 PcaSvc - ok
00:17:04.0163 8252 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
00:17:04.0205 8252 pci - ok
00:17:04.0228 8252 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
00:17:04.0239 8252 pciide - ok
00:17:04.0283 8252 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
00:17:04.0318 8252 pcmcia - ok
00:17:04.0325 8252 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
00:17:04.0340 8252 pcw - ok
00:17:04.0382 8252 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
00:17:04.0431 8252 PEAUTH - ok
00:17:04.0516 8252 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
00:17:04.0555 8252 PerfHost - ok
00:17:04.0697 8252 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
00:17:04.0795 8252 pla - ok
00:17:04.0871 8252 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
00:17:04.0936 8252 PlugPlay - ok
00:17:04.0963 8252 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
00:17:04.0994 8252 PNRPAutoReg - ok
00:17:05.0045 8252 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
00:17:05.0074 8252 PNRPsvc - ok
00:17:05.0142 8252 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
00:17:05.0211 8252 PolicyAgent - ok
00:17:05.0229 8252 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
00:17:05.0262 8252 Power - ok
00:17:05.0334 8252 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
00:17:05.0422 8252 PptpMiniport - ok
00:17:05.0442 8252 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
00:17:05.0462 8252 Processor - ok
00:17:05.0508 8252 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
00:17:05.0563 8252 ProfSvc - ok
00:17:05.0587 8252 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:17:05.0601 8252 ProtectedStorage - ok
00:17:05.0738 8252 providers_system (d319a833ec173ad83c67885b3ed6c71c) C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
00:17:05.0755 8252 providers_system - ok
00:17:05.0808 8252 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
00:17:05.0858 8252 Psched - ok
00:17:06.0006 8252 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
00:17:06.0098 8252 ql2300 - ok
00:17:06.0225 8252 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
00:17:06.0271 8252 ql40xx - ok
00:17:06.0315 8252 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
00:17:06.0354 8252 QWAVE - ok
00:17:06.0373 8252 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
00:17:06.0408 8252 QWAVEdrv - ok
00:17:06.0428 8252 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
00:17:06.0469 8252 RasAcd - ok
00:17:06.0516 8252 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
00:17:06.0579 8252 RasAgileVpn - ok
00:17:06.0589 8252 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
00:17:06.0639 8252 RasAuto - ok
00:17:06.0668 8252 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
00:17:06.0763 8252 Rasl2tp - ok
00:17:06.0796 8252 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
00:17:06.0840 8252 RasMan - ok
00:17:06.0849 8252 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
00:17:06.0881 8252 RasPppoe - ok
00:17:06.0904 8252 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
00:17:06.0941 8252 RasSstp - ok
00:17:06.0969 8252 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
00:17:06.0999 8252 rdbss - ok
00:17:07.0019 8252 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
00:17:07.0031 8252 rdpbus - ok
00:17:07.0035 8252 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
00:17:07.0073 8252 RDPCDD - ok
00:17:07.0086 8252 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
00:17:07.0127 8252 RDPENCDD - ok
00:17:07.0131 8252 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
00:17:07.0158 8252 RDPREFMP - ok
00:17:07.0206 8252 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
00:17:07.0277 8252 RDPWD - ok
00:17:07.0323 8252 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
00:17:07.0344 8252 rdyboost - ok
00:17:07.0371 8252 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
00:17:07.0417 8252 RemoteAccess - ok
00:17:07.0451 8252 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
00:17:07.0489 8252 RemoteRegistry - ok
00:17:07.0550 8252 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
00:17:07.0596 8252 RFCOMM - ok
00:17:07.0618 8252 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
00:17:07.0676 8252 RpcEptMapper - ok
00:17:07.0704 8252 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
00:17:07.0714 8252 RpcLocator - ok
00:17:07.0760 8252 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
00:17:07.0807 8252 RpcSs - ok
00:17:07.0839 8252 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
00:17:07.0869 8252 rspndr - ok
00:17:07.0939 8252 RSUSBSTOR (9beb5f18a418ff70659ce2e356829568) C:\Windows\system32\Drivers\RtsUStor.sys
00:17:08.0033 8252 RSUSBSTOR - ok
00:17:08.0065 8252 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:17:08.0095 8252 SamSs - ok
00:17:08.0125 8252 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
00:17:08.0140 8252 sbp2port - ok
00:17:08.0179 8252 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
00:17:08.0225 8252 SCardSvr - ok
00:17:08.0238 8252 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
00:17:08.0278 8252 scfilter - ok
00:17:08.0399 8252 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
00:17:08.0464 8252 Schedule - ok
00:17:08.0502 8252 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
00:17:08.0531 8252 SCPolicySvc - ok
00:17:08.0547 8252 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
00:17:08.0579 8252 SDRSVC - ok
00:17:08.0644 8252 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
00:17:08.0710 8252 secdrv - ok
00:17:08.0726 8252 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
00:17:08.0753 8252 seclogon - ok
00:17:08.0777 8252 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
00:17:08.0819 8252 SENS - ok
00:17:08.0848 8252 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
00:17:08.0884 8252 SensrSvc - ok
00:17:08.0923 8252 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
00:17:08.0954 8252 Serenum - ok
00:17:08.0983 8252 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
00:17:08.0994 8252 Serial - ok
00:17:09.0007 8252 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
00:17:09.0031 8252 sermouse - ok
00:17:09.0181 8252 ServiceProviderRegistry (2af4866050e7c07132473aa5e57630eb) C:\Program Files\Windows Server\Bin\ProviderRegistryService.exe
00:17:09.0202 8252 ServiceProviderRegistry - ok
00:17:09.0236 8252 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
00:17:09.0323 8252 SessionEnv - ok
00:17:09.0337 8252 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
00:17:09.0365 8252 sffdisk - ok
00:17:09.0384 8252 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
00:17:09.0413 8252 sffp_mmc - ok
00:17:09.0417 8252 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
00:17:09.0429 8252 sffp_sd - ok
00:17:09.0448 8252 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
00:17:09.0465 8252 sfloppy - ok
00:17:09.0518 8252 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
00:17:09.0586 8252 SharedAccess - ok
00:17:09.0637 8252 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
00:17:09.0707 8252 ShellHWDetection - ok
00:17:09.0741 8252 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
00:17:09.0769 8252 SiSRaid2 - ok
00:17:09.0779 8252 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
00:17:09.0793 8252 SiSRaid4 - ok
00:17:09.0814 8252 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
00:17:09.0851 8252 Smb - ok
00:17:09.0875 8252 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
00:17:09.0906 8252 SNMPTRAP - ok
00:17:09.0922 8252 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
00:17:09.0931 8252 spldr - ok
00:17:09.0996 8252 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
00:17:10.0048 8252 Spooler - ok
00:17:10.0287 8252 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
00:17:10.0438 8252 sppsvc - ok
00:17:10.0553 8252 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
00:17:10.0610 8252 sppuinotify - ok
00:17:10.0748 8252 SqmProviderSvc (d319a833ec173ad83c67885b3ed6c71c) C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
00:17:10.0766 8252 SqmProviderSvc - ok
00:17:10.0830 8252 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
00:17:10.0891 8252 srv - ok
00:17:10.0927 8252 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
00:17:10.0958 8252 srv2 - ok
00:17:10.0977 8252 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
00:17:11.0026 8252 srvnet - ok
00:17:11.0084 8252 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
00:17:11.0180 8252 SSDPSRV - ok
00:17:11.0188 8252 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
00:17:11.0220 8252 SstpSvc - ok
00:17:11.0232 8252 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
00:17:11.0240 8252 stexstor - ok
00:17:11.0320 8252 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
00:17:11.0367 8252 stisvc - ok
00:17:11.0383 8252 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
00:17:11.0392 8252 swenum - ok
00:17:11.0457 8252 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
00:17:11.0524 8252 swprv - ok
00:17:11.0669 8252 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
00:17:11.0765 8252 SysMain - ok
00:17:11.0863 8252 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
00:17:11.0901 8252 TabletInputService - ok
00:17:11.0945 8252 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
00:17:12.0023 8252 TapiSrv - ok
00:17:12.0044 8252 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
00:17:12.0073 8252 TBS - ok
00:17:12.0245 8252 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
00:17:12.0345 8252 Tcpip - ok
00:17:12.0571 8252 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
00:17:12.0620 8252 TCPIP6 - ok
00:17:12.0705 8252 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
00:17:12.0752 8252 tcpipreg - ok
00:17:12.0771 8252 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
00:17:12.0796 8252 TDPIPE - ok
00:17:12.0823 8252 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
00:17:12.0851 8252 TDTCP - ok
00:17:12.0863 8252 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
00:17:12.0890 8252 tdx - ok
00:17:12.0896 8252 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
00:17:12.0906 8252 TermDD - ok
00:17:12.0996 8252 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
00:17:13.0123 8252 TermService - ok
00:17:13.0144 8252 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
00:17:13.0158 8252 Themes - ok
00:17:13.0191 8252 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
00:17:13.0236 8252 THREADORDER - ok
00:17:13.0259 8252 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
00:17:13.0345 8252 TrkWks - ok
00:17:13.0410 8252 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
00:17:13.0469 8252 TrustedInstaller - ok
00:17:13.0493 8252 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
00:17:13.0534 8252 tssecsrv - ok
00:17:13.0577 8252 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
00:17:13.0614 8252 TsUsbFlt - ok
00:17:13.0641 8252 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
00:17:13.0655 8252 TsUsbGD - ok
00:17:13.0706 8252 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
00:17:13.0786 8252 tunnel - ok
00:17:13.0814 8252 TurboB (fd24f98d2898be093fe926604be7db99) C:\Windows\system32\DRIVERS\TurboB.sys
00:17:13.0825 8252 TurboB - ok
00:17:13.0938 8252 TurboBoost (600b406a04d90f577fea8a88d7379f08) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
00:17:13.0961 8252 TurboBoost - ok
00:17:13.0971 8252 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
00:17:13.0983 8252 uagp35 - ok
00:17:14.0000 8252 UBHelper (a17d5e1a6df4eab0a480f2c490de4c9d) C:\Windows\system32\drivers\UBHelper.sys
00:17:14.0007 8252 UBHelper - ok
00:17:14.0067 8252 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
00:17:14.0147 8252 udfs - ok
00:17:14.0177 8252 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
00:17:14.0191 8252 UI0Detect - ok
00:17:14.0198 8252 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
00:17:14.0209 8252 uliagpkx - ok
00:17:14.0214 8252 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
00:17:14.0237 8252 umbus - ok
00:17:14.0274 8252 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
00:17:14.0308 8252 UmPass - ok
00:17:14.0528 8252 UNS (374ebda379a8f38e0cfc2211611e7167) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
00:17:14.0634 8252 UNS - ok
00:17:14.0773 8252 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
00:17:14.0849 8252 upnphost - ok
00:17:14.0906 8252 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
00:17:14.0947 8252 usbccgp - ok
00:17:14.0991 8252 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
00:17:15.0012 8252 usbcir - ok
00:17:15.0019 8252 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
00:17:15.0054 8252 usbehci - ok
00:17:15.0099 8252 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\drivers\usbhub.sys
00:17:15.0113 8252 usbhub - ok
00:17:15.0135 8252 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
00:17:15.0157 8252 usbohci - ok
00:17:15.0177 8252 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
00:17:15.0194 8252 usbprint - ok
00:17:15.0205 8252 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:17:15.0242 8252 USBSTOR - ok
00:17:15.0269 8252 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
00:17:15.0292 8252 usbuhci - ok
00:17:15.0330 8252 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
00:17:15.0346 8252 usbvideo - ok
00:17:15.0371 8252 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
00:17:15.0411 8252 UxSms - ok
00:17:15.0442 8252 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
00:17:15.0465 8252 VaultSvc - ok
00:17:15.0479 8252 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
00:17:15.0488 8252 vdrvroot - ok
00:17:15.0547 8252 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
00:17:15.0633 8252 vds - ok
00:17:15.0664 8252 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
00:17:15.0676 8252 vga - ok
00:17:15.0681 8252 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
00:17:15.0708 8252 VgaSave - ok
00:17:15.0726 8252 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
00:17:15.0738 8252 vhdmp - ok
00:17:15.0775 8252 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
00:17:15.0795 8252 viaide - ok
00:17:15.0804 8252 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
