Email hijacked and slow startup times. Possible Malware?

whatface · July 29, 2012

Hello,

About 3-5 days ago I noticed that spam was being sent from my email. It was also around this time when I noticed that the startup times on my computer had gotten slower. I ran a scan using Avast! and managed to remove some malware. I also scanned with Malwarebytes Anti-Malware and it couldn't find anything. However the startup times are still long so I suspect that my desktop could still be infected.

I have pasted/attached the requested logs below. Any assistance would be greatly appreicated. Thanks.

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1

Run by Jason at 12:56:13 on 2012-07-29

Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.61.1033.18.4094.1981 [GMT 10:00]

.

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: COMODO Defense+ *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}

FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k rpcss

C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\SLsvc.exe

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k regsvc

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe

C:\Windows\SysWOW64\vmnat.exe

C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe

C:\Windows\SysWOW64\vmnetdhcp.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Windows\ehome\ehtray.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe

C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\ehome\ehmsas.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Windows\SysWOW64\conime.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.yahoo.com/

uInternet Settings,ProxyOverride = *.local

mWinlogon: Userinit=userinit.exe

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

EB: Developer Tools: {1a6fe369-f28c-4ad9-a3e6-2bcb50807cf1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll

uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter

uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background

uRun: [AdobeBridge]

uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

mRun: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe

mRun: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

LSP: C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll

DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab

DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab

DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} - hxxp://nxcache.nexon.net/mabinogi/renderer/mabiweb.2010.5.03.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab

DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab

TCP: Interfaces\{BF14688D-ABC9-4D80-8AEA-06B481F015F3} : NameServer = 10.11.12.1,212.159.11.150

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

EB-X64: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - No File

mRun-x64: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

mRun-x64: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe

mRun-x64: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

AppInit_DLLs-X64: C:\Windows\SysWOW64\guard32.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\siuio95h.default\

FF - prefs.js: browser.startup.homepage - www.yahoo.com/

FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\Virtools\3D Life Player\npvirtools.dll

FF - plugin: C:\ProgramData\id Software\QuakeLive\npquakezero.dll

FF - plugin: C:\Users\Jason\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll

FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

.

============= SERVICES / DRIVERS ===============

.

R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]

R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]

R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys --> C:\Windows\system32\DRIVERS\cmdguard.sys [?]

R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys --> C:\Windows\system32\DRIVERS\cmdhlp.sys [?]

R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]

R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-5-12 44808]

R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]

R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-6-29 1262912]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-4-4 382272]

R2 vmci;VMware vmci;\??\C:\Windows\system32\drivers\vmci.sys --> C:\Windows\system32\drivers\vmci.sys [?]

R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-1-22 563760]

R2 WDBtnMgrSvc.exe;WD Drive Manager Service;C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [2009-6-26 119296]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 GEST Service;GEST Service for program management.;C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe [2009-2-12 68136]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-6-9 136176]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-7 160944]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-9 250056]

S3 CamDrL64;Logitech QuickCam Pro 3000(PID_08B0);C:\Windows\system32\DRIVERS\CamDrL64.sys --> C:\Windows\system32\DRIVERS\CamDrL64.sys [?]

S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;E:\Dragon Age\bin_ship\daupdatersvc.service.exe [2009-12-16 25832]

S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2009-2-14 1038088]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-6-9 136176]

S3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\system32\DRIVERS\LVUSBS64.sys --> C:\Windows\system32\DRIVERS\LVUSBS64.sys [?]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-27 113120]

S3 nmwcdcx64;Nokia USB Generic;C:\Windows\system32\drivers\ccdcmbox64.sys --> C:\Windows\system32\drivers\ccdcmbox64.sys [?]

S3 nmwcdx64;Nokia USB Phone Parent;C:\Windows\system32\drivers\ccdcmbx64.sys --> C:\Windows\system32\drivers\ccdcmbx64.sys [?]

S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-21 19968]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]

S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-12-4 89920]

.

=============== File Associations ===============

.

JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*

.

=============== Created Last 30 ================

.

2012-07-29 02:17:20 -------- d-----w- C:\ProgramData\Comodo

2012-07-29 02:17:05 -------- d-----w- C:\Program Files\COMODO

2012-07-29 01:06:06 -------- d-----w- C:\Users\Jason\AppData\Local\{8C330598-BC7E-47F3-AE5B-524207B2969F}

2012-07-29 01:05:56 -------- d-----w- C:\Users\Jason\AppData\Local\{A0F58596-64FD-47ED-8E1D-F48A028D45F7}

2012-07-28 04:00:02 -------- d-----w- C:\Users\Jason\AppData\Local\{AB672EE9-66E7-441D-956F-4CDC9C1DEDF1}

2012-07-28 03:59:51 -------- d-----w- C:\Users\Jason\AppData\Local\{DF3A5DA8-0F07-4C0D-A869-22ECFDCA8C4A}

2012-07-27 08:20:55 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6261DEF6-F7DC-4624-A1E5-CA0D66C2ACCB}\mpengine.dll

2012-07-27 08:16:36 -------- d-----w- C:\Users\Jason\AppData\Local\{8B687A59-4643-4D23-819D-F961243F3853}

2012-07-27 08:16:24 -------- d-----w- C:\Users\Jason\AppData\Local\{5A110C1A-9672-460F-A83D-E7966DFF8AFF}

2012-07-26 08:19:32 -------- d-----w- C:\Users\Jason\AppData\Local\{164D58B2-BC54-479E-ACCF-87E82FE68233}

2012-07-26 08:19:21 -------- d-----w- C:\Users\Jason\AppData\Local\{AC9CD2BD-74B9-44BF-BC32-68576A76D742}

2012-07-25 08:17:44 -------- d-----w- C:\Users\Jason\AppData\Local\{210936BD-BC52-465B-A90A-1BF8C3B879E2}

2012-07-25 08:17:32 -------- d-----w- C:\Users\Jason\AppData\Local\{B939E1AF-AF91-4298-897A-269A81205482}

2012-07-24 07:17:50 -------- d-----w- C:\Users\Jason\AppData\Local\{BDFF1358-CCE0-4938-A912-D1CD635E7BA9}

2012-07-24 07:17:39 -------- d-----w- C:\Users\Jason\AppData\Local\{BFED695D-AE3D-4AD2-BA0D-D3B27BB2541B}

2012-07-23 08:04:55 -------- d-----w- C:\Users\Jason\AppData\Local\{4794B32C-3191-4234-AC14-BB6D86D2B413}

2012-07-23 08:04:43 -------- d-----w- C:\Users\Jason\AppData\Local\{346C7DC2-8776-41A4-9DCE-C6746A334424}

2012-07-22 12:09:43 -------- d-----w- C:\Users\Jason\AppData\Local\{74FD8E43-D293-4BC7-A161-A90994EA1765}

2012-07-22 12:09:31 -------- d-----w- C:\Users\Jason\AppData\Local\{49609040-5864-4165-B6A0-319570C9A1F7}

2012-07-22 00:09:15 -------- d-----w- C:\Users\Jason\AppData\Local\{1226F52D-8988-478A-9059-27F5788906A8}

2012-07-22 00:08:58 -------- d-----w- C:\Users\Jason\AppData\Local\{8B7D702C-60A4-42F5-8E9C-F1B1C4BBD946}

2012-07-21 00:46:44 -------- d-----w- C:\Users\Jason\AppData\Local\{11D25D1C-B1E4-4E7E-AE44-66F2D503510D}

2012-07-21 00:46:33 -------- d-----w- C:\Users\Jason\AppData\Local\{0AD4A4E8-57B0-4D15-AD76-E8B592E93351}

2012-07-20 12:46:06 -------- d-----w- C:\Users\Jason\AppData\Local\{66B9B3A7-AE0D-4210-8186-285BFCD04CA4}

2012-07-20 12:45:53 -------- d-----w- C:\Users\Jason\AppData\Local\{FA97AA3B-EA8D-4BAC-95E2-E0D88DD7CCC9}

2012-07-20 00:45:38 -------- d-----w- C:\Users\Jason\AppData\Local\{4F54C401-62CD-44C8-9CFB-9B64DB897A34}

2012-07-20 00:45:26 -------- d-----w- C:\Users\Jason\AppData\Local\{4B2D5DD4-2595-463C-BDFB-8283354FCCF4}

2012-07-19 07:27:50 -------- d-----w- C:\Users\Jason\AppData\Local\{F71A8E0B-6A10-44F8-90C9-6E0684965488}

2012-07-19 07:27:39 -------- d-----w- C:\Users\Jason\AppData\Local\{C038F7E5-9130-49F9-9E1A-59407A937D13}

2012-07-18 08:59:40 -------- d-----w- C:\Users\Jason\AppData\Local\{4D9F6DD6-8A84-4032-9C07-88E3B33AFD26}

2012-07-18 08:59:17 -------- d-----w- C:\Users\Jason\AppData\Local\{F3840ABA-104A-4253-9F68-E5EE0F6A5248}

2012-07-17 10:01:44 -------- d-----w- C:\Users\Jason\AppData\Local\{F9D78697-F7C1-4F06-9051-9352CE5EC6BB}

2012-07-17 10:01:31 -------- d-----w- C:\Users\Jason\AppData\Local\{066A8974-3AA8-4C1C-BCE2-8DDD5A51DD3A}

2012-07-16 22:01:19 -------- d-----w- C:\Users\Jason\AppData\Local\{95F9BDB5-1FD5-4176-8C80-008085E86076}

2012-07-16 22:01:06 -------- d-----w- C:\Users\Jason\AppData\Local\{23159FEA-4F9D-4A0A-9DD8-6F2289264531}

2012-07-16 10:00:41 -------- d-----w- C:\Users\Jason\AppData\Local\{6F487267-B0F3-43B9-9606-3451C8049FEA}

2012-07-16 10:00:29 -------- d-----w- C:\Users\Jason\AppData\Local\{DBD701A7-BCA7-4E27-A511-5D5EBB749BAE}

2012-07-15 12:48:26 -------- d-----w- C:\Users\Jason\AppData\Local\{A4F4232A-6E8F-42FF-8205-7F5BB81A2B9E}

2012-07-15 12:48:13 -------- d-----w- C:\Users\Jason\AppData\Local\{D27B5768-52AF-4F85-95E6-5A229C699073}

2012-07-15 00:48:00 -------- d-----w- C:\Users\Jason\AppData\Local\{410DBC27-E598-4699-B496-94A051AABC41}

2012-07-15 00:47:49 -------- d-----w- C:\Users\Jason\AppData\Local\{C97D79CF-75AC-48AB-AD14-CA0795482715}

2012-07-14 12:47:24 -------- d-----w- C:\Users\Jason\AppData\Local\{3A23E1C7-D2FE-489A-9020-E899CA6F1DAA}

2012-07-14 12:47:13 -------- d-----w- C:\Users\Jason\AppData\Local\{BD4E662A-1A69-48CF-B7C4-EF94A67680DD}

2012-07-14 00:53:40 -------- d-----w- C:\Program Files (x86)\Microsoft XNA

2012-07-14 00:46:40 -------- d-----w- C:\Users\Jason\AppData\Local\{4A183CCC-1212-4249-B426-3DE416C1D0CE}

2012-07-14 00:46:29 -------- d-----w- C:\Users\Jason\AppData\Local\{1BC7E56B-79CF-4D90-BA14-604C0DDC2B49}

