Jump to content

Trojan.Dropper.BCMiner


Recommended Posts

Hello!

Turns out I'm infected with Trojan.Dropper.BCMiner, I am using the infected PC right now because I don't have any important data/saved passwords on it. I have removed the trojan using Malwarebytes Anti-Malware multiple times but after each reboot it shows up again. Avast antivirus is reporting everything (Firefox, Malwarebytes, Windows Exprorer) as a trojan so I disabled it.

Here are some logs:A

DDS.txt

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_33

Run by Dominik at 21:12:53 on 2012-07-20

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3831.1931 [GMT -4:00]

.

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Sandboxie\SbieSvc.exe

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Avast\AvastSvc.exe

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Windows\system32\AppleOSSMgr.exe

C:\Windows\system32\AppleTimeSrv.exe

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\IObit\Game Booster 3\gbtray.exe

C:\Program Files (x86)\IObit\Game Booster 3\FPSClient.exe

C:\Program Files\Boot Camp\Bootcamp.exe

C:\Program Files\Avast\AvastUI.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\SysWOW64\ctfmon.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe

"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns

"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns

"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

mWinlogon: Userinit=userinit.exe,

BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\Avast\aswWebRepIE.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\Avast\aswWebRepIE.dll

uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_257_Plugin.exe -update plugin

mRun: [avast] "C:\Program Files\Avast\avastUI.exe" /nogui

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

LSP: mswsock.dll

LSP: %SystemRoot%\system32\vsocklib.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

TCP: DhcpNameServer = 192.168.2.1 192.168.2.1

TCP: Interfaces\{4AA01407-0FEF-4CBE-A2C0-99874A8FAEFD} : DhcpNameServer = 192.168.153.2

TCP: Interfaces\{8DE562AC-D73D-4C01-9F8F-D784B01CFB91} : DhcpNameServer = 192.168.2.1 192.168.2.1

BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Avast\aswWebRepIE.dll

BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Avast\aswWebRepIE.dll

mRun-x64: [avast] "C:\Program Files\Avast\avastUI.exe" /nogui

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\ysj43lib.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.hr/

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll

FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

.

============= SERVICES / DRIVERS ===============

.

R0 AppleHFS;AppleHFS;C:\Windows\system32\drivers\AppleHFS.sys --> C:\Windows\system32\drivers\AppleHFS.sys [?]

R0 AppleMNT;AppleMNT;C:\Windows\system32\drivers\AppleMNT.sys --> C:\Windows\system32\drivers\AppleMNT.sys [?]

R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]

R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]

R1 vmhgfs;vmhgfs;C:\Windows\system32\DRIVERS\vmhgfs.sys --> C:\Windows\system32\DRIVERS\vmhgfs.sys [?]

R1 vmrawdsk;VMware Vista Physical Disk Helper;C:\Program Files\VMware\VMware Tools\vmrawdsk.sys [2012-4-11 45680]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AppleOSSMgr;Apple OS Switch Manager;C:\Windows\system32\AppleOSSMgr.exe --> C:\Windows\system32\AppleOSSMgr.exe [?]

R2 AppleTimeSrv;Apple Time Service;C:\Windows\system32\AppleTimeSrv.exe --> C:\Windows\system32\AppleTimeSrv.exe [?]

R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]

R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Avast\AvastSvc.exe [2012-7-8 44808]

R2 KeyAgent;KeyAgent;\??\C:\Windows\system32\drivers\KeyAgent.sys --> C:\Windows\system32\drivers\KeyAgent.sys [?]

R2 MacHALDriver;Mac HAL;\??\C:\Windows\system32\drivers\MacHALDriver.sys --> C:\Windows\system32\drivers\MacHALDriver.sys [?]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-5-14 382272]

R2 VMMEMCTL;Memory Control Driver;C:\Program Files\Common Files\VMware\Drivers\memctl\vmmemctl.sys [2012-4-11 17520]

R3 acpials;ALS Sensor Filter;C:\Windows\system32\DRIVERS\acpials.sys --> C:\Windows\system32\DRIVERS\acpials.sys [?]

R3 AppleBtBc;Apple Broadcom Built-in Bluetooth;C:\Windows\system32\DRIVERS\AppleBtBc.sys --> C:\Windows\system32\DRIVERS\AppleBtBc.sys [?]

R3 applemtm;Apple Multitouch Mouse;C:\Windows\system32\DRIVERS\applemtm.sys --> C:\Windows\system32\DRIVERS\applemtm.sys [?]

R3 applemtp;Apple Multitouch;C:\Windows\system32\DRIVERS\applemtp.sys --> C:\Windows\system32\DRIVERS\applemtp.sys [?]

R3 CirrusFilter;CS420xLowerFilter;C:\Windows\system32\DRIVERS\CS420x64.sys --> C:\Windows\system32\DRIVERS\CS420x64.sys [?]

R3 IRRemoteFlt;IR Receiver Filter Driver;C:\Windows\system32\DRIVERS\IRFilter.sys --> C:\Windows\system32\DRIVERS\IRFilter.sys [?]

R3 KeyMagic;USB Keyboard HID Filter;C:\Windows\system32\DRIVERS\KeyMagic.sys --> C:\Windows\system32\DRIVERS\KeyMagic.sys [?]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]

R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2012-6-17 166576]

R3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\system32\drivers\ScreamingBAudio64.sys --> C:\Windows\system32\drivers\ScreamingBAudio64.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-2-4 1262400]

S2 VMTools;VMware Tools;C:\Program Files\VMware\VMware Tools\vmtoolsd.exe [2012-4-11 72816]

S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\system32\DRIVERS\MijXfilt.sys --> C:\Windows\system32\DRIVERS\MijXfilt.sys [?]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-4 113120]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]

S3 RTCore64;RTCore64;C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2012-5-14 10568]

S3 TPAutoConnSvc;TP AutoConnect Service;C:\Program Files\VMware\VMware Tools\TPAutoConnSvc.exe [2012-3-2 362312]

S3 TPVCGateway;TP VC Gateway Service;C:\Program Files\VMware\VMware Tools\TPVCGateway.exe [2012-3-2 566096]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 vm3dmp;vm3dmp;C:\Windows\system32\DRIVERS\vm3dmp.sys --> C:\Windows\system32\DRIVERS\vm3dmp.sys [?]

S3 vmmouse;VMware Pointing Device;C:\Windows\system32\DRIVERS\vmmouse.sys --> C:\Windows\system32\DRIVERS\vmmouse.sys [?]

S3 vmvss;VMware Snapshot Provider;C:\Windows\System32\dllhost.exe [2009-7-13 7168]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [2012-7-6 14544]

.

=============== Created Last 30 ================

.

2012-07-21 03:14:54 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%

2012-07-21 02:59:15 -------- d-----w- C:\Users\Dominik\AppData\Roaming\Malwarebytes

2012-07-21 02:59:05 -------- d-----w- C:\ProgramData\Malwarebytes

2012-07-21 02:59:04 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-07-21 02:59:04 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-07-11 02:48:00 -------- d-----w- C:\Program Files (x86)\Screaming Bee LLC

2012-07-11 02:42:51 -------- d-----w- C:\Users\Dominik\AppData\Roaming\Screaming Bee

2012-07-11 02:32:35 -------- d-----w- C:\ProgramData\Screaming Bee

2012-07-11 02:32:35 -------- d-----w- C:\Program Files (x86)\Screaming Bee

2012-07-06 04:44:39 -------- d-----w- C:\Windows\System32\appmgmt

2012-07-06 04:41:31 -------- d-----w- C:\Program Files (x86)\IObit

2012-07-05 16:03:56 -------- d-----w- C:\Users\Dominik\AppData\Roaming\six-updater

2012-07-05 16:03:55 -------- d-----w- C:\Users\Dominik\AppData\Roaming\six-zsync

2012-07-05 16:03:27 -------- d-----w- C:\Program Files (x86)\SIX Projects

2012-07-05 16:02:56 -------- d-----w- C:\Users\Dominik\AppData\Local\Downloaded Installations

2012-07-05 15:31:41 2430312 ----a-w- C:\Windows\System32\D3DCompiler_41.dll

2012-07-05 15:30:58 409960 ----a-w- C:\Windows\System32\xactengine2_8.dll

2012-07-05 15:23:36 -------- d--h--w- C:\Windows\msdownld.tmp

2012-07-05 15:23:36 -------- d-----w- C:\Windows\SysWow64\directx

2012-07-05 15:23:13 -------- d-----w- C:\Program Files (x86)\MSI Afterburner

2012-07-05 15:15:46 -------- d-----w- C:\Users\Dominik\AppData\Local\ArmA 2

2012-07-05 15:15:27 3767504 ----a-w- C:\Windows\System32\d3dx9_26.dll

2012-07-05 15:15:27 2297552 ----a-w- C:\Windows\SysWow64\d3dx9_26.dll

2012-07-05 00:02:07 -------- d-----w- C:\ProgramData\SeriousBit

2012-07-04 22:37:37 -------- d--h--r- C:\ESD

2012-07-03 02:38:43 -------- d-----r- C:\Sandbox

2012-07-03 02:37:46 -------- d-----w- C:\Program Files\Sandboxie

2012-07-03 00:07:19 -------- d-----w- C:\Users\Dominik\AppData\Local\ArmA 2 Free

2012-07-02 23:41:17 -------- d-----w- C:\Users\Dominik\AppData\Roaming\DRPSu

2012-07-02 23:37:51 412712 ----a-w- C:\Windows\System32\drivers\b57nd60a.sys

2012-07-02 23:21:04 -------- d-----w- C:\Program Files (x86)\Common Files\Steam

2012-07-02 23:21:02 -------- d-----w- C:\Program Files (x86)\Steam

2012-07-02 22:16:15 476936 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll

2012-06-21 19:19:03 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5BF2393E-E9FD-4F86-9A59-E41FD47E7E8E}\mpengine.dll

2012-06-21 19:18:21 282864 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr

2012-06-21 16:00:17 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll

2012-06-21 16:00:17 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll

.

==================== Find3M ====================

.

2012-07-19 04:48:15 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys

2012-07-18 05:06:23 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-18 05:06:23 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-07-03 19:32:33 282864 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2012-07-03 19:25:38 283304 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0

2012-07-03 16:21:52 958400 ----a-w- C:\Windows\System32\drivers\aswSnx.sys

2012-07-03 16:21:52 71064 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys

2012-07-03 16:21:52 54072 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys

2012-07-03 16:21:32 41224 ----a-w- C:\Windows\avastSS.scr

2012-07-02 22:16:08 472840 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-05-15 09:29:47 889664 ----a-w- C:\Windows\System32\nvvsvc.exe

2012-05-15 09:29:46 63296 ----a-w- C:\Windows\System32\nvshext.dll

2012-05-15 09:29:46 2561856 ----a-w- C:\Windows\System32\nvsvcr.dll

2012-05-15 09:29:46 118080 ----a-w- C:\Windows\System32\nvmctray.dll

2012-05-15 09:29:25 3149632 ----a-w- C:\Windows\System32\nvsvc64.dll

2012-05-15 09:28:42 6151488 ----a-w- C:\Windows\System32\nvcpl.dll

2012-05-15 00:21:50 423744 ----a-w- C:\Windows\SysWow64\nvStreaming.exe

.

============= FINISH: 21:13:52.71 ===============

Attach.txt

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume4

Install Date: 11/13/2011 11:48:42 PM

System Uptime: 7/20/2012 8:24:38 PM (1 hours ago)

.

Motherboard: Apple Inc. | | Mac-F222BEC8

Processor: Intel® Core™2 Duo CPU P8600 @ 2.40GHz | U2E1 | 2394/266mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 61 GiB total, 16.131 GiB free.

D: is FIXED (HFS) - 171 GiB total, 40.544 GiB free.

E: is CDROM ()

F: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP102: 7/14/2012 7:36:25 PM - Removed Windows 7 USB/DVD Download Tool

.

==== Installed Programs ======================

.

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Ancient Weapon Sounds

Apple Software Update

ARMA 2

ARMA 2: Operation Arrowhead

avast! Free Antivirus

BattlEye for OA Uninstall

Blue Satin Skin

Comic Sound Pack

Creatures of Darkness

Deep Space Voices

DriverPack Solution Updater

eReg

Fantasy Sound Pack

Fantasy Voice Pack

Farm Animal Sounds

Female Voice Pack

Furry Voices for Second Life

Galactic Voices

Game Booster 3

Java Auto Updater

Java™ 6 Update 33

Male Voice Pack

Malwarebytes Anti-Malware version 1.62.0.1300

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

MorphVOX Pro

Mozilla Firefox 13.0.1 (x86 en-US)

Mozilla Maintenance Service

MSI Afterburner 2.2.1

NVIDIA PhysX

NVIDIA Stereoscopic 3D Driver

Origin

Personality Voices

Realtek High Definition Audio Driver

Sci-Fi 2 Sound Pack

Sci-Fi Sound Pack

Sci-Fi Voice Pack

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Spooky Sounds

Steam

System Requirements Lab

System Requirements Lab CYRI

Translator Fun Voice Pack

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

.

==== Event Viewer Messages From Past Week ========

.

7/21/2012 12:25:05 AM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891

7/20/2012 8:27:10 PM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

7/20/2012 8:27:10 PM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.

7/20/2012 6:16:49 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891

7/20/2012 4:48:00 PM, Error: Service Control Manager [7023] - The Windows Update service terminated with the following error: %%-2147024877

7/20/2012 4:47:02 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

7/20/2012 4:39:53 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SSDPSRV service.

7/20/2012 4:39:53 PM, Error: Service Control Manager [7001] - The UPnP Device Host service depends on the SSDP Discovery service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.

7/20/2012 4:39:53 PM, Error: Service Control Manager [7000] - The SSDP Discovery service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

7/20/2012 4:39:53 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

7/20/2012 4:39:19 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x8007041d'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

7/20/2012 4:38:41 PM, Error: Service Control Manager [7022] - The TP AutoConnect Service service hung on starting.

7/20/2012 4:38:41 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: After starting, the service hung in a start-pending state.

7/20/2012 4:38:37 PM, Error: Service Control Manager [7022] - The Function Discovery Resource Publication service hung on starting.

7/20/2012 4:38:36 PM, Error: Service Control Manager [7022] - The Function Discovery Provider Host service hung on starting.

7/20/2012 11:01:32 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\bcmihvsrv64.dll Error Code: 21

7/20/2012 11:01:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

7/20/2012 11:01:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

7/20/2012 11:01:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

7/20/2012 11:01:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

7/20/2012 11:01:12 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSnx aswSP aswTdi discache i8042prt spldr Wanarpv6

7/20/2012 10:52:27 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service NVSvc with arguments "" in order to run the server: {DCAB0989-1301-4319-BE5F-ADE89F88581C}

7/20/2012 10:39:04 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

7/20/2012 10:39:03 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

7/20/2012 10:39:03 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

7/20/2012 10:38:52 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSnx aswSP aswTdi CSC DfsC discache i8042prt NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vmhgfs vwififlt Wanarpv6 WfpLwf ws2ifsl

7/20/2012 10:38:52 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

7/20/2012 10:38:52 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

7/20/2012 10:38:52 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

7/20/2012 10:38:52 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

7/20/2012 10:38:52 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

7/20/2012 10:38:52 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

7/20/2012 10:38:52 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

7/20/2012 10:38:52 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

7/20/2012 10:38:52 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

7/18/2012 12:55:10 AM, Error: Service Control Manager [7023] - The Windows Update service terminated with the following error: %%-2147467243

7/18/2012 12:54:00 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.

7/13/2012 7:59:48 PM, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.

.

==== End Of File ===========================

mbam-log-2012-07-20 (19-38-56).txt

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 8.0.7601.17514

Dominik :: DOMINIK-PC [limited]

7/20/2012 7:38:56 PM

mbam-log-2012-07-20 (19-38-56).txt

Scan type: Full scan (C:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 315100

Time elapsed: 41 minute(s), 22 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Windows\Installer\{f31e9456-f450-b936-9e72-275f309b22c1}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.

(end)

FRST.txt

Scan result of Farbar Recovery Scan Tool Version: 20-07-2012 01

Ran by Dominik at 20-07-2012 21:29:01

Running from C:\Users\Dominik\Downloads

Service Pack 1 (X64) OS Language: English(US)

Attention: Could not load system hive.ERROR: The process cannot access the file because it is being used by another process.

ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNTION PROPERLY.

