Jump to content

scvhost and Adobe Flash player Virus


Recommended Posts

Hello, recently i was infected with an scvhost and adobe flash player virus. Under task manager i can see from 2-8 scvhosts running, and adobe flash player constantly crashes, asks to try and update which i always cancel. I cannot get rid of this virus myself, i appreciate any sort of assistance in cleaning up my system.

Thank you, i have pasted DDS log, attached the attach log, and also a malwarebytes log at the bottom

(PS no matter how many times i run malwarebytes the rootkits/trojans keep showing up)

DDS log

============

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_31

Run by Ghostshell at 12:05:25 on 2012-08-10

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8180.3951 [GMT -7:00]

.

AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\PROGRA~2\AVG\AVG2012\avgrsa.exe

C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_056607ee0106e5e8\STacSV64.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files (x86)\Stardock\MyColors\VistaSrv.exe

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\Stardock\MyColors\WBVista.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE

C:\Program Files\Dell\DW WLAN Card\bcmwltry.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_056607ee0106e5e8\AESTSr64.exe

C:\Program Files\Alienware\Command Center\AlienFusionService.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe

C:\Program Files (x86)\OSD\OSD_Service.exe

c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe

C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe

C:\Program Files (x86)\AVG\AVG2012\avgemca.exe

C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Alienware\Command Center\AlienFusionController.exe

C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE

C:\Program Files\IDT\WDM\sttray64.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe

C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe

C:\Program Files (x86)\AVG\AVG2012\avgtray.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\Alienware\Command Center\AlienSense\FATrayAlert.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Alienware\Command Center\AlienFXHook32Mngr.exe

C:\Program Files\Alienware\Command Center\AlienFXHook64Mngr.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

-netsvcs

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Windows\system32\WLANExt.exe

C:\Windows\system32\conhost.exe

"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\DllHost.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://isearch.avg.com/?cid={66452CD3-7FAD-429C-82D2-C6A90D55E54A}&mid=500452e994ba47d1b4dd787cac9f0712-48643e70690374b37bf2810e9fd57bd51de19c8a〈=en&ds=ft011&pr=sa&d=2012-07-06 23:20:37&v=11.1.0.12&sap=hp

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: H - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll

BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: SSOIEAddonBHO Class: {da5bce70-d057-4d63-943d-5f3927ec59f1} - C:\Program Files\Alienware\Command Center\AlienSense\FAIESSO.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: Microsoft Web Test Recorder 10.0 Helper: {dda57003-0068-4ed2-9d32-4d1ec707d94d} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

mRun: [FATrayAlert] C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe

mRun: [YouCam Mirage] "C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"

mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

mRun: [FAStartup]

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\STARDO~1.LNK - C:\Program Files (x86)\Stardock\MyColors\SDDelayedLaunch.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

LSP: mswsock.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{3DE8CC97-3A1E-4A03-BC04-24E47C25F59A} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{3DE8CC97-3A1E-4A03-BC04-24E47C25F59A}\2375942554632333 : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{3DE8CC97-3A1E-4A03-BC04-24E47C25F59A}\2375942554638383 : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{3DE8CC97-3A1E-4A03-BC04-24E47C25F59A}\4586560224164736166756 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{3DE8CC97-3A1E-4A03-BC04-24E47C25F59A}\46C696E6B602231333 : DhcpNameServer = 128.54.16.2 132.239.0.252

TCP: Interfaces\{3DE8CC97-3A1E-4A03-BC04-24E47C25F59A}\C696E6B6379737 : DhcpNameServer = 209.18.47.61 209.18.47.62

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Notify: FastAccess - C:\Program Files\Alienware\Command Center\AlienSense\FALogNot.dll

LSA: Notification Packages = scecli FAPassSync

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll

BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File

BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: SSOIEAddonBHO Class: {DA5BCE70-D057-4D63-943D-5F3927EC59F1} - C:\Program Files\Alienware\Command Center\AlienSense\FAIESSO.dll

BHO-X64: SSOIEAddonBHO - No File

BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: Microsoft Web Test Recorder 10.0 Helper: {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll

TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

mRun-x64: [FATrayAlert] C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe

mRun-x64: [YouCam Mirage] "C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"

mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

mRun-x64: [FAStartup]

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRunOnce-x64: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Ghostshell\AppData\Roaming\Mozilla\Firefox\Profiles\r5k9gv91.default\

FF - prefs.js: browser.startup.homepage - about:home

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?q=

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\Users\Ghostshell\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll

FF - plugin: C:\Users\Ghostshell\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll

.

---- FIREFOX POLICIES ----

FF - user.js: extensions.incredibar_i.newTab - false

FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6R8fAMlSQM&loc=IB_TB&i=26&search=

FF - user.js: extensions.incredibar_i.id - 32b459e3000000000000c446192559ba

FF - user.js: extensions.incredibar_i.hardId - 32b459e3000000000000c446192559ba

FF - user.js: extensions.incredibar_i.instlDay - 15341

FF - user.js: extensions.incredibar_i.vrsn - 1.5.3.27

FF - user.js: extensions.incredibar_i.vrsni - 1.5.3.27

FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.3.2721:50:50

FF - user.js: extensions.incredibar_i.prtnrId - Incredibar

FF - user.js: extensions.incredibar_i.prdct - incredibar

FF - user.js: extensions.incredibar_i.aflt - orgnl

FF - user.js: extensions.incredibar_i.smplGrp - none

FF - user.js: extensions.incredibar_i.tlbrId - base

FF - user.js: extensions.incredibar_i.instlRef -

FF - user.js: extensions.incredibar_i.dfltLng -

FF - user.js: extensions.incredibar_i.excTlbr - false

FF - user.js: extensions.incredibar_i.ms_url_id -

FF - user.js: extensions.incredibar_i.upn2 - 6R8fAMlSQM

FF - user.js: extensions.incredibar_i.upn2n - 92823603489226040

FF - user.js: extensions.incredibar_i.productid - 26

FF - user.js: extensions.incredibar_i.installerproductid - 26

FF - user.js: extensions.incredibar_i.did - 10589

FF - user.js: extensions.incredibar_i.ppd -

user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]

R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]

R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]

R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]

R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_056607ee0106e5e8\AESTSr64.exe [2011-6-29 89600]

R2 AlienFusionService;Alienware Fusion Service;C:\Program Files\Alienware\Command Center\AlienFusionService.exe [2010-5-21 14648]

R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]

R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]

R2 FAService;FAService;C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe [2010-4-4 2409800]

R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-6-27 2369960]

R2 HappyOSD;HappyOSD;C:\Program Files (x86)\OSD\OSD_Service.exe [2010-1-4 16384]

R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-7-16 1262400]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-5-15 382272]

R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]

R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]

R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]

R3 BcmVWL;Broadcom Virtual Wireless;C:\Windows\system32\DRIVERS\bcmvwl64.sys --> C:\Windows\system32\DRIVERS\bcmvwl64.sys [?]

R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]

R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;C:\Windows\system32\DRIVERS\e1k62x64.sys --> C:\Windows\system32\DRIVERS\e1k62x64.sys [?]

R3 itecir;ITECIR Infrared Receiver;C:\Windows\system32\DRIVERS\itecir.sys --> C:\Windows\system32\DRIVERS\itecir.sys [?]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-7 160944]

S3 DAdderFltr;DeathAdder Mouse;C:\Windows\system32\drivers\dadder.sys --> C:\Windows\system32\drivers\dadder.sys [?]

S3 FACAP;facap, FastAccess Video Capture;C:\Windows\system32\DRIVERS\facap.sys --> C:\Windows\system32\DRIVERS\facap.sys [?]

S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\Windows\system32\DRIVERS\ManyCam_x64.sys --> C:\Windows\system32\DRIVERS\ManyCam_x64.sys [?]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-26 113120]

S3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;C:\Windows\system32\DRIVERS\netr28ux.sys --> C:\Windows\system32\DRIVERS\netr28ux.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 VSPerfDrv100;Performance Tools Driver 10.0;C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-3-17 68440]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]

S4 RsFx0103;RsFx0103 Driver;C:\Windows\system32\DRIVERS\RsFx0103.sys --> C:\Windows\system32\DRIVERS\RsFx0103.sys [?]

S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880]

.

=============== Created Last 30 ================

.

2012-08-10 00:19:55 20480 ------w- C:\Windows\svchost.exe

2012-08-04 02:45:28 5120 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\EBFC.tmp

2012-08-04 02:45:28 5120 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\EBFB.tmp

2012-08-02 03:48:59 5120 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\4158.tmp

2012-08-01 18:18:44 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-08-01 18:18:44 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-07-30 22:36:50 -------- d-----w- C:\Users\Ghostshell\AppData\Local\Macromedia

2012-07-21 18:44:30 -------- d-----w- C:\Users\Ghostshell\AppData\Roaming\libimobiledevice

2012-07-21 18:44:19 -------- d-----w- C:\Program Files (x86)\Tansee iPhone Transfer Contact

2012-07-21 18:43:39 -------- d-----w- C:\Users\Ghostshell\AppData\Roaming\GetRightToGo

2012-07-21 16:10:28 -------- d-----w- C:\Program Files\iPod

2012-07-21 16:10:27 -------- d-----w- C:\Program Files\iTunes

2012-07-21 16:10:27 -------- d-----w- C:\Program Files (x86)\iTunes

2012-07-21 16:08:01 -------- d-----w- C:\Program Files\Bonjour

2012-07-21 16:08:01 -------- d-----w- C:\Program Files (x86)\Bonjour

2012-07-20 09:17:03 5120 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\692D.tmp

2012-07-19 04:54:25 -------- d-----w- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE

2012-07-18 21:09:20 -------- d-----w- C:\Users\Ghostshell\AppData\Roaming\Clipdiary

2012-07-18 06:03:09 5120 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\C2B3.tmp

2012-07-18 04:45:27 -------- d-----w- C:\$RECYCLE.BIN

2012-07-18 04:22:32 -------- d-----w- C:\TDSSKiller_Quarantine

2012-07-18 03:06:01 -------- d-----w- C:\Program Files (x86)\Diablo III

2012-07-18 03:05:18 -------- d-----w- C:\ProgramData\Battle.net

2012-07-16 20:44:47 889664 ----a-w- C:\Windows\System32\nvvsvc.exe

2012-07-16 20:44:47 63296 ----a-w- C:\Windows\System32\nvshext.dll

2012-07-16 20:44:47 6151488 ----a-w- C:\Windows\System32\nvcpl.dll

2012-07-16 20:44:47 3149632 ----a-w- C:\Windows\System32\nvsvc64.dll

2012-07-16 20:44:47 2561856 ----a-w- C:\Windows\System32\nvsvcr.dll

2012-07-16 20:44:47 118080 ----a-w- C:\Windows\System32\nvmctray.dll

2012-07-16 20:43:09 -------- d-----w- C:\ProgramData\NVIDIA Corporation

2012-07-16 09:48:12 -------- d-----w- C:\Program Files (x86)\OApps

2012-07-16 09:48:11 -------- d-----w- C:\Program Files (x86)\TorrentSearch

2012-07-16 09:47:05 -------- d-----w- C:\Program Files (x86)\smartdl

2012-07-13 20:07:47 978944 ----a-w- C:\Windows\System32\msvcp71.dll

2012-07-13 20:07:47 520192 ----a-w- C:\Windows\System32\msvcr71.dll

2012-07-13 20:07:47 403456 ----a-w- C:\Windows\System32\nvcpl.cpl

2012-07-13 20:07:47 381952 ----a-w- C:\Windows\System32\nvexpBar.dll

2012-07-13 20:07:47 372736 ----a-w- C:\Windows\System32\NVUNINST.EXE

2012-07-13 20:07:47 2065920 ----a-w- C:\Windows\System32\nvcplUI.exe

2012-07-13 20:07:47 1524736 ----a-w- C:\Windows\System32\MFC71.dll

2012-07-13 20:07:47 1064448 ----a-w- C:\Windows\System32\nvcplUIR.dll

2012-07-13 20:07:28 -------- d-----w- C:\Users\Ghostshell\AppData\Local\NVIDIA Corporation

2012-07-13 20:05:56 -------- d-----w- C:\Program Files (x86)\NVIDIA nTune Performance Application

2012-07-12 19:53:00 31040 ----a-w- C:\Windows\System32\nvhdap64.dll

2012-07-12 19:53:00 188736 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys

.

==================== Find3M ====================

.

2012-07-03 20:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-05-15 09:21:50 423744 ----a-w- C:\Windows\SysWow64\nvStreaming.exe

.

============= FINISH: 12:06:54.26 ===============

=======

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.07.05

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 8.0.7601.17514

Ghostshell :: GHOSTSHELL-PC [administrator]

8/10/2012 12:15:01 PM

mbam-log-2012-08-10 (12-15-01).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 245559

Time elapsed: 5 minute(s), 40 second(s)

Memory Processes Detected: 1

C:\Windows\svchost.exe (Trojan.Agent) -> 1852 -> Delete on reboot.

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 4

C:\Windows\Installer\{b0088f9a-acc5-2298-9acf-2528dd478996}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.

C:\Windows\Installer\{b0088f9a-acc5-2298-9acf-2528dd478996}\U\000000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.

C:\Windows\Installer\{b0088f9a-acc5-2298-9acf-2528dd478996}\U\80000032.@ (Rootkit.0Access) -> Quarantined and deleted successfully.

C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

(end)

Attach.txt

Link to post
Share on other sites

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

Link to post
Share on other sites

thank you so much for helping me out :)

here is the report

=====================

RogueKiller V7.6.6 [08/10/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: Ghostshell [Admin rights]

Mode: Scan -- Date: 08/10/2012 12:30:14

¤¤¤ Bad processes: 1 ¤¤¤

[sVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 2 ¤¤¤

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

[ZeroAccess][FILE] @ : c:\windows\installer\{b0088f9a-acc5-2298-9acf-2528dd478996}\@ --> FOUND

[ZeroAccess][FOLDER] U : c:\windows\installer\{b0088f9a-acc5-2298-9acf-2528dd478996}\U --> FOUND

[ZeroAccess][FOLDER] L : c:\windows\installer\{b0088f9a-acc5-2298-9acf-2528dd478996}\L --> FOUND

[ZeroAccess][FILE] @ : c:\users\ghostshell\appdata\local\{b0088f9a-acc5-2298-9acf-2528dd478996}\@ --> FOUND

[ZeroAccess][FOLDER] U : c:\users\ghostshell\appdata\local\{b0088f9a-acc5-2298-9acf-2528dd478996}\U --> FOUND

[ZeroAccess][FOLDER] L : c:\users\ghostshell\appdata\local\{b0088f9a-acc5-2298-9acf-2528dd478996}\L --> FOUND

[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_32\desktop.ini --> FOUND

[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_64\desktop.ini --> FOUND

[susp.ASLR][ASLR WIPED-OFF] services.exe : c:\windows\system32\services.exe --> FOUND

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess|Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9250410AS ATA Device +++++

--- User ---

[MBR] 478efe6c5c618819af8753cb9435931d

[bSP] 7c235b53190a6021ae3d31243aeafecb : Windows 7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 238373 Mo

User = LL1 ... OK!

