WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Windows Firewall / Security Center Trouble [Solved]

Started by CaptFivehead , Sep 10 2012 08:05 PM

This topic is locked

19 replies to this topic

#1 CaptFivehead

New Member

Authentic Member
9 posts

Posted 10 September 2012 - 08:05 PM

Good evening all! I started searching on reasons why I might be having trouble with Windows Firewall and Security Center access and came across the forum here. There's a thread that someone else started a while back that very closely resembles the problem I'm having. When I try to access Windows Firewall, I get the following error message: "Due to an unidentified problem, Windows cannot display Windows Firewall settings." Also, when I try to turn on the Windows Security Center, it simply gives the message "The Security Center service can't be started." I've downloaded several anti-malware and anti-spyware programs and ran full scans with all of them (Malwarebytes, Ad-aware, and Spybot S&D). Ad-aware and Spybot only found Cookies and other seemingly insignificant things. Malwarebytes, however, found two Trojan registry keys that nothing else was able to find. I also noticed that once Malwarebytes found and deleted the two Trojan keys, I was able to customize my desktop icons. (I know, weird...but every time I restarted my computer, my desktop icons would rearrange themselves. Now that the Trojan keys are gone, the self-rearranging has stopped). Thanks very much in advance for any help that may be contributed!!! - Fivehead

Advertisements

Register to Remove

#2 patndoris

SuperMember

Malware Team
2,593 posts

Posted 11 September 2012 - 04:21 PM

Hello and

My name is patndoris. I will be glad to take a look at your log and help you with solving any malware problems. It will be very helpful if you follow these guidelines:

Malware logs are often lengthy and can take a lot of time to research and interpret. Please be patient while I review your logs.
Please note that there is no "Quick Fix" to modern malware infections and we may need to use several different approaches to get your system clean.
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
Please follow my instructions carefully and in the order they are posted. You may also find it helpful to print out the instructions you receive.
Please do not run any scans or install/uninstall any applications or delete anything without being directed to do so.
Remember, absence of symptoms does not mean the infection is all gone. Please stick with me till you're given the "all clear".
Please do not use the Attachment feature for any log file. Do a Copy/Paste of the entire contents of the log file and submit it inside your post.
Please reply within 3 days. If I do not hear back from you in that time frame, I will post a reminder for you. Topics with no reply in 4 days are closed!

Download and Run DDS by sUBs

We need to see some information about what is happening in your machine. Please perform the following scan:

Download DDS by sUBs from one of the following links. Save it to your desktop.
- DDS.com
- DDS.pif
Double click on the DDS icon, allow it to run.
A small box will open, with an explaination about the tool. No input is needed, the scan is running.
Notepad will open with the results.
Follow the instructions that pop up for posting the results.
Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

Please read carefully and follow these steps. There is a difference between what you see in one of the images below and what I need you to do.
We are only creating a log - I do NOT want you to "cure" or try to fix anything in this step. It is very important that you don't choose Cure when presented with that option.

Download TDSSKiller and save it to your Desktop.
Extract its contents to your desktop.
Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure but I want you to choose SKIP instead , click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

~Doris~

Proud Graduate of the WTT Classroom
Member of UNITE

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online. http://www.whatthetech.com/donate

#3 CaptFivehead

New Member

Authentic Member
9 posts

Posted 11 September 2012 - 05:43 PM

Thanks very much for your reply! Here are the log files from both programs:

DDS.txt

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2
Run by Tyler at 19:31:25 on 2012-09-11
Microsoft® Windows Vista™ Enterprise 6.0.6002.2.1252.1.1033.18.3059.1634 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Microsoft Forefront Client Security *Enabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
SP: Microsoft Forefront Client Security *Enabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\bcmwltry.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\dldtcoms.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\system32\rpcnet.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MSASCui.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bridgew.edu/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTor.dll
mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTor.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy 2\SDHelper.dll
BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTor.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - c:\program files\utorrentcontrol2\prxtbuTor.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [Spybot-S&D Cleaning] "c:\program files\spybot - search & destroy 2\SDCleaner.exe" /autoclean
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDell.exe" /mode2
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Microsoft Forefront Client Security Antimalware Service] "c:\program files\microsoft forefront\client security\client\antimalware\MSASCui.exe" -hide
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
mRun: [Ad-Aware Antivirus] "c:\program files\ad-aware antivirus\AdAwareLauncher" --windows-run
mRun: [Ad-Aware Browsing Protection] "c:\programdata\ad-aware browsing protection\adawarebp.exe"
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mRunOnce: [InnoSetupRegFile.0000000001] "c:\windows\is-4H4V1.exe" /REG /REGSVRMODE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\cleana~1.lnk - c:\program files\cisco systems\clean access agent\CCAAgent.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy 2\SDHelper.dll
Trusted Zone: bridgew.edu
Trusted Zone: microsoft.com\update
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} - hxxp://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{062BFB8B-9043-4CB2-B541-30E9C3D8B23F} : DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{28623800-D085-4B72-8956-533C7A393FEC} : DhcpNameServer = 75.75.75.75 75.75.76.76
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: SDWinLogon - SDWinLogon.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\tyler\appdata\roaming\mozilla\firefox\profiles\gwe5pk42.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_265.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-12-13 729752]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-12-13 355632]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2011-10-26 101112]
R2 Ad-Aware Service;Ad-Aware Service;c:\program files\ad-aware antivirus\AdAwareService.exe [2012-7-12 1239952]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-12-13 21256]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-12-13 58680]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-12-13 44808]
R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostControlService.exe [2008-11-11 808296]
R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostStorageService.exe [2008-11-11 20840]
R2 dldt_device;dldt_device;c:\windows\system32\dldtcoms.exe -service --> c:\windows\system32\dldtcoms.exe -service [?]
R2 FCSAM;Microsoft Forefront Client Security Antimalware Service;c:\program files\microsoft forefront\client security\client\antimalware\MsMpEng.exe [2010-7-20 16896]
R2 FcsSas;Microsoft Forefront Client Security State Assessment Service;c:\program files\microsoft forefront\client security\client\ssa\FcsSas.exe [2007-4-6 73120]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-9-6 655944]
R2 SBAMSvc;Ad-Aware;c:\program files\ad-aware antivirus\SBAMSvc.exe [2011-12-19 3289032]
R2 sbapifs;sbapifs;c:\windows\system32\drivers\sbapifs.sys [2011-11-29 77816]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2012-9-5 1074720]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2012-9-5 1358360]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2012-4-27 382272]
R2 TeamViewer7;TeamViewer 7;c:\program files\teamviewer\version7\TeamViewer_Service.exe [2012-5-20 2666880]
R3 CCIDFILTER;Broadcom Smart Card Reader Filter Driver;c:\windows\system32\drivers\ccidflt.sys [2008-12-12 12840]
R3 cvusbdrv;Broadcom USH CV;c:\windows\system32\drivers\cvusbdrv.sys [2008-11-11 32808]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y6032.sys [2008-12-12 224384]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-9-6 22856]
R3 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2008-4-11 71424]
R3 NETw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2008-6-26 3662848]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [2009-3-6 133632]
R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [2009-3-8 280096]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia update core\daemonu.exe [2012-5-20 2458944]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2012-9-5 166528]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2011-12-13 250568]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2007-2-8 179712]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-8 114656]
S3 RTCore32;RTCore32;c:\program files\evga precision x\RTCore32.sys [2011-9-6 5632]
S3 sbhips;sbhips;c:\windows\system32\drivers\sbhips.sys [2012-9-5 93816]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-09-11 22:03:41 711240 ----a-w- c:\windows\is-4H4V1.exe
2012-09-11 02:39:59 818144 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2012-09-11 01:39:17 7022536 ----a-w- c:\programdata\microsoft\microsoft forefront\client security\client\antimalware\definition updates\{6d998882-a7e0-4d7e-b3f4-eb762e4dd8c6}\mpengine.dll
2012-09-07 21:42:42 -------- d-----w- c:\programdata\Battle.net
2012-09-06 14:27:30 -------- d-----w- c:\users\tyler\appdata\roaming\Malwarebytes
2012-09-06 14:27:14 -------- d-----w- c:\programdata\Malwarebytes
2012-09-06 14:27:12 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-06 14:27:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-05 23:17:15 -------- d-----w- c:\users\tyler\appdata\local\adaware
2012-09-05 23:17:13 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2012-09-05 23:16:58 93816 ----a-w- c:\windows\system32\drivers\sbhips.sys
2012-09-05 23:16:48 -------- d-----w- c:\windows\system32\drivers\VDD
2012-09-05 23:16:20 -------- d-----w- c:\users\tyler\appdata\local\Downloaded Installations
2012-09-05 23:15:05 -------- d-----w- c:\users\tyler\appdata\roaming\Ad-Aware Antivirus
2012-09-05 22:40:40 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-09-05 22:40:31 15224 ----a-w- c:\windows\system32\sdnclean.exe
2012-09-05 22:40:22 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2012-09-02 02:02:49 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-08-15 00:50:59 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-15 00:50:47 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-08-15 00:47:39 623616 ----a-w- c:\windows\system32\localspl.dll
.
==================== Find3M ====================
.
2012-09-11 21:59:54 17920 ----a-w- c:\windows\system32\rpcnetp.exe
2012-09-11 21:59:39 58288 ----a-w- c:\windows\system32\rpcnet.dll
2012-09-02 02:04:45 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-02 02:04:45 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-02 02:02:36 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-02 02:02:36 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-21 09:13:15 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:13:14 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-08-21 09:12:33 41224 ----a-w- c:\windows\avastSS.scr
2012-07-16 17:53:33 58288 ------w- c:\windows\system32\rpcnet.exe
2012-07-16 17:50:40 17920 ----a-w- c:\windows\system32\rpcnetp.dll
2012-06-29 00:16:58 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-29 00:04:43 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 19:32:41.45 ===============

