Am I still infected?

[Megaweapon]

Hi, I had several unwanted programs a couple of days ago. Yesterday I left the computer in safe mode all day and ran Malwarebytes, AdwCleaner, Junkware Removal Tool, and the ESET Online Scanner. I basically followed the instructions at the following page because that user had PUP.CrossFire.SA which I also had.

Right now Malwarebytes says the system is clean, but I'm not sure. My CPU isn't used as much as it was before, but my computer still took forever to start up. So I think there is probably something else.

Can someone please take a look at this and tell me if I am still infected? Thank you

DDS.txt:

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.21.2

Run by Cliff at 18:17:01 on 2013-05-24

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7935.5518 [GMT -4:00]

.

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskhost.exe

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\LSI SoftModem\agr64svc.exe

C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Windows\SysWOW64\ASGT.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\ASUS\GPU Tweak\GPUTweak.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\System32\svchost.exe -k secsvcs

c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\PeerBlock\peerblock.exe

c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Users\Cliff\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe

C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

C:\Program Files (x86)\Steam\Steam.exe

C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

C:\Program Files (x86)\PowerISO\PWRISOVM.EXE

C:\Users\Cliff\AppData\Local\Citrix\ICA Client\concentr.exe

C:\Program Files (x86)\Winamp\winampa.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Users\Cliff\AppData\Local\Citrix\ICA Client\wfcrun32.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files (x86)\ASUS\GPU Tweak\Monitor.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\taskmgr.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\SpywareBlaster\spywareblaster.exe

C:\Program Files (x86)\SpywareBlaster\spywareblaster.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Users\Cliff\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Cliff\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

C:\Windows\SysWOW64\NOTEPAD.EXE

C:\Users\Cliff\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files (x86)\iTunes\iTunes.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe

C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\notepad.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.ask.com/?l=dis&o=14597

BHO: Octh Class: {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

uRun: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe

uRun: [sansaDispatch] C:\Users\Cliff\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe

uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

uRun: [California Fonts Loader] "C:\Program Files (x86)\California Font Manager\CaliforniaFonts.exe" /scanfolder

uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent

uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE

mRun: [ConnectionCenter] "C:\Users\Cliff\AppData\Local\Citrix\ICA Client\concentr.exe" /startup

mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

dRunOnce: [Application Restart #0] C:\Program Files (x86)\ASUS\GPU Tweak\Monitor.exe /RestartByRestartManager:80D9D54A-8865-4744-9CB5-55740FB7F385

uPolicies-Explorer: NoDrives = dword:0

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableLUA = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

IE: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204

IE: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202

.

INFO: HKCU has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

TCP: NameServer = 192.168.1.254

TCP: Interfaces\{C43941BF-B033-4A7B-A42A-CC1F9C84C4D3} : DHCPNameServer = 192.168.1.254

Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Cliff\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll

Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Users\Cliff\AppData\Local\Citrix\ICA Client\IcaMimeFilter.dll

Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - <orphaned>

CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\Windows\SysWow64\shell32.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>

x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>

x64-Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Cliff\AppData\Roaming\Mozilla\Firefox\Profiles\zk4zkjei.default\

FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\Users\Cliff\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll

FF - plugin: C:\Users\Cliff\AppData\Roaming\Mozilla\plugins\npicaN.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll

FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

.

============= SERVICES / DRIVERS ===============

.

R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2012-7-26 45856]

R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2009-10-5 87600]

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]

R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]

R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-7-18 140672]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-12-19 240640]

R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-12-19 361984]

R2 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472]

R2 ASGT;ASGT;C:\Windows\SysWOW64\ASGT.exe [2012-1-17 55296]

R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2010-12-28 46136]

R3 IOMap;IOMap;C:\Windows\System32\drivers\IOMap64.sys [2012-10-10 23680]

R3 pbfilter;pbfilter;C:\Program Files\PeerBlock\pbfilter.sys [2010-12-28 24176]

R3 RTL85n64;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;C:\Windows\System32\drivers\RTL85n64.sys [2010-3-23 2061856]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-9-28 395264]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-11-6 96256]

S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-20 59392]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-12-29 1255736]

.

=============== File Associations ===============

.

ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS5\dreamweaver.exe", "%1"

.

=============== Created Last 30 ================

.

2013-05-24 22:08:45 9460464 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{66AE6ECC-AB3E-4480-8FAF-5FE7C5326255}\mpengine.dll

2013-05-24 03:13:42 -------- d-----w- C:\ProgramData\Licenses

2013-05-24 03:13:40 129872 ----a-w- C:\Windows\SysWow64\MSSTDFMT.DLL

2013-05-24 03:13:40 1070352 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX

2013-05-24 03:13:39 -------- d-----w- C:\Program Files (x86)\SpywareBlaster

2013-05-23 23:22:48 -------- d-sh--w- C:\$RECYCLE.BIN

2013-05-23 23:21:49 -------- d-----w- C:\Windows\ERUNT

2013-05-23 23:21:32 -------- d-----w- C:\JRT

2013-05-15 04:49:14 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys

2013-05-15 04:49:14 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys

2013-05-15 04:49:14 144384 ----a-w- C:\Windows\System32\cdd.dll

2013-05-15 04:49:04 1930752 ----a-w- C:\Windows\System32\authui.dll

2013-05-15 04:49:04 111448 ----a-w- C:\Windows\System32\consent.exe

2013-05-15 04:49:03 70144 ----a-w- C:\Windows\System32\appinfo.dll

2013-05-15 04:49:03 1796096 ----a-w- C:\Windows\SysWow64\authui.dll

2013-05-06 22:24:06 -------- d-----w- C:\Users\Cliff\AppData\Local\Aspyr

2013-05-02 06:33:20 -------- d-----w- C:\Program Files (x86)\Common Files\BioWare

2013-05-02 02:26:03 -------- d-sh--w- C:\ProgramData\DSS

.

==================== Find3M ====================

.

2013-05-21 23:14:19 45856 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys

2013-05-14 22:43:14 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-05-14 22:43:14 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-05-03 22:37:15 466520 ----a-w- C:\Windows\System32\wrap_oal.dll

2013-05-03 22:37:15 445016 ----a-w- C:\Windows\SysWow64\wrap_oal.dll

2013-05-03 22:37:15 122968 ----a-w- C:\Windows\System32\OpenAL32.dll

2013-05-03 22:37:15 109144 ----a-w- C:\Windows\SysWow64\OpenAL32.dll

2013-05-02 06:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe

2013-04-23 04:09:50 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2013-04-23 04:09:49 866720 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll

2013-04-23 04:09:49 788896 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2013-04-12 14:45:08 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2013-04-10 05:51:43 1188864 ----a-w- C:\Windows\System32\wininet.dll

2013-04-10 05:08:12 981504 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-04-10 03:30:50 3153920 ----a-w- C:\Windows\System32\win32k.sys

2013-04-04 18:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2013-03-19 06:04:06 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-03-19 05:46:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll

2013-03-19 05:04:13 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-03-19 05:04:10 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-03-19 04:47:50 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll

2013-03-19 03:06:33 112640 ----a-w- C:\Windows\System32\smss.exe

2013-02-28 12:03:52 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2013-02-28 11:38:43 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-03-30 00:01:28 3993600 ----a-w- C:\Program Files (x86)\GUTEB5F.tmp

.

============= FINISH: 18:23:38.70 ===============

Attach.txt:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 12/28/2010 3:16:38 PM

System Uptime: 5/24/2013 6:01:09 PM (0 hours ago)

.

Motherboard: Gateway | | RS780

Processor: AMD Phenom™ 9750 Quad-Core Processor | AM2 | 2400/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 917 GiB total, 337.098 GiB free.

D: is CDROM ()

E: is CDROM ()

F: is Removable

G: is Removable

H: is CDROM ()

I: is Removable

J: is FIXED (NTFS) - 931 GiB total, 419.423 GiB free.

K: is Removable

L: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID:

Description: WD SES Device USB Device

Device ID: USBSTOR\OTHER&VEN_WD&PROD_SES_DEVICE&REV_1010\575832314331323935303531&1

Manufacturer:

Name: WD SES Device USB Device

PNP Device ID: USBSTOR\OTHER&VEN_WD&PROD_SES_DEVICE&REV_1010\575832314331323935303531&1

Service:

.

Class GUID: {4d36e968-e325-11ce-bfc1-08002be10318}

Description: ATI Radeon HD 3200 Graphics

Device ID: PCI\VEN_1002&DEV_9610&SUBSYS_01551025&REV_00\4&456635&0&2808

Manufacturer: ATI Technologies Inc.

Name: ATI Radeon HD 3200 Graphics

PNP Device ID: PCI\VEN_1002&DEV_9610&SUBSYS_01551025&REV_00\4&456635&0&2808

Service: amdkmdap

.

Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318}

Description: AMD High Definition Audio Device

Device ID: HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1003\5&BE39BAB&0&0001

Manufacturer: Advanced Micro Devices

Name: AMD High Definition Audio Device

PNP Device ID: HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1003\5&BE39BAB&0&0001

Service: AtiHDAudioService

.

Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}

Description: Microsoft PS/2 Mouse

Device ID: ACPI\PNP0F03\4&2A700557&0

Manufacturer: Microsoft

Name: Microsoft PS/2 Mouse

PNP Device ID: ACPI\PNP0F03\4&2A700557&0

Service: i8042prt

.

==== System Restore Points ===================

.

RP897: 5/15/2013 12:39:47 AM - Installed DirectX

RP898: 5/15/2013 12:41:25 AM - Windows Update

RP899: 5/15/2013 3:01:23 AM - Windows Update

RP900: 5/19/2013 11:49:12 AM - Windows Backup

RP901: 5/21/2013 7:24:41 PM - Windows Update

.

==== Installed Programs ======================

.