============ One Month Created Files and Folders ==============

2012-07-20 23:14 - 2012-07-20 23:14 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%

2012-07-20 22:59 - 2012-07-20 22:59 - 00001121 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-07-20 22:59 - 2012-07-20 22:59 - 00000000 ____D C:\Users\Dominik\AppData\Roaming\Malwarebytes

2012-07-20 22:59 - 2012-07-20 22:59 - 00000000 ____D C:\Users\All Users\Malwarebytes

2012-07-20 22:59 - 2012-07-20 22:59 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-07-20 22:59 - 2012-07-03 13:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-07-20 22:58 - 2012-07-20 18:56 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Dominik\Desktop\mbam-setup-1.62.0.1300.exe

2012-07-20 22:38 - 2012-07-20 20:30 - 00017168 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-a289-439d-8115-601632D005A0

2012-07-20 22:38 - 2012-07-20 20:30 - 00017168 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-a289-439d-8115-601632D005A0

2012-07-20 21:28 - 2012-07-20 21:28 - 00000000 ____D C:\Users\Dominik\Desktop\SAVEDATA

2012-07-20 21:23 - 2012-07-20 21:29 - 00000000 ____D C:\FRST

2012-07-20 21:22 - 2012-07-20 21:22 - 01437781 ____A (Farbar) C:\Users\Dominik\Downloads\FRST64.exe

2012-07-20 21:10 - 2012-07-20 21:10 - 00607260 ____R (Swearware) C:\Users\Dominik\Downloads\dds.scr

2012-07-20 20:53 - 2012-07-20 20:54 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\Dominik\Downloads\tdsskiller.exe

2012-07-20 18:27 - 2012-07-20 18:21 - 00302592 ____A C:\Users\Dominik\Desktop\s8kc62lx.exe

2012-07-19 00:07 - 2012-07-19 00:48 - 00000678 ____A C:\Windows\LkmdfCoInst.log

2012-07-19 00:06 - 2012-07-21 00:24 - 00002720 ____A C:\Windows\PFRO.log

2012-07-18 00:48 - 2012-07-18 00:48 - 00057560 ____A C:\Users\Dominik\AppData\Local\GDIPFONTCACHEV1.DAT

2012-07-18 00:46 - 2012-07-21 00:24 - 00000684 ____A C:\Windows\setupact.log

2012-07-18 00:46 - 2012-07-18 00:46 - 00274320 ____A C:\Windows\System32\FNTCACHE.DAT

2012-07-18 00:46 - 2012-07-18 00:46 - 00000000 ____A C:\Windows\setuperr.log

2012-07-14 19:25 - 2012-07-14 19:25 - 03889704 ____A (Piriform Ltd) C:\Users\Dominik\Downloads\ccsetup320.exe

2012-07-13 16:34 - 2012-07-13 16:35 - 00000000 ____D C:\Users\Dominik\Downloads\ePSXe

2012-07-13 16:01 - 2012-07-13 16:05 - 00000000 ____D C:\Users\Dominik\Downloads\pcsxr

2012-07-10 22:48 - 2012-07-10 22:48 - 00000000 ____D C:\Program Files (x86)\Screaming Bee LLC

2012-07-10 22:42 - 2012-07-10 22:42 - 00000000 ____D C:\Users\Dominik\AppData\Roaming\Screaming Bee

2012-07-10 22:32 - 2012-07-10 23:01 - 00000000 ____D C:\Program Files (x86)\Screaming Bee

2012-07-10 22:32 - 2012-07-10 22:42 - 00000000 ____D C:\Users\All Users\Screaming Bee

2012-07-10 22:32 - 2012-07-10 22:32 - 00002118 ____A C:\Users\Public\Desktop\MorphVOX Pro.lnk

2012-07-10 22:27 - 2012-07-20 18:16 - 00001390 ____A C:\Users\Public\Desktop\VMware Shared Folders.lnk

2012-07-06 00:44 - 2012-07-06 00:44 - 00000000 ____D C:\Windows\System32\appmgmt

2012-07-06 00:41 - 2012-07-06 00:41 - 00001182 ____A C:\Users\Public\Desktop\Game Booster 3.lnk

2012-07-06 00:41 - 2012-07-06 00:41 - 00000000 ____D C:\Program Files (x86)\IObit

2012-07-05 14:17 - 2012-07-05 14:17 - 00001256 ____A C:\Users\UpdatusUser.Dominik-PC\Desktop\DayZbeta.lnk

2012-07-05 14:17 - 2012-07-05 14:17 - 00001236 ____A C:\Users\UpdatusUser.Dominik-PC\Desktop\DayZ.lnk

2012-07-05 12:03 - 2012-07-05 12:04 - 00000000 ____D C:\Users\Dominik\AppData\Roaming\six-updater

2012-07-05 12:03 - 2012-07-05 12:03 - 00000000 ____D C:\Users\Dominik\AppData\Roaming\six-zsync

2012-07-05 12:03 - 2012-07-05 12:03 - 00000000 ____D C:\Program Files (x86)\SIX Projects

2012-07-05 12:02 - 2012-07-05 12:02 - 00000000 ____D C:\Users\Dominik\AppData\Local\Downloaded Installations

2012-07-05 11:53 - 2012-07-14 22:58 - 00000000 ____D C:\Users\Dominik\AppData\Local\ArmA 2 OA

2012-07-05 11:53 - 2010-02-04 10:01 - 00530776 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_6.dll

2012-07-05 11:53 - 2010-02-04 10:01 - 00528216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll

2012-07-05 11:53 - 2010-02-04 10:01 - 00238936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll

2012-07-05 11:53 - 2010-02-04 10:01 - 00176984 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_6.dll

2012-07-05 11:53 - 2010-02-04 10:01 - 00078680 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_4.dll

2012-07-05 11:53 - 2010-02-04 10:01 - 00074072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll

2012-07-05 11:53 - 2010-02-04 10:01 - 00024920 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_7.dll

2012-07-05 11:53 - 2010-02-04 10:01 - 00022360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll

2012-07-05 11:53 - 2009-09-04 17:44 - 00517960 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_5.dll

2012-07-05 11:53 - 2009-09-04 17:44 - 00515416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll

2012-07-05 11:53 - 2009-09-04 17:44 - 00238936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll

2012-07-05 11:53 - 2009-09-04 17:44 - 00176968 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_5.dll

2012-07-05 11:53 - 2009-09-04 17:44 - 00073544 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_3.dll

2012-07-05 11:53 - 2009-09-04 17:44 - 00069464 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll

2012-07-05 11:53 - 2009-09-04 17:29 - 05554512 ____A (Microsoft Corporation) C:\Windows\System32\d3dcsx_42.dll

2012-07-05 11:53 - 2009-09-04 17:29 - 05501792 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll

2012-07-05 11:53 - 2009-09-04 17:29 - 02582888 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_42.dll

2012-07-05 11:53 - 2009-09-04 17:29 - 02475352 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_42.dll

2012-07-05 11:53 - 2009-09-04 17:29 - 01974616 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll

2012-07-05 11:53 - 2009-09-04 17:29 - 01892184 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll

2012-07-05 11:53 - 2009-09-04 17:29 - 00523088 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_42.dll

2012-07-05 11:53 - 2009-09-04 17:29 - 00453456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll

2012-07-05 11:53 - 2009-09-04 17:29 - 00285024 ____A (Microsoft Corporation) C:\Windows\System32\d3dx11_42.dll

2012-07-05 11:53 - 2009-09-04 17:29 - 00235344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll

2012-07-05 11:53 - 2008-10-27 10:04 - 00518480 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_3.dll

2012-07-05 11:53 - 2008-10-27 10:04 - 00514384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll

2012-07-05 11:53 - 2008-10-27 10:04 - 00235856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll

2012-07-05 11:53 - 2008-10-27 10:04 - 00175440 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_3.dll

2012-07-05 11:53 - 2008-10-27 10:04 - 00074576 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_2.dll

2012-07-05 11:53 - 2008-10-27 10:04 - 00070992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll

2012-07-05 11:53 - 2008-10-27 10:04 - 00025936 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_5.dll

2012-07-05 11:53 - 2008-10-27 10:04 - 00023376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll

2012-07-05 11:53 - 2008-07-31 10:41 - 00238088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll

2012-07-05 11:53 - 2008-07-31 10:41 - 00177672 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_2.dll

2012-07-05 11:53 - 2008-07-31 10:41 - 00072200 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_1.dll

2012-07-05 11:53 - 2008-07-31 10:41 - 00068616 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll

2012-07-05 11:53 - 2008-07-31 10:40 - 00513544 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_2.dll

2012-07-05 11:53 - 2008-07-31 10:40 - 00509448 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll

2012-07-05 11:31 - 2009-03-16 14:18 - 00521560 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_4.dll

2012-07-05 11:31 - 2009-03-16 14:18 - 00517448 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll

2012-07-05 11:31 - 2009-03-16 14:18 - 00235352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll

2012-07-05 11:31 - 2009-03-16 14:18 - 00174936 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_4.dll

2012-07-05 11:31 - 2009-03-16 14:18 - 00024920 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_6.dll

2012-07-05 11:31 - 2009-03-16 14:18 - 00022360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll

2012-07-05 11:31 - 2009-03-09 15:27 - 05425496 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_41.dll

2012-07-05 11:31 - 2009-03-09 15:27 - 04178264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll

2012-07-05 11:31 - 2009-03-09 15:27 - 02430312 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_41.dll

2012-07-05 11:31 - 2009-03-09 15:27 - 01846632 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll

2012-07-05 11:31 - 2009-03-09 15:27 - 00520544 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_41.dll

2012-07-05 11:31 - 2009-03-09 15:27 - 00453456 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll

2012-07-05 11:31 - 2008-10-15 06:22 - 05631312 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_40.dll

2012-07-05 11:31 - 2008-10-15 06:22 - 04379984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll

2012-07-05 11:31 - 2008-10-15 06:22 - 02605920 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_40.dll

2012-07-05 11:31 - 2008-10-15 06:22 - 02036576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll

2012-07-05 11:31 - 2008-10-15 06:22 - 00519000 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_40.dll

2012-07-05 11:31 - 2008-10-15 06:22 - 00452440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll

2012-07-05 11:31 - 2008-07-10 11:01 - 00467984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll

2012-07-05 11:31 - 2008-07-10 11:00 - 04992520 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_39.dll

2012-07-05 11:31 - 2008-07-10 11:00 - 03851784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll

2012-07-05 11:31 - 2008-07-10 11:00 - 01942552 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_39.dll

2012-07-05 11:31 - 2008-07-10 11:00 - 01493528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll

2012-07-05 11:31 - 2008-07-10 11:00 - 00540688 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_39.dll

2012-07-05 11:31 - 2008-05-30 14:19 - 00511496 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_1.dll

2012-07-05 11:31 - 2008-05-30 14:19 - 00507400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll

2012-07-05 11:31 - 2008-05-30 14:18 - 00238088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll

2012-07-05 11:31 - 2008-05-30 14:18 - 00177672 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_1.dll

2012-07-05 11:31 - 2008-05-30 14:17 - 00068104 ____A (Microsoft Corporation) C:\Windows\System32\XAPOFX1_0.dll

2012-07-05 11:31 - 2008-05-30 14:17 - 00065032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll

2012-07-05 11:31 - 2008-05-30 14:17 - 00025608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll

2012-07-05 11:31 - 2008-05-30 14:16 - 00028168 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_4.dll

2012-07-05 11:31 - 2008-05-30 14:11 - 04991496 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_38.dll

2012-07-05 11:31 - 2008-05-30 14:11 - 03850760 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll

2012-07-05 11:31 - 2008-05-30 14:11 - 01941528 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_38.dll

2012-07-05 11:31 - 2008-05-30 14:11 - 01491992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll

2012-07-05 11:31 - 2008-05-30 14:11 - 00540688 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_38.dll

2012-07-05 11:31 - 2008-05-30 14:11 - 00467984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll

2012-07-05 11:31 - 2008-03-05 16:04 - 00489480 ____A (Microsoft Corporation) C:\Windows\System32\XAudio2_0.dll

2012-07-05 11:31 - 2008-03-05 16:03 - 00479752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll

2012-07-05 11:31 - 2008-03-05 16:03 - 00238088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll

2012-07-05 11:31 - 2008-03-05 16:03 - 00177672 ____A (Microsoft Corporation) C:\Windows\System32\xactengine3_0.dll

2012-07-05 11:31 - 2008-03-05 16:00 - 00028168 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_3.dll

2012-07-05 11:31 - 2008-03-05 16:00 - 00025608 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll

2012-07-05 11:31 - 2008-03-05 15:56 - 04910088 ____A (Microsoft Corporation) C:\Windows\System32\D3DX9_37.dll

2012-07-05 11:31 - 2008-03-05 15:56 - 03786760 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll

2012-07-05 11:31 - 2008-03-05 15:56 - 01860120 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_37.dll

2012-07-05 11:31 - 2008-03-05 15:56 - 01420824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll

2012-07-05 11:31 - 2008-02-05 23:07 - 00529424 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_37.dll

2012-07-05 11:31 - 2008-02-05 23:07 - 00462864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll

2012-07-05 11:31 - 2007-10-22 03:40 - 00411656 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_10.dll

2012-07-05 11:31 - 2007-10-22 03:39 - 00267272 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll

2012-07-05 11:31 - 2007-10-12 15:14 - 05081608 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_36.dll

2012-07-05 11:31 - 2007-10-12 15:14 - 03734536 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll

2012-07-05 11:31 - 2007-10-12 15:14 - 02006552 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_36.dll

2012-07-05 11:31 - 2007-10-12 15:14 - 01374232 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll

2012-07-05 11:31 - 2007-10-02 09:56 - 00508264 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_36.dll

2012-07-05 11:31 - 2007-10-02 09:56 - 00444776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll

2012-07-05 11:31 - 2007-07-20 00:57 - 00411496 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_9.dll

2012-07-05 11:31 - 2007-07-20 00:57 - 00267112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll

2012-07-05 11:31 - 2007-07-19 18:14 - 05073256 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_35.dll

2012-07-05 11:31 - 2007-07-19 18:14 - 03727720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll

2012-07-05 11:31 - 2007-07-19 18:14 - 01985904 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_35.dll

2012-07-05 11:31 - 2007-07-19 18:14 - 01358192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll

2012-07-05 11:31 - 2007-07-19 18:14 - 00508264 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_35.dll

2012-07-05 11:31 - 2007-07-19 18:14 - 00444776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll

2012-07-05 11:30 - 2007-10-22 03:37 - 00021000 ____A (Microsoft Corporation) C:\Windows\System32\X3DAudio1_2.dll

2012-07-05 11:30 - 2007-10-22 03:37 - 00017928 ____A (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll

2012-07-05 11:30 - 2007-06-20 20:49 - 00409960 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_8.dll

2012-07-05 11:30 - 2007-06-20 20:46 - 00266088 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll

2012-07-05 11:30 - 2007-05-16 16:45 - 04496232 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_34.dll

2012-07-05 11:30 - 2007-05-16 16:45 - 03497832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll

2012-07-05 11:30 - 2007-05-16 16:45 - 01401200 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_34.dll

2012-07-05 11:30 - 2007-05-16 16:45 - 01124720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll

2012-07-05 11:30 - 2007-05-16 16:45 - 00506728 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_34.dll

2012-07-05 11:30 - 2007-05-16 16:45 - 00443752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll

2012-07-05 11:30 - 2007-04-04 18:55 - 00403304 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_7.dll

2012-07-05 11:30 - 2007-04-04 18:55 - 00261480 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll

2012-07-05 11:30 - 2007-04-04 18:54 - 00107368 ____A (Microsoft Corporation) C:\Windows\System32\xinput1_3.dll

2012-07-05 11:30 - 2007-04-04 18:53 - 00081768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll

2012-07-05 11:30 - 2007-03-15 16:57 - 00506728 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10_33.dll

2012-07-05 11:30 - 2007-03-15 16:57 - 00443752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll

2012-07-05 11:30 - 2007-03-12 16:42 - 04494184 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_33.dll

2012-07-05 11:30 - 2007-03-12 16:42 - 03495784 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll

2012-07-05 11:30 - 2007-03-12 16:42 - 01400176 ____A (Microsoft Corporation) C:\Windows\System32\D3DCompiler_33.dll

2012-07-05 11:30 - 2007-03-12 16:42 - 01123696 ____A (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll

2012-07-05 11:30 - 2007-03-05 12:42 - 00017688 ____A (Microsoft Corporation) C:\Windows\System32\x3daudio1_1.dll

2012-07-05 11:30 - 2007-03-05 12:42 - 00015128 ____A (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll

2012-07-05 11:30 - 2007-01-24 15:27 - 00393576 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_6.dll

2012-07-05 11:30 - 2007-01-24 15:27 - 00255848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll

2012-07-05 11:30 - 2006-12-08 12:02 - 00251672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll

2012-07-05 11:30 - 2006-12-08 12:00 - 00390424 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_5.dll

2012-07-05 11:30 - 2006-11-29 13:06 - 04398360 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_32.dll

2012-07-05 11:30 - 2006-11-29 13:06 - 03426072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll

2012-07-05 11:30 - 2006-11-29 13:06 - 00469264 ____A (Microsoft Corporation) C:\Windows\System32\d3dx10.dll

2012-07-05 11:30 - 2006-11-29 13:06 - 00440080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll

2012-07-05 11:30 - 2006-09-28 16:05 - 03977496 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_31.dll

2012-07-05 11:30 - 2006-09-28 16:05 - 02414360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll

2012-07-05 11:30 - 2006-09-28 16:05 - 00237848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll

2012-07-05 11:30 - 2006-09-28 16:04 - 00364824 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_4.dll

2012-07-05 11:30 - 2006-07-28 09:31 - 00083736 ____A (Microsoft Corporation) C:\Windows\System32\xinput1_2.dll

2012-07-05 11:30 - 2006-07-28 09:30 - 00363288 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_3.dll

2012-07-05 11:30 - 2006-07-28 09:30 - 00236824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll

2012-07-05 11:30 - 2006-07-28 09:30 - 00062744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll

2012-07-05 11:30 - 2006-05-31 07:24 - 00230168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll

2012-07-05 11:30 - 2006-05-31 07:22 - 00354072 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_2.dll

2012-07-05 11:30 - 2006-03-31 12:41 - 03927248 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_30.dll

2012-07-05 11:30 - 2006-03-31 12:40 - 02388176 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll

2012-07-05 11:30 - 2006-03-31 12:40 - 00352464 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_1.dll

2012-07-05 11:30 - 2006-03-31 12:39 - 00229584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll

2012-07-05 11:30 - 2006-03-31 12:39 - 00083664 ____A (Microsoft Corporation) C:\Windows\System32\xinput1_1.dll

2012-07-05 11:30 - 2006-03-31 12:39 - 00062672 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll

2012-07-05 11:30 - 2006-02-03 08:43 - 03830992 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_29.dll

2012-07-05 11:30 - 2006-02-03 08:43 - 02332368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll

2012-07-05 11:30 - 2006-02-03 08:42 - 00355536 ____A (Microsoft Corporation) C:\Windows\System32\xactengine2_0.dll

2012-07-05 11:30 - 2006-02-03 08:42 - 00230096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll

2012-07-05 11:30 - 2006-02-03 08:41 - 00016592 ____A (Microsoft Corporation) C:\Windows\System32\x3daudio1_0.dll

2012-07-05 11:30 - 2006-02-03 08:41 - 00014032 ____A (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll

2012-07-05 11:30 - 2005-12-05 18:09 - 03815120 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_28.dll

2012-07-05 11:23 - 2012-07-05 22:09 - 00000000 ____D C:\Program Files (x86)\MSI Afterburner

2012-07-05 11:23 - 2012-07-05 11:23 - 00001098 ____A C:\Users\Dominik\Desktop\MSI Afterburner.lnk

2012-07-05 11:23 - 2012-07-05 11:23 - 00000000 ___HD C:\Windows\msdownld.tmp

2012-07-05 11:23 - 2012-07-05 11:23 - 00000000 ____D C:\Windows\SysWOW64\directx

2012-07-05 11:15 - 2012-07-05 11:16 - 00000000 ____D C:\Users\Dominik\AppData\Local\ArmA 2

2012-07-05 11:15 - 2005-12-05 18:09 - 02323664 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll

2012-07-05 11:15 - 2005-07-22 19:59 - 03807440 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_27.dll

2012-07-05 11:15 - 2005-07-22 19:59 - 02319568 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll

2012-07-05 11:15 - 2005-05-26 15:34 - 03767504 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_26.dll

2012-07-05 11:15 - 2005-05-26 15:34 - 02297552 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll

2012-07-05 11:15 - 2005-03-18 17:19 - 03823312 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_25.dll

2012-07-05 11:15 - 2005-03-18 17:19 - 02337488 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll

2012-07-05 11:15 - 2005-02-05 19:45 - 03544272 ____A (Microsoft Corporation) C:\Windows\System32\d3dx9_24.dll

2012-07-05 11:15 - 2005-02-05 19:45 - 02222800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll

2012-07-04 20:02 - 2012-07-04 20:02 - 00000000 ____D C:\Users\All Users\SeriousBit