Attach.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Enterprise
Boot Device: \Device\HarddiskVolume2
Install Date: 12/13/2011 3:37:11 PM
System Uptime: 9/11/2012 5:57:52 PM (2 hours ago)
.
Motherboard: Dell Inc. | | 0U695R
Processor: Intel® Core™2 Duo CPU P8400 @ 2.26GHz | Microprocessor | 2268/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 42.987 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Tun Miniport Adapter
Device ID: ROOT\*TUNMP\0001
Manufacturer: Microsoft
Name: Microsoft Tun Miniport Adapter #2
PNP Device ID: ROOT\*TUNMP\0001
Service: tunmp
.
==== System Restore Points ===================
.
RP306: 9/4/2012 10:53:13 PM - Windows Update
RP307: 9/5/2012 10:20:37 PM - Scheduled Checkpoint
RP308: 9/6/2012 12:45:18 PM - Scheduled Checkpoint
RP310: 9/10/2012 9:38:43 PM - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
µTorrent
Acrobat.com
Ad-Aware Antivirus
Ad-Aware Browsing Protection
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9
Any Video Converter 3.3.8
APB Reloaded
Apple Application Support
Apple Mobile Device Support
Apple Software Update
avast! Free Antivirus
BioAPI Framework
Bonjour
Broadcom USH Host Components
CCleaner
Cisco Clean Access Agent
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Citrix Presentation Server Client - Web Only
Counter-Strike
Curse Client
Defraggler
Dell Resource CD
Dell Security Device Driver Pack
Dell Touchpad
Dell Webcam Central
Dell Wireless WLAN Card Utility
EVGA Precision X 3.0.2
getPlus® for Adobe
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Integrated Webcam Driver (1.06.03.0309)
Intel PROSet Wireless
Intel® Network Connections Drivers
Intel® PROSet/Wireless WiFi Software
iTunes
Java 7 Update 7
Java Auto Updater
Java™ 6 Update 11
Java™ 6 Update 5
JavaFX 2.0.3
Malwarebytes Anti-Malware version 1.65.0.1400
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Forefront Client Security Antimalware Service
Microsoft Forefront Client Security State Assessment Service
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Save as PDF Add-in for 2007 Microsoft Office programs
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 15.0 (x86 en-US)
Mozilla Firefox 16.0 (x86 en-US)
Mozilla Maintenance Service
NVIDIA 3D Vision Driver 296.70
NVIDIA Control Panel 296.70
NVIDIA Graphics Driver 296.70
NVIDIA Install Application
NVIDIA nView 136.27
NVIDIA PhysX
NVIDIA PhysX System Software 9.11.0621
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.7.13
NVIDIA Update Components
PeerBlock 1.1 (r518)
PowerDVD
PunkBuster Services
QuickTime
RICOH R5C83x/84x Media Driver Ver.3.53.02
Security Task Manager 1.8d
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Spybot - Search & Destroy
Steam
System Requirements Lab CYRI
Team Fortress 2
Team Fortress Classic
TeamViewer 7
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687400) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
uTorrentControl2 Toolbar
Ventrilo Client
VLC media player 1.1.11
Windows Driver Package - Dell Inc. PBADRV System (01/07/2008 1.0.1.5)
WinRAR 4.10 beta 4 (32-bit)
WinX Free WMV to 3GP Converter 2.0.10
World of Warcraft
.
==== Event Viewer Messages From Past Week ========
.
9/8/2012 12:49:03 PM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.101 with the system having network hardware address 74-F0-6D-32-A9-CD. Network operations on this system may be disrupted as a result.
9/8/2012 12:49:02 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.101 for the Network Card with network address 0024E8BC7629 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
9/7/2012 5:32:24 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SBAMSvc service.
9/7/2012 5:32:24 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the service.
9/5/2012 6:21:05 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SBRE
9/11/2012 6:04:24 PM, Error: FcsSas [10006] - Forefront Client Security State Assessment Service policy applied with errors. Reverted to the following settings: Schedule Type: Interval Time: 12 Parameter:
9/11/2012 6:02:02 PM, Error: Service Control Manager [7038] - The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: Logon failure: the specified account password has expired. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
9/11/2012 6:02:02 PM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not start due to a logon failure.
9/11/2012 5:59:59 PM, Error: Service Control Manager [7003] - The Spybot-S&D 2 Security Center Service service depends the following service: wscsvc. This service might not be installed.
9/10/2012 9:32:46 PM, Error: EventLog [6008] - The previous system shutdown at 9:30:32 PM on 9/10/2012 was unexpected.
.
==== End Of File ===========================