00:17:15.0813 8252 volmgr - ok
00:17:15.0868 8252 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
00:17:15.0911 8252 volmgrx - ok
00:17:15.0940 8252 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
00:17:15.0958 8252 volsnap - ok
00:17:16.0000 8252 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
00:17:16.0028 8252 vsmraid - ok
00:17:16.0182 8252 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
00:17:16.0285 8252 VSS - ok
00:17:16.0396 8252 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
00:17:16.0444 8252 vwifibus - ok
00:17:16.0451 8252 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
00:17:16.0477 8252 vwififlt - ok
00:17:16.0547 8252 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
00:17:16.0592 8252 W32Time - ok
00:17:16.0623 8252 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
00:17:16.0652 8252 WacomPen - ok
00:17:16.0679 8252 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
00:17:16.0728 8252 WANARP - ok
00:17:16.0730 8252 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
00:17:16.0756 8252 Wanarpv6 - ok
00:17:16.0924 8252 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
00:17:16.0973 8252 WatAdminSvc - ok
00:17:17.0128 8252 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
00:17:17.0261 8252 wbengine - ok
00:17:17.0371 8252 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
00:17:17.0425 8252 WbioSrvc - ok
00:17:17.0469 8252 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
00:17:17.0531 8252 wcncsvc - ok
00:17:17.0538 8252 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
00:17:17.0578 8252 WcsPlugInService - ok
00:17:17.0616 8252 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
00:17:17.0627 8252 Wd - ok
00:17:17.0703 8252 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
00:17:17.0758 8252 Wdf01000 - ok
00:17:17.0774 8252 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
00:17:17.0879 8252 WdiServiceHost - ok
00:17:17.0884 8252 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
00:17:17.0907 8252 WdiSystemHost - ok
00:17:17.0949 8252 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
00:17:17.0987 8252 WebClient - ok
00:17:18.0009 8252 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
00:17:18.0043 8252 Wecsvc - ok
00:17:18.0065 8252 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
00:17:18.0093 8252 wercplsupport - ok
00:17:18.0114 8252 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
00:17:18.0157 8252 WerSvc - ok
00:17:18.0227 8252 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
00:17:18.0268 8252 WfpLwf - ok
00:17:18.0427 8252 WhsMcClient (12172b572ab4589d44d20052dae82ed7) C:\Program Files\Windows Server\Bin\WhsMcClient.exe
00:17:18.0473 8252 WhsMcClient - ok
00:17:18.0494 8252 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
00:17:18.0511 8252 WIMMount - ok
00:17:18.0561 8252 WinDefend - ok
00:17:18.0578 8252 WinHttpAutoProxySvc - ok
00:17:18.0666 8252 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
00:17:18.0739 8252 Winmgmt - ok
00:17:18.0978 8252 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
00:17:19.0099 8252 WinRM - ok
00:17:19.0293 8252 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
00:17:19.0367 8252 Wlansvc - ok
00:17:19.0438 8252 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
00:17:19.0488 8252 wlcrasvc - ok
00:17:19.0673 8252 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
00:17:19.0763 8252 wlidsvc - ok
00:17:19.0894 8252 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
00:17:19.0927 8252 WmiAcpi - ok
00:17:19.0994 8252 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
00:17:20.0050 8252 wmiApSrv - ok
00:17:20.0100 8252 WMPNetworkSvc - ok
00:17:20.0151 8252 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
00:17:20.0189 8252 WPCSvc - ok
00:17:20.0216 8252 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
00:17:20.0270 8252 WPDBusEnum - ok
00:17:20.0293 8252 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
00:17:20.0330 8252 ws2ifsl - ok
00:17:20.0472 8252 WSConnectorUpdate (aaa0f5cde4d5c357a65e14df793fda81) C:\Program Files\Windows Server\Bin\WSConnectorUpdate.exe
00:17:20.0511 8252 WSConnectorUpdate - ok
00:17:20.0535 8252 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
00:17:20.0561 8252 wscsvc - ok
00:17:20.0563 8252 WSearch - ok
00:17:20.0592 8252 WSS_ComputerBackupProviderSvc (d319a833ec173ad83c67885b3ed6c71c) C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
00:17:20.0603 8252 WSS_ComputerBackupProviderSvc - ok
00:17:20.0790 8252 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
00:17:20.0903 8252 wuauserv - ok
00:17:21.0050 8252 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
00:17:21.0113 8252 WudfPf - ok
00:17:21.0156 8252 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
00:17:21.0209 8252 WUDFRd - ok
00:17:21.0251 8252 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
00:17:21.0283 8252 wudfsvc - ok
00:17:21.0314 8252 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
00:17:21.0353 8252 WwanSvc - ok
00:17:21.0383 8252 MBR (0x1B8) (539b66f28905acf132f9da29db8d6931) \Device\Harddisk0\DR0
00:17:21.0830 8252 \Device\Harddisk0\DR0 - ok
00:17:21.0837 8252 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
00:17:23.0711 8252 \Device\Harddisk1\DR1 - ok
00:17:23.0716 8252 Boot (0x1200) (ea4db0ec0fe7059d147ab0e081e8e50e) \Device\Harddisk0\DR0\Partition0
00:17:23.0719 8252 \Device\Harddisk0\DR0\Partition0 - ok
00:17:23.0729 8252 Boot (0x1200) (be8921fff7868f83c44b268bb51c20c9) \Device\Harddisk0\DR0\Partition1
00:17:23.0732 8252 \Device\Harddisk0\DR0\Partition1 - ok
00:17:23.0738 8252 Boot (0x1200) (d8ba34611cb2343e480f2fbe657fa275) \Device\Harddisk1\DR1\Partition0
00:17:23.0742 8252 \Device\Harddisk1\DR1\Partition0 - ok
00:17:23.0743 8252 ============================================================
00:17:23.0743 8252 Scan finished
00:17:23.0743 8252 ============================================================
00:17:23.0756 7848 Detected object count: 1
00:17:23.0756 7848 Actual detected object count: 1
00:17:48.0277 7848 NetBalancer Windows Service ( UnsignedFile.Multi.Generic ) - skipped by user
00:17:48.0277 7848 NetBalancer Windows Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:18:01.0732 8936 Deinitialize success
-
Thank you! I'm pretty sure this took care of my annoying problem, I'm keeping an eye on my metered download and it has not been disappearing for the last 15 min.
Report 1 (initial run):
RogueKiller V7.5.4 [06/07/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: jerry [Admin rights]
Mode: Scan -- Date: 06/19/2012 18:23:32
¤¤¤ Bad processes: 0 ¤¤¤
¤¤¤ Registry Entries: 2 ¤¤¤
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [NOT LOADED] ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD6400BPVT-22HXZT3 +++++
--- User ---
[MBR] 3ff3acf13e75a738cf0dc981d405b8b0
[bSP] e982c5cf6bcf1b1732993fc3821432b1 : Standard MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 16384 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 33556480 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 33761280 | Size: 593994 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1].txt >>
RKreport[1].txt
2nd run for good measure:
RogueKiller V7.5.4 [06/07/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: jerry [Admin rights]
Mode: Remove -- Date: 06/19/2012 18:24:38
¤¤¤ Bad processes: 0 ¤¤¤
¤¤¤ Registry Entries: 2 ¤¤¤
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [NOT LOADED] ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD6400BPVT-22HXZT3 +++++
--- User ---
[MBR] 3ff3acf13e75a738cf0dc981d405b8b0
[bSP] e982c5cf6bcf1b1732993fc3821432b1 : Standard MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 16384 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 33556480 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 33761280 | Size: 593994 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
-
Hi, I've been losing precious MBs of my metered download quota to the tune of 400+ MB a day. I've narrowed it down to a scvhost process that starts and stops but can't find the why. The computer is a quad core laptop runing windows 7 64bit home premium. Neither AVG nor Malwarebytes detects anything is wrong. Please help.
DDS.TXT
+++++++++++++++++++++++++++++++++++++++++++++
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by jerry at 20:22:21 on 2012-06-16
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3948.1189 [GMT -4:00]
.
AV: AVG Internet Security 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: AVG Firewall *Enabled* {621CC794-9486-F902-D092-0484E8EA828B}
.
============== Running Processes ===============
.
C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\USB Safely Remove\USBSRService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\FarStone\RestoreIT 7\IBP\fsloader.exe
C:\Program Files\FarStone\RestoreIT 7\IBP\VBPTask.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Program Files (x86)\Launch Manager\LMutilps32.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Service.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Program Files\NetLimiter 3\nlsvc.exe
C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\tcpsvcs.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe
C:\Program Files\Windows Server\Bin\WhsMcClient.exe
C:\Program Files\Windows Server\Bin\WSConnectorUpdate.exe
C:\Program Files\Windows Server\Bin\LANConfigSvc.exe
C:\Program Files\Windows Server\Bin\ProviderRegistryService.exe
C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files\Windows Server\Bin\Launchpad.exe
C:\Program Files (x86)\DSUtilities\hnFAP-Alert\hnFAPAlert.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files\NetLimiter 3\NLClientApp.exe
C:\Program Files (x86)\Firetrust\MailWasher\MailWasherPro.exe
C:\Program Files\Windows Server\Bin\SharedServiceHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Dolby PCEE4\pcee4.exe
C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files (x86)\Firetrust\MailWasher\MailWasherProApp.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Windows Server\Bin\Microsoft.HomeServer.Archive.TransferService.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\EgisTec IPS\PMMUpdate.exe
C:\Program Files\EgisTec IPS\EgisUpdate.exe
C:\Program Files\NetBalancer\SeriousBit.NetBalancer.UI.exe
C:\Users\jerry\Downloads\Programs\procexp.exe
C:\Users\jerry\Downloads\Programs\procexp64.exe
C:\Program Files (x86)\AVG\AVG PC Tuneup\boostspeed.exe
C:\Users\jerry\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jerry\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jerry\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jerry\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jerry\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jerry\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jerry\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\jerry\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
\\.\globalroot\systemroot\Installer\{32be1b79-4a5c-39a4-4f00-70a2c67a80d1}\U
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://acer.msn.com
uDefault_Page_URL = hxxp://acer.msn.com
mDefault_Page_URL = hxxp://acer.msn.com
mStart Page = hxxp://acer.msn.com
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: CIESpeechBHO Class: {8d10f6c4-0e01-4bd4-8601-11ac1fdf8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [hnFAPAlert] "C:\Program Files (x86)\DSUtilities\hnFAP-Alert\hnFAPAlert.exe"
uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Google Update] "C:\Users\jerry\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
uRun: [Adobe Acrobat Synchronizer] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe"
uRun: [NetLimiter] C:\Program Files\NetLimiter 3\NLClientApp.exe /tray
uRun: [NetBalancer] C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Tray.exe
mRun: [suiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun: [backupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [Dolby Advanced Audio v2] "C:\Dolby PCEE4\pcee4.exe" -autostart
mRun: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [brMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
dRunOnce: [isMyWinLockerReboot] msiexec.exe /qn /x{voidguid}
StartupFolder: C:\Users\jerry\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAILWA~2.LNK - C:\Program Files (x86)\Firetrust\MailWasher\MailWasherPro.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 66.82.4.8 66.82.4.12
TCP: Interfaces\{9C56C13D-F6C3-41B8-B2BF-37359E40AE20} : DhcpNameServer = 66.82.4.8 66.82.4.12
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.1.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO-X64: IESpeakDoc - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.7\AVG Secure Search_toolbar.dll
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
mRun-x64: [suiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun-x64: [backupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun-x64: [Dolby Advanced Audio v2] "C:\Dolby PCEE4\pcee4.exe" -autostart
mRun-x64: [ArcadeMovieService] "C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe"
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [(Default)]
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe"
mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
mRun-x64: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [brMfcWnd] C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
mRun-x64: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\jerry\AppData\Roaming\Mozilla\Firefox\Profiles\h4tw4v0c.default\
FF - prefs.js: browser.search.selectedEngine - IMDB
FF - prefs.js: browser.startup.homepage - 192.168.0.1/fap_meter/
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B185205bb-0033-414b-88fb-50d6f4cec9d6%7D&mid=b512b7160e5847d19f136939b218ffc7-1c07acd960f6a939eff9c9e4bab6dabd435d842c&ds=AVG&v=10.2.0.3〈=en&pr=pr&d=2011-12-20%2020%3A39%3A29&sap=ku&q=
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.1.0\npsitesafety.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files (x86)\WMZHE\Pure Codec\Real Player\browser\plugins\nppl3260.dll
FF - plugin: C:\Program Files (x86)\WMZHE\Pure Codec\Real Player\browser\plugins\nprpjplug.dll
FF - plugin: C:\Users\jerry\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R0 VVBackd5;VVBackd5;C:\Windows\system32\drivers\VVBackd5.sys --> C:\Windows\system32\drivers\VVBackd5.sys [?]