7-Zip 9.20 (x64 edition)

Adobe AIR

Adobe Community Help

Adobe Creative Suite 5 Design Premium

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Media Player

Adobe Reader XI

Amazon MP3 Downloader 1.0.10

AMD Accelerated Video Transcoding

AMD APP SDK Runtime

AMD Catalyst Install Manager

AMD Drag and Drop Transcoding

AMD Fuel

AMD Media Foundation Decoders

AMD VISION Engine Control Center

Any Video Converter 5 5.0.3

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Aptana Studio 3

ASUS GPU Tweak

ASUS Utility

ASUS VGA Driver

AviSynth 2.5

Batman: Arkham City™

Beat Hazard

Beatport Downloader

BioShock

BIT.TRIP Presents... Runner2: Future Legend of Rhythm Alien

BitTorrent

Bonjour

Borderlands 2

Burnout™ Paradise The Ultimate Box

California Font Manager 2.4.2

Canon iP2700 series Printer Driver

Castle Crashers

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-utility64

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

CCleaner

Citrix online plug-in - web

Citrix online plug-in (DV)

Citrix online plug-in (HDX)

Citrix online plug-in (USB)

Citrix online plug-in (Web)

Citrix XenApp Web Plugin

Core FTP LE (x64)

Darksiders

DarksidersInstaller

DebugMode Wink

Devil May Cry 3 Special Edition

DEVIL MAY CRY 4

Diablo III

DiRT 2

DiRT 3

Driver Fusion

Dual-Core Optimizer

DVDFab 8.0.6.8 (05/01/2011)

EPSON Printer Software

EPSON Scan

F1 2012 Demo

Fallout 3 - Game of the Year Edition

ffdshow v1.1.3572 [2010-09-13]

FileZilla Client 3.6.0.2

FLAC 1.2.1b (remove only)

FLAC To MP3 V4.0.4

FormatFactory 2.96

Freemake Video Converter version 2.1.5

Full DVD Ripper 9 Free

GameFly

Giant Savings

GIMP 2.6.11

Google Chrome

GPL Ghostscript

Haali Media Splitter

Half-Life 2

HiJackThis

iCloud

Inkscape 0.48.2

iTunes

Jamestown: Legend of the Lost Colony

Java 7 Update 21

Java Auto Updater

Java™ 6 Update 22

Just Cause 2

League of Legends

Live 8.2

LSI PCI-SV92PP Soft Modem

Malwarebytes Anti-Malware version 1.75.0.1300

Mark of the Ninja

MediaCoder Web Video Edition 0.8.14

MediaCoder x64 0.8.15

Metro 2033

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Games for Windows - LIVE Redistributable

Microsoft Games for Windows Marketplace

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft XNA Framework Redistributable 4.0 Refresh

Microsoft_VC80_ATL_x86

Microsoft_VC80_ATL_x86_x64

Microsoft_VC80_CRT_x86

Microsoft_VC80_CRT_x86_x64

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFC_x86_x64

Microsoft_VC80_MFCLOC_x86

Microsoft_VC80_MFCLOC_x86_x64

Microsoft_VC90_ATL_x86

Microsoft_VC90_ATL_x86_x64

Microsoft_VC90_CRT_x86

Microsoft_VC90_CRT_x86_x64

Microsoft_VC90_MFC_x86

Microsoft_VC90_MFC_x86_x64

Miro Video Converter

Monaco

Mount & Blade: Warband

Mozilla Firefox 21.0 (x86 en-US)

Mozilla Maintenance Service

Mozilla Thunderbird 17.0.6 (x86 en-US)

NexusFont 2.5 (ver 2.5.8.1582)

Notepad++

NVIDIA PhysX

OpenAL

OpenOffice.org 3.3

Orbit Downloader

Pando Media Booster

PCWheel

PeerBlock 1.1 (r518)

Portal

Portal 2

PowerISO

Psychonauts

QuickTime

Rapture3D 2.3.26 Game

Red Faction: Guerrilla

Safari

Sansa Updater

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2736428)

Security Update for Microsoft .NET Framework 4 Extended (KB2742595)

Serif FontManager 2

Sonic Generations

SpywareBlaster 5.0

Stacking

Star Wars: The Force Unleashed Ultimate Sith Edition

Star Wars: The Old Republic

Steam

Super Meat Boy v1.5

SUPERAntiSpyware

Team Fortress 2

TechPowerUp GPU-Z

The Binding of Isaac

The Showdown Effect Demo

The Witcher: Enhanced Edition

Trine 2

ViewSonic Windows 7 x64 Signed Files

VLC media player 2.0.4

WampServer 2.1

Winamp

Winamp Detector Plug-in

Windows Live ID Sign-in Assistant

Windows Media Player Firefox Plugin

Windows Resource Kit Tools - SubInAcl.exe

WinRAR archiver

Wise Registry Cleaner 5.9.4

XCOM: Enemy Unknown

.

==== Event Viewer Messages From Past Week ========

.

5/24/2013 5:58:41 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

5/23/2013 10:41:42 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

5/23/2013 10:41:41 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

5/23/2013 10:41:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

5/23/2013 10:41:33 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

5/23/2013 10:41:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

5/23/2013 10:41:19 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ctxusbm discache SASDIFSV SASKUTIL SCDEmu spldr Wanarpv6

5/23/2013 10:29:49 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

5/23/2013 10:05:58 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avipbb ctxusbm discache SASDIFSV SASKUTIL SCDEmu spldr Wanarpv6

.

==== End Of File ===========================

Here is the link for the page I was following:

http://forums.malwar...pic=122651&st=0

Thank you

[D-FRED-BROWN]

Hello Megaweapon and welcome to Malwarebytes!

I am D-FRED-BROWN and I will be helping you.

Please print or save this topic. It will make it easier for you to follow the instructions and complete all of the necessary steps.

----------Step 1----------------

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!

• Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
  Vista/Windows 7 users right-click and select Run As Administrator.
  
• If TDSSKiller does not run, try renaming it.
  
• To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  
• Click the Start Scan button.
  
• Do not use the computer during the scan
  
• If the scan completes with nothing found, click Close to exit.
  
• If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  
• Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  
• A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  
• Copy and paste the contents of that file in your next reply.
  

----------Step 2----------------

Please download Malwarebytes Anti-Rootkit from HERE

• Unzip the contents to a folder in a convenient location.
  
• Open the folder where the contents were unzipped and run mbar.exe
  
• Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  
• Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  
• Wait while the system shuts down and the cleanup process is performed.
  
• Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  
• When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt
  

----------Step 3----------------

Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

***IMPORTANT: save ComboFix to your Desktop***

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.

NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.

----------Step 4----------------

Please download Security Check by screen317 from here or here.

• Save it to your Desktop.
  
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  

----------Step 5----------------

In your next reply, please include the following:

• TDSSKiller's logfile
  
• MBAR mbar-log.txt and system-log.txt
  
• ComboFix's report (C:\ComboFix.txt)
  
• Security Check checkup.txt
  

After that, please let me know: How is your computer running now? Do you have any questions or concerns you'd like me to address? Don't hesitate to ask.

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Note:

Please make sure you are subscribed to this topic: Click on the "Follow This Topic" Button (at the top right of this page), make sure that the "Receive notification" box is checked and that it is set to "Instantly"

-------> Your topic will be closed if you haven't replied within 3 days! <--------

(If I don't respond within 24 hours, please send me a PM)

-DFB

[Megaweapon]

Thank you D-FRED-BROWN! It was running fine, but the long startup worried me. I'm in safe mode now but about to go back to normal to play some games.

I do have a question. What should I use to protect my system for free?

Here are the logs:

20:07:01.0704 1284 TDSS rootkit removing tool 2.8.17.0 Apr 11 2013 11:56:34

20:07:02.0094 1284 ============================================================

20:07:02.0094 1284 Current date / time: 2013/05/25 20:07:02.0094

20:07:02.0094 1284 SystemInfo:

20:07:02.0094 1284

20:07:02.0094 1284 OS Version: 6.1.7601 ServicePack: 1.0

20:07:02.0094 1284 Product type: Workstation

20:07:02.0094 1284 ComputerName: CLIFF-PC

20:07:02.0094 1284 UserName: Cliff

20:07:02.0094 1284 Windows directory: C:\Windows

20:07:02.0094 1284 System windows directory: C:\Windows

20:07:02.0094 1284 Running under WOW64

20:07:02.0094 1284 Processor architecture: Intel x64

20:07:02.0094 1284 Number of processors: 4

20:07:02.0094 1284 Page size: 0x1000

20:07:02.0094 1284 Boot type: Safe boot with network

20:07:02.0094 1284 ============================================================

20:07:03.0092 1284 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

20:07:03.0123 1284 Drive \Device\Harddisk6\DR6 - Size: 0xE8DED00000 (931.48 Gb), SectorSize: 0x200, Cylinders: 0x1DAFD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

20:07:03.0435 1284 ============================================================

20:07:03.0435 1284 \Device\Harddisk0\DR0:

20:07:03.0435 1284 MBR partitions:

20:07:03.0435 1284 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D4C800, BlocksNum 0x729B9800

20:07:03.0435 1284 \Device\Harddisk6\DR6:

20:07:03.0700 1284 MBR partitions:

20:07:03.0700 1284 \Device\Harddisk6\DR6\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x746F6000

20:07:03.0700 1284 ============================================================

20:07:03.0716 1284 C: <-> \Device\Harddisk0\DR0\Partition1

20:07:03.0747 1284 J: <-> \Device\Harddisk6\DR6\Partition1

20:07:03.0747 1284 ============================================================

20:07:03.0747 1284 Initialize success

20:07:03.0747 1284 ============================================================

20:07:20.0689 1272 ============================================================

20:07:20.0689 1272 Scan started

20:07:20.0689 1272 Mode: Manual;

20:07:20.0689 1272 ============================================================

20:07:21.0219 1272 ================ Scan system memory ========================

20:07:21.0219 1272 System memory - ok

20:07:21.0219 1272 ================ Scan services =============================

20:07:21.0297 1272 [ 581D88B25C4D4121824FED2CA38E562F ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

20:07:21.0297 1272 !SASCORE - ok

20:07:21.0406 1272 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys

20:07:21.0406 1272 1394ohci - ok

20:07:21.0422 1272 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys

20:07:21.0422 1272 ACPI - ok

20:07:21.0500 1272 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

20:07:21.0500 1272 AcpiPmi - ok

20:07:21.0594 1272 [ B1EA9681502EE57F87DB71D726288A5B ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

20:07:21.0625 1272 AdobeARMservice - ok

20:07:21.0859 1272 [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

20:07:21.0859 1272 AdobeFlashPlayerUpdateSvc - ok

20:07:21.0921 1272 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys

20:07:21.0921 1272 adp94xx - ok

20:07:21.0952 1272 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys

20:07:21.0952 1272 adpahci - ok

20:07:21.0984 1272 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys

20:07:21.0984 1272 adpu320 - ok

20:07:22.0030 1272 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

20:07:22.0030 1272 AeLookupSvc - ok

20:07:22.0093 1272 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys

20:07:22.0093 1272 AFD - ok

20:07:22.0155 1272 [ B65F8DBA54F251906BBE8611B5A0E7AB ] AgereModemAudio C:\Program Files\LSI SoftModem\agr64svc.exe

20:07:22.0155 1272 AgereModemAudio - ok

20:07:22.0202 1272 [ A6AB6F0ACE87DA76B4C401813D18BE95 ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys

20:07:22.0218 1272 AgereSoftModem - ok

20:07:22.0249 1272 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys

20:07:22.0249 1272 agp440 - ok

20:07:22.0264 1272 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe

20:07:22.0264 1272 ALG - ok

20:07:22.0311 1272 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys

20:07:22.0311 1272 aliide - ok

20:07:22.0358 1272 [ 4EAAAAB8759644D572522FBCDD196A13 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe

20:07:22.0358 1272 AMD External Events Utility - ok

20:07:22.0420 1272 AMD FUEL Service - ok

20:07:22.0436 1272 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys

20:07:22.0436 1272 amdide - ok

20:07:22.0467 1272 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys

20:07:22.0467 1272 amdiox64 - ok

20:07:22.0530 1272 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys

20:07:22.0530 1272 AmdK8 - ok

20:07:22.0748 1272 [ 22A14DF59FB8D0BE918C597988AF4296 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys

20:07:22.0935 1272 amdkmdag - ok

20:07:23.0013 1272 [ EE22D3ED6D55A855E709F811CCCA97ED ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys

20:07:23.0013 1272 amdkmdap - ok

20:07:23.0060 1272 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys

20:07:23.0060 1272 AmdPPM - ok

20:07:23.0107 1272 [ 6EC6D772EAE38DC17C14AED9B178D24B ] amdsata C:\Windows\system32\drivers\amdsata.sys

