Jump to content

Smart Fortress 2012 Removed - MWB now blocking iexplore.exe connections to 91.218.121.57 (Type: outgoing, Port: XXXXX)


Maxy
 Share

Recommended Posts

Hi there,

Firstly a big thank you to your community and software devs. After tackling Smart Fortress 2012 for the best part of two days, it's great to be able to go somewhere and get help from those who have been able to remove it already :)

Using instructions on your forum and bleeping computer (where I was directed to MWB), I have been able to remove this horrible malware. As you can see below, I ran two MWB scans during the process (1 quick and 1 full), these removed a number of issues:

Malwarebytes Anti-Malware (Trial) 1.61.0.1400

www.malwarebytes.org

Database version: v2012.04.04.08

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)

Internet Explorer 9.0.8112.16421

Me :: XPS-435 [administrator]

Protection: Disabled

27/04/2012 1:29:50 AM

mbam-log-2012-04-27 (01-29-50).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 243759

Time elapsed: 7 minute(s), 16 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 1

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47a3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Detected: 1

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dplaysvr (Trojan.Agent) -> Data: C:\Users\Me\AppData\Local\dplaysvr.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 5

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0

(No malicious items detected)

Files Detected: 3

C:\Users\Me\AppData\Local\Temp\ms0cfg32.exe (Exploit.Drop.CFG) -> Quarantined and deleted successfully.

C:\Users\Me\AppData\Local\dplaysvr.exe (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\Me\Local Settings\Application Data\dplaysvr.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)

Malwarebytes Anti-Malware (Trial) 1.61.0.1400

www.malwarebytes.org

Database version: v2012.04.26.03

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Me :: XPS-435 [limited]

Protection: Enabled

27/04/2012 1:46:25 AM

mbam-log-2012-04-27 (01-46-25).txt

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 824904

Time elapsed: 8 hour(s), 58 minute(s), 32 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 5

C:\Program Files (x86)\Windows Live\Messenger\riched20.dll (PUP.FunWebProducts) -> Quarantined and deleted successfully.

C:\Users\Me\AppData\Local\Temp\~!#3330.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Users\Me\AppData\Local\Temp\~!#3A14.tmp (Trojan.LameShield) -> Quarantined and deleted successfully.

C:\Users\Me\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\fea0068-1e46f336 (Trojan.FakeMS) -> Quarantined and deleted successfully.

C:\Windows\Temp\temp08.exe (Trojan.LameShield) -> Quarantined and deleted successfully.

(end)

This all seemed fine, though I noticed MWB was now blocking iexplore.exe from connecting to IP: 91.218.121.57, what seemes like randomly while in IE9. Seems to go for increasing port numbers at each attempt also.

2012/04/28 05:55:36 +1000 XPS-435 Me IP-BLOCK 91.218.121.57 (Type: outgoing, Port: 62627, Process: iexplore.exe)

2012/04/28 05:55:44 +1000 XPS-435 Me IP-BLOCK 91.218.121.57 (Type: outgoing, Port: 62630, Process: iexplore.exe)

2012/04/28 05:55:44 +1000 XPS-435 Me IP-BLOCK 91.218.121.57 (Type: outgoing, Port: 62629, Process: iexplore.exe)

2012/04/28 05:55:44 +1000 XPS-435 Me IP-BLOCK 91.218.121.57 (Type: outgoing, Port: 62631, Process: iexplore.exe)

Was so close to doing a rebuild, but figured I have come this far and was hoping you could provide some help on how to stop this (and anything else you see that may be suspicious in my logs).

Per directions on your site, please find below copy of DDS.txt and Attach.txt:

------------------------------------------- DDS.txt ---------------------------------------------------------

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by Me at 7:22:36 on 2012-04-28

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.12279.9256 [GMT 10:00]

.

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\atieclxx.exe

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe

C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Windows\SysWOW64\bgsvcgen.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\FOXTEL\Download Player\Download Control\DCBin\DCService.exe

C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe

C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe

C:\Program Files (x86)\Common Files\Logishrd\LVMVFM\LVPrS64H.exe

C:\Windows\system32\mfevtps.exe

C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe

C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe

C:\Windows\SysWOW64\vmnat.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe

C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe

C:\Windows\SysWOW64\vmnetdhcp.exe

C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

C:\Program Files\Logitech\Gaming Software\LWEMon.exe

C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe

C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe

C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe

C:\Program Files (x86)\PowerISO\PWRISOVM.EXE

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Logitech\SetPointP\SetPoint.exe

C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe

C:\Windows\System32\rundll32.exe

C:\Windows\System32\rundll32.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

C:\Users\Me\AppData\Local\Google\Update\GoogleUpdate.exe

C:\Program Files (x86)\Logitech\Vid HD\Vid.exe

C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE

C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Users\Me\AppData\Local\Google\Chrome\Application\18.0.1025.162\chrome_frame_helper.exe

C:\Program Files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe

C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe

C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe

C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files (x86)\Citrix\ICA Client\concentr.exe

C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe

C:\Program Files\Logitech\SetPointG\SetPointII.exe

C:\Program Files (x86)\NETGEAR Genie\bin\genie_tray.exe

C:\Windows\splwow64.exe

C:\Program Files (x86)\Windows Media Player\wmplayer.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\System32\alg.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe

C:\Program Files (x86)\NETGEAR\USB Control Center\Control Center.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe

C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe

C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe

C:\Program Files (x86)\CyberLink\Shared files\brs.exe

C:\Program Files (x86)\DVD or CD Sharing\ODSAgent.exe

C:\Program Files\McAfee.com\Agent\mcagent.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe

C:\Windows\system32\DllHost.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

C:\Program Files\Common Files\McAfee\Core\mchost.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Windows\system32\vssvc.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\SysWOW64\NOTEPAD.EXE

C:\Windows\SysWOW64\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com.au/

uInternet Settings,ProxyOverride = *.local

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120418141541.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No File

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL

BHO: {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - No File

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent

uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

uRun: [AdobeBridge]

uRun: [Google Update] "C:\Users\Me\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [Logitech Vid] "C:\Program Files (x86)\Logitech\Vid HD\Vid.exe" -bootmode

uRun: [JumiController] C:\Program Files (x86)\Jumi\jumi.exe

uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"

uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

uRun: [NETGEARGenie] "C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe" -mini -redirect

uRun: [ChromeFrameHelper] "C:\Users\Me\AppData\Local\Google\Chrome\Application\18.0.1025.162\chrome_frame_helper.exe" --startup

mRun: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run

mRun: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry

mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup

mRun: [OLPSYNCH] C:\Program Files (x86)\Offline Course Player\OlpSynch.exe

mRun: [CloneCDTray] "C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe" /s

mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide

mRun: [FAStartup]

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [Netgear UDS Control Center] C:\Program Files (x86)\NETGEAR\USB Control Center\Control Center.exe -mini

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [Memeo Instant Backup] C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui

mRun: [Memeo AutoSync] C:\Program Files (x86)\Memeo\AutoSync\MemeoLauncher2.exe --silent

mRun: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"

mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

mRun: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"

mRun: [MDS_Menu] "C:\Program Files (x86)\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\MediaShow4" UpdateWithCreateOnce "Software\CyberLink\MediaShow\4.1"

mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"

mRun: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"

mRun: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe

mRun: [updatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"

mRun: [uCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"

mRun: [LGODDFU] "C:\Program Files (x86)\lg_fwupdate\fwupdate.exe" blrun

mRun: [updatePSTShortCut] "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"

mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [DVD or CD Sharing] "C:\Program Files (x86)\DVD or CD Sharing\ODSAgent.exe"

mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [RandomBars] "C:\Program Files (x86)\Common Files\RandomBars\RandomBars.exe" /g

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

StartupFolder: C:\Users\Me\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HDWRIT~1.LNK - C:\Program Files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ONLINE~1.LNK - C:\Windows\Installer\{0F1F7A90-E71B-4E45-A066-2891619F22E1}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PICTUR~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: EnableLinkedConnections = 1 (0x1)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000

IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

LSP: %SystemRoot%\system32\vsocklib.dll

Trusted Zone: debras.com.au\www

Trusted Zone: westpac.com.au\red

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxps://a248.e.akamai.net/f/248/14778/2h/dlmanager.download.akamai.com/14778/dlmanager/versions/activex/dlm-activex-2.2.6.0.cab

DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} - hxxps://www.icloud.com/system/iCloud.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{059445F7-6DF0-4E11-AD5E-04032E76E034} : DhcpNameServer = 10.4.85.135 10.4.176.231

TCP: Interfaces\{2B1A7A28-C8E2-4B03-892A-C7567C36589E} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{46221949-C3D6-4920-A444-9BAEBDBA4A15} : DhcpNameServer = 10.176.66.71 10.188.66.103

Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\McAfee\MSC\McSnIePl.dll

Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Users\Me\AppData\Local\Google\Chrome\Application\18.0.1025.162\npchrome_frame.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL

BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120418141541.dll

BHO-X64: scriptproxy - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No File

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - No File

BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

mRun-x64: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run

mRun-x64: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry

mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun-x64: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

mRun-x64: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup

mRun-x64: [OLPSYNCH] C:\Program Files (x86)\Offline Course Player\OlpSynch.exe

mRun-x64: [CloneCDTray] "C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe" /s

mRun-x64: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide

mRun-x64: [FAStartup]

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [Netgear UDS Control Center] C:\Program Files (x86)\NETGEAR\USB Control Center\Control Center.exe -mini

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [Memeo Instant Backup] C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_ui

mRun-x64: [Memeo AutoSync] C:\Program Files (x86)\Memeo\AutoSync\MemeoLauncher2.exe --silent

mRun-x64: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"

mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

mRun-x64: [updateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"

mRun-x64: [MDS_Menu] "C:\Program Files (x86)\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\MediaShow4" UpdateWithCreateOnce "Software\CyberLink\MediaShow\4.1"

mRun-x64: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"

mRun-x64: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

mRun-x64: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"

mRun-x64: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe

mRun-x64: [updatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"

mRun-x64: [uCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"

mRun-x64: [LGODDFU] "C:\Program Files (x86)\lg_fwupdate\fwupdate.exe" blrun

mRun-x64: [updatePSTShortCut] "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"

mRun-x64: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [DVD or CD Sharing] "C:\Program Files (x86)\DVD or CD Sharing\ODSAgent.exe"

mRun-x64: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [RandomBars] "C:\Program Files (x86)\Common Files\RandomBars\RandomBars.exe" /g

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL

.

============= SERVICES / DRIVERS ===============

.

R0 fltsrv;Acronis Storage Filter Management;C:\Windows\system32\DRIVERS\fltsrv.sys --> C:\Windows\system32\DRIVERS\fltsrv.sys [?]

R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]

R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]

R0 vididr;Acronis Virtual Disk;C:\Windows\system32\DRIVERS\vididr.sys --> C:\Windows\system32\DRIVERS\vididr.sys [?]

R0 vidsflt61;Acronis Disk Storage Filter (61);C:\Windows\system32\DRIVERS\vsflt61.sys --> C:\Windows\system32\DRIVERS\vsflt61.sys [?]

R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\system32\DRIVERS\ctxusbm.sys --> C:\Windows\system32\DRIVERS\ctxusbm.sys [?]

R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]

R2 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-12-19 3450832]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 Foxtel;Foxtel Download Manager;C:\Program Files (x86)\FOXTEL\Download Player\Download Control\DCBin\DCService.exe [2009-9-24 70144]

R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe [2010-5-7 197976]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-27 654408]

R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-3-31 249936]

R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-3-31 249936]

R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-3-31 249936]

R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2012-3-31 199272]

R2 MemeoBackgroundService;MemeoBackgroundService;C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2011-5-5 25824]

R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2012-3-31 210584]

R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]

R2 NETGEARGenieDaemon;NETGEARGenieDaemon;C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [2012-3-7 1370400]

R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-9-30 2253120]

R2 OS Selector;Acronis OS Selector activator;C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe [2010-9-29 2139400]

R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-7-19 1153368]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248]

R2 syncagentsrv;Acronis Sync Agent Service;C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2011-11-10 5890144]

R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-8-29 846448]

R3 afcdp;afcdp;C:\Windows\system32\DRIVERS\afcdp.sys --> C:\Windows\system32\DRIVERS\afcdp.sys [?]

R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]

R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\system32\drivers\LGBusEnum.sys --> C:\Windows\system32\drivers\LGBusEnum.sys [?]

R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\system32\drivers\LGVirHid.sys --> C:\Windows\system32\drivers\LGVirHid.sys [?]

R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys --> C:\Windows\system32\DRIVERS\LVPr2M64.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]

R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S2 0234041313755837mcinstcleanup;McAfee Application Installer Cleanup (0234041313755837);C:\Windows\TEMP\023404~1.EXE C:\PROGRA~2\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> C:\Windows\TEMP\023404~1.EXE C:\PROGRA~2\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]

S2 CLKMSVC10_9EC60124;CyberLink Product - 2012/01/14 22:53:28;C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2010-11-23 240112]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-30 135664]

S3 ACSSCR;ACR38 Smart Card Reader;C:\Windows\system32\DRIVERS\a38usb.sys --> C:\Windows\system32\DRIVERS\a38usb.sys [?]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-24 253088]

S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

S3 CompFilter64;UVCCompositeFilter;C:\Windows\system32\DRIVERS\lvbflt64.sys --> C:\Windows\system32\DRIVERS\lvbflt64.sys [?]

S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-5-1 79360]

S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-5-1 79360]

S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\DAUpdaterSvc.Service.exe --> c:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\DAUpdaterSvc.Service.exe [?]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-30 135664]

S3 jumi;%Jumi%;C:\Windows\system32\DRIVERS\jumi.sys --> C:\Windows\system32\DRIVERS\jumi.sys [?]

S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]

S3 LVUVC64;Logitech HD Pro Webcam C910(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]

S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]

S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\system32\DRIVERS\netaapl64.sys --> C:\Windows\system32\DRIVERS\netaapl64.sys [?]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 RemoteControl-USBLAN;RemoteControl-USBLAN;C:\Windows\system32\DRIVERS\rcblan.sys --> C:\Windows\system32\DRIVERS\rcblan.sys [?]