TDSSKiller Report

19:34:59.0261 2004 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
19:34:59.0635 2004 ============================================================
19:34:59.0635 2004 Current date / time: 2012/09/11 19:34:59.0635
19:34:59.0635 2004 SystemInfo:
19:34:59.0635 2004
19:34:59.0635 2004 OS Version: 6.0.6002 ServicePack: 2.0
19:34:59.0635 2004 Product type: Workstation
19:34:59.0635 2004 ComputerName: FIVEHEAD
19:34:59.0635 2004 UserName: Tyler
19:34:59.0635 2004 Windows directory: C:\Windows
19:34:59.0635 2004 System windows directory: C:\Windows
19:34:59.0635 2004 Processor architecture: Intel x86
19:34:59.0635 2004 Number of processors: 2
19:34:59.0635 2004 Page size: 0x1000
19:34:59.0635 2004 Boot type: Normal boot
19:34:59.0635 2004 ============================================================
19:35:00.0587 2004 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:35:00.0587 2004 ============================================================
19:35:00.0587 2004 \Device\Harddisk0\DR0:
19:35:00.0587 2004 MBR partitions:
19:35:00.0587 2004 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2F10C, BlocksNum 0x129E99B5
19:35:00.0587 2004 ============================================================
19:35:00.0618 2004 C: <-> \Device\Harddisk0\DR0\Partition1
19:35:00.0618 2004 ============================================================
19:35:00.0618 2004 Initialize success
19:35:00.0618 2004 ============================================================
19:35:02.0194 3288 ============================================================
19:35:02.0194 3288 Scan started
19:35:02.0194 3288 Mode: Manual;
19:35:02.0194 3288 ============================================================
19:35:02.0521 3288 ================ Scan system memory ========================
19:35:02.0521 3288 System memory - ok
19:35:02.0521 3288 ================ Scan services =============================
19:35:02.0818 3288 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
19:35:02.0833 3288 ACPI - ok
19:35:03.0036 3288 [ AF9658974154C3B6A333D86DC2E0AAC8 ] Ad-Aware Service C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
19:35:03.0052 3288 Ad-Aware Service - ok
19:35:03.0114 3288 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:35:03.0114 3288 AdobeFlashPlayerUpdateSvc - ok
19:35:03.0161 3288 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
19:35:03.0161 3288 adp94xx - ok
19:35:03.0192 3288 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
19:35:03.0208 3288 adpahci - ok
19:35:03.0239 3288 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
19:35:03.0239 3288 adpu160m - ok
19:35:03.0286 3288 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
19:35:03.0286 3288 adpu320 - ok
19:35:03.0317 3288 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:35:03.0317 3288 AeLookupSvc - ok
19:35:03.0411 3288 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
19:35:03.0426 3288 AFD - ok
19:35:03.0457 3288 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
19:35:03.0457 3288 agp440 - ok
19:35:03.0489 3288 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
19:35:03.0489 3288 aic78xx - ok
19:35:03.0551 3288 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
19:35:03.0551 3288 ALG - ok
19:35:03.0567 3288 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
19:35:03.0567 3288 aliide - ok
19:35:03.0598 3288 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
19:35:03.0598 3288 amdagp - ok
19:35:03.0629 3288 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
19:35:03.0629 3288 amdide - ok
19:35:03.0629 3288 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
19:35:03.0629 3288 AmdK7 - ok
19:35:03.0645 3288 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
19:35:03.0660 3288 AmdK8 - ok
19:35:03.0676 3288 [ B83F9DA84F7079451C1C6A4A2F140920 ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
19:35:03.0691 3288 ApfiltrService - ok
19:35:03.0738 3288 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
19:35:03.0738 3288 Appinfo - ok
19:35:03.0801 3288 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:35:03.0801 3288 Apple Mobile Device - ok
19:35:03.0863 3288 [ 0FE769CAE5855B53C90E23F85E7E89FF ] AppMgmt C:\Windows\System32\appmgmts.dll
19:35:03.0863 3288 AppMgmt - ok
19:35:03.0894 3288 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
19:35:03.0894 3288 arc - ok
19:35:03.0894 3288 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
19:35:03.0894 3288 arcsas - ok
19:35:03.0925 3288 [ F5DC168BF77572D51BE28BA261B30CB4 ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys
19:35:03.0941 3288 aswFsBlk - ok
19:35:03.0957 3288 [ F76E51561562AC4105DBBE53FC99BC10 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
19:35:03.0957 3288 aswMonFlt - ok
19:35:03.0972 3288 [ B7D5E4486BA658ED08624D8084ABB830 ] aswRdr C:\Windows\system32\drivers\aswRdr.sys
19:35:03.0972 3288 aswRdr - ok
19:35:04.0003 3288 [ 30E45AF8B4D83176CA850FC9699E860B ] aswSnx C:\Windows\system32\drivers\aswSnx.sys
19:35:04.0003 3288 aswSnx - ok
19:35:04.0035 3288 [ F04BDBCB965C05C51F4A7DE7B62063D6 ] aswSP C:\Windows\system32\drivers\aswSP.sys
19:35:04.0035 3288 aswSP - ok
19:35:04.0050 3288 [ DFE9152ABFA89BB8CFDC057409B2D4DA ] aswTdi C:\Windows\system32\drivers\aswTdi.sys
19:35:04.0050 3288 aswTdi - ok
19:35:04.0066 3288 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:35:04.0066 3288 AsyncMac - ok
19:35:04.0097 3288 [ 2D9C903DC76A66813D350A562DE40ED9 ] atapi C:\Windows\system32\drivers\atapi.sys
19:35:04.0097 3288 atapi - ok
19:35:04.0144 3288 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:35:04.0144 3288 AudioEndpointBuilder - ok
19:35:04.0159 3288 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
19:35:04.0159 3288 Audiosrv - ok