20:07:23.0107 1272 amdsata - ok

20:07:23.0122 1272 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys

20:07:23.0138 1272 amdsbs - ok

20:07:23.0154 1272 [ 1142A21DB581A84EA5597B03A26EBAA0 ] amdxata C:\Windows\system32\drivers\amdxata.sys

20:07:23.0154 1272 amdxata - ok

20:07:23.0185 1272 [ 5A528A540B1AEE8B1C77ED65094E8CDF ] AODDriver4.2 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys

20:07:23.0216 1272 AODDriver4.2 - ok

20:07:23.0263 1272 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys

20:07:23.0263 1272 AppID - ok

20:07:23.0310 1272 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll

20:07:23.0310 1272 AppIDSvc - ok

20:07:23.0356 1272 [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo C:\Windows\System32\appinfo.dll

20:07:23.0356 1272 Appinfo - ok

20:07:23.0450 1272 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

20:07:23.0450 1272 Apple Mobile Device - ok

20:07:23.0481 1272 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys

20:07:23.0481 1272 arc - ok

20:07:23.0512 1272 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys

20:07:23.0512 1272 arcsas - ok

20:07:23.0575 1272 [ E536856E96A7605EBF580D62A868E5FE ] ASGT C:\Windows\SysWOW64\ASGT.exe

20:07:23.0575 1272 ASGT - ok

20:07:23.0715 1272 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

20:07:23.0731 1272 aspnet_state - ok

20:07:23.0762 1272 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

20:07:23.0762 1272 AsyncMac - ok

20:07:23.0793 1272 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys

20:07:23.0793 1272 atapi - ok

20:07:23.0856 1272 [ 437F55435623D4D54D36197F5AD8B435 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys

20:07:23.0856 1272 AtiHDAudioService - ok

20:07:23.0918 1272 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

20:07:23.0934 1272 AudioEndpointBuilder - ok

20:07:23.0949 1272 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll

20:07:23.0949 1272 AudioSrv - ok

20:07:23.0996 1272 [ 3B5657B6C11CDA87F664DD6F7DD0702D ] avgtp C:\Windows\system32\drivers\avgtpx64.sys

20:07:23.0996 1272 avgtp - ok

20:07:24.0043 1272 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll

20:07:24.0043 1272 AxInstSV - ok

20:07:24.0105 1272 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys

20:07:24.0105 1272 b06bdrv - ok

20:07:24.0136 1272 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

20:07:24.0136 1272 b57nd60a - ok

20:07:24.0168 1272 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll

20:07:24.0183 1272 BDESVC - ok

20:07:24.0199 1272 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys

20:07:24.0199 1272 Beep - ok

20:07:24.0246 1272 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll

20:07:24.0261 1272 BFE - ok

20:07:24.0308 1272 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll

20:07:24.0417 1272 BITS - ok

20:07:24.0448 1272 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

20:07:24.0448 1272 blbdrive - ok

20:07:24.0480 1272 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

20:07:24.0495 1272 Bonjour Service - ok

20:07:24.0558 1272 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

20:07:24.0558 1272 bowser - ok

20:07:24.0589 1272 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys

20:07:24.0589 1272 BrFiltLo - ok

20:07:24.0604 1272 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys

20:07:24.0604 1272 BrFiltUp - ok

20:07:24.0651 1272 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys

20:07:24.0667 1272 BridgeMP - ok

20:07:24.0698 1272 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll

20:07:24.0698 1272 Browser - ok

20:07:24.0714 1272 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys

20:07:24.0714 1272 Brserid - ok

20:07:24.0729 1272 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

20:07:24.0729 1272 BrSerWdm - ok

20:07:24.0760 1272 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

20:07:24.0760 1272 BrUsbMdm - ok

20:07:24.0776 1272 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

20:07:24.0776 1272 BrUsbSer - ok

20:07:24.0792 1272 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys

20:07:24.0792 1272 BTHMODEM - ok

20:07:24.0823 1272 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll

20:07:24.0823 1272 bthserv - ok

20:07:24.0823 1272 catchme - ok

20:07:24.0854 1272 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

20:07:24.0854 1272 cdfs - ok

20:07:24.0885 1272 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys

20:07:24.0885 1272 cdrom - ok

20:07:24.0932 1272 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll

20:07:24.0932 1272 CertPropSvc - ok

20:07:24.0979 1272 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys

20:07:24.0979 1272 circlass - ok

20:07:24.0995 1272 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys

20:07:25.0010 1272 CLFS - ok

20:07:25.0073 1272 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

20:07:25.0073 1272 clr_optimization_v2.0.50727_32 - ok

20:07:25.0135 1272 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

20:07:25.0135 1272 clr_optimization_v2.0.50727_64 - ok

20:07:25.0213 1272 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

20:07:25.0275 1272 clr_optimization_v4.0.30319_32 - ok

20:07:25.0307 1272 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

20:07:25.0322 1272 clr_optimization_v4.0.30319_64 - ok

20:07:25.0353 1272 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys

20:07:25.0353 1272 CmBatt - ok

20:07:25.0385 1272 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys

20:07:25.0385 1272 cmdide - ok

20:07:25.0431 1272 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys

20:07:25.0431 1272 CNG - ok

20:07:25.0447 1272 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys

20:07:25.0447 1272 Compbatt - ok

20:07:25.0478 1272 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys

20:07:25.0478 1272 CompositeBus - ok

20:07:25.0509 1272 COMSysApp - ok

20:07:25.0525 1272 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys

20:07:25.0525 1272 crcdisk - ok

20:07:25.0556 1272 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll

20:07:25.0556 1272 CryptSvc - ok

20:07:25.0603 1272 [ BA8E5B2291C01EF71CA80E25F0C79D55 ] ctxusbm C:\Windows\system32\DRIVERS\ctxusbm.sys

20:07:25.0603 1272 ctxusbm - ok

20:07:25.0650 1272 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll

20:07:25.0665 1272 DcomLaunch - ok

20:07:25.0712 1272 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll

20:07:25.0712 1272 defragsvc - ok

20:07:25.0743 1272 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

20:07:25.0743 1272 DfsC - ok

20:07:25.0759 1272 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll

20:07:25.0775 1272 Dhcp - ok

20:07:25.0806 1272 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys

20:07:25.0806 1272 discache - ok

20:07:25.0821 1272 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys

20:07:25.0821 1272 Disk - ok

20:07:25.0868 1272 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll

20:07:25.0868 1272 Dnscache - ok

20:07:25.0899 1272 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll

20:07:25.0915 1272 dot3svc - ok

20:07:25.0946 1272 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll

20:07:25.0946 1272 DPS - ok

20:07:25.0993 1272 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

20:07:25.0993 1272 drmkaud - ok

20:07:26.0055 1272 [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

20:07:26.0071 1272 DXGKrnl - ok

20:07:26.0102 1272 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll

20:07:26.0102 1272 EapHost - ok

20:07:26.0180 1272 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys

20:07:26.0211 1272 ebdrv - ok

20:07:26.0243 1272 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe

20:07:26.0243 1272 EFS - ok

20:07:26.0321 1272 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

20:07:26.0321 1272 ehRecvr - ok

20:07:26.0367 1272 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe

20:07:26.0367 1272 ehSched - ok

20:07:26.0414 1272 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys

20:07:26.0430 1272 elxstor - ok

20:07:26.0508 1272 [ 1E345F2A2D95DA3190596E691CDE9342 ] EPSON_PM_RPCV4_01 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE

20:07:26.0508 1272 EPSON_PM_RPCV4_01 - ok

20:07:26.0555 1272 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys

20:07:26.0555 1272 ErrDev - ok

20:07:26.0633 1272 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll

20:07:26.0633 1272 EventSystem - ok

20:07:26.0648 1272 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys

20:07:26.0648 1272 exfat - ok

20:07:26.0695 1272 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys

20:07:26.0695 1272 fastfat - ok

20:07:26.0742 1272 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe

20:07:26.0757 1272 Fax - ok

20:07:26.0773 1272 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys

20:07:26.0789 1272 fdc - ok

20:07:26.0804 1272 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll

20:07:26.0820 1272 fdPHost - ok

20:07:26.0867 1272 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll

20:07:26.0867 1272 FDResPub - ok

20:07:26.0898 1272 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

20:07:26.0898 1272 FileInfo - ok

20:07:26.0929 1272 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

20:07:26.0929 1272 Filetrace - ok

20:07:26.0945 1272 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys

20:07:26.0945 1272 flpydisk - ok

20:07:26.0976 1272 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

20:07:26.0976 1272 FltMgr - ok

20:07:27.0023 1272 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll

20:07:27.0038 1272 FontCache - ok

20:07:27.0085 1272 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

20:07:27.0085 1272 FontCache3.0.0.0 - ok

20:07:27.0132 1272 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

20:07:27.0132 1272 FsDepends - ok

20:07:27.0163 1272 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

20:07:27.0163 1272 Fs_Rec - ok

20:07:27.0225 1272 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

20:07:27.0225 1272 fvevol - ok

20:07:27.0272 1272 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys

20:07:27.0272 1272 gagp30kx - ok

20:07:27.0319 1272 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

20:07:27.0319 1272 GEARAspiWDM - ok

20:07:27.0366 1272 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll

20:07:27.0381 1272 gpsvc - ok

20:07:27.0397 1272 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

20:07:27.0413 1272 hcw85cir - ok

20:07:27.0428 1272 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

20:07:27.0444 1272 HdAudAddService - ok

20:07:27.0491 1272 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys

20:07:27.0491 1272 HDAudBus - ok

20:07:27.0522 1272 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys

20:07:27.0522 1272 HidBatt - ok

20:07:27.0537 1272 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys

20:07:27.0537 1272 HidBth - ok

20:07:27.0553 1272 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys

20:07:27.0553 1272 HidIr - ok

20:07:27.0600 1272 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll

20:07:27.0600 1272 hidserv - ok

20:07:27.0647 1272 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

20:07:27.0647 1272 HidUsb - ok

20:07:27.0678 1272 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll

20:07:27.0678 1272 hkmsvc - ok

20:07:27.0725 1272 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll

20:07:27.0725 1272 HomeGroupListener - ok

20:07:27.0771 1272 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

20:07:27.0771 1272 HomeGroupProvider - ok

20:07:27.0803 1272 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys

20:07:27.0803 1272 HpSAMD - ok

20:07:27.0849 1272 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys

20:07:27.0849 1272 HTTP - ok

20:07:27.0865 1272 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

20:07:27.0865 1272 hwpolicy - ok

20:07:27.0912 1272 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys

20:07:27.0912 1272 i8042prt - ok

20:07:27.0959 1272 [ 1D004CB1DA6323B1F55CAEF7F94B61D9 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys

20:07:27.0959 1272 iaStor - ok

20:07:28.0005 1272 [ 3DF4395A7CF8B7A72A5F4606366B8C2D ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

