Jump to content

Is the Infection Over?


Recommended Posts

For the past two days, I have been battling atleast four viruses, including trojans and keyloggers after I got the Blue Screen of Death and had to restart by turning off my power strip. I think I have finished them off, but now, I want to be absolutley sure. Also, my Firefox searches appear to be wrong if I search with the default Google, but that might not have anything to do with this.

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.0

Run by Owner at 20:58:11 on 2012-06-10

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.1241 [GMT -4:00]

.

AV: Webroot SecureAnywhere *Enabled/Updated* {9C0666FC-6C7D-3E97-3C40-0C6B33FC7401}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Webroot SecureAnywhere *Enabled/Updated* {27678718-4A47-3119-06F0-3719487B3EBC}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Program Files\Webroot\WRSA.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Webroot\WRSA.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\Explorer.EXE

c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe

C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe

C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe

C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe

C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\taskeng.exe

c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

C:\Windows\system32\DllHost.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

C:\Windows\System32\svchost.exe -k secsvcs

c:\Program Files\Zune\ZuneNss.exe

C:\Program Files (x86)\Internet Explorer\IELowutil.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.aol.com/

uInternet Settings,ProxyOverride = *.local

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll

TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

uRun: [Google Update] "C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [LightScribe Control Panel] "C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" -hidden

uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe

mRun: [hpsysdrv] "c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe"

mRun: [HP Software Update] "c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe"

mRun: [<NO NAME>]

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 75.75.76.76 75.75.75.75

TCP: Interfaces\{C24CADA4-9C69-41A7-9FD0-AB93644A81F7} : DhcpNameServer = 75.75.76.76 75.75.75.75

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

BHO-X64: Search Helper - No File

BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll

BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0566.0\msneshellx.dll

TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File

TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

mRun-x64: [hpsysdrv] "c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe"

mRun-x64: [HP Software Update] "c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe"

mRun-x64: [(Default)]

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\2yhqczok.default\

FF - prefs.js: browser.search.selectedEngine - Bing

FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com/

FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll

FF - plugin: C:\Program Files (x86)\Sony\Media Go\npmediago.dll

FF - plugin: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll

FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\7\NP_wtapp.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\ProgramData\id Software\QuakeLive\npquakezero.dll

FF - plugin: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: C:\Users\Owner\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll

FF - plugin: C:\Users\Owner\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

FF - plugin: C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

FF - plugin: C:\Users\Owner\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll

FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

.

============= SERVICES / DRIVERS ===============

.

R0 WRkrn;WRkrn;C:\Windows\system32\drivers\WRkrn.sys --> C:\Windows\system32\drivers\WRkrn.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]

R2 BingDesktopUpdate;Bing Desktop Update service;C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2012-3-30 151656]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-6-9 654408]

R2 NTI BackupNowEZSvr;NTI BackupNowEZSvr;C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe [2011-9-23 45592]

R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-3-24 1262400]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]

R2 WRSVC;WRSVC;C:\Program Files\Webroot\WRSA.exe [2011-12-18 684240]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]

R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]

R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]

R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-6-16 136176]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-5-3 158856]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-21 257696]

S3 athrusb6;Atheros Wireless LAN USB device driver 6 Series;C:\Windows\system32\DRIVERS\athrxu6.sys --> C:\Windows\system32\DRIVERS\athrxu6.sys [?]

S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]

S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2012-6-2 135584]

S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-6-16 136176]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-6-10 113120]

S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2011-8-5 306400]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-06-10 22:14:37 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F8256565-F11A-4FC4-9E51-2391D92B813E}\offreg.dll

2012-06-10 00:18:33 21712 ----a-w- C:\Windows\SysWow64\drivers\DrvAgent64.SYS

2012-06-10 00:18:33 -------- d-----w- C:\Users\Owner\AppData\Local\eSupport.com

2012-06-09 21:33:11 -------- d-----w- C:\Users\Owner\AppData\Roaming\Malwarebytes

2012-06-09 21:32:55 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-06-09 21:32:55 -------- d-----w- C:\ProgramData\Malwarebytes

2012-06-09 21:32:55 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-06-08 14:47:44 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F8256565-F11A-4FC4-9E51-2391D92B813E}\mpengine.dll

2012-06-06 21:16:52 3953632 ----a-w- C:\Windows\SysWow64\GameMon.des

2012-06-06 21:16:45 5265 ----a-w- C:\Windows\SysWow64\nppt9x.vxd

2012-06-06 21:16:45 4774 ----a-w- C:\Windows\SysWow64\npptNT2.sys

2012-06-06 21:16:40 -------- d-----w- C:\Program Files\Common Files\INCA Shared

2012-06-05 21:48:04 -------- d-----w- C:\Users\Owner\AppData\Local\NVIDIA Corporation

2012-06-03 21:22:00 18432 ----a-w- C:\Windows\System32\drivers\NTIDrvr.sys

2012-06-03 21:21:59 16896 ----a-w- C:\Windows\System32\drivers\UBHelper.sys

2012-06-03 21:06:29 -------- d-----w- C:\ProgramData\NTIReg

2012-06-03 21:03:41 -------- d-----w- C:\Windows\SysWow64\drivers\nti\Xp_x86

2012-06-03 21:03:41 -------- d-----w- C:\Windows\SysWow64\drivers\nti\w2k_x86

2012-06-03 21:03:41 -------- d-----w- C:\Windows\SysWow64\drivers\nti\Vista_x86

2012-06-03 21:03:41 -------- d-----w- C:\Windows\SysWow64\drivers\nti\Vista_ia64

2012-06-03 21:03:41 -------- d-----w- C:\Windows\SysWow64\drivers\nti\Vista_amd64

2012-06-03 21:03:41 -------- d-----w- C:\Windows\SysWow64\drivers\nti\2003_x86

2012-06-03 21:03:41 -------- d-----w- C:\Windows\SysWow64\drivers\nti\2003_ia64

2012-06-03 21:03:41 -------- d-----w- C:\Windows\SysWow64\drivers\nti\2003_amd64

2012-06-03 21:03:33 -------- d-----w- C:\Windows\SysWow64\drivers\nti

2012-06-03 21:03:33 -------- d-----w- C:\Program Files (x86)\NTI

2012-06-03 21:02:38 -------- d-----w- C:\Windows\Downloaded Installations

2012-06-02 22:05:21 -------- d-----w- C:\Program Files (x86)\EVGA Precision X

2012-06-02 13:22:41 -------- d-----w- C:\Program Files (x86)\Futuremark

2012-05-29 22:41:59 -------- d-----w- C:\Program Files (x86)\Microsoft Research

2012-05-23 21:46:08 -------- d-----w- C:\Users\Owner\VirtualBox VMs

2012-05-23 21:45:49 -------- d-----w- C:\Users\Owner\.VirtualBox

2012-05-23 21:45:06 224088 ----a-w- C:\Windows\System32\drivers\VBoxDrv.sys

2012-05-23 21:44:58 130904 ----a-w- C:\Windows\System32\drivers\VBoxUSBMon.sys

2012-05-22 18:26:10 147288 ----a-w- C:\Windows\System32\drivers\VBoxNetAdp.sys

2012-05-22 02:15:11 -------- d-----w- C:\Users\Owner\AppData\Local\{829DC7E9-3A6E-49E4-B1FC-3781E25E6717}

2012-05-22 02:14:58 -------- d-----w- C:\Users\Owner\AppData\Local\{4BE87E96-5552-46CA-A64C-04E2CAB37DCA}

2012-05-19 19:19:00 -------- d-----w- C:\Program Files\Oracle

2012-05-14 02:30:06 -------- d-----w- C:\Users\Owner\AppData\Roaming\WildTangent

2012-05-13 19:37:25 -------- d-----w- C:\Program Files (x86)\gravitysensation.com

2012-05-12 15:56:36 -------- d-----w- C:\Users\Owner\AppData\Roaming\Cobalt

2012-05-12 15:56:35 -------- d-----w- C:\Cobalt

.

==================== Find3M ====================

.

2012-06-08 16:15:18 148664 ----a-w- C:\Windows\SysWow64\WRusr.dll

2012-06-08 16:15:18 112656 ----a-w- C:\Windows\System32\drivers\WRkrn.sys

2012-06-08 16:15:18 101808 ----a-w- C:\Windows\System32\WRusr.dll

2012-05-15 09:29:47 889664 ----a-w- C:\Windows\System32\nvvsvc.exe

2012-05-15 09:29:46 63296 ----a-w- C:\Windows\System32\nvshext.dll

2012-05-15 09:29:46 118080 ----a-w- C:\Windows\System32\nvmctray.dll

2012-05-15 09:29:25 3149632 ----a-w- C:\Windows\System32\nvsvc64.dll

2012-05-15 09:28:42 6151488 ----a-w- C:\Windows\System32\nvcpl.dll

2012-05-14 16:11:38 772552 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll

2012-05-14 16:11:38 687560 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-05-04 20:31:13 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-04 20:31:13 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-05-04 20:31:05 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe

2012-04-26 12:48:02 71680 ----a-w- C:\Windows\System32\frapsv64.dll

2012-04-26 12:48:00 65536 ----a-w- C:\Windows\SysWow64\frapsvid.dll

2012-04-19 00:56:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx

2012-04-19 00:56:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts

2012-04-14 02:07:51 466456 ----a-w- C:\Windows\System32\wrap_oal.dll

2012-04-14 02:07:51 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll

2012-04-14 02:07:51 122904 ----a-w- C:\Windows\System32\OpenAL32.dll

2012-04-14 02:07:51 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll

2012-04-04 22:33:18 955800 ----a-w- C:\Windows\System32\npdeployJava1.dll

2012-04-04 22:33:14 839056 ----a-w- C:\Windows\System32\deployJava1.dll

2012-03-31 06:05:57 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-03-31 04:39:37 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-03-31 04:39:37 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-03-31 03:10:03 3146240 ----a-w- C:\Windows\System32\win32k.sys

2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2012-03-25 00:39:03 6656 ----a-w- C:\Windows\System32\lpcio.dll

2012-03-17 07:58:57 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys

2012-03-13 20:56:30 0 ----a-w- C:\Windows\System32\SETACD8.tmp

2012-03-13 20:49:30 0 ----a-w- C:\Windows\System32\SET44F1.tmp

.