R1 Avgfwfd;AVG network filter service;C:\Windows\system32\DRIVERS\avgfwd6a.sys --> C:\Windows\system32\DRIVERS\avgfwd6a.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\system32\DRIVERS\mwlPSDFilter.sys --> C:\Windows\system32\DRIVERS\mwlPSDFilter.sys [?]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\system32\DRIVERS\mwlPSDNServ.sys --> C:\Windows\system32\DRIVERS\mwlPSDNServ.sys [?]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys --> C:\Windows\system32\DRIVERS\mwlPSDVDisk.sys [?]
R1 nltdi;nltdi;C:\Program Files\NetLimiter 3\nltdi.sys [2010-8-30 88200]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 arXfrSvc;Windows Server Media Center TV Archive Transfer Service;C:\Program Files\Windows Server\Bin\Microsoft.HomeServer.Archive.TransferService.exe [2011-3-2 79744]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-8-2 103584]
R2 avgfws;AVG Firewall;C:\Program Files (x86)\AVG\AVG2012\avgfws.exe [2011-11-23 2391832]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
R2 DriveClone Network Client IBP;DriveClone Network Client IBP;C:\Program Files\FarStone\RestoreIT 7\IBP\FsLoader.exe [2012-6-13 126976]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-8-26 353360]
R2 ePowerSvc;ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2011-9-30 872552]
R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2011-5-29 36456]
R2 HCDisk;HCDisk;C:\Windows\system32\drivers\HCDisk.sys --> C:\Windows\system32\drivers\HCDisk.sys [?]
R2 HealthAlertsSvc;Windows Server Health Service;C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [2011-3-2 30592]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-8-26 13336]
R2 LANConfig;Windows Server LAN Configuration;C:\Program Files\Windows Server\Bin\LANConfigSvc.exe [2011-3-2 27520]
R2 Live Updater Service;Live Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2011-8-26 244624]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-6-14 654408]
R2 NetBalancer Windows Service;NetBalancer Windows Service;C:\Program Files\NetBalancer\SeriousBit.NetBalancer.Service.exe [2012-6-16 10240]
R2 NotificationsProviderSvc;Windows Server Notifications Provider Service;C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [2011-3-2 30592]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2011-4-23 256832]
R2 providers_system;Windows Server Download Service;C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [2011-3-2 30592]
R2 ServiceProviderRegistry;Windows Server Service Provider Registry;C:\Program Files\Windows Server\Bin\ProviderRegistryService.exe [2012-1-12 40832]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-8-26 2656280]
R2 USBSafelyRemoveService;USB Safely Remove Assistant;C:\Program Files (x86)\USB Safely Remove\USBSRService.exe [2011-11-26 539032]
R2 vToolbarUpdater11.1.0;vToolbarUpdater11.1.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.1.0\ToolbarUpdater.exe [2012-6-11 935480]
R2 WhsMcClient;Windows Server Media Center Client Service;C:\Program Files\Windows Server\Bin\WhsMcClient.exe [2011-3-2 111488]
R2 WSConnectorUpdate;Windows Server Connector Update;C:\Program Files\Windows Server\Bin\WSConnectorUpdate.exe [2011-3-2 228736]
R2 WSS_ComputerBackupProviderSvc;Windows Server Client Computer Backup Provider Service;C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [2011-3-2 30592]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
R3 BackupReader;BackupReader;C:\Windows\system32\DRIVERS\BackupReader.sys --> C:\Windows\system32\DRIVERS\BackupReader.sys [?]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\system32\DRIVERS\btath_bus.sys --> C:\Windows\system32\DRIVERS\btath_bus.sys [?]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]
R3 FARMNTIO;FARMNTIO;\??\c:\windows\system32\drivers\farmntio.sys --> c:\windows\system32\drivers\farmntio.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\drivers\HECIx64.sys --> C:\Windows\system32\drivers\HECIx64.sys [?]
R3 Nbdrv;NetBalancer;C:\Windows\system32\DRIVERS\nbdrv.sys --> C:\Windows\system32\DRIVERS\nbdrv.sys [?]
R3 NLNdisMP;NLNdisMP;C:\Windows\system32\DRIVERS\nlndis.sys --> C:\Windows\system32\DRIVERS\nlndis.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-29 136176]
S2 initMonitor;Windows Server Initialization Service;C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [2011-3-2 30592]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe --> c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-11 253088]
S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\system32\DRIVERS\btath_flt.sys --> C:\Windows\system32\DRIVERS\btath_flt.sys [?]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\system32\drivers\btath_a2dp.sys --> C:\Windows\system32\drivers\btath_a2dp.sys [?]
S3 btath_avdt;Atheros Bluetooth AVDT Service;C:\Windows\system32\drivers\btath_avdt.sys --> C:\Windows\system32\drivers\btath_avdt.sys [?]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\system32\DRIVERS\btath_hcrp.sys --> C:\Windows\system32\DRIVERS\btath_hcrp.sys [?]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\system32\DRIVERS\btath_lwflt.sys --> C:\Windows\system32\DRIVERS\btath_lwflt.sys [?]
S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\system32\DRIVERS\btath_rcp.sys --> C:\Windows\system32\DRIVERS\btath_rcp.sys [?]
S3 BtFilter;BtFilter;C:\Windows\system32\DRIVERS\btfilter.sys --> C:\Windows\system32\DRIVERS\btfilter.sys [?]
S3 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2011-6-21 173424]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-29 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-23 129976]
S3 NLNdisPT;NetLimiter Ndis Protocol Service;C:\Windows\system32\DRIVERS\nlndis.sys --> C:\Windows\system32\DRIVERS\nlndis.sys [?]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
S4 SqmProviderSvc;Windows Server SQM Service;C:\Program Files\Windows Server\Bin\SharedServiceHost.exe [2011-3-2 30592]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-06-16 23:33:20 -------- d-----w- C:\Users\jerry\AppData\Roaming\AVG
2012-06-16 22:09:41 -------- d-----w- C:\ProgramData\SeriousBit
2012-06-16 21:57:10 41256 ----a-w- C:\Windows\System32\drivers\nbdrv.sys
2012-06-16 21:57:09 -------- d-----w- C:\Program Files\NetBalancer
2012-06-15 11:25:23 -------- d-----w- C:\SRN Micro
2012-06-14 21:15:13 -------- d-----w- C:\ProgramData\SecTaskMan
2012-06-14 21:15:06 -------- d-----w- C:\Program Files (x86)\Security Task Manager
2012-06-14 12:13:31 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2012-06-14 12:09:38 -------- d-----w- C:\Users\jerry\AppData\Local\Adobe
2012-06-14 12:07:41 -------- d-----w- C:\Users\jerry\AppData\Local\Acer
2012-06-14 08:52:20 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-06-14 08:52:20 366592 ----a-w- C:\Windows\System32\qdvd.dll
2012-06-13 23:37:47 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-06-13 23:37:47 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-06-13 23:37:47 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-06-13 23:37:47 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-06-13 23:37:47 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-06-13 23:37:47 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-06-13 23:33:43 -------- d-----w- C:\Users\jerry\AppData\Roaming\Malwarebytes
2012-06-13 23:33:37 -------- d-----w- C:\ProgramData\Malwarebytes
2012-06-13 23:33:34 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-13 23:33:34 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-06-13 23:19:52 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-06-13 23:19:52 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-06-13 23:19:52 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-06-13 23:19:40 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-06-13 23:19:37 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-06-13 23:19:36 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-06-13 23:19:36 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-06-13 23:19:31 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-06-13 23:19:29 3216384 ----a-w- C:\Windows\System32\msi.dll
2012-06-13 23:19:29 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2012-06-13 23:19:29 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-06-13 23:04:14 -------- d-----w- C:\Program Files (x86)\WinPcap
2012-06-13 23:02:47 -------- d-----w- C:\Program Files (x86)\Nsasoft
2012-06-13 22:54:22 -------- d-----w- C:\Users\jerry\AppData\Local\Locktime
2012-06-13 22:50:37 -------- d-----w- C:\ProgramData\Locktime
2012-06-13 22:50:37 -------- d-----w- C:\Program Files\NetLimiter 3
2012-06-13 22:28:48 66136 ------w- C:\Windows\System32\drivers\HCDisk.sys
2012-06-13 22:28:48 162392 ----a-w- C:\Windows\System32\drivers\VvBackd5.sys
2012-06-13 22:28:12 -------- d-----w- C:\Program Files\FarStone
2012-06-12 01:40:06 -------- d-----w- C:\Users\jerry\AppData\Local\AVG Secure Search
2012-06-12 01:31:36 4096 --sh--r- C:\RESCUMBR.BIN
2012-06-12 00:57:55 24664 ------w- C:\Windows\System32\drivers\FarMntIo.sys
2012-06-12 00:57:43 -------- d-----w- C:\ProgramData\Farstone
2012-06-12 00:45:02 -------- d-sh--w- C:\Windows\System32\%APPDATA%
2012-05-28 19:29:04 -------- d-----w- C:\Program Files (x86)\PC Drivers HeadQuarters
2012-05-28 00:57:58 -------- d-----w- C:\Program Files (x86)\JTWAIN
2012-05-28 00:09:48 -------- d-----w- C:\Windows\Documalis Free Scanner 1.0
2012-05-27 23:04:24 919616 ----a-w- C:\Windows\SysWow64\gdocrplug.tesseract.dll
2012-05-27 23:04:24 132672 ----a-w- C:\Windows\SysWow64\gdbarcode.1dreader.dll
2012-05-27 23:04:24 117312 ----a-w- C:\Windows\SysWow64\gdbarcode.dmreader.dll
2012-05-27 23:04:23 8112704 ----a-w- C:\Windows\SysWow64\gdpdfplug.dll
2012-05-27 23:04:23 2834496 ----a-w- C:\Windows\SysWow64\gdimgplug.dll
2012-05-27 23:04:23 152848 ----a-w- C:\Windows\SysWow64\comdlg32.ocx
2012-05-27 23:04:23 144960 ----a-w- C:\Windows\SysWow64\gdtwain.dll
2012-05-27 23:04:23 1123392 ----a-w- C:\Windows\SysWow64\gdtwain2s.ocx
2012-05-27 23:04:23 1123392 ----a-w- C:\Windows\SysWow64\gdtwain2.ocx
2012-05-27 23:04:23 -------- d-----w- C:\Program Files (x86)\GdTwain ActiveX
2012-05-27 22:12:08 -------- d-----w- C:\Program Files (x86)\Scanner ActiveX Control
2012-05-27 21:53:45 -------- d-----w- C:\Program Files (x86)\EZTwain
2012-05-27 20:03:58 -------- d-----w- C:\Users\jerry\AppData\Local\ElevatedDiagnostics
2012-05-27 19:20:25 -------- d-----w- C:\Users\jerry\AppData\Local\HP
2012-05-27 19:09:59 224768 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpzpp64w.dll
2012-05-27 18:51:31 -------- d-----w- C:\Program Files (x86)\Common Files\HP
2012-05-27 18:51:30 -------- d-----w- C:\Program Files (x86)\Common Files\Hewlett-Packard
2012-05-27 18:50:59 671816 ----a-w- C:\Windows\SysWow64\hpcdmc32.dll
2012-05-27 18:50:59 233472 ----a-w- C:\Windows\SysWow64\hpzc364w.dll
2012-05-27 18:50:59 131072 ----a-w- C:\Windows\System32\hpz3l64w.dll
2012-05-27 18:50:50 -------- d-----w- C:\Program Files (x86)\HP
2012-05-27 18:49:48 944128 ----a-w- C:\Windows\System32\hpwwiax3.dll
2012-05-27 18:49:48 359256 ----a-w- C:\Windows\System32\hpzids40.dll
2012-05-27 18:49:48 1420288 ----a-w- C:\Windows\System32\hpwtiop3.dll
2012-05-27 18:49:47 540672 ----a-w- C:\Windows\System32\hppldcoi.dll
2012-05-27 18:49:47 488960 ----a-w- C:\Windows\System32\hpovst11.dll
2012-05-27 18:45:32 -------- d-----r- C:\Users\jerry\AppData\Roaming\Brother
2012-05-27 18:38:19 -------- d-----w- C:\Windows\System32\user
2012-05-24 00:48:09 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2012-05-24 00:48:07 157352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-24 00:48:07 129976 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
.
==================== Find3M ====================
.
2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-04-20 23:47:59 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-20 23:47:59 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
============= FINISH: 20:22:40.57 ===============
ATTACH.TXT
+++++++++++++++++++++++++++++++++++++++++++++
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 11/26/2011 10:44:54 AM
System Uptime: 6/16/2012 6:08:27 PM (2 hours ago)
.
Motherboard: Acer | | JE70_HR
Processor: Intel® Core i5-2430M CPU @ 2.40GHz | CPU1 | 2401/1333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 580 GiB total, 184.78 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}
Description: Officejet J6400 series
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Officejet J6400 series
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
.