User != LL2 ... KO!

--- LL2 ---

[MBR] c46d375b88798304d258979fb76d4845

[bSP] 7c235b53190a6021ae3d31243aeafecb : Windows 7 MBR Code

Partition table:

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 238373 Mo

Finished : << RKreport[1].txt >>

RKreport[1].txt

Link to post
Share on other sites

¤¤¤ Infection : ZeroAccess|Root.MBR ¤¤¤

Here you go......

Your computer is infected with a nasty rootkit. Please read the following information first.

You're infected with Rootkit.ZeroAccess, a BackDoor Trojan.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

http://www.dslreports.com/faq/10451

When Should I Format, How Should I Reinstall

http://www.dslreports.com/faq/10063

I will try my best to clean this machine but I can't guarantee that it will be 100% secure afterwards.

Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

-----------------------------------------

Please make sure system restore is running and create a new restore point before continuing!

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

How to tell > 32 or 64 bit

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:



    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt

    [*]Select Command Prompt

    [*]In the command window type in notepad and press Enter.

    [*]The notepad opens. Under File menu select Open.

    [*]Select "Computer" and find your flash drive letter and close the notepad.

    [*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

    Note: Replace letter e with the drive letter of your flash drive.

    [*]The tool will start to run.

    [*]When the tool opens click Yes to disclaimer.

    [*]Press Scan button.

    [*]FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:

    services.exe

    [*]Now press the Search button

    [*]When the search is complete, search.txt will also be written to your USB

    [*]Type exit and reboot the computer normally

    [*]Please copy and paste both logs in your reply.(FRST.txt and Search.txt)

MrC

Link to post
Share on other sites

Alright here is the FRST.txt

Scan result of Farbar Recovery Scan Tool Version: 09-08-2012

Ran by SYSTEM at 10-08-2012 13:08:36

Running from F:\

Windows 7 Home Premium (X64) OS Language: English(US)

The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [AlienFX Controller] "C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe" [63304 2010-05-21] (Alienware Corporation)

HKLM\...\Run: [broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe [5712896 2010-02-02] (Dell Inc.)

HKLM\...\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [487424 2009-09-15] (IDT, Inc.)

HKLM\...\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2108200 2010-04-01] (Synaptics Incorporated)

HKLM\...\Run: [intelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" [4526 2010-11-29] ()

HKLM-x32\...\Run: [FATrayAlert] C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe [95560 2010-04-04] (Sensible Vision )

HKLM-x32\...\Run: [YouCam Mirage] "C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe" [136488 2011-02-25] (CyberLink)

HKLM-x32\...\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [2416480 2012-01-24] (AVG Technologies CZ, s.r.o.)

HKLM-x32\...\Run: [FAStartup] [x]

HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)

HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)

HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1085000 2012-07-03] (Malwarebytes Corporation)

Winlogon\Notify\WB: C:\Program Files (x86)\Stardock\MyColors\fast64.dll [X]

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

Lsa: [Notification Packages] scecli

FAPassSync

Startup: C:\Users\All Users\Start Menu\Programs\Startup\Stardock MyColors.lnk

ShortcutTarget: Stardock MyColors.lnk -> C:\Program Files (x86)\Stardock\MyColors\SDDelayedLaunch.exe ()

Startup: C:\Users\UpdatusUser\Start Menu\Programs\Startup\IconPackager.lnk

ShortcutTarget: IconPackager.lnk -> C:\Program Files (x86)\Stardock\MyColors\IconPackager.exe (Stardock Corporation)

==================== Services (Whitelisted) ======

2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_056607ee0106e5e8\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)

2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe" [4433248 2011-10-12] (AVG Technologies CZ, s.r.o.)

2 avgwd; "C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" [192776 2011-08-02] (AVG Technologies CZ, s.r.o.)

2 FAService; C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe [2409800 2010-04-04] (Sensible Vision )

2 Hamachi2Svc; "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s [2369960 2012-06-27] (LogMeIn Inc.)

2 HappyOSD; C:\Program Files (x86)\OSD\OSD_Service.exe [16384 2010-01-04] ()

2 MSSQL$SQLEXPRESS; "C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS [57617752 2009-03-30] (Microsoft Corporation)

2 nTuneService; C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe /StartService [180224 2007-09-04] (NVIDIA)

4 SQLAgent$SQLEXPRESS; "C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE" -i SQLEXPRESS [427880 2009-03-30] (Microsoft Corporation)

2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_056607ee0106e5e8\STacSV64.exe [240640 2009-09-15] (IDT, Inc.)

2 WindowBlinds; C:\Program Files (x86)\Stardock\MyColors\VistaSrv.exe [337200 2009-06-09] (Stardock Corporation)

========================== Drivers (Whitelisted) =============

3 AVGIDSDriver; C:\Windows\System32\Drivers\AVGIDSDriver.sys [120400 2011-07-11] (AVG Technologies CZ, s.r.o. )

0 AVGIDSEH; C:\Windows\System32\Drivers\AVGIDSEH.sys [26704 2011-07-11] (AVG Technologies CZ, s.r.o. )

3 AVGIDSFilter; C:\Windows\System32\Drivers\AVGIDSFilter.sys [29776 2011-07-11] (AVG Technologies CZ, s.r.o. )

1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [283728 2011-10-07] (AVG Technologies CZ, s.r.o.)

1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [46672 2011-08-08] (AVG Technologies CZ, s.r.o.)

0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [37456 2011-09-13] (AVG Technologies CZ, s.r.o.)

1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [375376 2011-07-11] (AVG Technologies CZ, s.r.o.)

3 DAdderFltr; C:\Windows\System32\drivers\dadder.sys [12672 2007-08-02] (Razer (Asia-Pacific) Pte Ltd)

3 e1kexpress; C:\Windows\System32\DRIVERS\e1k62x64.sys [273072 2009-06-22] (Intel Corporation)

3 hamachi; C:\Windows\System32\Drivers\hamachi.sys [33856 2009-03-18] (LogMeIn, Inc.)

3 netr28ux; C:\Windows\System32\Drivers\netr28ux.sys [966144 2009-05-25] (Ralink Technology Corp.)

3 NVR0Dev; \??\C:\Windows\nvoclk64.sys [39968 2007-09-04] (NVidia Corp.)

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-08-10 12:02 - 2012-08-10 12:02 - 01439703 ____A (Farbar) C:\Users\Ghostshell\Desktop\FRST64.exe

2012-08-10 11:30 - 2012-08-10 11:30 - 00002501 ____A C:\Users\Ghostshell\Desktop\RKreport[1].txt

2012-08-10 11:28 - 2012-08-10 11:30 - 00000000 ____D C:\Users\Ghostshell\Desktop\RK_Quarantine

2012-08-10 11:28 - 2012-08-10 11:28 - 01558528 ____A C:\Users\Ghostshell\Desktop\RogueKiller.exe

2012-08-10 11:11 - 2012-08-10 11:11 - 00027720 ____A C:\Users\Ghostshell\Desktop\Attach.txt

2012-08-10 11:11 - 2012-08-10 11:11 - 00021645 ____A C:\Users\Ghostshell\Desktop\DDS.txt

2012-08-09 17:44 - 2012-08-09 17:44 - 00607260 ____R (Swearware) C:\Users\Ghostshell\Desktop\dds.scr

2012-08-09 16:57 - 2012-08-09 16:57 - 00000000 ____A C:\Users\Ghostshell\CD

2012-08-09 16:19 - 2009-07-13 17:14 - 00020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe

2012-08-08 10:19 - 2012-08-08 10:20 - 00000600 ____A C:\Users\Ghostshell\AppData\Local\PUTTY.RND

2012-08-08 10:16 - 2012-08-08 10:20 - 00000000 ____D C:\Users\Ghostshell\AppData\Roaming\FileZilla

2012-08-08 10:15 - 2012-08-08 10:16 - 04518720 ____A (FileZilla Project) C:\Users\Ghostshell\Downloads\FileZilla_3.5.3_win32-setup.exe

2012-08-08 10:13 - 2012-08-08 21:06 - 00000000 ____D C:\Users\Ghostshell\Desktop\Chicken

2012-08-08 09:10 - 2012-08-09 17:01 - 00000560 ____A C:\Windows\setupact.log

2012-08-08 09:10 - 2012-08-08 09:10 - 00001040 ____A C:\Windows\PFRO.log

2012-08-08 09:10 - 2012-08-08 09:10 - 00000000 ____A C:\Windows\setuperr.log

2012-08-07 12:37 - 2012-08-07 12:37 - 00034818 ____A C:\Users\Ghostshell\Documents\cc_20120807_133730.reg

2012-08-03 19:17 - 2012-08-03 19:18 - 05021143 ____A C:\Windows\System32\Drivers\Cat.DB

2012-08-03 19:06 - 2012-08-03 19:06 - 00367272 ____A (RegNow.com) C:\Users\Ghostshell\Downloads\Download_9.0.0.912sdasetup-regnow_201_Trial.exe

2012-08-01 10:18 - 2012-08-01 10:18 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2012-08-01 10:18 - 2012-08-01 10:18 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2012-07-30 14:36 - 2012-07-30 14:36 - 00000000 ____D C:\Users\Ghostshell\AppData\Local\Macromedia

2012-07-30 14:28 - 2012-07-30 14:28 - 00290816 ____A (SUPERAntiSpyware.com) C:\Users\Ghostshell\Downloads\SASUNINST64.EXE

2012-07-29 19:51 - 2012-07-29 19:53 - 76637445 ____A C:\Users\Ghostshell\Downloads\iLoL_Open_Beta_1.1.2_installer.dmg

2012-07-28 16:33 - 2012-07-31 10:51 - 00000000 ____D C:\Users\Ghostshell\AppData\Local\Apps\Apple Computer

2012-07-21 10:44 - 2012-08-01 17:43 - 00000000 ____D C:\Program Files (x86)\Tansee iPhone Transfer Contact

2012-07-21 10:44 - 2012-07-21 10:44 - 00000000 ____D C:\Users\Ghostshell\Documents\Tansee

2012-07-21 10:44 - 2012-07-21 10:44 - 00000000 ____D C:\Users\Ghostshell\AppData\Roaming\libimobiledevice

2012-07-21 10:43 - 2012-08-03 19:16 - 00000000 ____D C:\Users\Ghostshell\AppData\Roaming\GetRightToGo

2012-07-21 10:43 - 2012-07-21 10:43 - 00367272 ____A (RegNow.com) C:\Users\Ghostshell\Downloads\Download_tanseeiphonecontact_.exe

2012-07-21 08:11 - 2012-07-21 08:11 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk

2012-07-21 08:10 - 2012-07-21 08:11 - 00000000 ____D C:\Program Files\iTunes

2012-07-21 08:10 - 2012-07-21 08:11 - 00000000 ____D C:\Program Files (x86)\iTunes

2012-07-21 08:10 - 2012-07-21 08:10 - 00000000 ____D C:\Program Files\iPod

2012-07-21 08:08 - 2012-07-21 08:08 - 00000000 ____D C:\Program Files\Bonjour

2012-07-21 08:08 - 2012-07-21 08:08 - 00000000 ____D C:\Program Files (x86)\Bonjour

2012-07-21 08:07 - 2012-07-21 08:07 - 00001845 ____A C:\Users\Public\Desktop\QuickTime Player.lnk

2012-07-21 08:07 - 2012-07-21 08:07 - 00000000 ____D C:\Program Files (x86)\QuickTime

2012-07-18 21:58 - 2012-07-18 21:58 - 02686176 ____A (McAfee, Inc.) C:\Users\Ghostshell\Downloads\McAfeeScanAndRepair3_Release.exe

2012-07-18 21:05 - 2012-07-18 21:05 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\Ghostshell\Desktop\tdsskiller.exe

2012-07-18 20:54 - 2012-07-18 20:54 - 00000000 ____D C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE

2012-07-18 13:09 - 2012-07-18 20:52 - 00000000 ____D C:\Users\Ghostshell\AppData\Roaming\Clipdiary

2012-07-18 13:08 - 2012-07-18 13:08 - 02689442 ____A C:\Users\Ghostshell\Downloads\clipdiary_3.4.exe

2012-07-18 12:36 - 2012-07-18 12:36 - 18651528 ____A (SUPERAntiSpyware.com) C:\Users\Ghostshell\Downloads\SUPERAntiSpyware(1).exe

2012-07-18 09:10 - 2012-07-18 09:10 - 18646144 ____A (SUPERAntiSpyware.com) C:\Users\Ghostshell\Downloads\SUPERAntiSpyware.exe

2012-07-17 22:28 - 2012-07-17 22:28 - 00000000 ____D C:\Users\Ghostshell\Documents\Diablo III

2012-07-17 20:31 - 2012-07-17 21:04 - 00000000 ____D C:\Windows\erdnt

2012-07-17 20:22 - 2012-07-18 21:09 - 00000000 ____D C:\TDSSKiller_Quarantine

2012-07-17 19:06 - 2012-07-17 21:22 - 00000000 ____D C:\Program Files (x86)\Diablo III

2012-07-17 19:06 - 2012-07-17 19:06 - 00001189 ____A C:\Users\Public\Desktop\Diablo III.lnk

2012-07-17 19:05 - 2012-07-17 19:05 - 00000000 ____D C:\Users\All Users\Battle.net

2012-07-17 19:04 - 2012-07-17 19:05 - 40048208 ____A (Blizzard Entertainment) C:\Users\Ghostshell\Downloads\Diablo-III-Setup-enUS.exe

2012-07-17 15:37 - 2012-07-17 15:37 - 00130802 ____A C:\Users\Ghostshell\Documents\cc_20120717_163659.reg

2012-07-17 13:39 - 2012-07-17 13:39 - 00001127 ____A C:\Users\Ghostshell\Desktop\Malwarebytes Anti-Malware.lnk

2012-07-16 19:15 - 2012-07-16 19:41 - 00000000 ____D C:\Users\Ghostshell\Downloads\Katy Perry - Teenage Dream

2012-07-16 15:15 - 2012-07-16 15:15 - 00226433 ____A C:\Users\Ghostshell\Desktop\D3UnidPredict.zip

2012-07-16 12:49 - 2012-05-15 02:48 - 25743168 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll

2012-07-16 12:49 - 2012-05-15 02:48 - 25248064 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll

2012-07-16 12:49 - 2012-05-15 02:48 - 19607872 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll

2012-07-16 12:49 - 2012-05-15 02:48 - 18044224 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll

2012-07-16 12:49 - 2012-05-15 02:48 - 17551680 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll

2012-07-16 12:49 - 2012-05-15 02:48 - 15322432 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll

2012-07-16 12:49 - 2012-05-15 02:48 - 14298944 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys

2012-07-16 12:49 - 2012-05-15 02:48 - 10194752 ____A (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll

2012-07-16 12:49 - 2012-05-15 02:48 - 08139072 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll

2012-07-16 12:49 - 2012-05-15 02:48 - 08105280 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll

2012-07-16 12:49 - 2012-05-15 02:48 - 05982528 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll

2012-07-16 12:49 - 2012-05-15 02:48 - 02881856 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll

2012-07-16 12:49 - 2012-05-15 02:48 - 02741568 ____A (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll

2012-07-16 12:49 - 2012-05-15 02:48 - 02681664 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll

2012-07-16 12:49 - 2012-05-15 02:48 - 02524992 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll

2012-07-16 12:49 - 2012-05-15 02:48 - 02445120 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll

2012-07-16 12:46 - 2012-07-16 12:48 - 214613632 ____A (NVIDIA Corporation) C:\Users\Ghostshell\Downloads\301.42-notebook-win7-winvista-64bit-international-whql(1).exe

2012-07-16 12:45 - 2012-07-16 12:45 - 00000020 ___SH C:\Users\UpdatusUser.Ghostshell-PC\ntuser.ini

2012-07-16 12:45 - 2012-07-16 12:45 - 00000000 ____D C:\users\UpdatusUser.Ghostshell-PC

2012-07-16 12:44 - 2012-05-15 01:29 - 03149632 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll

2012-07-16 12:44 - 2012-05-15 01:29 - 02561856 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvcr.dll

2012-07-16 12:44 - 2012-05-15 01:29 - 00889664 ____A (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

2012-07-16 12:44 - 2012-05-15 01:29 - 00118080 ____A (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll

2012-07-16 12:44 - 2012-05-15 01:29 - 00063296 ____A (NVIDIA Corporation) C:\Windows\System32\nvshext.dll

2012-07-16 12:44 - 2012-05-15 01:28 - 06151488 ____A (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll

2012-07-16 12:43 - 2012-07-16 12:43 - 00000000 ____D C:\Users\All Users\NVIDIA Corporation

2012-07-16 01:48 - 2012-07-16 01:48 - 00000000 ____D C:\Program Files (x86)\TorrentSearch

2012-07-16 01:47 - 2012-07-18 14:02 - 00000000 ____D C:\Program Files (x86)\smartdl

2012-07-14 11:23 - 2012-07-14 11:23 - 03216374 ____A (Blizzard Entertainment) C:\Users\Ghostshell\Downloads\StarCraft_2_NA_en-US(2).exe

2012-07-14 11:18 - 2012-07-14 11:18 - 03216374 ____A (Blizzard Entertainment) C:\Users\Ghostshell\Downloads\StarCraft_2_NA_en-US(1).exe

2012-07-14 11:17 - 2012-07-14 11:17 - 00604032 ____A (SlimWare Utilities, Inc.) C:\Users\Ghostshell\Downloads\FixCleanerSetup.exe

2012-07-13 12:07 - 2012-07-13 12:07 - 00000000 ____D C:\Users\Ghostshell\AppData\Local\NVIDIA Corporation

2012-07-13 12:07 - 2012-07-13 12:06 - 00372736 ____A (NVIDIA Corporation) C:\Windows\System32\NVUNINST.EXE

2012-07-13 12:07 - 2007-07-03 15:41 - 01524736 ____A (Microsoft Corporation) C:\Windows\System32\MFC71.dll

2012-07-13 12:07 - 2007-07-03 15:41 - 00978944 ____A (Microsoft Corporation) C:\Windows\System32\msvcp71.dll

2012-07-13 12:07 - 2007-07-03 15:41 - 00520192 ____A C:\Windows\System32\msvcr71.dll

2012-07-13 12:07 - 2007-06-25 21:21 - 02065920 ____A C:\Windows\System32\nvcplUI.exe

2012-07-13 12:07 - 2007-06-25 21:21 - 01064448 ____A (NVIDIA Corporation) C:\Windows\System32\nvcplUIR.dll

2012-07-13 12:07 - 2007-06-25 21:21 - 00403456 ____A (NVIDIA Corporation) C:\Windows\System32\nvcpl.cpl

2012-07-13 12:07 - 2007-06-25 21:21 - 00381952 ____A (NVIDIA Corporation) C:\Windows\System32\nvexpBar.dll

2012-07-13 12:05 - 2012-07-13 12:05 - 43265912 ____A (NVIDIA Corporation ) C:\Users\Ghostshell\Downloads\5.05.54.00_ntune_winxp_international.exe

2012-07-13 12:05 - 2012-07-13 12:05 - 00000000 ____D C:\Program Files (x86)\NVIDIA nTune Performance Application

2012-07-12 11:53 - 2012-04-18 09:08 - 00188736 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvhda64v.sys

2012-07-12 11:53 - 2012-04-18 09:08 - 00031040 ____A (NVIDIA Corporation) C:\Windows\System32\nvhdap64.dll

2012-07-12 11:49 - 2012-07-12 11:51 - 214613632 ____A (NVIDIA Corporation) C:\Users\Ghostshell\Downloads\301.42-notebook-win7-winvista-64bit-international-whql.exe

============ 3 Months Modified Files ========================

2012-08-10 12:02 - 2012-08-10 12:02 - 01439703 ____A (Farbar) C:\Users\Ghostshell\Desktop\FRST64.exe

2012-08-10 11:56 - 2009-07-13 21:13 - 00869840 ____A C:\Windows\System32\PerfStringBackup.INI

2012-08-10 11:30 - 2012-08-10 11:30 - 00002501 ____A C:\Users\Ghostshell\Desktop\RKreport[1].txt

2012-08-10 11:28 - 2012-08-10 11:28 - 01558528 ____A C:\Users\Ghostshell\Desktop\RogueKiller.exe

2012-08-10 11:27 - 2012-06-26 17:17 - 00000928 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3283257569-265424493-2168791217-1000UA.job

2012-08-10 11:15 - 2011-10-24 14:05 - 00000948 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3283257569-265424493-2168791217-1000UA.job

2012-08-10 11:11 - 2012-08-10 11:11 - 00027720 ____A C:\Users\Ghostshell\Desktop\Attach.txt

2012-08-10 11:11 - 2012-08-10 11:11 - 00021645 ____A C:\Users\Ghostshell\Desktop\DDS.txt

2012-08-09 18:34 - 2012-05-02 22:02 - 00011611 ____A C:\Users\Ghostshell\Desktop\Playlist Start.txt

2012-08-09 17:44 - 2012-08-09 17:44 - 00607260 ____R (Swearware) C:\Users\Ghostshell\Desktop\dds.scr

2012-08-09 17:08 - 2009-07-13 20:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2012-08-09 17:08 - 2009-07-13 20:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2012-08-09 17:01 - 2012-08-08 09:10 - 00000560 ____A C:\Windows\setupact.log

2012-08-09 17:01 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2012-08-09 16:57 - 2012-08-09 16:57 - 00000000 ____A C:\Users\Ghostshell\CD

2012-08-09 16:46 - 2009-07-13 21:08 - 00032554 ____A C:\Windows\Tasks\SCHEDLGU.TXT

2012-08-09 16:17 - 2011-06-29 11:33 - 01422051 ____A C:\Windows\WindowsUpdate.log

2012-08-09 15:27 - 2012-06-26 17:17 - 00000876 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3283257569-265424493-2168791217-1000Core.job

2012-08-09 14:27 - 2011-10-24 14:05 - 00000926 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3283257569-265424493-2168791217-1000Core.job

2012-08-08 10:20 - 2012-08-08 10:19 - 00000600 ____A C:\Users\Ghostshell\AppData\Local\PUTTY.RND

2012-08-08 10:16 - 2012-08-08 10:15 - 04518720 ____A (FileZilla Project) C:\Users\Ghostshell\Downloads\FileZilla_3.5.3_win32-setup.exe

2012-08-08 09:10 - 2012-08-08 09:10 - 00001040 ____A C:\Windows\PFRO.log

2012-08-08 09:10 - 2012-08-08 09:10 - 00000000 ____A C:\Windows\setuperr.log

2012-08-07 12:37 - 2012-08-07 12:37 - 00034818 ____A C:\Users\Ghostshell\Documents\cc_20120807_133730.reg

2012-08-03 19:18 - 2012-08-03 19:17 - 05021143 ____A C:\Windows\System32\Drivers\Cat.DB

2012-08-03 19:06 - 2012-08-03 19:06 - 00367272 ____A (RegNow.com) C:\Users\Ghostshell\Downloads\Download_9.0.0.912sdasetup-regnow_201_Trial.exe

2012-08-01 10:18 - 2012-08-01 10:18 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2012-08-01 10:18 - 2012-08-01 10:18 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2012-07-30 14:28 - 2012-07-30 14:28 - 00290816 ____A (SUPERAntiSpyware.com) C:\Users\Ghostshell\Downloads\SASUNINST64.EXE

2012-07-29 19:53 - 2012-07-29 19:51 - 76637445 ____A C:\Users\Ghostshell\Downloads\iLoL_Open_Beta_1.1.2_installer.dmg

2012-07-21 10:43 - 2012-07-21 10:43 - 00367272 ____A (RegNow.com) C:\Users\Ghostshell\Downloads\Download_tanseeiphonecontact_.exe

2012-07-21 08:11 - 2012-07-21 08:11 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk

2012-07-21 08:07 - 2012-07-21 08:07 - 00001845 ____A C:\Users\Public\Desktop\QuickTime Player.lnk

2012-07-18 21:58 - 2012-07-18 21:58 - 02686176 ____A (McAfee, Inc.) C:\Users\Ghostshell\Downloads\McAfeeScanAndRepair3_Release.exe

2012-07-18 21:05 - 2012-07-18 21:05 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\Ghostshell\Desktop\tdsskiller.exe

2012-07-18 13:08 - 2012-07-18 13:08 - 02689442 ____A C:\Users\Ghostshell\Downloads\clipdiary_3.4.exe

2012-07-18 12:36 - 2012-07-18 12:36 - 18651528 ____A (SUPERAntiSpyware.com) C:\Users\Ghostshell\Downloads\SUPERAntiSpyware(1).exe

2012-07-18 09:10 - 2012-07-18 09:10 - 18646144 ____A (SUPERAntiSpyware.com) C:\Users\Ghostshell\Downloads\SUPERAntiSpyware.exe

2012-07-17 20:45 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini

2012-07-17 20:43 - 2009-07-13 18:34 - 83361792 ____A C:\Windows\System32\config\SOFTWARE.bak

2012-07-17 20:43 - 2009-07-13 18:34 - 20709376 ____A C:\Windows\System32\config\SYSTEM.bak

2012-07-17 20:43 - 2009-07-13 18:34 - 04456448 ____A C:\Windows\System32\config\DEFAULT.bak

2012-07-17 20:43 - 2009-07-13 18:34 - 00262144 ____A C:\Windows\System32\config\SECURITY.bak

2012-07-17 20:43 - 2009-07-13 18:34 - 00262144 ____A C:\Windows\System32\config\SAM.bak

2012-07-17 19:06 - 2012-07-17 19:06 - 00001189 ____A C:\Users\Public\Desktop\Diablo III.lnk

2012-07-17 19:05 - 2012-07-17 19:04 - 40048208 ____A (Blizzard Entertainment) C:\Users\Ghostshell\Downloads\Diablo-III-Setup-enUS.exe

2012-07-17 15:37 - 2012-07-17 15:37 - 00130802 ____A C:\Users\Ghostshell\Documents\cc_20120717_163659.reg

2012-07-17 13:43 - 2012-07-07 21:35 - 00005342 ____A C:\Users\Ghostshell\Documents\startup.txt

2012-07-17 13:39 - 2012-07-17 13:39 - 00001127 ____A C:\Users\Ghostshell\Desktop\Malwarebytes Anti-Malware.lnk

2012-07-16 15:15 - 2012-07-16 15:15 - 00226433 ____A C:\Users\Ghostshell\Desktop\D3UnidPredict.zip

2012-07-16 12:48 - 2012-07-16 12:46 - 214613632 ____A (NVIDIA Corporation) C:\Users\Ghostshell\Downloads\301.42-notebook-win7-winvista-64bit-international-whql(1).exe

2012-07-16 12:45 - 2012-07-16 12:45 - 00000020 ___SH C:\Users\UpdatusUser.Ghostshell-PC\ntuser.ini

2012-07-14 11:23 - 2012-07-14 11:23 - 03216374 ____A (Blizzard Entertainment) C:\Users\Ghostshell\Downloads\StarCraft_2_NA_en-US(2).exe

2012-07-14 11:18 - 2012-07-14 11:18 - 03216374 ____A (Blizzard Entertainment) C:\Users\Ghostshell\Downloads\StarCraft_2_NA_en-US(1).exe

2012-07-14 11:17 - 2012-07-14 11:17 - 00604032 ____A (SlimWare Utilities, Inc.) C:\Users\Ghostshell\Downloads\FixCleanerSetup.exe

2012-07-13 12:06 - 2012-07-13 12:07 - 00372736 ____A (NVIDIA Corporation) C:\Windows\System32\NVUNINST.EXE

2012-07-13 12:05 - 2012-07-13 12:05 - 43265912 ____A (NVIDIA Corporation ) C:\Users\Ghostshell\Downloads\5.05.54.00_ntune_winxp_international.exe

2012-07-12 11:51 - 2012-07-12 11:49 - 214613632 ____A (NVIDIA Corporation) C:\Users\Ghostshell\Downloads\301.42-notebook-win7-winvista-64bit-international-whql.exe

2012-07-08 16:58 - 2012-07-08 16:58 - 24646690 ____A C:\Users\Ghostshell\Downloads\8bp086.zip

2012-07-08 14:59 - 2012-07-08 14:59 - 01483724 ____A C:\Users\Ghostshell\Downloads\SystemCheck_enUS.exe

2012-07-07 18:41 - 2012-07-07 18:41 - 00123392 ____A (Microsoft) C:\Users\Ghostshell\Downloads\Diablo 3 Calculator 0_5_1.exe

2012-07-06 22:31 - 2012-07-06 22:31 - 00671744 ____A C:\Users\Ghostshell\Downloads\SetupDoItAgain(20).msi

2012-07-06 22:19 - 2012-07-06 22:19 - 00671744 ____A C:\Users\Ghostshell\Downloads\SetupDoItAgain.msi

2012-07-03 12:46 - 2011-09-01 17:05 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-07-02 09:28 - 2012-03-21 10:23 - 00001037 ____A C:\Users\Ghostshell\Desktop\Dropbox.lnk

2012-06-30 11:13 - 2012-06-30 11:11 - 54038807 ____A C:\Users\Ghostshell\Downloads\2009 Manga - Sehri Huzun.rar