============= FINISH: 20:59:43.50 ===============

Attach.txt

Link to post
Share on other sites
Also, my Firefox searches appear to be wrong if I search with the default Google, but that might not have anything to do with this.

This is a sign of an infection.

------------------------

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system (don't run any other options, they're not all bad!)

Post back the report.

MrC

------->Logs will be closed if you haven't replied within 3 days!<--------

Link to post
Share on other sites

RogueKiller V7.5.4 [06/07/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: Owner [Admin rights]

Mode: Scan -- Date: 06/11/2012 09:42:45

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 8 ¤¤¤

[sUSP PATH] {4FF25FC0-22DA-4DA9-BF3C-901BA526B724}.job @ : C:\Users\Owner\Desktop\chromesetup_3d.exe -> FOUND

[sUSP PATH] {6FF98796-FAE1-4DA3-9752-3EA7B872B2F0}.job @ : C:\Users\Owner\Desktop\VCASTMediaManager_Full_1596.exe -> FOUND

[sUSP PATH] {82E2B53F-9FF3-478B-9C9C-087DEBA3DD6E}.job @ : C:\Users\Owner\Desktop\VCASTMediaManager_Full_1652.exe -> FOUND

[sUSP PATH] {843F70DB-EFB4-4DB4-A85D-EAB03D53B2B2}.job @ : C:\Users\Owner\Desktop\VCASTMediaManager_Full_1652.exe -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowSetProgramAccessAndDefaults (0) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD64 00AAKS-65A7B SCSI Disk Device +++++

--- User ---

[MBR] bd7c3e7d59ffe741a2454cf4ababd859

[bSP] eb50dc3a606bbbd4c4782f8f30779905 : Windows Vista/7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 599354 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1227683840 | Size: 11024 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

Finished : << RKreport[10].txt >>

RKreport[10].txt ; RKreport[9].txt

Link to post
Share on other sites

Please do this...........

Please make sure system restore is running and create a new restore point before continuing.

XP <===> Vista & W7

XP users > please back up the registry using ERUNT.

-----------------------------------------

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

tdss_1.jpg

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

tdss_2.jpg

------------------------

Click the Start Scan button.

tdss_3.jpg

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

tdss_4.jpg

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

tdss_5.jpg

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

Link to post
Share on other sites

10:05:25.0615 2404 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16

10:05:25.0893 2404 ============================================================

10:05:25.0893 2404 Current date / time: 2012/06/11 10:05:25.0893

10:05:25.0893 2404 SystemInfo:

10:05:25.0893 2404

10:05:25.0893 2404 OS Version: 6.1.7601 ServicePack: 1.0

10:05:25.0893 2404 Product type: Workstation

10:05:25.0893 2404 ComputerName: OWNER-PC

10:05:25.0893 2404 UserName: Owner

10:05:25.0893 2404 Windows directory: C:\Windows

10:05:25.0893 2404 System windows directory: C:\Windows

10:05:25.0893 2404 Running under WOW64

10:05:25.0893 2404 Processor architecture: Intel x64

10:05:25.0893 2404 Number of processors: 2

10:05:25.0893 2404 Page size: 0x1000

10:05:25.0893 2404 Boot type: Normal boot

10:05:25.0893 2404 ============================================================

10:05:27.0064 2404 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

10:05:27.0079 2404 ============================================================

10:05:27.0079 2404 \Device\Harddisk0\DR0:

10:05:27.0088 2404 MBR partitions:

10:05:27.0088 2404 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

10:05:27.0088 2404 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x4929D000

10:05:27.0088 2404 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x492CF800, BlocksNum 0x1588000

10:05:27.0088 2404 ============================================================

10:05:27.0148 2404 C: <-> \Device\Harddisk0\DR0\Partition1

10:05:27.0272 2404 D: <-> \Device\Harddisk0\DR0\Partition2

10:05:27.0273 2404 ============================================================

10:05:27.0273 2404 Initialize success

10:05:27.0273 2404 ============================================================

10:06:02.0360 5136 ============================================================

10:06:02.0360 5136 Scan started

10:06:02.0360 5136 Mode: Manual;

10:06:02.0360 5136 ============================================================

10:06:03.0067 5136 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

10:06:03.0079 5136 1394ohci - ok

10:06:03.0127 5136 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

10:06:03.0134 5136 ACPI - ok

10:06:03.0167 5136 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

10:06:03.0168 5136 AcpiPmi - ok

10:06:03.0305 5136 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

10:06:03.0310 5136 AdobeARMservice - ok

10:06:03.0467 5136 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

10:06:03.0470 5136 AdobeFlashPlayerUpdateSvc - ok

10:06:03.0519 5136 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

10:06:03.0531 5136 adp94xx - ok

10:06:03.0589 5136 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

10:06:03.0604 5136 adpahci - ok

10:06:03.0633 5136 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

10:06:03.0642 5136 adpu320 - ok

10:06:03.0667 5136 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

10:06:03.0668 5136 AeLookupSvc - ok

10:06:03.0766 5136 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

10:06:03.0776 5136 AFD - ok

10:06:03.0820 5136 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

10:06:03.0821 5136 agp440 - ok

10:06:03.0838 5136 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

10:06:03.0843 5136 ALG - ok

10:06:03.0859 5136 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

10:06:03.0861 5136 aliide - ok

10:06:03.0878 5136 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

10:06:03.0880 5136 amdide - ok

10:06:03.0901 5136 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

10:06:03.0903 5136 AmdK8 - ok

10:06:03.0925 5136 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

10:06:03.0926 5136 AmdPPM - ok

10:06:03.0965 5136 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

10:06:03.0976 5136 amdsata - ok

10:06:04.0014 5136 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

10:06:04.0021 5136 amdsbs - ok

10:06:04.0039 5136 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

10:06:04.0040 5136 amdxata - ok

10:06:04.0099 5136 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

10:06:04.0104 5136 AppID - ok

10:06:04.0127 5136 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

10:06:04.0128 5136 AppIDSvc - ok

10:06:04.0177 5136 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

10:06:04.0181 5136 Appinfo - ok

10:06:04.0317 5136 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

10:06:04.0322 5136 Apple Mobile Device - ok

10:06:04.0350 5136 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

10:06:04.0361 5136 arc - ok

10:06:04.0376 5136 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

10:06:04.0380 5136 arcsas - ok

10:06:04.0518 5136 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

10:06:04.0521 5136 aspnet_state - ok

10:06:04.0546 5136 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

10:06:04.0548 5136 AsyncMac - ok

10:06:04.0603 5136 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

10:06:04.0605 5136 atapi - ok

10:06:04.0739 5136 athrusb6 (aec505976ef01bbd8f57cba912f39259) C:\Windows\system32\DRIVERS\athrxu6.sys

10:06:04.0766 5136 athrusb6 - ok

10:06:04.0851 5136 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

10:06:04.0866 5136 AudioEndpointBuilder - ok

10:06:04.0875 5136 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

10:06:04.0880 5136 AudioSrv - ok

10:06:04.0936 5136 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

10:06:04.0946 5136 AxInstSV - ok

10:06:05.0044 5136 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

10:06:05.0058 5136 b06bdrv - ok

10:06:05.0099 5136 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

10:06:05.0112 5136 b57nd60a - ok

10:06:05.0138 5136 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

10:06:05.0142 5136 BDESVC - ok

10:06:05.0169 5136 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

10:06:05.0170 5136 Beep - ok

10:06:05.0289 5136 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll

10:06:05.0310 5136 BFE - ok

10:06:05.0445 5136 BingDesktopUpdate (1b63f2b7ca6b5290cc124cdd07520bc9) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe

10:06:05.0454 5136 BingDesktopUpdate - ok

10:06:05.0575 5136 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll

10:06:05.0607 5136 BITS - ok

10:06:05.0667 5136 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

10:06:05.0670 5136 blbdrive - ok

10:06:05.0797 5136 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe

10:06:05.0810 5136 Bonjour Service - ok

10:06:05.0907 5136 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

10:06:05.0913 5136 bowser - ok

10:06:05.0997 5136 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

10:06:06.0008 5136 BrFiltLo - ok

10:06:06.0042 5136 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

10:06:06.0058 5136 BrFiltUp - ok

10:06:06.0119 5136 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

10:06:06.0127 5136 Browser - ok

10:06:06.0180 5136 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

10:06:06.0214 5136 Brserid - ok

10:06:06.0234 5136 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

10:06:06.0237 5136 BrSerWdm - ok

10:06:06.0265 5136 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

10:06:06.0267 5136 BrUsbMdm - ok

10:06:06.0280 5136 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

10:06:06.0282 5136 BrUsbSer - ok

10:06:06.0316 5136 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

10:06:06.0318 5136 BTHMODEM - ok

10:06:06.0360 5136 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

10:06:06.0372 5136 bthserv - ok

10:06:06.0422 5136 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

10:06:06.0434 5136 cdfs - ok

10:06:06.0502 5136 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys

10:06:06.0544 5136 cdrom - ok

10:06:06.0622 5136 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

10:06:06.0634 5136 CertPropSvc - ok

10:06:06.0666 5136 cFjOxhVv - ok

10:06:06.0706 5136 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

10:06:06.0707 5136 circlass - ok

10:06:06.0739 5136 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

10:06:06.0744 5136 CLFS - ok

10:06:06.0827 5136 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

10:06:06.0840 5136 clr_optimization_v2.0.50727_32 - ok

10:06:06.0882 5136 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

10:06:06.0894 5136 clr_optimization_v2.0.50727_64 - ok

10:06:06.0976 5136 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

10:06:07.0019 5136 clr_optimization_v4.0.30319_32 - ok

10:06:07.0091 5136 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

10:06:07.0125 5136 clr_optimization_v4.0.30319_64 - ok

10:06:07.0301 5136 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

10:06:07.0319 5136 CmBatt - ok

10:06:07.0357 5136 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

10:06:07.0359 5136 cmdide - ok

10:06:07.0437 5136 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

10:06:07.0451 5136 CNG - ok

10:06:07.0466 5136 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

10:06:07.0469 5136 Compbatt - ok

10:06:07.0484 5136 Scan interrupted by user!