20:07:28.0021 1272 iaStorV - ok

20:07:28.0099 1272 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

20:07:28.0099 1272 IDriverT - ok

20:07:28.0177 1272 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

20:07:28.0177 1272 idsvc - ok

20:07:28.0224 1272 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys

20:07:28.0224 1272 iirsp - ok

20:07:28.0271 1272 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll

20:07:28.0286 1272 IKEEXT - ok

20:07:28.0302 1272 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys

20:07:28.0302 1272 intelide - ok

20:07:28.0333 1272 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

20:07:28.0333 1272 intelppm - ok

20:07:28.0395 1272 [ A01C412699B6F21645B2885C2BAE4454 ] IOMap C:\Windows\system32\drivers\IOMap64.sys

20:07:28.0395 1272 IOMap - ok

20:07:28.0442 1272 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll

20:07:28.0442 1272 IPBusEnum - ok

20:07:28.0489 1272 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

20:07:28.0489 1272 IpFilterDriver - ok

20:07:28.0536 1272 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

20:07:28.0536 1272 iphlpsvc - ok

20:07:28.0583 1272 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys

20:07:28.0583 1272 IPMIDRV - ok

20:07:28.0629 1272 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys

20:07:28.0629 1272 IPNAT - ok

20:07:28.0707 1272 [ 0F261EC4F514926177C70C1832374231 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

20:07:28.0707 1272 iPod Service - ok

20:07:28.0723 1272 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

20:07:28.0723 1272 IRENUM - ok

20:07:28.0754 1272 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys

20:07:28.0754 1272 isapnp - ok

20:07:28.0817 1272 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys

20:07:28.0817 1272 iScsiPrt - ok

20:07:28.0848 1272 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys

20:07:28.0848 1272 kbdclass - ok

20:07:28.0863 1272 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys

20:07:28.0863 1272 kbdhid - ok

20:07:28.0879 1272 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe

20:07:28.0879 1272 KeyIso - ok

20:07:28.0910 1272 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

20:07:28.0926 1272 KSecDD - ok

20:07:28.0941 1272 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

20:07:28.0941 1272 KSecPkg - ok

20:07:29.0004 1272 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

20:07:29.0004 1272 ksthunk - ok

20:07:29.0051 1272 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll

20:07:29.0051 1272 KtmRm - ok

20:07:29.0097 1272 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll

20:07:29.0097 1272 LanmanServer - ok

20:07:29.0144 1272 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

20:07:29.0144 1272 LanmanWorkstation - ok

20:07:29.0160 1272 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

20:07:29.0160 1272 lltdio - ok

20:07:29.0175 1272 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll

20:07:29.0191 1272 lltdsvc - ok

20:07:29.0191 1272 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll

20:07:29.0191 1272 lmhosts - ok

20:07:29.0253 1272 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys

20:07:29.0253 1272 LSI_FC - ok

20:07:29.0269 1272 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys

20:07:29.0269 1272 LSI_SAS - ok

20:07:29.0316 1272 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys

20:07:29.0316 1272 LSI_SAS2 - ok

20:07:29.0331 1272 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys

20:07:29.0331 1272 LSI_SCSI - ok

20:07:29.0363 1272 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys

20:07:29.0363 1272 luafv - ok

20:07:29.0409 1272 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

20:07:29.0409 1272 Mcx2Svc - ok

20:07:29.0425 1272 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys

20:07:29.0425 1272 megasas - ok

20:07:29.0425 1272 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys

20:07:29.0441 1272 MegaSR - ok

20:07:29.0472 1272 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll

20:07:29.0487 1272 MMCSS - ok

20:07:29.0519 1272 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys

20:07:29.0519 1272 Modem - ok

20:07:29.0565 1272 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys

20:07:29.0565 1272 monitor - ok

20:07:29.0597 1272 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

20:07:29.0597 1272 mouclass - ok

20:07:29.0612 1272 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

20:07:29.0612 1272 mouhid - ok

20:07:29.0643 1272 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

20:07:29.0643 1272 mountmgr - ok

20:07:29.0675 1272 [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

20:07:29.0675 1272 MozillaMaintenance - ok

20:07:29.0721 1272 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys

20:07:29.0721 1272 mpio - ok

20:07:29.0753 1272 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

20:07:29.0753 1272 mpsdrv - ok

20:07:29.0924 1272 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll

20:07:29.0955 1272 MpsSvc - ok

20:07:30.0033 1272 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

20:07:30.0033 1272 MRxDAV - ok

20:07:30.0080 1272 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

20:07:30.0096 1272 mrxsmb - ok

20:07:30.0189 1272 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

20:07:30.0221 1272 mrxsmb10 - ok

20:07:30.0236 1272 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

20:07:30.0267 1272 mrxsmb20 - ok

20:07:30.0314 1272 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys

20:07:30.0330 1272 msahci - ok

20:07:30.0377 1272 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys

20:07:30.0377 1272 msdsm - ok

20:07:30.0455 1272 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe

20:07:30.0470 1272 MSDTC - ok

20:07:30.0517 1272 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys

20:07:30.0533 1272 Msfs - ok

20:07:30.0548 1272 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

20:07:30.0564 1272 mshidkmdf - ok

20:07:30.0642 1272 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

20:07:30.0657 1272 msisadrv - ok

20:07:30.0720 1272 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

20:07:30.0751 1272 MSiSCSI - ok

20:07:30.0751 1272 msiserver - ok

20:07:30.0798 1272 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

20:07:30.0798 1272 MSKSSRV - ok

20:07:30.0813 1272 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

20:07:30.0829 1272 MSPCLOCK - ok

20:07:30.0860 1272 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

20:07:30.0860 1272 MSPQM - ok

20:07:30.0907 1272 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

20:07:30.0923 1272 MsRPC - ok

20:07:30.0954 1272 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys

20:07:30.0954 1272 mssmbios - ok

20:07:30.0969 1272 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

20:07:30.0969 1272 MSTEE - ok

20:07:30.0985 1272 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys

20:07:30.0985 1272 MTConfig - ok

20:07:30.0985 1272 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys

20:07:30.0985 1272 Mup - ok

20:07:31.0047 1272 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll

20:07:31.0047 1272 napagent - ok

20:07:31.0094 1272 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

20:07:31.0110 1272 NativeWifiP - ok

20:07:31.0125 1272 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys

20:07:31.0141 1272 NDIS - ok

20:07:31.0172 1272 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

20:07:31.0172 1272 NdisCap - ok

20:07:31.0188 1272 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

20:07:31.0188 1272 NdisTapi - ok

20:07:31.0235 1272 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

20:07:31.0250 1272 Ndisuio - ok

20:07:31.0281 1272 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

20:07:31.0281 1272 NdisWan - ok

20:07:31.0313 1272 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

20:07:31.0313 1272 NDProxy - ok

20:07:31.0375 1272 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

20:07:31.0375 1272 NetBIOS - ok

20:07:31.0406 1272 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

20:07:31.0422 1272 NetBT - ok

20:07:31.0422 1272 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe

20:07:31.0422 1272 Netlogon - ok

20:07:31.0469 1272 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll

20:07:31.0469 1272 Netman - ok

20:07:31.0515 1272 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

20:07:31.0578 1272 NetMsmqActivator - ok

20:07:31.0578 1272 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

20:07:31.0578 1272 NetPipeActivator - ok

20:07:31.0609 1272 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll

20:07:31.0609 1272 netprofm - ok

20:07:31.0609 1272 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

20:07:31.0609 1272 NetTcpActivator - ok

20:07:31.0625 1272 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

20:07:31.0625 1272 NetTcpPortSharing - ok

20:07:31.0656 1272 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys

20:07:31.0656 1272 nfrd960 - ok

20:07:31.0703 1272 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll

20:07:31.0703 1272 NlaSvc - ok

20:07:31.0718 1272 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys

20:07:31.0718 1272 Npfs - ok

20:07:31.0781 1272 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll

20:07:31.0781 1272 nsi - ok

20:07:31.0796 1272 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

20:07:31.0796 1272 nsiproxy - ok

20:07:31.0859 1272 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

20:07:31.0890 1272 Ntfs - ok

20:07:31.0937 1272 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys

20:07:31.0937 1272 Null - ok

20:07:31.0983 1272 [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48 ] nvraid C:\Windows\system32\drivers\nvraid.sys

20:07:31.0983 1272 nvraid - ok

20:07:32.0030 1272 [ F7CD50FE7139F07E77DA8AC8033D1832 ] nvstor C:\Windows\system32\drivers\nvstor.sys

20:07:32.0046 1272 nvstor - ok

20:07:32.0139 1272 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

20:07:32.0139 1272 nv_agp - ok

20:07:32.0233 1272 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

20:07:32.0249 1272 ohci1394 - ok

20:07:32.0295 1272 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

20:07:32.0295 1272 p2pimsvc - ok

20:07:32.0311 1272 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll

20:07:32.0327 1272 p2psvc - ok

20:07:32.0373 1272 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys

20:07:32.0373 1272 Parport - ok

20:07:32.0389 1272 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys

20:07:32.0389 1272 partmgr - ok

20:07:32.0405 1272 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll

20:07:32.0405 1272 PcaSvc - ok

20:07:32.0436 1272 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys

20:07:32.0451 1272 pci - ok

20:07:32.0483 1272 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys

20:07:32.0483 1272 pciide - ok

20:07:32.0498 1272 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys

20:07:32.0498 1272 pcmcia - ok

20:07:32.0514 1272 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys

20:07:32.0514 1272 pcw - ok

20:07:32.0561 1272 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys

20:07:32.0561 1272 PEAUTH - ok

20:07:32.0654 1272 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe

20:07:32.0654 1272 PerfHost - ok

20:07:32.0732 1272 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll

20:07:32.0748 1272 pla - ok

20:07:32.0795 1272 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

20:07:32.0795 1272 PlugPlay - ok

20:07:32.0810 1272 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

20:07:32.0810 1272 PNRPAutoReg - ok

20:07:32.0826 1272 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

20:07:32.0826 1272 PNRPsvc - ok

20:07:32.0857 1272 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

20:07:32.0857 1272 PolicyAgent - ok

20:07:32.0904 1272 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll

20:07:32.0904 1272 Power - ok

20:07:32.0951 1272 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

20:07:32.0951 1272 PptpMiniport - ok

20:07:32.0966 1272 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys

20:07:32.0966 1272 Processor - ok

20:07:32.0997 1272 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\Windows\system32\profsvc.dll