6400_Help
Acer Backup Manager
Acer Crystal Eye Webcam
Acer ePower Management
Acer eRecovery Management
Acer Registration
Acer ScreenSaver
Acer Updater
Adobe Acrobat X Pro - English, Russian
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader X (10.1.3) MUI
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
AUPEO!
AVG PC Tuneup
Backup Manager V3
Belarc Advisor 8.2
bpd_scan
BPDSoftware
BPDSoftware_Ini
Brother MFL-Pro Suite MFC-9440CN
clear.fi
clear.fi Client
D3DX10
DBPix 2.0 Control 2.0.3
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
DeLorme Phone Data 2012
DeLorme Street Atlas USA 2012 Plus
Dolby Advanced Audio v2
Ezy Access Ribbon Builder v1.0 BETA
Galerie de photos Windows Live
Google Chrome
Google Earth
Google Update Helper
hnFAP-Alert
Identity Card
Intel® Control Center
Intel® Management Engine Components
Intel® Processor Graphics
Intel® Rapid Storage Technology
iSEEK AnswerWorks English Runtime
J6400_Basic
Java Auto Updater
Java 6 Update 31
Junk Mail filter update
Launch Manager
MailWasherPro
Malwarebytes Anti-Malware version 1.61.0.1400
Mesh Runtime
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyWinLocker 4
MyWinLocker Suite
NBMonitor Network Bandwidth Monitor 1.2.2
NOOK for PC
NTI Media Maker 9
Pure Codec
Quicken 2012
Radmin Viewer 3.4
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
RestoreIT 7
Scan
Security Task Manager 1.8d
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
Shredder
Skype™ 5.3
Solo Antivirus 11.0
SolSuite 2011 v11.6
Times Reader
Toolbox
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
USB Safely Remove 4.5
Visual Studio 2008 x64 Redistributables
VuePrint
WebReg
Welcome Center
Windows Live
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Your Uninstaller! 2010
.
==== Event Viewer Messages From Past Week ========
.
6/9/2012 12:49:48 PM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.0.15. The computer with the IP address 192.168.0.4 did not allow the name to be claimed by this computer.
6/16/2012 6:12:28 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
6/16/2012 6:12:28 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
6/16/2012 6:09:34 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
6/16/2012 6:09:24 PM, Error: Service Control Manager [7000] - The McAfee SiteAdvisor Service service failed to start due to the following error: The system cannot find the file specified.
6/16/2012 6:09:14 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
6/16/2012 6:09:08 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
6/14/2012 8:22:14 AM, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
6/14/2012 7:43:45 PM, Error: Service Control Manager [7000] - The WinPcap Packet Driver (NPF) service failed to start due to the following error: The system cannot find the file specified.
6/14/2012 3:35:13 AM, Error: Service Control Manager [7001] - The Windows Server Media Center TV Archive Transfer Service service depends on the Windows Media Center Receiver Service service which failed to start because of the following error: After starting, the service hung in a start-pending state.
6/13/2012 7:27:34 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
6/13/2012 6:55:22 PM, Error: Service Control Manager [7000] - The Windows Server Initialization Service service failed to start due to the following error: The executable program that this service is configured to run in does not implement the service.
6/13/2012 6:54:23 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.
6/13/2012 6:54:23 PM, Error: Service Control Manager [7000] - The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/13/2012 6:38:09 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
6/13/2012 6:28:48 PM, Error: Service Control Manager [7030] - The DriveClone Network Client IBP service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
6/13/2012 6:23:14 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Server Initialization Service service to connect.
6/13/2012 6:23:14 PM, Error: Service Control Manager [7000] - The Windows Server Initialization Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/13/2012 5:49:24 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000f4 (0x0000000000000003, 0xfffffa8008076350, 0xfffffa8008076630, 0xfffff80003195510). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 061312-47159-01.
.
==== End Of File ===========================
-
Scan Log
Version of virus signature database: 5190 (20100611)
Date: 6/11/2010 Time: 2:21:53 PM
Scanned disks, folders and files: Operating memory;C:\Boot sector;C:\;D:\Boot sector;D:\;E:\Boot sector;E:\;F:\Boot sector;F:\;G:\Boot sector;G:\;H:\Boot sector;H:\;J:\Boot sector;J:\;K:\Boot sector;K:\;L:\Boot sector;L:\;M:\Boot sector;M:\
Number of scanned objects: 309316
Number of threats found: 0
Time of completion: 3:39:51 PM Total scanning time: 4678 sec (01:17:58)
I think we're good. Thanks again!
-
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4185
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
6/10/2010 6:42:19 PM
mbam-log-2010-06-10 (18-42-19).txt
Scan type: Full scan (C:\|F:\|G:\|H:\|)
Objects scanned: 466222
Time elapsed: 1 hour(s), 54 minute(s), 27 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
-
Thank you so much. I really appreciate your help and patients. ESET and MBAM warnings are both gone.
-
It's looking good now! No pop ups and I can access windows updates (although I did not install any yet). This computer is a dual boot with windows 7 32bit and 64bit. I have not booted into the 64bit since before all this started. If it turns out it is also infected, can i just do the TDSSKiller on that installation as well? Can I do it as a check to make sure?
-
15:23:43:773 5672 TDSS rootkit removing tool 2.3.2.0 May 31 2010 10:39:48
15:23:43:773 5672 ================================================================================
15:23:43:773 5672 SystemInfo:
15:23:43:773 5672 OS Version: 6.1.7600 ServicePack: 0.0
15:23:43:773 5672 Product type: Workstation
15:23:43:773 5672 ComputerName: DAVE-PC
15:23:43:776 5672 UserName: Dave
15:23:43:776 5672 Windows directory: C:\Windows
15:23:43:776 5672 Processor architecture: Intel x86
15:23:43:776 5672 Number of processors: 4
15:23:43:776 5672 Page size: 0x1000
15:23:43:781 5672 Boot type: Normal boot
15:23:43:781 5672 ================================================================================
15:23:44:159 5672 Initialize success
15:23:44:159 5672
15:23:44:160 5672 Scanning Services ...
15:23:44:923 5672 Raw services enum returned 457 services
15:23:44:929 5672
15:23:44:930 5672 Scanning Drivers ...
15:23:46:369 5672 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
15:23:46:676 5672 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
15:23:46:979 5672 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
15:23:47:320 5672 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
15:23:47:476 5672 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
15:23:47:532 5672 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
15:23:47:551 5672 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
15:23:47:573 5672 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
15:23:47:587 5672 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
15:23:47:599 5672 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
15:23:47:616 5672 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
15:23:47:626 5672 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
15:23:47:634 5672 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
15:23:47:655 5672 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
15:23:47:664 5672 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
15:23:47:674 5672 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
15:23:47:683 5672 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
15:23:47:699 5672 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
15:23:47:727 5672 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
15:23:47:762 5672 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
15:23:47:802 5672 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
15:23:47:824 5672 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
15:23:47:907 5672 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
15:23:47:954 5672 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
15:23:47:972 5672 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
15:23:48:014 5672 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
15:23:48:026 5672 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
15:23:48:051 5672 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:23:48:076 5672 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:23:48:104 5672 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
15:23:48:131 5672 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
15:23:48:175 5672 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:23:48:194 5672 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
15:23:48:224 5672 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
15:23:48:300 5672 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
15:23:48:323 5672 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
15:23:48:345 5672 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
15:23:48:385 5672 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
15:23:48:410 5672 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
15:23:48:448 5672 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
15:23:48:481 5672 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
15:23:48:588 5672 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
15:23:48:665 5672 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
15:23:48:685 5672 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
15:23:48:699 5672 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
15:23:48:723 5672 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
15:23:48:751 5672 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
15:23:48:767 5672 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
15:23:48:805 5672 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
15:23:48:846 5672 dsnpfd (8c264a7f2bc8b20941f01e06969c6e90) C:\Windows\system32\DRIVERS\dsnpfd.sys
15:23:48:857 5672 dsnpfdMP (8c264a7f2bc8b20941f01e06969c6e90) C:\Windows\system32\DRIVERS\dsnpfd.sys
15:23:48:918 5672 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys
15:23:48:944 5672 E1G60 (22ef8965101685add128f03a2b03ce16) C:\Windows\system32\DRIVERS\E1G60I32.sys
15:23:48:991 5672 eamon (30372bcc67d63bee538cdfeca755d81c) C:\Windows\system32\DRIVERS\eamon.sys
15:23:49:082 5672 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
15:23:49:155 5672 ehdrv (6504d6afb75fef830dd99e8c4235d54d) C:\Windows\system32\DRIVERS\ehdrv.sys
15:23:49:179 5672 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
15:23:49:205 5672 epfw (86895d4413316becc2d7944d2749586c) C:\Windows\system32\DRIVERS\epfw.sys
15:23:49:225 5672 Epfwndis (3b47010b2425b69826004767e59045ba) C:\Windows\system32\DRIVERS\Epfwndis.sys
15:23:49:242 5672 epfwwfp (396ce762d1650387a2fe184e245fbba1) C:\Windows\system32\DRIVERS\epfwwfp.sys
15:23:49:264 5672 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
15:23:49:287 5672 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
15:23:49:321 5672 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
15:23:49:336 5672 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
15:23:49:372 5672 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
15:23:49:386 5672 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
15:23:49:407 5672 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
15:23:49:424 5672 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
15:23:49:454 5672 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
15:23:49:472 5672 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
15:23:49:517 5672 fvevol (dafbd9fe39197495aed6d51f3b85b5d2) C:\Windows\system32\DRIVERS\fvevol.sys
15:23:49:546 5672 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:23:49:586 5672 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
15:23:49:619 5672 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
15:23:49:636 5672 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:23:49:661 5672 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
15:23:49:684 5672 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
15:23:49:716 5672 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
15:23:49:738 5672 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
15:23:49:764 5672 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
15:23:49:805 5672 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
15:23:49:847 5672 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
15:23:49:869 5672 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
15:23:49:887 5672 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
15:23:49:930 5672 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
15:23:49:951 5672 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
15:23:49:962 5672 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
15:23:49:995 5672 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:23:50:036 5672 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
15:23:50:051 5672 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
15:23:50:093 5672 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
15:23:50:108 5672 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
15:23:50:123 5672 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
15:23:50:149 5672 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
15:23:50:191 5672 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
15:23:50:246 5672 klmd23 (67e1faa88fb397b3d56909d7e04f4dd3) C:\Windows\system32\drivers\klmd.sys
15:23:50:292 5672 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
15:23:50:340 5672 KSecPkg (debdc8c8c7abaa72fe5a7352c5246994) C:\Windows\system32\Drivers\ksecpkg.sys
15:23:50:342 5672 Suspicious file (Forged): C:\Windows\system32\Drivers\ksecpkg.sys. Real md5: debdc8c8c7abaa72fe5a7352c5246994, Fake md5: 365c6154bbbc5377173f1ca7bfb6cc59
15:23:50:343 5672 File "C:\Windows\system32\Drivers\ksecpkg.sys" infected by TDSS rootkit ... 15:23:50:454 5672 Backup copy found, using it..