2012-07-13 09:00:57 -------- d-----w- C:\Users\Jason\AppData\Local\{5F60908C-A75C-4F26-86A7-C49DFA18061E}

2012-07-13 09:00:45 -------- d-----w- C:\Users\Jason\AppData\Local\{7D09ECF8-FEA4-4772-9704-E32E55CDBFCD}

2012-07-12 09:34:34 2769408 ----a-w- C:\Windows\System32\win32k.sys

2012-07-12 08:52:58 974848 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll

2012-07-12 08:52:56 708608 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll

2012-07-12 08:52:22 1797120 ----a-w- C:\Windows\System32\msxml6.dll

2012-07-12 08:52:21 1869824 ----a-w- C:\Windows\System32\msxml3.dll

2012-07-12 08:52:21 1401856 ----a-w- C:\Windows\SysWow64\msxml6.dll

2012-07-12 08:52:21 1248768 ----a-w- C:\Windows\SysWow64\msxml3.dll

2012-07-12 08:51:48 516480 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2012-07-12 08:51:48 347136 ----a-w- C:\Windows\System32\schannel.dll

2012-07-12 08:51:48 278528 ----a-w- C:\Windows\SysWow64\schannel.dll

2012-07-12 08:51:48 254464 ----a-w- C:\Windows\System32\ncrypt.dll

2012-07-12 08:51:48 204288 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2012-07-12 08:51:47 77312 ----a-w- C:\Windows\SysWow64\secur32.dll

2012-07-12 08:42:56 -------- d-----w- C:\Users\Jason\AppData\Local\{127915E5-9F1F-4E3C-879C-7419C59CB0F6}

2012-07-12 08:42:43 -------- d-----w- C:\Users\Jason\AppData\Local\{8FBC14BC-B5AE-4C86-B5CF-9D8242008091}

2012-07-11 11:43:28 -------- d-----w- C:\Users\Jason\AppData\Local\{C1ED80A8-FF5A-4D0C-97F4-DE53D7FD842B}

2012-07-11 11:43:17 -------- d-----w- C:\Users\Jason\AppData\Local\{8354C3D3-46BA-4779-BEE0-D1F6FA9789EA}

2012-07-10 10:21:07 -------- d-----w- C:\af3e8974be320ed59df12484a71aa964

2012-07-10 10:15:39 -------- d-----w- C:\Users\Jason\AppData\Local\{596D0C97-672B-439C-8414-6996877B48F2}

2012-07-10 10:15:28 -------- d-----w- C:\Users\Jason\AppData\Local\{04585D03-5FBD-46DE-B8A7-D9D236589791}

2012-07-09 11:00:31 -------- d-----w- C:\Users\Jason\AppData\Local\{05A89411-1A35-49F8-8A79-418EACEA7F30}

2012-07-09 11:00:20 -------- d-----w- C:\Users\Jason\AppData\Local\{7CCA2F3D-DC3F-4C5D-AFF8-741152FE2A13}

2012-07-08 11:35:47 -------- d-----w- C:\Users\Jason\AppData\Local\{3CD08E61-5AE1-48A5-94EC-4C4F8AAFEF1D}

2012-07-08 11:35:35 -------- d-----w- C:\Users\Jason\AppData\Local\{C571DEA5-9D9A-4B44-A1A6-BA6DC06AFBF5}

2012-07-08 04:16:17 -------- d-----w- C:\Users\Jason\AppData\Local\etax2012

2012-07-08 04:14:57 -------- d-----w- C:\Program Files (x86)\etax2012

2012-07-07 23:35:23 -------- d-----w- C:\Users\Jason\AppData\Local\{F2D9691E-F109-4232-B14D-EAA0F3F351B0}

2012-07-07 23:35:11 -------- d-----w- C:\Users\Jason\AppData\Local\{29B3EC29-635B-4E79-93F8-5A36816C13CF}

2012-07-07 02:12:30 -------- d-----w- C:\Users\Jason\AppData\Local\{92B16EF3-E38B-44F4-BA67-8FFB9B82C04C}

2012-07-07 02:12:10 -------- d-----w- C:\Users\Jason\AppData\Local\{BA5E4680-424D-4D0A-B50C-855D3566148C}

2012-07-06 09:59:35 -------- d-----w- C:\Users\Jason\AppData\Local\{5AEDA521-195E-411C-A69E-BA6BC93E04DF}

2012-07-06 09:59:23 -------- d-----w- C:\Users\Jason\AppData\Local\{EA7A2900-E38E-4E90-8ED1-00F66F5FEA7D}

2012-07-05 10:00:39 -------- d-----w- C:\Users\Jason\AppData\Local\{5E353423-7E25-47D6-91F5-3F2EF14768E2}

2012-07-05 10:00:28 -------- d-----w- C:\Users\Jason\AppData\Local\{3E1BE410-A396-46F3-806D-1F0E048A4E35}

2012-07-04 08:57:19 -------- d-----w- C:\Users\Jason\AppData\Local\{F01E0919-CDF9-4A0B-A676-97892A844C2D}

2012-07-04 08:57:02 -------- d-----w- C:\Users\Jason\AppData\Local\{84CDA704-C789-4843-9689-C0C0B9408EE3}

2012-07-03 09:29:02 -------- d-----w- C:\Users\Jason\AppData\Local\{0EF56292-BEEB-487B-929D-0CCFA3C62C14}

2012-07-03 09:28:51 -------- d-----w- C:\Users\Jason\AppData\Local\{BE94AFDC-F339-41C1-AF50-D08605A8C014}

2012-07-02 09:31:56 -------- d-----w- C:\Users\Jason\AppData\Local\{C583E280-497F-46C7-A527-90F86A39DAFC}

2012-07-02 09:31:42 -------- d-----w- C:\Users\Jason\AppData\Local\{C3568691-FDF0-4896-9B19-5F7A5BB8C71C}

2012-07-01 01:07:37 -------- d-----w- C:\Users\Jason\AppData\Local\{4966E160-0AEC-4124-9A00-4A0E414F5165}

2012-07-01 01:07:25 -------- d-----w- C:\Users\Jason\AppData\Local\{0E3CBCBA-B30B-481B-9823-44903190A2D3}

2012-06-30 11:37:55 -------- d-----w- C:\Users\Jason\AppData\Local\{2C6E00FF-4863-4359-A626-F223F2667634}

2012-06-30 11:37:44 -------- d-----w- C:\Users\Jason\AppData\Local\{5DB5994A-AB24-43EC-B0A8-C0B6450D2329}

2012-06-29 23:37:03 -------- d-----w- C:\Users\Jason\AppData\Local\{F357AD00-C196-4E7F-8EC5-85086563EA8F}

2012-06-29 23:36:51 -------- d-----w- C:\Users\Jason\AppData\Local\{66AD6E9F-BDC8-4A0D-9F20-D780FB1484FF}

2012-06-29 09:56:18 889664 ----a-w- C:\Windows\System32\nvvsvc.exe

2012-06-29 09:56:18 63296 ----a-w- C:\Windows\System32\nvshext.dll

2012-06-29 09:56:18 3149632 ----a-w- C:\Windows\System32\nvsvc64.dll

2012-06-29 09:56:17 6122816 ----a-w- C:\Windows\System32\nvcpl.dll

2012-06-29 09:56:17 118080 ----a-w- C:\Windows\System32\nvmctray.dll

2012-06-29 09:54:38 68928 ----a-w- C:\Windows\System32\OpenCL.dll

2012-06-29 09:54:38 61248 ----a-w- C:\Windows\SysWow64\OpenCL.dll

2012-06-29 09:54:27 -------- d-----w- C:\ProgramData\NVIDIA Corporation

2012-06-29 09:48:56 -------- d-----w- C:\Users\Jason\AppData\Local\{15FC832F-5433-4127-BECB-9D45440F5877}

2012-06-29 09:48:26 -------- d-----w- C:\Users\Jason\AppData\Local\{4338123B-817E-4A2D-A2D7-7CDD7E8BF197}

.

==================== Find3M ====================

.

2012-07-29 02:23:19 24072 ----a-w- C:\Windows\gdrv.sys

2012-07-27 13:17:43 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-27 13:17:43 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-07-03 16:21:52 958400 ----a-w- C:\Windows\System32\drivers\aswSnx.sys

2012-07-03 16:21:52 71064 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys

2012-07-03 16:21:32 41224 ----a-w- C:\Windows\avastSS.scr

2012-07-03 03:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-06-30 05:17:38 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr

2012-06-30 05:17:38 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-02 22:12:13 88576 ----a-w- C:\Windows\SysWow64\wudriver.dll

2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll

2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-06-02 05:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-06-02 05:19:42 171904 ----a-w- C:\Windows\SysWow64\wuwebv.dll

2012-06-02 05:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-06-02 05:12:20 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe

2012-05-31 02:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe

2012-05-01 14:29:44 209920 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

.

============= FINISH: 12:56:56.34 ===============

Attach.txt

MrCharlie · July 30, 2012

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

whatface · July 31, 2012

Here is the report as requested:

RogueKiller V7.6.4 [07/17/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 64 bits version

Started in : Normal mode

User: Jason [Admin rights]

Mode: Scan -- Date: 07/31/2012 18:21:01

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 7 ¤¤¤

[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{BF14688D-ABC9-4D80-8AEA-06B481F015F3} : NameServer (10.11.12.1,212.159.11.150) -> FOUND

[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{BF14688D-ABC9-4D80-8AEA-06B481F015F3} : NameServer (10.11.12.1,212.159.11.150) -> FOUND

[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{BF14688D-ABC9-4D80-8AEA-06B481F015F3} : NameServer (10.11.12.1,212.159.11.150) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND

[HJ] HKCU\[...]\Advanced : Start_ShowRun (0) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

::1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD800BB-75FJA1 ATA Device +++++

--- User ---

[MBR] bf781d186d76378c2d9af9f64032a413

[bSP] f0531316a6163d16f4ba254ab3fe3bf4 : Windows XP MBR Code

Partition table:

0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 80325 | Size: 76253 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: SAMSUNG SP2014N ATA Device +++++

--- User ---

[MBR] 56b825a85331379820885d2c2d8e1a1f

[bSP] a1234a9bb8e65a9ffc3a7188a433490d : Windows XP MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 190779 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive2: ST31000333AS ATA Device +++++

--- User ---

[MBR] 1786bb8d94b607d97d0774ae9ce05473

[bSP] 23d364e7a25b0f97d8028aeb5f648622 : Windows Vista MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953866 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive3: ST31000333AS ATA Device +++++

--- User ---

[MBR] 7de9077362275d50f9ec724b1e3f3b9c

[bSP] cde988cbde45292da386da5a14c8f75c : Windows Vista MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 953867 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

MrCharlie · July 31, 2012

Not much showing, lets run some scans..........

Please make sure system restore is running and create a new restore point before continuing.

XP <===> Vista & W7

XP users > please back up the registry using ERUNT.

-----------------------------------------

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

------------------------

Click the Start Scan button.