2012-06-30 09:56 - 2012-06-30 09:56 - 00780288 ____A (Chapley) C:\Users\Ghostshell\Downloads\TerrariForm(4).exe

2012-06-30 09:55 - 2012-06-30 09:55 - 00780288 ____A (Chapley) C:\Users\Ghostshell\Downloads\TerrariForm(3).exe

2012-06-30 09:52 - 2012-06-30 09:52 - 00780288 ____A (Chapley) C:\Users\Ghostshell\Desktop\TerrariForm(3).exe

2012-06-30 08:59 - 2012-06-30 08:59 - 00780288 ____A (Chapley) C:\Users\Ghostshell\Downloads\TerrariForm(1).exe

2012-06-30 08:58 - 2012-06-30 08:58 - 00780288 ____A (Chapley) C:\Users\Ghostshell\Downloads\TerrariForm(2).exe

2012-06-30 08:53 - 2012-06-30 08:53 - 00373760 ____A (KryptoDEV) C:\Users\Ghostshell\Downloads\TerrariaInvEdit.3040.exe

2012-06-29 12:37 - 2012-06-29 12:37 - 04425873 ____A C:\Users\Ghostshell\Downloads\PFCSetup.exe

2012-06-28 22:28 - 2012-06-28 22:27 - 00000926 ____A C:\Users\Public\Desktop\LogMeIn Hamachi.lnk

2012-06-28 21:05 - 2012-06-28 21:05 - 00000222 ____A C:\Users\Ghostshell\Desktop\Terraria.url

2012-06-28 11:55 - 2012-06-28 11:55 - 00015079 ____A C:\Users\Ghostshell\Downloads\Tofootime's Epic Wizard DPS Calculator.xlsx

2012-06-28 05:37 - 2012-06-28 05:37 - 00042496 ____A C:\Users\Ghostshell\Downloads\Wizard DPS Equivalence.xls

2012-06-28 05:37 - 2012-06-28 05:37 - 00042496 ____A C:\Users\Ghostshell\Downloads\Wizard DPS Equivalence(1).xls

2012-06-26 17:17 - 2012-06-26 17:17 - 00739808 ____A (Google Inc.) C:\Users\Ghostshell\Downloads\ChromeSetup.exe

2012-06-04 09:43 - 2012-06-04 09:43 - 00336920 ____A (MurGee.com ) C:\Users\Ghostshell\Downloads\setup(3).exe

2012-06-04 09:43 - 2012-06-04 09:43 - 00001142 ____A C:\Users\Public\Desktop\MurGee Auto Mouse Click.lnk

2012-05-28 22:38 - 2012-05-28 22:38 - 04711248 ____A (Microsoft Corporation) C:\Users\Ghostshell\Downloads\vs_ultimateweb.exe

2012-05-15 02:48 - 2012-07-16 12:49 - 25743168 ____A (NVIDIA Corporation) C:\Windows\System32\nvoglv64.dll

2012-05-15 02:48 - 2012-07-16 12:49 - 25248064 ____A (NVIDIA Corporation) C:\Windows\System32\nvcompiler.dll

2012-05-15 02:48 - 2012-07-16 12:49 - 19607872 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll

2012-05-15 02:48 - 2012-07-16 12:49 - 18044224 ____A (NVIDIA Corporation) C:\Windows\System32\nvd3dumx.dll

2012-05-15 02:48 - 2012-07-16 12:49 - 17551680 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll

2012-05-15 02:48 - 2012-07-16 12:49 - 15322432 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll

2012-05-15 02:48 - 2012-07-16 12:49 - 14298944 ____A (NVIDIA Corporation) C:\Windows\System32\Drivers\nvlddmkm.sys

2012-05-15 02:48 - 2012-07-16 12:49 - 10194752 ____A (NVIDIA Corporation) C:\Windows\System32\nvwgf2umx.dll

2012-05-15 02:48 - 2012-07-16 12:49 - 08139072 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuda.dll

2012-05-15 02:48 - 2012-07-16 12:49 - 08105280 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll

2012-05-15 02:48 - 2012-07-16 12:49 - 05982528 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll

2012-05-15 02:48 - 2012-07-16 12:49 - 02881856 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvenc.dll

2012-05-15 02:48 - 2012-07-16 12:49 - 02741568 ____A (NVIDIA Corporation) C:\Windows\System32\nvapi64.dll

2012-05-15 02:48 - 2012-07-16 12:49 - 02681664 ____A (NVIDIA Corporation) C:\Windows\System32\nvcuvid.dll

2012-05-15 02:48 - 2012-07-16 12:49 - 02524992 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll

2012-05-15 02:48 - 2012-07-16 12:49 - 02445120 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll

2012-05-15 02:48 - 2012-05-14 13:09 - 02368832 ____A (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll

2012-05-15 02:48 - 2012-05-14 13:09 - 01738048 ____A (NVIDIA Corporation) C:\Windows\System32\nvdispco64.dll

2012-05-15 02:48 - 2012-05-14 13:09 - 01468224 ____A (NVIDIA Corporation) C:\Windows\System32\nvgenco64.dll

2012-05-15 02:48 - 2012-05-14 13:09 - 00068928 ____A (Khronos Group) C:\Windows\System32\OpenCL.dll

2012-05-15 02:48 - 2012-05-14 13:09 - 00061248 ____A (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll

2012-05-15 02:48 - 2012-05-14 13:09 - 00014324 ____A C:\Windows\System32\nvinfo.pb

2012-05-15 01:29 - 2012-07-16 12:44 - 03149632 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvc64.dll

2012-05-15 01:29 - 2012-07-16 12:44 - 02561856 ____A (NVIDIA Corporation) C:\Windows\System32\nvsvcr.dll

2012-05-15 01:29 - 2012-07-16 12:44 - 00889664 ____A (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

2012-05-15 01:29 - 2012-07-16 12:44 - 00118080 ____A (NVIDIA Corporation) C:\Windows\System32\nvmctray.dll

2012-05-15 01:29 - 2012-07-16 12:44 - 00063296 ____A (NVIDIA Corporation) C:\Windows\System32\nvshext.dll

2012-05-15 01:28 - 2012-07-16 12:44 - 06151488 ____A (NVIDIA Corporation) C:\Windows\System32\nvcpl.dll

2012-05-15 01:21 - 2012-05-15 01:21 - 00423744 ____A C:\Windows\SysWOW64\nvStreaming.exe

2012-05-14 15:15 - 2012-05-14 15:14 - 101331032 ____A (NVIDIA Corporation) C:\Users\Ghostshell\Downloads\267.24_desktop_win7_winvista_32bit_english_beta.exe

2012-05-14 13:07 - 2012-05-14 13:06 - 212446672 ____A (NVIDIA Corporation) C:\Users\Ghostshell\Downloads\296.10-notebook-win7-winvista-64bit-international-whql.exe

ZeroAccess:

C:\Windows\Installer\{b0088f9a-acc5-2298-9acf-2528dd478996}

C:\Windows\Installer\{b0088f9a-acc5-2298-9acf-2528dd478996}\@

C:\Windows\Installer\{b0088f9a-acc5-2298-9acf-2528dd478996}\L

C:\Windows\Installer\{b0088f9a-acc5-2298-9acf-2528dd478996}\U

C:\Windows\Installer\{b0088f9a-acc5-2298-9acf-2528dd478996}\L\00000004.@

C:\Windows\Installer\{b0088f9a-acc5-2298-9acf-2528dd478996}\U\00000004.@

C:\Windows\Installer\{b0088f9a-acc5-2298-9acf-2528dd478996}\U\00000008.@

C:\Windows\Installer\{b0088f9a-acc5-2298-9acf-2528dd478996}\U\000000cb.@

C:\Windows\Installer\{b0088f9a-acc5-2298-9acf-2528dd478996}\U\80000000.@

C:\Windows\Installer\{b0088f9a-acc5-2298-9acf-2528dd478996}\U\80000032.@

C:\Windows\Installer\{b0088f9a-acc5-2298-9acf-2528dd478996}\U\80000064.@

ZeroAccess:

C:\Users\Ghostshell\AppData\Local\{b0088f9a-acc5-2298-9acf-2528dd478996}

C:\Users\Ghostshell\AppData\Local\{b0088f9a-acc5-2298-9acf-2528dd478996}\@

C:\Users\Ghostshell\AppData\Local\{b0088f9a-acc5-2298-9acf-2528dd478996}\L

C:\Users\Ghostshell\AppData\Local\{b0088f9a-acc5-2298-9acf-2528dd478996}\U

C:\Users\Ghostshell\AppData\Local\{b0088f9a-acc5-2298-9acf-2528dd478996}\L\00000004.@

C:\Users\Ghostshell\AppData\Local\{b0088f9a-acc5-2298-9acf-2528dd478996}\U\00000004.@

C:\Users\Ghostshell\AppData\Local\{b0088f9a-acc5-2298-9acf-2528dd478996}\U\00000008.@

C:\Users\Ghostshell\AppData\Local\{b0088f9a-acc5-2298-9acf-2528dd478996}\U\000000cb.@

C:\Users\Ghostshell\AppData\Local\{b0088f9a-acc5-2298-9acf-2528dd478996}\U\80000000.@

C:\Users\Ghostshell\AppData\Local\{b0088f9a-acc5-2298-9acf-2528dd478996}\U\80000032.@

C:\Users\Ghostshell\AppData\Local\{b0088f9a-acc5-2298-9acf-2528dd478996}\U\80000064.@

ZeroAccess:

C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:

C:\Windows\assembly\GAC_64\Desktop.ini

Type 00 partition infection:

C:\Windows\svchost.exe

========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 10%

Total physical RAM: 8180.49 MB

Available physical RAM: 7342.22 MB

Total Pagefile: 8178.64 MB

Available Pagefile: 7334.09 MB

Total Virtual: 8192 MB

Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:232.79 GB) (Free:81.64 GB) NTFS

3 Drive f: (KINGSTON) (Removable) (Total:1.86 GB) (Free:0.57 GB) FAT

4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

5 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 232 GB 0 B

Disk 1 Online 1906 MB 0 B

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 100 MB 1024 KB

Partition 2 Primary 232 GB 101 MB

==================================================================================

Disk: 0

Partition 1

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 Y System Rese NTFS Partition 100 MB Healthy

==================================================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 C NTFS Partition 232 GB Healthy

==================================================================================

Partitions of Disk 1:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 1905 MB 16 KB

==================================================================================

Disk: 1

Partition 1

Type : 0E

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 F KINGSTON FAT Removable 1905 MB Healthy

==================================================================================

Last Boot: 2012-08-07 13:01

======================= End Of Log ==========================

and the Search.txt

Farbar Recovery Scan Tool Version: 09-08-2012

Ran by SYSTEM at 2012-08-10 13:10:35

Running from F:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe

[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

C:\Windows\erdnt\cache64\services.exe

[2012-07-17 20:49] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

====== End Of Search ======

Link to post
Share on other sites

OK, here you go......Please carefully carry out this procedure!!!!!!

Please download the attached fixlist.txt and copy it to your flashdrive.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options. (as you did before)

Run FRST64 or FRST (which ever one you're using) and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

MrC

Link to post
Share on other sites

Fixlog.txt

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 09-08-2012

Ran by SYSTEM at 2012-08-10 13:38:34 Run:1

Running from F:\

==============================================

C:\Windows\Installer\{b0088f9a-acc5-2298-9acf-2528dd478996} moved successfully.

C:\Users\Ghostshell\AppData\Local\{b0088f9a-acc5-2298-9acf-2528dd478996} moved successfully.

C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.

C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.

C:\Windows\System32\services.exe moved successfully.

C:\Windows\erdnt\cache64\services.exe copied successfully to C:\Windows\System32\services.exe

==== End of Fixlog ====

Link to post
Share on other sites

Well Done, a couple of more scans to go......

Please make sure system restore is running and create a new restore point before continuing.

XP <===> Vista & W7

XP users > please back up the registry using ERUNT.

-----------------------------------------

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

tdss_1.jpg

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

tdss_2.jpg

------------------------

Click the Start Scan button.

tdss_3.jpg

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

tdss_4.jpg

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

tdss_5.jpg

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

Link to post
Share on other sites

TDSSKiller.2.7.48.0_10.08.2012_13.47.02_log

13:47:02.0910 6000 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32

13:47:03.0406 6000 ============================================================

13:47:03.0406 6000 Current date / time: 2012/08/10 13:47:03.0406

13:47:03.0406 6000 SystemInfo:

13:47:03.0406 6000

13:47:03.0407 6000 OS Version: 6.1.7601 ServicePack: 1.0

13:47:03.0407 6000 Product type: Workstation

13:47:03.0407 6000 ComputerName: GHOSTSHELL-PC

13:47:03.0407 6000 UserName: Ghostshell

13:47:03.0407 6000 Windows directory: C:\Windows

13:47:03.0407 6000 System windows directory: C:\Windows

13:47:03.0407 6000 Running under WOW64

13:47:03.0407 6000 Processor architecture: Intel x64

13:47:03.0407 6000 Number of processors: 8

13:47:03.0407 6000 Page size: 0x1000

13:47:03.0407 6000 Boot type: Normal boot

13:47:03.0407 6000 ============================================================

13:47:05.0815 6000 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

13:47:05.0823 6000 Drive \Device\Harddisk1\DR1 - Size: 0x77200000 (1.86 Gb), SectorSize: 0x200, Cylinders: 0xF2, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

13:47:05.0827 6000 ============================================================

13:47:05.0827 6000 \Device\Harddisk0\DR0:

13:47:05.0828 6000 MBR partitions:

13:47:05.0828 6000 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

13:47:05.0828 6000 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x1D192800

13:47:05.0828 6000 \Device\Harddisk1\DR1:

13:47:05.0829 6000 MBR partitions:

13:47:05.0829 6000 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xE, StartLBA 0x20, BlocksNum 0x3B8FE0

13:47:05.0829 6000 ============================================================

13:47:05.0882 6000 C: <-> \Device\Harddisk0\DR0\Partition1

13:47:05.0882 6000 ============================================================

13:47:05.0882 6000 Initialize success

13:47:05.0882 6000 ============================================================

13:47:31.0809 5132 ============================================================

13:47:31.0809 5132 Scan started

13:47:31.0809 5132 Mode: Manual; SigCheck; TDLFS;

13:47:31.0809 5132 ============================================================

13:47:32.0776 5132 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

13:47:32.0903 5132 1394ohci - ok

13:47:32.0940 5132 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

13:47:32.0962 5132 ACPI - ok

13:47:32.0979 5132 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

13:47:33.0056 5132 AcpiPmi - ok

13:47:33.0244 5132 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

13:47:33.0255 5132 AdobeARMservice - ok

13:47:33.0328 5132 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

13:47:33.0356 5132 adp94xx - ok

13:47:33.0402 5132 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

13:47:33.0427 5132 adpahci - ok

13:47:33.0467 5132 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

13:47:33.0485 5132 adpu320 - ok

13:47:33.0518 5132 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

13:47:33.0658 5132 AeLookupSvc - ok

13:47:33.0926 5132 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_056607ee0106e5e8\AESTSr64.exe