15:23:50:491 5672 will be cured on next reboot
15:23:50:511 5672 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
15:23:50:531 5672 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:23:50:574 5672 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:23:50:615 5672 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:23:50:658 5672 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:23:50:680 5672 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
15:23:50:723 5672 LVPr2Mon (1a7db7a00a4b0d8da24cd691a4547291) C:\Windows\system32\DRIVERS\LVPr2Mon.sys
15:23:50:749 5672 LVRS (37072ec9299e825f4335cc554b6fac6a) C:\Windows\system32\DRIVERS\lvrs.sys
15:23:50:928 5672 LVUVC (a240e42a7402e927a71b6e8aa4629b13) C:\Windows\system32\DRIVERS\lvuvc.sys
15:23:51:069 5672 MBAMProtector (67b48a903430c6d4fb58cbaca1866601) C:\Windows\system32\drivers\mbam.sys
15:23:51:098 5672 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
15:23:51:134 5672 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
15:23:51:178 5672 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
15:23:51:234 5672 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
15:23:51:254 5672 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
15:23:51:278 5672 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
15:23:51:303 5672 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
15:23:51:320 5672 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
15:23:51:345 5672 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
15:23:51:379 5672 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
15:23:51:413 5672 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:23:51:429 5672 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:23:51:455 5672 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:23:51:477 5672 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
15:23:51:492 5672 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
15:23:51:511 5672 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
15:23:51:564 5672 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
15:23:51:585 5672 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
15:23:51:614 5672 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
15:23:51:628 5672 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
15:23:51:636 5672 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
15:23:51:653 5672 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
15:23:51:667 5672 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
15:23:51:690 5672 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
15:23:51:720 5672 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
15:23:51:745 5672 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
15:23:51:789 5672 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
15:23:51:818 5672 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
15:23:51:845 5672 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
15:23:51:868 5672 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
15:23:51:895 5672 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
15:23:51:904 5672 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
15:23:51:932 5672 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
15:23:51:958 5672 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
15:23:51:974 5672 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
15:23:52:009 5672 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
15:23:52:052 5672 NMgamingmsFltr (dd0216110ae219f333d0f99079a4be42) C:\Windows\system32\drivers\NMgamingms.sys
15:23:52:071 5672 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
15:23:52:096 5672 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
15:23:52:146 5672 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
15:23:52:187 5672 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
15:23:52:454 5672 nvlddmkm (c8cb6135884cbc2a10225c4c3cef0f95) C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:23:52:586 5672 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
15:23:52:606 5672 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
15:23:52:629 5672 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
15:23:52:694 5672 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
15:23:52:732 5672 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
15:23:52:753 5672 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
15:23:52:776 5672 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
15:23:52:797 5672 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
15:23:52:813 5672 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
15:23:52:841 5672 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
15:23:52:887 5672 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
15:23:52:903 5672 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
15:23:52:941 5672 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
15:23:52:972 5672 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
15:23:53:003 5672 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
15:23:53:023 5672 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
15:23:53:065 5672 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
15:23:53:096 5672 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
15:23:53:125 5672 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
15:23:53:163 5672 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
15:23:53:193 5672 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:23:53:218 5672 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:23:53:235 5672 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
15:23:53:260 5672 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
15:23:53:270 5672 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
15:23:53:295 5672 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
15:23:53:312 5672 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:23:53:321 5672 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
15:23:53:356 5672 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
15:23:53:381 5672 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
15:23:53:395 5672 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
15:23:53:414 5672 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
15:23:53:453 5672 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
15:23:53:551 5672 RTL8167 (3983cea05bb855351d75f5482b6c42ce) C:\Windows\system32\DRIVERS\Rt86win7.sys
15:23:53:590 5672 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
15:23:53:641 5672 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
15:23:53:700 5672 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
15:23:53:748 5672 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
15:23:53:790 5672 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
15:23:53:846 5672 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
15:23:53:904 5672 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
15:23:53:957 5672 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
15:23:53:967 5672 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
15:23:54:015 5672 sffp_sd (a0708bbd07d245c06ff9de549ca47185) C:\Windows\system32\DRIVERS\sffp_sd.sys
15:23:54:080 5672 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
15:23:54:115 5672 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
15:23:54:146 5672 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:23:54:165 5672 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
15:23:54:204 5672 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
15:23:54:229 5672 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
15:23:54:290 5672 srv (50a83ca406c808bd35ac9141a0c7618f) C:\Windows\system32\DRIVERS\srv.sys
15:23:54:328 5672 srv2 (dce7e10feaabd4cae95948b3de5340bb) C:\Windows\system32\DRIVERS\srv2.sys
15:23:54:345 5672 srvnet (bd1433a32792fd0dc450479094fc435a) C:\Windows\system32\DRIVERS\srvnet.sys
15:23:54:365 5672 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
15:23:54:378 5672 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
15:23:54:394 5672 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
15:23:54:421 5672 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
15:23:54:457 5672 Tcpip (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\drivers\tcpip.sys
15:23:54:489 5672 TCPIP6 (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\DRIVERS\tcpip.sys
15:23:54:521 5672 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
15:23:54:550 5672 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
15:23:54:574 5672 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
15:23:54:595 5672 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
15:23:54:611 5672 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
15:23:54:634 5672 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:23:54:654 5672 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
15:23:54:682 5672 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
15:23:54:727 5672 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
15:23:54:760 5672 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
15:23:54:783 5672 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
15:23:54:820 5672 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
15:23:54:876 5672 usbaudio (2436a42aab4ad48a9b714e5b0f344627) C:\Windows\system32\drivers\usbaudio.sys
15:23:54:898 5672 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
15:23:54:921 5672 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
15:23:54:943 5672 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
15:23:54:971 5672 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
15:23:54:999 5672 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
15:23:55:032 5672 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
15:23:55:072 5672 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:23:55:127 5672 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
15:23:55:159 5672 usbvideo (f642a7e4bf78cfa359cca0a3557c28d7) C:\Windows\system32\Drivers\usbvideo.sys
15:23:55:230 5672 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
15:23:55:279 5672 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
15:23:55:309 5672 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
15:23:55:330 5672 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
15:23:55:357 5672 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
15:23:55:408 5672 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
15:23:55:429 5672 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
15:23:55:443 5672 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
15:23:55:477 5672 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
15:23:55:516 5672 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
15:23:55:541 5672 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
15:23:55:576 5672 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
15:23:55:610 5672 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
15:23:55:629 5672 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
15:23:55:657 5672 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
15:23:55:689 5672 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
15:23:55:696 5672 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
15:23:55:754 5672 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
15:23:55:817 5672 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
15:23:55:902 5672 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
15:23:55:921 5672 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
15:23:55:968 5672 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
15:23:55:985 5672 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
15:23:56:023 5672 WSDPrintDevice (553f6ccd7c58eb98d4a8fbdaf283d7a9) C:\Windows\system32\DRIVERS\WSDPrint.sys
15:23:56:048 5672 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
15:23:56:073 5672 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:23:56:079 5672 Reboot required for cure complete..
15:23:56:471 5672 Cure on reboot scheduled successfully
15:23:56:471 5672
15:23:56:472 5672 Completed
15:23:56:473 5672
15:23:56:473 5672 Results:
15:23:56:474 5672 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
15:23:56:475 5672 File objects infected / cured / cured on reboot: 1 / 0 / 1
15:23:56:476 5672
15:23:56:481 5672 KLMD(ARK) unloaded successfully
-
-
During this run beginning just after stage 3 completed an error window continued to pop up "Find String (QREP) Utility has stopped working". Each time it did I clicked "Close the program". I lost count but this must have happened at least 20 times. It did not happen at every stage. Some stages had more than others and some had no error. This did not happen after the reboot.
Both Malwarebytes and Eset continue to catch attempts to connect to malicious sites.
Here is the ComboFix log file:
ComboFix 10-06-09.04 - Dave 06/10/2010 11:12:16.3.4 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3325.1946 [GMT -4:00]
Running from: c:\users\Dave\Desktop\Combo---Fix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
Infected copy of c:\windows\system32\wuauclt.exe was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\wuauclt.exe