20:07:32.0997 1272 ProfSvc - ok

20:07:33.0013 1272 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe

20:07:33.0013 1272 ProtectedStorage - ok

20:07:33.0060 1272 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys

20:07:33.0060 1272 Psched - ok

20:07:33.0107 1272 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys

20:07:33.0138 1272 ql2300 - ok

20:07:33.0138 1272 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys

20:07:33.0138 1272 ql40xx - ok

20:07:33.0185 1272 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll

20:07:33.0185 1272 QWAVE - ok

20:07:33.0200 1272 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

20:07:33.0200 1272 QWAVEdrv - ok

20:07:33.0216 1272 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

20:07:33.0216 1272 RasAcd - ok

20:07:33.0247 1272 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

20:07:33.0247 1272 RasAgileVpn - ok

20:07:33.0263 1272 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll

20:07:33.0263 1272 RasAuto - ok

20:07:33.0309 1272 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

20:07:33.0309 1272 Rasl2tp - ok

20:07:33.0341 1272 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll

20:07:33.0341 1272 RasMan - ok

20:07:33.0403 1272 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

20:07:33.0403 1272 RasPppoe - ok

20:07:33.0419 1272 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

20:07:33.0419 1272 RasSstp - ok

20:07:33.0465 1272 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

20:07:33.0465 1272 rdbss - ok

20:07:33.0497 1272 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys

20:07:33.0497 1272 rdpbus - ok

20:07:33.0512 1272 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

20:07:33.0512 1272 RDPCDD - ok

20:07:33.0528 1272 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

20:07:33.0528 1272 RDPENCDD - ok

20:07:33.0528 1272 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

20:07:33.0528 1272 RDPREFMP - ok

20:07:33.0575 1272 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

20:07:33.0575 1272 RDPWD - ok

20:07:33.0621 1272 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

20:07:33.0621 1272 rdyboost - ok

20:07:33.0668 1272 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll

20:07:33.0668 1272 RemoteAccess - ok

20:07:33.0715 1272 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll

20:07:33.0715 1272 RemoteRegistry - ok

20:07:33.0746 1272 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

20:07:33.0746 1272 RpcEptMapper - ok

20:07:33.0762 1272 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe

20:07:33.0762 1272 RpcLocator - ok

20:07:33.0809 1272 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\System32\rpcss.dll

20:07:33.0809 1272 RpcSs - ok

20:07:33.0855 1272 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

20:07:33.0855 1272 rspndr - ok

20:07:33.0933 1272 [ CFBABCC8E8B72F9D1693FF583A09C79B ] RTL85n64 C:\Windows\system32\DRIVERS\RTL85n64.sys

20:07:33.0949 1272 RTL85n64 - ok

20:07:33.0965 1272 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe

20:07:33.0965 1272 SamSs - ok

20:07:33.0980 1272 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS

20:07:33.0980 1272 SASDIFSV - ok

20:07:33.0996 1272 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS

20:07:33.0996 1272 SASKUTIL - ok

20:07:34.0043 1272 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

20:07:34.0043 1272 sbp2port - ok

20:07:34.0089 1272 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll

20:07:34.0089 1272 SCardSvr - ok

20:07:34.0136 1272 [ 6CE6F98EA3D07A9C2CE3CD0A5A86352D ] SCDEmu C:\Windows\system32\drivers\SCDEmu.sys

20:07:34.0136 1272 SCDEmu - ok

20:07:34.0183 1272 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

20:07:34.0183 1272 scfilter - ok

20:07:34.0230 1272 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll

20:07:34.0245 1272 Schedule - ok

20:07:34.0292 1272 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll

20:07:34.0292 1272 SCPolicySvc - ok

20:07:34.0339 1272 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll

20:07:34.0339 1272 SDRSVC - ok

20:07:34.0401 1272 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys

20:07:34.0401 1272 secdrv - ok

20:07:34.0433 1272 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll

20:07:34.0448 1272 seclogon - ok

20:07:34.0479 1272 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll

20:07:34.0479 1272 SENS - ok

20:07:34.0495 1272 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll

20:07:34.0495 1272 SensrSvc - ok

20:07:34.0511 1272 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys

20:07:34.0511 1272 Serenum - ok

20:07:34.0526 1272 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys

20:07:34.0526 1272 Serial - ok

20:07:34.0557 1272 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys

20:07:34.0557 1272 sermouse - ok

20:07:34.0620 1272 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll

20:07:34.0620 1272 SessionEnv - ok

20:07:34.0667 1272 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

20:07:34.0667 1272 sffdisk - ok

20:07:34.0682 1272 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

20:07:34.0682 1272 sffp_mmc - ok

20:07:34.0698 1272 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

20:07:34.0698 1272 sffp_sd - ok

20:07:34.0729 1272 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys

20:07:34.0729 1272 sfloppy - ok

20:07:34.0776 1272 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll

20:07:34.0791 1272 SharedAccess - ok

20:07:34.0838 1272 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll

20:07:34.0854 1272 ShellHWDetection - ok

20:07:34.0869 1272 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys

20:07:34.0869 1272 SiSRaid2 - ok

20:07:34.0885 1272 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys

20:07:34.0885 1272 SiSRaid4 - ok

20:07:34.0901 1272 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys

20:07:34.0901 1272 Smb - ok

20:07:34.0963 1272 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe

20:07:34.0963 1272 SNMPTRAP - ok

20:07:34.0963 1272 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys

20:07:34.0963 1272 spldr - ok

20:07:35.0025 1272 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe

20:07:35.0041 1272 Spooler - ok

20:07:35.0135 1272 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe

20:07:35.0166 1272 sppsvc - ok

20:07:35.0213 1272 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll

20:07:35.0213 1272 sppuinotify - ok

20:07:35.0244 1272 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys

20:07:35.0244 1272 srv - ok

20:07:35.0259 1272 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

20:07:35.0275 1272 srv2 - ok

20:07:35.0291 1272 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

20:07:35.0291 1272 srvnet - ok

20:07:35.0322 1272 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

20:07:35.0322 1272 SSDPSRV - ok

20:07:35.0353 1272 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll

20:07:35.0369 1272 SstpSvc - ok

20:07:35.0431 1272 Steam Client Service - ok

20:07:35.0478 1272 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys

20:07:35.0478 1272 stexstor - ok

20:07:35.0525 1272 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll

20:07:35.0525 1272 stisvc - ok

20:07:35.0556 1272 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys

20:07:35.0571 1272 swenum - ok

20:07:35.0665 1272 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

20:07:35.0665 1272 SwitchBoard - ok

20:07:35.0712 1272 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll

20:07:35.0712 1272 swprv - ok

20:07:35.0774 1272 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll

20:07:35.0805 1272 SysMain - ok

20:07:35.0837 1272 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll

20:07:35.0837 1272 TabletInputService - ok

20:07:35.0852 1272 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll

20:07:35.0868 1272 TapiSrv - ok

20:07:35.0883 1272 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll

20:07:35.0883 1272 TBS - ok

20:07:35.0961 1272 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys

20:07:35.0977 1272 Tcpip - ok

20:07:35.0993 1272 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

20:07:36.0008 1272 TCPIP6 - ok

20:07:36.0055 1272 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

20:07:36.0055 1272 tcpipreg - ok

20:07:36.0102 1272 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

20:07:36.0102 1272 TDPIPE - ok

20:07:36.0133 1272 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

20:07:36.0133 1272 TDTCP - ok

20:07:36.0164 1272 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

20:07:36.0180 1272 tdx - ok

20:07:36.0227 1272 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys

20:07:36.0242 1272 TermDD - ok

20:07:36.0289 1272 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll

20:07:36.0305 1272 TermService - ok

20:07:36.0351 1272 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll

20:07:36.0351 1272 Themes - ok

20:07:36.0398 1272 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll

20:07:36.0398 1272 THREADORDER - ok

20:07:36.0414 1272 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll

20:07:36.0414 1272 TrkWks - ok

20:07:36.0461 1272 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

20:07:36.0461 1272 TrustedInstaller - ok

20:07:36.0507 1272 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

20:07:36.0507 1272 tssecsrv - ok

20:07:36.0570 1272 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys

20:07:36.0570 1272 TsUsbFlt - ok

20:07:36.0601 1272 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

20:07:36.0601 1272 tunnel - ok

20:07:36.0648 1272 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys

20:07:36.0648 1272 uagp35 - ok

20:07:36.0679 1272 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

20:07:36.0695 1272 udfs - ok

20:07:36.0741 1272 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe

20:07:36.0741 1272 UI0Detect - ok

20:07:36.0788 1272 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

20:07:36.0788 1272 uliagpkx - ok

20:07:36.0819 1272 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys

20:07:36.0835 1272 umbus - ok

20:07:36.0835 1272 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys

20:07:36.0835 1272 UmPass - ok

20:07:36.0897 1272 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll

20:07:36.0913 1272 upnphost - ok

20:07:36.0929 1272 [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys

20:07:36.0929 1272 USBAAPL64 - ok

20:07:36.0975 1272 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys

20:07:36.0975 1272 usbaudio - ok

20:07:36.0991 1272 [ 481DFF26B4DCA8F4CBAC1F7DCE1D6829 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

20:07:36.0991 1272 usbccgp - ok

20:07:37.0007 1272 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys

20:07:37.0007 1272 usbcir - ok

20:07:37.0038 1272 [ 74EE782B1D9C241EFE425565854C661C ] usbehci C:\Windows\system32\drivers\usbehci.sys

20:07:37.0038 1272 usbehci - ok

20:07:37.0069 1272 [ DC96BD9CCB8403251BCF25047573558E ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

20:07:37.0069 1272 usbhub - ok

20:07:37.0085 1272 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\drivers\usbohci.sys

20:07:37.0085 1272 usbohci - ok

20:07:37.0116 1272 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

20:07:37.0116 1272 usbprint - ok

20:07:37.0163 1272 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys

20:07:37.0163 1272 usbscan - ok

20:07:37.0209 1272 [ D76510CFA0FC09023077F22C2F979D86 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

20:07:37.0209 1272 USBSTOR - ok

20:07:37.0225 1272 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys

20:07:37.0225 1272 usbuhci - ok

20:07:37.0256 1272 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll

20:07:37.0272 1272 UxSms - ok

20:07:37.0287 1272 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe

20:07:37.0303 1272 VaultSvc - ok

20:07:37.0365 1272 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys

20:07:37.0365 1272 vdrvroot - ok

20:07:37.0428 1272 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe

20:07:37.0443 1272 vds - ok

20:07:37.0459 1272 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

20:07:37.0475 1272 vga - ok

20:07:37.0475 1272 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys

20:07:37.0475 1272 VgaSave - ok

20:07:37.0490 1272 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys

20:07:37.0506 1272 vhdmp - ok

20:07:37.0506 1272 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys

20:07:37.0521 1272 viaide - ok

20:07:37.0537 1272 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys

20:07:37.0537 1272 volmgr - ok

20:07:37.0568 1272 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

20:07:37.0568 1272 volmgrx - ok

20:07:37.0584 1272 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys

20:07:37.0599 1272 volsnap - ok

20:07:37.0615 1272 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys

20:07:37.0615 1272 vsmraid - ok

20:07:37.0693 1272 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe

20:07:37.0709 1272 VSS - ok

20:07:37.0740 1272 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys

20:07:37.0740 1272 vwifibus - ok

20:07:37.0802 1272 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll

20:07:37.0802 1272 W32Time - ok

20:07:37.0833 1272 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys

20:07:37.0833 1272 WacomPen - ok

20:07:37.0974 1272 [ D70A492306861004A0DB1024CE634837 ] wampapache c:\wamp\bin\apache\apache2.2.17\bin\httpd.exe