2012-07-04 18:37 - 2012-07-04 18:37 - 00000000 __RHD C:\ESD

2012-07-03 15:39 - 2012-07-03 15:39 - 00000000 ____D C:\Users\Dominik\Documents\My Cheat Tables

2012-07-02 22:38 - 2012-07-03 14:44 - 00000000 ____D C:\Users\Dominik\Desktop\school bullshit

2012-07-02 22:38 - 2012-07-02 22:38 - 00000000 ___RD C:\Sandbox

2012-07-02 22:37 - 2012-07-03 14:41 - 00001496 ____A C:\Windows\Sandboxie.ini

2012-07-02 22:37 - 2012-07-02 22:37 - 00000000 ____D C:\Program Files\Sandboxie

2012-07-02 20:07 - 2012-07-07 22:19 - 00000000 ____D C:\Users\Dominik\Documents\ArmA 2

2012-07-02 20:07 - 2012-07-02 20:57 - 00000000 ____D C:\Users\Dominik\AppData\Local\ArmA 2 Free

2012-07-02 19:41 - 2012-07-02 19:41 - 00000000 ____D C:\Users\Dominik\AppData\Roaming\DRPSu

2012-07-02 19:38 - 2012-06-30 15:09 - 00039656 ____A C:\Windows\System32\OEMLOGO.bmp

2012-07-02 19:37 - 2011-03-14 10:53 - 00412712 ____A (Broadcom Corporation) C:\Windows\System32\Drivers\b57nd60a.sys

2012-07-02 19:21 - 2012-07-14 22:58 - 00000000 ____D C:\Program Files (x86)\Steam

2012-07-02 19:21 - 2012-07-02 19:21 - 00000925 ____A C:\Users\Public\Desktop\Steam.lnk

2012-07-02 18:16 - 2012-07-02 18:16 - 00476936 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\npdeployJava1.dll

2012-07-02 18:16 - 2012-07-02 18:16 - 00157448 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe

2012-07-02 18:16 - 2012-07-02 18:16 - 00149256 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe

2012-07-02 18:16 - 2012-07-02 18:16 - 00149256 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe

2012-07-02 18:16 - 2012-07-02 18:16 - 00000000 ____D C:\Program Files (x86)\Java

2012-07-02 18:14 - 2012-07-02 18:14 - 00000000 ____D C:\Users\All Users\McAfee

2012-06-21 15:18 - 2012-07-03 15:32 - 00282864 ____A C:\Windows\SysWOW64\PnkBstrB.xtr

============ 3 Months Modified Files ========================

2012-07-21 00:24 - 2012-07-19 00:06 - 00002720 ____A C:\Windows\PFRO.log

2012-07-21 00:24 - 2012-07-18 00:46 - 00000684 ____A C:\Windows\setupact.log

2012-07-20 22:59 - 2012-07-20 22:59 - 00001121 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-07-20 21:22 - 2012-07-20 21:22 - 01437781 ____A (Farbar) C:\Users\Dominik\Downloads\FRST64.exe

2012-07-20 21:10 - 2012-07-20 21:10 - 00607260 ____R (Swearware) C:\Users\Dominik\Downloads\dds.scr

2012-07-20 20:54 - 2012-07-20 20:53 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\Dominik\Downloads\tdsskiller.exe

2012-07-20 20:50 - 2012-01-28 06:32 - 01331547 ____A C:\Windows\WindowsUpdate.log

2012-07-20 20:31 - 2009-07-14 01:13 - 00726316 ____A C:\Windows\System32\PerfStringBackup.INI

2012-07-20 20:30 - 2012-07-20 22:38 - 00017168 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-a289-439d-8115-601632D005A0

2012-07-20 20:30 - 2012-07-20 22:38 - 00017168 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-a289-439d-8115-601632D005A0

2012-07-20 18:56 - 2012-07-20 22:58 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Dominik\Desktop\mbam-setup-1.62.0.1300.exe

2012-07-20 18:21 - 2012-07-20 18:27 - 00302592 ____A C:\Users\Dominik\Desktop\s8kc62lx.exe

2012-07-20 18:16 - 2012-07-10 22:27 - 00001390 ____A C:\Users\Public\Desktop\VMware Shared Folders.lnk

2012-07-19 16:43 - 2009-07-14 01:08 - 00032624 ____A C:\Windows\Tasks\SCHEDLGU.TXT

2012-07-19 00:48 - 2012-07-19 00:07 - 00000678 ____A C:\Windows\LkmdfCoInst.log

2012-07-19 00:48 - 2011-12-24 08:10 - 00018960 ____A (Logitech, Inc.) C:\Windows\System32\Drivers\LNonPnP.sys

2012-07-18 01:06 - 2012-05-04 15:25 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2012-07-18 01:06 - 2012-05-04 15:25 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2012-07-18 00:48 - 2012-07-18 00:48 - 00057560 ____A C:\Users\Dominik\AppData\Local\GDIPFONTCACHEV1.DAT

2012-07-18 00:46 - 2012-07-18 00:46 - 00274320 ____A C:\Windows\System32\FNTCACHE.DAT

2012-07-18 00:46 - 2012-07-18 00:46 - 00000000 ____A C:\Windows\setuperr.log

2012-07-14 19:28 - 2011-11-13 17:46 - 00000830 ____A C:\Users\Public\Desktop\CCleaner.lnk

2012-07-14 19:25 - 2012-07-14 19:25 - 03889704 ____A (Piriform Ltd) C:\Users\Dominik\Downloads\ccsetup320.exe

2012-07-10 22:32 - 2012-07-10 22:32 - 00002118 ____A C:\Users\Public\Desktop\MorphVOX Pro.lnk

2012-07-08 22:53 - 2012-01-27 14:01 - 00000000 ____A C:\Windows\SysWOW64\config.nt

2012-07-06 09:23 - 2011-11-14 17:55 - 45613056 ____N C:\Windows\System32\config\SOFTWARE.vmware

2012-07-06 09:23 - 2011-11-14 17:55 - 20709376 ____N C:\Windows\System32\config\SYSTEM.vmware

2012-07-06 00:41 - 2012-07-06 00:41 - 00001182 ____A C:\Users\Public\Desktop\Game Booster 3.lnk

2012-07-05 14:17 - 2012-07-05 14:17 - 00001256 ____A C:\Users\UpdatusUser.Dominik-PC\Desktop\DayZbeta.lnk

2012-07-05 14:17 - 2012-07-05 14:17 - 00001236 ____A C:\Users\UpdatusUser.Dominik-PC\Desktop\DayZ.lnk

2012-07-05 11:23 - 2012-07-05 11:23 - 00001098 ____A C:\Users\Dominik\Desktop\MSI Afterburner.lnk

2012-07-03 15:32 - 2012-06-21 15:18 - 00282864 ____A C:\Windows\SysWOW64\PnkBstrB.xtr

2012-07-03 15:32 - 2011-11-17 16:39 - 00282864 ____A C:\Windows\SysWOW64\PnkBstrB.exe

2012-07-03 15:25 - 2011-11-17 16:39 - 00283304 ____A C:\Windows\SysWOW64\PnkBstrB.ex0

2012-07-03 14:41 - 2012-07-02 22:37 - 00001496 ____A C:\Windows\Sandboxie.ini

2012-07-03 13:46 - 2012-07-20 22:59 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-07-03 12:21 - 2012-02-25 12:24 - 00054072 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys

2012-07-03 12:21 - 2012-01-27 14:01 - 00958400 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys

2012-07-03 12:21 - 2012-01-27 14:01 - 00355856 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys

2012-07-03 12:21 - 2012-01-27 14:01 - 00285328 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe

2012-07-03 12:21 - 2012-01-27 14:01 - 00227648 ____A (AVAST Software) C:\Windows\SysWOW64\aswBoot.exe

2012-07-03 12:21 - 2012-01-27 14:01 - 00071064 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys

2012-07-03 12:21 - 2012-01-27 14:01 - 00059728 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys

2012-07-03 12:21 - 2012-01-27 14:01 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr

2012-07-03 12:21 - 2012-01-27 14:01 - 00025232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys

2012-07-02 19:21 - 2012-07-02 19:21 - 00000925 ____A C:\Users\Public\Desktop\Steam.lnk

2012-07-02 18:16 - 2012-07-02 18:16 - 00476936 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\npdeployJava1.dll

2012-07-02 18:16 - 2012-07-02 18:16 - 00157448 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe

2012-07-02 18:16 - 2012-07-02 18:16 - 00149256 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe

2012-07-02 18:16 - 2012-07-02 18:16 - 00149256 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe

2012-07-02 18:16 - 2011-11-16 16:28 - 00472840 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll

2012-06-30 15:09 - 2012-07-02 19:38 - 00039656 ____A C:\Windows\System32\OEMLOGO.bmp

2012-05-20 04:59 - 2012-03-11 08:36 - 00001776 ____A C:\Users\Public\Desktop\Defraggler.lnk

2012-05-20 04:59 - 2012-01-27 14:01 - 00001690 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk

2012-05-15 06:48 - 2012-05-25 11:09 - 25743168 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll

2012-05-15 06:48 - 2012-05-25 11:09 - 25248064 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll

2012-05-15 06:48 - 2012-05-25 11:09 - 19607872 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll

2012-05-15 06:48 - 2012-05-25 11:09 - 17551680 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll

2012-05-15 06:48 - 2012-05-25 11:09 - 14298944 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys

2012-05-15 06:48 - 2012-05-25 11:09 - 10194752 ____A (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll

2012-05-15 06:48 - 2012-05-25 11:09 - 08139072 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll

2012-05-15 06:48 - 2012-05-25 11:09 - 05982528 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll

2012-05-15 06:48 - 2012-05-25 11:09 - 02881856 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll

2012-05-15 06:48 - 2012-05-25 11:09 - 02681664 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll

2012-05-15 06:48 - 2012-05-25 11:09 - 02524992 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll

2012-05-15 06:48 - 2012-05-25 11:09 - 02445120 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll

2012-05-15 06:48 - 2012-04-15 13:09 - 18044224 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll

2012-05-15 06:48 - 2012-04-15 13:09 - 08105280 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll

2012-05-15 06:48 - 2012-04-15 13:09 - 02368832 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll

2012-05-15 06:48 - 2012-03-16 10:51 - 00068928 ____A (Khronos Group) C:\Windows\System32\OpenCL.dll

2012-05-15 06:48 - 2012-03-16 10:51 - 00061248 ____A (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll

2012-05-15 06:48 - 2012-02-04 12:35 - 15322432 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll

2012-05-15 06:48 - 2012-02-04 12:35 - 02741568 ____A (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll

2012-05-15 06:48 - 2012-02-04 12:35 - 01738048 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispco64.dll

2012-05-15 06:48 - 2012-02-04 12:35 - 01468224 ____A (NVIDIA Corporation) C:\Windows\System32\nvgenco64.dll

2012-05-15 06:48 - 2012-02-04 12:35 - 00014324 ____A C:\Windows\System32\nvinfo.pb

2012-05-15 05:29 - 2012-02-04 12:37 - 03149632 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll

2012-05-15 05:29 - 2012-02-04 12:37 - 02561856 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvcr.dll

2012-05-15 05:29 - 2012-02-04 12:37 - 00889664 ____A (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

2012-05-15 05:29 - 2012-02-04 12:37 - 00118080 ____A (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll

2012-05-15 05:29 - 2012-02-04 12:37 - 00063296 ____A (NVIDIA Corporation) C:\Windows\System32\nvshext.dll

2012-05-15 05:28 - 2012-02-04 12:37 - 06151488 ____A (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll

2012-05-14 20:21 - 2012-05-14 20:21 - 00423744 ____A C:\Windows\SysWOW64\nvStreaming.exe

ZeroAccess:

C:\Windows\Installer\{f31e9456-f450-b936-9e72-275f309b22c1}

C:\Windows\Installer\{f31e9456-f450-b936-9e72-275f309b22c1}\@

C:\Windows\Installer\{f31e9456-f450-b936-9e72-275f309b22c1}\L

C:\Windows\Installer\{f31e9456-f450-b936-9e72-275f309b22c1}\U

C:\Windows\Installer\{f31e9456-f450-b936-9e72-275f309b22c1}\L\00000004.@

C:\Windows\Installer\{f31e9456-f450-b936-9e72-275f309b22c1}\L\1afb2d56

C:\Windows\Installer\{f31e9456-f450-b936-9e72-275f309b22c1}\L\201d3dde

C:\Windows\Installer\{f31e9456-f450-b936-9e72-275f309b22c1}\U\00000004.@

C:\Windows\Installer\{f31e9456-f450-b936-9e72-275f309b22c1}\U\00000008.@

C:\Windows\Installer\{f31e9456-f450-b936-9e72-275f309b22c1}\U\000000cb.@

C:\Windows\Installer\{f31e9456-f450-b936-9e72-275f309b22c1}\U\80000000.@

C:\Windows\Installer\{f31e9456-f450-b936-9e72-275f309b22c1}\U\80000032.@

C:\Windows\Installer\{f31e9456-f450-b936-9e72-275f309b22c1}\U\80000064.@

ZeroAccess:

C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:

C:\Windows\assembly\GAC_64\Desktop.ini

========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe 50BEA589F7D7958BDD2528A8F69D05CC ZeroAccess <==== ATTENTION!.

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

========================= Memory info ======================

Percentage of memory in use: 39%

Total physical RAM: 3830.6 MB

Available physical RAM: 2306.51 MB

Total Pagefile: 7659.39 MB

Available Pagefile: 6147.88 MB

Total Virtual: 8192 MB

Available Virtual: 8191.88 MB

======================= Partitions =========================

1 Drive c: (BOOTCAMP) (Fixed) (Total:60.72 GB) (Free:16.14 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

2 Drive d: (Macintosh HD) (Fixed) (Total:171.36 GB) (Free:40.54 GB) HFS

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 232 GB 0 B

Disk 1 No Media 0 B 0 B

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 200 MB 512 B

Partition 2 Primary 171 GB 200 MB

Partition 3 Primary 619 MB 171 GB

Partition 4 Primary 60 GB 172 GB

==================================================================================

Disk: 0

Partition 1

Type : EE

Hidden: Yes

Active: No

There is no volume associated with this partition.

==================================================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 D Macintosh H HFS Partition 171 GB Healthy

==================================================================================

Disk: 0

Partition 3

Type : AB

Hidden: Yes

Active: No

There is no volume associated with this partition.

==================================================================================

Disk: 0

Partition 4

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 C BOOTCAMP NTFS Partition 60 GB Healthy System (partition with boot components)

==================================================================================

==========================================================

Last Boot: 2012-07-10 14:03

======================= End Of Log ==========================

Link to post
Share on other sites

services.exe is infected and has to be replaced:

C:\Windows\System32\services.exe 50BEA589F7D7958BDD2528A8F69D05CC ZeroAccess <==== ATTENTION!.

In Vista or Windows 7: Boot to System Recovery Options and run FRST.

Type the following in the edit box after "Search:".

services.exe

It then should look like:

Search: services.exe

Click Search button and post the log (Search.txt) it makes to your reply.

MrC

Link to post
Share on other sites

Search.txt

Farbar Recovery Scan Tool Version: 20-07-2012 01

Ran by SYSTEM at 2012-07-21 02:39:17

Running from C:\Users\Dominik\Downloads

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe

[2009-07-13 15:19] - [2009-07-13 17:39] - 0329216 ____A (Microsoft Corporation) 50BEA589F7D7958BDD2528A8F69D05CC

====== End Of Search ======

Link to post
Share on other sites

OK, here you go......Please carefully do this!!

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt


C:\Windows\Installer\{f31e9456-f450-b936-9e72-275f309b22c1}
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
Replace: C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\Windows\System32\services.exe

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

MrC

Link to post
Share on other sites

Fixlog.txt

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 20-07-2012 01

Ran by SYSTEM at 2012-07-20 23:01:32 Run:1

Running from E:\

==============================================

C:\Windows\Installer\{f31e9456-f450-b936-9e72-275f309b22c1} moved successfully.

C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.

C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.

C:\Windows\System32\services.exe moved successfully.

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

==== End of Fixlog ====

Link to post
Share on other sites

Looks Good............next:

Please make sure system restore is running and create a new restore point before continuing.

XP <===> Vista & W7

XP users > please back up the registry using ERUNT.