Infected copy of c:\windows\system32\ctfmon.exe was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\ctfmon.exe
.
((((((((((((((((((((((((( Files Created from 2010-05-10 to 2010-06-10 )))))))))))))))))))))))))))))))
.
2010-06-10 15:24 . 2010-06-10 15:24 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-06-10 15:24 . 2010-06-10 15:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-06-10 15:07 . 2010-06-10 15:08 -------- d-----w- C:\32788R22FWJFW
2010-06-10 09:26 . 2010-05-25 18:31 2480736 -c----w- c:\programdata\Microsoft\Windows\WER\ReportQueue\Critical_Windows Defender_bf198b4d16606a9398f328e8c57f8381c5e49721_cab_148db270\everest.exe
2010-06-09 22:38 . 2010-06-09 22:38 -------- d-----w- C:\QUARANTINE
2010-06-09 22:15 . 2010-06-09 22:15 -------- d-----w- c:\program files\Common Files\Cisco Systems
2010-06-09 21:49 . 2010-06-10 05:52 -------- d-----w- c:\programdata\McAfee
2010-06-09 21:48 . 2010-06-09 21:49 -------- d-----w- c:\program files\McAfee
2010-06-09 19:17 . 2010-06-09 19:17 -------- d-----w- c:\program files\Common Files\Java
2010-06-09 19:16 . 2010-06-09 19:16 -------- d-----w- c:\program files\Java
2010-06-09 19:13 . 2010-06-09 19:13 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-09 15:17 . 2010-06-10 15:26 -------- d-----w- c:\users\Dave\AppData\Local\temp
2010-06-09 13:10 . 2010-06-09 13:10 -------- d-----w- c:\program files\FLV Player
2010-06-09 11:53 . 2010-06-09 11:53 -------- d-----w- c:\users\Dave\AppData\Roaming\Nero
2010-06-09 11:49 . 2010-06-09 11:49 -------- d-----w- c:\users\Dave\AppData\Local\Ahead
2010-06-09 11:49 . 2010-06-09 11:49 -------- d-----w- c:\program files\NeroInstall.bak
2010-06-09 11:46 . 2010-06-09 11:47 -------- d-----w- c:\program files\Common Files\Nero
2010-06-09 11:46 . 2010-06-09 11:46 -------- d-----w- c:\programdata\Nero
2010-06-09 11:46 . 2010-06-09 11:46 -------- d-----w- c:\program files\Nero
2010-06-08 03:50 . 2010-06-08 03:50 -------- d-----w- c:\programdata\LightScribe
2010-06-08 03:39 . 2010-06-08 03:41 -------- d-----w- C:\Combo-Fix
2010-06-08 02:51 . 2010-06-08 02:51 -------- d-----w- c:\users\Dave\AppData\Local\Diagnostics
2010-06-07 13:10 . 2010-06-07 13:10 -------- d-----w- c:\users\Dave\AppData\Roaming\Malwarebytes
2010-06-07 13:09 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-07 13:09 . 2010-06-07 13:09 -------- d-----w- c:\programdata\Malwarebytes
2010-06-07 13:09 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-07 13:09 . 2010-06-07 13:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-06 19:20 . 2010-06-06 19:20 -------- d-----w- c:\users\Dave\AppData\Local\Apple Computer
2010-06-06 19:17 . 2010-06-06 19:17 -------- d-----w- c:\users\Dave\AppData\Local\ESET
2010-06-06 19:15 . 2010-06-06 19:20 -------- d-----w- c:\programdata\Apple Computer
2010-06-06 19:15 . 2010-06-06 19:16 -------- d-----w- c:\program files\QuickTime
2010-06-06 19:15 . 2010-06-06 19:15 -------- d-----w- c:\users\Dave\AppData\Local\Apple
2010-06-06 19:15 . 2010-06-06 19:15 -------- d-----w- c:\program files\Apple Software Update
2010-06-06 19:15 . 2010-06-06 19:15 -------- d-----w- c:\programdata\Apple
2010-06-05 07:21 . 2010-02-09 19:37 65602 ----a-w- c:\windows\system32\cook3260.dll
2010-06-05 07:21 . 2010-02-09 19:37 626688 ----a-w- c:\windows\system32\vp7vfw.dll
2010-06-05 07:21 . 2010-02-09 19:37 217127 ----a-w- c:\windows\system32\drv43260.dll
2010-06-05 07:21 . 2010-02-09 19:37 208935 ----a-w- c:\windows\system32\drv33260.dll
2010-06-05 07:21 . 2010-02-09 19:37 176165 ----a-w- c:\windows\system32\drv23260.dll
2010-06-05 07:21 . 2010-02-09 19:37 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
2010-06-05 07:21 . 2010-02-09 19:37 102439 ----a-w- c:\windows\system32\sipr3260.dll
2010-06-05 07:21 . 2010-06-05 07:21 -------- d-----w- c:\program files\VSO
2010-06-05 07:15 . 2010-06-05 07:18 -------- d-----w- c:\program files\My Video Converter
2010-06-04 06:48 . 2010-06-04 06:58 -------- d-----w- c:\programdata\WebcamMax
2010-06-04 06:48 . 2010-06-04 06:48 -------- d-----w- c:\users\Dave\AppData\Roaming\WebcamMax
2010-06-04 06:46 . 2010-06-04 06:46 -------- d-----w- c:\program files\WebcamMax
2010-06-03 12:17 . 2010-06-10 06:28 -------- d-----w- c:\users\Dave\AppData\Roaming\DisplayFusion
2010-06-03 12:00 . 2010-06-03 12:01 -------- d-----w- c:\users\Dave\AppData\Roaming\Binary Fortress Software
2010-06-03 11:56 . 2010-06-03 12:01 -------- d-----w- c:\program files\DisplayFusion
2010-06-02 00:06 . 2010-06-02 00:29 -------- d-----w- c:\users\Dave\.jbidwatcher
2010-06-01 22:21 . 2010-06-09 19:16 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-01 07:20 . 2010-06-01 07:20 -------- d-----w- c:\users\Dave\AppData\Local\Sony
2010-05-31 23:22 . 2010-05-31 23:22 -------- d-----w- c:\users\Dave\.javaws
2010-05-31 23:21 . 2010-05-31 23:21 -------- d-----w- c:\users\Dave\AppData\Local\Programs
2010-05-31 23:09 . 2010-05-31 23:09 -------- d-----w- c:\programdata\PlotSoft
2010-05-31 23:09 . 2010-05-31 23:09 -------- d-----w- c:\program files\PlotSoft
2010-05-31 22:50 . 2010-05-31 22:50 -------- d-----w- c:\program files\Acro Software
2010-05-28 19:13 . 2010-05-28 19:16 -------- d-----w- C:\New folder
2010-05-28 18:05 . 2010-05-28 18:05 -------- d-----w- c:\users\Dave\AppData\Local\NeoSmart_Technologies
2010-05-28 15:51 . 2010-05-28 15:52 2209198 ----a-w- c:\users\Dave\AppData\Roaming\IDM\DwnlData\Dave\vegaspro90c_64bit_777\vegaspro90c_64bit.exe
2010-05-28 14:57 . 2010-05-28 14:57 -------- d-----w- c:\program files\NeoSmart Technologies
2010-05-28 07:34 . 2010-05-28 07:34 -------- d-----w- c:\program files\Google
2010-05-28 01:05 . 2003-03-19 03:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-05-28 01:05 . 2010-05-28 01:05 -------- d-----w- c:\program files\Real Alternative
2010-05-27 06:43 . 2010-05-27 06:43 -------- d-----w- c:\users\Dave\AppData\Roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
2010-05-27 06:43 . 2010-06-09 14:31 -------- d-----w- c:\program files\TweetDeck
2010-05-27 06:42 . 2010-06-09 14:31 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-05-27 04:04 . 2010-04-23 07:13 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-27 03:46 . 2010-06-09 12:43 -------- d-----w- c:\users\Dave\AppData\Roaming\Vso
2010-05-27 03:46 . 2010-05-27 03:46 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-05-27 03:46 . 2010-05-27 03:46 47360 ----a-w- c:\users\Dave\AppData\Roaming\pcouffin.sys
2010-05-27 03:46 . 2010-05-27 03:46 -------- d-----w- c:\users\Dave\AppData\Roaming\NVIDIA
2010-05-27 03:45 . 2010-06-09 03:04 -------- d-----w- c:\program files\DVDFab 7
2010-05-26 19:07 . 2010-05-26 19:07 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-05-26 12:21 . 2010-06-09 14:32 -------- d-----w- c:\program files\Wireshark
2010-05-26 08:47 . 2010-05-28 16:05 -------- d-----w- c:\program files\WS_FTP Password Recoverer 2.5
2010-05-24 20:19 . 2010-05-24 20:19 -------- d-----w- c:\programdata\NCH Software
2010-05-24 20:19 . 2010-05-24 20:19 -------- d-----w- c:\program files\NCH Software
2010-05-24 20:19 . 2010-05-24 20:19 -------- d-----w- c:\users\Dave\AppData\Roaming\NCH Software
2010-05-24 07:10 . 2010-05-22 11:58 28135936 ----a-w- c:\users\Dave\AppData\Roaming\IDM\Activator\Activator\w7lxe.exe
2010-05-24 06:48 . 2010-05-24 06:48 -------- d-----w- c:\users\Dave\AppData\Roaming\URSoft
2010-05-24 06:48 . 2010-05-24 06:48 -------- d-----w- c:\program files\Your Uninstaller 2010
2010-05-24 06:42 . 2010-05-24 06:42 -------- d-----w- C:\temp
2010-05-24 06:41 . 2010-05-24 06:49 -------- d-----w- C:\quiz
2010-05-24 06:41 . 2002-10-18 05:00 110592 ----a-w- c:\windows\system32\tsccvid.dll
2010-05-23 20:48 . 2010-05-23 20:51 -------- d-----w- C:\gig
2010-05-23 06:03 . 2010-05-23 06:03 -------- d-----w- c:\program files\Common Files\Windows Live
2010-05-23 04:38 . 2010-05-23 04:38 -------- d-----w- c:\program files\TNod User & Password Finder
2010-05-23 04:32 . 2010-05-23 04:32 -------- d-----w- c:\program files\ESET
2010-05-22 23:19 . 2010-05-22 23:19 -------- d-----w- c:\program files\Matroska Pack
2010-05-22 23:18 . 2010-05-22 23:18 -------- d-----w- c:\users\Dave\AppData\Roaming\Media Player Classic
2010-05-22 20:15 . 2010-06-10 15:25 -------- d-----w- c:\users\Dave\AppData\Roaming\MailWasherPro
2010-05-22 20:15 . 2010-05-22 20:15 -------- d-----w- c:\program files\FireTrust
2010-05-22 20:08 . 2010-05-22 20:08 -------- d-----w- c:\users\Dave\AppData\Local\LogiShrd
2010-05-22 20:08 . 2010-05-22 20:08 -------- d-----w- c:\users\Dave\AppData\Roaming\Leadertech
2010-05-22 20:06 . 2010-05-26 20:14 -------- d-----w- c:\programdata\LogiShrd
2010-05-22 20:06 . 2010-05-22 20:08 -------- d-----w- c:\program files\Logitech
2010-05-22 20:04 . 2010-05-22 20:04 -------- d-----w- c:\program files\Common Files\LightScribe
2010-05-22 19:56 . 2010-05-22 19:56 -------- d-----w- c:\users\Dave\AppData\Roaming\Acoustica
2010-05-22 19:54 . 2010-05-22 19:57 -------- d-----w- c:\program files\Acoustica CD Label Maker
2010-05-22 19:54 . 2007-12-21 21:07 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-05-22 19:32 . 2003-04-18 23:06 8192 ----a-w- c:\windows\system32\srvany.exe
2010-05-22 14:25 . 2010-05-22 14:25 -------- d-----w- c:\program files\Microsoft IntelliType Pro
2010-05-22 13:33 . 2010-05-22 13:33 -------- d-----w- c:\windows\PCHEALTH
2010-05-22 13:33 . 2010-05-22 13:33 -------- d-----w- c:\program files\Microsoft.NET
2010-05-22 13:33 . 2010-05-22 13:33 -------- d-----w- c:\program files\Microsoft Analysis Services
2010-05-22 13:33 . 2010-05-28 17:37 -------- d-----w- c:\users\Dave\AppData\Local\Microsoft Help
2010-05-22 13:32 . 2010-05-22 13:35 -------- d-----w- c:\programdata\Microsoft Help
2010-05-22 13:32 . 2010-05-22 13:32 -------- d-----r- C:\MSOCache
2010-05-22 12:59 . 2010-05-22 12:59 -------- d-----w- c:\programdata\DeskSoft
2010-05-22 12:57 . 2010-05-22 12:59 -------- d-----w- c:\program files\BWMeter
2010-05-22 12:57 . 2010-05-22 12:57 28552 ----a-w- c:\windows\system32\drivers\dsnpfd.sys
2010-05-22 12:57 . 2010-05-22 12:57 -------- d-----w- c:\users\Dave\AppData\Roaming\DeskSoft
2010-05-22 07:53 . 2010-06-09 19:13 -------- d-----w- c:\users\Dave\AppData\Local\Adobe
2010-05-22 07:19 . 2010-05-22 07:19 214448 ----a-w- c:\users\Dave\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll
2010-05-22 07:19 . 2010-06-01 07:33 -------- d-----w- c:\users\Dave\AppData\Roaming\IDM
2010-05-22 07:19 . 2010-06-10 15:25 -------- d-----w- c:\users\Dave\AppData\Roaming\DMCache
2010-05-22 07:19 . 2010-05-22 07:19 -------- d-----w- c:\program files\Internet Download Manager
2010-05-22 07:06 . 2010-05-22 07:06 -------- d-----w- c:\program files\Common Files\Software Update Utility
2010-05-22 07:02 . 2010-05-22 07:02 -------- d-----w- c:\programdata\NVIDIA
2010-05-22 07:01 . 2010-05-22 07:01 -------- d-----w- c:\windows\system32\Macromed
2010-05-22 07:01 . 2010-06-10 05:52 -------- d-sh--w- c:\windows\Installer
2010-05-22 07:01 . 2010-05-22 07:01 -------- d-----w- c:\program files\NVIDIA Corporation
2010-05-22 06:56 . 2010-06-05 21:30 -------- d-----w- c:\program files\AIM Toolbar
2010-05-22 06:55 . 2010-05-22 07:06 -------- d-----w- c:\users\Dave\AppData\Local\AIM
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-10 15:25 . 2010-05-22 05:45 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-05-22 05:48 . 2009-07-14 02:37 -------- d-----w- c:\program files\Windows Mail
2010-05-22 00:00 . 2010-05-22 00:00 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-05-21 21:04 . 2010-05-21 21:04 -------- d-sh--we c:\programdata\Templates
2010-05-21 21:04 . 2010-05-21 21:04 -------- d-sh--we c:\programdata\Start Menu
2010-05-21 21:04 . 2010-05-21 21:04 -------- d-sh--we c:\programdata\Favorites
2010-05-21 21:04 . 2010-05-21 21:04 -------- d-sh--we c:\programdata\Documents
2010-05-21 21:04 . 2010-05-21 21:04 -------- d-sh--we c:\programdata\Desktop
2010-05-12 15:21 . 2009-10-14 09:58 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-04-29 18:47 . 2010-04-29 18:47 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2010-04-03 22:27 . 2010-04-03 22:27 985704 ----a-w- c:\windows\system32\nvsvc.dll
2010-04-03 22:27 . 2010-04-03 22:27 66664 ----a-w- c:\windows\system32\nvshext.dll
2010-04-03 22:27 . 2010-04-03 22:27 13683816 ----a-w- c:\windows\system32\nvcpl.dll
2010-04-03 22:27 . 2010-04-03 22:27 129640 ----a-w- c:\windows\system32\nvvsvc.exe
2010-04-03 22:27 . 2010-04-03 22:27 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-03-26 00:07 . 2010-03-26 00:07 20768 ----a-w- c:\windows\system32\MFEOtlk.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-06-09_15.20.27 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-05-21 22:25 . 2010-06-10 06:14 29252 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:55 . 2010-06-10 15:27 35458 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-06-09 19:14 . 2010-06-09 19:14 84661 c:\windows\System32\Macromed\Flash\uninstall_plugin.exe