S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-04-27 21:12:24 -------- d-----w- C:\Users\Me\AppData\Local\{CEE896F5-E443-416B-90BD-A5B1FD04E79C}

2012-04-27 21:12:04 -------- d-----w- C:\Users\Me\AppData\Local\{3FA50B24-8FAD-11E1-826D-B8AC6F996F26}

2012-04-27 17:31:00 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{033B5F5C-4A19-4D45-BF9B-DFE534E72D46}\offreg.dll

2012-04-27 13:11:39 8917360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{033B5F5C-4A19-4D45-BF9B-DFE534E72D46}\mpengine.dll

2012-04-26 16:19:08 222560 ----a-w- C:\Windows\SysWow64\snapapi.dll

2012-04-26 15:17:00 -------- d-----w- C:\Users\Me\AppData\Roaming\Malwarebytes

2012-04-26 15:16:56 -------- d-----w- C:\ProgramData\Malwarebytes

2012-04-26 15:16:55 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-04-26 15:16:55 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-04-26 15:10:07 883616 ----a-w- C:\FixExec.com

2012-04-26 14:32:35 302080 ----a-w- C:\ProgramData\XkFcjVGVgWJhiQK.exe

2012-04-26 14:30:41 -------- d-----w- C:\ProgramData\99058D5000007AC400043884B4EB2367

2012-04-26 14:30:34 -------- d-----w- C:\Program Files (x86)\Common Files\RandomBars

2012-04-26 14:30:13 42592 --sh--w- C:\Users\Me\AppData\Local\dplayx.dll

2012-04-24 05:36:13 8741536 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe

2012-04-24 04:39:26 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-04-15 03:54:18 -------- d-----w- C:\Program Files\iPod

2012-04-15 03:54:17 -------- d-----w- C:\Program Files\iTunes

2012-04-12 17:01:19 81408 ----a-w- C:\Windows\System32\imagehlp.dll

2012-04-12 17:01:19 5120 ----a-w- C:\Windows\SysWow64\wmi.dll

2012-04-12 17:01:19 5120 ----a-w- C:\Windows\System32\wmi.dll

2012-04-12 17:01:19 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys

2012-04-12 17:01:19 220672 ----a-w- C:\Windows\System32\wintrust.dll

2012-04-12 17:01:19 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll

2012-04-12 17:01:19 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll

2012-04-12 17:00:48 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%

2012-04-01 08:38:51 -------- d-----w- C:\Program Files (x86)\THQ

2012-03-31 14:44:02 -------- d-----w- C:\Users\Me\AppData\Local\Eraser 6

2012-03-30 16:26:14 10248 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys

2012-03-30 16:25:26 75936 ----a-w- C:\Windows\System32\drivers\mfenlfk.sys

2012-03-30 16:25:26 289664 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys

2012-03-30 16:25:25 65264 ----a-w- C:\Windows\System32\drivers\cfwids.sys

2012-03-30 16:25:25 487296 ----a-w- C:\Windows\System32\drivers\mfefirek.sys

2012-03-30 16:25:25 229528 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys

2012-03-30 16:25:25 100912 ----a-w- C:\Windows\System32\drivers\mferkdet.sys

2012-03-30 16:19:07 162192 ----a-w- C:\Windows\System32\mfevtps.exe

.

==================== Find3M ====================

.

2012-04-26 14:28:57 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr

2012-04-26 14:28:57 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2012-04-26 14:28:38 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0

2012-04-24 05:36:21 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-04-14 04:31:07 96784 ----a-w- C:\Windows\SysWow64\packet.dll

2012-04-14 04:31:07 369168 ----a-w- C:\Windows\System32\wpcap.dll

2012-04-14 04:31:07 35344 ----a-w- C:\Windows\System32\drivers\npf.sys

2012-04-14 04:31:07 281104 ----a-w- C:\Windows\SysWow64\wpcap.dll

2012-04-14 04:31:07 106000 ----a-w- C:\Windows\System32\packet.dll

2012-03-30 16:49:12 198944 ----a-w- C:\Windows\System32\drivers\snapman.sys

2012-03-08 08:50:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll

2012-03-06 06:53:37 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-03-06 05:59:47 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-03-06 05:59:41 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll

2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll

2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-02-23 00:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe

2012-02-22 03:29:46 647208 ----a-w- C:\Windows\System32\drivers\mfehidk.sys

2012-02-22 03:29:46 160792 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys

2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll

2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll

2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys

2012-02-15 12:22:10 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe

2012-02-14 02:09:44 1070352 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX

2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll

2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll

2012-02-03 04:34:34 3145728 ----a-w- C:\Windows\System32\win32k.sys

.

============= FINISH: 7:23:01.33 ===============

------------------------------------------- Attach.txt ---------------------------------------------------------

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 20/12/2009 7:18:33 AM

System Uptime: 28/04/2012 7:10:55 AM (0 hours ago)

.

Motherboard: DELL Inc. | | 0X501H

Processor: Intel® Core™ i7 CPU 920 @ 2.67GHz | CPU 1 | 2668/133mhz

.

==== Disk Partitions =========================

.

A: is FIXED (NTFS) - 1863 GiB total, 191.101 GiB free.

B: is FIXED (NTFS) - 1863 GiB total, 351.271 GiB free.

C: is FIXED (NTFS) - 1863 GiB total, 246.958 GiB free.

D: is CDROM ()

E: is CDROM (UDF)

F: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: VMware Virtual Ethernet Adapter for VMnet1

Device ID: ROOT\VMWARE\0000

Manufacturer: VMware, Inc.

Name: VMware Virtual Ethernet Adapter for VMnet1

PNP Device ID: ROOT\VMWARE\0000

Service: VMnetAdapter

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: VMware Virtual Ethernet Adapter for VMnet8

Device ID: ROOT\VMWARE\0001

Manufacturer: VMware, Inc.

Name: VMware Virtual Ethernet Adapter for VMnet8

PNP Device ID: ROOT\VMWARE\0001

Service: VMnetAdapter

.

Class GUID: {36fc9e60-c465-11cf-8056-444553540000}

Description: Unknown Device

Device ID: USB\VID_0000&PID_0000\5&4051B8C&0&3

Manufacturer: (Standard USB Host Controller)

Name: Unknown Device

PNP Device ID: USB\VID_0000&PID_0000\5&4051B8C&0&3

Service:

.

==== System Restore Points ===================

.

RP375: 27/04/2012 1:55:02 AM - Removed Eraser 6.0.9.2563

RP376: 27/04/2012 7:49:01 PM - Removed Eraser 6.0.9.2563

RP377: 27/04/2012 8:11:15 PM - Installed Microsoft Fix it 50687

RP378: 27/04/2012 11:11:09 PM - Windows Update

.

==== Installed Programs ======================

.

Acrobat.com

Acronis Disk Director 11 Home

Acronis Drive Cleanser

Acronis True Image Home 2012

Adobe AIR

Adobe Community Help

Adobe Creative Suite 5 Production Premium

Adobe ExtendScript Toolkit 2

Adobe Media Player

Adobe Reader 9.5.1

Adobe Shockwave Player 11.5

Adobe Story

Age of Empires III

Apple Application Support

Apple Software Update

Ashes Cricket 2009

Back to the Future: Ep 2 - Get Tannen!

Back to the Future: Ep 3 - Citizen Brown

Back to the Future: Episode 1

Battlefield 3™

Battlefield: Bad Company 2

Battlelog Web Plugins

Call of Duty Modern Warfare 3 version 1.0

Call of Duty® 4 - Modern Warfare™

Call of Duty: Black Ops

Call of Duty: Black Ops - Multiplayer

CameraHelperMsi

Canon CanoScan Toolbox 5.0

CCS64 V3.8

Citrix online plug-in

Citrix online plug-in (DV)

Citrix online plug-in (HDX)

Citrix online plug-in (PNA)

Citrix online plug-in (SSON)

Citrix online plug-in (USB)

Citrix online plug-in (Web)

Click to Call with Skype

CloneCD

Creative ALchemy

Creative Audio Control Panel

Creative MediaSource 5

Creative Software AutoUpdate

Creative Sound Blaster Properties x64 Edition

Creative WaveStudio 7

Cyberduck 4.0 (8510)

CyberLink BD Advisor 2.0

CyberLink Blu-ray Disc Suite

CyberLink LabelPrint

CyberLink LG Burning Tool

CyberLink MediaShow

CyberLink PowerBackup

CyberLink PowerDVD 9

CyberLink PowerProducer

CyberLink YouCam

D3DX10

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Dell Driver Download Manager

DivX Setup

DVD or CD Sharing

DVDFab 8.1.5.9 (20/01/2012) Qt

e-tax 2011

eReg

ESN Sonar

F1 2011

Finding Nemo

Foxtel Download Manager 4.1.500.11

FOXTEL Download Player

Freecorder 4.0 Application

Google Chrome

Google Chrome Frame

Google Earth Plug-in

Google Toolbar for Internet Explorer

Google Update Helper

HandBrake 0.9.6

HD Writer AE 2.1

ImgBurn

Java Auto Updater

Java™ 6 Update 29

Junk Mail filter update

LG Tool Kit

LightScribe System Software

Logitech Harmony Remote Software 7

Logitech Touch Mouse Server 1.0

Logitech Vid HD

Logitech Webcam Software

LWS Facebook

LWS Gallery

LWS Help_main

LWS Launcher

LWS Motion Detection

LWS Pictures And Video

LWS Twitter

LWS Video Mask Maker

LWS Webcam Software

LWS WLM Plugin

LWS YouTube Plugin

Magic Bullet Quick Looks Limited

MakeMKV v1.7.4

Malwarebytes Anti-Malware version 1.61.0.1400

Mass Effect™ 3 Demo

McAfee SecurityCenter

Medal of Honor™ Multiplayer

Medal of Honor™ Single Player

Memeo AutoSync

Memeo Instant Backup

Microsoft Age of Empires II

Microsoft Age of Empires II: The Conquerors Expansion

Microsoft Chart Controls for Microsoft .NET Framework 3.5

Microsoft Flight

Microsoft Games for Windows - LIVE Redistributable

Microsoft Games for Windows Marketplace

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft SQL Server Compact 3.5 SP1 English

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft_VC80_ATL_x86

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_ATL_x86

Microsoft_VC90_CRT_x86

Microsoft_VC90_MFC_x86

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

NETGEAR Genie

NETGEAR USB Control Center

NVIDIA PhysX

NVIDIA Stereoscopic 3D Driver

Offline Course Player

OpenAL

Origin

PDF Settings CS5

PictureMover

Plex

Plex Media Server

Plus Pack for Acronis True Image Home 2012

PowerISO

PunkBuster Services

PxMergeModule

QuickTime

Rapture3D 2.4.9 Game

Remote Control USB Driver

ResScan

Roadkil's Raw Copy Version 1.2

Safari

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)

Security Update for Microsoft Visio Viewer 2010 (KB2597170) 32-Bit Edition

SHIFT 2 UNLEASHED™

Skype™ 5.5

Spybot - Search & Destroy

System Requirements Lab

Test Drive Unlimited 2

Ubisoft Game Launcher

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Excel 2010 (KB2553439) 32-Bit Edition

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

VC80CRTRedist - 8.0.50727.6195

Virtua Tennis™ 2009

Visual C++ 2008 x86 Runtime - (v9.0.30729)

Visual C++ 2008 x86 Runtime - v9.0.30729.01

VMware Player

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Messenger

Windows Live Photo Common

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

WinX DVD Ripper Platinum 6.0.2

WinZip 15.5

World of Warcraft

World of Warcraft Public Test

.

==== Event Viewer Messages From Past Week ========

.

28/04/2012 7:13:00 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd luafv

28/04/2012 7:13:00 AM, Error: Service Control Manager [7022] - The NETGEARGenieDaemon service hung on starting.

28/04/2012 7:08:19 AM, Error: Service Control Manager [7011] - A timeout (120000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.

27/04/2012 8:27:26 PM, Error: Service Control Manager [7023] - The Base Filtering Engine service terminated with the following error: Access is denied.

27/04/2012 8:27:26 PM, Error: Service Control Manager [7001] - The Windows Firewall service depends on the Base Filtering Engine service which failed to start because of the following error: Access is denied.

27/04/2012 8:27:26 PM, Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the Windows Firewall service which failed to start because of the following error: The dependency service or group failed to start.

27/04/2012 8:26:12 PM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.

27/04/2012 8:23:02 PM, Error: Service Control Manager [7003] - The SBSD Security Center Service service depends the following service: wscsvc. This service might not be installed.

27/04/2012 8:23:02 PM, Error: Service Control Manager [7001] - The Internet Connection Sharing (ICS) service depends on the Base Filtering Engine service which failed to start because of the following error: Access is denied.

27/04/2012 8:23:01 PM, Error: Service Control Manager [7001] - The IPsec Policy Agent service depends on the Base Filtering Engine service which failed to start because of the following error: Access is denied.

27/04/2012 8:22:58 PM, Error: Service Control Manager [7001] - The IKE and AuthIP IPsec Keying Modules service depends on the Base Filtering Engine service which failed to start because of the following error: Access is denied.

27/04/2012 7:59:15 PM, Error: Service Control Manager [7003] - The McAfee Personal Firewall Service service depends the following service: MpsSvc. This service might not be installed.

27/04/2012 7:43:33 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

27/04/2012 7:43:33 PM, Error: Service Control Manager [7003] - The Internet Connection Sharing (ICS) service depends the following service: BFE. This service might not be installed.

27/04/2012 7:43:29 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

27/04/2012 7:43:29 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

27/04/2012 6:25:11 PM, Error: Service Control Manager [7034] - The AMD External Events Utility service terminated unexpectedly. It has done this 1 time(s).

27/04/2012 2:41:41 AM, Error: Service Control Manager [7034] - The VMware Authorization Service service terminated unexpectedly. It has done this 1 time(s).

27/04/2012 2:41:36 AM, Error: Service Control Manager [7031] - The VMware USB Arbitration Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

27/04/2012 12:59:44 AM, Error: Service Control Manager [7034] - The McAfee Services service terminated unexpectedly. It has done this 3 time(s).

27/04/2012 12:58:44 AM, Error: Service Control Manager [7031] - The McAfee Services service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

27/04/2012 12:57:44 AM, Error: Service Control Manager [7034] - The McAfee Firewall Core Service service terminated unexpectedly. It has done this 1 time(s).

27/04/2012 12:57:44 AM, Error: Service Control Manager [7031] - The McAfee Services service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

27/04/2012 12:38:49 AM, Error: Service Control Manager [7031] - The McAfee Proxy Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

27/04/2012 12:38:49 AM, Error: Service Control Manager [7031] - The McAfee Anti-Spam Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

27/04/2012 12:38:30 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

27/04/2012 12:37:54 AM, Error: Service Control Manager [7034] - The Acronis Nonstop Backup Service service terminated unexpectedly. It has done this 3 time(s).