20:07:37.0989 1272 wampapache - ok

20:07:38.0036 1272 wampmysqld - ok

20:07:38.0067 1272 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

20:07:38.0083 1272 WANARP - ok

20:07:38.0083 1272 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

20:07:38.0083 1272 Wanarpv6 - ok

20:07:38.0145 1272 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

20:07:38.0161 1272 WatAdminSvc - ok

20:07:38.0223 1272 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe

20:07:38.0239 1272 wbengine - ok

20:07:38.0270 1272 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

20:07:38.0270 1272 WbioSrvc - ok

20:07:38.0333 1272 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll

20:07:38.0348 1272 wcncsvc - ok

20:07:38.0348 1272 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

20:07:38.0348 1272 WcsPlugInService - ok

20:07:38.0395 1272 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys

20:07:38.0395 1272 Wd - ok

20:07:38.0411 1272 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

20:07:38.0426 1272 Wdf01000 - ok

20:07:38.0426 1272 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll

20:07:38.0426 1272 WdiServiceHost - ok

20:07:38.0457 1272 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll

20:07:38.0457 1272 WdiSystemHost - ok

20:07:38.0489 1272 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll

20:07:38.0504 1272 WebClient - ok

20:07:38.0551 1272 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll

20:07:38.0551 1272 Wecsvc - ok

20:07:38.0567 1272 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll

20:07:38.0567 1272 wercplsupport - ok

20:07:38.0582 1272 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll

20:07:38.0582 1272 WerSvc - ok

20:07:38.0629 1272 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

20:07:38.0629 1272 WfpLwf - ok

20:07:38.0645 1272 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys

20:07:38.0645 1272 WIMMount - ok

20:07:38.0691 1272 WinDefend - ok

20:07:38.0723 1272 WinHttpAutoProxySvc - ok

20:07:38.0785 1272 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

20:07:38.0785 1272 Winmgmt - ok

20:07:38.0863 1272 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll

20:07:38.0879 1272 WinRM - ok

20:07:38.0941 1272 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys

20:07:38.0941 1272 WinUsb - ok

20:07:39.0003 1272 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll

20:07:39.0019 1272 Wlansvc - ok

20:07:39.0159 1272 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

20:07:39.0175 1272 wlidsvc - ok

20:07:39.0222 1272 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys

20:07:39.0222 1272 WmiAcpi - ok

20:07:39.0269 1272 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

20:07:39.0269 1272 wmiApSrv - ok

20:07:39.0300 1272 WMPNetworkSvc - ok

20:07:39.0331 1272 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll

20:07:39.0331 1272 WPCSvc - ok

20:07:39.0378 1272 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

20:07:39.0378 1272 WPDBusEnum - ok

20:07:39.0425 1272 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

20:07:39.0425 1272 ws2ifsl - ok

20:07:39.0456 1272 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll

20:07:39.0456 1272 wscsvc - ok

20:07:39.0471 1272 WSearch - ok

20:07:39.0549 1272 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll

20:07:39.0565 1272 wuauserv - ok

20:07:39.0581 1272 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

20:07:39.0581 1272 WudfPf - ok

20:07:39.0659 1272 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

20:07:39.0659 1272 WUDFRd - ok

20:07:39.0705 1272 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

20:07:39.0705 1272 wudfsvc - ok

20:07:39.0752 1272 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll

20:07:39.0815 1272 WwanSvc - ok

20:07:39.0861 1272 [ 4A5CE13408945E525503B5F73D29B9C5 ] xnacc C:\Windows\system32\DRIVERS\xnacc.sys

20:07:39.0861 1272 xnacc - ok

20:07:39.0877 1272 [ 2EE48CFCE7CA8E0DB4C44C7476C0943B ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys

20:07:39.0877 1272 xusb21 - ok

20:07:39.0939 1272 [ 64F88AF327AA74E03658AE32B48CCB8B ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys

20:07:39.0939 1272 yukonw7 - ok

20:07:39.0955 1272 ================ Scan global ===============================

20:07:40.0017 1272 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll

20:07:40.0064 1272 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll

20:07:40.0064 1272 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll

20:07:40.0111 1272 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll

20:07:40.0127 1272 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe

20:07:40.0127 1272 [Global] - ok

20:07:40.0127 1272 ================ Scan MBR ==================================

20:07:40.0158 1272 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0

20:07:40.0298 1272 \Device\Harddisk0\DR0 - ok

20:07:40.0314 1272 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk6\DR6

20:07:40.0314 1272 \Device\Harddisk6\DR6 - ok

20:07:40.0314 1272 ================ Scan VBR ==================================

20:07:40.0314 1272 [ BE8ACCF99A71914D85C02BF0ADF93D22 ] \Device\Harddisk0\DR0\Partition1

20:07:40.0314 1272 \Device\Harddisk0\DR0\Partition1 - ok

20:07:40.0345 1272 [ 88D4D6BF121381C1CFEA1B29A66B31E5 ] \Device\Harddisk6\DR6\Partition1

20:07:40.0345 1272 \Device\Harddisk6\DR6\Partition1 - ok

20:07:40.0345 1272 ============================================================

20:07:40.0345 1272 Scan finished

20:07:40.0345 1272 ============================================================

20:07:40.0345 1068 Detected object count: 0

20:07:40.0345 1068 Actual detected object count: 0

20:09:54.0662 1320 Deinitialize success

Malwarebytes Anti-Rootkit BETA 1.06.0.1003

www.malwarebytes.org

Database version: v2013.05.25.09

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)

Internet Explorer 8.0.7601.17514

Cliff :: CLIFF-PC [administrator]

5/25/2013 8:11:07 PM

mbar-log-2013-05-25 (20-11-07).txt

Scan type: Quick scan

Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P

Scan options disabled: Deep Anti-Rootkit Scan | PUP

Objects scanned: 259591

Time elapsed: 14 minute(s), 16 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

Physical Sectors Detected: 0

(No malicious items detected)

(end)

[Megaweapon]

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.06.0.1003

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

System is currently in a safe mode

Account is Administrative

Internet Explorer version: 8.0.7601.17514

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, J:\ DRIVE_FIXED

CPU speed: 2.399000 GHz

Memory total: 8320638976, free: 7286341632

Downloaded database version: v2013.05.25.09

Downloaded database version: v2013.05.22.01

Initializing...

------------ Kernel report ------------

05/25/2013 20:11:01

------------ Loaded modules -----------

\SystemRoot\system32\ntoskrnl.exe

\SystemRoot\system32\hal.dll

\SystemRoot\system32\kdcom.dll

\SystemRoot\system32\mcupdate_AuthenticAMD.dll

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\CLFS.SYS

\SystemRoot\system32\CI.dll

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\system32\drivers\ACPI.sys

\SystemRoot\system32\drivers\WMILIB.SYS

\SystemRoot\system32\drivers\msisadrv.sys

\SystemRoot\system32\drivers\pci.sys

\SystemRoot\system32\drivers\vdrvroot.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\system32\drivers\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\system32\drivers\pciide.sys

\SystemRoot\system32\drivers\PCIIDEX.SYS

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\system32\drivers\atapi.sys

\SystemRoot\system32\drivers\ataport.SYS

\SystemRoot\system32\drivers\amdxata.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\system32\drivers\fileinfo.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\msrpc.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\drivers\volsnap.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\hwpolicy.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\system32\DRIVERS\disk.sys

\SystemRoot\system32\DRIVERS\CLASSPNP.SYS

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\??\C:\Windows\system32\drivers\avgtpx64.sys

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\system32\drivers\rdpencdd.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\drivers\ws2ifsl.sys

\SystemRoot\system32\DRIVERS\wfplwf.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\system32\DRIVERS\HDAudBus.sys

\SystemRoot\system32\DRIVERS\yk62x64.sys

\SystemRoot\system32\drivers\1394ohci.sys

\SystemRoot\system32\drivers\cdrom.sys

\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

\SystemRoot\system32\drivers\usbohci.sys

\SystemRoot\system32\drivers\USBPORT.SYS

\SystemRoot\system32\drivers\usbehci.sys

\SystemRoot\system32\drivers\i8042prt.sys

\SystemRoot\system32\drivers\kbdclass.sys

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\DRIVERS\RTL85n64.sys

\SystemRoot\system32\drivers\wmiacpi.sys

\SystemRoot\system32\DRIVERS\blbdrive.sys

\SystemRoot\system32\drivers\CompositeBus.sys

\SystemRoot\system32\drivers\mssmbios.sys

\SystemRoot\system32\DRIVERS\AgileVpn.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\drivers\termdd.sys

\SystemRoot\system32\drivers\swenum.sys

\SystemRoot\system32\drivers\ks.sys

\SystemRoot\system32\DRIVERS\amdiox64.sys

\SystemRoot\system32\drivers\umbus.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\System32\drivers\dxg.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\System32\framebuf.dll

\SystemRoot\System32\ATMFD.DLL

\SystemRoot\system32\drivers\WudfPf.sys

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\DRIVERS\USBSTOR.SYS

\SystemRoot\system32\DRIVERS\hidusb.sys

\SystemRoot\system32\DRIVERS\HIDCLASS.SYS

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\SystemRoot\system32\DRIVERS\nwifi.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\mouhid.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\System32\drivers\mpsdrv.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\SystemRoot\system32\DRIVERS\cdfs.sys

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\Drivers\dump_dumpata.sys

\SystemRoot\System32\Drivers\dump_atapi.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\??\C:\Windows\system32\drivers\mbamchameleon.sys

\??\C:\Windows\system32\drivers\mbamswissarmy.sys

\Windows\System32\ntdll.dll

\Windows\System32\smss.exe

\Windows\System32\apisetschema.dll

\Windows\System32\autochk.exe

\Windows\System32\normaliz.dll

\Windows\System32\nsi.dll

\Windows\System32\imm32.dll

\Windows\System32\Wldap32.dll

\Windows\System32\urlmon.dll

\Windows\System32\kernel32.dll

\Windows\System32\setupapi.dll

\Windows\System32\sechost.dll

\Windows\System32\ole32.dll

\Windows\System32\shlwapi.dll

\Windows\System32\shell32.dll

\Windows\System32\difxapi.dll

\Windows\System32\wininet.dll

\Windows\System32\lpk.dll

\Windows\System32\psapi.dll

\Windows\System32\usp10.dll

\Windows\System32\user32.dll

\Windows\System32\clbcatq.dll

\Windows\System32\comdlg32.dll

\Windows\System32\advapi32.dll

\Windows\System32\oleaut32.dll

\Windows\System32\ws2_32.dll

\Windows\System32\rpcrt4.dll

\Windows\System32\msvcrt.dll

\Windows\System32\imagehlp.dll

\Windows\System32\iertutil.dll

\Windows\System32\gdi32.dll

\Windows\System32\msctf.dll

\Windows\System32\crypt32.dll

\Windows\System32\comctl32.dll

\Windows\System32\devobj.dll

\Windows\System32\KernelBase.dll

\Windows\System32\cfgmgr32.dll

\Windows\System32\wintrust.dll

\Windows\System32\msasn1.dll

\Windows\SysWOW64\normaliz.dll

----------- End -----------

Done!