19:35:04.0191 3288 [ 04AC21E821F259845BD7367CEE057290 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
19:35:04.0191 3288 avast! Antivirus - ok
19:35:04.0222 3288 [ 0B92CCF7BFCBE2B33838434F2F50CB61 ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
19:35:04.0222 3288 b57nd60x - ok
19:35:04.0284 3288 [ 31A7CF8B26035FCF58BD1DBF36B1E69A ] BCM42RLY C:\Windows\system32\drivers\BCM42RLY.sys
19:35:04.0284 3288 BCM42RLY - ok
19:35:04.0315 3288 [ FA6707A346CD122407F3B0BAD1C47639 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl6.sys
19:35:04.0331 3288 BCM43XX - ok
19:35:04.0362 3288 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
19:35:04.0362 3288 Beep - ok
19:35:04.0409 3288 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
19:35:04.0409 3288 BFE - ok
19:35:04.0487 3288 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
19:35:04.0503 3288 BITS - ok
19:35:04.0518 3288 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
19:35:04.0518 3288 blbdrive - ok
19:35:04.0596 3288 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:35:04.0596 3288 Bonjour Service - ok
19:35:04.0627 3288 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:35:04.0627 3288 bowser - ok
19:35:04.0659 3288 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
19:35:04.0659 3288 BrFiltLo - ok
19:35:04.0674 3288 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
19:35:04.0674 3288 BrFiltUp - ok
19:35:04.0690 3288 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
19:35:04.0705 3288 Browser - ok
19:35:04.0721 3288 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
19:35:04.0721 3288 Brserid - ok
19:35:04.0737 3288 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
19:35:04.0737 3288 BrSerWdm - ok
19:35:04.0752 3288 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
19:35:04.0752 3288 BrUsbMdm - ok
19:35:04.0768 3288 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
19:35:04.0768 3288 BrUsbSer - ok
19:35:04.0799 3288 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
19:35:04.0799 3288 BTHMODEM - ok
19:35:04.0830 3288 [ D006B6A67B8DAED85E6D91783E9B45D6 ] CCIDFILTER C:\Windows\system32\DRIVERS\ccidflt.SYS
19:35:04.0830 3288 CCIDFILTER - ok
19:35:04.0846 3288 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:35:04.0846 3288 cdfs - ok
19:35:04.0893 3288 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
19:35:04.0893 3288 cdrom - ok
19:35:04.0955 3288 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
19:35:04.0971 3288 CertPropSvc - ok
19:35:04.0986 3288 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
19:35:04.0986 3288 circlass - ok
19:35:05.0033 3288 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
19:35:05.0033 3288 CLFS - ok
19:35:05.0080 3288 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:35:05.0220 3288 clr_optimization_v2.0.50727_32 - ok
19:35:05.0314 3288 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:35:05.0314 3288 clr_optimization_v4.0.30319_32 - ok
19:35:05.0345 3288 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
19:35:05.0345 3288 CmBatt - ok
19:35:05.0361 3288 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:35:05.0361 3288 cmdide - ok
19:35:05.0376 3288 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
19:35:05.0376 3288 Compbatt - ok
19:35:05.0392 3288 COMSysApp - ok
19:35:05.0392 3288 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
19:35:05.0392 3288 crcdisk - ok
19:35:05.0439 3288 [ 9D57165906778C9E5E0ECB34B311564B ] Credential Vault Host Control Service C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
19:35:05.0454 3288 Credential Vault Host Control Service - ok
19:35:05.0485 3288 [ E31E97859DEEE648D5867EADFBDBF25A ] Credential Vault Host Storage C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
19:35:05.0517 3288 Credential Vault Host Storage - ok
19:35:05.0532 3288 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
19:35:05.0532 3288 Crusoe - ok
19:35:05.0595 3288 [ 75C6A297E364014840B48ECCD7525E30 ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:35:05.0595 3288 CryptSvc - ok
19:35:05.0641 3288 [ 9BDB2E89BE8D0EF37B1F25C3D3FC192C ] CSC C:\Windows\system32\drivers\csc.sys
19:35:05.0641 3288 CSC - ok
19:35:05.0688 3288 [ 0A2095F92F6AE4FE6484D911B0C21E95 ] CscService C:\Windows\System32\cscsvc.dll
19:35:05.0688 3288 CscService - ok
19:35:05.0735 3288 [ DC6429FBC73B0B0B38CC5386C8A607ED ] cvusbdrv C:\Windows\system32\Drivers\cvusbdrv.sys
19:35:05.0735 3288 cvusbdrv - ok
19:35:05.0782 3288 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
19:35:05.0797 3288 DcomLaunch - ok
19:35:05.0860 3288 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:35:05.0860 3288 DfsC - ok
19:35:05.0907 3288 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
19:35:05.0922 3288 Dhcp - ok
19:35:05.0969 3288 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
19:35:05.0969 3288 disk - ok
19:35:06.0000 3288 dldt_device - ok
19:35:06.0047 3288 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:35:06.0047 3288 Dnscache - ok
19:35:06.0078 3288 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
19:35:06.0078 3288 dot3svc - ok
19:35:06.0109 3288 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
19:35:06.0125 3288 DPS - ok
19:35:06.0141 3288 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:35:06.0141 3288 drmkaud - ok
19:35:06.0219 3288 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:35:06.0234 3288 DXGKrnl - ok
19:35:06.0250 3288 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
19:35:06.0250 3288 E1G60 - ok
19:35:06.0281 3288 [ 660D34B47E65F8542DD4A573A0C11A74 ] e1yexpress C:\Windows\system32\DRIVERS\e1y6032.sys
19:35:06.0281 3288 e1yexpress - ok
19:35:06.0312 3288 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
19:35:06.0312 3288 EapHost - ok
19:35:06.0359 3288 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