-----------------------------------------

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

tdss_1.jpg

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

tdss_2.jpg

------------------------

Click the Start Scan button.

tdss_3.jpg

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

tdss_4.jpg

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

tdss_5.jpg

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

Link to post
Share on other sites

TDSSKiller.2.7.46.0_21.07.2012_13.40.48_log.txt

13:40:48.0919 0556 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11

13:40:48.0950 0556 ============================================================

13:40:48.0950 0556 Current date / time: 2012/07/21 13:40:48.0950

13:40:48.0950 0556 SystemInfo:

13:40:48.0950 0556

13:40:48.0950 0556 OS Version: 6.1.7601 ServicePack: 1.0

13:40:48.0950 0556 Product type: Workstation

13:40:48.0950 0556 ComputerName: DOMINIK-PC

13:40:48.0950 0556 UserName: Dominik

13:40:48.0950 0556 Windows directory: C:\Windows

13:40:48.0950 0556 System windows directory: C:\Windows

13:40:48.0950 0556 Running under WOW64

13:40:48.0950 0556 Processor architecture: Intel x64

13:40:48.0950 0556 Number of processors: 1

13:40:48.0950 0556 Page size: 0x1000

13:40:48.0950 0556 Boot type: Normal boot

13:40:48.0950 0556 ============================================================

13:40:49.0793 0556 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

13:40:49.0808 0556 ============================================================

13:40:49.0808 0556 \Device\Harddisk0\DR0:

13:40:49.0808 0556 MBR partitions:

13:40:49.0808 0556 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x15854000, BlocksNum 0x7971800

13:40:49.0808 0556 ============================================================

13:40:49.0949 0556 C: <-> \Device\Harddisk0\DR0\Partition0

13:40:49.0949 0556 ============================================================

13:40:49.0949 0556 Initialize success

13:40:49.0949 0556 ============================================================

13:41:19.0712 0380 ============================================================

13:41:19.0712 0380 Scan started

13:41:19.0712 0380 Mode: Manual; SigCheck; TDLFS;

13:41:19.0712 0380 ============================================================

13:41:20.0164 0380 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

13:41:20.0523 0380 1394ohci - ok

13:41:20.0601 0380 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

13:41:20.0632 0380 ACPI - ok

13:41:20.0694 0380 acpials (12c5274cd87449a2a37a607cdb321922) C:\Windows\system32\DRIVERS\acpials.sys

13:41:20.0757 0380 acpials - ok

13:41:20.0819 0380 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

13:41:20.0881 0380 AcpiPmi - ok

13:41:20.0975 0380 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

13:41:21.0006 0380 adp94xx - ok

13:41:21.0100 0380 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

13:41:21.0131 0380 adpahci - ok

13:41:21.0178 0380 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

13:41:21.0209 0380 adpu320 - ok

13:41:21.0271 0380 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

13:41:21.0381 0380 AeLookupSvc - ok

13:41:21.0474 0380 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

13:41:21.0537 0380 AFD - ok

13:41:21.0599 0380 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

13:41:21.0615 0380 agp440 - ok

13:41:21.0661 0380 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

13:41:21.0708 0380 ALG - ok

13:41:21.0771 0380 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

13:41:21.0786 0380 aliide - ok

13:41:21.0817 0380 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

13:41:21.0849 0380 amdide - ok

13:41:21.0911 0380 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

13:41:21.0973 0380 AmdK8 - ok

13:41:22.0005 0380 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

13:41:22.0051 0380 AmdPPM - ok

13:41:22.0098 0380 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

13:41:22.0129 0380 amdsata - ok

13:41:22.0192 0380 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

13:41:22.0207 0380 amdsbs - ok

13:41:22.0238 0380 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

13:41:22.0270 0380 amdxata - ok

13:41:22.0301 0380 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

13:41:22.0379 0380 AppID - ok

13:41:22.0441 0380 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

13:41:22.0519 0380 AppIDSvc - ok

13:41:22.0597 0380 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

13:41:22.0660 0380 Appinfo - ok

13:41:22.0722 0380 AppleBtBc (f65d10a8637f5eb0c6f7811548b06770) C:\Windows\system32\DRIVERS\AppleBtBc.sys

13:41:22.0769 0380 AppleBtBc - ok

13:41:22.0800 0380 AppleHFS (48bdc7af6a26a6816bd5be4798c29a58) C:\Windows\system32\drivers\AppleHFS.sys

13:41:22.0972 0380 AppleHFS - ok

13:41:23.0003 0380 AppleMNT (daac81671a6eeb41b35bf9113a35c7ff) C:\Windows\system32\drivers\AppleMNT.sys

13:41:23.0018 0380 AppleMNT - ok

13:41:23.0065 0380 applemtm (a0a045a7cc583e1b024aba3e9b38e2c0) C:\Windows\system32\DRIVERS\applemtm.sys

13:41:23.0112 0380 applemtm - ok

13:41:23.0159 0380 applemtp (cc8879aaa4de50f70d194f54b50ff5cf) C:\Windows\system32\DRIVERS\applemtp.sys

13:41:23.0221 0380 applemtp - ok

13:41:23.0346 0380 AppleOSSMgr (d954cd0616a2bbd9c0dced2b5b3ddb21) C:\Windows\system32\AppleOSSMgr.exe

13:41:23.0362 0380 AppleOSSMgr - ok

13:41:23.0393 0380 AppleTimeSrv (7271a1cafe205a12d07e080112b190db) C:\Windows\system32\AppleTimeSrv.exe

13:41:23.0408 0380 AppleTimeSrv - ok

13:41:23.0486 0380 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll

13:41:23.0518 0380 AppMgmt - ok

13:41:23.0580 0380 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

13:41:23.0596 0380 arc - ok

13:41:23.0627 0380 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

13:41:23.0642 0380 arcsas - ok

13:41:23.0720 0380 aswFsBlk (df59b8e8df0bd2e0e303778a3806a17d) C:\Windows\system32\drivers\aswFsBlk.sys

13:41:23.0736 0380 aswFsBlk - ok

13:41:23.0798 0380 aswMonFlt (f8e6ab4f876feff69250f2e0c29ef004) C:\Windows\system32\drivers\aswMonFlt.sys

13:41:23.0814 0380 aswMonFlt - ok

13:41:23.0923 0380 aswRdr (aa92bc4bcba40ca3aa3ffd1be24f0c09) C:\Windows\System32\Drivers\aswrdr2.sys

13:41:23.0923 0380 aswRdr - ok

13:41:24.0032 0380 aswSnx (f06e230e1e8ca9437a6474b7b551cd37) C:\Windows\system32\drivers\aswSnx.sys

13:41:24.0095 0380 aswSnx - ok

13:41:24.0173 0380 aswSP (3610ca74a69e380424f0452dec5c1317) C:\Windows\system32\drivers\aswSP.sys

13:41:24.0204 0380 aswSP - ok

13:41:24.0251 0380 aswTdi (87de3e31cb0091d22351349869324065) C:\Windows\system32\drivers\aswTdi.sys

13:41:24.0266 0380 aswTdi - ok

13:41:24.0329 0380 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

13:41:24.0391 0380 AsyncMac - ok

13:41:24.0422 0380 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

13:41:24.0438 0380 atapi - ok

13:41:24.0516 0380 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

13:41:24.0625 0380 AudioEndpointBuilder - ok

13:41:24.0625 0380 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

13:41:24.0687 0380 AudioSrv - ok

13:41:24.0812 0380 avast! Antivirus (2f7c0f3e39c45e0127fb78b2f18a41f3) C:\Program Files\Avast\AvastSvc.exe

13:41:24.0843 0380 avast! Antivirus - ok

13:41:24.0906 0380 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

13:41:24.0953 0380 AxInstSV - ok

13:41:25.0015 0380 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

13:41:25.0062 0380 b06bdrv - ok

13:41:25.0124 0380 b57nd60a (d925b91a1b76fb6c1e6e60ec0bb227a3) C:\Windows\system32\DRIVERS\b57nd60a.sys

13:41:25.0155 0380 b57nd60a - ok

13:41:25.0405 0380 BCM43XX (64032ca1644a336bd98acfa5601e925e) C:\Windows\system32\DRIVERS\bcmwl664.sys

13:41:25.0670 0380 BCM43XX - ok

13:41:25.0795 0380 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

13:41:25.0857 0380 BDESVC - ok

13:41:25.0951 0380 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

13:41:26.0029 0380 Beep - ok

13:41:26.0107 0380 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll

13:41:26.0185 0380 BITS - ok

13:41:26.0247 0380 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

13:41:26.0294 0380 blbdrive - ok

13:41:26.0325 0380 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

13:41:26.0341 0380 bowser - ok

13:41:26.0403 0380 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

13:41:26.0481 0380 BrFiltLo - ok

13:41:26.0528 0380 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

13:41:26.0544 0380 BrFiltUp - ok

13:41:26.0824 0380 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

13:41:26.0949 0380 Browser - ok

13:41:27.0012 0380 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

13:41:27.0074 0380 Brserid - ok

13:41:27.0136 0380 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

13:41:27.0183 0380 BrSerWdm - ok

13:41:27.0246 0380 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

13:41:27.0277 0380 BrUsbMdm - ok

13:41:27.0324 0380 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

13:41:27.0355 0380 BrUsbSer - ok

13:41:27.0495 0380 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys

13:41:27.0542 0380 BthEnum - ok

13:41:27.0604 0380 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

13:41:27.0651 0380 BTHMODEM - ok

13:41:27.0698 0380 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys

13:41:27.0745 0380 BthPan - ok

13:41:27.0807 0380 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys

13:41:27.0854 0380 BTHPORT - ok

13:41:27.0916 0380 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

13:41:27.0979 0380 bthserv - ok

13:41:28.0010 0380 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys

13:41:28.0057 0380 BTHUSB - ok

13:41:28.0088 0380 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

13:41:28.0150 0380 cdfs - ok

13:41:28.0275 0380 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys

13:41:28.0306 0380 cdrom - ok

13:41:28.0369 0380 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

13:41:28.0447 0380 CertPropSvc - ok

13:41:28.0509 0380 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

13:41:28.0556 0380 circlass - ok

13:41:28.0603 0380 CirrusFilter (11da0ccbce49e7a4c6a4f9f2b4e858f8) C:\Windows\system32\DRIVERS\CS420x64.sys

13:41:28.0634 0380 CirrusFilter - ok

13:41:28.0696 0380 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

13:41:28.0712 0380 CLFS - ok

13:41:28.0821 0380 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

13:41:28.0837 0380 clr_optimization_v2.0.50727_32 - ok

13:41:28.0899 0380 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

13:41:28.0915 0380 clr_optimization_v2.0.50727_64 - ok

13:41:29.0008 0380 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

13:41:29.0024 0380 clr_optimization_v4.0.30319_32 - ok

13:41:29.0071 0380 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

13:41:29.0086 0380 clr_optimization_v4.0.30319_64 - ok

13:41:29.0133 0380 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

13:41:29.0164 0380 CmBatt - ok

13:41:29.0195 0380 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

13:41:29.0211 0380 cmdide - ok

13:41:29.0273 0380 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

13:41:29.0305 0380 CNG - ok

13:41:29.0367 0380 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

13:41:29.0383 0380 Compbatt - ok

13:41:29.0429 0380 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

13:41:29.0461 0380 CompositeBus - ok

13:41:29.0492 0380 COMSysApp - ok

13:41:29.0539 0380 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

13:41:29.0554 0380 crcdisk - ok

13:41:29.0617 0380 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll

13:41:29.0679 0380 CryptSvc - ok

13:41:29.0726 0380 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys

13:41:29.0788 0380 CSC - ok

13:41:29.0866 0380 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll

13:41:29.0913 0380 CscService - ok

13:41:29.0991 0380 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

13:41:30.0069 0380 DcomLaunch - ok

13:41:30.0131 0380 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

13:41:30.0194 0380 defragsvc - ok

13:41:30.0287 0380 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

13:41:30.0350 0380 DfsC - ok

13:41:30.0428 0380 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

13:41:30.0490 0380 Dhcp - ok

13:41:30.0521 0380 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

13:41:30.0584 0380 discache - ok

13:41:30.0630 0380 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

13:41:30.0662 0380 Disk - ok

13:41:30.0724 0380 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

13:41:30.0740 0380 Dnscache - ok

13:41:30.0786 0380 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

13:41:30.0849 0380 dot3svc - ok

13:41:30.0896 0380 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

13:41:30.0958 0380 DPS - ok

13:41:31.0020 0380 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

13:41:31.0052 0380 drmkaud - ok

13:41:31.0130 0380 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

13:41:31.0176 0380 DXGKrnl - ok

13:41:31.0239 0380 E1G60 (edc6e9c057c9d7f83eea22b4cef5dcad) C:\Windows\system32\DRIVERS\E1G6032E.sys

13:41:31.0286 0380 E1G60 - ok

13:41:31.0332 0380 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

13:41:31.0410 0380 EapHost - ok

13:41:31.0582 0380 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

13:41:31.0816 0380 ebdrv - ok

13:41:31.0941 0380 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

13:41:31.0972 0380 EFS - ok

13:41:32.0066 0380 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

13:41:32.0097 0380 ehRecvr - ok

13:41:32.0144 0380 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

13:41:32.0175 0380 ehSched - ok

13:41:32.0300 0380 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

13:41:32.0346 0380 elxstor - ok

13:41:32.0378 0380 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

13:41:32.0424 0380 ErrDev - ok

13:41:32.0502 0380 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

13:41:32.0674 0380 EventSystem - ok

13:41:32.0908 0380 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

13:41:32.0955 0380 exfat - ok

13:41:33.0095 0380 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

13:41:33.0189 0380 fastfat - ok

13:41:33.0329 0380 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

13:41:33.0391 0380 Fax - ok

13:41:33.0579 0380 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

13:41:33.0641 0380 fdc - ok

13:41:33.0813 0380 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

13:41:33.0891 0380 fdPHost - ok

13:41:33.0984 0380 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

13:41:34.0093 0380 FDResPub - ok

13:41:34.0171 0380 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

13:41:34.0187 0380 FileInfo - ok

13:41:34.0265 0380 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

13:41:34.0359 0380 Filetrace - ok

13:41:34.0421 0380 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

13:41:34.0452 0380 flpydisk - ok

13:41:34.0530 0380 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

13:41:34.0546 0380 FltMgr - ok

13:41:34.0702 0380 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

13:41:34.0764 0380 FontCache - ok

13:41:34.0982 0380 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

13:41:34.0998 0380 FontCache3.0.0.0 - ok

13:41:35.0201 0380 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

13:41:35.0216 0380 FsDepends - ok

13:41:35.0263 0380 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

13:41:35.0279 0380 Fs_Rec - ok

13:41:35.0497 0380 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

13:41:35.0513 0380 fvevol - ok

13:41:35.0622 0380 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

13:41:35.0638 0380 gagp30kx - ok

13:41:35.0809 0380 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

13:41:35.0950 0380 gpsvc - ok

13:41:35.0981 0380 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

13:41:36.0028 0380 hcw85cir - ok

13:41:36.0184 0380 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

13:41:36.0246 0380 HdAudAddService - ok

13:41:36.0402 0380 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

13:41:36.0511 0380 HDAudBus - ok

13:41:36.0558 0380 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

13:41:36.0589 0380 HidBatt - ok

13:41:36.0605 0380 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

13:41:36.0652 0380 HidBth - ok

13:41:36.0698 0380 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

13:41:36.0745 0380 HidIr - ok

13:41:36.0776 0380 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll

13:41:36.0854 0380 hidserv - ok

13:41:36.0917 0380 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

13:41:36.0948 0380 HidUsb - ok

13:41:37.0088 0380 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

13:41:37.0197 0380 hkmsvc - ok

13:41:37.0275 0380 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

13:41:37.0322 0380 HomeGroupListener - ok

13:41:37.0400 0380 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

13:41:37.0478 0380 HomeGroupProvider - ok

13:41:37.0665 0380 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

13:41:37.0681 0380 HpSAMD - ok

13:41:37.0853 0380 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

13:41:37.0946 0380 HTTP - ok

13:41:38.0071 0380 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

13:41:38.0087 0380 hwpolicy - ok

13:41:38.0211 0380 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

13:41:38.0227 0380 i8042prt - ok

13:41:38.0539 0380 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

13:41:38.0742 0380 iaStorV - ok

13:41:39.0366 0380 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

13:41:39.0475 0380 idsvc - ok

13:41:39.0771 0380 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

13:41:39.0771 0380 iirsp - ok

13:41:40.0005 0380 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

13:41:40.0099 0380 IKEEXT - ok

13:41:40.0239 0380 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys

13:41:40.0255 0380 intelide - ok

13:41:40.0348 0380 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

13:41:40.0380 0380 intelppm - ok

13:41:40.0442 0380 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

13:41:40.0536 0380 IPBusEnum - ok

13:41:40.0598 0380 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

13:41:40.0676 0380 IpFilterDriver - ok

13:41:40.0738 0380 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

13:41:40.0770 0380 IPMIDRV - ok

13:41:40.0925 0380 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

13:41:41.0003 0380 IPNAT - ok

13:41:41.0144 0380 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

13:41:41.0175 0380 IRENUM - ok

13:41:41.0253 0380 IRRemoteFlt (a2ea52f7140d9439ef0eca7a9e2940c9) C:\Windows\system32\DRIVERS\IRFilter.sys

13:41:41.0269 0380 IRRemoteFlt - ok

13:41:41.0331 0380 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

13:41:41.0347 0380 isapnp - ok

13:41:41.0425 0380 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

13:41:41.0440 0380 iScsiPrt - ok

13:41:41.0503 0380 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

13:41:41.0518 0380 kbdclass - ok

13:41:41.0596 0380 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys

13:41:41.0627 0380 kbdhid - ok

13:41:41.0690 0380 KeyAgent (1e74f5914d4643b9b379daf1e47bf999) C:\Windows\system32\drivers\KeyAgent.sys

13:41:41.0721 0380 KeyAgent - ok

13:41:41.0768 0380 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

13:41:41.0783 0380 KeyIso - ok

13:41:41.0830 0380 KeyMagic (c307a605c49d21592b6c9bb41fbe893b) C:\Windows\system32\DRIVERS\KeyMagic.sys

13:41:41.0877 0380 KeyMagic - ok

13:41:41.0955 0380 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

13:41:41.0971 0380 KSecDD - ok

13:41:42.0002 0380 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

13:41:42.0017 0380 KSecPkg - ok

13:41:42.0064 0380 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

13:41:42.0142 0380 ksthunk - ok

13:41:42.0283 0380 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

13:41:42.0361 0380 KtmRm - ok

13:41:42.0485 0380 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll

13:41:42.0563 0380 LanmanServer - ok

13:41:42.0688 0380 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

13:41:42.0766 0380 LanmanWorkstation - ok

13:41:43.0016 0380 LBTServ (7772dfab22611050b79504e671b06e6e) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe

13:41:43.0047 0380 LBTServ - ok

13:41:43.0156 0380 LHidFilt (241f2648adf090e2a10095bd6d6f5dcb) C:\Windows\system32\DRIVERS\LHidFilt.Sys

13:41:43.0187 0380 LHidFilt - ok

13:41:43.0281 0380 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

13:41:43.0343 0380 lltdio - ok

13:41:43.0468 0380 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

13:41:43.0577 0380 lltdsvc - ok

13:41:43.0655 0380 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

13:41:43.0718 0380 lmhosts - ok

13:41:43.0842 0380 LMouFilt (342ed5a4b3326014438f36d22d803737) C:\Windows\system32\DRIVERS\LMouFilt.Sys

13:41:43.0858 0380 LMouFilt - ok

13:41:44.0030 0380 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

13:41:44.0045 0380 LSI_FC - ok

13:41:44.0217 0380 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

13:41:44.0232 0380 LSI_SAS - ok

13:41:44.0326 0380 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

13:41:44.0357 0380 LSI_SAS2 - ok

13:41:44.0466 0380 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

13:41:44.0482 0380 LSI_SCSI - ok

13:41:44.0576 0380 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

13:41:44.0654 0380 luafv - ok

13:41:44.0700 0380 LUsbFilt (29c733e1de824670dc9315cfc9bdbcd3) C:\Windows\system32\Drivers\LUsbFilt.Sys

13:41:44.0716 0380 LUsbFilt - ok

13:41:44.0763 0380 MacHALDriver (4035b7464df8c3c423e6ffdc75aaeebf) C:\Windows\system32\drivers\MacHALDriver.sys

13:41:44.0778 0380 MacHALDriver - ok

13:41:44.0888 0380 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

13:41:44.0934 0380 Mcx2Svc - ok

13:41:44.0966 0380 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

13:41:44.0981 0380 megasas - ok

13:41:45.0028 0380 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

13:41:45.0059 0380 MegaSR - ok

13:41:45.0168 0380 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

13:41:45.0231 0380 MMCSS - ok

13:41:45.0309 0380 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

13:41:45.0371 0380 Modem - ok

13:41:45.0449 0380 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

13:41:45.0496 0380 monitor - ok

13:41:45.0574 0380 MotioninJoyXFilter (5fec1ff5bb9a1fa5c9cf4544d19d6d5d) C:\Windows\system32\DRIVERS\MijXfilt.sys