<<<1>>>

Upper Device Name: \Device\Harddisk6\DR6

Upper Device Object: 0xfffffa8009198790

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\00000080\

Lower Device Object: 0xfffffa8008917240

Lower Device Driver Name: \Driver\USBSTOR\

<<<1>>>

Upper Device Name: \Device\Harddisk5\DR5

Upper Device Object: 0xfffffa8008fca060

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\0000007c\

Lower Device Object: 0xfffffa8008811370

Lower Device Driver Name: \Driver\USBSTOR\

<<<1>>>

Upper Device Name: \Device\Harddisk4\DR4

Upper Device Object: 0xfffffa8008fc9060

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\0000007b\

Lower Device Object: 0xfffffa80087e7060

Lower Device Driver Name: \Driver\USBSTOR\

<<<1>>>

Upper Device Name: \Device\Harddisk3\DR3

Upper Device Object: 0xfffffa8008fc8060

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\0000007a\

Lower Device Object: 0xfffffa80087c8060

Lower Device Driver Name: \Driver\USBSTOR\

<<<1>>>

Upper Device Name: \Device\Harddisk2\DR2

Upper Device Object: 0xfffffa8008fc7060

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\00000079\

Lower Device Object: 0xfffffa8008f90060

Lower Device Driver Name: \Driver\USBSTOR\

<<<1>>>

Upper Device Name: \Device\Harddisk1\DR1

Upper Device Object: 0xfffffa8008fc5060

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\00000078\

Lower Device Object: 0xfffffa8008f3b060

Lower Device Driver Name: \Driver\USBSTOR\

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xfffffa8007a6f060

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\

Lower Device Object: 0xfffffa80077be060

Lower Device Driver Name: \Driver\atapi\

<<<2>>>

Device number: 0, partition: 2

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xfffffa8007a6f060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8007a6fb90, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8007a6f060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa800732ce40, DeviceName: Unknown, DriverName: \Driver\ACPI\

DevicePointer: 0xfffffa80077be060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\

------------ End ----------

Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

Upper DeviceData: 0x0, 0x0, 0x0

Lower DeviceData: 0x0, 0x0, 0x0

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

Device number: 0, partition: 2

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning drivers directory: C:\Windows\system32\drivers...

<<<2>>>

Device number: 0, partition: 2

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Done!

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 5052995B

Partition information:

Partition 0 type is Other (0x27)

Partition is NOT ACTIVE.

Partition starts at LBA: 2048 Numsec = 30720000

Partition 1 type is Primary (0x7)

Partition is ACTIVE.

Partition starts at LBA: 30722048 Numsec = 1922799616

Partition file system is NTFS

Partition is bootable

Partition 2 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 1000204886016 bytes

Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1953505168-1953525168)...

Done!

Physical Sector Size: 0

Drive: 1, DevicePointer: 0xfffffa8008fc5060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa80088723a0, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8008fc5060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa8008f3b060, DeviceName: \Device\00000078\, DriverName: \Driver\USBSTOR\

------------ End ----------

Physical Sector Size: 0

Drive: 2, DevicePointer: 0xfffffa8008fc7060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa80088a7040, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8008fc7060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa8008f90060, DeviceName: \Device\00000079\, DriverName: \Driver\USBSTOR\

------------ End ----------

Physical Sector Size: 0

Drive: 3, DevicePointer: 0xfffffa8008fc8060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8008fc8b90, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8008fc8060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa80087c8060, DeviceName: \Device\0000007a\, DriverName: \Driver\USBSTOR\

------------ End ----------

Physical Sector Size: 0

Drive: 4, DevicePointer: 0xfffffa8008fc9060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8008fc9b90, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8008fc9060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa80087e7060, DeviceName: \Device\0000007b\, DriverName: \Driver\USBSTOR\

------------ End ----------

Physical Sector Size: 0

Drive: 5, DevicePointer: 0xfffffa8008fca060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8008fcab90, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8008fca060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa8008811370, DeviceName: \Device\0000007c\, DriverName: \Driver\USBSTOR\

------------ End ----------

Physical Sector Size: 512

Drive: 6, DevicePointer: 0xfffffa8009198790, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xfffffa8009195040, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xfffffa8009198790, DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\

DevicePointer: 0xfffffa8008917240, DeviceName: \Device\00000080\, DriverName: \Driver\USBSTOR\

------------ End ----------

Alternate DeviceName: \Device\Harddisk6\DR6\, DriverName: \Driver\Disk\

Upper DeviceData: 0x0, 0x0, 0x0

Lower DeviceData: 0x0, 0x0, 0x0

Drive 6

Scanning MBR on drive 6...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 23F15

Partition information:

Partition 0 type is Primary (0x7)

Partition is NOT ACTIVE.

Partition starts at LBA: 2048 Numsec = 1953456128

Partition 1 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)

Partition is NOT ACTIVE.

Partition starts at LBA: 0 Numsec = 0

Disk Size: 1000170586112 bytes

Sector size: 512 bytes

Done!

Scan finished

=======================================

Removal queue found; removal started

Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...

Removing c:\programdata\malwarebytes' anti-malware (portable)\bootstrap_0_1_30722048_i.mbam...

Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...

Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_6_i.mbam...

Removing c:\programdata\malwarebytes' anti-malware (portable)\mbr_6_r.mbam...

Removal finished

ComboFix 13-05-25.02 - Cliff 05/25/2013 23:17:21.2.4 - x64 NETWORK

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7935.6990 [GMT -4:00]

Running from: c:\users\Cliff\Downloads\ComboFix.exe

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((( Files Created from 2013-04-26 to 2013-05-26 )))))))))))))))))))))))))))))))

.

.

2013-05-26 03:28 . 2013-05-26 03:28 -------- d-----w- c:\users\Public\AppData\Local\temp

2013-05-26 03:28 . 2013-05-26 03:28 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-05-26 00:11 . 2013-05-26 03:13 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)

2013-05-24 22:08 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{66AE6ECC-AB3E-4480-8FAF-5FE7C5326255}\mpengine.dll

2013-05-24 03:13 . 2013-05-24 03:13 -------- d-----w- c:\programdata\Licenses

2013-05-24 03:13 . 2011-11-04 09:13 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX

2013-05-24 03:13 . 2009-03-24 16:52 129872 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL

2013-05-24 03:13 . 2013-05-24 03:15 -------- d-----w- c:\program files (x86)\SpywareBlaster

2013-05-23 23:21 . 2013-05-23 23:21 -------- d-----w- c:\windows\ERUNT

2013-05-23 23:21 . 2013-05-23 23:21 -------- d-----w- C:\JRT

2013-05-15 04:49 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys

2013-05-15 04:49 . 2013-04-10 06:01 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys

2013-05-15 04:49 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll

2013-05-15 04:49 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll

2013-05-15 04:49 . 2013-02-27 06:02 111448 ----a-w- c:\windows\system32\consent.exe

2013-05-15 04:49 . 2013-02-27 05:52 197120 ----a-w- c:\windows\system32\shdocvw.dll

2013-05-15 04:49 . 2013-02-27 05:48 1930752 ----a-w- c:\windows\system32\authui.dll

2013-05-15 04:49 . 2013-02-27 05:47 70144 ----a-w- c:\windows\system32\appinfo.dll

2013-05-15 04:49 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\SysWow64\authui.dll

2013-05-14 23:07 . 2013-05-15 12:56 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird

2013-05-06 22:24 . 2013-05-06 22:24 -------- d-----w- c:\users\Cliff\AppData\Local\Aspyr

2013-05-02 06:33 . 2013-05-02 06:33 -------- d-----w- c:\program files (x86)\Common Files\BioWare

2013-05-02 06:33 . 2013-05-02 06:33 -------- d-----w- c:\users\hedev

2013-05-02 02:26 . 2013-05-02 02:26 -------- d-sh--w- c:\programdata\DSS

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-05-21 23:14 . 2012-07-27 00:29 45856 ----a-w- c:\windows\system32\drivers\avgtpx64.sys

2013-05-15 07:08 . 2010-12-29 14:31 75016696 ----a-w- c:\windows\system32\MRT.exe

2013-05-14 22:43 . 2012-04-15 16:37 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-05-14 22:43 . 2011-06-27 23:25 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-05-03 22:37 . 2011-12-26 19:52 466520 ----a-w- c:\windows\system32\wrap_oal.dll

2013-05-03 22:37 . 2011-12-26 19:52 445016 ----a-w- c:\windows\SysWow64\wrap_oal.dll

2013-05-03 22:37 . 2011-12-26 19:52 122968 ----a-w- c:\windows\system32\OpenAL32.dll

2013-05-03 22:37 . 2011-12-26 19:52 109144 ----a-w- c:\windows\SysWow64\OpenAL32.dll

2013-05-02 06:06 . 2010-12-28 15:53 278800 ------w- c:\windows\system32\MpSigStub.exe

2013-05-02 03:51 . 2009-08-18 16:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll

2013-05-02 03:51 . 2009-08-18 15:24 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2013-04-23 04:09 . 2013-04-23 04:09 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-04-23 04:09 . 2012-07-25 03:36 866720 ----a-w- c:\windows\SysWow64\npdeployJava1.dll

2013-04-23 04:09 . 2010-12-29 01:09 788896 ----a-w- c:\windows\SysWow64\deployJava1.dll

2013-04-12 14:45 . 2013-04-23 22:33 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys

2013-04-04 18:50 . 2011-05-27 23:53 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-03-19 06:04 . 2013-04-10 12:24 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-03-19 05:46 . 2013-04-10 12:24 43520 ----a-w- c:\windows\system32\csrsrv.dll

2013-03-19 05:04 . 2013-04-10 12:24 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2013-03-19 05:04 . 2013-04-10 12:24 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2013-03-19 04:47 . 2013-04-10 12:24 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll

2013-03-19 03:06 . 2013-04-10 12:24 112640 ----a-w- c:\windows\system32\smss.exe

2013-02-28 12:03 . 2013-03-13 04:36 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2013-02-28 11:38 . 2013-03-13 04:36 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb

2012-03-30 00:01 . 2012-03-29 23:58 3993600 ----a-w- c:\program files (x86)\GUTEB5F.tmp

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2010-11-07 2646128]

"SansaDispatch"="c:\users\Cliff\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe" [2011-01-06 79872]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-05-24 5622512]

"California Fonts Loader"="c:\program files (x86)\California Font Manager\CaliforniaFonts.exe" [2011-04-02 631016]

"Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-05-03 1635752]

"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2012-12-04 3093624]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]

"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]

"ConnectionCenter"="c:\users\Cliff\AppData\Local\Citrix\ICA Client\concentr.exe" [2010-03-11 300400]

"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2010-12-09 74752]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]

"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-24 926896]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

"GrpConv"="grpconv -o" [X]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"Application Restart 0"="c:\program files (x86)\ASUS\GPU Tweak\Monitor.exe" [2012-02-14 2385408]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2009-10-05 87600]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-12-19 240640]

R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-12-19 361984]

R2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472]

R2 ASGT;ASGT;c:\windows\SysWOW64\ASGT.exe [2012-01-17 55296]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-11-06 96256]

R3 IOMap;IOMap;c:\windows\system32\drivers\IOMap64.sys [2010-02-23 23680]

R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-29 1255736]

S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2013-05-21 45856]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-09-09 140672]

S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]

S3 RTL85n64;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\system32\DRIVERS\RTL85n64.sys [2010-03-23 2061856]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-09-28 395264]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 99275219

*Deregistered* - 99275219

.

Contents of the 'Scheduled Tasks' folder

.

2013-05-25 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 22:43]

.

2013-05-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4240822391-1121041123-2288482998-1001Core.job

- c:\users\Cliff\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-10 22:33]

.