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

whatface · July 31, 2012

Thank you for your continued support MrCharlie. I have scanned and pasted the report below:

22:38:33.0424 3228 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32

22:38:34.0515 3228 ============================================================

22:38:34.0515 3228 Current date / time: 2012/07/31 22:38:34.0515

22:38:34.0515 3228 SystemInfo:

22:38:34.0515 3228

22:38:34.0515 3228 OS Version: 6.0.6002 ServicePack: 2.0

22:38:34.0515 3228 Product type: Workstation

22:38:34.0515 3228 ComputerName: JASON-PC

22:38:34.0516 3228 UserName: Jason

22:38:34.0516 3228 Windows directory: C:\Windows

22:38:34.0516 3228 System windows directory: C:\Windows

22:38:34.0516 3228 Running under WOW64

22:38:34.0516 3228 Processor architecture: Intel x64

22:38:34.0516 3228 Number of processors: 4

22:38:34.0516 3228 Page size: 0x1000

22:38:34.0516 3228 Boot type: Normal boot

22:38:34.0516 3228 ============================================================

22:38:36.0443 3228 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

22:38:36.0444 3228 Drive \Device\Harddisk1\DR1 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

22:38:36.0470 3228 Drive \Device\Harddisk2\DR2 - Size: 0xE8E0CADE00 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

22:38:36.0510 3228 Drive \Device\Harddisk3\DR3 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

22:38:36.0549 3228 ============================================================

22:38:36.0549 3228 \Device\Harddisk0\DR0:

22:38:36.0549 3228 MBR partitions:

22:38:36.0549 3228 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x94EEEB9

22:38:36.0549 3228 \Device\Harddisk1\DR1:

22:38:36.0549 3228 MBR partitions:

22:38:36.0549 3228 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1749DD82

22:38:36.0549 3228 \Device\Harddisk2\DR2:

22:38:36.0549 3228 MBR partitions:

22:38:36.0549 3228 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705000

22:38:36.0549 3228 \Device\Harddisk3\DR3:

22:38:36.0549 3228 MBR partitions:

22:38:36.0549 3228 \Device\Harddisk3\DR3\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800

22:38:36.0549 3228 ============================================================

22:38:36.0598 3228 C: <-> \Device\Harddisk2\DR2\Partition0

22:38:36.0649 3228 F: <-> \Device\Harddisk0\DR0\Partition0

22:38:36.0795 3228 E: <-> \Device\Harddisk3\DR3\Partition0

22:38:36.0915 3228 G: <-> \Device\Harddisk1\DR1\Partition0

22:38:36.0916 3228 ============================================================

22:38:36.0916 3228 Initialize success

22:38:36.0916 3228 ============================================================

22:39:14.0876 5952 ============================================================

22:39:14.0876 5952 Scan started

22:39:14.0876 5952 Mode: Manual; SigCheck; TDLFS;

22:39:14.0876 5952 ============================================================

22:39:16.0172 5952 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys

22:39:16.0461 5952 ACPI - ok

22:39:16.0516 5952 adfs (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys

22:39:16.0545 5952 adfs - ok

22:39:16.0688 5952 AdobeFlashPlayerUpdateSvc (6c40d5ed8951ab7b90d08af655224ee4) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

22:39:16.0707 5952 AdobeFlashPlayerUpdateSvc - ok

22:39:16.0780 5952 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys

22:39:16.0810 5952 adp94xx - ok

22:39:16.0837 5952 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys

22:39:16.0862 5952 adpahci - ok

22:39:16.0892 5952 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys

22:39:16.0912 5952 adpu160m - ok

22:39:16.0930 5952 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys

22:39:16.0951 5952 adpu320 - ok

22:39:16.0999 5952 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll

22:39:17.0135 5952 AeLookupSvc - ok

22:39:17.0186 5952 AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys

22:39:17.0241 5952 AFD - ok

22:39:17.0302 5952 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys

22:39:17.0321 5952 agp440 - ok

22:39:17.0371 5952 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys

22:39:17.0392 5952 aic78xx - ok

22:39:17.0403 5952 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe

22:39:17.0461 5952 ALG - ok

22:39:17.0478 5952 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys

22:39:17.0495 5952 aliide - ok

22:39:17.0503 5952 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys

22:39:17.0521 5952 amdide - ok

22:39:17.0562 5952 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys

22:39:17.0608 5952 AmdK8 - ok

22:39:17.0651 5952 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll

22:39:17.0691 5952 Appinfo - ok

22:39:17.0803 5952 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

22:39:17.0814 5952 Apple Mobile Device - ok

22:39:17.0833 5952 AppMgmt (3da98c07b18a676180fe7eed924d1673) C:\Windows\System32\appmgmts.dll

22:39:17.0909 5952 AppMgmt - ok

22:39:17.0928 5952 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys

22:39:17.0948 5952 arc - ok

22:39:17.0957 5952 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys

22:39:17.0977 5952 arcsas - ok

22:39:18.0086 5952 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

22:39:18.0106 5952 aspnet_state - ok

22:39:18.0153 5952 aswFsBlk (df59b8e8df0bd2e0e303778a3806a17d) C:\Windows\system32\drivers\aswFsBlk.sys

22:39:18.0170 5952 aswFsBlk - ok

22:39:18.0232 5952 aswMonFlt (f8e6ab4f876feff69250f2e0c29ef004) C:\Windows\system32\drivers\aswMonFlt.sys

22:39:18.0249 5952 aswMonFlt - ok

22:39:18.0298 5952 aswRdr (8047968ed077344c10b3bb81643f4c79) C:\Windows\system32\drivers\aswRdr.sys

22:39:18.0314 5952 aswRdr - ok

22:39:18.0383 5952 aswSnx (f06e230e1e8ca9437a6474b7b551cd37) C:\Windows\system32\drivers\aswSnx.sys

22:39:18.0438 5952 aswSnx - ok

22:39:18.0462 5952 aswSP (3610ca74a69e380424f0452dec5c1317) C:\Windows\system32\drivers\aswSP.sys

22:39:18.0508 5952 aswSP - ok

22:39:18.0534 5952 aswTdi (87de3e31cb0091d22351349869324065) C:\Windows\system32\drivers\aswTdi.sys

22:39:18.0551 5952 aswTdi - ok

22:39:18.0567 5952 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys

22:39:18.0636 5952 AsyncMac - ok

22:39:18.0669 5952 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys

22:39:18.0687 5952 atapi - ok

22:39:18.0762 5952 atksgt (fc0e8778c000291caf60eb88c011e931) C:\Windows\system32\DRIVERS\atksgt.sys

22:39:18.0784 5952 atksgt - ok

22:39:18.0848 5952 AudioEndpointBuilder (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll

22:39:18.0916 5952 AudioEndpointBuilder - ok

22:39:18.0921 5952 AudioSrv (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll

22:39:18.0958 5952 AudioSrv - ok

22:39:19.0026 5952 avast! Antivirus (2f7c0f3e39c45e0127fb78b2f18a41f3) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

22:39:19.0042 5952 avast! Antivirus - ok

22:39:19.0110 5952 BFE (ffb96c2589ffa60473ead78b39fbde29) C:\Windows\System32\bfe.dll

22:39:19.0217 5952 BFE - ok

22:39:19.0291 5952 BITS (6d316f4859634071cc25c4fd4589ad2c) C:\Windows\System32\qmgr.dll

22:39:19.0399 5952 BITS - ok

22:39:19.0452 5952 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys

22:39:19.0493 5952 blbdrive - ok

22:39:19.0550 5952 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe

22:39:19.0577 5952 Bonjour Service - ok

22:39:19.0626 5952 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys

22:39:19.0664 5952 bowser - ok

22:39:19.0692 5952 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys

22:39:19.0744 5952 BrFiltLo - ok

22:39:19.0766 5952 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys

22:39:19.0817 5952 BrFiltUp - ok

22:39:19.0863 5952 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll

22:39:19.0917 5952 Browser - ok

22:39:19.0967 5952 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys

22:39:20.0037 5952 Brserid - ok

22:39:20.0056 5952 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys

22:39:20.0113 5952 BrSerWdm - ok

22:39:20.0133 5952 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys

22:39:20.0201 5952 BrUsbMdm - ok

22:39:20.0228 5952 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys

22:39:20.0293 5952 BrUsbSer - ok

22:39:20.0321 5952 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys

22:39:20.0376 5952 BTHMODEM - ok

22:39:21.0026 5952 CamDrL64 (6e1641724439e18ce55adee2d347aa19) C:\Windows\system32\DRIVERS\CamDrL64.sys

22:39:21.0092 5952 CamDrL64 - ok

22:39:21.0115 5952 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys

22:39:21.0164 5952 cdfs - ok

22:39:21.0225 5952 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys

22:39:21.0301 5952 cdrom - ok

22:39:21.0353 5952 CertPropSvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll

22:39:21.0408 5952 CertPropSvc - ok

22:39:21.0440 5952 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys

22:39:21.0519 5952 circlass - ok

22:39:21.0564 5952 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys

22:39:21.0610 5952 CLFS - ok

22:39:21.0693 5952 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

22:39:21.0715 5952 clr_optimization_v2.0.50727_32 - ok

22:39:21.0782 5952 clr_optimization_v2.0.50727_64 (ce07a466201096f021cd09d631b21540) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

22:39:21.0800 5952 clr_optimization_v2.0.50727_64 - ok

22:39:21.0870 5952 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

22:39:21.0913 5952 clr_optimization_v4.0.30319_32 - ok

22:39:21.0950 5952 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

22:39:21.0980 5952 clr_optimization_v4.0.30319_64 - ok

22:39:22.0197 5952 cmdAgent (cee48ccc4d561ddb19c72f9fb55d28d5) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

22:39:22.0267 5952 cmdAgent - ok

22:39:22.0403 5952 cmdGuard (98e9ac5f001ab92fd05de5db04621fea) C:\Windows\system32\DRIVERS\cmdguard.sys

22:39:22.0422 5952 cmdGuard - ok

22:39:22.0435 5952 cmdHlp (ba0e1a71d4a05f5dcdbce2070b934b5a) C:\Windows\system32\DRIVERS\cmdhlp.sys

22:39:22.0447 5952 cmdHlp - ok

22:39:22.0473 5952 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys

22:39:22.0485 5952 cmdide - ok

22:39:22.0508 5952 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys

22:39:22.0521 5952 Compbatt - ok

22:39:22.0523 5952 COMSysApp - ok

22:39:22.0528 5952 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys

22:39:22.0541 5952 crcdisk - ok

22:39:22.0608 5952 CryptSvc (62740b9d2a137e8ced41a9e4239a7a31) C:\Windows\system32\cryptsvc.dll

22:39:22.0672 5952 CryptSvc - ok

22:39:22.0732 5952 CSC (f60f50c8ed3fcbe358430b95fe27d09c) C:\Windows\system32\drivers\csc.sys

22:39:22.0789 5952 CSC - ok

22:39:22.0860 5952 CscService (1b5f256d31836ed2ba60b3a6c800200c) C:\Windows\System32\cscsvc.dll

22:39:22.0923 5952 CscService - ok

22:39:23.0028 5952 DAUpdaterSvc (914a7156b0c0f10be645a02e13f576b2) E:\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe

22:39:23.0046 5952 DAUpdaterSvc - ok

22:39:23.0113 5952 DcomLaunch (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll

22:39:23.0206 5952 DcomLaunch - ok

22:39:23.0277 5952 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys

22:39:23.0316 5952 DfsC - ok

22:39:23.0427 5952 DFSR (c647f468f7de343df8c143655c5557d4) C:\Windows\system32\DFSR.exe

22:39:23.0578 5952 DFSR - ok

22:39:23.0702 5952 Dhcp (3ed0321127ce70acdaabbf77e157c2a7) C:\Windows\System32\dhcpcsvc.dll