10:06:07.0484 5136 Scan interrupted by user!

10:06:07.0484 5136 Scan interrupted by user!

10:06:07.0484 5136 ============================================================

10:06:07.0484 5136 Scan finished

10:06:07.0484 5136 ============================================================

10:06:07.0499 2864 Detected object count: 0

10:06:07.0499 2864 Actual detected object count: 0

10:06:32.0944 4408 ============================================================

10:06:32.0944 4408 Scan started

10:06:32.0944 4408 Mode: Manual; SigCheck; TDLFS;

10:06:32.0944 4408 ============================================================

10:06:33.0161 4408 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

10:06:33.0266 4408 1394ohci - ok

10:06:33.0300 4408 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

10:06:33.0313 4408 ACPI - ok

10:06:33.0350 4408 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

10:06:33.0434 4408 AcpiPmi - ok

10:06:33.0546 4408 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

10:06:33.0569 4408 AdobeARMservice - ok

10:06:33.0705 4408 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

10:06:33.0726 4408 AdobeFlashPlayerUpdateSvc - ok

10:06:33.0776 4408 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

10:06:33.0798 4408 adp94xx - ok

10:06:33.0838 4408 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

10:06:33.0851 4408 adpahci - ok

10:06:33.0881 4408 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

10:06:33.0892 4408 adpu320 - ok

10:06:33.0916 4408 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

10:06:33.0959 4408 AeLookupSvc - ok

10:06:34.0041 4408 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

10:06:34.0126 4408 AFD - ok

10:06:34.0161 4408 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

10:06:34.0176 4408 agp440 - ok

10:06:34.0196 4408 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

10:06:34.0229 4408 ALG - ok

10:06:34.0242 4408 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

10:06:34.0251 4408 aliide - ok

10:06:34.0255 4408 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

10:06:34.0264 4408 amdide - ok

10:06:34.0284 4408 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

10:06:34.0363 4408 AmdK8 - ok

10:06:34.0382 4408 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

10:06:34.0431 4408 AmdPPM - ok

10:06:34.0473 4408 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

10:06:34.0488 4408 amdsata - ok

10:06:34.0520 4408 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

10:06:34.0531 4408 amdsbs - ok

10:06:34.0547 4408 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

10:06:34.0556 4408 amdxata - ok

10:06:34.0598 4408 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

10:06:34.0759 4408 AppID - ok

10:06:34.0784 4408 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

10:06:34.0875 4408 AppIDSvc - ok

10:06:34.0917 4408 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

10:06:35.0000 4408 Appinfo - ok

10:06:35.0116 4408 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

10:06:35.0144 4408 Apple Mobile Device - ok

10:06:35.0174 4408 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

10:06:35.0207 4408 arc - ok

10:06:35.0219 4408 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

10:06:35.0234 4408 arcsas - ok

10:06:35.0343 4408 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

10:06:35.0368 4408 aspnet_state - ok

10:06:35.0413 4408 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

10:06:35.0524 4408 AsyncMac - ok

10:06:35.0560 4408 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

10:06:35.0572 4408 atapi - ok

10:06:35.0687 4408 athrusb6 (aec505976ef01bbd8f57cba912f39259) C:\Windows\system32\DRIVERS\athrxu6.sys

10:06:35.0739 4408 athrusb6 - ok

10:06:35.0817 4408 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

10:06:35.0880 4408 AudioEndpointBuilder - ok

10:06:35.0887 4408 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

10:06:35.0918 4408 AudioSrv - ok

10:06:35.0959 4408 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

10:06:36.0049 4408 AxInstSV - ok

10:06:36.0124 4408 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

10:06:36.0184 4408 b06bdrv - ok

10:06:36.0231 4408 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

10:06:36.0292 4408 b57nd60a - ok

10:06:36.0329 4408 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

10:06:36.0394 4408 BDESVC - ok

10:06:36.0410 4408 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

10:06:36.0465 4408 Beep - ok

10:06:36.0540 4408 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll

10:06:36.0584 4408 BFE - ok

10:06:36.0686 4408 BingDesktopUpdate (1b63f2b7ca6b5290cc124cdd07520bc9) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe

10:06:36.0718 4408 BingDesktopUpdate - ok

10:06:36.0816 4408 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll

10:06:36.0879 4408 BITS - ok

10:06:36.0924 4408 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

10:06:36.0941 4408 blbdrive - ok

10:06:37.0024 4408 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe

10:06:37.0053 4408 Bonjour Service - ok

10:06:37.0096 4408 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

10:06:37.0126 4408 bowser - ok

10:06:37.0158 4408 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

10:06:37.0235 4408 BrFiltLo - ok

10:06:37.0258 4408 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

10:06:37.0296 4408 BrFiltUp - ok

10:06:37.0359 4408 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

10:06:37.0461 4408 Browser - ok

10:06:37.0488 4408 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

10:06:37.0548 4408 Brserid - ok

10:06:37.0566 4408 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

10:06:37.0590 4408 BrSerWdm - ok

10:06:37.0615 4408 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

10:06:37.0642 4408 BrUsbMdm - ok

10:06:37.0655 4408 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

10:06:37.0674 4408 BrUsbSer - ok

10:06:37.0691 4408 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

10:06:37.0713 4408 BTHMODEM - ok

10:06:37.0733 4408 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

10:06:37.0769 4408 bthserv - ok

10:06:37.0803 4408 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

10:06:37.0842 4408 cdfs - ok

10:06:37.0881 4408 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys

10:06:37.0908 4408 cdrom - ok

10:06:37.0944 4408 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

10:06:37.0992 4408 CertPropSvc - ok

10:06:37.0995 4408 cFjOxhVv - ok

10:06:38.0030 4408 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

10:06:38.0069 4408 circlass - ok

10:06:38.0104 4408 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

10:06:38.0124 4408 CLFS - ok

10:06:38.0193 4408 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

10:06:38.0218 4408 clr_optimization_v2.0.50727_32 - ok

10:06:38.0255 4408 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

10:06:38.0268 4408 clr_optimization_v2.0.50727_64 - ok

10:06:38.0342 4408 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

10:06:38.0368 4408 clr_optimization_v4.0.30319_32 - ok

10:06:38.0432 4408 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

10:06:38.0458 4408 clr_optimization_v4.0.30319_64 - ok

10:06:38.0485 4408 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

10:06:38.0514 4408 CmBatt - ok

10:06:38.0548 4408 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

10:06:38.0562 4408 cmdide - ok

10:06:38.0642 4408 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

10:06:38.0691 4408 CNG - ok

10:06:38.0707 4408 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

10:06:38.0717 4408 Compbatt - ok

10:06:38.0754 4408 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

10:06:38.0778 4408 CompositeBus - ok

10:06:38.0792 4408 COMSysApp - ok

10:06:38.0813 4408 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

10:06:38.0823 4408 crcdisk - ok

10:06:38.0888 4408 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll

10:06:38.0943 4408 CryptSvc - ok

10:06:39.0122 4408 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

10:06:39.0185 4408 cvhsvc - ok

10:06:39.0254 4408 dc3d (7af9dac504fbd047cbc3e64ae52c92bf) C:\Windows\system32\DRIVERS\dc3d.sys

10:06:39.0321 4408 dc3d - ok

10:06:39.0391 4408 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

10:06:39.0435 4408 DcomLaunch - ok

10:06:39.0469 4408 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

10:06:39.0514 4408 defragsvc - ok

10:06:39.0553 4408 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

10:06:39.0584 4408 DfsC - ok

10:06:39.0657 4408 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

10:06:39.0709 4408 Dhcp - ok

10:06:39.0743 4408 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

10:06:39.0798 4408 discache - ok

10:06:39.0854 4408 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

10:06:39.0866 4408 Disk - ok

10:06:39.0941 4408 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

10:06:40.0018 4408 Dnscache - ok

10:06:40.0068 4408 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

10:06:40.0119 4408 dot3svc - ok

10:06:40.0149 4408 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

10:06:40.0186 4408 DPS - ok

10:06:40.0218 4408 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

10:06:40.0249 4408 drmkaud - ok

10:06:40.0352 4408 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

10:06:40.0384 4408 DXGKrnl - ok

10:06:40.0417 4408 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

10:06:40.0455 4408 EapHost - ok

10:06:40.0677 4408 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

10:06:40.0764 4408 ebdrv - ok

10:06:40.0892 4408 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

10:06:40.0961 4408 EFS - ok

10:06:41.0070 4408 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

10:06:41.0121 4408 ehRecvr - ok

10:06:41.0165 4408 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

10:06:41.0192 4408 ehSched - ok

10:06:41.0284 4408 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

10:06:41.0312 4408 elxstor - ok

10:06:41.0350 4408 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

10:06:41.0372 4408 ErrDev - ok

10:06:41.0431 4408 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

10:06:41.0483 4408 EventSystem - ok

10:06:41.0525 4408 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

10:06:41.0570 4408 exfat - ok

10:06:41.0595 4408 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

10:06:41.0645 4408 fastfat - ok

10:06:41.0750 4408 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

10:06:41.0800 4408 Fax - ok

10:06:41.0831 4408 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

10:06:41.0852 4408 fdc - ok

10:06:41.0876 4408 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

10:06:41.0918 4408 fdPHost - ok

10:06:41.0941 4408 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

10:06:41.0993 4408 FDResPub - ok

10:06:42.0018 4408 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

10:06:42.0030 4408 FileInfo - ok

10:06:42.0046 4408 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

10:06:42.0089 4408 Filetrace - ok

10:06:42.0110 4408 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

10:06:42.0123 4408 flpydisk - ok

10:06:42.0188 4408 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

10:06:42.0210 4408 FltMgr - ok

10:06:42.0337 4408 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

10:06:42.0395 4408 FontCache - ok

10:06:42.0476 4408 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

10:06:42.0485 4408 FontCache3.0.0.0 - ok

10:06:42.0527 4408 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

10:06:42.0539 4408 FsDepends - ok

10:06:42.0596 4408 fssfltr (07da62c960ddccc2d35836aeab4fc578) C:\Windows\system32\DRIVERS\fssfltr.sys