2013-05-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4240822391-1121041123-2288482998-1001UA.job

- c:\users\Cliff\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-10 22:33]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.ask.com/?l=dis&o=14597

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: &Download by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/204

IE: Do&wnload selected by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/202

TCP: DhcpNameServer = 192.168.1.254

CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll

FF - ProfilePath - c:\users\Cliff\AppData\Roaming\Mozilla\Firefox\Profiles\zk4zkjei.default\

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKLM-RunOnce-<NO NAME> - (no file)

AddRemove-Giant Savings - c:\program files (x86)\Giant Savings\Uninstall.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-4240822391-1121041123-2288482998-1001\Software\SecuROM\License information*]

"datasecu"=hex:af,67,15,1f,3d,a4,ef,cf,7b,bc,34,19,a7,d0,8e,d6,ad,d2,2e,32,ce,

b2,98,5a,f4,75,14,b5,22,ce,40,d8,9a,a8,c8,a3,7f,39,47,61,9d,c6,29,94,47,d4,\

"rkeysecu"=hex:43,9a,34,38,a1,39,66,b3,43,5c,28,30,bf,4c,68,79

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]

@="?????????????????? v1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]

@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]

@="?????????????????? v2"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]

@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-05-25 23:32:25

ComboFix-quarantined-files.txt 2013-05-26 03:32

ComboFix2.txt 2013-05-23 23:01

ComboFix3.txt 2011-05-28 00:16

.

Pre-Run: 359,366,868,992 bytes free

Post-Run: 359,073,325,056 bytes free

.

- - End Of File - - 840E6BFE8F626DD7B6ACD1728E8B73CF

[D-FRED-BROWN]

I do have a question. What should I use to protect my system for free?

As we wrap things up, I'll provide you with some suggestions for security software .

-----------------

Please do the following:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KILLALL::

Driver::

99275219

File::

C:\Windows\system32\drivers\99275219.sys

Reboot::

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I shall require in your next reply.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Please include the newly-created C:\ComboFix.txt in your next reply, and let me know how things are running now

[Megaweapon]

Here is the log. Sorry it took a while.

ComboFix 13-05-28.01 - Cliff 05/28/2013 2:57.5.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7935.6232 [GMT -4:00]

Running from: c:\users\Cliff\Desktop\ComboFix.exe

Command switches used :: c:\users\Cliff\Desktop\CFScript.txt

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\windows\system32\drivers\99275219.sys"

.

.

((((((((((((((((((((((((( Files Created from 2013-04-28 to 2013-05-28 )))))))))))))))))))))))))))))))

.

.

2013-05-28 07:09 . 2013-05-28 07:09 -------- d-----w- c:\users\Public\AppData\Local\temp

2013-05-28 07:09 . 2013-05-28 07:09 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-05-26 00:11 . 2013-05-26 03:13 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)

2013-05-24 22:08 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{66AE6ECC-AB3E-4480-8FAF-5FE7C5326255}\mpengine.dll

2013-05-24 03:13 . 2013-05-24 03:13 -------- d-----w- c:\programdata\Licenses

2013-05-24 03:13 . 2011-11-04 09:13 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX

2013-05-24 03:13 . 2009-03-24 16:52 129872 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL

2013-05-24 03:13 . 2013-05-24 03:15 -------- d-----w- c:\program files (x86)\SpywareBlaster

2013-05-23 23:21 . 2013-05-23 23:21 -------- d-----w- c:\windows\ERUNT

2013-05-23 23:21 . 2013-05-23 23:21 -------- d-----w- C:\JRT

2013-05-15 04:49 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys

2013-05-15 04:49 . 2013-04-10 06:01 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys

2013-05-15 04:49 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll

2013-05-15 04:49 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll

2013-05-15 04:49 . 2013-02-27 06:02 111448 ----a-w- c:\windows\system32\consent.exe

2013-05-15 04:49 . 2013-02-27 05:52 197120 ----a-w- c:\windows\system32\shdocvw.dll

2013-05-15 04:49 . 2013-02-27 05:48 1930752 ----a-w- c:\windows\system32\authui.dll

2013-05-15 04:49 . 2013-02-27 05:47 70144 ----a-w- c:\windows\system32\appinfo.dll

2013-05-15 04:49 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\SysWow64\authui.dll

2013-05-14 23:07 . 2013-05-15 12:56 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird

2013-05-06 22:24 . 2013-05-06 22:24 -------- d-----w- c:\users\Cliff\AppData\Local\Aspyr

2013-05-02 06:33 . 2013-05-02 06:33 -------- d-----w- c:\program files (x86)\Common Files\BioWare

2013-05-02 06:33 . 2013-05-02 06:33 -------- d-----w- c:\users\hedev

2013-05-02 02:26 . 2013-05-02 02:26 -------- d-sh--w- c:\programdata\DSS

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-05-21 23:14 . 2012-07-27 00:29 45856 ----a-w- c:\windows\system32\drivers\avgtpx64.sys

2013-05-15 07:08 . 2010-12-29 14:31 75016696 ----a-w- c:\windows\system32\MRT.exe

2013-05-14 22:43 . 2012-04-15 16:37 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-05-14 22:43 . 2011-06-27 23:25 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-05-03 22:37 . 2011-12-26 19:52 466520 ----a-w- c:\windows\system32\wrap_oal.dll

2013-05-03 22:37 . 2011-12-26 19:52 445016 ----a-w- c:\windows\SysWow64\wrap_oal.dll

2013-05-03 22:37 . 2011-12-26 19:52 122968 ----a-w- c:\windows\system32\OpenAL32.dll

2013-05-03 22:37 . 2011-12-26 19:52 109144 ----a-w- c:\windows\SysWow64\OpenAL32.dll

2013-05-02 06:06 . 2010-12-28 15:53 278800 ------w- c:\windows\system32\MpSigStub.exe

2013-05-02 03:51 . 2009-08-18 16:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll

2013-05-02 03:51 . 2009-08-18 15:24 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll

2013-04-23 04:09 . 2013-04-23 04:09 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-04-23 04:09 . 2012-07-25 03:36 866720 ----a-w- c:\windows\SysWow64\npdeployJava1.dll

2013-04-23 04:09 . 2010-12-29 01:09 788896 ----a-w- c:\windows\SysWow64\deployJava1.dll

2013-04-12 14:45 . 2013-04-23 22:33 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys

2013-04-04 18:50 . 2011-05-27 23:53 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-03-19 06:04 . 2013-04-10 12:24 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-03-19 05:46 . 2013-04-10 12:24 43520 ----a-w- c:\windows\system32\csrsrv.dll

2013-03-19 05:04 . 2013-04-10 12:24 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2013-03-19 05:04 . 2013-04-10 12:24 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2013-03-19 04:47 . 2013-04-10 12:24 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll

2013-03-19 03:06 . 2013-04-10 12:24 112640 ----a-w- c:\windows\system32\smss.exe

2013-02-28 12:03 . 2013-03-13 04:36 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2013-02-28 11:38 . 2013-03-13 04:36 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb

2012-03-30 00:01 . 2012-03-29 23:58 3993600 ----a-w- c:\program files (x86)\GUTEB5F.tmp

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2010-11-07 2646128]

"SansaDispatch"="c:\users\Cliff\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe" [2011-01-06 79872]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2013-05-24 5622512]

"California Fonts Loader"="c:\program files (x86)\California Font Manager\CaliforniaFonts.exe" [2011-04-02 631016]

"Steam"="c:\program files (x86)\Steam\Steam.exe" [2013-05-03 1635752]

"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2012-12-04 3093624]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]

"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]

"ConnectionCenter"="c:\users\Cliff\AppData\Local\Citrix\ICA Client\concentr.exe" [2010-03-11 300400]

"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2010-12-09 74752]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]

"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-24 926896]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"Application Restart 0"="c:\program files (x86)\ASUS\GPU Tweak\Monitor.exe" [2012-02-14 2385408]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-11-06 96256]

R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-29 1255736]

S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2013-05-21 45856]

S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2009-10-05 87600]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-09-09 140672]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-12-19 240640]

S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-12-19 361984]

S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472]

S2 ASGT;ASGT;c:\windows\SysWOW64\ASGT.exe [2012-01-17 55296]

S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]

S3 IOMap;IOMap;c:\windows\system32\drivers\IOMap64.sys [2010-02-23 23680]

S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2010-11-07 24176]

S3 RTL85n64;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\system32\DRIVERS\RTL85n64.sys [2010-03-23 2061856]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-09-28 395264]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - PBFILTER

.

Contents of the 'Scheduled Tasks' folder

.

2013-05-28 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 22:43]

.

2013-05-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4240822391-1121041123-2288482998-1001Core.job

- c:\users\Cliff\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-10 22:33]

.

2013-05-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4240822391-1121041123-2288482998-1001UA.job

- c:\users\Cliff\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-10 22:33]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.ask.com/?l=dis&o=14597

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: &Download by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/201

IE: &Grab video by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/204

IE: Do&wnload selected by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/203

IE: Down&load all by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/202

TCP: DhcpNameServer = 192.168.1.254

CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\shell32.dll

FF - ProfilePath - c:\users\Cliff\AppData\Roaming\Mozilla\Firefox\Profiles\zk4zkjei.default\

.

- - - - ORPHANS REMOVED - - - -

.

AddRemove-Giant Savings - c:\program files (x86)\Giant Savings\Uninstall.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-4240822391-1121041123-2288482998-1001\Software\SecuROM\License information*]

"datasecu"=hex:af,67,15,1f,3d,a4,ef,cf,7b,bc,34,19,a7,d0,8e,d6,ad,d2,2e,32,ce,

b2,98,5a,f4,75,14,b5,22,ce,40,d8,9a,a8,c8,a3,7f,39,47,61,9d,c6,29,94,47,d4,\

"rkeysecu"=hex:43,9a,34,38,a1,39,66,b3,43,5c,28,30,bf,4c,68,79

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]

@="?????????????????? v1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]

@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]

@="?????????????????? v2"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]

@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\users\Cliff\AppData\Local\Citrix\ICA Client\wfcrun32.exe

.

**************************************************************************

.

Completion time: 2013-05-28 03:18:45 - machine was rebooted

ComboFix-quarantined-files.txt 2013-05-28 07:18

ComboFix2.txt 2013-05-26 20:10

ComboFix3.txt 2013-05-26 19:45

ComboFix4.txt 2013-05-26 03:32

ComboFix5.txt 2013-05-28 06:55

.

Pre-Run: 356,602,421,248 bytes free

Post-Run: 356,316,839,936 bytes free

.

- - End Of File - - 27B1257751C3AA1502D3EF28939008FB

[Megaweapon]

The computer is running pretty good now. I think startup time was normal today.

[D-FRED-BROWN]

Looking good .

I'd like us to scan your machine with ESET OnlineScan

• Hold down Control and click on the following link to open ESET OnlineScan in a new window.
  ESET OnlineScan
  
• Click the button.
  
• For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  
  • Click on to download the ESET Smart Installer. Save it to your desktop.
    
  • Double click on the icon on your desktop.
    

  [*]Check

  [*]Click the button.

  [*]Accept any security warnings from your browser.

  [*]Check

  [*]Push the Start button.

  [*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

  [*]When the scan completes, push

  [*]Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

  [*]Push the button.

  [*]Push

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

[D-FRED-BROWN]

(bump)

Are you still with me? If your problems still persist, let me know and we'll go about fixing them.

If not, please let me know so I can close this topic.

-DFB

[Maurice Naggar]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!