- 2010-05-22 00:03 . 2010-06-09 14:15 49152 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-05-22 00:03 . 2010-06-10 06:12 49152 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:41 . 2010-06-10 06:12 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:41 . 2010-06-09 14:15 49152 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:34 . 2010-06-09 20:20 73256 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2010-05-21 22:31 . 2010-06-09 15:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-05-21 22:31 . 2010-06-10 06:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-05-22 15:06 . 2010-06-10 15:07 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2010-05-22 15:06 . 2010-06-09 14:05 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2010-05-22 15:06 . 2010-06-09 14:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
+ 2010-05-22 15:06 . 2010-06-10 15:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
- 2010-05-22 15:06 . 2010-06-09 14:05 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
+ 2010-05-22 15:06 . 2010-06-10 15:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
- 2010-05-21 22:31 . 2010-06-09 15:12 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-05-21 22:31 . 2010-06-10 15:07 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-05-21 22:31 . 2010-06-09 15:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-05-21 22:31 . 2010-06-10 06:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-05-21 21:08 . 2010-06-10 15:27 7024 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2225359714-1735385368-1201117027-1000_UserData.bin
+ 2010-06-10 06:12 . 2010-06-10 15:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-06-09 14:15 . 2010-06-09 15:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-06-09 14:15 . 2010-06-09 15:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-06-10 06:12 . 2010-06-10 15:25 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-06-09 15:19 . 2009-10-07 05:47 109080 c:\windows\temp\logishrd\LVPrcInj01.dll
+ 2010-06-10 15:25 . 2009-10-07 05:47 109080 c:\windows\temp\logishrd\LVPrcInj01.dll
- 2009-07-14 02:05 . 2010-06-09 14:19 615122 c:\windows\System32\perfh009.dat
+ 2009-07-14 02:05 . 2010-06-10 06:17 615122 c:\windows\System32\perfh009.dat
- 2009-07-14 02:05 . 2010-06-09 14:19 103496 c:\windows\System32\perfc009.dat
+ 2009-07-14 02:05 . 2010-06-10 06:17 103496 c:\windows\System32\perfc009.dat
+ 2010-01-27 01:07 . 2010-01-27 01:07 256280 c:\windows\System32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2010-06-09 19:16 . 2010-06-09 19:16 153376 c:\windows\System32\javaws.exe
+ 2010-06-09 19:16 . 2010-06-09 19:16 145184 c:\windows\System32\javaw.exe
+ 2010-06-09 19:16 . 2010-06-09 19:16 145184 c:\windows\System32\java.exe
- 2009-10-14 09:58 . 2010-06-09 14:32 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-10-14 09:58 . 2010-06-10 06:27 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2010-05-22 00:03 . 2010-06-10 06:12 425984 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-05-22 00:03 . 2010-06-09 14:15 425984 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-06-09 19:17 . 2010-06-09 19:17 183808 c:\windows\Installer\b3fc6c.msi
+ 2010-06-09 19:15 . 2010-06-09 19:15 581120 c:\windows\Installer\b3fc63.msi
+ 2009-07-14 02:03 . 2010-06-10 14:20 7077888 c:\windows\System32\SMI\Store\Machine\schema.dat
- 2009-07-14 02:03 . 2010-06-09 14:28 7077888 c:\windows\System32\SMI\Store\Machine\SCHEMA.DAT
+ 2010-01-27 01:07 . 2010-01-27 01:07 3884312 c:\windows\System32\Macromed\Flash\NPSWF32.dll
+ 2010-01-04 18:41 . 2010-01-04 18:41 3972608 c:\windows\Installer\b3fc5e.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
2010-02-28 06:20 561552 ----a-w- c:\progra~1\MICROS~2\Office14\URLREDIR.DLL
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"DisplayFusion"="c:\program files\DisplayFusion\DisplayFusion.exe" [2010-03-17 800944]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2010-04-29 3220912]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [2008-02-28 1828136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-06-01 1501064]
"LogitechQuickCamRibbon"="c:\program files\Logitech\Logitech WebCam Software\LWS.exe" [2009-10-14 2793304]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-09-11 2054360]
"TNOD UP"="c:\program files\TNod User & Password Finder\TNODUP.exe" [2010-04-01 1811968]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-04-29 437584]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
c:\users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
BWMeter.lnk - c:\program files\BWMeter\BWMeter.exe [2010-5-22 1171968]
everest.exe - Shortcut.lnk - i:\downloads\Everest\5.50.2154\Everest\everest.exe [2010-5-28 2480736]
MailWasherPro.lnk - c:\program files\FireTrust\MailWasher Pro\MailWasher.exe [2010-5-22 19121072]
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
iReboot 1.1.1.lnk - c:\program files\NeoSmart Technologies\iReboot\iReboot.exe [2009-9-15 232960]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
[HKLM\~\startupfolder\C:^Users^Dave^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Screen Clipper and Launcher.lnk]
path=c:\users\Dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2010 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-01-05 20:18 413696 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WebcamMaxAutoRun]
2009-12-31 03:50 1561232 ----a-w- c:\program files\WebcamMax\WebcamMax.exe
R3 dsnpfd;Dsnpfd Service;c:\windows\system32\DRIVERS\dsnpfd.sys [2010-05-22 28552]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]
R4 KMService;KMService;c:\windows\system32\srvany.exe [2003-04-18 8192]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-09-11 108792]
S2 BWMeterConSvc;BWMeter Connections Service;c:\program files\BWMeter\BWMeterConSvc.exe [2010-05-22 62464]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2009-09-11 735960]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2009-09-11 38240]
S2 iReboot;iReboot Background Service;c:\program files\NeoSmart Technologies\iReboot\iRebootd.exe [2009-09-15 17408]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-04-29 304464]
S3 dsnpfdMP;dsnpfdMP;c:\windows\system32\DRIVERS\dsnpfd.sys [2010-05-22 28552]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;i:\downloads\Everest\5.50.2154\Everest\kerneld.wnt [2010-05-21 27760]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-04-29 20952]
S3 NMgamingmsFltr;USB Optical Mouse;c:\windows\system32\drivers\NMgamingms.sys [2009-07-24 9472]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-02 139776]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - EVERESTDRIVER
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-03-17 17:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
LSP: c:\windows\system32\idmmbc.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Dave\
FF - prefs.js: browser.search.selectedEngine - eBay
FF - prefs.js: browser.startup.homepage - hxxp://sirocco.accuweather.com/nx_mosaic_640x480_public/sir/inmaSIRNY_.gif|http://192.168.0.1/fap_meter/
FF - prefs.js: network.proxy.type - 4
FF - component: c:\users\Dave\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll
FF - component: c:\users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Dave\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\progra~1\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\users\Dave\AppData\Local\Google\Google Earth\plugin\npgeplugin.dll
---- FIREFOX POLICIES ----
c:\program files\Shiretoko\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\program files\Shiretoko\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Shiretoko\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Shiretoko\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Shiretoko\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "");
c:\program files\Shiretoko\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "");
c:\program files\Shiretoko\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-f-CN", "");
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\EverestDriver]
"ImagePath"="\??\i:\downloads\Everest\5.50.2154\Everest\kerneld.wnt"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'Explorer.exe'(1632)
c:\program files\DisplayFusion\DisplayFusionHookx86.dll
c:\windows\system32\idmmbc.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
c:\program files\Common Files\Nero\Lib\NMIndexingService.exe
.
**************************************************************************
.
Completion time: 2010-06-10 11:28:54 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-10 15:28
ComboFix2.txt 2010-06-09 15:23
Pre-Run: 1,204,200,792,064 bytes free
Post-Run: 1,204,147,245,056 bytes free
- - End Of File - - 2E856C191F28D950E39B0CA9A21C6084
-
I forgot to mention I seem to be blocked from accessing Windows Updates. Attempting to download updates results in error Code80072EFE
Here is the GMER.LOG
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-10 10:06:03
Windows 6.1.7600
Running: 128efx3u.exe; Driver: C:\Users\Dave\AppData\Local\Temp\kxldapow.sys
---- System - GMER 1.0.15 ----
INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C26AF8
INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C26104
INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C263F4
INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C0F2D8
INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C0E898
INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C261DC
INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C26958
INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C266F8
INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C26F2C
INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82C271A8
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82C86599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CAAF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text peauth.sys A7222C9D 28 Bytes [84, 89, CB, 9F, 7E, FE, 59, ...]
.text peauth.sys A7222CC1 28 Bytes [84, 89, CB, 9F, 7E, FE, 59, ...]
PAGE peauth.sys A7228B9B 72 Bytes [49, 1F, D4, 05, 56, 98, C1, ...]
PAGE peauth.sys A7228BEC 111 Bytes [99, 4B, C6, 7C, F9, D5, 58, ...]
PAGE peauth.sys A722902C 102 Bytes [10, D5, FD, A4, 49, CF, 62, ...]
---- User code sections - GMER 1.0.15 ----
.text C:\Windows\system32\svchost.exe[1052] ntdll.dll!NtProtectVirtualMemory 773B5360 5 Bytes JMP 0029000A
.text C:\Windows\system32\svchost.exe[1052] ntdll.dll!NtWriteVirtualMemory 773B5EE0 5 Bytes JMP 002A000A
.text C:\Windows\system32\svchost.exe[1052] ntdll.dll!KiUserExceptionDispatcher 773B6448 5 Bytes JMP 0027000A
.text C:\Windows\system32\svchost.exe[1052] ole32.dll!CoCreateInstance 765457FC 5 Bytes JMP 0091000A
.text C:\Windows\system32\svchost.exe[1052] USER32.dll!GetCursorPos 772AC198 5 Bytes JMP 00F0000A
.text C:\Windows\system32\wuauclt.exe[1152] ntdll.dll!NtProtectVirtualMemory 773B5360 5 Bytes JMP 0010000A
.text C:\Windows\system32\wuauclt.exe[1152] ntdll.dll!NtWriteVirtualMemory 773B5EE0 5 Bytes JMP 0019000A
.text C:\Windows\system32\wuauclt.exe[1152] ntdll.dll!KiUserExceptionDispatcher 773B6448 5 Bytes JMP 000F000A
.text C:\Windows\Explorer.EXE[1584] ntdll.dll!NtProtectVirtualMemory 773B5360 5 Bytes JMP 0040000A
.text C:\Windows\Explorer.EXE[1584] ntdll.dll!NtWriteVirtualMemory 773B5EE0 5 Bytes JMP 0041000A
.text C:\Windows\Explorer.EXE[1584] ntdll.dll!KiUserExceptionDispatcher 773B6448 5 Bytes JMP 000D000A
.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[1908] kernel32.dll!SetUnhandledExceptionFilter 75C53142 4 Bytes [C2, 04, 00, 00]
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
Device \Driver\ACPI_HAL \Device\00000057 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume8 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume9 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
-
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4185
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
6/10/2010 3:16:20 AM
mbam-log-2010-06-10 (03-16-20).txt
Scan type: Quick scan
Objects scanned: 123368
Time elapsed: 6 minute(s), 13 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
-
Over the last few days the pc has been attempting to connect with malicious sites according to both malwarebytes and ESET Smart Security. Malwarebytes has caught the following IPs
78.47.249.228
85.12.46.159
94.228.209.200
91.212.226.67
195.170.178.55
91.212.226.59
ESET has caught the url clkh71yhks66.com
DDS (Ver_10-03-17.01) - NTFSx86
Run by Dave at 2:30:22.02 on Thu 06/10/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3325.2152 [GMT -4:00]
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\BWMeter\BWMeterConSvc.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\NeoSmart Technologies\iReboot\iRebootd.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\DisplayFusion\DisplayFusion.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\NeoSmart Technologies\iReboot\iReboot.exe
C:\Program Files\BWMeter\BWMeter.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
I:\Downloads\Everest\5.50.2154\Everest\everest.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
c:\program files\logitech\logitech webcam software\lu\lulnchr.exe
C:\program files\logitech\logitech webcam software\lu\LogitechUpdate.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wuauclt.exe
C:\Program Files\Shiretoko\firefox.exe
C:\Users\Dave\Desktop\Defogger.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Dave\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [DisplayFusion] "c:\program files\displayfusion\DisplayFusion.exe"
uRun: [iDMan] c:\program files\internet download manager\IDMan.exe /onboot