13:47:33.0986 5132 AESTFilters - ok

13:47:34.0488 5132 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys

13:47:34.0548 5132 AFD - ok

13:47:34.0601 5132 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

13:47:34.0612 5132 agp440 - ok

13:47:34.0655 5132 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

13:47:34.0699 5132 ALG - ok

13:47:34.0797 5132 AlienFusionService (a99e57669390f265d25288c8ba042d78) C:\Program Files\Alienware\Command Center\AlienFusionService.exe

13:47:34.0804 5132 AlienFusionService - ok

13:47:34.0828 5132 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

13:47:34.0840 5132 aliide - ok

13:47:34.0849 5132 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

13:47:34.0859 5132 amdide - ok

13:47:34.0892 5132 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

13:47:34.0940 5132 AmdK8 - ok

13:47:34.0956 5132 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

13:47:34.0992 5132 AmdPPM - ok

13:47:35.0037 5132 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys

13:47:35.0049 5132 amdsata - ok

13:47:35.0071 5132 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

13:47:35.0093 5132 amdsbs - ok

13:47:35.0110 5132 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys

13:47:35.0119 5132 amdxata - ok

13:47:35.0201 5132 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

13:47:35.0396 5132 AppID - ok

13:47:35.0430 5132 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

13:47:35.0481 5132 AppIDSvc - ok

13:47:35.0533 5132 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

13:47:35.0572 5132 Appinfo - ok

13:47:35.0705 5132 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

13:47:35.0713 5132 Apple Mobile Device - ok

13:47:35.0774 5132 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

13:47:35.0786 5132 arc - ok

13:47:35.0804 5132 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

13:47:35.0816 5132 arcsas - ok

13:47:36.0013 5132 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

13:47:36.0024 5132 aspnet_state - ok

13:47:36.0066 5132 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

13:47:36.0129 5132 AsyncMac - ok

13:47:36.0149 5132 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

13:47:36.0159 5132 atapi - ok

13:47:36.0251 5132 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

13:47:36.0335 5132 AudioEndpointBuilder - ok

13:47:36.0340 5132 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

13:47:36.0374 5132 AudioSrv - ok

13:47:38.0639 5132 AVGIDSAgent (6d440ff3f44ca72edfd6176c6d6a89c0) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe

13:47:38.0756 5132 AVGIDSAgent - ok

13:47:39.0970 5132 AVGIDSDriver (e29ea1a0ec7ab9fa2dc7e75a03f12a4f) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys

13:47:40.0014 5132 AVGIDSDriver - ok

13:47:40.0164 5132 AVGIDSEH (f823d184b8e8ffb8da3ead45dbf5bd6a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys

13:47:40.0172 5132 AVGIDSEH - ok

13:47:40.0262 5132 AVGIDSFilter (ed2b25bd7fe35d1944211968842d30da) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys

13:47:40.0269 5132 AVGIDSFilter - ok

13:47:40.0592 5132 Avgldx64 (979cf8912449a10b987218bff80a1fa3) C:\Windows\system32\DRIVERS\avgldx64.sys

13:47:40.0602 5132 Avgldx64 - ok

13:47:40.0643 5132 Avgmfx64 (36b1a5843695766eac714daffc5b84d1) C:\Windows\system32\DRIVERS\avgmfx64.sys

13:47:40.0650 5132 Avgmfx64 - ok

13:47:40.0686 5132 Avgrkx64 (1102239fb724527f1febbbbccf6bf313) C:\Windows\system32\DRIVERS\avgrkx64.sys

13:47:40.0694 5132 Avgrkx64 - ok

13:47:40.0770 5132 Avgtdia (11f36d3ea82d9db9aa05a476a210551b) C:\Windows\system32\DRIVERS\avgtdia.sys

13:47:40.0782 5132 Avgtdia - ok

13:47:41.0290 5132 avgwd (6699ece24fe4b3f752a66c66a602ee86) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

13:47:41.0310 5132 avgwd - ok

13:47:41.0369 5132 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

13:47:41.0448 5132 AxInstSV - ok

13:47:41.0545 5132 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

13:47:41.0613 5132 b06bdrv - ok

13:47:41.0669 5132 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

13:47:41.0730 5132 b57nd60a - ok

13:47:41.0833 5132 BCM42RLY (ac4e2d84de54cd3a013aeff0cc56095c) C:\Windows\system32\drivers\BCM42RLY.sys

13:47:41.0840 5132 BCM42RLY - ok

13:47:43.0306 5132 BCM43XX (8b5d16d20774fc3727f44e161be2c0ac) C:\Windows\system32\DRIVERS\bcmwl664.sys

13:47:43.0350 5132 BCM43XX - ok

13:47:43.0660 5132 BcmVWL (d224b2e6bb543f1d8f1177d57fec2950) C:\Windows\system32\DRIVERS\bcmvwl64.sys

13:47:43.0667 5132 BcmVWL - ok

13:47:43.0714 5132 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

13:47:43.0747 5132 BDESVC - ok

13:47:43.0776 5132 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

13:47:43.0825 5132 Beep - ok

13:47:43.0868 5132 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

13:47:43.0898 5132 blbdrive - ok

13:47:44.0653 5132 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe

13:47:44.0673 5132 Bonjour Service - ok

13:47:44.0734 5132 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

13:47:44.0780 5132 bowser - ok

13:47:44.0808 5132 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

13:47:44.0876 5132 BrFiltLo - ok

13:47:44.0906 5132 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

13:47:44.0938 5132 BrFiltUp - ok

13:47:44.0999 5132 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys

13:47:45.0047 5132 BridgeMP - ok

13:47:45.0338 5132 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

13:47:45.0426 5132 Browser - ok

13:47:45.0454 5132 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

13:47:45.0506 5132 Brserid - ok

13:47:45.0525 5132 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

13:47:45.0554 5132 BrSerWdm - ok

13:47:45.0570 5132 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

13:47:45.0594 5132 BrUsbMdm - ok

13:47:45.0612 5132 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

13:47:45.0658 5132 BrUsbSer - ok

13:47:45.0685 5132 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

13:47:45.0726 5132 BTHMODEM - ok

13:47:45.0753 5132 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

13:47:45.0814 5132 bthserv - ok

13:47:45.0844 5132 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

13:47:45.0898 5132 cdfs - ok

13:47:45.0998 5132 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys

13:47:46.0030 5132 cdrom - ok

13:47:46.0219 5132 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

13:47:46.0301 5132 CertPropSvc - ok

13:47:46.0356 5132 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

13:47:46.0379 5132 circlass - ok

13:47:46.0434 5132 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

13:47:46.0461 5132 CLFS - ok

13:47:46.0516 5132 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

13:47:46.0529 5132 clr_optimization_v2.0.50727_32 - ok

13:47:46.0575 5132 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

13:47:46.0588 5132 clr_optimization_v2.0.50727_64 - ok

13:47:46.0713 5132 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

13:47:46.0725 5132 clr_optimization_v4.0.30319_32 - ok

13:47:46.0782 5132 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

13:47:46.0793 5132 clr_optimization_v4.0.30319_64 - ok

13:47:46.0848 5132 clwvd (50f92c943f18b070f166d019dfab3d9a) C:\Windows\system32\DRIVERS\clwvd.sys

13:47:46.0856 5132 clwvd - ok

13:47:46.0885 5132 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

13:47:46.0910 5132 CmBatt - ok

13:47:46.0931 5132 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

13:47:46.0942 5132 cmdide - ok

13:47:47.0682 5132 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys

13:47:47.0722 5132 CNG - ok

13:47:47.0759 5132 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

13:47:47.0769 5132 Compbatt - ok

13:47:47.0829 5132 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

13:47:47.0871 5132 CompositeBus - ok

13:47:47.0880 5132 COMSysApp - ok

13:47:47.0905 5132 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

13:47:47.0917 5132 crcdisk - ok

13:47:47.0968 5132 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll

13:47:48.0032 5132 CryptSvc - ok

13:47:48.0093 5132 DAdderFltr (5bc67f1efb6b1d039b151cf7353ec742) C:\Windows\system32\drivers\dadder.sys

13:47:48.0144 5132 DAdderFltr - ok

13:47:48.0709 5132 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

13:47:48.0780 5132 DcomLaunch - ok

13:47:48.0835 5132 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

13:47:48.0927 5132 defragsvc - ok

13:47:48.0984 5132 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

13:47:49.0036 5132 DfsC - ok

13:47:49.0089 5132 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

13:47:49.0157 5132 Dhcp - ok

13:47:49.0184 5132 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

13:47:49.0231 5132 discache - ok

13:47:49.0294 5132 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

13:47:49.0306 5132 Disk - ok

13:47:49.0353 5132 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

13:47:49.0385 5132 Dnscache - ok

13:47:49.0631 5132 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

13:47:49.0695 5132 dot3svc - ok

13:47:50.0056 5132 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

13:47:50.0135 5132 DPS - ok

13:47:50.0193 5132 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

13:47:50.0249 5132 drmkaud - ok

13:47:51.0557 5132 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

13:47:51.0578 5132 DXGKrnl - ok

13:47:51.0651 5132 e1kexpress (04dddea79b9e616f50b9132752f656fc) C:\Windows\system32\DRIVERS\e1k62x64.sys

13:47:51.0662 5132 e1kexpress - ok

13:47:51.0736 5132 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

13:47:51.0780 5132 EapHost - ok

13:47:54.0784 5132 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

13:47:54.0879 5132 ebdrv - ok

13:47:55.0714 5132 EFS (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\System32\lsass.exe

13:47:55.0742 5132 EFS - ok

13:47:55.0890 5132 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

13:47:55.0988 5132 ehRecvr - ok

13:47:56.0042 5132 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

13:47:56.0094 5132 ehSched - ok

13:47:56.0510 5132 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

13:47:56.0545 5132 elxstor - ok

13:47:56.0581 5132 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

13:47:56.0621 5132 ErrDev - ok

13:47:56.0821 5132 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

13:47:56.0878 5132 EventSystem - ok

13:47:56.0927 5132 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

13:47:56.0983 5132 exfat - ok

13:47:57.0049 5132 FACAP (2c1d443e14f376e8331f52f135dca9ef) C:\Windows\system32\DRIVERS\facap.sys

13:47:57.0059 5132 FACAP - ok

13:47:58.0871 5132 FAService (53e30a6e86aa93c0ffc0bc0439e3e636) C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe

13:47:58.0907 5132 FAService - ok

13:47:59.0893 5132 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

13:47:59.0954 5132 fastfat - ok

13:48:00.0057 5132 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

13:48:00.0112 5132 Fax - ok

13:48:00.0126 5132 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

13:48:00.0162 5132 fdc - ok

13:48:00.0189 5132 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

13:48:00.0239 5132 fdPHost - ok

13:48:00.0253 5132 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

13:48:00.0289 5132 FDResPub - ok

13:48:00.0320 5132 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

13:48:00.0332 5132 FileInfo - ok

13:48:00.0344 5132 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

13:48:00.0393 5132 Filetrace - ok

13:48:00.0408 5132 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

13:48:00.0433 5132 flpydisk - ok

13:48:00.0483 5132 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

13:48:00.0507 5132 FltMgr - ok

13:48:00.0742 5132 FontCache (b4447f606bb19fd8ad0bafb59b90f5d9) C:\Windows\system32\FntCache.dll

13:48:00.0821 5132 FontCache - ok

13:48:00.0935 5132 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

13:48:00.0944 5132 FontCache3.0.0.0 - ok

13:48:00.0993 5132 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

13:48:01.0005 5132 FsDepends - ok

13:48:01.0034 5132 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

13:48:01.0043 5132 Fs_Rec - ok

13:48:01.0124 5132 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

13:48:01.0150 5132 fvevol - ok

13:48:01.0174 5132 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

13:48:01.0187 5132 gagp30kx - ok

13:48:01.0229 5132 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

13:48:01.0237 5132 GEARAspiWDM - ok

13:48:01.0318 5132 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

13:48:01.0409 5132 gpsvc - ok

13:48:01.0464 5132 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys

13:48:01.0473 5132 hamachi - ok

13:48:01.0901 5132 Hamachi2Svc (21d24138b736983f6e23823e092e9428) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe

13:48:01.0974 5132 Hamachi2Svc - ok

13:48:02.0052 5132 HappyOSD (8cd92502fec49e837155b9f20e5e2d2c) C:\Program Files (x86)\OSD\OSD_Service.exe

13:48:02.0068 5132 HappyOSD ( UnsignedFile.Multi.Generic ) - warning

13:48:02.0068 5132 HappyOSD - detected UnsignedFile.Multi.Generic (1)

13:48:02.0962 5132 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

13:48:03.0127 5132 hcw85cir - ok

13:48:03.0948 5132 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

13:48:03.0990 5132 HdAudAddService - ok

13:48:04.0219 5132 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys

13:48:04.0256 5132 HDAudBus - ok

13:48:04.0290 5132 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

13:48:04.0318 5132 HidBatt - ok

13:48:04.0336 5132 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

13:48:04.0377 5132 HidBth - ok

13:48:04.0435 5132 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

13:48:04.0454 5132 HidIr - ok

13:48:04.0485 5132 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll

13:48:04.0525 5132 hidserv - ok

13:48:04.0563 5132 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

13:48:04.0589 5132 HidUsb - ok

13:48:04.0738 5132 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

13:48:04.0799 5132 hkmsvc - ok

13:48:04.0948 5132 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

13:48:04.0998 5132 HomeGroupListener - ok

13:48:05.0025 5132 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

13:48:05.0101 5132 HomeGroupProvider - ok

13:48:05.0159 5132 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

13:48:05.0198 5132 HpSAMD - ok

13:48:05.0258 5132 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

13:48:05.0324 5132 HTTP - ok

13:48:05.0372 5132 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

13:48:05.0383 5132 hwpolicy - ok

13:48:05.0418 5132 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

13:48:05.0434 5132 i8042prt - ok

13:48:05.0483 5132 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys

13:48:05.0510 5132 iaStorV - ok

13:48:05.0990 5132 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

13:48:06.0045 5132 idsvc - ok

13:48:06.0066 5132 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

13:48:06.0080 5132 iirsp - ok

13:48:06.0829 5132 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

13:48:06.0896 5132 IKEEXT - ok

13:48:06.0931 5132 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

13:48:06.0942 5132 intelide - ok

13:48:07.0017 5132 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

13:48:07.0050 5132 intelppm - ok

13:48:07.0079 5132 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

13:48:07.0127 5132 IPBusEnum - ok

13:48:07.0197 5132 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

13:48:07.0240 5132 IpFilterDriver - ok

13:48:07.0269 5132 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

13:48:07.0303 5132 IPMIDRV - ok

13:48:07.0354 5132 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

13:48:07.0411 5132 IPNAT - ok

13:48:07.0550 5132 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe

13:48:07.0589 5132 iPod Service - ok

13:48:07.0607 5132 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

13:48:07.0666 5132 IRENUM - ok

13:48:07.0692 5132 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

13:48:07.0705 5132 isapnp - ok

13:48:07.0799 5132 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

13:48:07.0845 5132 iScsiPrt - ok

13:48:07.0881 5132 itecir (9291643b494f87bfdac95a524f69e737) C:\Windows\system32\DRIVERS\itecir.sys