27/04/2012 12:37:52 AM, Error: Service Control Manager [7009] - A timeout was reached (120000 milliseconds) while waiting for the VMware USB Arbitration Service service to connect.

27/04/2012 12:37:52 AM, Error: Service Control Manager [7000] - The VMware USB Arbitration Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

27/04/2012 12:37:44 AM, Error: Service Control Manager [7034] - The VMware NAT Service service terminated unexpectedly. It has done this 3 time(s).

27/04/2012 12:37:44 AM, Error: Service Control Manager [7031] - The Acronis Nonstop Backup Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

27/04/2012 12:37:42 AM, Error: Service Control Manager [7031] - The VMware USB Arbitration Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

27/04/2012 12:37:42 AM, Error: Service Control Manager [7009] - A timeout was reached (120000 milliseconds) while waiting for the Acronis Sync Agent Service service to connect.

27/04/2012 12:37:42 AM, Error: Service Control Manager [7000] - The Acronis Sync Agent Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

27/04/2012 12:37:41 AM, Error: Service Control Manager [7009] - A timeout was reached (120000 milliseconds) while waiting for the Windows Live ID Sign-in Assistant service to connect.

27/04/2012 12:37:41 AM, Error: Service Control Manager [7000] - The Windows Live ID Sign-in Assistant service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

27/04/2012 12:37:40 AM, Error: Service Control Manager [7031] - The VMware NAT Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

27/04/2012 12:37:39 AM, Error: Service Control Manager [7031] - The McAfee Proxy Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

27/04/2012 12:37:39 AM, Error: Service Control Manager [7031] - The McAfee Anti-Spam Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

27/04/2012 12:37:39 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "109" attempting to start the service mcmscsvc with arguments "" in order to run the server: {26608B46-476A-4BF1-9CC6-AFEA28EBBC17}

27/04/2012 12:37:37 AM, Error: Service Control Manager [7000] - The McAfee Services service failed to start due to the following error: The pipe has been ended.

27/04/2012 12:37:30 AM, Error: Service Control Manager [7034] - The VMware DHCP Service service terminated unexpectedly. It has done this 1 time(s).

27/04/2012 12:37:30 AM, Error: Service Control Manager [7034] - The Process Monitor service terminated unexpectedly. It has done this 1 time(s).

27/04/2012 12:37:30 AM, Error: Service Control Manager [7034] - The PnkBstrB service terminated unexpectedly. It has done this 1 time(s).

27/04/2012 12:37:30 AM, Error: Service Control Manager [7034] - The PnkBstrA service terminated unexpectedly. It has done this 1 time(s).

27/04/2012 12:37:30 AM, Error: Service Control Manager [7034] - The NETGEARGenieDaemon service terminated unexpectedly. It has done this 1 time(s).

27/04/2012 12:37:30 AM, Error: Service Control Manager [7034] - The MemeoBackgroundService service terminated unexpectedly. It has done this 1 time(s).

27/04/2012 12:37:30 AM, Error: Service Control Manager [7034] - The LightScribeService Direct Disc Labeling Service service terminated unexpectedly. It has done this 1 time(s).

27/04/2012 12:37:30 AM, Error: Service Control Manager [7034] - The iPod Service service terminated unexpectedly. It has done this 1 time(s).

27/04/2012 12:37:30 AM, Error: Service Control Manager [7034] - The Foxtel Download Manager service terminated unexpectedly. It has done this 1 time(s).

27/04/2012 12:37:30 AM, Error: Service Control Manager [7034] - The Cyberlink RichVideo Service(CRVS) service terminated unexpectedly. It has done this 1 time(s).

27/04/2012 12:37:30 AM, Error: Service Control Manager [7034] - The Creative Audio Service service terminated unexpectedly. It has done this 1 time(s).

27/04/2012 12:37:30 AM, Error: Service Control Manager [7034] - The B's Recorder GOLD Library General Service service terminated unexpectedly. It has done this 1 time(s).

27/04/2012 12:37:30 AM, Error: Service Control Manager [7034] - The Adobe Flash Player Update Service service terminated unexpectedly. It has done this 1 time(s).

27/04/2012 12:37:30 AM, Error: Service Control Manager [7034] - The Acronis Scheduler2 Service service terminated unexpectedly. It has done this 1 time(s).

27/04/2012 12:37:30 AM, Error: Service Control Manager [7034] - The Acronis OS Selector activator service terminated unexpectedly. It has done this 1 time(s).

27/04/2012 12:37:30 AM, Error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

27/04/2012 12:37:30 AM, Error: Service Control Manager [7031] - The VMware NAT Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

27/04/2012 12:37:30 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

27/04/2012 12:37:30 AM, Error: Service Control Manager [7031] - The Acronis Sync Agent Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

27/04/2012 12:37:30 AM, Error: Service Control Manager [7031] - The Acronis Nonstop Backup Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

27/04/2012 12:33:17 AM, Error: Service Control Manager [7031] - The Acronis Sync Agent Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

27/04/2012 12:33:08 AM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

27/04/2012 12:33:06 AM, Error: Service Control Manager [7034] - The SBSD Security Center Service service terminated unexpectedly. It has done this 1 time(s).

27/04/2012 12:33:06 AM, Error: Service Control Manager [7034] - The NVIDIA Update Service Daemon service terminated unexpectedly. It has done this 1 time(s).

27/04/2012 12:33:06 AM, Error: Service Control Manager [7031] - The McAfee VirusScan Announcer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

27/04/2012 12:33:06 AM, Error: Service Control Manager [7031] - The McAfee Personal Firewall Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

27/04/2012 12:33:06 AM, Error: Service Control Manager [7031] - The McAfee Network Agent service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

27/04/2012 12:05:40 AM, Error: Service Control Manager [7022] - The Windows Search service hung on starting.

27/04/2012 12:05:40 AM, Error: Service Control Manager [7001] - The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error: After starting, the service hung in a start-pending state.

27/04/2012 12:05:40 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

27/04/2012 12:05:10 AM, Error: Service Control Manager [7022] - The SSDP Discovery service hung on starting.

27/04/2012 12:03:24 AM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

27/04/2012 12:01:16 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd

27/04/2012 1:32:56 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}

27/04/2012 1:30:46 AM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

27/04/2012 1:29:09 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

27/04/2012 1:29:08 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

27/04/2012 1:29:08 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

27/04/2012 1:29:06 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

27/04/2012 1:29:00 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

27/04/2012 1:28:46 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ctxusbm discache ElbyCDIO Lbd luafv SCDEmu spldr Wanarpv6

27/04/2012 1:28:45 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

27/04/2012 1:28:43 AM, Error: Service Control Manager [7001] - The Creative Audio Service service depends on the Windows Audio service which failed to start because of the following error: The dependency service or group failed to start.

27/04/2012 1:13:38 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {395633B1-EED9-4DFC-B67F-9788B51C9F06}

26/04/2012 11:59:45 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147014847

25/04/2012 5:54:50 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

23/04/2012 1:28:59 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk3\DR3.

22/04/2012 8:34:49 PM, Error: srv [2019] - The server was unable to allocate from the system nonpaged pool because the pool was empty.

22/04/2012 11:52:50 PM, Error: srv [2017] - The server was unable to allocate from the system nonpaged pool because the server reached the configured limit for nonpaged pool allocations.

.

==== End Of File ===========================

Again, thanks for providing help on this, much appreciated :)

Max

Link to post
Share on other sites

Hello and :welcome:

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

Link to post
Share on other sites

Thanks for the speedy response Elise :)

As requested, downloaded and ran TDSSKiller.exe per instructions above. No infections were found. Copy of Log below:

04:36:23.0291 9736 TDSS rootkit removing tool 2.7.33.0 Apr 24 2012 18:43:43

04:36:25.0293 9736 ============================================================

04:36:25.0293 9736 Current date / time: 2012/04/29 04:36:25.0293

04:36:25.0293 9736 SystemInfo:

04:36:25.0293 9736

04:36:25.0293 9736 OS Version: 6.1.7601 ServicePack: 1.0

04:36:25.0293 9736 Product type: Workstation

04:36:25.0293 9736 ComputerName: XPS-435

04:36:25.0293 9736 UserName: Me

04:36:25.0293 9736 Windows directory: C:\Windows

04:36:25.0293 9736 System windows directory: C:\Windows

04:36:25.0294 9736 Running under WOW64

04:36:25.0294 9736 Processor architecture: Intel x64

04:36:25.0294 9736 Number of processors: 8

04:36:25.0294 9736 Page size: 0x1000

04:36:25.0294 9736 Boot type: Normal boot

04:36:25.0294 9736 ============================================================

04:36:26.0340 9736 Drive \Device\Harddisk2\DR2 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

04:36:34.0164 9736 Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

04:36:34.0189 9736 Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

04:36:34.0208 9736 ============================================================

04:36:34.0208 9736 \Device\Harddisk2\DR2:

04:36:34.0208 9736 MBR partitions:

04:36:34.0208 9736 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x855A2, BlocksNum 0x32FCD

04:36:34.0208 9736 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0xB856F, BlocksNum 0xE8D4EF52

04:36:34.0208 9736 \Device\Harddisk0\DR0:

04:36:34.0208 9736 MBR partitions:

04:36:34.0208 9736 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1000, BlocksNum 0xE8E07000

04:36:34.0208 9736 \Device\Harddisk1\DR1:

04:36:34.0208 9736 MBR partitions:

04:36:34.0208 9736 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x1000, BlocksNum 0xE8E07000

04:36:34.0208 9736 ============================================================

04:36:34.0228 9736 C: <-> \Device\Harddisk2\DR2\Partition1

04:36:34.0331 9736 B: <-> \Device\Harddisk0\DR0\Partition0

04:36:34.0346 9736 A: <-> \Device\Harddisk1\DR1\Partition0

04:36:34.0347 9736 ============================================================

04:36:34.0347 9736 Initialize success

04:36:34.0347 9736 ============================================================

04:36:50.0399 6664 ============================================================

04:36:50.0399 6664 Scan started

04:36:50.0399 6664 Mode: Manual;

04:36:50.0399 6664 ============================================================

04:36:50.0818 6664 0234041313755837mcinstcleanup - ok

04:36:50.0903 6664 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

04:36:50.0948 6664 1394ohci - ok

04:36:50.0976 6664 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

04:36:50.0980 6664 ACPI - ok

04:36:50.0989 6664 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

04:36:50.0989 6664 AcpiPmi - ok

04:36:51.0078 6664 AcrSch2Svc (42fa8f6a7fa9d2aeb65c0bd971be48bd) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe

04:36:51.0084 6664 AcrSch2Svc - ok

04:36:51.0128 6664 ACSSCR (58f7d09baca61b019227af0d07564739) C:\Windows\system32\DRIVERS\a38usb.sys

04:36:51.0129 6664 ACSSCR - ok

04:36:51.0232 6664 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

04:36:51.0234 6664 AdobeFlashPlayerUpdateSvc - ok

04:36:51.0269 6664 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

04:36:51.0274 6664 adp94xx - ok

04:36:51.0289 6664 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

04:36:51.0292 6664 adpahci - ok

04:36:51.0305 6664 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

04:36:51.0307 6664 adpu320 - ok

04:36:51.0331 6664 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

04:36:51.0332 6664 AeLookupSvc - ok

04:36:51.0385 6664 afcdp (b794dd8acc5cc76177156463dab4bebb) C:\Windows\system32\DRIVERS\afcdp.sys

04:36:51.0388 6664 afcdp - ok

04:36:51.0526 6664 afcdpsrv (ed8b4cf3357de01f8060d206254648c9) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe

04:36:51.0540 6664 afcdpsrv - ok

04:36:51.0638 6664 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

04:36:51.0643 6664 AFD - ok

04:36:51.0680 6664 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

04:36:51.0683 6664 agp440 - ok

04:36:51.0701 6664 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

04:36:51.0703 6664 ALG - ok

04:36:51.0713 6664 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

04:36:51.0713 6664 aliide - ok

04:36:51.0756 6664 AMD External Events Utility (caa6ed31c6da3c505a684162b3492166) C:\Windows\system32\atiesrxx.exe

04:36:51.0757 6664 AMD External Events Utility - ok

04:36:51.0773 6664 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

04:36:51.0774 6664 amdide - ok

04:36:51.0785 6664 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

04:36:51.0786 6664 AmdK8 - ok

04:36:51.0976 6664 amdkmdag (cc0b8b1912967d429c4a2d2bd7a9e52d) C:\Windows\system32\DRIVERS\atikmdag.sys

04:36:52.0063 6664 amdkmdag - ok

04:36:52.0128 6664 amdkmdap (b855c99c23a57edeca29f49a3210b95c) C:\Windows\system32\DRIVERS\atikmpag.sys

04:36:52.0131 6664 amdkmdap - ok

04:36:52.0144 6664 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

04:36:52.0146 6664 AmdPPM - ok

04:36:52.0195 6664 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

04:36:52.0197 6664 amdsata - ok

04:36:52.0209 6664 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

04:36:52.0212 6664 amdsbs - ok

04:36:52.0255 6664 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

04:36:52.0256 6664 amdxata - ok

04:36:52.0302 6664 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

04:36:52.0340 6664 AppID - ok

04:36:52.0349 6664 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

04:36:52.0352 6664 AppIDSvc - ok

04:36:52.0397 6664 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

04:36:52.0398 6664 Appinfo - ok

04:36:52.0477 6664 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

04:36:52.0478 6664 Apple Mobile Device - ok

04:36:52.0488 6664 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

04:36:52.0490 6664 arc - ok

04:36:52.0500 6664 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

04:36:52.0502 6664 arcsas - ok

04:36:52.0512 6664 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

04:36:52.0513 6664 AsyncMac - ok

04:36:52.0556 6664 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

04:36:52.0557 6664 atapi - ok

04:36:52.0584 6664 AtiHdmiService (7e2f5a758f63f80f8b03f889b4e6b19f) C:\Windows\system32\drivers\AtiHdmi.sys

04:36:52.0586 6664 AtiHdmiService - ok

04:36:52.0803 6664 atikmdag (cc0b8b1912967d429c4a2d2bd7a9e52d) C:\Windows\system32\DRIVERS\atikmdag.sys