22:39:23.0753 5952 Dhcp - ok

22:39:23.0798 5952 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys

22:39:23.0818 5952 disk - ok

22:39:23.0876 5952 Dnscache (06230f1b721494a6df8d47fd395bb1b0) C:\Windows\System32\dnsrslvr.dll

22:39:23.0937 5952 Dnscache - ok

22:39:23.0972 5952 dot3svc (1a7156dd1e850e9914e5e991e3225b94) C:\Windows\System32\dot3svc.dll

22:39:24.0024 5952 dot3svc - ok

22:39:24.0071 5952 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll

22:39:24.0136 5952 DPS - ok

22:39:24.0184 5952 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys

22:39:24.0231 5952 drmkaud - ok

22:39:24.0258 5952 dump_wmimmc - ok

22:39:24.0336 5952 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys

22:39:24.0379 5952 DXGKrnl - ok

22:39:24.0412 5952 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys

22:39:24.0469 5952 E1G60 - ok

22:39:24.0484 5952 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll

22:39:24.0549 5952 EapHost - ok

22:39:24.0611 5952 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys

22:39:24.0633 5952 Ecache - ok

22:39:24.0688 5952 ehRecvr (14ce384d2e27b64c256bda4dc39c312d) C:\Windows\ehome\ehRecvr.exe

22:39:24.0737 5952 ehRecvr - ok

22:39:24.0767 5952 ehSched (b93159c1313d66fdfbbe876f5189cd52) C:\Windows\ehome\ehsched.exe

22:39:24.0817 5952 ehSched - ok

22:39:24.0833 5952 ehstart (f5ee2527d74449868e3c3227a59bcd28) C:\Windows\ehome\ehstart.dll

22:39:24.0873 5952 ehstart - ok

22:39:24.0899 5952 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys

22:39:24.0926 5952 elxstor - ok

22:39:24.0976 5952 EMDMgmt (a9b18b63a4fd6baab83326706d857fab) C:\Windows\system32\emdmgmt.dll

22:39:25.0040 5952 EMDMgmt - ok

22:39:25.0057 5952 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys

22:39:25.0117 5952 ErrDev - ok

22:39:25.0178 5952 EventSystem (e12f22b73f153dece721cd45ec05b4af) C:\Windows\system32\es.dll

22:39:25.0232 5952 EventSystem - ok

22:39:25.0271 5952 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys

22:39:25.0289 5952 exfat - ok

22:39:25.0313 5952 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys

22:39:25.0363 5952 fastfat - ok

22:39:25.0411 5952 Fax (989a776a2ff32a148fcf15c44058b129) C:\Windows\system32\fxssvc.exe

22:39:25.0454 5952 Fax - ok

22:39:25.0474 5952 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys

22:39:25.0520 5952 fdc - ok

22:39:25.0527 5952 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll

22:39:25.0577 5952 fdPHost - ok

22:39:25.0584 5952 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll

22:39:25.0653 5952 FDResPub - ok

22:39:25.0660 5952 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys

22:39:25.0673 5952 FileInfo - ok

22:39:25.0692 5952 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys

22:39:25.0743 5952 Filetrace - ok

22:39:25.0821 5952 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

22:39:25.0858 5952 FLEXnet Licensing Service - ok

22:39:25.0954 5952 FLEXnet Licensing Service 64 (1c3fb052a0bb72edaed90785c34d6eed) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe

22:39:25.0992 5952 FLEXnet Licensing Service 64 - ok

22:39:26.0077 5952 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys

22:39:26.0118 5952 flpydisk - ok

22:39:26.0158 5952 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys

22:39:26.0182 5952 FltMgr - ok

22:39:26.0291 5952 FontCache (be1c5bd1ca7ed015bc6fa1ae67e592c8) C:\Windows\system32\FntCache.dll

22:39:26.0365 5952 FontCache - ok

22:39:26.0438 5952 FontCache3.0.0.0 (bc5b0be5af3510b0fd8c140ee42c6d3e) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

22:39:26.0455 5952 FontCache3.0.0.0 - ok

22:39:26.0478 5952 Fs_Rec (5779b86cd8b32519fbecb136394d946a) C:\Windows\system32\drivers\Fs_Rec.sys

22:39:26.0517 5952 Fs_Rec - ok

22:39:26.0564 5952 FTDIBUS (ed07200cff78facfb66ebb0b89f503a4) C:\Windows\system32\drivers\ftdibus.sys

22:39:26.0580 5952 FTDIBUS - ok

22:39:26.0593 5952 FTSER2K (9980e7584484a009e77e9bfa14c0c18a) C:\Windows\system32\drivers\ftser2k.sys

22:39:26.0609 5952 FTSER2K - ok

22:39:26.0634 5952 fvevol (849e38db7d829962d0233a0a252b60c3) C:\Windows\system32\DRIVERS\fvevol.sys

22:39:26.0656 5952 fvevol - ok

22:39:26.0682 5952 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys

22:39:26.0722 5952 gagp30kx - ok

22:39:26.0754 5952 gdrv (6275303610285b57361f03a375062fba) C:\Windows\gdrv.sys

22:39:26.0770 5952 gdrv - ok

22:39:26.0811 5952 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

22:39:26.0825 5952 GEARAspiWDM - ok

22:39:26.0888 5952 GEST Service (20438b962021f0ea729020ed5a148d4c) C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe

22:39:26.0904 5952 GEST Service - ok

22:39:26.0963 5952 gpsvc (a0e1b575ba8f504968cd40c0faeb2384) C:\Windows\System32\gpsvc.dll

22:39:27.0027 5952 gpsvc - ok

22:39:27.0099 5952 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

22:39:27.0131 5952 gupdate - ok

22:39:27.0148 5952 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

22:39:27.0164 5952 gupdatem - ok

22:39:27.0202 5952 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

22:39:27.0221 5952 gusvc - ok

22:39:27.0275 5952 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys

22:39:27.0293 5952 hamachi - ok

22:39:27.0326 5952 hcmon (b93b24f258441820e575c7983ba47313) C:\Windows\system32\drivers\hcmon.sys

22:39:27.0341 5952 hcmon - ok

22:39:27.0410 5952 HdAudAddService (68e732382b32417ff61fd663259b4b09) C:\Windows\system32\drivers\HdAudio.sys

22:39:27.0436 5952 HdAudAddService - ok

22:39:27.0488 5952 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys

22:39:27.0561 5952 HDAudBus - ok

22:39:27.0590 5952 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys

22:39:27.0650 5952 HidBth - ok

22:39:27.0659 5952 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys

22:39:27.0724 5952 HidIr - ok

22:39:27.0771 5952 hidserv (59361d38a297755d46a540e450202b2a) C:\Windows\system32\hidserv.dll

22:39:27.0827 5952 hidserv - ok

22:39:27.0849 5952 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys

22:39:27.0888 5952 HidUsb - ok

22:39:27.0915 5952 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll

22:39:27.0962 5952 hkmsvc - ok

22:39:27.0997 5952 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys

22:39:28.0010 5952 HpCISSs - ok

22:39:28.0057 5952 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys

22:39:28.0132 5952 HTTP - ok

22:39:28.0145 5952 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys

22:39:28.0163 5952 i2omp - ok

22:39:28.0187 5952 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys

22:39:28.0220 5952 i8042prt - ok

22:39:28.0243 5952 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys

22:39:28.0266 5952 iaStorV - ok

22:39:28.0392 5952 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

22:39:28.0422 5952 IDriverT ( UnsignedFile.Multi.Generic ) - warning

22:39:28.0422 5952 IDriverT - detected UnsignedFile.Multi.Generic (1)

22:39:28.0494 5952 idsvc (749f5f8cedca70f2a512945325fc489d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

22:39:28.0549 5952 idsvc - ok

22:39:28.0589 5952 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys

22:39:28.0606 5952 iirsp - ok

22:39:28.0650 5952 IKEEXT (0c9ea6e654e7b0471741e343a6c671af) C:\Windows\System32\ikeext.dll

22:39:28.0712 5952 IKEEXT - ok

22:39:28.0761 5952 inspect (1d942e294a72a2a9ec527b327ae4f4bd) C:\Windows\system32\DRIVERS\inspect.sys

22:39:28.0777 5952 inspect - ok

22:39:28.0866 5952 IntcAzAudAddService (4630ad36cbfe2c5f4d96d95be7597585) C:\Windows\system32\drivers\RTKVHD64.sys

22:39:28.0937 5952 IntcAzAudAddService - ok

22:39:29.0033 5952 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys

22:39:29.0051 5952 intelide - ok

22:39:29.0075 5952 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys

22:39:29.0115 5952 intelppm - ok

22:39:29.0142 5952 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll

22:39:29.0213 5952 IPBusEnum - ok

22:39:29.0263 5952 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys

22:39:29.0307 5952 IpFilterDriver - ok

22:39:29.0335 5952 iphlpsvc (bf0dbfa9792c5c14fa00f61c75116c1b) C:\Windows\System32\iphlpsvc.dll

22:39:29.0376 5952 iphlpsvc - ok

22:39:29.0379 5952 IpInIp - ok

22:39:29.0413 5952 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys

22:39:29.0472 5952 IPMIDRV - ok

22:39:29.0498 5952 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys

22:39:29.0556 5952 IPNAT - ok

22:39:29.0667 5952 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe

22:39:29.0706 5952 iPod Service - ok

22:39:29.0727 5952 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys

22:39:29.0761 5952 IRENUM - ok

22:39:29.0798 5952 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys

22:39:29.0811 5952 isapnp - ok

22:39:29.0831 5952 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys

22:39:29.0862 5952 iScsiPrt - ok

22:39:29.0877 5952 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys

22:39:29.0890 5952 iteatapi - ok

22:39:29.0921 5952 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys

22:39:29.0934 5952 iteraid - ok

22:39:29.0958 5952 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys

22:39:29.0971 5952 kbdclass - ok

22:39:29.0995 5952 kbdhid (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\drivers\kbdhid.sys

22:39:30.0054 5952 kbdhid - ok

22:39:30.0083 5952 KeyIso (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe

22:39:30.0127 5952 KeyIso - ok

22:39:30.0176 5952 KSecDD (88956ad9fa510848ad176777a6c6c1f5) C:\Windows\system32\Drivers\ksecdd.sys

22:39:30.0206 5952 KSecDD - ok

22:39:30.0229 5952 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys

22:39:30.0271 5952 ksthunk - ok

22:39:30.0299 5952 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll

22:39:30.0370 5952 KtmRm - ok

22:39:30.0422 5952 LanmanServer (50c7a3cb427e9bb5ed0708a669956ab5) C:\Windows\system32\srvsvc.dll

22:39:30.0464 5952 LanmanServer - ok

22:39:30.0525 5952 LanmanWorkstation (caf86fc1388be1e470f1a7b43e348adb) C:\Windows\System32\wkssvc.dll

22:39:30.0579 5952 LanmanWorkstation - ok

22:39:30.0638 5952 lirsgt (156ab2e56dc3ca0b582e3362e07cded7) C:\Windows\system32\DRIVERS\lirsgt.sys