19:35:06.0359 3288 Ecache - ok
19:35:06.0390 3288 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
19:35:06.0390 3288 elxstor - ok
19:35:06.0437 3288 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
19:35:06.0437 3288 EMDMgmt - ok
19:35:06.0468 3288 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:35:06.0484 3288 ErrDev - ok
19:35:06.0562 3288 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
19:35:06.0562 3288 EventSystem - ok
19:35:06.0687 3288 [ 2D41D7250F73272946DE04FF7A19761E ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
19:35:06.0687 3288 EvtEng - ok
19:35:06.0749 3288 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
19:35:06.0749 3288 exfat - ok
19:35:06.0811 3288 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:35:06.0811 3288 fastfat - ok
19:35:06.0874 3288 [ E214D616F8DFCFE21F38F9AA8B7B8077 ] FCSAM c:\Program Files\Microsoft Forefront\Client Security\Client\Antimalware\MsMpEng.exe
19:35:06.0874 3288 FCSAM - ok
19:35:06.0921 3288 [ 5E162FEB08F6635F0348D250B98AC758 ] FcsSas C:\Program Files\Microsoft Forefront\Client Security\Client\SSA\FcsSas.exe
19:35:06.0921 3288 FcsSas - ok
19:35:06.0952 3288 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
19:35:06.0952 3288 fdc - ok
19:35:06.0999 3288 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
19:35:06.0999 3288 fdPHost - ok
19:35:07.0014 3288 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
19:35:07.0014 3288 FDResPub - ok
19:35:07.0045 3288 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:35:07.0045 3288 FileInfo - ok
19:35:07.0077 3288 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:35:07.0077 3288 Filetrace - ok
19:35:07.0092 3288 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
19:35:07.0108 3288 flpydisk - ok
19:35:07.0155 3288 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:35:07.0155 3288 FltMgr - ok
19:35:07.0248 3288 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
19:35:07.0264 3288 FontCache - ok
19:35:07.0311 3288 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:35:07.0326 3288 FontCache3.0.0.0 - ok
19:35:07.0357 3288 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:35:07.0357 3288 Fs_Rec - ok
19:35:07.0404 3288 [ FECF4C2E42440A8D132BF94EEE3C3FC9 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:35:07.0404 3288 fvevol - ok
19:35:07.0435 3288 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
19:35:07.0435 3288 gagp30kx - ok
19:35:07.0451 3288 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\Windows\system32\Drivers\GEARAspiWDM.sys
19:35:07.0451 3288 GEARAspiWDM - ok
19:35:07.0467 3288 [ 7BEC703F31E1D441DB16886C9AA4CBA9 ] getPlus® Helper C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
19:35:07.0779 3288 getPlus® Helper - ok
19:35:07.0841 3288 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
19:35:07.0841 3288 gpsvc - ok
19:35:07.0919 3288 [ 3F90E001369A07243763BD5A523D8722 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:35:07.0919 3288 HdAudAddService - ok
19:35:07.0966 3288 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
19:35:07.0981 3288 HDAudBus - ok
19:35:08.0013 3288 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
19:35:08.0013 3288 HidBth - ok
19:35:08.0028 3288 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
19:35:08.0028 3288 HidIr - ok
19:35:08.0059 3288 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
19:35:08.0059 3288 hidserv - ok
19:35:08.0106 3288 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:35:08.0106 3288 HidUsb - ok
19:35:08.0137 3288 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:35:08.0153 3288 hkmsvc - ok
19:35:08.0184 3288 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
19:35:08.0184 3288 HpCISSs - ok
19:35:08.0215 3288 [ 46D67209550973257601A533E2AC5785 ] HSFHWAZL C:\Windows\system32\DRIVERS\VSTAZL3.SYS
19:35:08.0231 3288 HSFHWAZL - ok
19:35:08.0262 3288 [ EC36F1D542ED4252390D446BF6D4DFD0 ] HSF_DPV C:\Windows\system32\DRIVERS\VSTDPV3.SYS
19:35:08.0262 3288 HSF_DPV - ok
19:35:08.0309 3288 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:35:08.0325 3288 HTTP - ok
19:35:08.0356 3288 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
19:35:08.0356 3288 i2omp - ok
19:35:08.0371 3288 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
19:35:08.0371 3288 i8042prt - ok
19:35:08.0387 3288 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
19:35:08.0387 3288 iaStorV - ok
19:35:08.0449 3288 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:35:08.0543 3288 idsvc - ok
19:35:08.0559 3288 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
19:35:08.0559 3288 iirsp - ok
19:35:08.0590 3288 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
19:35:08.0590 3288 IKEEXT - ok
19:35:08.0637 3288 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
19:35:08.0637 3288 intelide - ok
19:35:08.0652 3288 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:35:08.0652 3288 intelppm - ok
19:35:08.0683 3288 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:35:08.0683 3288 IPBusEnum - ok
19:35:08.0699 3288 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:35:08.0715 3288 IpFilterDriver - ok
19:35:08.0715 3288 IpInIp - ok
19:35:08.0730 3288 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
19:35:08.0730 3288 IPMIDRV - ok
19:35:08.0746 3288 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
19:35:08.0746 3288 IPNAT - ok
19:35:08.0793 3288 [ 57EDB35EA2FECA88F8B17C0C095C9A56 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
19:35:08.0793 3288 iPod Service - ok
19:35:08.0824 3288 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:35:08.0824 3288 IRENUM - ok
19:35:08.0839 3288 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:35:08.0839 3288 isapnp - ok