13:48:07.0913 5132 itecir - ok

13:48:07.0938 5132 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys

13:48:07.0951 5132 kbdclass - ok

13:48:08.0006 5132 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

13:48:08.0027 5132 kbdhid - ok

13:48:08.0064 5132 KeyIso (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe

13:48:08.0078 5132 KeyIso - ok

13:48:08.0197 5132 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys

13:48:08.0217 5132 KSecDD - ok

13:48:08.0443 5132 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys

13:48:08.0455 5132 KSecPkg - ok

13:48:08.0471 5132 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

13:48:08.0512 5132 ksthunk - ok

13:48:08.0559 5132 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

13:48:08.0626 5132 KtmRm - ok

13:48:08.0709 5132 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll

13:48:08.0757 5132 LanmanServer - ok

13:48:08.0815 5132 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

13:48:08.0860 5132 LanmanWorkstation - ok

13:48:08.0888 5132 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

13:48:08.0932 5132 lltdio - ok

13:48:09.0036 5132 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

13:48:09.0084 5132 lltdsvc - ok

13:48:09.0124 5132 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

13:48:09.0158 5132 lmhosts - ok

13:48:09.0187 5132 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

13:48:09.0201 5132 LSI_FC - ok

13:48:09.0214 5132 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

13:48:09.0231 5132 LSI_SAS - ok

13:48:09.0250 5132 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

13:48:09.0266 5132 LSI_SAS2 - ok

13:48:09.0298 5132 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

13:48:09.0313 5132 LSI_SCSI - ok

13:48:09.0331 5132 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

13:48:09.0389 5132 luafv - ok

13:48:09.0423 5132 ManyCam (d33e2b74cf8b3a652bf0a9fbd068e87a) C:\Windows\system32\DRIVERS\ManyCam_x64.sys

13:48:09.0457 5132 ManyCam - ok

13:48:09.0540 5132 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

13:48:09.0566 5132 Mcx2Svc - ok

13:48:09.0585 5132 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

13:48:09.0599 5132 megasas - ok

13:48:09.0626 5132 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

13:48:09.0645 5132 MegaSR - ok

13:48:09.0746 5132 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

13:48:09.0810 5132 MMCSS - ok

13:48:09.0822 5132 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

13:48:09.0875 5132 Modem - ok

13:48:09.0898 5132 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

13:48:09.0927 5132 monitor - ok

13:48:09.0960 5132 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

13:48:09.0974 5132 mouclass - ok

13:48:10.0043 5132 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

13:48:10.0066 5132 mouhid - ok

13:48:10.0115 5132 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

13:48:10.0130 5132 mountmgr - ok

13:48:10.0343 5132 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

13:48:10.0356 5132 MozillaMaintenance - ok

13:48:10.0389 5132 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

13:48:10.0405 5132 mpio - ok

13:48:10.0512 5132 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

13:48:10.0577 5132 mpsdrv - ok

13:48:10.0621 5132 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

13:48:10.0658 5132 MRxDAV - ok

13:48:10.0751 5132 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

13:48:10.0799 5132 mrxsmb - ok

13:48:10.0836 5132 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

13:48:10.0878 5132 mrxsmb10 - ok

13:48:10.0899 5132 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

13:48:10.0934 5132 mrxsmb20 - ok

13:48:10.0962 5132 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

13:48:10.0974 5132 msahci - ok

13:48:11.0040 5132 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

13:48:11.0054 5132 msdsm - ok

13:48:11.0399 5132 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

13:48:11.0455 5132 MSDTC - ok

13:48:11.0497 5132 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

13:48:11.0539 5132 Msfs - ok

13:48:11.0575 5132 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

13:48:11.0628 5132 mshidkmdf - ok

13:48:11.0730 5132 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

13:48:11.0741 5132 msisadrv - ok

13:48:12.0122 5132 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

13:48:12.0185 5132 MSiSCSI - ok

13:48:12.0188 5132 msiserver - ok

13:48:12.0254 5132 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

13:48:12.0300 5132 MSKSSRV - ok

13:48:12.0342 5132 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

13:48:12.0424 5132 MSPCLOCK - ok

13:48:12.0457 5132 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

13:48:12.0509 5132 MSPQM - ok

13:48:13.0148 5132 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

13:48:13.0226 5132 MsRPC - ok

13:48:13.0250 5132 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

13:48:13.0261 5132 mssmbios - ok

13:48:13.0413 5132 MSSQL$SQLEXPRESS - ok

13:48:13.0766 5132 MSSQLServerADHelper100 (7a2a8c975356858eb38466a6b1592e8d) c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE

13:48:13.0809 5132 MSSQLServerADHelper100 - ok

13:48:13.0832 5132 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

13:48:13.0892 5132 MSTEE - ok

13:48:13.0916 5132 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

13:48:13.0938 5132 MTConfig - ok

13:48:13.0956 5132 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

13:48:13.0971 5132 Mup - ok

13:48:14.0107 5132 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

13:48:14.0163 5132 napagent - ok

13:48:14.0218 5132 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

13:48:14.0248 5132 NativeWifiP - ok

13:48:15.0124 5132 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

13:48:15.0163 5132 NDIS - ok

13:48:15.0192 5132 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

13:48:15.0244 5132 NdisCap - ok

13:48:15.0269 5132 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

13:48:15.0305 5132 NdisTapi - ok

13:48:15.0391 5132 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

13:48:15.0440 5132 Ndisuio - ok

13:48:15.0843 5132 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

13:48:15.0905 5132 NdisWan - ok

13:48:15.0930 5132 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

13:48:15.0978 5132 NDProxy - ok

13:48:16.0061 5132 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

13:48:16.0151 5132 NetBIOS - ok

13:48:16.0758 5132 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

13:48:16.0838 5132 NetBT - ok

13:48:16.0911 5132 Netlogon (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe

13:48:16.0927 5132 Netlogon - ok

13:48:17.0162 5132 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

13:48:17.0245 5132 Netman - ok

13:48:18.0213 5132 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

13:48:18.0229 5132 NetMsmqActivator - ok

13:48:18.0250 5132 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

13:48:18.0261 5132 NetPipeActivator - ok

13:48:18.0320 5132 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

13:48:18.0385 5132 netprofm - ok

13:48:19.0230 5132 netr28ux (883269c1ca478658f1334f3c39b0c7ac) C:\Windows\system32\DRIVERS\netr28ux.sys

13:48:19.0292 5132 netr28ux - ok

13:48:19.0658 5132 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

13:48:19.0669 5132 NetTcpActivator - ok

13:48:19.0672 5132 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

13:48:19.0683 5132 NetTcpPortSharing - ok

13:48:19.0724 5132 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

13:48:19.0738 5132 nfrd960 - ok

13:48:19.0816 5132 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

13:48:19.0893 5132 NlaSvc - ok

13:48:19.0947 5132 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

13:48:19.0993 5132 Npfs - ok

13:48:20.0054 5132 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

13:48:20.0101 5132 nsi - ok

13:48:20.0119 5132 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

13:48:20.0172 5132 nsiproxy - ok

13:48:20.0992 5132 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys

13:48:21.0061 5132 Ntfs - ok

13:48:21.0219 5132 nTuneService - ok

13:48:21.0413 5132 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

13:48:21.0496 5132 Null - ok

13:48:21.0696 5132 NVHDA (102806b360d0e6bc6e55bf47ef655d43) C:\Windows\system32\drivers\nvhda64v.sys

13:48:21.0709 5132 NVHDA - ok

13:48:28.0114 5132 nvlddmkm (ba0b4889c40380a01ecdf84c227a89c9) C:\Windows\system32\DRIVERS\nvlddmkm.sys

13:48:28.0298 5132 nvlddmkm - ok

13:48:28.0368 5132 NVR0Dev (241a095631570a9cef4f126c87605c60) C:\Windows\nvoclk64.sys

13:48:28.0376 5132 NVR0Dev - ok

13:48:28.0490 5132 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys

13:48:28.0511 5132 nvraid - ok

13:48:28.0529 5132 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys

13:48:28.0549 5132 nvstor - ok

13:48:28.0659 5132 nvsvc (06633cf95bea62164c3bfca24bce6b11) C:\Windows\system32\nvvsvc.exe

13:48:28.0708 5132 nvsvc - ok

13:48:28.0975 5132 nvUpdatusService (53b629ce436b110c5689c2f6439e567b) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

13:48:29.0030 5132 nvUpdatusService - ok

13:48:29.0167 5132 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

13:48:29.0188 5132 nv_agp - ok

13:48:29.0215 5132 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

13:48:29.0239 5132 ohci1394 - ok

13:48:29.0275 5132 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

13:48:29.0327 5132 p2pimsvc - ok

13:48:29.0504 5132 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

13:48:29.0551 5132 p2psvc - ok

13:48:29.0576 5132 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

13:48:29.0604 5132 Parport - ok

13:48:29.0653 5132 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

13:48:29.0665 5132 partmgr - ok

13:48:29.0683 5132 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

13:48:29.0721 5132 PcaSvc - ok

13:48:29.0762 5132 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

13:48:29.0782 5132 pci - ok

13:48:29.0809 5132 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

13:48:29.0821 5132 pciide - ok

13:48:29.0846 5132 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

13:48:29.0872 5132 pcmcia - ok

13:48:29.0886 5132 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

13:48:29.0899 5132 pcw - ok

13:48:29.0938 5132 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

13:48:30.0004 5132 PEAUTH - ok

13:48:30.0090 5132 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

13:48:30.0116 5132 PerfHost - ok

13:48:30.0454 5132 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

13:48:30.0558 5132 pla - ok

13:48:30.0635 5132 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

13:48:30.0676 5132 PlugPlay - ok

13:48:30.0692 5132 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

13:48:30.0715 5132 PNRPAutoReg - ok

13:48:30.0762 5132 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

13:48:30.0778 5132 PNRPsvc - ok

13:48:31.0421 5132 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

13:48:31.0492 5132 PolicyAgent - ok

13:48:31.0532 5132 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

13:48:31.0585 5132 Power - ok

13:48:31.0811 5132 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

13:48:31.0868 5132 PptpMiniport - ok

13:48:31.0936 5132 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

13:48:31.0979 5132 Processor - ok

13:48:32.0030 5132 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll

13:48:32.0102 5132 ProfSvc - ok

13:48:32.0123 5132 ProtectedStorage (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe

13:48:32.0137 5132 ProtectedStorage - ok

13:48:32.0166 5132 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

13:48:32.0207 5132 Psched - ok

13:48:32.0434 5132 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

13:48:32.0482 5132 ql2300 - ok

13:48:32.0972 5132 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

13:48:33.0008 5132 ql40xx - ok

13:48:33.0061 5132 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

13:48:33.0092 5132 QWAVE - ok

13:48:33.0103 5132 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

13:48:33.0131 5132 QWAVEdrv - ok

13:48:33.0144 5132 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

13:48:33.0191 5132 RasAcd - ok

13:48:33.0284 5132 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

13:48:33.0344 5132 RasAgileVpn - ok

13:48:33.0419 5132 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

13:48:33.0458 5132 RasAuto - ok

13:48:33.0501 5132 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

13:48:33.0538 5132 Rasl2tp - ok

13:48:33.0570 5132 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

13:48:33.0631 5132 RasMan - ok

13:48:33.0667 5132 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

13:48:33.0701 5132 RasPppoe - ok

13:48:33.0725 5132 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

13:48:33.0770 5132 RasSstp - ok

13:48:33.0802 5132 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

13:48:33.0856 5132 rdbss - ok

13:48:33.0872 5132 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

13:48:33.0894 5132 rdpbus - ok

13:48:33.0912 5132 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

13:48:33.0955 5132 RDPCDD - ok

13:48:33.0975 5132 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

13:48:34.0016 5132 RDPENCDD - ok

13:48:34.0031 5132 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

13:48:34.0072 5132 RDPREFMP - ok

13:48:34.0122 5132 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys

13:48:34.0182 5132 RDPWD - ok

13:48:34.0216 5132 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

13:48:34.0240 5132 rdyboost - ok

13:48:34.0275 5132 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

13:48:34.0312 5132 RemoteAccess - ok

13:48:34.0341 5132 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

13:48:34.0392 5132 RemoteRegistry - ok

13:48:34.0560 5132 rimmptsk (cb7c996f3878e936bfdd9cdfe6a3a987) C:\Windows\system32\DRIVERS\rimmpx64.sys

13:48:34.0646 5132 rimmptsk - ok

13:48:34.0759 5132 rimsptsk (2c543f0e04b5f6fd5c17509d0ece6d1d) C:\Windows\system32\DRIVERS\rimspx64.sys

13:48:34.0828 5132 rimsptsk - ok

13:48:35.0295 5132 rismxdp (481c3fdeacaae04b74c58288dbc91df9) C:\Windows\system32\DRIVERS\rixdpx64.sys

13:48:35.0340 5132 rismxdp - ok

13:48:35.0360 5132 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

13:48:35.0445 5132 RpcEptMapper - ok

13:48:35.0479 5132 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

13:48:35.0503 5132 RpcLocator - ok

13:48:35.0568 5132 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

13:48:35.0607 5132 RpcSs - ok

13:48:35.0701 5132 RsFx0103 (cd553b8633466a6d1c115812f2619f1f) C:\Windows\system32\DRIVERS\RsFx0103.sys