22:39:30.0654 5952 lirsgt - ok

22:39:30.0666 5952 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys

22:39:30.0715 5952 lltdio - ok

22:39:30.0749 5952 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll

22:39:30.0808 5952 lltdsvc - ok

22:39:30.0827 5952 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll

22:39:30.0869 5952 lmhosts - ok

22:39:30.0895 5952 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys

22:39:30.0915 5952 LSI_FC - ok

22:39:30.0940 5952 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys

22:39:30.0959 5952 LSI_SAS - ok

22:39:31.0001 5952 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys

22:39:31.0023 5952 LSI_SCSI - ok

22:39:31.0048 5952 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys

22:39:31.0110 5952 luafv - ok

22:39:31.0157 5952 LVUSBS64 (9761370ffb533cf6e4a7176f4baa3ba9) C:\Windows\system32\DRIVERS\LVUSBS64.sys

22:39:31.0173 5952 LVUSBS64 - ok

22:39:31.0201 5952 Mcx2Svc (76a58df02bd4ea29f189b82d0bef17f8) C:\Windows\system32\Mcx2Svc.dll

22:39:31.0262 5952 Mcx2Svc - ok

22:39:31.0295 5952 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys

22:39:31.0313 5952 megasas - ok

22:39:31.0343 5952 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys

22:39:31.0372 5952 MegaSR - ok

22:39:31.0396 5952 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll

22:39:31.0440 5952 MMCSS - ok

22:39:31.0463 5952 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys

22:39:31.0513 5952 Modem - ok

22:39:31.0551 5952 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys

22:39:31.0607 5952 monitor - ok

22:39:31.0631 5952 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys

22:39:31.0651 5952 mouclass - ok

22:39:31.0699 5952 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys

22:39:31.0761 5952 mouhid - ok

22:39:31.0770 5952 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys

22:39:31.0789 5952 MountMgr - ok

22:39:31.0910 5952 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

22:39:31.0929 5952 MozillaMaintenance - ok

22:39:31.0977 5952 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys

22:39:31.0997 5952 mpio - ok

22:39:32.0013 5952 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys

22:39:32.0046 5952 mpsdrv - ok

22:39:32.0099 5952 MpsSvc (897e3baf68ba406a61682ae39c83900c) C:\Windows\system32\mpssvc.dll

22:39:32.0175 5952 MpsSvc - ok

22:39:32.0188 5952 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys

22:39:32.0205 5952 Mraid35x - ok

22:39:32.0228 5952 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys

22:39:32.0258 5952 MRxDAV - ok

22:39:32.0296 5952 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys

22:39:32.0329 5952 mrxsmb - ok

22:39:32.0358 5952 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys

22:39:32.0410 5952 mrxsmb10 - ok

22:39:32.0433 5952 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys

22:39:32.0466 5952 mrxsmb20 - ok

22:39:32.0479 5952 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys

22:39:32.0497 5952 msahci - ok

22:39:32.0523 5952 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys

22:39:32.0544 5952 msdsm - ok

22:39:32.0582 5952 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe

22:39:32.0628 5952 MSDTC - ok

22:39:32.0652 5952 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys

22:39:32.0683 5952 Msfs - ok

22:39:32.0730 5952 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys

22:39:32.0742 5952 msisadrv - ok

22:39:32.0776 5952 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll

22:39:32.0826 5952 MSiSCSI - ok

22:39:32.0829 5952 msiserver - ok

22:39:32.0869 5952 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys

22:39:32.0905 5952 MSKSSRV - ok

22:39:32.0917 5952 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys

22:39:32.0959 5952 MSPCLOCK - ok

22:39:32.0977 5952 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys

22:39:33.0025 5952 MSPQM - ok

22:39:33.0062 5952 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys

22:39:33.0080 5952 MsRPC - ok

22:39:33.0085 5952 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys

22:39:33.0098 5952 mssmbios - ok

22:39:33.0138 5952 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys

22:39:33.0213 5952 MSTEE - ok

22:39:33.0233 5952 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys

22:39:33.0251 5952 Mup - ok

22:39:33.0293 5952 napagent (a5b10c845e7538c60c0f5d87a57cb3f5) C:\Windows\system32\qagentRT.dll

22:39:33.0345 5952 napagent - ok

22:39:33.0401 5952 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys

22:39:33.0420 5952 NativeWifiP - ok

22:39:33.0532 5952 NBService (87a00faedd703d8d2bdcb29ce5eeea6b) C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe

22:39:33.0598 5952 NBService ( UnsignedFile.Multi.Generic ) - warning

22:39:33.0598 5952 NBService - detected UnsignedFile.Multi.Generic (1)

22:39:33.0650 5952 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys

22:39:33.0685 5952 NDIS - ok

22:39:33.0709 5952 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys

22:39:33.0741 5952 NdisTapi - ok

22:39:33.0763 5952 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys

22:39:33.0813 5952 Ndisuio - ok

22:39:33.0850 5952 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys

22:39:33.0895 5952 NdisWan - ok

22:39:33.0907 5952 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys

22:39:33.0939 5952 NDProxy - ok

22:39:33.0946 5952 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys

22:39:34.0004 5952 NetBIOS - ok

22:39:34.0030 5952 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys

22:39:34.0066 5952 netbt - ok

22:39:34.0075 5952 Netlogon (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe

22:39:34.0118 5952 Netlogon - ok

22:39:34.0165 5952 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll

22:39:34.0226 5952 Netman - ok

22:39:34.0318 5952 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

22:39:34.0365 5952 NetMsmqActivator - ok

22:39:34.0368 5952 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

22:39:34.0385 5952 NetPipeActivator - ok

22:39:34.0441 5952 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll

22:39:34.0488 5952 netprofm - ok

22:39:34.0493 5952 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

22:39:34.0509 5952 NetTcpActivator - ok

22:39:34.0513 5952 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

22:39:34.0531 5952 NetTcpPortSharing - ok

22:39:34.0550 5952 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys

22:39:34.0562 5952 nfrd960 - ok

22:39:34.0588 5952 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll

22:39:34.0621 5952 NlaSvc - ok

22:39:34.0644 5952 nmwcdcx64 (41a5ec6cfbe45e5d62eafae348ea62ff) C:\Windows\system32\drivers\ccdcmbox64.sys

22:39:34.0683 5952 nmwcdcx64 - ok

22:39:34.0736 5952 nmwcdx64 (b246c3bb25d49c127cf202bd7e0ea2e8) C:\Windows\system32\drivers\ccdcmbx64.sys

22:39:34.0772 5952 nmwcdx64 - ok

22:39:34.0790 5952 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys

22:39:34.0814 5952 Npfs - ok

22:39:34.0817 5952 npggsvc - ok

22:39:34.0820 5952 NPPTNT2 - ok

22:39:34.0842 5952 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll

22:39:34.0903 5952 nsi - ok

22:39:34.0925 5952 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys

22:39:34.0983 5952 nsiproxy - ok

22:39:35.0060 5952 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys

22:39:35.0133 5952 Ntfs - ok

22:39:35.0207 5952 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys

22:39:35.0263 5952 Null - ok

22:39:35.0321 5952 NVHDA (8d4aac74b571fc356560e5b308955e93) C:\Windows\system32\drivers\nvhda64v.sys

22:39:35.0341 5952 NVHDA - ok

22:39:35.0773 5952 nvlddmkm (11b62a15d62b08860baf887a189a9705) C:\Windows\system32\DRIVERS\nvlddmkm.sys

22:39:36.0298 5952 nvlddmkm - ok

22:39:36.0372 5952 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys

22:39:36.0392 5952 nvraid - ok

22:39:36.0418 5952 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys

22:39:36.0438 5952 nvstor - ok

22:39:36.0505 5952 nvsvc (69707e58a10450ec04026d1f75473ed5) C:\Windows\system32\nvvsvc.exe

22:39:36.0571 5952 nvsvc - ok

22:39:36.0688 5952 nvUpdatusService (1896053055658cd13fa1109838ad2eef) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

22:39:36.0750 5952 nvUpdatusService - ok

22:39:36.0819 5952 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys

22:39:36.0839 5952 nv_agp - ok

22:39:36.0842 5952 NwlnkFlt - ok

22:39:36.0847 5952 NwlnkFwd - ok

22:39:36.0965 5952 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

22:39:36.0991 5952 odserv - ok

22:39:37.0039 5952 ohci1394 (7b58953e2f263421fdbb09a192712a85) C:\Windows\system32\drivers\ohci1394.sys

22:39:37.0103 5952 ohci1394 - ok

22:39:37.0137 5952 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

22:39:37.0156 5952 ose - ok

22:39:37.0338 5952 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

22:39:37.0540 5952 osppsvc - ok

22:39:37.0626 5952 p2pimsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll

22:39:37.0698 5952 p2pimsvc - ok

22:39:37.0705 5952 p2psvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll

22:39:37.0739 5952 p2psvc - ok

22:39:37.0798 5952 Parport (4c6a7fd04ddf4db88791048382e3edb1) C:\Windows\system32\DRIVERS\parport.sys

22:39:37.0859 5952 Parport - ok

22:39:37.0897 5952 partmgr (b43751085e2abe389da466bc62a4b987) C:\Windows\system32\drivers\partmgr.sys

22:39:37.0917 5952 partmgr - ok

22:39:37.0936 5952 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll

22:39:37.0960 5952 PcaSvc - ok

22:39:37.0988 5952 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys

22:39:38.0029 5952 pci - ok

22:39:38.0074 5952 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys

22:39:38.0093 5952 pciide - ok

22:39:38.0128 5952 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys

22:39:38.0149 5952 pcmcia - ok

22:39:38.0189 5952 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys

22:39:38.0294 5952 PEAUTH - ok

22:39:38.0353 5952 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe

22:39:38.0412 5952 PerfHost - ok

22:39:38.0476 5952 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll

22:39:38.0591 5952 pla - ok

22:39:38.0653 5952 PlugPlay (fe6b0f59215c9fd9f9d26539c58c8b82) C:\Windows\system32\umpnpmgr.dll

22:39:38.0726 5952 PlugPlay - ok

22:39:38.0730 5952 PnkBstrA - ok

22:39:38.0791 5952 PNRPAutoReg (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll

22:39:38.0839 5952 PNRPAutoReg - ok

22:39:38.0847 5952 PNRPsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll

22:39:38.0897 5952 PNRPsvc - ok

22:39:38.0944 5952 PolicyAgent (89a5560671c2d8b4a4b51f3e1aa069d8) C:\Windows\System32\ipsecsvc.dll

22:39:39.0016 5952 PolicyAgent - ok

22:39:39.0098 5952 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys

22:39:39.0133 5952 PptpMiniport - ok

22:39:39.0157 5952 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys

22:39:39.0202 5952 Processor - ok

22:39:39.0241 5952 ProfSvc (e058ce4fc2449d8bfa14739c83b7ff2a) C:\Windows\system32\profsvc.dll

22:39:39.0277 5952 ProfSvc - ok

22:39:39.0295 5952 ProtectedStorage (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe

22:39:39.0316 5952 ProtectedStorage - ok

22:39:39.0359 5952 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys

22:39:39.0392 5952 PSched - ok

22:39:39.0461 5952 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys

22:39:39.0531 5952 ql2300 - ok

22:39:39.0556 5952 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys

22:39:39.0575 5952 ql40xx - ok

22:39:39.0610 5952 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll

22:39:39.0645 5952 QWAVE - ok

22:39:39.0659 5952 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys

22:39:39.0708 5952 QWAVEdrv - ok

22:39:39.0729 5952 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys

22:39:39.0786 5952 RasAcd - ok

22:39:39.0810 5952 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll

22:39:39.0894 5952 RasAuto - ok

22:39:39.0928 5952 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys

22:39:39.0968 5952 Rasl2tp - ok

22:39:39.0992 5952 RasMan (3ad83e4046c43be510de681588acb8af) C:\Windows\System32\rasmans.dll

22:39:40.0064 5952 RasMan - ok

22:39:40.0098 5952 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys

22:39:40.0131 5952 RasPppoe - ok

22:39:40.0194 5952 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys

22:39:40.0216 5952 RasSstp - ok

22:39:40.0264 5952 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys

22:39:40.0301 5952 rdbss - ok

22:39:40.0321 5952 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys

22:39:40.0361 5952 RDPCDD - ok

22:39:40.0390 5952 rdpdr (ae23e79b13feb62939e2ca1189e71735) C:\Windows\system32\DRIVERS\rdpdr.sys

22:39:40.0447 5952 rdpdr - ok

22:39:40.0451 5952 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys

22:39:40.0506 5952 RDPENCDD - ok

22:39:40.0551 5952 RDPWD (ae4bd9e1c33d351d8e607fc81f15160c) C:\Windows\system32\drivers\RDPWD.sys

22:39:40.0590 5952 RDPWD - ok

22:39:40.0637 5952 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll

22:39:40.0697 5952 RemoteAccess - ok

22:39:40.0731 5952 RemoteRegistry (44b9d8ec2f3ef3a0efb00857af70d861) C:\Windows\system32\regsvc.dll

22:39:40.0782 5952 RemoteRegistry - ok

22:39:40.0806 5952 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe

22:39:40.0834 5952 RpcLocator - ok

22:39:40.0868 5952 RpcSs (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll

22:39:40.0913 5952 RpcSs - ok

22:39:40.0935 5952 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys

22:39:40.0977 5952 rspndr - ok

22:39:41.0004 5952 RTL8169 (faeeed5a8949e6ba611a7b738ad28cee) C:\Windows\system32\DRIVERS\Rtlh64.sys

22:39:41.0029 5952 RTL8169 - ok

22:39:41.0044 5952 SamSs (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe

22:39:41.0065 5952 SamSs - ok

22:39:41.0089 5952 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys

22:39:41.0107 5952 sbp2port - ok

22:39:41.0140 5952 SCardSvr (fd1cdcf108d5ef3366f00d18b70fb89b) C:\Windows\System32\SCardSvr.dll

22:39:41.0193 5952 SCardSvr - ok

22:39:41.0248 5952 Schedule (0f838c811ad295d2a4489b9993096c63) C:\Windows\system32\schedsvc.dll

22:39:41.0311 5952 Schedule - ok

22:39:41.0345 5952 SCPolicySvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll

22:39:41.0376 5952 SCPolicySvc - ok

22:39:41.0400 5952 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll

22:39:41.0444 5952 SDRSVC - ok

22:39:41.0469 5952 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

22:39:41.0528 5952 secdrv - ok

22:39:41.0539 5952 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll

22:39:41.0583 5952 seclogon - ok

22:39:41.0595 5952 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\System32\sens.dll

22:39:41.0643 5952 SENS - ok

22:39:41.0666 5952 Serenum (2449316316411d65bd2c761a6ffb2ce2) C:\Windows\system32\DRIVERS\serenum.sys

22:39:41.0696 5952 Serenum - ok

22:39:41.0707 5952 Serial (4b438170be2fc8e0bd35ee87a960f84f) C:\Windows\system32\DRIVERS\serial.sys

22:39:41.0754 5952 Serial - ok

22:39:41.0770 5952 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys

22:39:41.0810 5952 sermouse - ok

22:39:41.0842 5952 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll

22:39:41.0892 5952 SessionEnv - ok

22:39:41.0914 5952 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys

22:39:41.0975 5952 sffdisk - ok

22:39:41.0990 5952 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys

22:39:42.0041 5952 sffp_mmc - ok

22:39:42.0050 5952 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys

22:39:42.0091 5952 sffp_sd - ok

22:39:42.0100 5952 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys

22:39:42.0153 5952 sfloppy - ok

22:39:42.0191 5952 SharedAccess (4c5aee179da7e1ee9a9ccb9da289af34) C:\Windows\System32\ipnathlp.dll

22:39:42.0228 5952 SharedAccess - ok

22:39:42.0278 5952 ShellHWDetection (56793271ecdedd350c5add305603e963) C:\Windows\System32\shsvcs.dll

22:39:42.0298 5952 ShellHWDetection - ok

22:39:42.0322 5952 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys

22:39:42.0335 5952 SiSRaid2 - ok

22:39:42.0349 5952 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys

22:39:42.0363 5952 SiSRaid4 - ok

22:39:42.0416 5952 SkypeUpdate (ddaa5f4a6b958fc313ebd02dd925752f) C:\Program Files (x86)\Skype\Updater\Updater.exe

22:39:42.0429 5952 SkypeUpdate - ok

22:39:42.0530 5952 slsvc (a9a27a8e257b45a604fdad4f26fe7241) C:\Windows\system32\SLsvc.exe

22:39:42.0694 5952 slsvc - ok

22:39:42.0813 5952 SLUINotify (fd74b4b7c2088e390a30c85a896fc3af) C:\Windows\system32\SLUINotify.dll

22:39:42.0863 5952 SLUINotify - ok

22:39:42.0922 5952 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys

22:39:42.0955 5952 Smb - ok

22:39:42.0979 5952 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe

22:39:43.0017 5952 SNMPTRAP - ok

22:39:43.0068 5952 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys

22:39:43.0086 5952 spldr - ok

22:39:43.0129 5952 Spooler (f66ff751e7efc816d266977939ef5dc3) C:\Windows\System32\spoolsv.exe

22:39:43.0163 5952 Spooler - ok

22:39:43.0241 5952 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys

22:39:43.0241 5952 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb

22:39:43.0243 5952 sptd ( LockedFile.Multi.Generic ) - warning

22:39:43.0243 5952 sptd - detected LockedFile.Multi.Generic (1)

22:39:43.0289 5952 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys

22:39:43.0348 5952 srv - ok

22:39:43.0414 5952 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys

22:39:43.0452 5952 srv2 - ok

22:39:43.0489 5952 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys

22:39:43.0511 5952 srvnet - ok

22:39:43.0524 5952 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll

22:39:43.0571 5952 SSDPSRV - ok

22:39:43.0618 5952 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll

22:39:43.0643 5952 SstpSvc - ok

22:39:43.0710 5952 Steam Client Service - ok

22:39:43.0806 5952 Stereo Service (e41837b8f2228be202bd582242a4e810) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

22:39:43.0831 5952 Stereo Service - ok

22:39:43.0888 5952 stisvc (15825c1fbfb8779992cb65087f316af5) C:\Windows\System32\wiaservc.dll

22:39:43.0958 5952 stisvc - ok

22:39:44.0025 5952 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys

22:39:44.0042 5952 swenum - ok

22:39:44.0098 5952 swprv (6de37f4de19d4efd9c48c43addbc949a) C:\Windows\System32\swprv.dll

22:39:44.0153 5952 swprv - ok

22:39:44.0192 5952 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys

22:39:44.0209 5952 Symc8xx - ok

22:39:44.0220 5952 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys

22:39:44.0237 5952 Sym_hi - ok

22:39:44.0250 5952 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys

22:39:44.0267 5952 Sym_u3 - ok

22:39:44.0322 5952 SysMain (92d7a8b0f87b036f17d25885937897a6) C:\Windows\system32\sysmain.dll

22:39:44.0406 5952 SysMain - ok

22:39:44.0443 5952 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll

22:39:44.0489 5952 TabletInputService - ok

22:39:44.0533 5952 TapiSrv (cc2562b4d55e0b6a4758c65407f63b79) C:\Windows\System32\tapisrv.dll

22:39:44.0582 5952 TapiSrv - ok

22:39:44.0602 5952 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll

22:39:44.0666 5952 TBS - ok

22:39:44.0755 5952 Tcpip (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\drivers\tcpip.sys

22:39:44.0846 5952 Tcpip - ok

22:39:44.0956 5952 Tcpip6 (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\DRIVERS\tcpip.sys

22:39:45.0029 5952 Tcpip6 - ok

22:39:45.0110 5952 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys

22:39:45.0131 5952 tcpipreg - ok

22:39:45.0156 5952 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys

22:39:45.0212 5952 TDPIPE - ok

22:39:45.0230 5952 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys

22:39:45.0283 5952 TDTCP - ok

22:39:45.0322 5952 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys

22:39:45.0374 5952 tdx - ok

22:39:45.0405 5952 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys

22:39:45.0426 5952 TermDD - ok

22:39:45.0476 5952 TermService (5cdd30bc217082dac71a9878d9bfd566) C:\Windows\System32\termsrv.dll

22:39:45.0553 5952 TermService - ok

22:39:45.0597 5952 Themes (56793271ecdedd350c5add305603e963) C:\Windows\system32\shsvcs.dll

22:39:45.0622 5952 Themes - ok

22:39:45.0643 5952 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll

22:39:45.0685 5952 THREADORDER - ok

22:39:45.0707 5952 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll

22:39:45.0772 5952 TrkWks - ok

22:39:45.0814 5952 TrustedInstaller (ac6ff1df22ed90bad6417ee5a4c6e2f0) C:\Windows\servicing\TrustedInstaller.exe

22:39:45.0854 5952 TrustedInstaller - ok

22:39:45.0876 5952 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys

22:39:45.0918 5952 tssecsrv - ok

22:39:45.0941 5952 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys

22:39:45.0969 5952 tunmp - ok

22:39:45.0992 5952 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys

22:39:46.0021 5952 tunnel - ok

22:39:46.0045 5952 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys

22:39:46.0064 5952 uagp35 - ok

22:39:46.0103 5952 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys

22:39:46.0140 5952 udfs - ok

22:39:46.0217 5952 ufad-ws60 (3f2d08b07cf67cb37e669a93e59a508c) C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe

22:39:46.0236 5952 ufad-ws60 - ok

22:39:46.0251 5952 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe

22:39:46.0315 5952 UI0Detect - ok

22:39:46.0333 5952 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys

22:39:46.0351 5952 uliagpkx - ok

22:39:46.0372 5952 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys

22:39:46.0395 5952 uliahci - ok

22:39:46.0410 5952 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys

22:39:46.0427 5952 UlSata - ok

22:39:46.0452 5952 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys

22:39:46.0468 5952 ulsata2 - ok

22:39:46.0478 5952 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys

22:39:46.0508 5952 umbus - ok

22:39:46.0522 5952 UmRdpService (dc5e34f189b827199b9cc8481c648269) C:\Windows\System32\umrdp.dll

22:39:46.0560 5952 UmRdpService - ok

22:39:46.0592 5952 upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll

22:39:46.0657 5952 upnphost - ok

22:39:46.0711 5952 upperdev (5462f35baf43f64cf6557cba79bf00ec) C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys

22:39:46.0752 5952 upperdev - ok

22:39:46.0803 5952 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys

22:39:46.0842 5952 USBAAPL64 - ok

22:39:46.0897 5952 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys

22:39:46.0948 5952 usbaudio - ok

22:39:47.0002 5952 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys

22:39:47.0042 5952 usbccgp - ok

22:39:47.0058 5952 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys

22:39:47.0118 5952 usbcir - ok

22:39:47.0144 5952 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys

22:39:47.0176 5952 usbehci - ok

22:39:47.0196 5952 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys

22:39:47.0254 5952 usbhub - ok

22:39:47.0270 5952 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys

22:39:47.0330 5952 usbohci - ok

22:39:47.0368 5952 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys

22:39:47.0399 5952 usbprint - ok

22:39:47.0446 5952 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys

22:39:47.0487 5952 usbscan - ok

22:39:47.0504 5952 usbser (f7386007fb19e7685fc7b298560aa81f) C:\Windows\system32\drivers\usbser.sys

22:39:47.0543 5952 usbser - ok

22:39:47.0558 5952 UsbserFilt (f8ab6d4f8badfbcb51ed14cac982cd10) C:\Windows\system32\DRIVERS\usbser_lowerfltx64j.sys

22:39:47.0578 5952 UsbserFilt - ok

22:39:47.0603 5952 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS

22:39:47.0626 5952 USBSTOR - ok

22:39:47.0644 5952 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys

22:39:47.0671 5952 usbuhci - ok

22:39:47.0717 5952 UxSms (d76e231e4850bb3f88a3d9a78df191e3) C:\Windows\System32\uxsms.dll

22:39:47.0767 5952 UxSms - ok

22:39:47.0815 5952 vds (294945381dfa7ce58cecf0a9896af327) C:\Windows\System32\vds.exe

22:39:47.0885 5952 vds - ok

22:39:47.0909 5952 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys

22:39:47.0950 5952 vga - ok

22:39:47.0970 5952 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys

22:39:48.0010 5952 VgaSave - ok

22:39:48.0030 5952 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys

22:39:48.0046 5952 viaide - ok

22:39:48.0137 5952 VMAuthdService (caa6f68bb4c1dbe554b4607ca1acaab5) C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe

22:39:48.0153 5952 VMAuthdService - ok

22:39:48.0173 5952 vmci (9bc38986a8f0e85f27cc18a196808f52) C:\Windows\system32\drivers\vmci.sys

22:39:48.0189 5952 vmci - ok

22:39:48.0242 5952 vmkbd (ac9dc0f511c56125483a5fb385d0bc80) C:\Windows\system32\drivers\VMkbd.sys

22:39:48.0257 5952 vmkbd - ok

22:39:48.0303 5952 VMnetAdapter (9d54f1339e78c95bf3d9939ebcb66378) C:\Windows\system32\DRIVERS\vmnetadapter.sys

22:39:48.0318 5952 VMnetAdapter - ok

22:39:48.0370 5952 VMnetBridge (fb54ef3aa613d2832fd3812e7cb2fc75) C:\Windows\system32\DRIVERS\vmnetbridge.sys

22:39:48.0387 5952 VMnetBridge - ok

22:39:48.0392 5952 VMnetDHCP - ok

22:39:48.0403 5952 VMnetuserif (b4686ed49494a4264e867a7938fad24b) C:\Windows\system32\drivers\vmnetuserif.sys

22:39:48.0418 5952 VMnetuserif - ok

22:39:48.0434 5952 VMparport (b5cae805fcca38f35e6874c2dae0beb8) C:\Windows\system32\drivers\VMparport.sys

22:39:48.0449 5952 VMparport - ok

22:39:48.0497 5952 vmusb (415b167695c4b5960a13098622ef3d80) C:\Windows\system32\Drivers\vmusb.sys

22:39:48.0512 5952 vmusb - ok

22:39:48.0599 5952 VMUSBArbService (f38f5e1d9dec6cd1955a91ab141a88fb) C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe

22:39:48.0645 5952 VMUSBArbService - ok

22:39:48.0651 5952 VMware NAT Service - ok

22:39:48.0684 5952 vmx86 (4b4987b8850de542f23621b881b10342) C:\Windows\system32\drivers\vmx86.sys

22:39:48.0701 5952 vmx86 - ok

22:39:48.0720 5952 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys

22:39:48.0740 5952 volmgr - ok

22:39:48.0790 5952 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys

22:39:48.0818 5952 volmgrx - ok

22:39:48.0840 5952 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys

22:39:48.0864 5952 volsnap - ok

22:39:48.0894 5952 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys

22:39:48.0915 5952 vsmraid - ok

22:39:48.0983 5952 VSS (b75232dad33bfd95bf6f0a3e6bff51e1) C:\Windows\system32\vssvc.exe

22:39:49.0080 5952 VSS - ok

22:39:49.0164 5952 vstor2-ws60 (69f57e89e6ebc5012d210527af005a70) C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys

22:39:49.0179 5952 vstor2-ws60 - ok

22:39:49.0308 5952 W32Time (f14a7de2ea41883e250892e1e5230a9a) C:\Windows\system32\w32time.dll

22:39:49.0386 5952 W32Time - ok

22:39:49.0448 5952 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys

22:39:49.0527 5952 WacomPen - ok

22:39:49.0546 5952 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys

22:39:49.0596 5952 Wanarp - ok

22:39:49.0600 5952 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys

22:39:49.0633 5952 Wanarpv6 - ok

22:39:49.0673 5952 wbengine (48eee289df9e4989128b2283f3eeacc6) C:\Windows\system32\wbengine.exe

22:39:49.0730 5952 wbengine - ok

22:39:49.0754 5952 wcncsvc (b4e4c37d0aa6100090a53213ee2bf1c1) C:\Windows\System32\wcncsvc.dll

22:39:49.0789 5952 wcncsvc - ok

22:39:49.0812 5952 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll

22:39:49.0863 5952 WcsPlugInService - ok

22:39:49.0880 5952 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys

22:39:49.0898 5952 Wd - ok

22:39:49.0977 5952 WDBtnMgrSvc.exe (7b8cdbdeb84da1a0c8897728beba80b8) C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe

22:39:50.0005 5952 WDBtnMgrSvc.exe ( UnsignedFile.Multi.Generic ) - warning

22:39:50.0005 5952 WDBtnMgrSvc.exe - detected UnsignedFile.Multi.Generic (1)

22:39:50.0054 5952 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys

22:39:50.0093 5952 Wdf01000 - ok

22:39:50.0114 5952 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll

22:39:50.0179 5952 WdiServiceHost - ok

22:39:50.0183 5952 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll

22:39:50.0227 5952 WdiSystemHost - ok

22:39:50.0253 5952 WebClient (3e6d05381cf35f75ebb055544a8ed9ac) C:\Windows\System32\webclnt.dll

22:39:50.0315 5952 WebClient - ok

22:39:50.0353 5952 Wecsvc (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll

22:39:50.0380 5952 Wecsvc - ok

22:39:50.0394 5952 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll

22:39:50.0449 5952 wercplsupport - ok

22:39:50.0477 5952 WerSvc (66b9ecebc46683f47edc06333c075fef) C:\Windows\System32\WerSvc.dll

22:39:50.0537 5952 WerSvc - ok

22:39:50.0609 5952 WinDefend - ok

22:39:50.0619 5952 WinHttpAutoProxySvc - ok

22:39:50.0693 5952 Winmgmt (d2e7296ed1bd26d8db2799770c077a02) C:\Windows\system32\wbem\WMIsvc.dll

22:39:50.0735 5952 Winmgmt - ok

22:39:50.0829 5952 WinRM (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll

22:39:50.0935 5952 WinRM - ok

22:39:51.0069 5952 Wlansvc (ec339c8115e91baed835957e9a677f16) C:\Windows\System32\wlansvc.dll

22:39:51.0106 5952 Wlansvc - ok

22:39:51.0262 5952 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

22:39:51.0504 5952 wlidsvc - ok

22:39:51.0615 5952 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys

22:39:51.0658 5952 WmiAcpi - ok

22:39:51.0738 5952 wmiApSrv (21fa389e65a852698b6a1341f36ee02d) C:\Windows\system32\wbem\WmiApSrv.exe

22:39:51.0803 5952 wmiApSrv - ok

22:39:51.0859 5952 WMPNetworkSvc - ok

22:39:51.0899 5952 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll

22:39:51.0925 5952 WPCSvc - ok

22:39:51.0944 5952 WPDBusEnum (490a18b4e4d53dc10879deaa8e8b70d9) C:\Windows\system32\wpdbusenum.dll

22:39:51.0989 5952 WPDBusEnum - ok

22:39:52.0013 5952 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys

22:39:52.0055 5952 WpdUsb - ok

22:39:52.0167 5952 WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe

22:39:52.0208 5952 WPFFontCache_v0400 - ok

22:39:52.0242 5952 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys

22:39:52.0287 5952 ws2ifsl - ok

22:39:52.0329 5952 wscsvc (9ea3e6d0ef7a5c2b9181961052a4b01a) C:\Windows\System32\wscsvc.dll

22:39:52.0354 5952 wscsvc - ok

22:39:52.0359 5952 WSearch - ok

22:39:52.0447 5952 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll

22:39:52.0591 5952 wuauserv - ok

22:39:52.0695 5952 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys

22:39:52.0755 5952 WUDFRd - ok

22:39:52.0788 5952 wudfsvc (6cbd51ff913c851d56ed9dc7f2a27dde) C:\Windows\System32\WUDFSvc.dll

22:39:52.0850 5952 wudfsvc - ok

22:39:52.0897 5952 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0

22:39:53.0419 5952 \Device\Harddisk0\DR0 - ok

22:39:53.0421 5952 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1

22:39:53.0479 5952 \Device\Harddisk1\DR1 - ok

22:39:53.0495 5952 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk2\DR2

22:39:53.0726 5952 \Device\Harddisk2\DR2 - ok

22:39:53.0729 5952 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk3\DR3

22:39:53.0833 5952 \Device\Harddisk3\DR3 - ok

22:39:53.0864 5952 Boot (0x1200) (98ffb3766f22a4239831a28197fd7cbb) \Device\Harddisk0\DR0\Partition0

22:39:53.0865 5952 \Device\Harddisk0\DR0\Partition0 - ok

22:39:53.0868 5952 Boot (0x1200) (7589cf3100a2f9b0c570392e5de9f6a3) \Device\Harddisk1\DR1\Partition0

22:39:53.0869 5952 \Device\Harddisk1\DR1\Partition0 - ok

22:39:53.0872 5952 Boot (0x1200) (bdf7484911ec6092448d3ac8d8904bdb) \Device\Harddisk2\DR2\Partition0

22:39:53.0874 5952 \Device\Harddisk2\DR2\Partition0 - ok

22:39:53.0899 5952 Boot (0x1200) (a245c910d618fba0d6f630dda49b80fd) \Device\Harddisk3\DR3\Partition0

22:39:53.0902 5952 \Device\Harddisk3\DR3\Partition0 - ok

22:39:53.0902 5952 ============================================================

22:39:53.0902 5952 Scan finished

22:39:53.0902 5952 ============================================================

22:39:53.0911 3812 Detected object count: 4

22:39:53.0911 3812 Actual detected object count: 4

22:53:30.0668 3812 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user

22:53:30.0668 3812 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:53:30.0670 3812 NBService ( UnsignedFile.Multi.Generic ) - skipped by user

22:53:30.0670 3812 NBService ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:53:30.0671 3812 sptd ( LockedFile.Multi.Generic ) - skipped by user

22:53:30.0671 3812 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

22:53:30.0672 3812 WDBtnMgrSvc.exe ( UnsignedFile.Multi.Generic ) - skipped by user

22:53:30.0672 3812 WDBtnMgrSvc.exe ( UnsignedFile.Multi.Generic ) - User select action: Skip

22:53:35.0761 6044 Deinitialize success

MrCharlie · July 31, 2012

That scan was clean, please do this........