13:41:45.0589 0380 MotioninJoyXFilter - ok

13:41:45.0699 0380 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

13:41:45.0714 0380 mouclass - ok

13:41:45.0808 0380 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

13:41:45.0839 0380 mouhid - ok

13:41:45.0901 0380 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

13:41:45.0917 0380 mountmgr - ok

13:41:46.0089 0380 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

13:41:46.0120 0380 MozillaMaintenance - ok

13:41:46.0182 0380 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

13:41:46.0198 0380 mpio - ok

13:41:46.0276 0380 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

13:41:46.0338 0380 mpsdrv - ok

13:41:46.0432 0380 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

13:41:46.0494 0380 MRxDAV - ok

13:41:46.0557 0380 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

13:41:46.0603 0380 mrxsmb - ok

13:41:46.0666 0380 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

13:41:46.0728 0380 mrxsmb10 - ok

13:41:46.0806 0380 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

13:41:46.0853 0380 mrxsmb20 - ok

13:41:46.0915 0380 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

13:41:46.0931 0380 msahci - ok

13:41:46.0993 0380 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

13:41:47.0009 0380 msdsm - ok

13:41:47.0056 0380 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

13:41:47.0087 0380 MSDTC - ok

13:41:47.0180 0380 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

13:41:47.0243 0380 Msfs - ok

13:41:47.0274 0380 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

13:41:47.0336 0380 mshidkmdf - ok

13:41:47.0414 0380 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

13:41:47.0430 0380 msisadrv - ok

13:41:47.0539 0380 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

13:41:47.0602 0380 MSiSCSI - ok

13:41:47.0633 0380 msiserver - ok

13:41:47.0680 0380 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

13:41:47.0742 0380 MSKSSRV - ok

13:41:47.0789 0380 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

13:41:47.0851 0380 MSPCLOCK - ok

13:41:47.0898 0380 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

13:41:47.0976 0380 MSPQM - ok

13:41:48.0116 0380 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

13:41:48.0148 0380 MsRPC - ok

13:41:48.0210 0380 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

13:41:48.0226 0380 mssmbios - ok

13:41:48.0288 0380 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

13:41:48.0382 0380 MSTEE - ok

13:41:48.0413 0380 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

13:41:48.0444 0380 MTConfig - ok

13:41:48.0475 0380 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

13:41:48.0491 0380 Mup - ok

13:41:48.0553 0380 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

13:41:48.0647 0380 napagent - ok

13:41:48.0772 0380 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

13:41:48.0818 0380 NativeWifiP - ok

13:41:48.0850 0380 Nbdrv - ok

13:41:49.0052 0380 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

13:41:49.0099 0380 NDIS - ok

13:41:49.0208 0380 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

13:41:49.0286 0380 NdisCap - ok

13:41:49.0317 0380 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

13:41:49.0395 0380 NdisTapi - ok

13:41:49.0520 0380 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

13:41:49.0598 0380 Ndisuio - ok

13:41:49.0676 0380 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

13:41:49.0754 0380 NdisWan - ok

13:41:49.0817 0380 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

13:41:49.0863 0380 NDProxy - ok

13:41:49.0926 0380 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

13:41:50.0004 0380 NetBIOS - ok

13:41:50.0097 0380 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

13:41:50.0160 0380 NetBT - ok

13:41:50.0222 0380 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

13:41:50.0238 0380 Netlogon - ok

13:41:50.0363 0380 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

13:41:50.0456 0380 Netman - ok

13:41:50.0550 0380 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

13:41:50.0628 0380 netprofm - ok

13:41:51.0111 0380 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

13:41:51.0127 0380 NetTcpPortSharing - ok

13:41:51.0298 0380 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

13:41:51.0314 0380 nfrd960 - ok

13:41:51.0532 0380 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

13:41:51.0673 0380 NlaSvc - ok

13:41:51.0813 0380 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

13:41:51.0891 0380 Npfs - ok

13:41:51.0938 0380 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

13:41:52.0000 0380 nsi - ok

13:41:52.0047 0380 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

13:41:52.0110 0380 nsiproxy - ok

13:41:52.0359 0380 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

13:41:52.0468 0380 Ntfs - ok

13:41:52.0687 0380 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

13:41:52.0749 0380 Null - ok

13:41:52.0812 0380 NVHDA (102806b360d0e6bc6e55bf47ef655d43) C:\Windows\system32\drivers\nvhda64v.sys

13:41:52.0843 0380 NVHDA - ok

13:41:53.0576 0380 nvlddmkm (ba0b4889c40380a01ecdf84c227a89c9) C:\Windows\system32\DRIVERS\nvlddmkm.sys

13:41:54.0527 0380 nvlddmkm - ok

13:41:54.0902 0380 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

13:41:54.0933 0380 nvraid - ok

13:41:54.0995 0380 nvsmu (61a59fb62864eb3f32d24985a505ce03) C:\Windows\system32\DRIVERS\nvsmu.sys

13:41:55.0011 0380 nvsmu - ok

13:41:55.0089 0380 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

13:41:55.0105 0380 nvstor - ok

13:41:55.0198 0380 nvsvc (06633cf95bea62164c3bfca24bce6b11) C:\Windows\system32\nvvsvc.exe

13:41:55.0229 0380 nvsvc - ok

13:41:55.0417 0380 nvUpdatusService (53b629ce436b110c5689c2f6439e567b) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

13:41:55.0479 0380 nvUpdatusService - ok

13:41:55.0666 0380 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

13:41:55.0682 0380 nv_agp - ok

13:41:55.0713 0380 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

13:41:55.0760 0380 ohci1394 - ok

13:41:55.0884 0380 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

13:41:55.0947 0380 p2pimsvc - ok

13:41:56.0009 0380 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

13:41:56.0040 0380 p2psvc - ok

13:41:56.0103 0380 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

13:41:56.0118 0380 Parport - ok

13:41:56.0212 0380 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

13:41:56.0243 0380 partmgr - ok

13:41:56.0274 0380 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

13:41:56.0321 0380 PcaSvc - ok

13:41:56.0352 0380 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

13:41:56.0384 0380 pci - ok

13:41:56.0399 0380 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

13:41:56.0415 0380 pciide - ok

13:41:56.0477 0380 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

13:41:56.0508 0380 pcmcia - ok

13:41:56.0586 0380 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

13:41:56.0618 0380 pcw - ok

13:41:56.0664 0380 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

13:41:56.0742 0380 PEAUTH - ok

13:41:56.0852 0380 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll

13:41:57.0164 0380 PeerDistSvc - ok

13:41:57.0912 0380 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

13:41:57.0959 0380 PerfHost - ok

13:41:58.0099 0380 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

13:41:58.0240 0380 pla - ok

13:41:58.0349 0380 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

13:41:58.0411 0380 PlugPlay - ok

13:41:58.0458 0380 PnkBstrA - ok

13:41:58.0521 0380 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

13:41:58.0599 0380 PNRPAutoReg - ok

13:41:58.0645 0380 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

13:41:58.0677 0380 PNRPsvc - ok

13:41:58.0786 0380 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

13:41:58.0895 0380 PolicyAgent - ok

13:41:58.0957 0380 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

13:41:59.0035 0380 Power - ok

13:41:59.0223 0380 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

13:41:59.0269 0380 PptpMiniport - ok

13:41:59.0332 0380 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

13:41:59.0410 0380 Processor - ok

13:41:59.0441 0380 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll

13:41:59.0519 0380 ProfSvc - ok

13:41:59.0581 0380 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

13:41:59.0612 0380 ProtectedStorage - ok

13:41:59.0690 0380 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

13:41:59.0768 0380 Psched - ok

13:41:59.0971 0380 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

13:42:00.0127 0380 ql2300 - ok

13:42:00.0299 0380 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

13:42:00.0330 0380 ql40xx - ok

13:42:00.0408 0380 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

13:42:00.0455 0380 QWAVE - ok

13:42:00.0517 0380 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

13:42:00.0564 0380 QWAVEdrv - ok

13:42:00.0580 0380 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

13:42:00.0658 0380 RasAcd - ok

13:42:00.0720 0380 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

13:42:00.0782 0380 RasAgileVpn - ok

13:42:00.0892 0380 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

13:42:00.0970 0380 RasAuto - ok

13:42:01.0032 0380 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

13:42:01.0094 0380 Rasl2tp - ok

13:42:01.0141 0380 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

13:42:01.0235 0380 RasMan - ok

13:42:01.0313 0380 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

13:42:01.0375 0380 RasPppoe - ok

13:42:01.0422 0380 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

13:42:01.0500 0380 RasSstp - ok

13:42:01.0594 0380 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

13:42:01.0671 0380 rdbss - ok

13:42:01.0718 0380 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

13:42:01.0765 0380 rdpbus - ok

13:42:01.0796 0380 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

13:42:01.0859 0380 RDPCDD - ok

13:42:01.0921 0380 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys

13:42:01.0968 0380 RDPDR - ok

13:42:02.0015 0380 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

13:42:02.0093 0380 RDPENCDD - ok

13:42:02.0139 0380 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

13:42:02.0202 0380 RDPREFMP - ok

13:42:02.0280 0380 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys

13:42:02.0327 0380 RdpVideoMiniport - ok

13:42:02.0373 0380 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys

13:42:02.0405 0380 RDPWD - ok

13:42:02.0498 0380 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

13:42:02.0514 0380 rdyboost - ok

13:42:02.0592 0380 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

13:42:02.0670 0380 RemoteAccess - ok

13:42:02.0763 0380 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

13:42:02.0857 0380 RemoteRegistry - ok

13:42:02.0919 0380 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys

13:42:02.0966 0380 RFCOMM - ok

13:42:03.0013 0380 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

13:42:03.0122 0380 RpcEptMapper - ok

13:42:03.0153 0380 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

13:42:03.0185 0380 RpcLocator - ok

13:42:03.0231 0380 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

13:42:03.0294 0380 RpcSs - ok

13:42:03.0403 0380 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

13:42:03.0465 0380 rspndr - ok

13:42:03.0543 0380 RTCore64 (4b60ef388071e0baf299496e3d6590ae) C:\Program Files (x86)\MSI Afterburner\RTCore64.sys

13:42:03.0559 0380 RTCore64 - ok

13:42:03.0590 0380 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys

13:42:03.0637 0380 s3cap - ok

13:42:03.0684 0380 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

13:42:03.0715 0380 SamSs - ok

13:42:03.0824 0380 SbieDrv (495588414f5c62c333f1a69e17e5fb9f) C:\Program Files\Sandboxie\SbieDrv.sys

13:42:03.0855 0380 SbieDrv - ok

13:42:03.0886 0380 SbieSvc (099007b7a80e1917ffa110ce7785a3c9) C:\Program Files\Sandboxie\SbieSvc.exe

13:42:03.0886 0380 SbieSvc - ok

13:42:03.0996 0380 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

13:42:04.0011 0380 sbp2port - ok

13:42:04.0058 0380 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

13:42:04.0120 0380 SCardSvr - ok

13:42:04.0167 0380 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

13:42:04.0230 0380 scfilter - ok

13:42:04.0370 0380 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

13:42:04.0479 0380 Schedule - ok

13:42:04.0542 0380 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

13:42:04.0588 0380 SCPolicySvc - ok

13:42:04.0666 0380 ScreamBAudioSvc (8b56bdce6a303dde63d63440d1cf9ad1) C:\Windows\system32\drivers\ScreamingBAudio64.sys

13:42:04.0682 0380 ScreamBAudioSvc - ok

13:42:04.0729 0380 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

13:42:04.0776 0380 SDRSVC - ok

13:42:04.0885 0380 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

13:42:04.0947 0380 secdrv - ok

13:42:04.0978 0380 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

13:42:05.0041 0380 seclogon - ok

13:42:05.0088 0380 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll

13:42:05.0150 0380 SENS - ok

13:42:05.0197 0380 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

13:42:05.0259 0380 SensrSvc - ok

13:42:05.0275 0380 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

13:42:05.0306 0380 Serenum - ok

13:42:05.0337 0380 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

13:42:05.0368 0380 Serial - ok

13:42:05.0431 0380 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

13:42:05.0462 0380 sermouse - ok

13:42:05.0524 0380 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

13:42:05.0587 0380 SessionEnv - ok

13:42:05.0634 0380 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

13:42:05.0680 0380 sffdisk - ok

13:42:05.0727 0380 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

13:42:05.0758 0380 sffp_mmc - ok

13:42:05.0790 0380 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

13:42:05.0821 0380 sffp_sd - ok

13:42:05.0867 0380 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

13:42:05.0899 0380 sfloppy - ok

13:42:06.0008 0380 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

13:42:06.0086 0380 ShellHWDetection - ok

13:42:06.0148 0380 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

13:42:06.0179 0380 SiSRaid2 - ok

13:42:06.0211 0380 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

13:42:06.0226 0380 SiSRaid4 - ok

13:42:06.0257 0380 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

13:42:06.0367 0380 Smb - ok

13:42:06.0429 0380 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

13:42:06.0460 0380 SNMPTRAP - ok

13:42:06.0507 0380 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

13:42:06.0523 0380 spldr - ok

13:42:06.0616 0380 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

13:42:06.0679 0380 Spooler - ok

13:42:06.0835 0380 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

13:42:07.0053 0380 sppsvc - ok

13:42:07.0209 0380 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

13:42:07.0271 0380 sppuinotify - ok

13:42:07.0396 0380 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

13:42:07.0459 0380 srv - ok

13:42:07.0537 0380 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

13:42:07.0568 0380 srv2 - ok

13:42:07.0615 0380 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

13:42:07.0630 0380 srvnet - ok

13:42:07.0693 0380 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

13:42:07.0771 0380 SSDPSRV - ok

13:42:07.0802 0380 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

13:42:07.0864 0380 SstpSvc - ok

13:42:07.0926 0380 Steam Client Service - ok

13:42:08.0082 0380 Stereo Service (c354621b6b94e10ae7f5cdbe745feb86) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

13:42:08.0114 0380 Stereo Service - ok

13:42:08.0145 0380 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

13:42:08.0176 0380 stexstor - ok

13:42:08.0254 0380 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

13:42:08.0348 0380 stisvc - ok

13:42:08.0394 0380 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys

13:42:08.0410 0380 storflt - ok

13:42:08.0441 0380 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys

13:42:08.0457 0380 storvsc - ok

13:42:08.0488 0380 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

13:42:08.0504 0380 swenum - ok

13:42:08.0550 0380 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

13:42:08.0660 0380 swprv - ok

13:42:08.0706 0380 Synth3dVsc - ok

13:42:08.0800 0380 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

13:42:08.0925 0380 SysMain - ok

13:42:09.0112 0380 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

13:42:09.0174 0380 TabletInputService - ok

13:42:09.0284 0380 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

13:42:09.0362 0380 TapiSrv - ok

13:42:09.0408 0380 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

13:42:09.0471 0380 TBS - ok

13:42:09.0814 0380 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys

13:42:09.0923 0380 Tcpip - ok

13:42:10.0578 0380 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys

13:42:10.0875 0380 TCPIP6 - ok

13:42:11.0764 0380 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

13:42:11.0826 0380 tcpipreg - ok

13:42:11.0935 0380 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

13:42:11.0982 0380 TDPIPE - ok

13:42:12.0013 0380 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

13:42:12.0045 0380 TDTCP - ok

13:42:12.0356 0380 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

13:42:12.0419 0380 tdx - ok

13:42:12.0544 0380 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

13:42:12.0575 0380 TermDD - ok

13:42:13.0292 0380 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

13:42:13.0386 0380 TermService - ok

13:42:13.0417 0380 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

13:42:13.0480 0380 Themes - ok

13:42:13.0682 0380 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

13:42:13.0745 0380 THREADORDER - ok

13:42:14.0291 0380 TPAutoConnSvc (076f752ee4797239757db80bee160b9e) C:\Program Files\VMware\VMware Tools\TPAutoConnSvc.exe

13:42:14.0306 0380 TPAutoConnSvc - ok

13:42:14.0899 0380 TPVCGateway (072f5c08107af972993796f3f7e13f61) C:\Program Files\VMware\VMware Tools\TPVCGateway.exe

13:42:15.0273 0380 TPVCGateway - ok

13:42:15.0554 0380 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

13:42:15.0663 0380 TrkWks - ok

13:42:17.0691 0380 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

13:42:17.0754 0380 TrustedInstaller - ok

13:42:18.0003 0380 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

13:42:18.0066 0380 tssecsrv - ok

13:42:18.0128 0380 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

13:42:18.0190 0380 TsUsbFlt - ok

13:42:18.0206 0380 tsusbhub - ok

13:42:18.0284 0380 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

13:42:18.0362 0380 tunnel - ok

13:42:19.0064 0380 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

13:42:19.0126 0380 uagp35 - ok

13:42:19.0189 0380 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

13:42:19.0267 0380 udfs - ok

13:42:19.0501 0380 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

13:42:19.0547 0380 UI0Detect - ok

13:42:19.0672 0380 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

13:42:19.0672 0380 uliagpkx - ok

13:42:19.0735 0380 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys

13:42:19.0781 0380 umbus - ok

13:42:19.0859 0380 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

13:42:19.0922 0380 UmPass - ok

13:42:19.0969 0380 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll

13:42:20.0047 0380 UmRdpService - ok

13:42:20.0093 0380 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

13:42:20.0171 0380 upnphost - ok

13:42:20.0281 0380 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

13:42:20.0296 0380 usbccgp - ok

13:42:20.0359 0380 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

13:42:20.0390 0380 usbcir - ok

13:42:20.0499 0380 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys

13:42:20.0561 0380 usbehci - ok

13:42:21.0138 0380 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

13:42:21.0232 0380 usbhub - ok

13:42:21.0279 0380 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys

13:42:21.0310 0380 usbohci - ok

13:42:21.0419 0380 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

13:42:21.0466 0380 usbprint - ok

13:42:21.0513 0380 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

13:42:21.0560 0380 USBSTOR - ok

13:42:21.0575 0380 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys

13:42:21.0606 0380 usbuhci - ok

13:42:21.0684 0380 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys

13:42:21.0716 0380 usbvideo - ok

13:42:21.0762 0380 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

13:42:21.0840 0380 UxSms - ok

13:42:21.0872 0380 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

13:42:21.0918 0380 VaultSvc - ok

13:42:21.0965 0380 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

13:42:21.0981 0380 vdrvroot - ok

13:42:22.0043 0380 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

13:42:22.0121 0380 vds - ok

13:42:22.0184 0380 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

13:42:22.0199 0380 vga - ok

13:42:22.0230 0380 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

13:42:22.0293 0380 VgaSave - ok

13:42:22.0324 0380 VGPU - ok

13:42:22.0917 0380 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

13:42:22.0979 0380 vhdmp - ok

13:42:23.0073 0380 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

13:42:23.0104 0380 viaide - ok

13:42:23.0166 0380 vm3dmp (abad6959cf4448e0cba3d291870a3c09) C:\Windows\system32\DRIVERS\vm3dmp.sys

13:42:23.0197 0380 vm3dmp - ok

13:42:23.0244 0380 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys

13:42:23.0275 0380 vmbus - ok

13:42:23.0307 0380 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys

13:42:23.0353 0380 VMBusHID - ok

13:42:23.0400 0380 vmci (87fc1dd880e8cac4faebb84af61a87c4) C:\Windows\system32\DRIVERS\vmci.sys