04:36:52.0829 6664 atikmdag - ok

04:36:52.0929 6664 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

04:36:52.0935 6664 AudioEndpointBuilder - ok

04:36:52.0939 6664 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

04:36:52.0942 6664 AudioSrv - ok

04:36:52.0989 6664 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

04:36:53.0018 6664 AxInstSV - ok

04:36:53.0050 6664 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

04:36:53.0054 6664 b06bdrv - ok

04:36:53.0071 6664 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

04:36:53.0074 6664 b57nd60a - ok

04:36:53.0099 6664 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

04:36:53.0102 6664 BDESVC - ok

04:36:53.0114 6664 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

04:36:53.0118 6664 Beep - ok

04:36:53.0176 6664 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll

04:36:53.0182 6664 BFE - ok

04:36:53.0264 6664 bgsvcgen (acc9c8c560c567fad6f79c977ab2ea09) C:\Windows\SysWOW64\bgsvcgen.exe

04:36:53.0266 6664 bgsvcgen - ok

04:36:53.0334 6664 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll

04:36:53.0342 6664 BITS - ok

04:36:53.0361 6664 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

04:36:53.0362 6664 blbdrive - ok

04:36:53.0460 6664 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe

04:36:53.0463 6664 Bonjour Service - ok

04:36:53.0521 6664 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

04:36:53.0522 6664 bowser - ok

04:36:53.0539 6664 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

04:36:53.0540 6664 BrFiltLo - ok

04:36:53.0548 6664 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

04:36:53.0549 6664 BrFiltUp - ok

04:36:53.0596 6664 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

04:36:53.0598 6664 Browser - ok

04:36:53.0614 6664 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

04:36:53.0616 6664 Brserid - ok

04:36:53.0627 6664 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

04:36:53.0628 6664 BrSerWdm - ok

04:36:53.0634 6664 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

04:36:53.0634 6664 BrUsbMdm - ok

04:36:53.0642 6664 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

04:36:53.0643 6664 BrUsbSer - ok

04:36:53.0656 6664 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

04:36:53.0657 6664 BTHMODEM - ok

04:36:53.0678 6664 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

04:36:53.0680 6664 bthserv - ok

04:36:53.0692 6664 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

04:36:53.0696 6664 cdfs - ok

04:36:53.0749 6664 cdrbsdrv (9edd76d0800a022ae10b9243d0224e72) C:\Windows\system32\drivers\cdrbsdrv.sys

04:36:53.0750 6664 cdrbsdrv - ok

04:36:53.0802 6664 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

04:36:53.0839 6664 cdrom - ok

04:36:53.0861 6664 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

04:36:53.0863 6664 CertPropSvc - ok

04:36:53.0911 6664 cfwids (274ce03459896006f7a5069266e0469e) C:\Windows\system32\drivers\cfwids.sys

04:36:53.0912 6664 cfwids - ok

04:36:53.0921 6664 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

04:36:53.0922 6664 circlass - ok

04:36:53.0936 6664 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

04:36:53.0939 6664 CLFS - ok

04:36:54.0110 6664 CLKMSVC10_9EC60124 (4642b5a3e0d2e61d08163de95fc5b949) C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe

04:36:54.0112 6664 CLKMSVC10_9EC60124 - ok

04:36:54.0173 6664 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

04:36:54.0174 6664 clr_optimization_v2.0.50727_32 - ok

04:36:54.0207 6664 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

04:36:54.0208 6664 clr_optimization_v2.0.50727_64 - ok

04:36:54.0294 6664 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

04:36:54.0324 6664 clr_optimization_v4.0.30319_32 - ok

04:36:54.0351 6664 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

04:36:54.0353 6664 clr_optimization_v4.0.30319_64 - ok

04:36:54.0417 6664 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

04:36:54.0417 6664 CmBatt - ok

04:36:54.0465 6664 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

04:36:54.0466 6664 cmdide - ok

04:36:54.0680 6664 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

04:36:54.0685 6664 CNG - ok

04:36:54.0708 6664 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

04:36:54.0709 6664 Compbatt - ok

04:36:54.0760 6664 CompFilter64 (553aa50f4d8f80320b59c6566d385a2f) C:\Windows\system32\DRIVERS\lvbflt64.sys

04:36:54.0761 6664 CompFilter64 - ok

04:36:54.0781 6664 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

04:36:54.0821 6664 CompositeBus - ok

04:36:54.0833 6664 COMSysApp - ok

04:36:54.0847 6664 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

04:36:54.0848 6664 crcdisk - ok

04:36:54.0917 6664 Creative ALchemy AL6 Licensing Service (c8bd651e13895b93ed9ec5b4f1df42bc) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe

04:36:54.0918 6664 Creative ALchemy AL6 Licensing Service - ok

04:36:54.0956 6664 Creative Audio Engine Licensing Service (c0ead9f8ab83d41ff07303c75589c2b8) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe

04:36:54.0958 6664 Creative Audio Engine Licensing Service - ok

04:36:55.0006 6664 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll

04:36:55.0035 6664 CryptSvc - ok

04:36:55.0130 6664 CTAudSvcService (69cdba2b9c397e349a04fa70dd9170a2) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

04:36:55.0210 6664 CTAudSvcService - ok

04:36:55.0273 6664 ctxusbm (ba8e5b2291c01ef71ca80e25f0c79d55) C:\Windows\system32\DRIVERS\ctxusbm.sys

04:36:55.0274 6664 ctxusbm - ok

04:36:55.0406 6664 DAUpdaterSvc - ok

04:36:55.0433 6664 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

04:36:55.0439 6664 DcomLaunch - ok

04:36:55.0463 6664 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

04:36:55.0466 6664 defragsvc - ok

04:36:55.0507 6664 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

04:36:55.0509 6664 DfsC - ok

04:36:55.0533 6664 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

04:36:55.0563 6664 Dhcp - ok

04:36:55.0590 6664 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

04:36:55.0591 6664 discache - ok

04:36:55.0604 6664 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

04:36:55.0605 6664 Disk - ok

04:36:55.0651 6664 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

04:36:55.0654 6664 Dnscache - ok

04:36:55.0704 6664 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

04:36:55.0735 6664 dot3svc - ok

04:36:55.0778 6664 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

04:36:55.0780 6664 DPS - ok

04:36:55.0818 6664 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

04:36:55.0823 6664 drmkaud - ok

04:36:55.0868 6664 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

04:36:55.0918 6664 DXGKrnl - ok

04:36:55.0934 6664 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

04:36:55.0936 6664 EapHost - ok

04:36:56.0029 6664 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

04:36:56.0073 6664 ebdrv - ok

04:36:56.0176 6664 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

04:36:56.0178 6664 EFS - ok

04:36:56.0219 6664 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

04:36:56.0226 6664 ehRecvr - ok

04:36:56.0253 6664 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

04:36:56.0254 6664 ehSched - ok

04:36:56.0327 6664 ElbyCDFL (9387a484d31209d7fc3f795a787294db) C:\Windows\system32\Drivers\ElbyCDFL.sys

04:36:56.0328 6664 ElbyCDFL - ok

04:36:56.0340 6664 ElbyCDIO (702d5606cf2199e0edea6f0e0d27cd10) C:\Windows\system32\Drivers\ElbyCDIO.sys

04:36:56.0342 6664 ElbyCDIO - ok

04:36:56.0383 6664 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

04:36:56.0388 6664 elxstor - ok

04:36:56.0428 6664 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

04:36:56.0432 6664 ErrDev - ok

04:36:56.0462 6664 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

04:36:56.0466 6664 EventSystem - ok

04:36:56.0485 6664 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

04:36:56.0491 6664 exfat - ok

04:36:56.0504 6664 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

04:36:56.0506 6664 fastfat - ok

04:36:56.0546 6664 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

04:36:56.0553 6664 Fax - ok

04:36:56.0570 6664 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

04:36:56.0571 6664 fdc - ok

04:36:56.0575 6664 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

04:36:56.0576 6664 fdPHost - ok

04:36:56.0587 6664 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

04:36:56.0588 6664 FDResPub - ok

04:36:56.0601 6664 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

04:36:56.0602 6664 FileInfo - ok

04:36:56.0606 6664 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

04:36:56.0608 6664 Filetrace - ok

04:36:56.0695 6664 FLEXnet Licensing Service (3d9b36631032fde0ffea0dc0260e4e35) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

04:36:56.0701 6664 FLEXnet Licensing Service - ok

04:36:56.0704 6664 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

04:36:56.0705 6664 flpydisk - ok

04:36:56.0726 6664 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

04:36:56.0729 6664 FltMgr - ok

04:36:56.0787 6664 fltsrv (e94e042bc24bb301767a8125d529b705) C:\Windows\system32\DRIVERS\fltsrv.sys

04:36:56.0788 6664 fltsrv - ok

04:36:56.0861 6664 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

04:36:56.0885 6664 FontCache - ok

04:36:56.0955 6664 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

04:36:56.0956 6664 FontCache3.0.0.0 - ok

04:36:57.0058 6664 Foxtel (71e3fce77bf4e161c95f420dcf91afdf) C:\Program Files (x86)\FOXTEL\Download Player\Download Control\DCBin\DCService.exe

04:36:57.0059 6664 Foxtel - ok

04:36:57.0086 6664 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

04:36:57.0089 6664 FsDepends - ok

04:36:57.0127 6664 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys

04:36:57.0166 6664 Fs_Rec - ok

04:36:57.0183 6664 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

04:36:57.0186 6664 fvevol - ok

04:36:57.0201 6664 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

04:36:57.0202 6664 gagp30kx - ok

04:36:57.0218 6664 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

04:36:57.0219 6664 GEARAspiWDM - ok

04:36:57.0307 6664 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

04:36:57.0314 6664 gpsvc - ok

04:36:57.0359 6664 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

04:36:57.0361 6664 gupdate - ok

04:36:57.0377 6664 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

04:36:57.0378 6664 gupdatem - ok

04:36:57.0399 6664 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

04:36:57.0401 6664 gusvc - ok

04:36:57.0459 6664 hcmon (adb4348da1345877b04e22203afc8993) C:\Windows\system32\drivers\hcmon.sys

04:36:57.0460 6664 hcmon - ok

04:36:57.0464 6664 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

04:36:57.0465 6664 hcw85cir - ok

04:36:57.0525 6664 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

04:36:57.0563 6664 HdAudAddService - ok

04:36:57.0604 6664 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

04:36:57.0640 6664 HDAudBus - ok

04:36:57.0659 6664 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

04:36:57.0660 6664 HidBatt - ok

04:36:57.0668 6664 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

04:36:57.0670 6664 HidBth - ok

04:36:57.0688 6664 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

04:36:57.0689 6664 HidIr - ok

04:36:57.0703 6664 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll

04:36:57.0706 6664 hidserv - ok

04:36:57.0713 6664 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

04:36:57.0714 6664 HidUsb - ok

04:36:57.0751 6664 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

04:36:57.0753 6664 hkmsvc - ok

04:36:57.0804 6664 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

04:36:57.0807 6664 HomeGroupListener - ok

04:36:57.0850 6664 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

04:36:57.0883 6664 HomeGroupProvider - ok

04:36:57.0904 6664 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

04:36:57.0905 6664 HpSAMD - ok

04:36:57.0970 6664 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

04:36:57.0976 6664 HTTP - ok

04:36:58.0019 6664 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

04:36:58.0020 6664 hwpolicy - ok

04:36:58.0036 6664 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

04:36:58.0042 6664 i8042prt - ok

04:36:58.0095 6664 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

04:36:58.0099 6664 iaStorV - ok

04:36:58.0231 6664 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

04:36:58.0233 6664 IDriverT - ok

04:36:58.0284 6664 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

04:36:58.0291 6664 idsvc - ok

04:36:58.0348 6664 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

04:36:58.0349 6664 iirsp - ok

04:36:58.0388 6664 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

04:36:58.0396 6664 IKEEXT - ok

04:36:58.0413 6664 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

04:36:58.0414 6664 intelide - ok

04:36:58.0435 6664 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

04:36:58.0439 6664 intelppm - ok

04:36:58.0454 6664 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

04:36:58.0455 6664 IPBusEnum - ok

04:36:58.0505 6664 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

04:36:58.0540 6664 IpFilterDriver - ok

04:36:58.0553 6664 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

04:36:58.0555 6664 IPMIDRV - ok

04:36:58.0566 6664 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

04:36:58.0571 6664 IPNAT - ok

04:36:58.0686 6664 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe

04:36:58.0692 6664 iPod Service - ok

04:36:58.0708 6664 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

04:36:58.0711 6664 IRENUM - ok

04:36:58.0737 6664 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

04:36:58.0739 6664 isapnp - ok

04:36:58.0761 6664 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

04:36:58.0801 6664 iScsiPrt - ok

04:36:58.0862 6664 jumi (ccb39c7006d436d238ac75d2abfde1fe) C:\Windows\system32\DRIVERS\jumi.sys

04:36:58.0863 6664 jumi - ok

04:36:58.0889 6664 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

04:36:58.0894 6664 kbdclass - ok

04:36:58.0904 6664 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys

04:36:58.0938 6664 kbdhid - ok

04:36:58.0982 6664 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

04:36:58.0984 6664 KeyIso - ok

04:36:58.0991 6664 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

04:36:58.0993 6664 KSecDD - ok

04:36:59.0042 6664 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

04:36:59.0043 6664 KSecPkg - ok

04:36:59.0055 6664 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

04:36:59.0058 6664 ksthunk - ok

04:36:59.0086 6664 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

04:36:59.0095 6664 KtmRm - ok

04:36:59.0153 6664 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll

04:36:59.0156 6664 LanmanServer - ok

04:36:59.0199 6664 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

04:36:59.0201 6664 LanmanWorkstation - ok

04:36:59.0203 6664 Lbd - ok

04:36:59.0350 6664 LBTServ (4adc135f525d38a498f83b089228cc2d) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe

04:36:59.0354 6664 LBTServ - ok

04:36:59.0387 6664 LGBusEnum (fa529fb35694c24bf98a9ef67c1cd9d0) C:\Windows\system32\drivers\LGBusEnum.sys

04:36:59.0388 6664 LGBusEnum - ok

04:36:59.0409 6664 LGVirHid (94b29ce153765e768f004fb3440be2b0) C:\Windows\system32\drivers\LGVirHid.sys

04:36:59.0410 6664 LGVirHid - ok

04:36:59.0457 6664 LHidFilt (24e09882ba51b9830ae029888a3aaf18) C:\Windows\system32\DRIVERS\LHidFilt.Sys

04:36:59.0458 6664 LHidFilt - ok

04:36:59.0535 6664 LightScribeService (fcbdcc6f1801e32244235608e1277752) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

04:36:59.0536 6664 LightScribeService - ok

04:36:59.0556 6664 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

04:36:59.0560 6664 lltdio - ok

04:36:59.0597 6664 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

04:36:59.0601 6664 lltdsvc - ok

04:36:59.0621 6664 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

04:36:59.0622 6664 lmhosts - ok

04:36:59.0636 6664 LMouFilt (2f94325d8c10e2b715f3d753c2422aac) C:\Windows\system32\DRIVERS\LMouFilt.Sys