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

whatface · August 2, 2012

Here is the ComboFix log as requested:

ComboFix 12-07-31.03 - Jason 02/08/2012 18:40:06.1.4 - x64

Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.61.1033.18.4094.2267 [GMT 10:00]

Running from: c:\users\Jason\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

FW: COMODO Firewall *Disabled* {7DB03214-694B-060B-1600-BD4715C36DBB}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\Install.exe

c:\users\Jason\AppData\Roaming\.#

c:\users\Jason\Documents\~WRL0005.tmp

c:\users\Jason\Documents\~WRL4094.tmp

c:\windows\apppatch\AppLoc.exe

c:\windows\apppatch\AppLocA.exe

c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb

c:\windows\apppatch\unins000.dat

c:\windows\apppatch\unins000.exe

.

((((((((((((((((((((((((( Files Created from 2012-07-02 to 2012-08-02 )))))))))))))))))))))))))))))))

.

2012-08-02 08:52 . 2012-08-02 08:52 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-08-02 08:52 . 2012-08-02 08:52 -------- d-----w- c:\users\Guest\AppData\Local\temp

2012-08-02 08:52 . 2012-08-02 08:52 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-07-31 12:54 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D90EDCF2-D3D7-45F4-837C-9C54DDDC4783}\mpengine.dll

2012-07-29 02:17 . 2012-07-29 02:24 -------- d-----w- c:\programdata\Comodo

2012-07-29 02:17 . 2012-07-29 02:17 -------- d-----w- c:\program files\COMODO

2012-07-14 00:53 . 2012-07-14 00:53 -------- d-----w- c:\program files (x86)\Microsoft XNA

2012-07-12 09:34 . 2012-06-13 13:58 2769408 ----a-w- c:\windows\system32\win32k.sys

2012-07-12 08:52 . 2012-06-05 16:22 974848 ----a-w- c:\program files\Common Files\System\ado\msado15.dll

2012-07-12 08:52 . 2012-06-05 16:47 708608 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll

2012-07-12 08:52 . 2012-06-05 16:22 1797120 ----a-w- c:\windows\system32\msxml6.dll

2012-07-12 08:52 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\SysWow64\msxml6.dll

2012-07-12 08:52 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\SysWow64\msxml3.dll

2012-07-12 08:52 . 2012-06-05 16:22 1869824 ----a-w- c:\windows\system32\msxml3.dll

2012-07-12 08:51 . 2012-06-04 15:29 516480 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-07-12 08:51 . 2012-06-02 00:22 347136 ----a-w- c:\windows\system32\schannel.dll

2012-07-12 08:51 . 2012-06-02 00:22 254464 ----a-w- c:\windows\system32\ncrypt.dll

2012-07-12 08:51 . 2012-06-02 00:04 278528 ----a-w- c:\windows\SysWow64\schannel.dll

2012-07-12 08:51 . 2012-06-02 00:03 204288 ----a-w- c:\windows\SysWow64\ncrypt.dll

2012-07-12 08:51 . 2012-06-02 00:05 77312 ----a-w- c:\windows\SysWow64\secur32.dll

2012-07-12 08:45 . 2012-06-08 17:59 12899840 ----a-w- c:\windows\system32\shell32.dll

2012-07-10 10:21 . 2012-07-10 10:21 -------- d-----w- C:\af3e8974be320ed59df12484a71aa964

2012-07-08 04:16 . 2012-07-08 04:16 -------- d-----w- c:\users\Jason\AppData\Local\etax2012

2012-07-08 04:14 . 2012-07-08 04:15 -------- d-----w- c:\program files (x86)\etax2012

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-02 08:17 . 2009-02-12 10:05 24072 ----a-w- c:\windows\gdrv.sys

2012-07-27 13:17 . 2012-04-09 00:49 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-07-27 13:17 . 2011-05-17 00:38 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-12 09:39 . 2006-11-02 12:35 59701280 ----a-w- c:\windows\system32\mrt.exe

2012-07-03 16:21 . 2011-05-27 05:13 958400 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2012-07-03 16:21 . 2010-05-12 01:25 355856 ----a-w- c:\windows\system32\drivers\aswSP.sys

2012-07-03 16:21 . 2010-05-12 01:25 44272 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2012-07-03 16:21 . 2010-05-12 01:24 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2012-07-03 16:21 . 2010-05-12 01:24 71064 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2012-07-03 16:21 . 2010-05-12 01:25 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2012-07-03 16:21 . 2010-06-29 05:14 41224 ----a-w- c:\windows\avastSS.scr

2012-07-03 16:21 . 2010-05-12 01:24 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe

2012-07-03 16:21 . 2011-01-16 00:57 285328 ----a-w- c:\windows\system32\aswBoot.exe

2012-07-03 03:46 . 2011-05-05 10:43 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-30 05:17 . 2009-02-19 06:05 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

2012-06-30 05:17 . 2009-02-13 09:24 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2012-06-02 22:19 . 2012-06-22 10:41 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-22 10:42 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:19 . 2012-06-22 10:42 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-22 10:42 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-22 10:41 35864 ----a-w- c:\windows\SysWow64\wups.dll

2012-06-02 22:19 . 2012-06-22 10:41 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:19 . 2012-06-22 10:41 577048 ----a-w- c:\windows\SysWow64\wuapi.dll

2012-06-02 22:15 . 2012-06-22 10:42 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:15 . 2012-06-22 10:41 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 22:12 . 2012-06-22 10:41 88576 ----a-w- c:\windows\SysWow64\wudriver.dll

2012-06-02 05:19 . 2012-06-22 10:41 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 05:19 . 2012-06-22 10:41 171904 ----a-w- c:\windows\SysWow64\wuwebv.dll

2012-06-02 05:15 . 2012-06-22 10:41 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-06-02 05:12 . 2012-06-22 10:41 33792 ----a-w- c:\windows\SysWow64\wuapp.exe

2012-05-31 02:25 . 2010-05-07 04:52 279656 ------w- c:\windows\system32\MpSigStub.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 94208 ----a-w- c:\users\Jason\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 94208 ----a-w- c:\users\Jason\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 94208 ----a-w- c:\users\Jason\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-04-26 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-13 611712]

"WD Drive Manager"="c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2009-06-26 480768]

"vmware-tray"="c:\program files (x86)\VMware\VMware Workstation\vmware-tray.exe" [2010-01-22 129584]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-01 843712]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]

"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-07-03 4273976]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll

.

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-27 250056]

.

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

Themes

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-01 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 13:17]

.

2012-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-09 07:37]

.

2012-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-06-09 07:37]

.

--------- X64 Entries -----------

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-07-03 16:21 133400 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 97792 ----a-w- c:\users\Jason\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 97792 ----a-w- c:\users\Jason\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 97792 ----a-w- c:\users\Jason\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-15 00:32 97792 ----a-w- c:\users\Jason\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2008-10-13 6566432]

"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2008-10-13 1833504]

"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 9569096]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x1

"AppInit_DLLs"=c:\windows\System32\guard64.dll

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.yahoo.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000

LSP: c:\program files (x86)\VMware\VMware Workstation\vsocklib.dll

TCP: Interfaces\{BF14688D-ABC9-4D80-8AEA-06B481F015F3}: NameServer = 10.11.12.1,212.159.11.150

CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll

FF - ProfilePath - c:\users\Jason\AppData\Roaming\Mozilla\Firefox\Profiles\siuio95h.default\

FF - prefs.js: browser.startup.homepage - www.yahoo.com/

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKCU-Run-AdobeBridge - (no file)

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

AddRemove-{9143B17E-BBDE-4EA7-A4E3-20D384D9C8A5}_is1 - c:\windows\AppPatch\unins000.exe

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]

@Denied: (A 2) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]

@="Shockwave Flash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]

@Denied: (A 2) (Everyone)

@=""

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]

@="FlashBroker"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]

"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\VMware, Inc.\VMnetLibSaved\VMnetBridge]

@DACL=(02 0000)

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

Completion time: 2012-08-02 18:57:12

ComboFix-quarantined-files.txt 2012-08-02 08:57

.

Pre-Run: 668,132,282,368 bytes free

Post-Run: 669,500,407,808 bytes free

.

- - End Of File - - 3036941D78E53CE598395E85747BA869

MrCharlie · August 2, 2012

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: COMODO Firewall *Disabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

It looks like you have Avast, Comodo and Defender running, this is no good.

You only should have one anti-virus program running on the machine.

-----------------------------

Please do this...........

Download TFC to your desktop

Close any open windows.

Double click the TFC icon to run the program

TFC will close all open programs itself in order to run,

Click the Start button to begin the process.

Allow TFC to run uninterrupted.

The program should not take long to finish it's job

Once its finished it should automatically reboot your machine,

if it doesn't, manually reboot to ensure a complete clean

-----------------------------

Please Update and run a Quick Scan with MBAM, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

whatface · August 3, 2012

Windows Defender is usually disabled when I have Avast! running. Looks like it enabled itself when I turned off Avast. As for COMODO, I use it as a firewall but did not realise it came with an AV. Shall I just disable COMODO Defense+ ?

MrCharlie · August 3, 2012

Yes, MrC

whatface · August 3, 2012

Done and requested and scanned with MBAM. After running TFC, I noticed a $RECYCLE.BIN folder in my E: drive with some hidden folders in it. Is it safe to remove?

The startup times seem to be the same, but now that I think about it, it has been like that even before I had the malware problem. Applications seem to be loading faster after the welcome screen though. Other than that, my PC works perfectly fine and I haven't encountered any problems so far.

Here is the MBAM log:

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.03.02

Windows Vista Service Pack 2 x64 NTFS

Internet Explorer 9.0.8112.16421

Jason :: JASON-PC [administrator]

3/08/2012 6:51:52 PM

mbam-log-2012-08-03 (18-51-52).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 239680

Time elapsed: 7 minute(s), 1 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

MrCharlie · August 3, 2012

Great > here's some links on slow computers:

http://www.malwarere...nningslowly.php

http://users.telenet...owcomputer.html

http://forums.malwar...showtopic=81990

-----------------------------

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall)

---------------------------------

Please download OTL from one of the links below: (you may already have OTL on the system)

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, etc....

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

whatface · August 4, 2012

Thank you for your time and assistance MrC. I appreciate it. I can now have a peace of mind knowing that there probably isn't anything nasty on my system, and my PC seems to be running a tad faster as the result of the cleanup.

One thing though, I tried downloading OTL from http://oldtimer.geekstogo.com/OTL.exe and http://oldtimer.geekstogo.com/OTL.com but it looks like the links are down. I'm guessing they're just down temporarily?

LDTate · August 4, 2012

Link is working now.

LDTate · August 4, 2012

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Email hijacked and slow startup times. Possible Malware?

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information