13:48:35.0723 5132 RsFx0103 - ok

13:48:35.0757 5132 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

13:48:35.0798 5132 rspndr - ok

13:48:35.0812 5132 SamSs (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe

13:48:35.0826 5132 SamSs - ok

13:48:35.0861 5132 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

13:48:35.0874 5132 sbp2port - ok

13:48:35.0950 5132 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

13:48:35.0988 5132 SCardSvr - ok

13:48:36.0037 5132 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

13:48:36.0088 5132 scfilter - ok

13:48:36.0474 5132 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

13:48:36.0541 5132 Schedule - ok

13:48:36.0641 5132 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

13:48:36.0672 5132 SCPolicySvc - ok

13:48:36.0715 5132 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys

13:48:36.0737 5132 sdbus - ok

13:48:36.0784 5132 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

13:48:36.0822 5132 SDRSVC - ok

13:48:36.0853 5132 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

13:48:36.0893 5132 secdrv - ok

13:48:36.0907 5132 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

13:48:36.0948 5132 seclogon - ok

13:48:36.0985 5132 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll

13:48:37.0028 5132 SENS - ok

13:48:37.0045 5132 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

13:48:37.0093 5132 SensrSvc - ok

13:48:37.0108 5132 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

13:48:37.0130 5132 Serenum - ok

13:48:37.0159 5132 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

13:48:37.0182 5132 Serial - ok

13:48:37.0217 5132 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

13:48:37.0247 5132 sermouse - ok

13:48:37.0353 5132 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

13:48:37.0416 5132 SessionEnv - ok

13:48:37.0441 5132 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

13:48:37.0484 5132 sffdisk - ok

13:48:37.0512 5132 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

13:48:37.0542 5132 sffp_mmc - ok

13:48:37.0572 5132 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

13:48:37.0597 5132 sffp_sd - ok

13:48:37.0628 5132 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

13:48:37.0642 5132 sfloppy - ok

13:48:37.0710 5132 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

13:48:37.0773 5132 ShellHWDetection - ok

13:48:37.0797 5132 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

13:48:37.0811 5132 SiSRaid2 - ok

13:48:37.0827 5132 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

13:48:37.0839 5132 SiSRaid4 - ok

13:48:38.0136 5132 SkypeUpdate (ddaa5f4a6b958fc313ebd02dd925752f) C:\Program Files (x86)\Skype\Updater\Updater.exe

13:48:38.0158 5132 SkypeUpdate - ok

13:48:38.0187 5132 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

13:48:38.0226 5132 Smb - ok

13:48:38.0252 5132 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

13:48:38.0278 5132 SNMPTRAP - ok

13:48:38.0301 5132 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

13:48:38.0311 5132 spldr - ok

13:48:38.0525 5132 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

13:48:38.0612 5132 Spooler - ok

13:48:40.0600 5132 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

13:48:40.0715 5132 sppsvc - ok

13:48:40.0891 5132 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

13:48:40.0954 5132 sppuinotify - ok

13:48:41.0515 5132 SQLAgent$SQLEXPRESS (12e6d95cde974b131defaa44bab8b056) c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE

13:48:41.0558 5132 SQLAgent$SQLEXPRESS - ok

13:48:42.0030 5132 SQLBrowser (b54b48f6d92423440c264e91225c5ff1) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe

13:48:42.0114 5132 SQLBrowser - ok

13:48:42.0226 5132 SQLWriter (6d65985945b03ca59b67d0b73702fc7b) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

13:48:42.0237 5132 SQLWriter - ok

13:48:42.0513 5132 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

13:48:42.0569 5132 srv - ok

13:48:42.0653 5132 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

13:48:42.0692 5132 srv2 - ok

13:48:42.0713 5132 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

13:48:42.0787 5132 srvnet - ok

13:48:42.0838 5132 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

13:48:42.0893 5132 SSDPSRV - ok

13:48:43.0077 5132 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

13:48:43.0174 5132 SstpSvc - ok

13:48:43.0592 5132 STacSV (1fcaf9c8a17985a28507338f36200320) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_056607ee0106e5e8\STacSV64.exe

13:48:43.0628 5132 STacSV - ok

13:48:43.0694 5132 Steam Client Service - ok

13:48:44.0066 5132 Stereo Service (c354621b6b94e10ae7f5cdbe745feb86) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

13:48:44.0112 5132 Stereo Service - ok

13:48:44.0186 5132 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

13:48:44.0198 5132 stexstor - ok

13:48:44.0609 5132 STHDA (3c400155894b9caf176eb4f64737050b) C:\Windows\system32\DRIVERS\stwrt64.sys

13:48:44.0656 5132 STHDA - ok

13:48:44.0717 5132 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

13:48:44.0764 5132 stisvc - ok

13:48:44.0785 5132 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

13:48:44.0795 5132 swenum - ok

13:48:44.0844 5132 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

13:48:44.0919 5132 swprv - ok

13:48:45.0021 5132 SynTP (5c9bb68b1f4bbcb85b4f6e675fc523a0) C:\Windows\system32\DRIVERS\SynTP.sys

13:48:45.0032 5132 SynTP - ok

13:48:46.0236 5132 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

13:48:46.0333 5132 SysMain - ok

13:48:46.0626 5132 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

13:48:46.0669 5132 TabletInputService - ok

13:48:46.0718 5132 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

13:48:46.0779 5132 TapiSrv - ok

13:48:46.0819 5132 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

13:48:46.0858 5132 TBS - ok

13:48:48.0039 5132 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys

13:48:48.0099 5132 Tcpip - ok

13:48:49.0698 5132 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys

13:48:49.0736 5132 TCPIP6 - ok

13:48:50.0634 5132 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

13:48:50.0677 5132 tcpipreg - ok

13:48:50.0786 5132 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

13:48:50.0843 5132 TDPIPE - ok

13:48:50.0999 5132 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

13:48:51.0031 5132 TDTCP - ok

13:48:51.0302 5132 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

13:48:51.0421 5132 tdx - ok

13:48:51.0614 5132 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

13:48:51.0628 5132 TermDD - ok

13:48:52.0245 5132 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

13:48:52.0319 5132 TermService - ok

13:48:52.0349 5132 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

13:48:52.0381 5132 Themes - ok

13:48:52.0408 5132 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

13:48:52.0440 5132 THREADORDER - ok

13:48:52.0496 5132 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

13:48:52.0560 5132 TrkWks - ok

13:48:52.0727 5132 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

13:48:52.0791 5132 TrustedInstaller - ok

13:48:52.0860 5132 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

13:48:52.0913 5132 tssecsrv - ok

13:48:53.0062 5132 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

13:48:53.0095 5132 TsUsbFlt - ok

13:48:53.0130 5132 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

13:48:53.0176 5132 tunnel - ok

13:48:53.0232 5132 TurboB (fd24f98d2898be093fe926604be7db99) C:\Windows\system32\DRIVERS\TurboB.sys

13:48:53.0241 5132 TurboB - ok

13:48:53.0407 5132 TurboBoost (600b406a04d90f577fea8a88d7379f08) C:\Program Files\Intel\TurboBoost\TurboBoost.exe

13:48:53.0461 5132 TurboBoost - ok

13:48:53.0568 5132 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

13:48:53.0596 5132 uagp35 - ok

13:48:53.0764 5132 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

13:48:53.0806 5132 udfs - ok

13:48:53.0840 5132 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

13:48:53.0865 5132 UI0Detect - ok

13:48:53.0902 5132 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

13:48:53.0915 5132 uliagpkx - ok

13:48:53.0946 5132 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys

13:48:53.0976 5132 umbus - ok

13:48:54.0007 5132 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

13:48:54.0035 5132 UmPass - ok

13:48:54.0064 5132 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

13:48:54.0126 5132 upnphost - ok

13:48:54.0192 5132 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys

13:48:54.0245 5132 USBAAPL64 - ok

13:48:54.0290 5132 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys

13:48:54.0318 5132 usbaudio - ok

13:48:54.0363 5132 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\DRIVERS\usbccgp.sys

13:48:54.0400 5132 usbccgp - ok

13:48:54.0431 5132 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

13:48:54.0456 5132 usbcir - ok

13:48:54.0470 5132 usbehci (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\drivers\usbehci.sys

13:48:54.0495 5132 usbehci - ok

13:48:54.0541 5132 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\drivers\usbhub.sys

13:48:54.0580 5132 usbhub - ok

13:48:54.0597 5132 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys

13:48:54.0611 5132 usbohci - ok

13:48:54.0662 5132 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

13:48:54.0685 5132 usbprint - ok

13:48:54.0703 5132 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS

13:48:54.0748 5132 USBSTOR - ok

13:48:54.0782 5132 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys

13:48:54.0798 5132 usbuhci - ok

13:48:54.0834 5132 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys

13:48:54.0867 5132 usbvideo - ok

13:48:54.0894 5132 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

13:48:54.0931 5132 UxSms - ok

13:48:54.0980 5132 VaultSvc (0793f40b9b8a1bdd266296409dbd91ea) C:\Windows\system32\lsass.exe

13:48:54.0996 5132 VaultSvc - ok

13:48:55.0037 5132 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

13:48:55.0049 5132 vdrvroot - ok

13:48:55.0100 5132 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

13:48:55.0161 5132 vds - ok

13:48:55.0183 5132 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

13:48:55.0201 5132 vga - ok

13:48:55.0211 5132 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

13:48:55.0251 5132 VgaSave - ok

13:48:55.0302 5132 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

13:48:55.0326 5132 vhdmp - ok

13:48:55.0347 5132 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

13:48:55.0360 5132 viaide - ok

13:48:55.0376 5132 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

13:48:55.0390 5132 volmgr - ok

13:48:55.0448 5132 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

13:48:55.0475 5132 volmgrx - ok

13:48:55.0506 5132 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

13:48:55.0529 5132 volsnap - ok

13:48:55.0559 5132 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

13:48:55.0579 5132 vsmraid - ok

13:48:55.0937 5132 VSPerfDrv100 (1928b9ca20f51bfbbad54d2c2c447b13) C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys

13:48:55.0975 5132 VSPerfDrv100 - ok

13:48:56.0921 5132 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

13:48:57.0001 5132 VSS - ok

13:48:57.0781 5132 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

13:48:57.0829 5132 vwifibus - ok

13:48:57.0881 5132 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

13:48:57.0905 5132 vwififlt - ok

13:48:57.0925 5132 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys

13:48:57.0957 5132 vwifimp - ok

13:48:58.0003 5132 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

13:48:58.0057 5132 W32Time - ok

13:48:58.0238 5132 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

13:48:58.0272 5132 WacomPen - ok

13:48:58.0497 5132 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

13:48:58.0563 5132 WANARP - ok

13:48:58.0567 5132 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

13:48:58.0603 5132 Wanarpv6 - ok

13:48:58.0777 5132 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

13:48:58.0843 5132 WatAdminSvc - ok

13:48:59.0103 5132 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

13:48:59.0168 5132 wbengine - ok

13:48:59.0871 5132 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

13:48:59.0915 5132 WbioSrvc - ok

13:49:00.0772 5132 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

13:49:00.0826 5132 wcncsvc - ok

13:49:00.0857 5132 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

13:49:00.0893 5132 WcsPlugInService - ok

13:49:00.0962 5132 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

13:49:00.0975 5132 Wd - ok

13:49:01.0026 5132 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

13:49:01.0096 5132 Wdf01000 - ok

13:49:01.0172 5132 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

13:49:01.0287 5132 WdiServiceHost - ok

13:49:01.0290 5132 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

13:49:01.0308 5132 WdiSystemHost - ok

13:49:01.0799 5132 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

13:49:01.0861 5132 WebClient - ok

13:49:02.0180 5132 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

13:49:02.0261 5132 Wecsvc - ok

13:49:02.0448 5132 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

13:49:02.0538 5132 wercplsupport - ok

13:49:02.0561 5132 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

13:49:02.0621 5132 WerSvc - ok

13:49:02.0886 5132 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

13:49:02.0930 5132 WfpLwf - ok

13:49:02.0970 5132 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

13:49:02.0997 5132 WIMMount - ok

13:49:03.0381 5132 WindowBlinds (8258726d076c8fff994f468712ddfbab) C:\Program Files (x86)\Stardock\MyColors\VistaSrv.exe

13:49:03.0400 5132 WindowBlinds - ok

13:49:03.0407 5132 WinHttpAutoProxySvc - ok

13:49:03.0505 5132 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

13:49:03.0589 5132 Winmgmt - ok

13:49:04.0481 5132 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

13:49:04.0575 5132 WinRM - ok

13:49:05.0120 5132 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

13:49:05.0165 5132 WinUsb - ok

13:49:05.0918 5132 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

13:49:05.0956 5132 Wlansvc - ok

13:49:06.0067 5132 wltrysvc (de816a0624d54d68e1fb8a9028dcf81a) C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE

13:49:06.0081 5132 wltrysvc ( UnsignedFile.Multi.Generic ) - warning

13:49:06.0081 5132 wltrysvc - detected UnsignedFile.Multi.Generic (1)

13:49:06.0118 5132 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

13:49:06.0143 5132 WmiAcpi - ok

13:49:06.0212 5132 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

13:49:06.0247 5132 wmiApSrv - ok

13:49:06.0294 5132 WMPNetworkSvc - ok

13:49:06.0331 5132 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

13:49:06.0364 5132 WPCSvc - ok

13:49:06.0482 5132 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

13:49:06.0498 5132 WPDBusEnum - ok

13:49:06.0527 5132 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

13:49:06.0566 5132 ws2ifsl - ok

13:49:06.0569 5132 WSearch - ok

13:49:06.0617 5132 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

13:49:06.0655 5132 WudfPf - ok

13:49:06.0751 5132 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

13:49:06.0817 5132 WUDFRd - ok

13:49:06.0844 5132 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

13:49:06.0891 5132 wudfsvc - ok

13:49:06.0946 5132 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

13:49:06.0977 5132 WwanSvc - ok

13:49:07.0020 5132 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

13:49:07.0092 5132 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected

13:49:07.0092 5132 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)

13:49:07.0273 5132 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

13:49:07.0273 5132 \Device\Harddisk0\DR0 - detected TDSS File System (1)

13:49:07.0282 5132 MBR (0x1B8) (65e858a8a0293be11a920b0bc99d695e) \Device\Harddisk1\DR1

13:49:07.0889 5132 \Device\Harddisk1\DR1 - ok

13:49:07.0906 5132 Boot (0x1200) (30d2389c7b05b11e67eb039f63acd4b8) \Device\Harddisk0\DR0\Partition0

13:49:07.0917 5132 \Device\Harddisk0\DR0\Partition0 - ok

13:49:07.0944 5132 Boot (0x1200) (a0a89077aa5b897f3231741f6e3f1496) \Device\Harddisk0\DR0\Partition1

13:49:07.0953 5132 \Device\Harddisk0\DR0\Partition1 - ok

13:49:07.0957 5132 Boot (0x1200) (7116c7025dd3681756ca9d3aa4727dc9) \Device\Harddisk1\DR1\Partition0

13:49:07.0959 5132 \Device\Harddisk1\DR1\Partition0 - ok

13:49:07.0959 5132 ============================================================

13:49:07.0959 5132 Scan finished

13:49:07.0959 5132 ============================================================

13:49:07.0966 5820 Detected object count: 4

13:49:07.0966 5820 Actual detected object count: 4

13:50:09.0893 5820 HappyOSD ( UnsignedFile.Multi.Generic ) - skipped by user

13:50:09.0893 5820 HappyOSD ( UnsignedFile.Multi.Generic ) - User select action: Skip

13:50:09.0894 5820 wltrysvc ( UnsignedFile.Multi.Generic ) - skipped by user

13:50:09.0894 5820 wltrysvc ( UnsignedFile.Multi.Generic ) - User select action: Skip

13:50:11.0159 5820 \Device\Harddisk0\DR0\# - copied to quarantine

13:50:11.0160 5820 \Device\Harddisk0\DR0 - copied to quarantine

13:50:11.0277 5820 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine

13:50:11.0281 5820 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine

13:50:11.0325 5820 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine

13:50:11.0334 5820 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine

13:50:11.0362 5820 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine

13:50:11.0378 5820 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine

13:50:11.0380 5820 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine

13:50:11.0381 5820 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine

13:50:11.0384 5820 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine

13:50:11.0387 5820 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine

13:50:11.0391 5820 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine

13:50:11.0393 5820 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine

13:50:11.0395 5820 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine

13:50:11.0421 5820 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine

13:50:11.0433 5820 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot

13:50:11.0436 5820 \Device\Harddisk0\DR0 - ok

13:50:11.0476 5820 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure

13:50:11.0477 5820 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

13:50:11.0477 5820 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

13:50:13.0364 6008 Deinitialize success

Link to post
Share on other sites

OK, TDSSKiller nailed the rootkit.