13:42:23.0416 0380 vmci - ok

13:42:23.0463 0380 vmhgfs (6bd09f3f5bdbe592f0d28d6193d102af) C:\Windows\system32\DRIVERS\vmhgfs.sys

13:42:23.0478 0380 vmhgfs - ok

13:42:23.0665 0380 VMMEMCTL (2b40122abc5af4835a732f29a92e7a16) C:\Program Files\Common Files\VMware\Drivers\memctl\vmmemctl.sys

13:42:23.0697 0380 VMMEMCTL - ok

13:42:23.0759 0380 vmmouse (4fd691fc69c1060a587cef75cafc462e) C:\Windows\system32\DRIVERS\vmmouse.sys

13:42:23.0775 0380 vmmouse - ok

13:42:23.0853 0380 vmrawdsk (1402ecd94fa12befd12ce5a83bc9b542) C:\Program Files\VMware\VMware Tools\vmrawdsk.sys

13:42:23.0868 0380 vmrawdsk - ok

13:42:23.0884 0380 VMTools (2a9528bb09d8740863c8075969694299) C:\Program Files\VMware\VMware Tools\vmtoolsd.exe

13:42:23.0915 0380 VMTools - ok

13:42:23.0915 0380 vmvss - ok

13:42:24.0165 0380 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

13:42:24.0196 0380 volmgr - ok

13:42:25.0147 0380 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

13:42:25.0194 0380 volmgrx - ok

13:42:25.0256 0380 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

13:42:25.0288 0380 volsnap - ok

13:42:25.0334 0380 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

13:42:25.0366 0380 vsmraid - ok

13:42:25.0943 0380 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

13:42:26.0114 0380 VSS - ok

13:42:26.0707 0380 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

13:42:26.0769 0380 vwifibus - ok

13:42:26.0832 0380 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

13:42:26.0863 0380 vwififlt - ok

13:42:28.0423 0380 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

13:42:28.0595 0380 W32Time - ok

13:42:28.0719 0380 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

13:42:28.0797 0380 WacomPen - ok

13:42:28.0891 0380 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

13:42:28.0953 0380 WANARP - ok

13:42:29.0078 0380 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

13:42:29.0140 0380 Wanarpv6 - ok

13:42:30.0451 0380 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

13:42:30.0576 0380 WatAdminSvc - ok

13:42:34.0413 0380 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

13:42:34.0506 0380 wbengine - ok

13:42:35.0645 0380 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

13:42:35.0676 0380 WbioSrvc - ok

13:42:35.0739 0380 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

13:42:35.0817 0380 wcncsvc - ok

13:42:35.0973 0380 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

13:42:36.0019 0380 WcsPlugInService - ok

13:42:36.0441 0380 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

13:42:36.0503 0380 Wd - ok

13:42:37.0361 0380 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

13:42:37.0423 0380 Wdf01000 - ok

13:42:37.0454 0380 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

13:42:37.0501 0380 WdiServiceHost - ok

13:42:37.0517 0380 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

13:42:37.0564 0380 WdiSystemHost - ok

13:42:38.0437 0380 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

13:42:38.0484 0380 WebClient - ok

13:42:38.0968 0380 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

13:42:39.0061 0380 Wecsvc - ok

13:42:39.0186 0380 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

13:42:39.0264 0380 wercplsupport - ok

13:42:39.0451 0380 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

13:42:39.0560 0380 WerSvc - ok

13:42:39.0747 0380 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

13:42:39.0794 0380 WfpLwf - ok

13:42:39.0888 0380 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

13:42:39.0903 0380 WIMMount - ok

13:42:39.0919 0380 WinHttpAutoProxySvc - ok

13:42:40.0169 0380 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

13:42:40.0231 0380 Winmgmt - ok

13:42:40.0387 0380 WinRing0_1_2_0 (0c0195c48b6b8582fa6f6373032118da) C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys

13:42:40.0403 0380 WinRing0_1_2_0 - ok

13:42:40.0730 0380 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

13:42:40.0871 0380 WinRM - ok

13:42:41.0260 0380 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

13:42:41.0338 0380 WinUsb - ok

13:42:44.0053 0380 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

13:42:44.0146 0380 Wlansvc - ok

13:42:44.0255 0380 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

13:42:44.0302 0380 WmiAcpi - ok

13:42:44.0411 0380 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

13:42:44.0443 0380 wmiApSrv - ok

13:42:44.0505 0380 WMPNetworkSvc - ok

13:42:44.0567 0380 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

13:42:44.0599 0380 WPCSvc - ok

13:42:44.0661 0380 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

13:42:44.0708 0380 WPDBusEnum - ok

13:42:44.0801 0380 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

13:42:44.0895 0380 ws2ifsl - ok

13:42:44.0911 0380 WSearch - ok

13:42:45.0971 0380 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll

13:42:46.0205 0380 wuauserv - ok

13:42:48.0982 0380 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

13:42:49.0107 0380 WudfPf - ok

13:42:49.0200 0380 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

13:42:49.0309 0380 WUDFRd - ok

13:42:49.0621 0380 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

13:42:49.0699 0380 wudfsvc - ok

13:42:50.0323 0380 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

13:42:50.0401 0380 WwanSvc - ok

13:42:50.0464 0380 xusb21 (9176c0822faa649e45121875be32f5d2) C:\Windows\system32\DRIVERS\xusb21.sys

13:42:50.0495 0380 xusb21 - ok

13:42:50.0557 0380 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

13:42:53.0209 0380 \Device\Harddisk0\DR0 - ok

13:42:53.0240 0380 Boot (0x1200) (b5d73e4238f53f72e306f28097b73b3b) \Device\Harddisk0\DR0\Partition0

13:42:53.0287 0380 \Device\Harddisk0\DR0\Partition0 - ok

13:42:53.0287 0380 ============================================================

13:42:53.0287 0380 Scan finished

13:42:53.0287 0380 ============================================================

13:42:53.0349 0360 Detected object count: 0

13:42:53.0349 0360 Actual detected object count: 0

Link to post
Share on other sites

That scan was clean, last big scan to run........

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

ComboFix.txt

ComboFix 12-07-21.01 - Dominik 07/21/2012 13:56:29.1.1 - x64

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.1023.425 [GMT -4:00]

Running from: c:\users\Dominik\Desktop\ComboFix.exe

AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2012-06-21 to 2012-07-21 )))))))))))))))))))))))))))))))

.

.

2012-07-21 03:14 . 2012-07-21 03:14 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%

2012-07-21 02:59 . 2012-07-21 02:59 -------- d-----w- c:\users\Dominik\AppData\Roaming\Malwarebytes

2012-07-21 02:59 . 2012-07-21 02:59 -------- d-----w- c:\programdata\Malwarebytes

2012-07-21 02:59 . 2012-07-21 02:59 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-07-21 02:59 . 2012-07-03 17:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-21 01:23 . 2012-07-21 01:29 -------- d-----w- C:\FRST

2012-07-11 02:48 . 2012-07-11 02:48 -------- d-----w- c:\program files (x86)\Screaming Bee LLC

2012-07-11 02:42 . 2012-07-11 02:42 -------- d-----w- c:\users\Dominik\AppData\Roaming\Screaming Bee

2012-07-11 02:32 . 2012-07-11 03:01 -------- d-----w- c:\program files (x86)\Screaming Bee

2012-07-11 02:32 . 2012-07-11 02:42 -------- d-----w- c:\programdata\Screaming Bee

2012-07-06 04:44 . 2012-07-06 04:44 -------- d-----w- c:\windows\system32\appmgmt

2012-07-06 04:41 . 2012-07-06 04:41 -------- d-----w- c:\program files (x86)\IObit

2012-07-05 16:03 . 2012-07-05 16:04 -------- d-----w- c:\users\Dominik\AppData\Roaming\six-updater

2012-07-05 16:03 . 2012-07-05 16:03 -------- d-----w- c:\users\Dominik\AppData\Roaming\six-zsync

2012-07-05 16:03 . 2012-07-05 16:03 -------- d-----w- c:\program files (x86)\SIX Projects

2012-07-05 16:02 . 2012-07-05 16:02 -------- d-----w- c:\users\Dominik\AppData\Local\Downloaded Installations

2012-07-05 15:31 . 2009-03-09 19:27 2430312 ----a-w- c:\windows\system32\D3DCompiler_41.dll

2012-07-05 15:30 . 2007-10-22 07:37 17928 ----a-w- c:\windows\SysWow64\X3DAudio1_2.dll

2012-07-05 15:23 . 2012-07-05 15:23 -------- d--h--w- c:\windows\msdownld.tmp

2012-07-05 15:23 . 2012-07-06 02:09 -------- d-----w- c:\program files (x86)\MSI Afterburner

2012-07-05 15:15 . 2012-07-05 15:16 -------- d-----w- c:\users\Dominik\AppData\Local\ArmA 2

2012-07-05 15:15 . 2005-07-22 23:59 3807440 ----a-w- c:\windows\system32\d3dx9_27.dll

2012-07-05 15:15 . 2005-05-26 19:34 3767504 ----a-w- c:\windows\system32\d3dx9_26.dll

2012-07-05 15:15 . 2005-05-26 19:34 2297552 ----a-w- c:\windows\SysWow64\d3dx9_26.dll

2012-07-05 15:15 . 2005-03-18 21:19 3823312 ----a-w- c:\windows\system32\d3dx9_25.dll

2012-07-05 15:15 . 2005-02-05 23:45 3544272 ----a-w- c:\windows\system32\d3dx9_24.dll

2012-07-05 00:02 . 2012-07-05 00:02 -------- d-----w- c:\programdata\SeriousBit

2012-07-04 22:37 . 2012-07-04 22:37 -------- d-----r- C:\ESD

2012-07-03 02:38 . 2012-07-03 02:38 -------- d-----r- C:\Sandbox

2012-07-03 02:37 . 2012-07-03 02:37 -------- d-----w- c:\program files\Sandboxie

2012-07-03 00:07 . 2012-07-03 00:57 -------- d-----w- c:\users\Dominik\AppData\Local\ArmA 2 Free

2012-07-02 23:41 . 2012-07-02 23:41 -------- d-----w- c:\users\Dominik\AppData\Roaming\DRPSu

2012-07-02 23:37 . 2011-03-14 14:53 412712 ----a-w- c:\windows\system32\drivers\b57nd60a.sys

2012-07-02 23:21 . 2012-07-02 23:21 -------- d-----w- c:\program files (x86)\Common Files\Steam

2012-07-02 23:21 . 2012-07-15 02:58 -------- d-----w- c:\program files (x86)\Steam

2012-07-02 22:16 . 2012-07-02 22:16 476936 ----a-w- c:\windows\SysWow64\npdeployJava1.dll

2012-07-02 22:16 . 2012-07-02 22:16 -------- d-----w- c:\program files (x86)\Java

2012-07-02 22:14 . 2012-07-02 22:14 -------- d-----w- c:\programdata\McAfee

2012-06-21 19:19 . 2012-06-18 01:12 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5BF2393E-E9FD-4F86-9A59-E41FD47E7E8E}\mpengine.dll

2012-06-21 19:18 . 2012-07-03 19:32 282864 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-19 04:48 . 2011-12-24 12:10 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys

2012-07-18 05:06 . 2012-05-04 19:25 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-18 05:06 . 2012-05-04 19:25 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-07-03 19:32 . 2011-11-17 20:39 282864 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2012-07-03 19:25 . 2011-11-17 20:39 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0

2012-07-03 16:21 . 2012-02-25 16:24 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2012-07-03 16:21 . 2012-01-27 18:01 355856 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-07-03 16:21 . 2012-01-27 18:01 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-07-03 16:21 . 2012-01-27 18:01 958400 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-07-03 16:21 . 2012-01-27 18:01 71064 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2012-07-03 16:21 . 2012-01-27 18:01 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-07-03 16:21 . 2012-01-27 18:01 41224 ----a-w- c:\windows\avastSS.scr

2012-07-03 16:21 . 2012-01-27 18:01 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe

2012-07-03 16:21 . 2012-01-27 18:01 285328 ----a-w- c:\windows\system32\aswBoot.exe

2012-07-02 22:16 . 2011-11-16 20:28 472840 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-05-15 10:48 . 2012-05-25 15:09 25743168 ----a-w- c:\windows\system32\nvoglv64.dll

2012-05-15 10:48 . 2012-05-25 15:09 19607872 ----a-w- c:\windows\SysWow64\nvoglv32.dll

2012-05-15 10:48 . 2012-05-25 15:09 14298944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys

2012-05-15 10:48 . 2012-05-25 15:09 10194752 ----a-w- c:\windows\system32\nvwgf2umx.dll

2012-05-15 10:48 . 2012-05-25 15:09 8139072 ----a-w- c:\windows\system32\nvcuda.dll

2012-05-15 10:48 . 2012-05-25 15:09 5982528 ----a-w- c:\windows\SysWow64\nvcuda.dll

2012-05-15 10:48 . 2012-05-25 15:09 2881856 ----a-w- c:\windows\system32\nvcuvenc.dll

2012-05-15 10:48 . 2012-05-25 15:09 2681664 ----a-w- c:\windows\system32\nvcuvid.dll

2012-05-15 10:48 . 2012-05-25 15:09 2524992 ----a-w- c:\windows\SysWow64\nvcuvid.dll

2012-05-15 10:48 . 2012-05-25 15:09 25248064 ----a-w- c:\windows\system32\nvcompiler.dll

2012-05-15 10:48 . 2012-05-25 15:09 2445120 ----a-w- c:\windows\SysWow64\nvcuvenc.dll

2012-05-15 10:48 . 2012-05-25 15:09 17551680 ----a-w- c:\windows\SysWow64\nvcompiler.dll

2012-05-15 10:48 . 2012-04-15 17:09 8105280 ----a-w- c:\windows\SysWow64\nvwgf2um.dll

2012-05-15 10:48 . 2012-04-15 17:09 2368832 ----a-w- c:\windows\SysWow64\nvapi.dll

2012-05-15 10:48 . 2012-04-15 17:09 18044224 ----a-w- c:\windows\system32\nvd3dumx.dll

2012-05-15 10:48 . 2012-03-16 14:51 68928 ----a-w- c:\windows\system32\OpenCL.dll

2012-05-15 10:48 . 2012-03-16 14:51 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll

2012-05-15 10:48 . 2012-02-04 16:35 2741568 ----a-w- c:\windows\system32\nvapi64.dll

2012-05-15 10:48 . 2012-02-04 16:35 1738048 ----a-w- c:\windows\system32\nvdispco64.dll

2012-05-15 10:48 . 2012-02-04 16:35 15322432 ----a-w- c:\windows\SysWow64\nvd3dum.dll

2012-05-15 10:48 . 2012-02-04 16:35 1468224 ----a-w- c:\windows\system32\nvgenco64.dll

2012-05-15 09:29 . 2012-02-04 16:37 889664 ----a-w- c:\windows\system32\nvvsvc.exe

2012-05-15 09:29 . 2012-02-04 16:37 63296 ----a-w- c:\windows\system32\nvshext.dll

2012-05-15 09:29 . 2012-02-04 16:37 2561856 ----a-w- c:\windows\system32\nvsvcr.dll

2012-05-15 09:29 . 2012-02-04 16:37 118080 ----a-w- c:\windows\system32\nvmctray.dll

2012-05-15 09:29 . 2012-02-04 16:37 3149632 ----a-w- c:\windows\system32\nvsvc64.dll

2012-05-15 09:28 . 2012-02-04 16:37 6151488 ----a-w- c:\windows\system32\nvcpl.dll

2012-05-15 00:21 . 2012-05-15 00:21 423744 ----a-w- c:\windows\SysWow64\nvStreaming.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"avast"="c:\program files\Avast\avastUI.exe" [2012-07-03 4273976]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]

R3 acpials;ALS Sensor Filter;c:\windows\system32\DRIVERS\acpials.sys [2009-07-14 9728]

R3 AppleBtBc;Apple Broadcom Built-in Bluetooth;c:\windows\system32\DRIVERS\AppleBtBc.sys [2011-03-25 18944]

R3 applemtm;Apple Multitouch Mouse;c:\windows\system32\DRIVERS\applemtm.sys [2011-03-25 12288]

R3 applemtp;Apple Multitouch;c:\windows\system32\DRIVERS\applemtp.sys [2011-03-25 38912]

R3 CirrusFilter;CS420xLowerFilter;c:\windows\system32\DRIVERS\CS420x64.sys [2011-06-13 18432]

R3 IRRemoteFlt;IR Receiver Filter Driver;c:\windows\system32\DRIVERS\IRFilter.sys [2011-03-25 18432]

R3 KeyMagic;USB Keyboard HID Filter;c:\windows\system32\DRIVERS\KeyMagic.sys [2011-05-26 32256]

R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [2011-11-10 115272]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-21 113120]

R3 Nbdrv;NetBalancer;c:\windows\system32\DRIVERS\nbdrv.sys [x]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-04-18 188736]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]

R3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys [2012-05-14 10568]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TPVCGateway;TP VC Gateway Service;c:\program files\VMware\VMware Tools\TPVCGateway.exe [2012-03-02 566096]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-17 1255736]

R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [2010-11-01 14544]

S0 AppleHFS;AppleHFS; [x]

S0 AppleMNT;AppleMNT; [x]

S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [2011-08-11 116336]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 vmhgfs;vmhgfs;c:\windows\system32\DRIVERS\vmhgfs.sys [2012-04-11 123504]

S1 vmrawdsk;VMware Vista Physical Disk Helper;c:\program files\VMware\VMware Tools\vmrawdsk.sys [2012-04-11 45680]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 AppleOSSMgr;Apple OS Switch Manager;c:\windows\system32\AppleOSSMgr.exe [2011-06-29 224640]

S2 AppleTimeSrv;Apple Time Service;c:\windows\system32\AppleTimeSrv.exe [2011-06-29 111488]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-07-03 71064]

S2 KeyAgent;KeyAgent;c:\windows\system32\drivers\KeyAgent.sys [2011-06-29 17752]

S2 MacHALDriver;Mac HAL;c:\windows\system32\drivers\MacHALDriver.sys [2011-06-29 22872]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]

S2 VMMEMCTL;Memory Control Driver;c:\program files\Common Files\VMware\Drivers\memctl\vmmemctl.sys [2012-04-11 17520]

S2 VMTools;VMware Tools;c:\program files\VMware\VMware Tools\vmtoolsd.exe [2012-04-11 72816]

S3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [2010-07-01 38992]

S3 TPAutoConnSvc;TP AutoConnect Service;c:\program files\VMware\VMware Tools\TPAutoConnSvc.exe [2012-03-02 362312]

S3 vm3dmp;vm3dmp;c:\windows\system32\DRIVERS\vm3dmp.sys [2012-04-11 138352]

S3 vmmouse;VMware Pointing Device;c:\windows\system32\DRIVERS\vmmouse.sys [2011-08-11 13872]

.