uRun: [indxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\nero\lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\users\dave\appdata\roaming\micros~1\windows\startm~1\programs\startup\bwmeter.lnk - c:\program files\bwmeter\BWMeter.exe
StartupFolder: c:\users\dave\appdata\roaming\micros~1\windows\startm~1\programs\startup\everes~1.lnk - i:\downloads\everest\5.50.2154\everest\everest.exe
StartupFolder: c:\users\dave\appdata\roaming\micros~1\windows\startm~1\programs\startup\mailwa~1.lnk - c:\program files\firetrust\mailwasher pro\MailWasher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\ireboo~1.lnk - c:\program files\neosmart technologies\ireboot\iReboot.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {FB858B22-55E2-413f-87F5-30ADC5552151} - c:\program files\plotsoft\pdfill\DownloadPDF.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
LSP: c:\windows\system32\idmmbc.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
================= FIREFOX ===================
FF - ProfilePath - c:\users\dave\appdata\roaming\mozilla\firefox\profiles\febeprof.dave\
FF - prefs.js: browser.search.selectedEngine - eBay
FF - prefs.js: browser.startup.homepage - hxxp://sirocco.accuweather.com/nx_mosaic_640x480_public/sir/inmaSIRNY_.gif|http://192.168.0.1/fap_meter/
FF - prefs.js: network.proxy.type - 4
FF - component: c:\users\dave\appdata\roaming\idm\idmmzcc3\components\idmmzcc.dll
FF - component: c:\users\dave\appdata\roaming\mozilla\firefox\profiles\febeprof.dave\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\users\dave\appdata\local\google\google earth\plugin\npgeplugin.dll
---- FIREFOX POLICIES ----
c:\program files\shiretoko\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\program files\shiretoko\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\shiretoko\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\shiretoko\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\shiretoko\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\shiretoko\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "");
c:\program files\shiretoko\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "");
c:\program files\shiretoko\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-f-CN", "");
============= SERVICES / DRIVERS ===============
R2 BWMeterConSvc;BWMeter Connections Service;c:\program files\bwmeter\BWMeterConSvc.exe [2010-5-22 62464]
R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2009-9-11 735960]
R2 epfwwfp;epfwwfp;c:\windows\system32\drivers\epfwwfp.sys [2009-9-11 38240]
R2 iReboot;iReboot Background Service;c:\program files\neosmart technologies\ireboot\iRebootd.exe [2009-9-15 17408]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-6-7 304464]
R3 dsnpfdMP;dsnpfdMP;c:\windows\system32\drivers\dsnpfd.sys [2010-5-22 28552]
R3 EverestDriver;Lavalys EVEREST Kernel Driver;i:\downloads\everest\5.50.2154\everest\kerneld.wnt [2010-5-28 27760]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-6-7 20952]
R3 NMgamingmsFltr;USB Optical Mouse;c:\windows\system32\drivers\NMgamingms.sys [2009-7-24 9472]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-3-1 139776]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 dsnpfd;Dsnpfd Service;c:\windows\system32\drivers\dsnpfd.sys [2010-5-22 28552]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S4 KMService;KMService;c:\windows\system32\srvany.exe [2010-5-22 8192]
=============== Created Last 30 ================
2010-06-10 06:06:44 0 ----a-w- c:\users\dave\defogger_reenable
2010-06-09 22:38:37 0 d-----w- C:\QUARANTINE
2010-06-09 22:15:56 0 d-----w- c:\program files\common files\Cisco Systems
2010-06-09 22:10:49 65536 --sha-w- c:\users\dave\ntuser.dat{3331e2bb-7413-11df-ad39-6cf049077546}.TM.blf
2010-06-09 22:10:49 524288 --sha-w- c:\users\dave\ntuser.dat{3331e2bb-7413-11df-ad39-6cf049077546}.TMContainer00000000000000000002.regtrans-ms
2010-06-09 22:10:49 524288 --sha-w- c:\users\dave\ntuser.dat{3331e2bb-7413-11df-ad39-6cf049077546}.TMContainer00000000000000000001.regtrans-ms
2010-06-09 21:49:01 0 d-----w- c:\programdata\McAfee
2010-06-09 21:48:57 0 d-----w- c:\program files\McAfee
2010-06-09 19:35:22 0 d-----w- c:\windows\pss
2010-06-09 19:17:09 0 d-----w- c:\programdata\Sun
2010-06-09 15:56:42 287301911 ----a-w- c:\windows\MEMORY.DMP
2010-06-09 15:44:43 0 d-s---w- C:\Combo-Fix9146C
2010-06-09 15:22:35 0 d-sh--w- C:\$RECYCLE.BIN
2010-06-09 11:49:48 0 d-----w- c:\program files\NeroInstall.bak
2010-06-09 11:47:39 1024 ----a-w- c:\users\dave\.rnd
2010-06-09 11:46:47 0 d-----w- c:\programdata\Nero
2010-06-09 11:46:47 0 d-----w- c:\program files\Nero
2010-06-08 03:50:44 0 d-----w- c:\programdata\LightScribe
2010-06-08 03:39:44 0 d-----w- C:\Combo-Fix
2010-06-08 02:41:14 98816 ----a-w- c:\windows\sed.exe
2010-06-08 02:41:14 77312 ----a-w- c:\windows\MBR.exe
2010-06-08 02:41:14 256512 ----a-w- c:\windows\PEV.exe
2010-06-08 02:41:14 161792 ----a-w- c:\windows\SWREG.exe
2010-06-07 13:10:04 0 d-----w- c:\users\dave\appdata\roaming\Malwarebytes
2010-06-07 13:09:58 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-07 13:09:56 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-07 13:09:56 0 d-----w- c:\programdata\Malwarebytes
2010-06-07 13:09:53 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-06 19:15:40 0 d-----w- c:\programdata\Apple Computer
2010-06-06 19:15:04 0 d-----w- c:\programdata\Apple
2010-06-05 07:21:35 65602 ----a-w- c:\windows\system32\cook3260.dll
2010-06-05 07:21:35 626688 ----a-w- c:\windows\system32\vp7vfw.dll
2010-06-05 07:21:35 217127 ----a-w- c:\windows\system32\drv43260.dll
2010-06-05 07:21:35 208935 ----a-w- c:\windows\system32\drv33260.dll
2010-06-05 07:21:35 176165 ----a-w- c:\windows\system32\drv23260.dll
2010-06-05 07:21:35 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll
2010-06-05 07:21:35 102439 ----a-w- c:\windows\system32\sipr3260.dll
2010-06-05 07:21:30 0 d-----w- c:\program files\VSO
2010-06-05 07:16:24 67 ----a-w- c:\windows\My Video Converter.INI
2010-06-05 07:15:57 0 d-----w- c:\program files\My Video Converter
2010-06-04 06:48:08 0 d-----w- c:\users\dave\appdata\roaming\WebcamMax
2010-06-04 06:48:08 0 d-----w- c:\programdata\WebcamMax
2010-06-04 06:46:06 0 d-----w- c:\program files\WebcamMax
2010-06-03 12:17:08 0 d-----w- c:\users\dave\appdata\roaming\DisplayFusion
2010-06-03 12:00:54 0 d-----w- c:\users\dave\appdata\roaming\Binary Fortress Software
2010-06-03 11:56:44 0 d-----w- c:\program files\DisplayFusion
2010-06-02 00:06:44 0 d-----w- c:\users\dave\.jbidwatcher
2010-06-01 22:21:34 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-31 23:32:09 222172 ----a-w- c:\users\dave\YouTube - MAH00120.pdf
2010-05-31 23:22:06 0 d-----w- c:\users\dave\.javaws
2010-05-31 23:09:34 0 d-----w- c:\programdata\PlotSoft
2010-05-31 23:09:34 0 d-----w- c:\program files\PlotSoft
2010-05-31 22:50:29 0 d-----w- c:\program files\Acro Software
2010-05-31 14:13:27 52 ----a-w- c:\windows\system32\everest_cpl.ini
2010-05-31 14:13:27 162304 ----a-w- c:\windows\system32\everest_cpl.cpl
2010-05-28 19:13:57 0 d-----w- C:\New folder
2010-05-28 14:57:06 0 d-----w- c:\program files\NeoSmart Technologies
2010-05-28 01:05:31 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-05-28 01:05:21 0 d-----w- c:\program files\Real Alternative
2010-05-27 06:43:04 0 d-----w- c:\users\dave\appdata\roaming\TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1
2010-05-27 06:43:01 0 d-----w- c:\program files\TweetDeck
2010-05-27 04:04:04 2048 ----a-w- c:\windows\system32\tzres.dll
2010-05-27 03:46:19 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-05-27 03:46:19 47360 ----a-w- c:\users\dave\appdata\roaming\pcouffin.sys
2010-05-27 03:46:18 0 d-----w- c:\users\dave\appdata\roaming\NVIDIA
2010-05-27 03:45:59 0 d-----w- c:\program files\DVDFab 7
2010-05-26 19:07:39 0 d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-05-26 12:21:52 0 d-----w- c:\program files\Wireshark
2010-05-26 08:47:43 1386496 ----a-w- c:\windows\system32\temp.000
2010-05-26 08:47:42 0 d-----w- c:\program files\WS_FTP Password Recoverer 2.5
2010-05-24 20:19:39 0 d-----w- c:\programdata\NCH Software
2010-05-24 20:19:31 0 d-----w- c:\program files\NCH Software
2010-05-24 20:19:27 0 d-----w- c:\users\dave\appdata\roaming\NCH Software
2010-05-24 06:48:31 0 d-----w- c:\users\dave\appdata\roaming\URSoft
2010-05-24 06:48:30 0 d---a-w- c:\programdata\TEMP
2010-05-24 06:48:17 0 d-----w- c:\program files\Your Uninstaller 2010
2010-05-24 06:42:50 0 d-----w- C:\temp
2010-05-24 06:41:41 0 d-----w- C:\quiz
2010-05-24 06:41:26 110592 ----a-w- c:\windows\system32\tsccvid.dll
2010-05-23 20:48:44 0 d-----w- C:\gig
2010-05-23 06:03:27 0 d-----w- c:\program files\common files\Windows Live
2010-05-23 04:38:00 0 d-----w- c:\users\dave\appdata\roaming\ESET
2010-05-23 04:32:38 0 d-----w- c:\programdata\ESET
2010-05-23 04:32:38 0 d-----w- c:\program files\ESET
2010-05-22 23:19:10 0 d-----w- c:\program files\Matroska Pack
2010-05-22 20:15:13 0 d-----w- c:\users\dave\appdata\roaming\MailWasherPro
2010-05-22 20:15:12 0 d-----w- c:\program files\FireTrust
2010-05-22 20:06:30 0 d-----w- c:\programdata\LogiShrd
2010-05-22 19:57:47 299552 ----a-w- c:\windows\wmsysprx.prx
2010-05-22 19:56:50 0 d-----w- c:\users\dave\appdata\roaming\Acoustica
2010-05-22 19:54:22 0 d-----w- c:\program files\Acoustica CD Label Maker
2010-05-22 19:54:03 348160 ----a-w- c:\windows\system32\msvcr71.dll
2010-05-22 19:32:12 8192 ----a-w- c:\windows\system32\srvany.exe
2010-05-22 14:25:20 0 d-----w- c:\program files\Microsoft IntelliType Pro
2010-05-22 13:33:59 0 d-----w- c:\windows\PCHEALTH
2010-05-22 13:33:16 0 d-----w- c:\program files\Microsoft Analysis Services
2010-05-22 13:32:52 0 d-----w- c:\programdata\Microsoft Help
2010-05-22 12:59:45 0 d-----w- c:\programdata\DeskSoft
2010-05-22 12:57:01 28552 ----a-w- c:\windows\system32\drivers\dsnpfd.sys
2010-05-22 12:57:01 0 d-----w- c:\users\dave\appdata\roaming\DeskSoft
2010-05-22 12:57:01 0 d-----w- c:\program files\BWMeter
2010-05-22 07:51:12 0 d-----w- c:\programdata\Adobe
2010-05-22 07:19:31 0 d-----w- c:\users\dave\appdata\roaming\IDM
2010-05-22 07:19:30 0 d-----w- c:\users\dave\appdata\roaming\DMCache
2010-05-22 07:19:24 0 d-----w- c:\program files\Internet Download Manager
2010-05-22 07:06:29 0 d-----w- c:\program files\common files\Software Update Utility
2010-05-22 07:02:01 0 d-----w- c:\programdata\NVIDIA
2010-05-22 07:01:41 0 d-sh--w- c:\windows\Installer
2010-05-22 07:01:35 0 d-----w- c:\program files\NVIDIA Corporation
2010-05-22 06:56:15 0 d-----w- c:\program files\AIM Toolbar
2010-05-22 06:55:23 0 d-----w- c:\programdata\AIM
2010-05-22 06:55:22 0 d-----w- c:\program files\AIM
2010-05-22 06:55:20 0 d-----w- c:\program files\common files\AOL
2010-05-22 06:54:15 1042 ---ha-w- C:\IPH.PH
2010-05-22 06:40:48 728648 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2010-05-22 06:40:48 507568 ----a-w- c:\windows\system32\winload.exe
2010-05-22 06:40:48 442920 ----a-w- c:\windows\system32\winresume.exe
2010-05-22 06:40:48 1320960 ----a-w- c:\windows\system32\CertEnroll.dll
2010-05-22 06:40:47 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2010-05-22 06:38:10 0 d-----w- c:\programdata\Google
2010-05-22 06:29:57 0 d-----w- c:\program files\Shiretoko
2010-05-22 05:45:27 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-05-22 05:45:13 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2010-05-22 05:42:59 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-05-22 05:42:59 85504 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-05-22 05:42:59 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-05-22 05:42:59 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-05-22 05:42:59 132608 ----a-w- c:\windows\system32\cabview.dll
2010-05-22 00:58:28 8192 --sha-r- C:\BOOTSECT.BAK
2010-05-22 00:58:26 383562 --sha-r- C:\bootmgr
2010-05-22 00:58:26 0 d-----w- C:\Boot
2010-05-22 00:00:44 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
2010-05-21 21:11:07 713888 ----a-w- c:\windows\system32\PerfStringBackup.INI
2010-05-21 21:10:54 0 d-----w- c:\windows\system32\wbem\Performance
2010-05-21 21:05:17 171136 --sha-r- C:\w7ldr
2010-05-21 21:04:42 0 d-sh--we c:\programdata\Documents
2010-05-21 21:04:42 0 d-----w- C:\Recovery
2010-05-21 21:04:41 0 d-sh--we C:\Documents and Settings
==================== Find3M ====================
2010-05-12 15:21:16 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-04-29 18:47:18 3600384 ----a-w- c:\windows\system32\GPhotos.scr
2010-04-03 22:27:00 985704 ----a-w- c:\windows\system32\nvsvc.dll
2010-04-03 22:27:00 66664 ----a-w- c:\windows\system32\nvshext.dll
2010-04-03 22:27:00 13683816 ----a-w- c:\windows\system32\nvcpl.dll
2010-04-03 22:27:00 129640 ----a-w- c:\windows\system32\nvvsvc.exe
2010-04-03 22:27:00 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-03-26 00:07:00 20768 ----a-w- c:\windows\system32\MFEOtlk.dll
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
============= FINISH: 2:31:13.28 ===============
Svchost downloading 20-30MB an hour. Infected?
in Resolved Malware Removal Logs
Posted
It's running great. I got a little scare when windows decided to download updates without warning but figured that out and all is fine.
thank you for your help