19:35:08.0886 3288 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
19:35:08.0886 3288 iScsiPrt - ok
19:35:08.0902 3288 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
19:35:08.0902 3288 iteatapi - ok
19:35:08.0917 3288 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
19:35:08.0933 3288 iteraid - ok
19:35:08.0949 3288 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
19:35:08.0949 3288 kbdclass - ok
19:35:08.0964 3288 [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
19:35:08.0964 3288 kbdhid - ok
19:35:09.0011 3288 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
19:35:09.0011 3288 KeyIso - ok
19:35:09.0058 3288 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:35:09.0058 3288 KSecDD - ok
19:35:09.0105 3288 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
19:35:09.0105 3288 KtmRm - ok
19:35:09.0136 3288 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
19:35:09.0151 3288 LanmanServer - ok
19:35:09.0214 3288 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:35:09.0214 3288 LanmanWorkstation - ok
19:35:09.0245 3288 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:35:09.0261 3288 lltdio - ok
19:35:09.0292 3288 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:35:09.0323 3288 lltdsvc - ok
19:35:09.0339 3288 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
19:35:09.0339 3288 lmhosts - ok
19:35:09.0354 3288 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
19:35:09.0370 3288 LSI_FC - ok
19:35:09.0370 3288 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
19:35:09.0385 3288 LSI_SAS - ok
19:35:09.0463 3288 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
19:35:09.0479 3288 LSI_SCSI - ok
19:35:09.0479 3288 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
19:35:09.0479 3288 luafv - ok
19:35:09.0541 3288 [ 65E794E86468B61F2BC79ABC48BC4433 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
19:35:09.0541 3288 MBAMProtector - ok
19:35:09.0588 3288 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
19:35:09.0588 3288 MBAMService - ok
19:35:09.0635 3288 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
19:35:09.0635 3288 megasas - ok
19:35:09.0666 3288 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
19:35:09.0666 3288 MegaSR - ok
19:35:09.0729 3288 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
19:35:09.0744 3288 Microsoft Office Groove Audit Service - ok
19:35:09.0775 3288 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
19:35:09.0791 3288 MMCSS - ok
19:35:09.0807 3288 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
19:35:09.0807 3288 Modem - ok
19:35:09.0853 3288 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:35:09.0853 3288 monitor - ok
19:35:09.0853 3288 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:35:09.0853 3288 mouclass - ok
19:35:09.0869 3288 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:35:09.0869 3288 mouhid - ok
19:35:09.0885 3288 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
19:35:09.0885 3288 MountMgr - ok
19:35:09.0916 3288 [ 73AF44D008FBE46BD0413C1E6A124172 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
19:35:09.0916 3288 MozillaMaintenance - ok
19:35:09.0963 3288 [ EFA85535EFF4ED7F02AC6889267D9628 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
19:35:09.0963 3288 MpFilter - ok
19:35:10.0009 3288 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
19:35:10.0009 3288 mpio - ok
19:35:10.0025 3288 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:35:10.0025 3288 mpsdrv - ok
19:35:10.0041 3288 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
19:35:10.0041 3288 Mraid35x - ok
19:35:10.0072 3288 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:35:10.0087 3288 MRxDAV - ok
19:35:10.0119 3288 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:35:10.0119 3288 mrxsmb - ok
19:35:10.0181 3288 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:35:10.0181 3288 mrxsmb10 - ok
19:35:10.0181 3288 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:35:10.0181 3288 mrxsmb20 - ok
19:35:10.0212 3288 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci C:\Windows\system32\drivers\msahci.sys
19:35:10.0212 3288 msahci - ok
19:35:10.0228 3288 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:35:10.0228 3288 msdsm - ok
19:35:10.0259 3288 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
19:35:10.0275 3288 MSDTC - ok
19:35:10.0290 3288 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:35:10.0290 3288 Msfs - ok
19:35:10.0321 3288 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:35:10.0321 3288 msisadrv - ok
19:35:10.0353 3288 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:35:10.0384 3288 MSiSCSI - ok
19:35:10.0384 3288 msiserver - ok
19:35:10.0415 3288 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:35:10.0415 3288 MSKSSRV - ok
19:35:10.0446 3288 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:35:10.0446 3288 MSPCLOCK - ok
19:35:10.0477 3288 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:35:10.0477 3288 MSPQM - ok
19:35:10.0509 3288 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:35:10.0509 3288 MsRPC - ok
19:35:10.0540 3288 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
19:35:10.0540 3288 mssmbios - ok
19:35:10.0555 3288 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:35:10.0555 3288 MSTEE - ok
19:35:10.0587 3288 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
19:35:10.0587 3288 Mup - ok
19:35:10.0633 3288 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
19:35:10.0633 3288 napagent - ok
19:35:10.0680 3288 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:35:10.0680 3288 NativeWifiP - ok
19:35:10.0711 3288 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
19:35:10.0727 3288 NDIS - ok
19:35:10.0758 3288 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:35:10.0758 3288 NdisTapi - ok