10:06:42.0606 4408 fssfltr - ok

10:06:42.0998 4408 fsssvc (28ddeeec44e988657b732cf404d504cb) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe

10:06:43.0041 4408 fsssvc - ok

10:06:43.0144 4408 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys

10:06:43.0154 4408 Fs_Rec - ok

10:06:43.0234 4408 Futuremark SystemInfo Service (ae6f0a6562d3eccd613de1fd8612ac4e) C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe

10:06:43.0253 4408 Futuremark SystemInfo Service - ok

10:06:43.0337 4408 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

10:06:43.0353 4408 fvevol - ok

10:06:43.0395 4408 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

10:06:43.0410 4408 gagp30kx - ok

10:06:43.0509 4408 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe

10:06:43.0526 4408 GamesAppService - ok

10:06:43.0568 4408 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

10:06:43.0577 4408 GEARAspiWDM - ok

10:06:43.0677 4408 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

10:06:43.0727 4408 gpsvc - ok

10:06:43.0798 4408 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

10:06:43.0807 4408 gupdate - ok

10:06:43.0815 4408 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

10:06:43.0824 4408 gupdatem - ok

10:06:43.0845 4408 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

10:06:43.0884 4408 hcw85cir - ok

10:06:43.0929 4408 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

10:06:43.0954 4408 HDAudBus - ok

10:06:43.0972 4408 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

10:06:44.0007 4408 HidBatt - ok

10:06:44.0043 4408 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

10:06:44.0083 4408 HidBth - ok

10:06:44.0104 4408 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

10:06:44.0149 4408 HidIr - ok

10:06:44.0193 4408 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll

10:06:44.0234 4408 hidserv - ok

10:06:44.0267 4408 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

10:06:44.0278 4408 HidUsb - ok

10:06:44.0324 4408 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

10:06:44.0411 4408 hkmsvc - ok

10:06:44.0463 4408 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

10:06:44.0494 4408 HomeGroupListener - ok

10:06:44.0539 4408 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

10:06:44.0569 4408 HomeGroupProvider - ok

10:06:44.0604 4408 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

10:06:44.0614 4408 HpSAMD - ok

10:06:44.0711 4408 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

10:06:44.0781 4408 HTTP - ok

10:06:44.0818 4408 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

10:06:44.0846 4408 hwpolicy - ok

10:06:44.0883 4408 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

10:06:44.0902 4408 i8042prt - ok

10:06:44.0970 4408 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

10:06:44.0996 4408 iaStorV - ok

10:06:45.0105 4408 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

10:06:45.0133 4408 idsvc - ok

10:06:45.0182 4408 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

10:06:45.0192 4408 iirsp - ok

10:06:45.0290 4408 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

10:06:45.0359 4408 IKEEXT - ok

10:06:45.0700 4408 IntcAzAudAddService (91ed47813243b455e2d81115a8255f0e) C:\Windows\system32\drivers\RTKVHD64.sys

10:06:45.0820 4408 IntcAzAudAddService - ok

10:06:45.0961 4408 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

10:06:45.0971 4408 intelide - ok

10:06:46.0000 4408 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

10:06:46.0019 4408 intelppm - ok

10:06:46.0056 4408 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

10:06:46.0102 4408 IPBusEnum - ok

10:06:46.0137 4408 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

10:06:46.0214 4408 IpFilterDriver - ok

10:06:46.0271 4408 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll

10:06:46.0314 4408 iphlpsvc - ok

10:06:46.0353 4408 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

10:06:46.0375 4408 IPMIDRV - ok

10:06:46.0414 4408 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

10:06:46.0466 4408 IPNAT - ok

10:06:46.0614 4408 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe

10:06:46.0647 4408 iPod Service - ok

10:06:46.0668 4408 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

10:06:46.0729 4408 IRENUM - ok

10:06:46.0743 4408 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

10:06:46.0753 4408 isapnp - ok

10:06:46.0801 4408 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

10:06:46.0818 4408 iScsiPrt - ok

10:06:46.0832 4408 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys

10:06:46.0843 4408 kbdclass - ok

10:06:46.0886 4408 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

10:06:46.0944 4408 kbdhid - ok

10:06:46.0984 4408 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

10:06:46.0995 4408 KeyIso - ok

10:06:47.0018 4408 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

10:06:47.0036 4408 KSecDD - ok

10:06:47.0052 4408 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

10:06:47.0065 4408 KSecPkg - ok

10:06:47.0083 4408 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

10:06:47.0120 4408 ksthunk - ok

10:06:47.0175 4408 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

10:06:47.0223 4408 KtmRm - ok

10:06:47.0270 4408 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll

10:06:47.0316 4408 LanmanServer - ok

10:06:47.0366 4408 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

10:06:47.0443 4408 LanmanWorkstation - ok

10:06:47.0534 4408 LightScribeService (2238b91ac1a12cc6cc4c4fed41258b2a) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

10:06:47.0557 4408 LightScribeService ( UnsignedFile.Multi.Generic ) - warning

10:06:47.0557 4408 LightScribeService - detected UnsignedFile.Multi.Generic (1)

10:06:47.0587 4408 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

10:06:47.0626 4408 lltdio - ok

10:06:47.0668 4408 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

10:06:47.0719 4408 lltdsvc - ok

10:06:47.0738 4408 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

10:06:47.0772 4408 lmhosts - ok

10:06:47.0812 4408 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

10:06:47.0832 4408 LSI_FC - ok

10:06:47.0869 4408 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

10:06:47.0883 4408 LSI_SAS - ok

10:06:47.0959 4408 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

10:06:47.0979 4408 LSI_SAS2 - ok

10:06:47.0998 4408 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

10:06:48.0020 4408 LSI_SCSI - ok

10:06:48.0062 4408 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

10:06:48.0107 4408 luafv - ok

10:06:48.0166 4408 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys

10:06:48.0177 4408 MBAMProtector - ok

10:06:48.0263 4408 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

10:06:48.0287 4408 MBAMService - ok

10:06:48.0327 4408 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

10:06:48.0351 4408 Mcx2Svc - ok

10:06:48.0383 4408 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

10:06:48.0394 4408 megasas - ok

10:06:48.0422 4408 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

10:06:48.0445 4408 MegaSR - ok

10:06:48.0469 4408 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

10:06:48.0524 4408 MMCSS - ok

10:06:48.0539 4408 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

10:06:48.0574 4408 Modem - ok

10:06:48.0602 4408 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

10:06:48.0628 4408 monitor - ok

10:06:48.0662 4408 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

10:06:48.0672 4408 mouclass - ok

10:06:48.0693 4408 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

10:06:48.0737 4408 mouhid - ok

10:06:48.0788 4408 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

10:06:48.0813 4408 mountmgr - ok

10:06:48.0898 4408 MozillaMaintenance (6380ff81dd4d78b23398752d2f46ea43) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

10:06:48.0940 4408 MozillaMaintenance - ok

10:06:48.0984 4408 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

10:06:49.0009 4408 mpio - ok

10:06:49.0034 4408 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

10:06:49.0075 4408 mpsdrv - ok

10:06:49.0164 4408 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll

10:06:49.0217 4408 MpsSvc - ok

10:06:49.0262 4408 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

10:06:49.0306 4408 MRxDAV - ok

10:06:49.0348 4408 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

10:06:49.0384 4408 mrxsmb - ok

10:06:49.0433 4408 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

10:06:49.0490 4408 mrxsmb10 - ok

10:06:49.0518 4408 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

10:06:49.0544 4408 mrxsmb20 - ok

10:06:49.0579 4408 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

10:06:49.0594 4408 msahci - ok

10:06:49.0614 4408 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

10:06:49.0631 4408 msdsm - ok

10:06:49.0653 4408 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

10:06:49.0688 4408 MSDTC - ok

10:06:49.0717 4408 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

10:06:49.0745 4408 Msfs - ok

10:06:49.0755 4408 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

10:06:49.0802 4408 mshidkmdf - ok

10:06:49.0834 4408 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

10:06:49.0844 4408 msisadrv - ok

10:06:49.0881 4408 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

10:06:49.0929 4408 MSiSCSI - ok

10:06:49.0932 4408 msiserver - ok

10:06:49.0955 4408 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

10:06:49.0992 4408 MSKSSRV - ok

10:06:50.0012 4408 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

10:06:50.0049 4408 MSPCLOCK - ok

10:06:50.0064 4408 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

10:06:50.0100 4408 MSPQM - ok

10:06:50.0148 4408 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

10:06:50.0170 4408 MsRPC - ok

10:06:50.0185 4408 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

10:06:50.0195 4408 mssmbios - ok

10:06:50.0204 4408 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

10:06:50.0232 4408 MSTEE - ok

10:06:50.0249 4408 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

10:06:50.0260 4408 MTConfig - ok

10:06:50.0280 4408 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

10:06:50.0290 4408 Mup - ok

10:06:50.0347 4408 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

10:06:50.0405 4408 napagent - ok

10:06:50.0456 4408 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

10:06:50.0492 4408 NativeWifiP - ok

10:06:50.0572 4408 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

10:06:50.0600 4408 NDIS - ok

10:06:50.0627 4408 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

10:06:50.0655 4408 NdisCap - ok

10:06:50.0674 4408 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

10:06:50.0702 4408 NdisTapi - ok

10:06:50.0741 4408 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

10:06:50.0769 4408 Ndisuio - ok

10:06:50.0810 4408 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

10:06:50.0892 4408 NdisWan - ok

10:06:50.0938 4408 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

10:06:51.0011 4408 NDProxy - ok

10:06:51.0021 4408 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

10:06:51.0064 4408 NetBIOS - ok

10:06:51.0114 4408 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

10:06:51.0143 4408 NetBT - ok

10:06:51.0193 4408 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

10:06:51.0224 4408 Netlogon - ok

10:06:51.0293 4408 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

10:06:51.0381 4408 Netman - ok

10:06:51.0520 4408 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

10:06:51.0557 4408 NetMsmqActivator - ok

10:06:51.0565 4408 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

10:06:51.0576 4408 NetPipeActivator - ok

10:06:51.0614 4408 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

10:06:51.0675 4408 netprofm - ok

10:06:51.0679 4408 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

10:06:51.0689 4408 NetTcpActivator - ok

10:06:51.0693 4408 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

10:06:51.0702 4408 NetTcpPortSharing - ok

10:06:51.0753 4408 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

10:06:51.0780 4408 nfrd960 - ok

10:06:51.0841 4408 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

10:06:51.0903 4408 NlaSvc - ok

10:06:51.0933 4408 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

10:06:51.0961 4408 Npfs - ok

10:06:51.0981 4408 npggsvc - ok

10:06:51.0997 4408 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

10:06:52.0048 4408 nsi - ok

10:06:52.0062 4408 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

10:06:52.0100 4408 nsiproxy - ok

10:06:52.0261 4408 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

10:06:52.0321 4408 Ntfs - ok

10:06:52.0448 4408 NTI BackupNowEZSvr (07953351a3424baa50fc5c4a1434fb04) C:\Program Files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe

10:06:52.0474 4408 NTI BackupNowEZSvr - ok

10:06:52.0574 4408 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys

10:06:52.0587 4408 NTIDrvr - ok

10:06:52.0644 4408 NuidFltr (317020d31f1696334679b9d0416eb62e) C:\Windows\system32\DRIVERS\NuidFltr.sys

10:06:52.0669 4408 NuidFltr - ok

10:06:52.0692 4408 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

10:06:52.0744 4408 Null - ok

10:06:53.0607 4408 nvlddmkm (ba0b4889c40380a01ecdf84c227a89c9) C:\Windows\system32\DRIVERS\nvlddmkm.sys

10:06:53.0949 4408 nvlddmkm - ok

10:06:54.0090 4408 NVNET (909eedcbd365bb81027d8e742e6b3416) C:\Windows\system32\DRIVERS\nvmf6264.sys

10:06:54.0112 4408 NVNET - ok

10:06:54.0162 4408 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

10:06:54.0204 4408 nvraid - ok

10:06:54.0242 4408 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

10:06:54.0268 4408 nvstor - ok

10:06:54.0303 4408 nvstor64 (1e45f96342429d63dc30e0d9117da3d8) C:\Windows\system32\DRIVERS\nvstor64.sys

10:06:54.0318 4408 nvstor64 - ok

10:06:54.0443 4408 nvsvc (06633cf95bea62164c3bfca24bce6b11) C:\Windows\system32\nvvsvc.exe

10:06:54.0478 4408 nvsvc - ok

10:06:54.0690 4408 nvUpdatusService (53b629ce436b110c5689c2f6439e567b) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

10:06:54.0760 4408 nvUpdatusService - ok

10:06:54.0886 4408 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

10:06:54.0927 4408 nv_agp - ok

10:06:55.0054 4408 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

10:06:55.0089 4408 odserv - ok

10:06:55.0132 4408 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

10:06:55.0160 4408 ohci1394 - ok

10:06:55.0185 4408 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

10:06:55.0224 4408 ose - ok

10:06:55.0534 4408 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

10:06:55.0635 4408 osppsvc - ok

10:06:55.0818 4408 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

10:06:55.0885 4408 p2pimsvc - ok

10:06:55.0977 4408 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

10:06:56.0053 4408 p2psvc - ok

10:06:56.0099 4408 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

10:06:56.0118 4408 Parport - ok

10:06:56.0151 4408 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys

10:06:56.0161 4408 partmgr - ok

10:06:56.0179 4408 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

10:06:56.0215 4408 PcaSvc - ok

10:06:56.0274 4408 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

10:06:56.0311 4408 pci - ok

10:06:56.0332 4408 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

10:06:56.0347 4408 pciide - ok

10:06:56.0376 4408 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

10:06:56.0400 4408 pcmcia - ok

10:06:56.0425 4408 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

10:06:56.0440 4408 pcw - ok

10:06:56.0488 4408 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

10:06:56.0567 4408 PEAUTH - ok

10:06:56.0665 4408 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

10:06:56.0700 4408 PerfHost - ok

10:06:56.0828 4408 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

10:06:56.0903 4408 pla - ok

10:06:56.0980 4408 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

10:06:57.0049 4408 PlugPlay - ok

10:06:57.0089 4408 Pml Driver HPZ12 (f485770eec8959684cc4c4786b63c06c) C:\Windows\system32\HPZipm12.dll

10:06:57.0126 4408 Pml Driver HPZ12 - ok

10:06:57.0149 4408 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

10:06:57.0166 4408 PNRPAutoReg - ok

10:06:57.0194 4408 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

10:06:57.0207 4408 PNRPsvc - ok

10:06:57.0262 4408 Point64 (4f0878fd62d5f7444c5f1c4c66d9d293) C:\Windows\system32\DRIVERS\point64.sys

10:06:57.0291 4408 Point64 - ok

10:06:57.0353 4408 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

10:06:57.0420 4408 PolicyAgent - ok

10:06:57.0457 4408 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

10:06:57.0499 4408 Power - ok

10:06:57.0547 4408 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

10:06:57.0648 4408 PptpMiniport - ok

10:06:57.0696 4408 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

10:06:57.0744 4408 Processor - ok

10:06:57.0807 4408 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll

10:06:57.0866 4408 ProfSvc - ok

10:06:57.0917 4408 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

10:06:57.0927 4408 ProtectedStorage - ok

10:06:57.0969 4408 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

10:06:58.0018 4408 Psched - ok

10:06:58.0154 4408 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

10:06:58.0196 4408 ql2300 - ok

10:06:58.0321 4408 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

10:06:58.0338 4408 ql40xx - ok

10:06:58.0369 4408 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

10:06:58.0417 4408 QWAVE - ok

10:06:58.0444 4408 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

10:06:58.0464 4408 QWAVEdrv - ok

10:06:58.0481 4408 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

10:06:58.0524 4408 RasAcd - ok

10:06:58.0556 4408 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

10:06:58.0584 4408 RasAgileVpn - ok

10:06:58.0601 4408 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

10:06:58.0653 4408 RasAuto - ok

10:06:58.0693 4408 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

10:06:58.0783 4408 Rasl2tp - ok

10:06:59.0105 4408 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

10:06:59.0208 4408 RasMan - ok

10:06:59.0223 4408 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

10:06:59.0265 4408 RasPppoe - ok

10:06:59.0300 4408 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

10:06:59.0329 4408 RasSstp - ok

10:06:59.0388 4408 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

10:06:59.0473 4408 rdbss - ok

10:06:59.0495 4408 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

10:06:59.0518 4408 rdpbus - ok

10:06:59.0528 4408 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

10:06:59.0557 4408 RDPCDD - ok

10:06:59.0580 4408 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

10:06:59.0621 4408 RDPENCDD - ok

10:06:59.0636 4408 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

10:06:59.0664 4408 RDPREFMP - ok

10:06:59.0723 4408 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys

10:06:59.0790 4408 RDPWD - ok

10:06:59.0861 4408 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

10:06:59.0906 4408 rdyboost - ok

10:06:59.0933 4408 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

10:06:59.0997 4408 RemoteAccess - ok

10:07:00.0030 4408 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

10:07:00.0078 4408 RemoteRegistry - ok

10:07:00.0098 4408 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

10:07:00.0143 4408 RpcEptMapper - ok

10:07:00.0189 4408 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

10:07:00.0227 4408 RpcLocator - ok

10:07:00.0286 4408 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

10:07:00.0332 4408 RpcSs - ok

10:07:00.0361 4408 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

10:07:00.0390 4408 rspndr - ok

10:07:00.0442 4408 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

10:07:00.0469 4408 SamSs - ok

10:07:00.0517 4408 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

10:07:00.0560 4408 sbp2port - ok

10:07:00.0591 4408 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

10:07:00.0643 4408 SCardSvr - ok

10:07:00.0674 4408 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

10:07:00.0710 4408 scfilter - ok

10:07:00.0840 4408 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

10:07:00.0905 4408 Schedule - ok

10:07:00.0944 4408 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

10:07:00.0971 4408 SCPolicySvc - ok

10:07:01.0015 4408 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

10:07:01.0071 4408 SDRSVC - ok

10:07:01.0172 4408 SeaPort (d358e077a0a05d9b12da22d137ee8464) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

10:07:01.0212 4408 SeaPort - ok

10:07:01.0261 4408 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

10:07:01.0329 4408 secdrv - ok

10:07:01.0349 4408 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

10:07:01.0407 4408 seclogon - ok

10:07:01.0440 4408 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll

10:07:01.0480 4408 SENS - ok

10:07:01.0501 4408 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

10:07:01.0521 4408 SensrSvc - ok

10:07:01.0540 4408 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

10:07:01.0579 4408 Serenum - ok

10:07:01.0603 4408 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

10:07:01.0621 4408 Serial - ok

10:07:01.0661 4408 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

10:07:01.0677 4408 sermouse - ok

10:07:01.0727 4408 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

10:07:01.0791 4408 SessionEnv - ok

10:07:01.0822 4408 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

10:07:01.0864 4408 sffdisk - ok

10:07:01.0883 4408 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

10:07:01.0928 4408 sffp_mmc - ok

10:07:01.0946 4408 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

10:07:01.0976 4408 sffp_sd - ok

10:07:01.0993 4408 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

10:07:02.0025 4408 sfloppy - ok

10:07:02.0142 4408 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys

10:07:02.0192 4408 Sftfs - ok

10:07:02.0309 4408 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

10:07:02.0345 4408 sftlist - ok

10:07:02.0371 4408 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys

10:07:02.0390 4408 Sftplay - ok

10:07:02.0397 4408 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys

10:07:02.0405 4408 Sftredir - ok

10:07:02.0416 4408 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys

10:07:02.0424 4408 Sftvol - ok

10:07:02.0447 4408 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

10:07:02.0463 4408 sftvsa - ok

10:07:02.0521 4408 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

10:07:02.0578 4408 SharedAccess - ok

10:07:02.0650 4408 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

10:07:02.0746 4408 ShellHWDetection - ok

10:07:02.0784 4408 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

10:07:02.0794 4408 SiSRaid2 - ok

10:07:02.0819 4408 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

10:07:02.0829 4408 SiSRaid4 - ok

10:07:02.0909 4408 SkypeUpdate (579ba0a911ff5ea70cb604cd3b744b0a) C:\Program Files (x86)\Skype\Updater\Updater.exe