Just run it again and delete this one only:

13:50:11.0477 5820 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

13:50:11.0477 5820 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

------------------------------------------------

Then..........

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

The scan ran fine, but after the restart, it said do not open any programs until after it is finished which was fine, the log came up. But now i cannot open programs such as mozilla or internet explorer, i get this message :

c:\Program Files (x86)\Mozilla Firefox\firefox.exe

Illegal operation attempted on a registry key that has been marked for deletion.

saved log on flashdrive and posting on another computer

ComboFix 12-08-09.01 - Ghostshell 08/10/2012 14:28:36.2.8 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8181.6476 [GMT -7:00]

Running from: c:\users\Ghostshell\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\ntuser.dat

c:\windows\svchost.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-07-10 to 2012-08-10 )))))))))))))))))))))))))))))))

.

.

2012-08-10 21:36 . 2012-08-10 21:36 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-08-10 21:36 . 2012-08-10 21:36 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-08-10 21:08 . 2012-08-10 21:08 -------- d-----w- C:\FRST

2012-08-08 18:16 . 2012-08-08 18:20 -------- d-----w- c:\users\Ghostshell\AppData\Roaming\FileZilla

2012-08-04 02:45 . 2012-08-04 02:45 5120 ----a-w- c:\programdata\Microsoft\Windows\DRM\EBFC.tmp

2012-08-04 02:45 . 2012-08-04 02:45 5120 ----a-w- c:\programdata\Microsoft\Windows\DRM\EBFB.tmp

2012-08-02 03:48 . 2012-08-02 03:48 5120 ----a-w- c:\programdata\Microsoft\Windows\DRM\4158.tmp

2012-08-01 18:18 . 2012-08-01 18:18 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-08-01 18:18 . 2012-08-01 18:18 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-07-30 22:36 . 2012-07-30 22:36 -------- d-----w- c:\users\Ghostshell\AppData\Local\Macromedia

2012-07-21 18:44 . 2012-07-21 18:44 -------- d-----w- c:\users\Ghostshell\AppData\Roaming\libimobiledevice

2012-07-21 18:44 . 2012-08-02 01:43 -------- d-----w- c:\program files (x86)\Tansee iPhone Transfer Contact

2012-07-21 18:43 . 2012-08-04 03:16 -------- d-----w- c:\users\Ghostshell\AppData\Roaming\GetRightToGo

2012-07-21 16:10 . 2012-07-21 16:10 -------- d-----w- c:\program files\iPod

2012-07-21 16:10 . 2012-07-21 16:11 -------- d-----w- c:\program files\iTunes

2012-07-21 16:10 . 2012-07-21 16:11 -------- d-----w- c:\program files (x86)\iTunes

2012-07-21 16:08 . 2012-07-21 16:08 -------- d-----w- c:\program files\Bonjour

2012-07-21 16:08 . 2012-07-21 16:08 -------- d-----w- c:\program files (x86)\Bonjour

2012-07-20 09:17 . 2012-07-20 09:17 5120 ----a-w- c:\programdata\Microsoft\Windows\DRM\692D.tmp

2012-07-19 04:54 . 2012-07-19 04:54 -------- d-----w- c:\program files (x86)\MALWAREBYTES ANTI-MALWARE

2012-07-18 21:09 . 2012-07-19 04:52 -------- d-----w- c:\users\Ghostshell\AppData\Roaming\Clipdiary

2012-07-18 06:03 . 2012-07-18 06:03 5120 ----a-w- c:\programdata\Microsoft\Windows\DRM\C2B3.tmp

2012-07-18 04:22 . 2012-08-10 21:07 -------- d-----w- C:\TDSSKiller_Quarantine

2012-07-18 03:06 . 2012-07-18 05:22 -------- d-----w- c:\program files (x86)\Diablo III

2012-07-18 03:05 . 2012-07-18 03:05 -------- d-----w- c:\programdata\Battle.net

2012-07-16 20:45 . 2012-07-16 20:45 -------- d-----w- c:\users\UpdatusUser.Ghostshell-PC

2012-07-16 20:44 . 2012-05-15 09:29 889664 ----a-w- c:\windows\system32\nvvsvc.exe

2012-07-16 20:44 . 2012-05-15 09:29 63296 ----a-w- c:\windows\system32\nvshext.dll

2012-07-16 20:44 . 2012-05-15 09:29 2561856 ----a-w- c:\windows\system32\nvsvcr.dll

2012-07-16 20:44 . 2012-05-15 09:29 118080 ----a-w- c:\windows\system32\nvmctray.dll

2012-07-16 20:44 . 2012-05-15 09:29 3149632 ----a-w- c:\windows\system32\nvsvc64.dll

2012-07-16 20:44 . 2012-05-15 09:28 6151488 ----a-w- c:\windows\system32\nvcpl.dll

2012-07-16 20:43 . 2012-07-16 20:43 -------- d-----w- c:\programdata\NVIDIA Corporation

2012-07-16 09:48 . 2012-07-16 09:48 -------- d-----w- c:\program files (x86)\OApps

2012-07-16 09:48 . 2012-07-16 09:48 -------- d-----w- c:\program files (x86)\TorrentSearch

2012-07-16 09:47 . 2012-07-18 22:02 -------- d-----w- c:\program files (x86)\smartdl

2012-07-13 20:07 . 2012-07-13 20:06 372736 ----a-w- c:\windows\system32\NVUNINST.EXE

2012-07-13 20:07 . 2007-07-03 23:41 978944 ----a-w- c:\windows\system32\msvcp71.dll

2012-07-13 20:07 . 2007-07-03 23:41 520192 ----a-w- c:\windows\system32\msvcr71.dll

2012-07-13 20:07 . 2007-07-03 23:41 1524736 ----a-w- c:\windows\system32\MFC71.dll

2012-07-13 20:07 . 2007-06-26 05:21 403456 ----a-w- c:\windows\system32\nvcpl.cpl

2012-07-13 20:07 . 2007-06-26 05:21 2065920 ----a-w- c:\windows\system32\nvcplUI.exe

2012-07-13 20:07 . 2007-06-26 05:21 1064448 ----a-w- c:\windows\system32\nvcplUIR.dll

2012-07-13 20:07 . 2007-06-26 05:21 381952 ----a-w- c:\windows\system32\nvexpBar.dll

2012-07-13 20:07 . 2012-07-13 20:07 -------- d-----w- c:\users\Ghostshell\AppData\Local\NVIDIA Corporation

2012-07-13 20:06 . 2012-07-13 20:06 -------- d-----w- c:\program files (x86)\Common Files\InstallShield

2012-07-13 20:05 . 2012-07-13 20:05 -------- d-----w- c:\program files (x86)\NVIDIA nTune Performance Application

2012-07-12 19:53 . 2012-04-18 17:08 31040 ----a-w- c:\windows\system32\nvhdap64.dll

2012-07-12 19:53 . 2012-04-18 17:08 188736 ----a-w- c:\windows\system32\drivers\nvhda64v.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-03 20:46 . 2011-09-02 01:05 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-05-29 06:59 . 2012-02-14 19:11 2478272 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll

2012-05-15 10:48 . 2012-05-14 21:09 68928 ----a-w- c:\windows\system32\OpenCL.dll

2012-05-15 10:48 . 2012-05-14 21:09 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll

2012-05-15 10:48 . 2012-05-14 21:09 1738048 ----a-w- c:\windows\system32\nvdispco64.dll

2012-05-15 10:48 . 2012-05-14 21:09 1468224 ----a-w- c:\windows\system32\nvgenco64.dll

2012-05-15 10:48 . 2012-05-14 21:09 2368832 ----a-w- c:\windows\SysWow64\nvapi.dll

2012-05-15 09:21 . 2012-05-15 09:21 423744 ----a-w- c:\windows\SysWow64\nvStreaming.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 94208 ----a-w- c:\users\Ghostshell\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 94208 ----a-w- c:\users\Ghostshell\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 94208 ----a-w- c:\users\Ghostshell\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"FATrayAlert"="c:\program files\Alienware\Command Center\AlienSense\FATrayMon.exe" [2010-04-04 95560]

"YouCam Mirage"="c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe" [2011-02-25 136488]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Stardock MyColors.lnk - c:\program files (x86)\Stardock\MyColors\SDDelayedLaunch.exe [2009-12-15 11520]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\FastAccess]

2010-04-04 18:43 144712 ----a-w- c:\program files\Alienware\Command Center\AlienSense\FALogNot.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Notification Packages REG_MULTI_SZ scecli FAPassSync

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-08 160944]

R3 DAdderFltr;DeathAdder Mouse;c:\windows\system32\drivers\dadder.sys [2007-08-02 12672]

R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [2008-09-25 238848]

R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys [2008-03-13 27136]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-18 113120]

R3 netr28ux;RT2870 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr28ux.sys [2009-05-25 966144]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-04-25 52736]

R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-03-18 68440]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-01 1255736]

R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]

R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656]

R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_056607ee0106e5e8\AESTSr64.exe [2009-03-03 89600]

S2 AlienFusionService;Alienware Fusion Service;c:\program files\Alienware\Command Center\AlienFusionService.exe [2010-05-21 14648]

S2 FAService;FAService;c:\program files\Alienware\Command Center\AlienSense\FAService.exe [2010-04-04 2409800]

S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-06-27 2369960]

S2 HappyOSD;HappyOSD;c:\program files (x86)\OSD\OSD_Service.exe [2010-01-04 16384]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]

S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]

S3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys [2010-02-02 20984]

S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088]

S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [2009-06-22 273072]

S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2009-03-09 60416]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-04-18 188736]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3283257569-265424493-2168791217-1000Core.job

- c:\users\Ghostshell\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-24 22:10]

.

2012-08-10 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3283257569-265424493-2168791217-1000UA.job

- c:\users\Ghostshell\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-24 22:10]

.

2012-08-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3283257569-265424493-2168791217-1000Core.job

- c:\users\Ghostshell\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-27 01:17]

.

2012-08-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3283257569-265424493-2168791217-1000UA.job

- c:\users\Ghostshell\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-27 01:17]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 97792 ----a-w- c:\users\Ghostshell\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 97792 ----a-w- c:\users\Ghostshell\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 97792 ----a-w- c:\users\Ghostshell\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-02-14 22:58 97792 ----a-w- c:\users\Ghostshell\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AlienFX Controller"="c:\program files\Alienware\Command Center\AlienwareAlienFXController.exe" [2010-05-21 63304]

"Broadcom Wireless Manager UI"="c:\program files\Dell\DW WLAN Card\WLTRAY.exe" [2010-02-02 5712896]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-09-16 487424]

"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://isearch.avg.com/?cid={66452CD3-7FAD-429C-82D2-C6A90D55E54A}&mid=500452e994ba47d1b4dd787cac9f0712-48643e70690374b37bf2810e9fd57bd51de19c8a〈=en&ds=ft011&pr=sa&d=2012-07-06 23:20&v=11.1.0.12&sap=hp

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\Ghostshell\AppData\Roaming\Mozilla\Firefox\Profiles\r5k9gv91.default\

FF - prefs.js: browser.startup.homepage - about:home

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?q=

FF - user.js: extensions.incredibar_i.newTab - false

FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6R8fAMlSQM&loc=IB_TB&i=26&search=

FF - user.js: extensions.incredibar_i.id - 32b459e3000000000000c446192559ba

FF - user.js: extensions.incredibar_i.hardId - 32b459e3000000000000c446192559ba

FF - user.js: extensions.incredibar_i.instlDay - 15341

FF - user.js: extensions.incredibar_i.vrsn - 1.5.3.27

FF - user.js: extensions.incredibar_i.vrsni - 1.5.3.27

FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.3.2721:50

FF - user.js: extensions.incredibar_i.prtnrId - Incredibar

FF - user.js: extensions.incredibar_i.prdct - incredibar

FF - user.js: extensions.incredibar_i.aflt - orgnl

FF - user.js: extensions.incredibar_i.smplGrp - none

FF - user.js: extensions.incredibar_i.tlbrId - base

FF - user.js: extensions.incredibar_i.instlRef -

FF - user.js: extensions.incredibar_i.dfltLng -

FF - user.js: extensions.incredibar_i.excTlbr - false

FF - user.js: extensions.incredibar_i.ms_url_id -

FF - user.js: extensions.incredibar_i.upn2 - 6R8fAMlSQM

FF - user.js: extensions.incredibar_i.upn2n - 92823603489226040

FF - user.js: extensions.incredibar_i.productid - 26

FF - user.js: extensions.incredibar_i.installerproductid - 26

FF - user.js: extensions.incredibar_i.did - 10589

FF - user.js: extensions.incredibar_i.ppd -

user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKLM-Run-FAStartup - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\NetworkList\Nla\Cache\Intranet\ñ*4%%d"*²*Æ

!#H*K*X%]

"Successes"=dword:e0000000

"Failures"=dword:e0000001

"{3DE8CC97-3A1E-4A03-BC04-24E47C25F59A}"=hex:00,18,f8,7c,33,3b

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Alienware\Command Center\AlienFusionController.exe

.

**************************************************************************

.

Completion time: 2012-08-10 14:46:03 - machine was rebooted

ComboFix-quarantined-files.txt 2012-08-10 21:46

.

Pre-Run: 87,516,626,944 bytes free

Post-Run: 87,212,793,856 bytes free

.

- - End Of File - - 0860E11031C8BD71FC09252D7183CEFE

Link to post
Share on other sites

Seems good, thank you very much for the help!

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.07.05

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 8.0.7601.17514

Ghostshell :: GHOSTSHELL-PC [administrator]

8/10/2012 3:01:23 PM

mbam-log-2012-08-10 (15-01-23).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 244237

Time elapsed: 4 minute(s), 21 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Link to post
Share on other sites

Great thumbsup.gif

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall)

---------------------------------

Please download OTL from one of the links below: (you may already have OTL on the system)

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

http://www.itxassociates.com/OT-Tools/OTL.exe

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, etc....

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.