04:36:59.0638 6664 LMouFilt - ok

04:36:59.0656 6664 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

04:36:59.0658 6664 LSI_FC - ok

04:36:59.0704 6664 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

04:36:59.0705 6664 LSI_SAS - ok

04:36:59.0712 6664 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

04:36:59.0714 6664 LSI_SAS2 - ok

04:36:59.0733 6664 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

04:36:59.0735 6664 LSI_SCSI - ok

04:36:59.0746 6664 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

04:36:59.0748 6664 luafv - ok

04:36:59.0794 6664 LVPr2M64 (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys

04:36:59.0795 6664 LVPr2M64 - ok

04:36:59.0797 6664 LVPr2Mon (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys

04:36:59.0797 6664 LVPr2Mon - ok

04:36:59.0848 6664 LVPrcS64 (9cd0dc863be5d40a762f7d84f11a8471) C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe

04:36:59.0851 6664 LVPrcS64 - ok

04:36:59.0879 6664 LVRS64 (803085f59ec92b3827cc4d90fcbfd335) C:\Windows\system32\DRIVERS\lvrs64.sys

04:36:59.0882 6664 LVRS64 - ok

04:37:00.0044 6664 LVUVC64 (a8d7c97016e6b76ef472a4c7ab357ee3) C:\Windows\system32\DRIVERS\lvuvc64.sys

04:37:00.0104 6664 LVUVC64 - ok

04:37:00.0182 6664 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys

04:37:00.0182 6664 MBAMProtector - ok

04:37:00.0223 6664 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

04:37:00.0228 6664 MBAMService - ok

04:37:00.0268 6664 McMPFSvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

04:37:00.0271 6664 McMPFSvc - ok

04:37:00.0281 6664 mcmscsvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

04:37:00.0282 6664 mcmscsvc - ok

04:37:00.0292 6664 McNaiAnn (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

04:37:00.0294 6664 McNaiAnn - ok

04:37:00.0301 6664 McNASvc (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

04:37:00.0302 6664 McNASvc - ok

04:37:00.0327 6664 McODS (dd01bf24dd6bf70a90549f9a7bb2d1eb) C:\Program Files\McAfee\VirusScan\mcods.exe

04:37:00.0331 6664 McODS - ok

04:37:00.0341 6664 McProxy (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

04:37:00.0343 6664 McProxy - ok

04:37:00.0401 6664 McShield (e998e3b12101288d716558466cbf6ae1) C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe

04:37:00.0403 6664 McShield - ok

04:37:00.0469 6664 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

04:37:00.0499 6664 Mcx2Svc - ok

04:37:00.0540 6664 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

04:37:00.0541 6664 megasas - ok

04:37:00.0602 6664 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

04:37:00.0605 6664 MegaSR - ok

04:37:00.0706 6664 MemeoBackgroundService (671a03ca9cd0259ccbb7b78a9ce234ec) C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe

04:37:00.0707 6664 MemeoBackgroundService - ok

04:37:00.0729 6664 mfeapfk (01884cb7655c8908b43ff5e364fe6fd2) C:\Windows\system32\drivers\mfeapfk.sys

04:37:00.0731 6664 mfeapfk - ok

04:37:00.0746 6664 mfeavfk (dab9a9cdfb04e4d68924492aa043019d) C:\Windows\system32\drivers\mfeavfk.sys

04:37:00.0749 6664 mfeavfk - ok

04:37:00.0758 6664 mfeavfk01 - ok

04:37:00.0828 6664 mfefire (b26782c3d6045b4464017d7926877560) C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe

04:37:00.0829 6664 mfefire - ok

04:37:00.0867 6664 mfefirek (ce9a3680675c0907ade16404ca967b49) C:\Windows\system32\drivers\mfefirek.sys

04:37:00.0871 6664 mfefirek - ok

04:37:00.0914 6664 mfehidk (60cf67458dd29cd17e77f2327b1a9a54) C:\Windows\system32\drivers\mfehidk.sys

04:37:00.0920 6664 mfehidk - ok

04:37:00.0929 6664 mfenlfk (a8129cfb919347f8533c934b365e9202) C:\Windows\system32\DRIVERS\mfenlfk.sys

04:37:00.0931 6664 mfenlfk - ok

04:37:00.0943 6664 mferkdet (5041fa2bd2b3a2693b015771bfbf6dca) C:\Windows\system32\drivers\mferkdet.sys

04:37:00.0944 6664 mferkdet - ok

04:37:00.0992 6664 mfevtp (723a5eb6cef7f408c3d0f15a82a6bff8) C:\Windows\system32\mfevtps.exe

04:37:00.0995 6664 mfevtp - ok

04:37:01.0010 6664 mfewfpk (919c56db14a0e1e2ab6da5d2821dc26e) C:\Windows\system32\drivers\mfewfpk.sys

04:37:01.0013 6664 mfewfpk - ok

04:37:01.0102 6664 Microsoft SharePoint Workspace Audit Service - ok

04:37:01.0134 6664 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

04:37:01.0135 6664 MMCSS - ok

04:37:01.0157 6664 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

04:37:01.0159 6664 Modem - ok

04:37:01.0202 6664 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

04:37:01.0206 6664 monitor - ok

04:37:01.0250 6664 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

04:37:01.0254 6664 mouclass - ok

04:37:01.0273 6664 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

04:37:01.0277 6664 mouhid - ok

04:37:01.0333 6664 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

04:37:01.0335 6664 mountmgr - ok

04:37:01.0350 6664 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

04:37:01.0390 6664 mpio - ok

04:37:01.0396 6664 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

04:37:01.0402 6664 mpsdrv - ok

04:37:01.0517 6664 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll

04:37:01.0525 6664 MpsSvc - ok

04:37:01.0584 6664 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

04:37:01.0626 6664 MRxDAV - ok

04:37:01.0680 6664 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

04:37:01.0682 6664 mrxsmb - ok

04:37:01.0735 6664 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

04:37:01.0738 6664 mrxsmb10 - ok

04:37:01.0785 6664 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

04:37:01.0787 6664 mrxsmb20 - ok

04:37:01.0792 6664 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

04:37:01.0793 6664 msahci - ok

04:37:01.0810 6664 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

04:37:01.0854 6664 msdsm - ok

04:37:01.0876 6664 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

04:37:01.0881 6664 MSDTC - ok

04:37:01.0900 6664 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

04:37:01.0901 6664 Msfs - ok

04:37:01.0907 6664 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

04:37:01.0911 6664 mshidkmdf - ok

04:37:01.0924 6664 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

04:37:01.0925 6664 msisadrv - ok

04:37:01.0961 6664 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

04:37:01.0966 6664 MSiSCSI - ok

04:37:01.0968 6664 msiserver - ok

04:37:02.0042 6664 MSK80Service (acb01bf1a905356ab7f978c7fe852209) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe

04:37:02.0044 6664 MSK80Service - ok

04:37:02.0061 6664 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

04:37:02.0064 6664 MSKSSRV - ok

04:37:02.0074 6664 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

04:37:02.0078 6664 MSPCLOCK - ok

04:37:02.0088 6664 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

04:37:02.0090 6664 MSPQM - ok

04:37:02.0110 6664 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

04:37:02.0114 6664 MsRPC - ok

04:37:02.0128 6664 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

04:37:02.0132 6664 mssmbios - ok

04:37:02.0135 6664 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

04:37:02.0137 6664 MSTEE - ok

04:37:02.0153 6664 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

04:37:02.0154 6664 MTConfig - ok

04:37:02.0172 6664 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

04:37:02.0173 6664 Mup - ok

04:37:02.0192 6664 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

04:37:02.0197 6664 napagent - ok

04:37:02.0219 6664 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

04:37:02.0225 6664 NativeWifiP - ok

04:37:02.0278 6664 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

04:37:02.0286 6664 NDIS - ok

04:37:02.0307 6664 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

04:37:02.0311 6664 NdisCap - ok

04:37:02.0325 6664 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

04:37:02.0328 6664 NdisTapi - ok

04:37:02.0364 6664 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

04:37:02.0399 6664 Ndisuio - ok

04:37:02.0460 6664 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

04:37:02.0497 6664 NdisWan - ok

04:37:02.0559 6664 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

04:37:02.0594 6664 NDProxy - ok

04:37:02.0649 6664 Netaapl (6f4607e2333fe21e9e3ff8133a88b35b) C:\Windows\system32\DRIVERS\netaapl64.sys

04:37:02.0650 6664 Netaapl - ok

04:37:02.0666 6664 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

04:37:02.0668 6664 NetBIOS - ok

04:37:02.0684 6664 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

04:37:02.0687 6664 NetBT - ok

04:37:02.0900 6664 NETGEARGenieDaemon (ea833758be56a68aabecd50e1ddcf4a3) C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe

04:37:02.0908 6664 NETGEARGenieDaemon - ok

04:37:03.0035 6664 NetgearUDSMBus (8ecae76dee3765986573d45e283117ea) C:\Windows\syswow64\Drivers\NetgearUDSMBus.sys

04:37:03.0036 6664 NetgearUDSMBus - ok

04:37:03.0084 6664 NetgearUDSTcpBus (12855c2b86a14cb5ec8bae706e0bcf15) C:\Windows\syswow64\Drivers\NetgearUDSTcpBus.sys

04:37:03.0086 6664 NetgearUDSTcpBus - ok

04:37:03.0149 6664 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

04:37:03.0150 6664 Netlogon - ok

04:37:03.0187 6664 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

04:37:03.0191 6664 Netman - ok

04:37:03.0210 6664 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

04:37:03.0213 6664 netprofm - ok

04:37:03.0272 6664 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

04:37:03.0274 6664 NetTcpPortSharing - ok

04:37:03.0308 6664 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

04:37:03.0309 6664 nfrd960 - ok

04:37:03.0352 6664 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

04:37:03.0356 6664 NlaSvc - ok

04:37:03.0408 6664 NPF (351533acc2a069b94e80bbfc177e8fdf) C:\Windows\system32\drivers\npf.sys

04:37:03.0410 6664 NPF - ok

04:37:03.0419 6664 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

04:37:03.0421 6664 Npfs - ok

04:37:03.0424 6664 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

04:37:03.0426 6664 nsi - ok

04:37:03.0439 6664 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

04:37:03.0441 6664 nsiproxy - ok

04:37:03.0535 6664 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

04:37:03.0559 6664 Ntfs - ok

04:37:03.0629 6664 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

04:37:03.0634 6664 Null - ok

04:37:03.0685 6664 NVHDA (10204955027011e08a9dc27737a48a54) C:\Windows\system32\drivers\nvhda64v.sys

04:37:03.0687 6664 NVHDA - ok

04:37:04.0088 6664 nvlddmkm (b15258b1f45f9571758ac6bb2f043b01) C:\Windows\system32\DRIVERS\nvlddmkm.sys

04:37:04.0260 6664 nvlddmkm - ok

04:37:04.0377 6664 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

04:37:04.0379 6664 nvraid - ok

04:37:04.0396 6664 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

04:37:04.0398 6664 nvstor - ok

04:37:04.0492 6664 nvsvc (2d7092fec9bd2aca199673bba2ba9277) C:\Windows\system32\nvvsvc.exe

04:37:04.0518 6664 nvsvc - ok

04:37:04.0645 6664 nvUpdatusService (7e22de30e222bfdfcec7e77032baf3cd) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

04:37:04.0677 6664 nvUpdatusService - ok

04:37:04.0780 6664 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

04:37:04.0782 6664 nv_agp - ok

04:37:04.0794 6664 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

04:37:04.0799 6664 ohci1394 - ok

04:37:04.0902 6664 OS Selector (49a344136f729659c075d67adfb88fba) C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe

04:37:04.0939 6664 OS Selector - ok

04:37:05.0147 6664 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

04:37:05.0148 6664 ose - ok

04:37:05.0379 6664 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

04:37:05.0442 6664 osppsvc - ok

04:37:05.0576 6664 P17 (edd1dcd36f6115acc6935c3f88ff54d7) C:\Windows\system32\drivers\P17.sys

04:37:05.0597 6664 P17 - ok

04:37:05.0626 6664 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

04:37:05.0630 6664 p2pimsvc - ok

04:37:05.0654 6664 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

04:37:05.0659 6664 p2psvc - ok

04:37:05.0681 6664 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

04:37:05.0683 6664 Parport - ok

04:37:05.0724 6664 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

04:37:05.0726 6664 partmgr - ok

04:37:05.0742 6664 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

04:37:05.0745 6664 PcaSvc - ok

04:37:05.0790 6664 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

04:37:05.0792 6664 pci - ok

04:37:05.0804 6664 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

04:37:05.0805 6664 pciide - ok

04:37:05.0820 6664 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

04:37:05.0822 6664 pcmcia - ok

04:37:05.0884 6664 pcouffin (af7ce12c4f3dc8cb2b07685c916bbcfe) C:\Windows\system32\Drivers\pcouffin.sys

04:37:05.0886 6664 pcouffin - ok

04:37:05.0896 6664 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

04:37:05.0898 6664 pcw - ok

04:37:05.0928 6664 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

04:37:05.0939 6664 PEAUTH - ok

04:37:05.0979 6664 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

04:37:05.0981 6664 PerfHost - ok

04:37:06.0072 6664 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

04:37:06.0127 6664 pla - ok

04:37:06.0199 6664 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

04:37:06.0204 6664 PlugPlay - ok

04:37:06.0224 6664 PnkBstrA - ok

04:37:06.0228 6664 PnkBstrB - ok

04:37:06.0239 6664 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

04:37:06.0244 6664 PNRPAutoReg - ok

04:37:06.0258 6664 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

04:37:06.0261 6664 PNRPsvc - ok

04:37:06.0322 6664 Point64 (b23f79e41e30ed500586151a9ef27d8f) C:\Windows\system32\DRIVERS\point64.sys