10:07:02.0944 4408 SkypeUpdate - ok

10:07:02.0988 4408 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

10:07:03.0091 4408 Smb - ok

10:07:03.0126 4408 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

10:07:03.0151 4408 SNMPTRAP - ok

10:07:03.0171 4408 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

10:07:03.0182 4408 spldr - ok

10:07:03.0217 4408 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

10:07:03.0257 4408 Spooler - ok

10:07:03.0551 4408 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

10:07:03.0655 4408 sppsvc - ok

10:07:03.0751 4408 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

10:07:03.0815 4408 sppuinotify - ok

10:07:03.0902 4408 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

10:07:03.0980 4408 srv - ok

10:07:04.0026 4408 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

10:07:04.0065 4408 srv2 - ok

10:07:04.0133 4408 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

10:07:04.0190 4408 srvnet - ok

10:07:04.0236 4408 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

10:07:04.0328 4408 SSDPSRV - ok

10:07:04.0349 4408 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

10:07:04.0381 4408 SstpSvc - ok

10:07:04.0442 4408 Steam Client Service - ok

10:07:04.0475 4408 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

10:07:04.0501 4408 stexstor - ok

10:07:04.0573 4408 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

10:07:04.0629 4408 stisvc - ok

10:07:04.0658 4408 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

10:07:04.0672 4408 swenum - ok

10:07:04.0707 4408 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

10:07:04.0773 4408 swprv - ok

10:07:04.0935 4408 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

10:07:05.0002 4408 SysMain - ok

10:07:05.0123 4408 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

10:07:05.0188 4408 TabletInputService - ok

10:07:05.0239 4408 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

10:07:05.0302 4408 TapiSrv - ok

10:07:05.0332 4408 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

10:07:05.0361 4408 TBS - ok

10:07:05.0510 4408 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys

10:07:05.0555 4408 Tcpip - ok

10:07:05.0707 4408 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys

10:07:05.0738 4408 TCPIP6 - ok

10:07:05.0818 4408 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

10:07:05.0890 4408 tcpipreg - ok

10:07:05.0915 4408 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

10:07:05.0935 4408 TDPIPE - ok

10:07:05.0969 4408 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

10:07:05.0979 4408 TDTCP - ok

10:07:06.0036 4408 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

10:07:06.0107 4408 tdx - ok

10:07:06.0146 4408 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

10:07:06.0178 4408 TermDD - ok

10:07:06.0261 4408 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

10:07:06.0329 4408 TermService - ok

10:07:06.0355 4408 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

10:07:06.0380 4408 Themes - ok

10:07:06.0403 4408 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

10:07:06.0430 4408 THREADORDER - ok

10:07:06.0445 4408 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

10:07:06.0493 4408 TrkWks - ok

10:07:06.0570 4408 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

10:07:06.0669 4408 TrustedInstaller - ok

10:07:06.0723 4408 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

10:07:06.0795 4408 tssecsrv - ok

10:07:06.0843 4408 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

10:07:06.0899 4408 TsUsbFlt - ok

10:07:06.0968 4408 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

10:07:07.0081 4408 tunnel - ok

10:07:07.0133 4408 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

10:07:07.0146 4408 uagp35 - ok

10:07:07.0195 4408 UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys

10:07:07.0220 4408 UBHelper - ok

10:07:07.0275 4408 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

10:07:07.0385 4408 udfs - ok

10:07:07.0423 4408 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

10:07:07.0439 4408 UI0Detect - ok

10:07:07.0482 4408 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

10:07:07.0495 4408 uliagpkx - ok

10:07:07.0534 4408 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys

10:07:07.0577 4408 umbus - ok

10:07:07.0606 4408 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

10:07:07.0628 4408 UmPass - ok

10:07:07.0664 4408 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

10:07:07.0724 4408 upnphost - ok

10:07:07.0762 4408 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys

10:07:07.0827 4408 USBAAPL64 - ok

10:07:07.0874 4408 usbbus (5fcc71487888589a9244af54cfefab29) C:\Windows\system32\DRIVERS\lgx64bus.sys

10:07:07.0928 4408 usbbus - ok

10:07:07.0981 4408 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

10:07:08.0035 4408 usbccgp - ok

10:07:08.0074 4408 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

10:07:08.0096 4408 usbcir - ok

10:07:08.0146 4408 UsbDiag (3fb6e423f7567c92c32ea786f5fd0c69) C:\Windows\system32\DRIVERS\lgx64diag.sys

10:07:08.0177 4408 UsbDiag - ok

10:07:08.0202 4408 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys

10:07:08.0218 4408 usbehci - ok

10:07:08.0279 4408 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

10:07:08.0312 4408 usbhub - ok

10:07:08.0334 4408 USBModem (78d551f5b93488b4666f5fc8dd4815f3) C:\Windows\system32\DRIVERS\lgx64modem.sys

10:07:08.0348 4408 USBModem - ok

10:07:08.0380 4408 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys

10:07:08.0405 4408 usbohci - ok

10:07:08.0426 4408 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

10:07:08.0457 4408 usbprint - ok

10:07:08.0507 4408 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

10:07:08.0545 4408 USBSTOR - ok

10:07:08.0563 4408 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys

10:07:08.0641 4408 usbuhci - ok

10:07:08.0663 4408 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

10:07:08.0719 4408 UxSms - ok

10:07:08.0768 4408 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

10:07:08.0791 4408 VaultSvc - ok

10:07:08.0842 4408 VBoxNetAdp (48630b4530c80aaf3dde9633e4291d8c) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys

10:07:08.0868 4408 VBoxNetAdp - ok

10:07:08.0887 4408 VBoxNetFlt - ok

10:07:08.0937 4408 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

10:07:08.0967 4408 vdrvroot - ok

10:07:09.0050 4408 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

10:07:09.0163 4408 vds - ok

10:07:09.0202 4408 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

10:07:09.0237 4408 vga - ok

10:07:09.0269 4408 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

10:07:09.0318 4408 VgaSave - ok

10:07:09.0363 4408 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

10:07:09.0381 4408 vhdmp - ok

10:07:09.0397 4408 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

10:07:09.0407 4408 viaide - ok

10:07:09.0430 4408 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

10:07:09.0441 4408 volmgr - ok

10:07:09.0498 4408 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

10:07:09.0539 4408 volmgrx - ok

10:07:09.0563 4408 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

10:07:09.0592 4408 volsnap - ok

10:07:09.0634 4408 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

10:07:09.0659 4408 vsmraid - ok

10:07:09.0834 4408 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

10:07:09.0927 4408 VSS - ok

10:07:10.0040 4408 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys

10:07:10.0087 4408 vwifibus - ok

10:07:10.0159 4408 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

10:07:10.0262 4408 W32Time - ok

10:07:10.0290 4408 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

10:07:10.0302 4408 WacomPen - ok

10:07:10.0352 4408 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

10:07:10.0444 4408 WANARP - ok

10:07:10.0459 4408 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

10:07:10.0492 4408 Wanarpv6 - ok

10:07:10.0592 4408 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

10:07:10.0635 4408 WatAdminSvc - ok

10:07:10.0753 4408 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

10:07:10.0807 4408 wbengine - ok

10:07:10.0933 4408 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

10:07:10.0990 4408 WbioSrvc - ok

10:07:11.0052 4408 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

10:07:11.0128 4408 wcncsvc - ok

10:07:11.0148 4408 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

10:07:11.0172 4408 WcsPlugInService - ok

10:07:11.0218 4408 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

10:07:11.0233 4408 Wd - ok

10:07:11.0291 4408 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

10:07:11.0326 4408 Wdf01000 - ok

10:07:11.0344 4408 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

10:07:11.0452 4408 WdiServiceHost - ok

10:07:11.0457 4408 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

10:07:11.0480 4408 WdiSystemHost - ok

10:07:11.0531 4408 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

10:07:11.0605 4408 WebClient - ok

10:07:11.0631 4408 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

10:07:11.0665 4408 Wecsvc - ok

10:07:11.0682 4408 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

10:07:11.0731 4408 wercplsupport - ok

10:07:11.0762 4408 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

10:07:11.0794 4408 WerSvc - ok

10:07:11.0806 4408 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

10:07:11.0834 4408 WfpLwf - ok

10:07:11.0850 4408 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

10:07:11.0860 4408 WIMMount - ok

10:07:11.0883 4408 WinDefend - ok

10:07:11.0892 4408 WinHttpAutoProxySvc - ok

10:07:11.0950 4408 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

10:07:12.0022 4408 Winmgmt - ok

10:07:12.0189 4408 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

10:07:12.0305 4408 WinRM - ok

10:07:12.0409 4408 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

10:07:12.0436 4408 WinUsb - ok

10:07:12.0511 4408 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

10:07:12.0541 4408 Wlansvc - ok

10:07:12.0662 4408 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

10:07:12.0688 4408 wlcrasvc - ok

10:07:12.0963 4408 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

10:07:13.0029 4408 wlidsvc - ok

10:07:13.0123 4408 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

10:07:13.0155 4408 WmiAcpi - ok

10:07:13.0227 4408 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

10:07:13.0274 4408 wmiApSrv - ok

10:07:13.0309 4408 WMPNetworkSvc - ok

10:07:13.0401 4408 WMZuneComm (83b6ca03c846fcd47f9883d77d1eb27b) c:\Program Files\Zune\WMZuneComm.exe

10:07:13.0480 4408 WMZuneComm - ok

10:07:13.0511 4408 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

10:07:13.0538 4408 WPCSvc - ok

10:07:13.0581 4408 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

10:07:13.0612 4408 WPDBusEnum - ok

10:07:13.0676 4408 WRkrn (517d7ec4178a49162e6576b143608bd0) C:\Windows\system32\drivers\WRkrn.sys