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-07-03 16:21 133400 ----a-w- c:\program files\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"VMware Tools"="c:\program files\VMware\VMware Tools\VMwareTray.exe" [2012-04-11 60016]

"VMware User Process"="c:\program files\VMware\VMware Tools\vmtoolsd.exe" [2012-04-11 72816]

"Apple_KbdMgr"="c:\program files\Boot Camp\Bootcamp.exe" [2011-06-29 741760]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

LSP: %SystemRoot%\system32\vsocklib.dll

TCP: DhcpNameServer = 192.168.2.1 192.168.2.1

FF - ProfilePath - c:\users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\ysj43lib.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.hr/

.

- - - - ORPHANS REMOVED - - - -

.

AddRemove-BattlEye for OA - c:\program files (x86)\steam\steamapps\common\arma 2 operation arrowheadExpansion\BattlEye\UnInstallBE.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Avast\AvastSvc.exe

c:\program files (x86)\IObit\Game Booster 3\gbtray.exe

c:\windows\SysWOW64\PnkBstrA.exe

.

**************************************************************************

.

Completion time: 2012-07-21 14:33:35 - machine was rebooted

ComboFix-quarantined-files.txt 2012-07-21 18:33

.

Pre-Run: 23,048,204,288 bytes free

Post-Run: 22,777,151,488 bytes free

.

- - End Of File - - 43C2AFC2B2B99AC6DC527E624479AD47

Link to post
Share on other sites

Here is the Quick Scan log, I'll do a Full Scan as well just in case. The PC seems to be running just fine. Thanks for all your help! I'm curious about something, do you have all this information on a database, or is it all just experience and knowledge?

mbam-log-2012-07-21 (15-18-27).txt

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.07.20.09

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 8.0.7601.17514

Dominik :: DOMINIK-PC [administrator]

7/21/2012 3:18:27 PM

mbam-log-2012-07-21 (15-18-27).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 223377

Time elapsed: 4 minute(s), 37 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

mbam-log-2012-07-21 (16-39-49).txt

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.07.20.09

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 8.0.7601.17514

Dominik :: DOMINIK-PC [administrator]

7/21/2012 3:24:38 PM

mbam-log-2012-07-21 (16-39-49).txt

Scan type: Full scan (C:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 323009

Time elapsed: 1 hour(s), 1 minute(s), 21 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\FRST\Quarantine\services.exe (Rootkit.0Access) -> No action taken.

(end)

Link to post
Share on other sites

It seems that I am also a victim to this particular Trojan, can anyone help, please? here is all the information I have:

Malwarebyte's

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.07.21.11

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Owner :: OWNER-PC [administrator]

7/21/2012 3:25:20 PM

mbam-log-2012-07-21 (15-26-58).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 190300

Time elapsed: 1 minute(s), 22 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Windows\Installer\{121ec3df-77a2-8953-17f1-946c4a94c909}\U\00000008.@ (Trojan.Dropper.BCMiner) -> No action taken.

(end)

OTL

OTL logfile created on: 7/21/2012 3:30:51 PM - Run 1

OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Owner\Desktop

64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.87 Gb Total Physical Memory | 2.07 Gb Available Physical Memory | 53.40% Memory free

7.73 Gb Paging File | 5.96 Gb Available in Paging File | 77.10% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 465.76 Gb Total Space | 262.14 Gb Free Space | 56.28% Space Free | Partition Type: NTFS

Computer Name: OWNER-PC | User Name: Owner | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/07/21 15:22:34 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe

PRC - [2012/07/17 20:10:25 | 001,536,712 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_265.exe

PRC - [2012/07/03 13:46:42 | 000,973,488 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

PRC - [2012/06/22 07:19:01 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

PRC - [2012/05/28 21:31:50 | 000,880,496 | ---- | M] (BitTorrent, Inc.) -- C:\Users\Owner\Programs\uTorrent.exe

PRC - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE

PRC - [2011/12/06 16:00:14 | 000,784,240 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe

PRC - [2011/12/06 16:00:14 | 000,214,896 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe

PRC - [2011/06/06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2011/03/03 21:30:57 | 000,065,536 | ---- | M] (O2Micro International) -- C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe

PRC - [2011/02/02 14:08:16 | 000,018,656 | ---- | M] () -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe

PRC - [2010/05/12 16:04:48 | 000,599,480 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe

PRC - [2010/05/12 16:03:22 | 000,300,472 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\concentr.exe

PRC - [2006/11/02 11:21:18 | 000,156,160 | ---- | M] () -- C:\Program Files (x86)\Greeting Card Factory Photo Card Maker\ReminderApp.exe

========== Modules (No Company Name) ==========

MOD - [2012/07/17 20:10:25 | 009,465,032 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll

MOD - [2012/06/22 07:19:00 | 002,042,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

MOD - [2011/12/06 16:00:14 | 000,784,240 | ---- | M] () -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe

MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2010/11/20 07:19:56 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll

MOD - [2009/07/13 20:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll

MOD - [2006/11/02 11:21:18 | 000,156,160 | ---- | M] () -- C:\Program Files (x86)\Greeting Card Factory Photo Card Maker\ReminderApp.exe

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)

SRV:64bit: - [2011/07/18 21:39:38 | 001,431,888 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)

SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)

SRV - [2012/07/17 20:10:26 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/06/22 07:19:00 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012/02/29 08:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012/02/10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)

SRV - [2012/02/10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)

SRV - [2011/12/06 16:00:14 | 000,214,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe -- (MotoHelper)

SRV - [2011/06/06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2011/04/18 06:24:34 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2011/03/03 21:30:57 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe -- (o2flash)

SRV - [2011/02/02 14:08:16 | 000,018,656 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe -- (Autodesk Content Service)

SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

SRV - [2009/04/29 03:21:18 | 000,436,736 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\XAudio64.dll -- (HsfXAudioService)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)

DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011/11/08 12:59:12 | 000,011,776 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motusbdevice.sys -- (motusbdevice)

DRV:64bit: - [2011/08/02 18:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)

DRV:64bit: - [2011/04/04 14:55:54 | 000,021,504 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgp.sys -- (motccgp)

DRV:64bit: - [2011/03/31 14:53:40 | 000,030,208 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motmodem.sys -- (motmodem)

DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011/03/03 21:30:57 | 000,062,296 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2mdx64.sys -- (O2MDRDR)

DRV:64bit: - [2011/03/03 21:30:57 | 000,051,800 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2sdx64.sys -- (O2SDRDR)

DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010/11/20 06:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV:64bit: - [2010/04/16 15:22:04 | 000,087,600 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm)

DRV:64bit: - [2010/04/01 14:44:06 | 000,026,624 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Motousbnet.sys -- (Motousbnet)

DRV:64bit: - [2010/01/13 16:37:18 | 007,675,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel®

DRV:64bit: - [2009/09/28 09:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)

DRV:64bit: - [2009/09/02 18:54:20 | 007,369,728 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009/06/10 16:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)

DRV:64bit: - [2009/06/10 16:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)

DRV:64bit: - [2009/06/10 16:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)

DRV:64bit: - [2009/06/10 15:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®

DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2009/04/29 03:21:08 | 000,010,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\XAudio64.sys -- (XAudio)

DRV:64bit: - [2009/02/12 14:24:56 | 001,485,824 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_DPV.sys -- (HSF_DPV)

DRV:64bit: - [2009/02/12 14:20:56 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAXHWAZL.sys -- (CAXHWAZL)

DRV:64bit: - [2009/02/12 14:19:34 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CAX_CNXT.sys -- (winachsf)

DRV:64bit: - [2009/01/29 17:18:12 | 000,009,216 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motccgpfl.sys -- (motccgpfl)

DRV:64bit: - [2009/01/29 17:11:38 | 000,006,144 | ---- | M] (Motorola Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motfilt.sys -- (BTCFilterService)

DRV:64bit: - [2008/09/18 03:15:28 | 000,325,120 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)

DRV:64bit: - [2007/11/02 15:52:02 | 000,008,576 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motswch.sys -- (MotoSwitchService)

DRV:64bit: - [2007/05/14 15:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)

DRV:64bit: - [2006/06/17 22:27:24 | 000,017,024 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\mdmxsdk.sys -- (mdmxsdk)

DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)

IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2786678

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.xfinity.c...insDate11152011

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F9 39 D3 0B E7 DA CB 01 [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1

IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)

IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC

IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT2786678

IE - HKCU\..\SearchScopes\Comcast: "URL" = http://search.xfinit...art_tech_search

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;192.168.*.*

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Conduit Engine Customized Web Search"

FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=ConduitEngine&SearchSource=3&q={searchTerms}"

FF - prefs.js..browser.search.suggest.enabled: false

FF - prefs.js..browser.startup.homepage: "http://www.renewableenergyworld.com/rea/home"

FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2

FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.2.5.2

FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8153

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}:6.0.30

FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Owner\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/22 07:19:01 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/06/07 21:59:46 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/22 07:19:01 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/06/07 21:59:46 | 000,000,000 | ---D | M]

[2011/03/04 22:45:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Extensions

[2012/06/10 22:29:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\oq5vxm9m.default\extensions

[2012/06/10 22:29:48 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\Owner\AppData\Roaming\mozilla\Firefox\Profiles\oq5vxm9m.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}

[2011/03/05 01:56:51 | 000,000,913 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\oq5vxm9m.default\searchplugins\conduit.xml

[2012/06/22 07:19:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

[2012/04/26 19:56:54 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2012/06/22 07:19:01 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2010/05/12 15:42:04 | 000,124,344 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll

[2010/05/12 15:43:54 | 000,070,592 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll

[2010/05/12 15:42:52 | 000,091,576 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll

[2010/05/12 15:42:32 | 000,022,464 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll

[2010/05/12 16:22:36 | 000,423,328 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll

[2010/05/12 15:43:56 | 000,024,000 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll

[2012/06/22 07:18:57 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2011/11/15 19:01:25 | 000,001,692 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\comcast.xml

[2012/06/22 07:18:57 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}

CHR - homepage: http://www.xfinity.c...insDate11152011

CHR - Extension: Entanglement = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd\2.1.1_0\

CHR - Extension: AT_Splendid = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdfkbdkkfmmckaadapdipihjfaacnkgd\3_0\

CHR - Extension: Click to call with Skype = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8153_0\

CHR - Extension: Poppit = C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi\2.2_0\

O1 HOSTS File: ([2006/09/18 16:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: ::1 localhost

O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)

O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)

O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)

O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [igfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)

O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)

O4 - HKLM..\Run: [ReminderApp] C:\Program Files (x86)\Greeting Card Factory Photo Card Maker\ReminderApp.exe ()

O4 - HKCU..\Run: [Desktop Software] C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe (SupportSoft, Inc.)

O4 - HKCU..\Run: [uTorrent] C:\Users\Owner\Programs\uTorrent.exe (BitTorrent, Inc.)

O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_32)

O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_32)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_32)

O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.syste...el_4.4.21.0.cab (SysInfo Class)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3EC631C4-B5C1-44D6-A2E7-0829E933EE31}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{990C077D-1AC6-4951-ABDC-93E37A42E3FF}: DhcpNameServer = 75.75.75.75 75.75.76.76

O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found

O18:64bit: - Protocol\Filter\ica - No CLSID value found

O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O24 - Desktop WallPaper:

O24 - Desktop BackupWallPaper:

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2011/07/18 19:00:50 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]

O33 - MountPoints2\{089189a9-e7b4-11e0-8585-00e0b8fda7ba}\Shell - "" = AutoRun

O33 - MountPoints2\{089189a9-e7b4-11e0-8585-00e0b8fda7ba}\Shell\AutoRun\command - "" = E:\setup.exe -a

O33 - MountPoints2\{1fdc2611-70f3-11e0-9990-00e0b8fda7ba}\Shell - "" = AutoRun

O33 - MountPoints2\{1fdc2611-70f3-11e0-9990-00e0b8fda7ba}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a

O33 - MountPoints2\E\Shell - "" = AutoRun

O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/21 15:22:33 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe

[2012/07/21 15:11:23 | 000,694,807 | ---- | C] (Farbar) -- C:\Users\Owner\Desktop\FSS.exe

[2012/07/10 18:51:16 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\ElevatedDiagnostics

[2012/07/10 03:47:44 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%

[2012/07/02 19:54:21 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Macromedia

[2012/06/25 19:42:48 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Google

[2012/06/25 19:42:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Google

[2012/06/25 19:35:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google SketchUp 8

========== Files - Modified Within 30 Days ==========

[2012/07/21 15:22:34 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Owner\Desktop\OTL.exe

[2012/07/21 15:11:23 | 000,694,807 | ---- | M] (Farbar) -- C:\Users\Owner\Desktop\FSS.exe

[2012/07/21 15:09:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/07/21 15:02:18 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/07/21 15:00:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/07/21 14:41:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3610362744-3600284510-1743482682-1000UA.job

[2012/07/21 13:41:41 | 000,009,728 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/07/21 13:41:41 | 000,009,728 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/07/21 13:36:23 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/07/21 13:34:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/07/21 13:33:59 | 3114,991,616 | -HS- | M] () -- C:\hiberfil.sys

[2012/07/21 13:12:32 | 1394,895,077 | ---- | M] () -- C:\Users\Owner\Desktop\Project X.mp4

[2012/07/21 13:09:53 | 1609,029,251 | ---- | M] () -- C:\Users\Owner\Desktop\21 Jump Street.mp4

[2012/07/21 11:08:50 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3610362744-3600284510-1743482682-1000Core.job

[2012/07/20 04:36:44 | 000,540,456 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2012/07/19 19:00:30 | 000,002,198 | ---- | M] () -- C:\Windows\epplauncher.mif

[2012/07/19 16:10:51 | 000,000,059 | ---- | M] () -- C:\Users\Owner\AppData\Roaming\mbam.context.scan

[2012/07/17 19:10:47 | 004,935,712 | ---- | M] () -- C:\Users\Owner\Desktop\Bad Meets Evil - Lighters ft. Bruno Mars.mp3

[2012/07/17 19:00:51 | 000,899,836 | ---- | M] () -- C:\Users\Owner\Desktop\2012-04-18_bill COMCAST.pdf

[2012/07/17 19:00:25 | 000,142,908 | ---- | M] () -- C:\Users\Owner\Desktop\2012-05-18_bill COMCAST.pdf

[2012/07/17 19:00:01 | 000,101,646 | ---- | M] () -- C:\Users\Owner\Desktop\2012-06-18_bill COMCAST.pdf

[2012/07/17 18:56:25 | 005,250,435 | ---- | M] () -- C:\Users\Owner\Desktop\Eminem - Sing For The Moment.mp3

[2012/07/17 18:47:25 | 001,117,268 | ---- | M] () -- C:\Users\Owner\Desktop\4-13 to 5-14.pdf

[2012/07/17 18:46:04 | 001,117,480 | ---- | M] () -- C:\Users\Owner\Desktop\5-13 to 6-13.pdf

[2012/07/17 18:45:09 | 001,117,604 | ---- | M] () -- C:\Users\Owner\Desktop\6-13 to 7-13.pdf

[2012/07/17 18:26:13 | 004,735,927 | ---- | M] () -- C:\Users\Owner\Desktop\Everlast - What It's Like.mp3

[2012/07/17 18:14:42 | 002,318,498 | ---- | M] () -- C:\Users\Owner\Desktop\KiD CUDi- THE PRAYER.mp3

[2012/07/17 18:02:22 | 004,803,218 | ---- | M] () -- C:\Users\Owner\Desktop\Im Sorry Mama - Eminem.mp3

[2012/07/17 17:50:48 | 000,782,702 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/07/17 17:50:48 | 000,662,658 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/07/17 17:50:48 | 000,122,454 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012/06/22 07:23:05 | 000,359,809 | ---- | M] () -- C:\Users\Owner\Desktop\Resume_gallardo.pdf

========== Files Created - No Company Name ==========

[2012/07/21 15:33:48 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{121ec3df-77a2-8953-17f1-946c4a94c909}\U\00000008.@

[2012/07/21 15:02:18 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/07/21 12:46:48 | 1609,029,251 | ---- | C] () -- C:\Users\Owner\Desktop\21 Jump Street.mp4

[2012/07/21 12:40:34 | 1394,895,077 | ---- | C] () -- C:\Users\Owner\Desktop\Project X.mp4

[2012/07/19 16:10:51 | 000,000,059 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\mbam.context.scan

[2012/07/17 19:08:22 | 004,935,712 | ---- | C] () -- C:\Users\Owner\Desktop\Bad Meets Evil - Lighters ft. Bruno Mars.mp3

[2012/07/17 19:00:43 | 000,899,836 | ---- | C] () -- C:\Users\Owner\Desktop\2012-04-18_bill COMCAST.pdf

[2012/07/17 19:00:25 | 000,142,908 | ---- | C] () -- C:\Users\Owner\Desktop\2012-05-18_bill COMCAST.pdf

[2012/07/17 19:00:01 | 000,101,646 | ---- | C] () -- C:\Users\Owner\Desktop\2012-06-18_bill COMCAST.pdf

[2012/07/17 18:55:46 | 005,250,435 | ---- | C] () -- C:\Users\Owner\Desktop\Eminem - Sing For The Moment.mp3

[2012/07/17 18:47:25 | 001,117,268 | ---- | C] () -- C:\Users\Owner\Desktop\4-13 to 5-14.pdf

[2012/07/17 18:46:04 | 001,117,480 | ---- | C] () -- C:\Users\Owner\Desktop\5-13 to 6-13.pdf

[2012/07/17 18:45:09 | 001,117,604 | ---- | C] () -- C:\Users\Owner\Desktop\6-13 to 7-13.pdf

[2012/07/17 18:25:29 | 004,735,927 | ---- | C] () -- C:\Users\Owner\Desktop\Everlast - What It's Like.mp3

[2012/07/17 18:13:42 | 002,318,498 | ---- | C] () -- C:\Users\Owner\Desktop\KiD CUDi- THE PRAYER.mp3

[2012/07/17 18:01:34 | 004,803,218 | ---- | C] () -- C:\Users\Owner\Desktop\Im Sorry Mama - Eminem.mp3

[2012/07/10 03:33:38 | 000,092,160 | ---- | C] () -- C:\Windows\Installer\{121ec3df-77a2-8953-17f1-946c4a94c909}\U\80000032.@

[2012/07/10 03:33:37 | 000,080,896 | ---- | C] () -- C:\Windows\Installer\{121ec3df-77a2-8953-17f1-946c4a94c909}\U\80000064.@

[2012/07/10 03:33:37 | 000,000,804 | ---- | C] () -- C:\Windows\Installer\{121ec3df-77a2-8953-17f1-946c4a94c909}\L\00000004.@

[2012/07/10 03:33:36 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{121ec3df-77a2-8953-17f1-946c4a94c909}\U\80000000.@

[2012/07/10 03:33:35 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{121ec3df-77a2-8953-17f1-946c4a94c909}\U\00000004.@

[2012/07/10 03:33:35 | 000,001,632 | ---- | C] () -- C:\Windows\Installer\{121ec3df-77a2-8953-17f1-946c4a94c909}\U\000000cb.@

[2012/07/02 19:49:14 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/06/22 07:23:02 | 000,359,809 | ---- | C] () -- C:\Users\Owner\Desktop\Resume_gallardo.pdf

[2012/04/02 21:05:22 | 000,016,490 | ---- | C] () -- C:\Users\Owner\2012 calender.pdf

[2012/01/21 23:21:07 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini

[2012/01/11 06:52:11 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{121ec3df-77a2-8953-17f1-946c4a94c909}\@

[2012/01/11 06:52:11 | 000,002,048 | -HS- | C] () -- C:\Users\Owner\AppData\Local\{121ec3df-77a2-8953-17f1-946c4a94c909}\@

[2011/07/18 21:40:13 | 000,000,153 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc

[2011/04/05 19:46:44 | 000,005,120 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011/03/16 20:16:11 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2011/03/08 18:36:41 | 000,796,852 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2011/03/04 22:31:43 | 000,020,816 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\UserTile.png

[2011/03/03 19:18:35 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll

[2010/08/25 21:52:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll

[2010/08/25 21:52:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll

========== LOP Check ==========

[2011/11/21 18:30:55 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Autodesk

[2011/03/29 19:08:21 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ICAClient

[2012/06/17 13:12:13 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Motorola

[2011/03/04 20:59:17 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\TMP

[2012/07/21 15:36:27 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\uTorrent

[2012/03/22 20:18:16 | 000,032,538 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

FRST

Scan result of Farbar Recovery Scan Tool Version: 20-07-2012 01

Ran by SYSTEM at 21-07-2012 16:06:34

Running from F:\

Windows 7 Ultimate (X64) OS Language: English(US)

The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [igfxTray] C:\Windows\system32\igfxtray.exe [159232 2009-09-02] (Intel Corporation)

HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [380928 2009-09-02] (Intel Corporation)

HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [358912 2009-09-02] (Intel Corporation)

HKLM\...\Run: [Logitech Download Assistant] C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [1580368 2010-11-03] (Logitech, Inc.)

HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)

HKLM-x32\...\Run: [ReminderApp] C:\Program Files (x86)\Greeting Card Factory Photo Card Maker\ReminderApp.exe [156160 2006-11-02] ()

HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)

HKLM-x32\...\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup [300472 2010-05-12] (Citrix Systems, Inc.)

HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-06-06] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2012-02-20] (Apple Inc.)

HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)

HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)

HKLM-x32\...\Run: [] [x]

HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2012-03-27] (Apple Inc.)

HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)

HKU\Owner\...\Run: [Google Update] "C:\Users\Owner\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-03-04] (Google Inc.)

HKU\Owner\...\Run: [Desktop Software] "C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files (x86)\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden [1025320 2009-04-24] (SupportSoft, Inc.)

HKU\Owner\...\Run: [uTorrent] "C:\Users\Owner\Programs\uTorrent.exe" /MINIMIZED [880496 2012-05-28] (BitTorrent, Inc.)

HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [462920 2012-07-03] (Malwarebytes Corporation)

Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

Startup: C:\Users\Owner\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk

ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Services (Whitelisted) ======

2 Autodesk Content Service; "C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe" [18656 2011-02-02] ()

2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [214896 2011-12-06] ()

3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)

========================== Drivers (Whitelisted) =============

1 ctxusbm; C:\Windows\System32\Drivers\ctxusbm.sys [87600 2010-04-16] (Citrix Systems, Inc.)

3 O2MDRDR; C:\Windows\System32\DRIVERS\o2mdx64.sys [62296 2011-03-03] (O2Micro )

3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()

3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]

3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]

3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-07-21 16:06 - 2012-07-21 16:06 - 00000000 ____D C:\FRST

2012-07-21 12:58 - 2012-07-21 12:58 - 00089140 ____A C:\Users\Owner\Desktop\Malwarebyte's and OTL.txt

2012-07-21 12:22 - 2012-07-21 12:22 - 00596480 ____A (OldTimer Tools) C:\Users\Owner\Desktop\OTL.exe

2012-07-21 12:11 - 2012-07-21 12:11 - 00694807 ____A (Farbar) C:\Users\Owner\Desktop\FSS.exe

2012-07-21 12:02 - 2012-07-21 12:02 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-07-21 09:46 - 2012-07-21 10:09 - 1609029251 ____A C:\Users\Owner\Desktop\21 Jump Street.mp4

2012-07-21 09:40 - 2012-07-21 10:12 - 1394895077 ____A C:\Users\Owner\Desktop\Project X.mp4

2012-07-20 01:32 - 2012-06-11 19:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2012-07-20 01:26 - 2012-06-02 04:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-07-20 01:26 - 2012-06-02 04:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-07-20 01:26 - 2012-06-02 04:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-07-20 01:26 - 2012-06-02 04:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-07-20 01:26 - 2012-06-02 04:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-07-20 01:26 - 2012-06-02 04:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-07-20 01:26 - 2012-06-02 04:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-07-20 01:26 - 2012-06-02 04:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-07-20 01:26 - 2012-06-02 04:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2012-07-20 01:26 - 2012-06-02 04:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-07-20 01:26 - 2012-06-02 03:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-07-20 01:26 - 2012-06-02 03:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-07-20 01:26 - 2012-06-02 03:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-07-20 01:26 - 2012-06-02 03:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-07-20 01:26 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2012-07-20 01:26 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2012-07-20 01:26 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2012-07-20 01:26 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2012-07-20 01:26 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2012-07-20 01:26 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2012-07-20 01:26 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2012-07-20 01:26 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2012-07-20 01:26 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2012-07-20 01:26 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2012-07-20 01:26 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2012-07-20 01:26 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2012-07-20 01:26 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2012-07-20 01:26 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2012-07-19 13:25 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll

2012-07-19 13:25 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2012-07-19 13:25 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll

2012-07-19 13:25 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll

2012-07-19 13:25 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll

2012-07-19 13:25 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll

2012-07-19 13:25 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

2012-07-19 13:25 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll

2012-07-19 13:25 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys

2012-07-19 13:25 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys

2012-07-19 13:25 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys

2012-07-19 13:25 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll

2012-07-19 13:25 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll

2012-07-19 13:25 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2012-07-19 13:25 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2012-07-19 13:25 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2012-07-19 13:25 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2012-07-19 13:25 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll

2012-07-19 13:25 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll

2012-07-19 13:10 - 2012-07-19 13:10 - 00000059 ____A C:\Users\Owner\AppData\Roaming\mbam.context.scan

2012-07-10 00:47 - 2012-07-10 00:47 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%

2012-07-02 16:54 - 2012-07-02 16:54 - 00000000 ____D C:\Users\Owner\AppData\Local\Macromedia

2012-07-02 16:49 - 2012-07-21 12:09 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2012-07-02 16:49 - 2012-07-17 17:10 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2012-06-25 16:42 - 2012-06-25 16:42 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Google

2012-06-25 16:42 - 2012-06-25 16:42 - 00000000 ____D C:\Users\All Users\Google

============ 3 Months Modified Files ========================

2012-07-21 13:00 - 2011-06-08 16:09 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2012-07-21 13:00 - 2011-03-04 18:07 - 01664717 ____A C:\Windows\WindowsUpdate.log

2012-07-21 12:58 - 2012-07-21 12:58 - 00089140 ____A C:\Users\Owner\Desktop\Malwarebyte's and OTL.txt

2012-07-21 12:56 - 2009-07-13 21:13 - 00782702 ____A C:\Windows\System32\PerfStringBackup.INI

2012-07-21 12:53 - 2009-07-13 20:51 - 18313595 ____A C:\Windows\setupact.log

2012-07-21 12:41 - 2011-03-04 22:36 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3610362744-3600284510-1743482682-1000UA.job

2012-07-21 12:22 - 2012-07-21 12:22 - 00596480 ____A (OldTimer Tools) C:\Users\Owner\Desktop\OTL.exe

2012-07-21 12:11 - 2012-07-21 12:11 - 00694807 ____A (Farbar) C:\Users\Owner\Desktop\FSS.exe

2012-07-21 12:09 - 2012-07-02 16:49 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2012-07-21 12:02 - 2012-07-21 12:02 - 00001113 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-07-21 10:41 - 2011-03-04 17:55 - 00009728 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2012-07-21 10:41 - 2011-03-04 17:55 - 00009728 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2012-07-21 10:36 - 2011-06-08 16:09 - 00000892 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2012-07-21 10:34 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2012-07-21 10:33 - 2011-03-04 18:00 - 00015492 ____A C:\Windows\PFRO.log

2012-07-21 10:12 - 2012-07-21 09:40 - 1394895077 ____A C:\Users\Owner\Desktop\Project X.mp4

2012-07-21 10:09 - 2012-07-21 09:46 - 1609029251 ____A C:\Users\Owner\Desktop\21 Jump Street.mp4

2012-07-21 08:08 - 2011-03-04 22:36 - 00000856 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3610362744-3600284510-1743482682-1000Core.job

2012-07-20 01:36 - 2009-07-13 20:45 - 00540456 ____A C:\Windows\System32\FNTCACHE.DAT

2012-07-20 01:31 - 2006-11-02 04:34 - 00000219 ____A C:\Windows\win.ini

2012-07-20 01:27 - 2011-03-08 17:26 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2012-07-19 16:00 - 2011-03-08 15:36 - 00002198 ____A C:\Windows\epplauncher.mif

2012-07-19 13:14 - 2012-01-02 15:19 - 00143132 ____A C:\Users\Owner\Desktop\Life.xlsx

2012-07-19 13:10 - 2012-07-19 13:10 - 00000059 ____A C:\Users\Owner\AppData\Roaming\mbam.context.scan

2012-07-17 17:10 - 2012-07-02 16:49 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2012-07-17 17:10 - 2011-07-13 16:31 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2012-07-03 10:46 - 2011-03-08 15:35 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-06-17 09:35 - 2012-06-17 09:35 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_Motousbnet_01007.Wdf

2012-06-17 09:35 - 2012-06-17 09:35 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_motmodem_01007.Wdf

2012-06-17 09:35 - 2012-06-17 09:35 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_motfilt_01007.Wdf

2012-06-17 09:34 - 2012-06-17 09:34 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_motusbdevice_01007.Wdf

2012-06-17 09:34 - 2012-06-17 09:34 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_motccgpfl_01007.Wdf

2012-06-17 09:34 - 2012-06-17 09:34 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_motccgp_01007.Wdf

2012-06-11 19:08 - 2012-07-20 01:32 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2012-06-08 21:43 - 2012-07-19 13:25 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll

2012-06-08 20:41 - 2012-07-19 13:25 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2012-06-07 18:59 - 2012-06-07 18:59 - 00476960 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\npdeployJava1.dll

2012-06-07 18:59 - 2012-06-07 18:59 - 00157472 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe

2012-06-07 18:59 - 2012-06-07 18:59 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe

2012-06-07 18:59 - 2012-06-07 18:59 - 00149280 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe

2012-06-07 18:59 - 2011-08-25 17:07 - 00472864 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll

2012-06-05 22:06 - 2012-07-19 13:25 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll

2012-06-05 22:06 - 2012-07-19 13:25 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll

2012-06-05 22:02 - 2012-07-19 13:25 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll

2012-06-05 21:05 - 2012-07-19 13:25 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll

2012-06-05 21:05 - 2012-07-19 13:25 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

2012-06-05 21:03 - 2012-07-19 13:25 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll

2012-06-02 14:19 - 2012-06-20 16:17 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll

2012-06-02 14:19 - 2012-06-20 16:17 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe

2012-06-02 14:19 - 2012-06-20 16:17 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll

2012-06-02 14:19 - 2012-06-20 16:16 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll

2012-06-02 14:19 - 2012-06-20 16:16 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll

2012-06-02 14:15 - 2012-06-20 16:17 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll

2012-06-02 14:15 - 2012-06-20 16:16 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll

2012-06-02 12:19 - 2012-06-20 16:16 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll

2012-06-02 12:15 - 2012-06-20 16:16 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe

2012-06-02 04:49 - 2012-07-20 01:26 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-06-02 04:17 - 2012-07-20 01:26 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-06-02 04:12 - 2012-07-20 01:26 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-06-02 04:05 - 2012-07-20 01:26 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-06-02 04:05 - 2012-07-20 01:26 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-06-02 04:04 - 2012-07-20 01:26 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-06-02 04:04 - 2012-07-20 01:26 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-06-02 04:03 - 2012-07-20 01:26 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-06-02 04:01 - 2012-07-20 01:26 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2012-06-02 04:00 - 2012-07-20 01:26 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-06-02 03:59 - 2012-07-20 01:26 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-06-02 03:57 - 2012-07-20 01:26 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-06-02 03:57 - 2012-07-20 01:26 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-06-02 03:54 - 2012-07-20 01:26 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-06-02 01:07 - 2012-07-20 01:26 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2012-06-02 00:43 - 2012-07-20 01:26 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2012-06-02 00:33 - 2012-07-20 01:26 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2012-06-02 00:26 - 2012-07-20 01:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2012-06-02 00:25 - 2012-07-20 01:26 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2012-06-02 00:25 - 2012-07-20 01:26 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2012-06-02 00:23 - 2012-07-20 01:26 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2012-06-02 00:21 - 2012-07-20 01:26 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2012-06-02 00:20 - 2012-07-20 01:26 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2012-06-02 00:19 - 2012-07-20 01:26 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2012-06-02 00:19 - 2012-07-20 01:26 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2012-06-02 00:17 - 2012-07-20 01:26 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2012-06-02 00:16 - 2012-07-20 01:26 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2012-06-02 00:14 - 2012-07-20 01:26 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2012-06-01 21:50 - 2012-07-19 13:25 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys

2012-06-01 21:48 - 2012-07-19 13:25 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys

2012-06-01 21:48 - 2012-07-19 13:25 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys

2012-06-01 21:45 - 2012-07-19 13:25 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll

2012-06-01 21:44 - 2012-07-19 13:25 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll

2012-06-01 20:40 - 2012-07-19 13:25 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2012-06-01 20:40 - 2012-07-19 13:25 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2012-06-01 20:39 - 2012-07-19 13:25 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2012-06-01 20:34 - 2012-07-19 13:25 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2012-05-04 03:06 - 2012-06-12 15:26 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe

2012-05-04 02:03 - 2012-06-12 15:26 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2012-05-04 02:03 - 2012-06-12 15:26 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2012-04-30 21:40 - 2012-06-12 15:26 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll

2012-04-30 20:59 - 2011-03-08 15:36 - 00796852 ____A C:\Windows\SysWOW64\PerfStringBackup.INI

2012-04-27 21:32 - 2012-06-12 15:26 - 01112064 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll

2012-04-27 19:55 - 2012-06-12 15:26 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys

2012-04-25 21:41 - 2012-06-12 15:26 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll

2012-04-25 21:41 - 2012-06-12 15:26 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll

2012-04-25 21:34 - 2012-06-12 15:26 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe

2012-04-23 21:37 - 2012-06-12 15:25 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll

2012-04-23 21:37 - 2012-06-12 15:25 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll

2012-04-23 21:37 - 2012-06-12 15:25 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll

2012-04-23 20:36 - 2012-06-12 15:25 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll

2012-04-23 20:36 - 2012-06-12 15:25 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll

2012-04-23 20:36 - 2012-06-12 15:25 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll

ZeroAccess:

C:\Windows\Installer\{121ec3df-77a2-8953-17f1-946c4a94c909}

C:\Windows\Installer\{121ec3df-77a2-8953-17f1-946c4a94c909}\@

C:\Windows\Installer\{121ec3df-77a2-8953-17f1-946c4a94c909}\L

C:\Windows\Installer\{121ec3df-77a2-8953-17f1-946c4a94c909}\U

C:\Windows\Installer\{121ec3df-77a2-8953-17f1-946c4a94c909}\L\00000004.@

C:\Windows\Installer\{121ec3df-77a2-8953-17f1-946c4a94c909}\L\1afb2d56

C:\Windows\Installer\{121ec3df-77a2-8953-17f1-946c4a94c909}\L\201d3dde

C:\Windows\Installer\{121ec3df-77a2-8953-17f1-946c4a94c909}\U\00000004.@

C:\Windows\Installer\{121ec3df-77a2-8953-17f1-946c4a94c909}\U\00000008.@

C:\Windows\Installer\{121ec3df-77a2-8953-17f1-946c4a94c909}\U\000000cb.@

C:\Windows\Installer\{121ec3df-77a2-8953-17f1-946c4a94c909}\U\80000000.@

C:\Windows\Installer\{121ec3df-77a2-8953-17f1-946c4a94c909}\U\80000032.@

C:\Windows\Installer\{121ec3df-77a2-8953-17f1-946c4a94c909}\U\80000064.@

ZeroAccess:

C:\Users\Owner\AppData\Local\{121ec3df-77a2-8953-17f1-946c4a94c909}

C:\Users\Owner\AppData\Local\{121ec3df-77a2-8953-17f1-946c4a94c909}\@

C:\Users\Owner\AppData\Local\{121ec3df-77a2-8953-17f1-946c4a94c909}\L

C:\Users\Owner\AppData\Local\{121ec3df-77a2-8953-17f1-946c4a94c909}\U

ZeroAccess:

C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:

C:\Windows\assembly\GAC_64\Desktop.ini

========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 14%

Total physical RAM: 3960.92 MB

Available physical RAM: 3377.16 MB

Total Pagefile: 3959.07 MB

Available Pagefile: 3370 MB

Total Virtual: 8192 MB

Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:465.76 GB) (Free:262.11 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

3 Drive f: () (Removable) (Total:3.76 GB) (Free:3.76 GB) FAT32

4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 465 GB 0 B

Disk 2 Online 3857 MB 0 B

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 465 GB 1024 KB

==================================================================================

Disk: 0

Partition 1

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 C NTFS Partition 465 GB Healthy

==================================================================================

Partitions of Disk 2:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 3857 MB 20 KB

==================================================================================

Disk: 2

Partition 1

Type : 0B

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 F FAT32 Removable 3857 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-17 22:51

======================= End Of Log ==========================

Search.txt

Farbar Recovery Scan Tool Version: 20-07-2012 01

Ran by SYSTEM at 2012-07-21 16:42:59

Running from E:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe

[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

====== End Of Search ======

Thanks if anyone can please help,

First, uninstall uTorrent, then create your own thread.

Link to post
Share on other sites

Thanks for all your help! I'm curious about something, do you have all this information on a database, or is it all just experience and knowledge?

Database is between my ears and about 12 years of experience!

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

---------------------------------

Please download OTL from one of the links below: (you may already have OTL on the system)

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, etc....

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.