04:37:06.0324 6664 Point64 - ok

04:37:06.0360 6664 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

04:37:06.0365 6664 PolicyAgent - ok

04:37:06.0393 6664 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

04:37:06.0396 6664 Power - ok

04:37:06.0415 6664 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

04:37:06.0452 6664 PptpMiniport - ok

04:37:06.0472 6664 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

04:37:06.0473 6664 Processor - ok

04:37:06.0485 6664 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll

04:37:06.0488 6664 ProfSvc - ok

04:37:06.0534 6664 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

04:37:06.0535 6664 ProtectedStorage - ok

04:37:06.0578 6664 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

04:37:06.0580 6664 Psched - ok

04:37:06.0633 6664 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

04:37:06.0662 6664 ql2300 - ok

04:37:06.0717 6664 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

04:37:06.0719 6664 ql40xx - ok

04:37:06.0738 6664 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

04:37:06.0745 6664 QWAVE - ok

04:37:06.0750 6664 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

04:37:06.0751 6664 QWAVEdrv - ok

04:37:06.0764 6664 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

04:37:06.0767 6664 RasAcd - ok

04:37:06.0779 6664 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

04:37:06.0781 6664 RasAgileVpn - ok

04:37:06.0793 6664 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

04:37:06.0798 6664 RasAuto - ok

04:37:06.0817 6664 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

04:37:06.0852 6664 Rasl2tp - ok

04:37:06.0873 6664 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

04:37:06.0877 6664 RasMan - ok

04:37:06.0887 6664 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

04:37:06.0891 6664 RasPppoe - ok

04:37:06.0896 6664 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

04:37:06.0899 6664 RasSstp - ok

04:37:06.0914 6664 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

04:37:06.0917 6664 rdbss - ok

04:37:06.0921 6664 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

04:37:06.0922 6664 rdpbus - ok

04:37:06.0936 6664 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

04:37:06.0937 6664 RDPCDD - ok

04:37:06.0946 6664 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

04:37:06.0947 6664 RDPENCDD - ok

04:37:06.0965 6664 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

04:37:06.0965 6664 RDPREFMP - ok

04:37:07.0018 6664 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys

04:37:07.0056 6664 RDPWD - ok

04:37:07.0104 6664 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

04:37:07.0106 6664 rdyboost - ok

04:37:07.0138 6664 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

04:37:07.0143 6664 RemoteAccess - ok

04:37:07.0202 6664 RemoteControl-USBLAN (bfa4873cd96d7144dc0059a70e1e358f) C:\Windows\system32\DRIVERS\rcblan.sys

04:37:07.0203 6664 RemoteControl-USBLAN - ok

04:37:07.0222 6664 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

04:37:07.0226 6664 RemoteRegistry - ok

04:37:07.0339 6664 RichVideo (f12a68ed55053940cadd59ca5e3468dd) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

04:37:07.0342 6664 RichVideo - ok

04:37:07.0352 6664 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

04:37:07.0354 6664 RpcEptMapper - ok

04:37:07.0367 6664 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

04:37:07.0372 6664 RpcLocator - ok

04:37:07.0423 6664 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

04:37:07.0427 6664 RpcSs - ok

04:37:07.0437 6664 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

04:37:07.0440 6664 rspndr - ok

04:37:07.0493 6664 RTL8167 (abcb5a38a0d85bdf69b7877e1ad1eed5) C:\Windows\system32\DRIVERS\Rt64win7.sys

04:37:07.0495 6664 RTL8167 - ok

04:37:07.0533 6664 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

04:37:07.0535 6664 SamSs - ok

04:37:07.0581 6664 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

04:37:07.0583 6664 sbp2port - ok

04:37:07.0679 6664 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

04:37:07.0684 6664 SBSDWSCService - ok

04:37:07.0707 6664 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

04:37:07.0710 6664 SCardSvr - ok

04:37:07.0770 6664 SCDEmu (4b12e2e559641b0f26474bbc6d7cfaff) C:\Windows\system32\drivers\SCDEmu.sys

04:37:07.0772 6664 SCDEmu - ok

04:37:07.0815 6664 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

04:37:07.0855 6664 scfilter - ok

04:37:07.0893 6664 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

04:37:07.0912 6664 Schedule - ok

04:37:07.0950 6664 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

04:37:07.0951 6664 SCPolicySvc - ok

04:37:07.0995 6664 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

04:37:07.0998 6664 SDRSVC - ok

04:37:08.0016 6664 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

04:37:08.0017 6664 secdrv - ok

04:37:08.0059 6664 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

04:37:08.0087 6664 seclogon - ok

04:37:08.0100 6664 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll

04:37:08.0104 6664 SENS - ok

04:37:08.0118 6664 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

04:37:08.0121 6664 SensrSvc - ok

04:37:08.0131 6664 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

04:37:08.0132 6664 Serenum - ok

04:37:08.0140 6664 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

04:37:08.0142 6664 Serial - ok

04:37:08.0155 6664 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

04:37:08.0158 6664 sermouse - ok

04:37:08.0205 6664 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

04:37:08.0234 6664 SessionEnv - ok

04:37:08.0244 6664 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

04:37:08.0247 6664 sffdisk - ok

04:37:08.0258 6664 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

04:37:08.0261 6664 sffp_mmc - ok

04:37:08.0270 6664 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

04:37:08.0306 6664 sffp_sd - ok

04:37:08.0319 6664 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

04:37:08.0320 6664 sfloppy - ok

04:37:08.0350 6664 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

04:37:08.0354 6664 SharedAccess - ok

04:37:08.0369 6664 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

04:37:08.0399 6664 ShellHWDetection - ok

04:37:08.0412 6664 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

04:37:08.0413 6664 SiSRaid2 - ok

04:37:08.0419 6664 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

04:37:08.0421 6664 SiSRaid4 - ok

04:37:08.0441 6664 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

04:37:08.0446 6664 Smb - ok

04:37:08.0520 6664 snapman (b84440e7554fc85e900eef0a7aaba228) C:\Windows\system32\DRIVERS\snapman.sys

04:37:08.0522 6664 snapman - ok

04:37:08.0545 6664 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

04:37:08.0547 6664 SNMPTRAP - ok

04:37:08.0556 6664 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

04:37:08.0557 6664 spldr - ok

04:37:08.0584 6664 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

04:37:08.0627 6664 Spooler - ok

04:37:08.0769 6664 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

04:37:08.0850 6664 sppsvc - ok

04:37:08.0927 6664 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

04:37:08.0932 6664 sppuinotify - ok

04:37:09.0002 6664 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

04:37:09.0007 6664 srv - ok

04:37:09.0029 6664 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

04:37:09.0034 6664 srv2 - ok

04:37:09.0045 6664 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

04:37:09.0047 6664 srvnet - ok

04:37:09.0068 6664 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

04:37:09.0071 6664 SSDPSRV - ok

04:37:09.0079 6664 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

04:37:09.0082 6664 SstpSvc - ok

04:37:09.0121 6664 Steam Client Service - ok

04:37:09.0196 6664 Stereo Service (9e1222c417291bc836210743624a8e5e) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

04:37:09.0200 6664 Stereo Service - ok

04:37:09.0218 6664 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

04:37:09.0219 6664 stexstor - ok

04:37:09.0261 6664 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

04:37:09.0267 6664 stisvc - ok

04:37:09.0310 6664 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

04:37:09.0310 6664 swenum - ok

04:37:09.0404 6664 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

04:37:09.0409 6664 SwitchBoard - ok

04:37:09.0435 6664 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

04:37:09.0440 6664 swprv - ok

04:37:09.0646 6664 syncagentsrv (c14b5a2ab058b0b95f8fea4798195ed5) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe

04:37:09.0727 6664 syncagentsrv - ok

04:37:09.0851 6664 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

04:37:09.0885 6664 SysMain - ok

04:37:09.0946 6664 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

04:37:09.0975 6664 TabletInputService - ok

04:37:10.0004 6664 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

04:37:10.0035 6664 TapiSrv - ok

04:37:10.0055 6664 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

04:37:10.0058 6664 TBS - ok

04:37:10.0200 6664 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys

04:37:10.0240 6664 Tcpip - ok

04:37:10.0351 6664 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys

04:37:10.0360 6664 TCPIP6 - ok

04:37:10.0437 6664 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

04:37:10.0473 6664 tcpipreg - ok

04:37:10.0503 6664 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

04:37:10.0507 6664 TDPIPE - ok

04:37:10.0587 6664 tdrpman (9c1a823d4e729c965167b6e71e984296) C:\Windows\system32\DRIVERS\tdrpman.sys

04:37:10.0609 6664 tdrpman - ok

04:37:10.0646 6664 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

04:37:10.0681 6664 TDTCP - ok

04:37:10.0733 6664 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

04:37:10.0770 6664 tdx - ok

04:37:10.0824 6664 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

04:37:10.0854 6664 TermDD - ok

04:37:10.0899 6664 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

04:37:10.0903 6664 TermService - ok

04:37:10.0922 6664 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

04:37:10.0924 6664 Themes - ok

04:37:10.0933 6664 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

04:37:10.0934 6664 THREADORDER - ok

04:37:11.0006 6664 timounter (990447334615a0db84f620e1426dcfe0) C:\Windows\system32\DRIVERS\timntr.sys

04:37:11.0015 6664 timounter - ok

04:37:11.0030 6664 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

04:37:11.0032 6664 TrkWks - ok

04:37:11.0079 6664 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

04:37:11.0081 6664 TrustedInstaller - ok

04:37:11.0124 6664 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

04:37:11.0161 6664 tssecsrv - ok

04:37:11.0213 6664 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

04:37:11.0251 6664 TsUsbFlt - ok

04:37:11.0303 6664 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

04:37:11.0341 6664 tunnel - ok

04:37:11.0360 6664 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

04:37:11.0361 6664 uagp35 - ok

04:37:11.0410 6664 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

04:37:11.0413 6664 udfs - ok

04:37:11.0429 6664 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

04:37:11.0434 6664 UI0Detect - ok

04:37:11.0450 6664 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

04:37:11.0451 6664 uliagpkx - ok

04:37:11.0507 6664 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys

04:37:11.0543 6664 umbus - ok

04:37:11.0563 6664 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

04:37:11.0566 6664 UmPass - ok

04:37:11.0584 6664 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

04:37:11.0591 6664 upnphost - ok

04:37:11.0638 6664 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys

04:37:11.0639 6664 USBAAPL64 - ok

04:37:11.0658 6664 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys

04:37:11.0693 6664 usbaudio - ok

04:37:11.0745 6664 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

04:37:11.0746 6664 usbccgp - ok

04:37:11.0799 6664 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

04:37:11.0801 6664 usbcir - ok

04:37:11.0827 6664 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys

04:37:11.0863 6664 usbehci - ok

04:37:11.0926 6664 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

04:37:11.0965 6664 usbhub - ok

04:37:11.0983 6664 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys

04:37:11.0984 6664 usbohci - ok

04:37:11.0991 6664 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

04:37:11.0993 6664 usbprint - ok

04:37:12.0032 6664 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

04:37:12.0033 6664 usbscan - ok

04:37:12.0076 6664 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

04:37:12.0112 6664 USBSTOR - ok

04:37:12.0135 6664 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys

04:37:12.0170 6664 usbuhci - ok

04:37:12.0184 6664 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

04:37:12.0186 6664 UxSms - ok

04:37:12.0221 6664 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

04:37:12.0222 6664 VaultSvc - ok

04:37:12.0237 6664 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

04:37:12.0238 6664 vdrvroot - ok

04:37:12.0286 6664 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

04:37:12.0327 6664 vds - ok

04:37:12.0347 6664 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

04:37:12.0348 6664 vga - ok

04:37:12.0356 6664 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

04:37:12.0359 6664 VgaSave - ok

04:37:12.0381 6664 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

04:37:12.0420 6664 vhdmp - ok

04:37:12.0433 6664 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

04:37:12.0434 6664 viaide - ok

04:37:12.0509 6664 vididr (ee12faffdd1fb13be0d6ef67cb0d1617) C:\Windows\system32\DRIVERS\vididr.sys

04:37:12.0512 6664 vididr - ok

04:37:12.0569 6664 vidsflt61 (2dfd1eb9de564460003de1605a275e8d) C:\Windows\system32\DRIVERS\vsflt61.sys

04:37:12.0571 6664 vidsflt61 - ok

04:37:12.0636 6664 VMAuthdService (3accf0c817a2bb34efbfb72b57b00252) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe

04:37:12.0637 6664 VMAuthdService - ok

04:37:12.0688 6664 vmci (87fc1dd880e8cac4faebb84af61a87c4) C:\Windows\system32\DRIVERS\vmci.sys

04:37:12.0690 6664 vmci - ok

04:37:12.0708 6664 vmkbd (ed82d26b5e26542615483b8bed77d826) C:\Windows\system32\drivers\VMkbd.sys

04:37:12.0709 6664 vmkbd - ok

04:37:12.0748 6664 VMnetAdapter (b259c31378bc855afd1b53f59311c251) C:\Windows\system32\DRIVERS\vmnetadapter.sys

04:37:12.0749 6664 VMnetAdapter - ok

04:37:12.0763 6664 VMnetBridge (dec4ce720ffeda939cf1ba315cfbd993) C:\Windows\system32\DRIVERS\vmnetbridge.sys

04:37:12.0765 6664 VMnetBridge - ok

04:37:12.0767 6664 VMnetDHCP - ok

04:37:12.0780 6664 VMnetuserif (94dd802da1a3bbf7402246cb48cfea83) C:\Windows\system32\drivers\vmnetuserif.sys

04:37:12.0781 6664 VMnetuserif - ok

04:37:12.0831 6664 vmusb (415b167695c4b5960a13098622ef3d80) C:\Windows\system32\Drivers\vmusb.sys

04:37:12.0832 6664 vmusb - ok

04:37:12.0912 6664 VMUSBArbService (18903ca7936912c337c9d28858880cf2) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe

04:37:12.0919 6664 VMUSBArbService - ok

04:37:12.0923 6664 VMware NAT Service - ok

04:37:12.0943 6664 vmx86 (06eb22ea8e451654346ea0f9c56dd795) C:\Windows\system32\drivers\vmx86.sys