10:07:13.0717 4408 WRkrn - ok

10:07:13.0825 4408 WRSVC (87e02e094ea37680c9dbc394db0de1d7) C:\Program Files\Webroot\WRSA.exe

10:07:13.0864 4408 WRSVC - ok

10:07:13.0887 4408 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

10:07:13.0961 4408 ws2ifsl - ok

10:07:13.0984 4408 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll

10:07:14.0012 4408 wscsvc - ok

10:07:14.0015 4408 WSearch - ok

10:07:14.0185 4408 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll

10:07:14.0264 4408 wuauserv - ok

10:07:14.0393 4408 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

10:07:14.0476 4408 WudfPf - ok

10:07:14.0512 4408 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

10:07:14.0548 4408 WUDFRd - ok

10:07:14.0584 4408 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

10:07:14.0615 4408 wudfsvc - ok

10:07:14.0648 4408 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

10:07:14.0677 4408 WwanSvc - ok

10:07:14.0738 4408 xusb21 (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys

10:07:14.0794 4408 xusb21 - ok

10:07:15.0404 4408 ZuneNetworkSvc (67b787c34fb2888d01b130ae007042d8) c:\Program Files\Zune\ZuneNss.exe

10:07:15.0511 4408 ZuneNetworkSvc - ok

10:07:15.0595 4408 ZuneWlanCfgSvc (4d89fc1c20cf655739efac5da81a67bc) c:\Program Files\Zune\ZuneWlanCfgSvc.exe

10:07:15.0628 4408 ZuneWlanCfgSvc - ok

10:07:15.0672 4408 MBR (0x1B8) (e14785192d80f11eb497776b6895cc8b) \Device\Harddisk0\DR0

10:07:16.0264 4408 \Device\Harddisk0\DR0 - ok

10:07:16.0272 4408 Boot (0x1200) (3526723af675698c1e87393a0d052454) \Device\Harddisk0\DR0\Partition0

10:07:16.0275 4408 \Device\Harddisk0\DR0\Partition0 - ok

10:07:16.0295 4408 Boot (0x1200) (6bfb8ba590525656013481403afb8917) \Device\Harddisk0\DR0\Partition1

10:07:16.0297 4408 \Device\Harddisk0\DR0\Partition1 - ok

10:07:16.0327 4408 Boot (0x1200) (1980d25fc084d902835e58d7dc89c435) \Device\Harddisk0\DR0\Partition2

10:07:16.0329 4408 \Device\Harddisk0\DR0\Partition2 - ok

10:07:16.0329 4408 ============================================================

10:07:16.0330 4408 Scan finished

10:07:16.0330 4408 ============================================================

10:07:16.0344 5844 Detected object count: 1

10:07:16.0344 5844 Actual detected object count: 1

10:08:27.0480 5844 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user

10:08:27.0481 5844 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip

Link to post
Share on other sites

That scan was clean......

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

Something does not seem right. It has been about 30 minutes and I am still at the "Attempting to create a new System Restore point." The program has not stalled, as the insertion point underneath that line is still blinking like noraml. Do I need to just press Enter, because the guide said to not even click on the program?

FYI, I am doing this on my laptop so that I do not interfer with Combofix.

Link to post
Share on other sites

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender

    [*]Press "Scan".

    [*]It will create a log (FSS.txt) in the same directory the tool is run.

    [*]Please copy and paste the log to your reply.

MrC

Link to post
Share on other sites

Farbar Service Scanner Version: 09-06-2012

Ran by Owner (administrator) on 11-06-2012 at 12:22:49

Running from "C:\Users\Owner\Desktop"

Microsoft Windows 7 Home Premium Service Pack 1 (X64)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Yahoo IP is accessible.

Yahoo.com is accessible.

Windows Firewall:

=============

Firewall Disabled Policy:

==================

System Restore:

============

System Restore Disabled Policy:

========================

Action Center:

============

Windows Update:

============

Windows Autoupdate Disabled Policy:

============================

Windows Defender:

==============

File Check:

========

C:\Windows\System32\nsisvc.dll => MD5 is legit

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit

C:\Windows\System32\dhcpcore.dll => MD5 is legit

C:\Windows\System32\drivers\afd.sys => MD5 is legit

C:\Windows\System32\drivers\tdx.sys => MD5 is legit

C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit

C:\Windows\System32\dnsrslvr.dll => MD5 is legit

C:\Windows\System32\mpssvc.dll => MD5 is legit

C:\Windows\System32\bfe.dll => MD5 is legit

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit

C:\Windows\System32\SDRSVC.dll => MD5 is legit

C:\Windows\System32\vssvc.exe => MD5 is legit

C:\Windows\System32\wscsvc.dll => MD5 is legit

C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\System32\wuaueng.dll => MD5 is legit

C:\Windows\System32\qmgr.dll => MD5 is legit

C:\Windows\System32\es.dll => MD5 is legit

C:\Windows\System32\cryptsvc.dll => MD5 is legit

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

Link to post
Share on other sites

You can enable it until we run ComboFix again.

Please do this........

Delete your copy of ComboFix and download a fresh copy to your desktop.

Press Windows key + R, to bring up the "Run Box"

Copy and Paste this in and click OK or Enter

"%userprofile%\desktop\combofix.exe" /nombr

Let me know if Combofix runs that way.

MrC

Link to post
Share on other sites

Oh, oops, sorry!

For a second there, I thought my computer was toast. :lol:

Here is ComboFix.txt:

ComboFix 12-06-11.03 - Owner 06/11/2012 13:11:25.1.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.2309 [GMT -4:00]

Running from: c:\users\Owner\Desktop\combofix.exe

Command switches used :: /nombr

AV: Webroot SecureAnywhere *Enabled/Updated* {9C0666FC-6C7D-3E97-3C40-0C6B33FC7401}

SP: Webroot SecureAnywhere *Enabled/Updated* {27678718-4A47-3119-06F0-3719487B3EBC}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\install.exe

c:\program files (x86)\iexplorer

c:\program files (x86)\iexplorer\AxInterop.QTOControlLib.dll

c:\program files (x86)\iexplorer\ICSharpCode.SharpZipLib.dll

c:\program files (x86)\iexplorer\iExplorer.exe

c:\program files (x86)\iexplorer\Interop.QTOControlLib.dll

c:\program files (x86)\iexplorer\Interop.QTOLibrary.dll

c:\program files (x86)\iexplorer\isxdl.dll

c:\program files (x86)\iexplorer\MPCrashReporter.dll

c:\program files (x86)\iexplorer\MPUpdater.dll

c:\program files (x86)\iexplorer\msvcr71.dll

c:\program files (x86)\iexplorer\PodPhone2.dll

c:\program files (x86)\iexplorer\unins000.dat

c:\program files (x86)\iexplorer\unins000.exe

c:\program files (x86)\iexplorer\unins000.msg

c:\users\Owner\AppData\Roaming\.#

c:\users\Owner\AppData\Roaming\Love

c:\users\Owner\AppData\Roaming\Love\mari0\options.txt

c:\windows\security\Database\tmp.edb

c:\windows\system32\drivers\etc\hosts.ics

.

.

((((((((((((((((((((((((( Files Created from 2012-05-11 to 2012-06-11 )))))))))))))))))))))))))))))))

.

.

2012-06-11 17:52 . 2012-06-11 17:52 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-06-11 17:52 . 2012-06-11 17:52 -------- d-----w- c:\users\Mcx1-OWNER-PC\AppData\Local\temp

2012-06-11 17:52 . 2012-06-11 17:52 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-06-10 00:18 . 2012-06-10 00:18 -------- d-----w- c:\users\Owner\AppData\Local\eSupport.com

2012-06-10 00:18 . 2012-06-10 00:18 21712 ----a-w- c:\windows\SysWow64\drivers\DrvAgent64.SYS

2012-06-09 21:33 . 2012-06-09 21:33 -------- d-----w- c:\users\Owner\AppData\Roaming\Malwarebytes

2012-06-09 21:32 . 2012-06-09 21:33 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-06-09 21:32 . 2012-06-09 21:32 -------- d-----w- c:\programdata\Malwarebytes

2012-06-09 21:32 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-08 14:47 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F8256565-F11A-4FC4-9E51-2391D92B813E}\mpengine.dll

2012-06-06 21:16 . 2012-03-06 15:19 3953632 ----a-w- c:\windows\SysWow64\GameMon.des

2012-06-06 21:16 . 2012-02-02 22:50 5265 ----a-w- c:\windows\SysWow64\nppt9x.vxd

2012-06-06 21:16 . 2012-02-02 22:50 4774 ----a-w- c:\windows\SysWow64\npptNT2.sys

2012-06-06 21:16 . 2012-06-06 21:16 -------- d-----w- c:\program files\Common Files\INCA Shared

2012-06-05 21:48 . 2012-06-05 21:57 -------- d-----w- c:\users\Owner\AppData\Local\NVIDIA Corporation

2012-06-03 21:22 . 2009-05-05 20:46 18432 ----a-w- c:\windows\system32\drivers\NTIDrvr.sys

2012-06-03 21:21 . 2009-05-05 20:46 16896 ----a-w- c:\windows\system32\drivers\UBHelper.sys

2012-06-03 21:06 . 2012-06-03 21:06 -------- d-----w- c:\programdata\NTIReg

2012-06-03 21:03 . 2012-06-03 21:21 -------- d-----w- c:\program files (x86)\NTI

2012-06-03 21:03 . 2012-06-03 21:03 -------- d-----w- c:\windows\SysWow64\drivers\nti

2012-06-03 21:02 . 2012-06-03 21:02 -------- d-----w- c:\windows\Downloaded Installations

2012-06-02 22:05 . 2012-06-07 23:02 -------- d-----w- c:\program files (x86)\EVGA Precision X

2012-06-02 13:22 . 2012-06-02 13:22 -------- d-----w- c:\program files (x86)\Futuremark

2012-05-29 22:41 . 2012-05-29 22:41 -------- d-----w- c:\program files (x86)\Microsoft Research

2012-05-23 21:46 . 2012-06-09 18:08 -------- d-----w- c:\users\Owner\VirtualBox VMs

2012-05-23 21:45 . 2012-06-09 18:09 -------- d-----w- c:\users\Owner\.VirtualBox

2012-05-23 21:45 . 2012-05-22 18:26 224088 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys

2012-05-23 21:44 . 2012-05-22 18:26 130904 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys

2012-05-22 18:26 . 2012-05-22 18:26 147288 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys

2012-05-19 19:19 . 2012-06-09 18:10 -------- d-----w- c:\program files\Oracle

2012-05-14 16:12 . 2012-05-14 16:12 -------- d-----w- c:\program files (x86)\Common Files\Java

2012-05-14 02:30 . 2012-05-20 01:58 -------- d-----w- c:\users\Owner\AppData\Roaming\WildTangent

2012-05-13 19:37 . 2012-05-13 19:37 -------- d-----w- c:\program files (x86)\gravitysensation.com

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-06-08 16:15 . 2011-12-18 18:06 148664 ----a-w- c:\windows\SysWow64\WRusr.dll

2012-06-08 16:15 . 2011-12-18 18:06 112656 ----a-w- c:\windows\system32\drivers\WRkrn.sys

2012-06-08 16:15 . 2011-12-18 18:06 101808 ----a-w- c:\windows\system32\WRusr.dll

2012-05-15 10:48 . 2012-03-24 23:56 68928 ----a-w- c:\windows\system32\OpenCL.dll

2012-05-15 10:48 . 2012-03-24 23:56 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll

2012-05-15 10:48 . 2011-08-10 18:34 1738048 ----a-w- c:\windows\system32\nvdispco64.dll

2012-05-15 10:48 . 2011-08-10 18:34 1468224 ----a-w- c:\windows\system32\nvgenco64.dll

2012-05-15 10:48 . 2009-12-05 00:16 18044224 ----a-w- c:\windows\system32\nvd3dumx.dll

2012-05-15 10:48 . 2009-12-05 00:16 2741568 ----a-w- c:\windows\system32\nvapi64.dll

2012-05-15 09:29 . 2010-04-01 06:58 889664 ----a-w- c:\windows\system32\nvvsvc.exe

2012-05-15 09:29 . 2010-04-01 06:58 118080 ----a-w- c:\windows\system32\nvmctray.dll

2012-05-15 09:29 . 2009-07-29 18:21 63296 ----a-w- c:\windows\system32\nvshext.dll

2012-05-15 09:29 . 2010-04-01 06:58 3149632 ----a-w- c:\windows\system32\nvsvc64.dll

2012-05-15 09:28 . 2010-04-01 06:58 6151488 ----a-w- c:\windows\system32\nvcpl.dll

2012-05-14 16:11 . 2012-02-07 22:23 772552 ----a-w- c:\windows\SysWow64\npdeployJava1.dll

2012-05-14 16:11 . 2010-06-19 00:52 687560 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-05-04 20:31 . 2012-04-21 05:07 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-05-04 20:31 . 2011-05-27 18:17 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-04 20:31 . 2012-04-21 05:31 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2012-04-26 12:48 . 2012-04-26 12:48 71680 ----a-w- c:\windows\system32\frapsv64.dll

2012-04-26 12:48 . 2012-04-26 12:48 65536 ----a-w- c:\windows\SysWow64\frapsvid.dll

2012-04-19 00:56 . 2012-04-19 00:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx

2012-04-19 00:56 . 2012-04-19 00:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts

2012-04-14 02:07 . 2012-04-14 02:07 466456 ----a-w- c:\windows\system32\wrap_oal.dll

2012-04-14 02:07 . 2012-04-14 02:07 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll

2012-04-14 02:07 . 2012-04-14 02:07 122904 ----a-w- c:\windows\system32\OpenAL32.dll

2012-04-14 02:07 . 2012-04-14 02:07 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll

2012-04-04 22:33 . 2012-02-07 22:20 955800 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-04-04 22:33 . 2011-12-23 19:35 839056 ----a-w- c:\windows\system32\deployJava1.dll

2012-03-31 06:05 . 2012-05-08 23:27 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-03-31 04:39 . 2012-05-08 23:27 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-03-31 04:39 . 2012-05-08 23:27 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-03-31 03:10 . 2012-05-08 23:27 3146240 ----a-w- c:\windows\system32\win32k.sys

2012-03-30 11:35 . 2012-05-08 23:27 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-03-25 00:39 . 2011-08-09 22:23 6656 ----a-w- c:\windows\system32\lpcio.dll

2012-03-17 07:58 . 2012-05-08 23:27 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys

2012-03-13 20:56 . 2012-03-13 20:56 0 ----a-w- c:\windows\system32\SETACD8.tmp

2012-03-13 20:49 . 2012-03-13 20:49 0 ----a-w- c:\windows\system32\SET44F1.tmp

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-08-20 2363392]

"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-02-24 59240]

"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

"WRSVC"="c:\program files\Webroot\WRSA.exe" [2012-06-08 684240]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R0 cFjOxhVv;cFjOxhVv;c:\windows\System32\drivers\cFjOxhVv.sys [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-16 136176]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-04 257696]

R3 athrusb6;Atheros Wireless LAN USB device driver 6 Series;c:\windows\system32\DRIVERS\athrxu6.sys [x]

R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x]

R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2012-04-26 135584]

R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-16 136176]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-01 113120]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]

R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2011-08-05 306400]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 WRkrn;WRkrn;c:\windows\System32\drivers\WRkrn.sys [x]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 BingDesktopUpdate;Bing Desktop Update service;c:\program files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2012-03-30 151656]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

S2 NTI BackupNowEZSvr;NTI BackupNowEZSvr;c:\program files (x86)\NTI\NTI Backup Now EZ\BackupNowEZSvr.exe [2011-09-24 45592]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S2 WRSVC;WRSVC;c:\program files\Webroot\WRSA.exe [2012-06-08 684240]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-06-11 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-21 20:31]

.

2012-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-16 15:33]

.

2012-06-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-16 15:33]

.

2012-06-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3536677615-388289278-3519593863-1000Core.job

- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-13 10:29]

.

2012-06-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3536677615-388289278-3519593863-1000UA.job

- c:\users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-13 10:29]

.

2012-06-06 c:\windows\Tasks\HPCeeScheduleForOwner.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 12:22]

.

2012-05-31 c:\windows\Tasks\PCDRScheduledMaintenance.job

- c:\program files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18 07:11]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PC-Doctor for Windows localizer"="c:\program files\PC-Doctor for Windows\localizer.exe" [2009-09-17 95728]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]

"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.aol.com/

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html

TCP: DhcpNameServer = 75.75.76.76 75.75.75.75

FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\2yhqczok.default\

FF - prefs.js: browser.search.selectedEngine - Bing

FF - prefs.js: browser.startup.homepage - hxxp://www.aol.com/

.

- - - - ORPHANS REMOVED - - - -

.

ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)

ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

AddRemove-{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1 - c:\program files (x86)\iExplorer\unins000.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{1E61ED7C-7CB8-49D6-B9E9-AB4C880C8414}"=hex:51,66,7a,6c,4c,1d,38,12,12,ee,72,

1a,8a,32,b8,0c,c6,ff,e8,0c,8d,52,c0,00

"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,

27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b

"{32004B8A-44A9-43E7-84E9-808838809519}"=hex:51,66,7a,6c,4c,1d,38,12,e4,48,13,

36,9b,0a,89,06,fb,ff,c3,c8,3d,de,d1,0d

"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,

fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17

"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,

b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,

1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7

"{6EBF7485-159F-4BFF-A14F-B9E3AAC4465B}"=hex:51,66,7a,6c,4c,1d,38,12,eb,77,ac,

6a,ad,5b,91,0e,de,59,fa,a3,af,9a,02,4f

"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,

94,30,02,d1,0f,f1,da,12,24,73,56,27,d2

"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,

9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d

"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,

ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3

"{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd,

d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,

df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:b8,8c,db,80,e7,ef,cb,01

.

[HKEY_USERS\S-1-5-21-3536677615-388289278-3519593863-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-3536677615-388289278-3519593863-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Nla\Cache\Intranet\W%|*]

"Successes"=dword:c0000000

"Failures"=dword:c0000003

"{C24CADA4-9C69-41A7-9FD0-AB93644A81F7}"=hex:00,18,f8,f0,4b,79

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe

c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

.

**************************************************************************

.

Completion time: 2012-06-11 14:12:24 - machine was rebooted

ComboFix-quarantined-files.txt 2012-06-11 18:12

.

Pre-Run: 412,175,237,120 bytes free

Post-Run: 413,350,862,848 bytes free

.

- - End Of File - - 4FC38B0C0418476E533F0BA1360E6D4B

Link to post
Share on other sites

We have to open up a Command Prompt with Administrator privileges:

Windows start orb, select Programs (or All Programs), then "Accessories". Locate "Command Prompt", right-click the item in the start menu and select "Run as Administrator" from the context menu.

Copy and paste this in:

sc delete cFjOxhVv

Now hit Enter

Delete this file if found:

c:\windows\System32\drivers\cFjOxhVv.sys

You may have to enable hidden files to see it:

http://www.bleepingc...s-in-windows-7/

------------------------------

Please Update and run a Quick Scan with MBAM, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

Link to post
Share on other sites

The delete was successful and when I looked for it, it was gone. My searches seem to work, for the most part. Some searches still do no give me the official websites, for some weird reason. I had something in quarantine, PUM.Hijack.StartMenu, which I should just get rid of, shouldn't I?

Malwarebytes Anti-Malware (Trial) 1.61.0.1400

www.malwarebytes.org

Database version: v2012.06.10.07

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Owner :: OWNER-PC [limited]

Protection: Enabled

6/11/2012 2:54:49 PM

mbam-log-2012-06-11 (14-54-49).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 252150

Time elapsed: 10 minute(s), 30 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites
I had something in quarantine, PUM.Hijack.StartMenu, which I should just get rid of, shouldn't I?

Yes you can.

---------------------------------

If everything is OK, a little clean up to do.....

Please Uninstall ComboFix:

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

---------------------------------

Please download OTL from one of the links below:

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

-----------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.