04:37:12.0944 6664 vmx86 - ok

04:37:12.0956 6664 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

04:37:12.0958 6664 volmgr - ok

04:37:13.0004 6664 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

04:37:13.0008 6664 volmgrx - ok

04:37:13.0022 6664 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

04:37:13.0024 6664 volsnap - ok

04:37:13.0050 6664 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

04:37:13.0052 6664 vsmraid - ok

04:37:13.0134 6664 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

04:37:13.0159 6664 VSS - ok

04:37:13.0214 6664 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys

04:37:13.0216 6664 vwifibus - ok

04:37:13.0258 6664 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

04:37:13.0262 6664 W32Time - ok

04:37:13.0277 6664 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

04:37:13.0279 6664 WacomPen - ok

04:37:13.0330 6664 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

04:37:13.0367 6664 WANARP - ok

04:37:13.0370 6664 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

04:37:13.0371 6664 Wanarpv6 - ok

04:37:13.0466 6664 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

04:37:13.0489 6664 WatAdminSvc - ok

04:37:13.0543 6664 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

04:37:13.0616 6664 wbengine - ok

04:37:13.0676 6664 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

04:37:13.0683 6664 WbioSrvc - ok

04:37:13.0734 6664 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

04:37:13.0765 6664 wcncsvc - ok

04:37:13.0773 6664 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

04:37:13.0776 6664 WcsPlugInService - ok

04:37:13.0793 6664 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

04:37:13.0794 6664 Wd - ok

04:37:13.0821 6664 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

04:37:13.0827 6664 Wdf01000 - ok

04:37:13.0839 6664 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

04:37:13.0841 6664 WdiServiceHost - ok

04:37:13.0843 6664 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

04:37:13.0844 6664 WdiSystemHost - ok

04:37:13.0873 6664 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

04:37:13.0903 6664 WebClient - ok

04:37:13.0919 6664 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

04:37:13.0926 6664 Wecsvc - ok

04:37:13.0946 6664 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

04:37:13.0949 6664 wercplsupport - ok

04:37:13.0968 6664 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

04:37:13.0970 6664 WerSvc - ok

04:37:13.0991 6664 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

04:37:13.0993 6664 WfpLwf - ok

04:37:13.0997 6664 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

04:37:13.0999 6664 WIMMount - ok

04:37:14.0048 6664 WinDefend - ok

04:37:14.0052 6664 WinHttpAutoProxySvc - ok

04:37:14.0080 6664 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

04:37:14.0083 6664 Winmgmt - ok

04:37:14.0153 6664 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

04:37:14.0200 6664 WinRM - ok

04:37:14.0299 6664 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

04:37:14.0335 6664 WinUsb - ok

04:37:14.0379 6664 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

04:37:14.0392 6664 Wlansvc - ok

04:37:14.0532 6664 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

04:37:14.0562 6664 wlidsvc - ok

04:37:14.0646 6664 WmBEnum (e7f4937b613b1e4294100c9d4efc36a9) C:\Windows\system32\drivers\WmBEnum.sys

04:37:14.0647 6664 WmBEnum - ok

04:37:14.0673 6664 WmFilter (6f6f2b263002b243d3501c7e6c8fc11d) C:\Windows\system32\drivers\WmFilter.sys

04:37:14.0674 6664 WmFilter - ok

04:37:14.0686 6664 WmHidLo (1584f8d5fdfe44c03dba85a2106b937f) C:\Windows\system32\drivers\WmHidLo.sys

04:37:14.0687 6664 WmHidLo - ok

04:37:14.0713 6664 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

04:37:14.0717 6664 WmiAcpi - ok

04:37:14.0763 6664 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

04:37:14.0769 6664 wmiApSrv - ok

04:37:14.0774 6664 WMPNetworkSvc - ok

04:37:14.0786 6664 WmVirHid (52b4fcc6afaec0ffd80bda63f9b140cd) C:\Windows\system32\drivers\WmVirHid.sys

04:37:14.0787 6664 WmVirHid - ok

04:37:14.0799 6664 WmXlCore (395b3e7fba81bdc4501641b3b2cf2e20) C:\Windows\system32\drivers\WmXlCore.sys

04:37:14.0800 6664 WmXlCore - ok

04:37:14.0823 6664 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

04:37:14.0827 6664 WPCSvc - ok

04:37:14.0866 6664 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

04:37:14.0869 6664 WPDBusEnum - ok

04:37:14.0888 6664 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

04:37:14.0891 6664 ws2ifsl - ok

04:37:14.0943 6664 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll

04:37:14.0946 6664 wscsvc - ok

04:37:14.0949 6664 WSearch - ok

04:37:15.0073 6664 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll

04:37:15.0107 6664 wuauserv - ok

04:37:15.0193 6664 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

04:37:15.0231 6664 WudfPf - ok

04:37:15.0242 6664 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

04:37:15.0279 6664 WUDFRd - ok

04:37:15.0325 6664 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

04:37:15.0327 6664 wudfsvc - ok

04:37:15.0350 6664 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

04:37:15.0357 6664 WwanSvc - ok

04:37:15.0401 6664 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk2\DR2

04:37:15.0479 6664 \Device\Harddisk2\DR2 - ok

04:37:15.0482 6664 MBR (0x1B8) (97d6290a850a0eae136460e263650e7c) \Device\Harddisk0\DR0

04:37:15.0484 6664 \Device\Harddisk0\DR0 - ok

04:37:15.0487 6664 MBR (0x1B8) (97d6290a850a0eae136460e263650e7c) \Device\Harddisk1\DR1

04:37:15.0489 6664 \Device\Harddisk1\DR1 - ok

04:37:15.0496 6664 Boot (0x1200) (13ba0a71e6b7039ed9a7cf8372c799be) \Device\Harddisk2\DR2\Partition0

04:37:15.0497 6664 \Device\Harddisk2\DR2\Partition0 - ok

04:37:15.0508 6664 Boot (0x1200) (287e1807810ebad454e8df5a4ba61ed6) \Device\Harddisk2\DR2\Partition1

04:37:15.0510 6664 \Device\Harddisk2\DR2\Partition1 - ok

04:37:15.0512 6664 Boot (0x1200) (456c2c0a46aba902e70430c67bd91e27) \Device\Harddisk0\DR0\Partition0

04:37:15.0513 6664 \Device\Harddisk0\DR0\Partition0 - ok

04:37:15.0515 6664 Boot (0x1200) (de6ba36847d167a9917754aa47eab079) \Device\Harddisk1\DR1\Partition0

04:37:15.0516 6664 \Device\Harddisk1\DR1\Partition0 - ok

04:37:15.0517 6664 ============================================================

04:37:15.0517 6664 Scan finished

04:37:15.0517 6664 ============================================================

04:37:15.0523 9628 Detected object count: 0

04:37:15.0523 9628 Actual detected object count: 0

Kind Regards,

Max

Link to post
Share on other sites

Hi again,

COMBOFIX

---------------

Please download ComboFix from one of these locations:


Bleepingcomputer
ForoSpyware

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Query_RC.gif

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC_successful.gif

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

Link to post
Share on other sites

Hi,

Thanks again for your help. Ran Combofix and let it reboot.

Fyi - when the PC came back up and Combofix finished, I was unable to start an Internet browser (Internet explorer / Safari etc), due to a registry entry "marked for deletion", I rebooted the PC again manually and this issue seemed to go away.

Copy of Combofix.exe. log below:

ComboFix 12-04-28.01 - Me 29/04/2012 6:26.1.8 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.61.1033.18.12279.8542 [GMT 10:00]

Running from: c:\users\Me\Desktop\ComboFix.exe

AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}

FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}

SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

ADS - Windows: deleted 24 bytes in 1 streams.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe

c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe

c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe

c:\program files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe

c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe

c:\programdata\XkFcjVGVgWJhiQK.exe

c:\users\Me\AppData\Local\dplayx.dll

c:\users\Me\AppData\Local\Temp\bdftp.dll

c:\users\Me\AppData\Local\Temp\btcet.dll

c:\users\Me\AppData\Roaming\inst.exe

c:\users\Me\Documents\~WRL1836.tmp

c:\users\Me\Documents\~WRL2093.tmp

c:\windows\assembly\temp\@

c:\windows\assembly\temp\cfg.ini

c:\windows\iun6002.exe

c:\windows\system32\drivers\etc\hosts.ics

c:\windows\SysWow64\ASAudioHD.ax

c:\windows\SysWow64\bdaplgin.ax

c:\windows\SysWow64\cero.rs

c:\windows\SysWow64\csrr.rs

c:\windows\SysWow64\esrb.rs

c:\windows\SysWow64\FLVSplitter.ax

c:\windows\SysWow64\g711codc.ax

c:\windows\SysWow64\grb.rs

c:\windows\SysWow64\iac25_32.ax

c:\windows\SysWow64\ir41_32.ax

c:\windows\SysWow64\ivfsrc.ax

c:\windows\SysWow64\ksproxy.ax

c:\windows\SysWow64\kstvtune.ax

c:\windows\SysWow64\Kswdmcap.ax

c:\windows\SysWow64\ksxbar.ax

c:\windows\SysWow64\madFlac.ax

c:\windows\SysWow64\Mpeg2Data.ax

c:\windows\SysWow64\mpg2splt.ax

c:\windows\SysWow64\MSDvbNP.ax

c:\windows\SysWow64\MSNP.ax

c:\windows\SysWow64\oflc.rs

c:\windows\SysWow64\Packet.dll

c:\windows\SysWow64\pegi-fi.rs

c:\windows\SysWow64\pegi-pt.rs

c:\windows\SysWow64\pegi.rs

c:\windows\SysWow64\pegibbfc.rs

c:\windows\SysWow64\psisrndr.ax

c:\windows\SysWow64\RealMediaSplitter.ax

c:\windows\SysWow64\tmpB3E0.tmp

c:\windows\SysWow64\tmpB3F1.tmp

c:\windows\SysWow64\tmpFF54.tmp

c:\windows\SysWow64\tmpFF55.tmp

c:\windows\SysWow64\usk.rs

c:\windows\SysWow64\VBICodec.ax

c:\windows\SysWow64\vbisurf.ax

c:\windows\SysWow64\vidcap.ax

c:\windows\SysWow64\WEB.rs

c:\windows\SysWow64\wpcap.dll

c:\windows\SysWow64\WSTPager.ax

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_NPF

-------\Service_NPF

.

.

((((((((((((((((((((((((( Files Created from 2012-03-28 to 2012-04-28 )))))))))))))))))))))))))))))))

.

.

2012-04-27 21:12 . 2012-04-27 21:12 -------- d-----w- c:\users\Me\AppData\Local\{3FA50B24-8FAD-11E1-826D-B8AC6F996F26}

2012-04-27 13:11 . 2012-04-17 17:03 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{033B5F5C-4A19-4D45-BF9B-DFE534E72D46}\mpengine.dll

2012-04-26 16:19 . 2011-10-27 08:31 222560 ----a-w- c:\windows\SysWow64\snapapi.dll

2012-04-26 15:17 . 2012-04-26 15:17 -------- d-----w- c:\users\Me\AppData\Roaming\Malwarebytes

2012-04-26 15:16 . 2012-04-26 15:16 -------- d-----w- c:\programdata\Malwarebytes

2012-04-26 15:16 . 2012-04-26 15:16 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-04-26 15:16 . 2012-04-04 05:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-04-26 15:10 . 2012-04-26 15:10 883616 ----a-w- C:\FixExec.com

2012-04-26 14:30 . 2012-04-26 15:04 -------- d-----w- c:\programdata\99058D5000007AC400043884B4EB2367

2012-04-26 14:30 . 2012-04-26 14:30 -------- d-----w- c:\program files (x86)\Common Files\RandomBars

2012-04-24 05:36 . 2012-04-24 05:36 8741536 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2012-04-24 04:39 . 2012-04-24 05:36 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-04-21 02:04 . 2012-04-21 02:04 -------- d-----w- c:\program files\Windows Live

2012-04-15 03:54 . 2012-04-15 03:54 -------- d-----w- c:\program files\iPod

2012-04-15 03:54 . 2012-04-15 03:54 -------- d-----w- c:\program files\iTunes

2012-04-12 17:01 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-04-12 17:01 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll

2012-04-12 17:01 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll

2012-04-12 17:01 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll

2012-04-12 17:01 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-04-12 17:01 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll

2012-04-12 17:01 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll

2012-04-12 17:00 . 2012-04-12 17:00 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%

2012-04-01 08:38 . 2012-04-01 08:38 -------- d-----w- c:\program files (x86)\THQ

2012-03-31 14:44 . 2012-04-08 14:45 -------- d-----w- c:\users\Me\AppData\Local\Eraser 6

2012-03-30 16:26 . 2012-02-22 03:29 10248 ----a-w- c:\windows\system32\drivers\mfeclnk.sys

2012-03-30 16:25 . 2012-02-22 03:29 75936 ----a-w- c:\windows\system32\drivers\mfenlfk.sys

2012-03-30 16:25 . 2012-02-22 03:29 289664 ----a-w- c:\windows\system32\drivers\mfewfpk.sys

2012-03-30 16:25 . 2012-02-22 03:29 65264 ----a-w- c:\windows\system32\drivers\cfwids.sys

2012-03-30 16:25 . 2012-02-22 03:29 487296 ----a-w- c:\windows\system32\drivers\mfefirek.sys

2012-03-30 16:25 . 2012-02-22 03:29 229528 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2012-03-30 16:25 . 2012-02-22 03:29 100912 ----a-w- c:\windows\system32\drivers\mferkdet.sys

2012-03-30 16:19 . 2012-03-20 03:11 162192 ----a-w- c:\windows\system32\mfevtps.exe

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-28 06:20 . 2010-01-29 14:11 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

2012-04-28 06:20 . 2009-12-24 04:29 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2012-04-28 06:20 . 2009-12-24 04:29 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0

2012-04-24 05:36 . 2011-06-17 20:01 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-04-14 04:31 . 2011-10-13 09:49 369168 ----a-w- c:\windows\system32\wpcap.dll

2012-04-14 04:31 . 2011-10-13 09:49 35344 ----a-w- c:\windows\system32\drivers\npf.sys

2012-04-14 04:31 . 2011-10-13 09:49 106000 ----a-w- c:\windows\system32\packet.dll

2012-03-30 16:49 . 2011-02-24 09:23 198944 ----a-w- c:\windows\system32\drivers\snapman.sys

2012-03-08 08:50 . 2012-03-08 08:50 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll

2012-02-23 00:18 . 2009-12-19 20:34 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-02-22 03:29 . 2011-10-15 01:16 647208 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2012-02-22 03:29 . 2011-10-15 01:16 160792 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

2012-02-17 06:38 . 2012-03-15 11:00 1031680 ----a-w- c:\windows\system32\rdpcore.dll

2012-02-17 05:34 . 2012-03-15 11:00 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll

2012-02-17 04:58 . 2012-03-15 11:00 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-02-17 04:57 . 2012-03-15 11:00 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys

2012-02-15 12:22 . 2009-12-24 04:29 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe

2012-02-14 02:09 . 2012-02-14 02:09 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX

2012-02-10 06:36 . 2012-03-15 11:07 1544192 ----a-w- c:\windows\system32\DWrite.dll

2012-02-10 05:38 . 2012-03-15 11:07 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-02-03 04:34 . 2012-03-15 11:08 3145728 ----a-w- c:\windows\system32\win32k.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-19 39408]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"Logitech Vid"="c:\program files (x86)\Logitech\Vid HD\Vid.exe" [2010-10-29 5915480]

"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-21 718720]

"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-08-16 2736128]

"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-02-23 59240]

"NETGEARGenie"="c:\program files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe" [2012-03-12 1091872]

"ChromeFrameHelper"="c:\users\Me\AppData\Local\Google\Chrome\Application\18.0.1025.162\chrome_frame_helper.exe" [2012-04-12 96752]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"P17RunE"="P17RunE.dll" [2008-03-27 14848]

"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]

"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2010-10-12 304568]

"OLPSYNCH"="c:\program files (x86)\Offline Course Player\OlpSynch.exe" [2010-09-29 42288]

"CloneCDTray"="c:\program files (x86)\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344]

"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]

"Netgear UDS Control Center"="c:\program files (x86)\NETGEAR\USB Control Center\Control Center.exe" [2011-06-28 21124096]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]

"Memeo Instant Backup"="c:\program files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe" [2011-05-04 136416]

"Memeo AutoSync"="c:\program files (x86)\Memeo\AutoSync\MemeoLauncher2.exe" [2011-05-04 144608]

"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2011-11-09 5954016]

"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]

"MDS_Menu"="c:\program files (x86)\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]

"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-12-15 103720]

"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2010-08-02 87336]

"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2010-11-23 75048]

"LGODDFU"="c:\program files (x86)\lg_fwupdate\fwupdate.exe" [2012-01-14 557056]

"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2007-08-07 200704]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-01 843712]

"DVD or CD Sharing"="c:\program files (x86)\DVD or CD Sharing\ODSAgent.exe" [2008-02-20 619832]

"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2012-03-21 1675160]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-26 421736]

"RandomBars"="c:\program files (x86)\Common Files\RandomBars\RandomBars.exe" [2012-04-26 41568]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

.

c:\users\Me\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HD Writer.lnk - c:\program files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe [2010-7-30 308640]

Online plug-in.lnk - c:\windows\Installer\{0F1F7A90-E71B-4E45-A066-2891619F22E1}\pnaico.exe.20FBBF0A_A7E5_4BDE_9798_9811C3D135AC.exe [2010-11-30 77824]

PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2009-11-9 1036856]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"EnableLinkedConnections"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer9"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]

R2 0234041313755837mcinstcleanup;McAfee Application Installer Cleanup (0234041313755837);c:\windows\TEMP\023404~1.EXE [x]

R2 CLKMSVC10_9EC60124;CyberLink Product - 2012/01/14 22:53;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2010-11-23 240112]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-30 135664]

R3 ACSSCR;ACR38 Smart Card Reader;c:\windows\system32\DRIVERS\a38usb.sys [x]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-24 253088]

R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

R3 CompFilter64;UVCCompositeFilter;c:\windows\system32\DRIVERS\lvbflt64.sys [x]

R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-05-01 79360]

R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-05-01 79360]

R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\DAUpdaterSvc.Service.exe [x]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-30 135664]

R3 jumi;%Jumi%;c:\windows\system32\DRIVERS\jumi.sys [x]

R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [x]

R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]

R3 LVUVC64;Logitech HD Pro Webcam C910(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]

R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]

R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [x]

R3 NetgearUDSTcpBus;NetgearUDSTcpBus;SysWOW64\Drivers\NetgearUDSTcpBus.sys [x]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [x]

R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]

R3 RemoteControl-USBLAN;RemoteControl-USBLAN;c:\windows\system32\DRIVERS\rcblan.sys [x]

R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys [x]

S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]

S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys [x]

S0 vidsflt61;Acronis Disk Storage Filter (61);c:\windows\system32\DRIVERS\vsflt61.sys [x]

S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [x]

S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [x]

S1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\DRIVERS\mfenlfk.sys [x]

S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-12-19 3450832]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 Foxtel;Foxtel Download Manager;c:\program files (x86)\FOXTEL\Download Player\Download Control\DCBin\DCService.exe [2009-09-24 70144]

S2 LVPrcS64;Process Monitor;c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe [2010-05-07 197976]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]

S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 249936]

S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2011-05-04 25824]

S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-03-20 210584]

S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [x]

S2 NETGEARGenieDaemon;NETGEARGenieDaemon;c:\program files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [2012-03-07 1370400]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]

S2 OS Selector;Acronis OS Selector activator;c:\program files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe [2010-09-29 2139400]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-14 381248]

S2 syncagentsrv;Acronis Sync Agent Service;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2011-11-09 5890144]

S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-08-29 846448]

S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]

S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [x]

S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x]

S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [x]

S3 NetgearUDSMBus;UDS Master Bus of Kernel USB Software Bus by TCP;SysWOW64\Drivers\NetgearUDSMBus.sys [x]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - NPF

*Deregistered* - CLKMDRV10_9EC60124

*Deregistered* - mfeavfk01

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2010-08-16 02:43 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2012-04-28 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-24 05:36]

.

2012-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-30 03:24]

.

2012-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-30 03:24]

.

2012-04-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3732449707-752564510-2337535358-1001Core.job

- c:\users\Me\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-11 23:24]

.

2012-04-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3732449707-752564510-2337535358-1001UA.job

- c:\users\Me\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-11 23:24]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2009-09-16 190472]

"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-08-03 415816]

"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-08-02 2412616]

"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-08-03 4725320]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-05 500208]

"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2007-08-07 200704]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-01-07 2328944]

"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1680976]

"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2011-11-09 403096]

"combofix"="c:\combofix\CF3128.3XE" [2010-11-20 345088]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com.au/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105

LSP: %SystemRoot%\system32\vsocklib.dll

Trusted Zone: debras.com.au\www

Trusted Zone: westpac.com.au\red

TCP: DhcpNameServer = 192.168.1.1

DPF: {82E5DF24-51E8-47CD-864A-F4BD5005AA73} - hxxps://www.icloud.com/system/iCloud.cab

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKCU-Run-EA Core - c:\program files (x86)\Electronic Arts\EADM\Core.exe

Wow6432Node-HKCU-Run-AdobeBridge - (no file)

Wow6432Node-HKCU-Run-JumiController - c:\program files (x86)\Jumi\jumi.exe

Wow6432Node-HKLM-Run-Freecorder FLV Service - c:\program files (x86)\Freecorder\FLVSrvc.exe

Wow6432Node-HKLM-Run-FAStartup - (no file)

Wow6432Node-HKLM-Run-UpdateLBPShortCut - c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe

Wow6432Node-HKLM-Run-UpdateP2GoShortCut - c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe

Wow6432Node-HKLM-Run-UpdatePPShortCut - c:\program files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe

Wow6432Node-HKLM-Run-UCam_Menu - c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe

Wow6432Node-HKLM-Run-UpdatePSTShortCut - c:\program files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe

Notify-LBTWlgn - (no file)

ShellIconOverlayIdentifiers- - (no file)

ShellIconOverlayIdentifiers- - (no file)

ShellIconOverlayIdentifiers- - (no file)

HKLM-Run-bdftp - c:\users\Me\AppData\Local\Temp\bdftp.dll

HKLM-Run-btcet - c:\users\Me\AppData\Local\Temp\btcet.dll

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

AddRemove-Adobe_3e054d2218e7aa282c2369d939e58ff - c:\program files (x86)\Common Files\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Foxtel]

"ImagePath"="\"c:\program files (x86)\FOXTEL\Download Player\Download Control\DCBin\DCService.exe\" /accountid:Foxtel"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,57,c1,10,24,f3,0a,ea,47,90,db,f8,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,57,c1,10,24,f3,0a,ea,47,90,db,f8,\

.

[HKEY_USERS\S-1-5-21-3732449707-752564510-2337535358-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:ab,43,f1,2a,f0,29,71,ee,13,11,0a,fd,58,75,92,4c,7c,30,b5,c1,93,b0,e6,

ff,4d,44,76,9d,3b,d4,65,9e,0e,f4,65,24,bd,93,45,80,59,31,70,13,c5,35,f7,2d,\

"??"=hex:83,25,2b,08,95,af,8a,2f,92,a7,19,5c,bd,51,de,0b

.

[HKEY_USERS\S-1-5-21-3732449707-752564510-2337535358-1001\Software\SecuROM\License information*]

"datasecu"=hex:87,de,00,ab,31,90,61,c8,9d,4a,23,bb,d0,57,c4,7a,76,22,c5,ed,4b,

bd,80,ed,a7,f6,67,df,e1,e1,f4,c3,dd,48,f4,d1,11,2c,81,5e,2f,d2,84,e3,db,f3,\

"rkeysecu"=hex:31,ca,dd,00,b6,a3,5f,90,fa,35,cb,26,ec,89,98,ad

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]

"Version"=hex:0c,97,ea,89,3c,c5,b4,f9,9f,10,79,59,93,ef,7d,4c,e0,23,96,bc,ff,

c6,3d,90,1b,e1,de,b5,f1,7e,74,c2,8e,bd,db,66,a7,fe,bd,f5,27,9a,42,ff,6b,ae,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]

"Version"=hex:0c,97,ea,89,3c,c5,b4,f9,9f,10,79,59,93,ef,7d,4c,e0,23,96,bc,ff,

c6,3d,90,1b,e1,de,b5,f1,7e,74,c2,8e,bd,db,66,a7,fe,bd,f5,27,9a,42,ff,6b,ae,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\windows\SysWOW64\bgsvcgen.exe

c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe

c:\program files (x86)\Common Files\Logishrd\LVMVFM\LVPrS64H.exe

c:\windows\SysWOW64\PnkBstrA.exe

c:\program files (x86)\CyberLink\Shared files\RichVideo.exe

c:\windows\SysWOW64\vmnat.exe

c:\program files (x86)\VMware\VMware Player\vmware-authd.exe

c:\windows\SysWOW64\vmnetdhcp.exe

c:\program files (x86)\Windows Media Player\wmplayer.exe

.

**************************************************************************

.

Completion time: 2012-04-29 07:16:25 - machine was rebooted

ComboFix-quarantined-files.txt 2012-04-28 21:16

.

Pre-Run: 319,295,447,040 bytes free

Post-Run: 324,793,651,200 bytes free

.

- - End Of File - - C3C77A1D710B4EC557924C36B60795E1

Kind Regards,

Max

Link to post
Share on other sites

Thanks Elise,

Problem seems to have gone now (no more IP block pop ups and none listed in the log. Will run a full scan of MWB overnight and post the results in the morning. Again can't thank you enough for the help, this whole ordeal has been so frustrating, but it's nice to be able to go somewhere that provides some further direction, and makes me at ease knowing the thing is gone, and that someone with experience in this field has been able to confirm it :)

Cheers,

Max

Link to post
Share on other sites

Hi Elise,

good news, nothing popped up in the scan.

Malwarebytes Anti-Malware (Trial) 1.61.0.1400

www.malwarebytes.org

Database version: v2012.04.29.04

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Me :: XPS-435 [administrator]

Protection: Enabled

30/04/2012 2:29:13 AM

mbam-log-2012-04-30 (02-29-13).txt

Scan type: Full scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 825555

Time elapsed: 5 hour(s), 51 minute(s), 52 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

I did however notice a couple of RunDLL errors on PC startup that appear to be remenants from whatever was infecting the PC prior to removal.

RunDLL

There was a problem starting

C:\Users\Me\Appdata\Local\Temp\btcet.dll

The specified module could not be found.

RunDLL

There was a problem starting

C:\Users\Me\Appdata\Local\Temp\bdftp.dll

The specified module could not be found.

I found reference to both of these in msconfig under startup and unchecked the boxes next to them:

Startup Item: bdftp

Manafacturer: Unknown

Command: rundll32.exe *C:\Users\Me\AppData\Local\Temp\bdftp.dll*,FillTextureTX

Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Startup Item: btcet

Manafacturer: Unknown

Command: rundll32.exe *C:\Users\Me\AppData\Local\Temp\bdcet.dll*,GetObjectHandleByName

Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

I then looked in the registry and sure enough, an entry for each was listed under the location above.

Even though deselecting them removed the error from startup, should I just delete the entries from the registry anyway, so I don't even see them in msconfig anymore?

Thanks again,

Max

Link to post
Share on other sites

That is good news. :) Lets do some final steps here.

Your version of Adobe Reader is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Adobe components and update:

  • Download the latest version of Adobe Reader Version X. and save it to your desktop.
  • Uncheck the "Free McAfee Security plan Plus" option or any other Toolbar you are offered
  • Click the download button at the bottom.
  • If you use Internet Explorer and do not wish to install the ActiveX element, simply click on the click here to download link on the next page.
  • Remove all older version of Adobe Reader: Go to Add/remove and uninstall all versions of Adobe Reader, Acrobat Reader and Adobe Acrobat.
    If you are unsure of how to use Add or Remove Programs, the please see this tutorial:How To Remove An Installed Program From Your Computer
  • Then from your desktop double-click on Adobe Reader to install the newest version.
    If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
  • When the "Adobe Setup - Welcome" window opens, click the Install > button.
  • If offered to install a Toolbar, just uncheck the box before continuing unless you want it.

Your Adobe Reader is now up to date!

Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.

  • Download the latest version of Java Runtime Environment (JRE) Version 7u3.
  • Look for "JDK 7u3 (JDK or JRE).
  • Click the "Download JRE" button at the right.
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
    • Select "Windows x86 Offline" and click on jre-7-windows-i586.exe

    [*]Save it to your desktop

    [*]Close any programs you may have running - especially your web browser.

    [*]Uninstall all older versions of Java (any item with Java Runtime Environment, JRE or J2SE in the name).

    [*]Reboot your computer once all Java components are removed.

    [*]Install the newest version by double clicking (run as Administrator for Windows Vista/Seven) the downloaded file.

ESET ONLINE SCANNER

----------------------------

I'd like us to scan your machine with ESET OnlineScan

  1. Hold down Control and click on this link to open ESET OnlineScan in a new window.
  2. Click the esetonlinebtn.png button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

    1. Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the esetsmartinstaller_enu.png
      icon on your desktop.

    3. Check "YES, I accept the Terms of Use."
    4. Click the Start button.
    5. Accept any security warnings from your browser.
    6. Under scan settings, check "Scan Archives" and "Remove found threats"
    7. Click Advanced settings and select the following:
      • Scan potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth technology

[*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

[*]When the scan completes, click List Threats

[*]Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

[*]Click the Back button.

[*]Click the Finish button.

Link to post
Share on other sites

  • 1 month later...

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.