19:35:10.0758 3288 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:35:10.0758 3288 Ndisuio - ok
19:35:10.0805 3288 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:35:10.0805 3288 NdisWan - ok
19:35:10.0821 3288 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:35:10.0821 3288 NDProxy - ok
19:35:10.0821 3288 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:35:10.0821 3288 NetBIOS - ok
19:35:10.0867 3288 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
19:35:10.0867 3288 netbt - ok
19:35:10.0883 3288 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
19:35:10.0883 3288 Netlogon - ok
19:35:10.0914 3288 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
19:35:10.0930 3288 Netman - ok
19:35:10.0945 3288 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
19:35:10.0945 3288 netprofm - ok
19:35:10.0992 3288 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:35:11.0008 3288 NetTcpPortSharing - ok
19:35:11.0101 3288 [ 35D5458D9A1B26B2005ABFFBF4C1C5E7 ] NETw3v32 C:\Windows\system32\DRIVERS\NETw3v32.sys
19:35:11.0133 3288 NETw3v32 - ok
19:35:11.0195 3288 [ 6522DD40A5F67CED020BD81B856613FB ] NETw4v32 C:\Windows\system32\DRIVERS\NETw4v32.sys
19:35:11.0211 3288 NETw4v32 - ok
19:35:11.0320 3288 [ 9CA26DCCF0B84A6FF2B54FBB2A94520B ] NETw5v32 C:\Windows\system32\DRIVERS\NETw5v32.sys
19:35:11.0382 3288 NETw5v32 - ok
19:35:11.0382 3288 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
19:35:11.0398 3288 nfrd960 - ok
19:35:11.0413 3288 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
19:35:11.0429 3288 NlaSvc - ok
19:35:11.0460 3288 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:35:11.0460 3288 Npfs - ok
19:35:11.0460 3288 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
19:35:11.0476 3288 nsi - ok
19:35:11.0491 3288 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:35:11.0491 3288 nsiproxy - ok
19:35:11.0569 3288 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:35:11.0585 3288 Ntfs - ok
19:35:11.0616 3288 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
19:35:11.0616 3288 ntrigdigi - ok
19:35:11.0647 3288 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
19:35:11.0647 3288 Null - ok
19:35:11.0928 3288 [ 376D6EC7AECAF8AE43F98D5256BAB7E1 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:35:12.0162 3288 nvlddmkm - ok
19:35:12.0178 3288 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:35:12.0178 3288 nvraid - ok
19:35:12.0209 3288 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:35:12.0209 3288 nvstor - ok
19:35:12.0271 3288 [ F14A47C22CB5A012E8A83610E597A055 ] nvsvc C:\Windows\system32\nvvsvc.exe
19:35:12.0271 3288 nvsvc - ok
19:35:12.0459 3288 [ 212E65925E1C19B0588D20CC240E0F37 ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
19:35:12.0490 3288 nvUpdatusService - ok
19:35:12.0505 3288 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:35:12.0505 3288 nv_agp - ok
19:35:12.0521 3288 NwlnkFlt - ok
19:35:12.0521 3288 NwlnkFwd - ok
19:35:12.0568 3288 [ 2CF21D5F8F1B74BB1922135AC2B12DDB ] OA001Ufd C:\Windows\system32\DRIVERS\OA001Ufd.sys
19:35:12.0568 3288 OA001Ufd - ok
19:35:12.0599 3288 [ 4075063D25AF9DA64101769854B83787 ] OA001Vid C:\Windows\system32\DRIVERS\OA001Vid.sys
19:35:12.0599 3288 OA001Vid - ok
19:35:12.0739 3288 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:35:12.0802 3288 odserv - ok
19:35:12.0849 3288 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
19:35:12.0849 3288 ohci1394 - ok
19:35:12.0927 3288 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:35:12.0973 3288 ose - ok
19:35:13.0036 3288 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
19:35:13.0051 3288 p2pimsvc - ok
19:35:13.0051 3288 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
19:35:13.0067 3288 p2psvc - ok
19:35:13.0098 3288 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
19:35:13.0098 3288 Parport - ok
19:35:13.0145 3288 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:35:13.0145 3288 partmgr - ok
19:35:13.0176 3288 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
19:35:13.0176 3288 Parvdm - ok
19:35:13.0207 3288 [ 4088C1ECD1F54281A92FA663B0FDC36F ] PBADRV C:\Windows\system32\DRIVERS\PBADRV.sys
19:35:13.0207 3288 PBADRV - ok
19:35:13.0239 3288 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
19:35:13.0239 3288 PcaSvc - ok
19:35:13.0285 3288 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
19:35:13.0285 3288 pci - ok
19:35:13.0317 3288 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\drivers\pciide.sys
19:35:13.0317 3288 pciide - ok
19:35:13.0332 3288 [ B7C5A8769541900F6DFA6FE0C5E4D513 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
19:35:13.0332 3288 pcmcia - ok
19:35:13.0363 3288 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:35:13.0379 3288 PEAUTH - ok
19:35:13.0441 3288 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
19:35:13.0473 3288 pla - ok
19:35:13.0519 3288 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:35:13.0519 3288 PlugPlay - ok
19:35:13.0566 3288 [ 3A2BDD76E7D2A5F40A7174793D1BA794 ] PnkBstrA C:\Windows\system32\PnkBstrA.exe
19:35:13.0566 3288 PnkBstrA - ok
19:35:13.0613 3288 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
19:35:13.0629 3288 PNRPAutoReg - ok
19:35:13.0629 3288 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
19:35:13.0644 3288 PNRPsvc - ok
19:35:13.0753 3288 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:35:13.0753 3288 PolicyAgent - ok
19:35:13.0800 3288 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:35:13.0800 3288 PptpMiniport - ok
19:35:13.0816 3288 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
19:35:13.0816 3288 Processor - ok
19:35:13.0894 3288 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
19:35:13.0894 3288 ProfSvc - ok
19:35:13.0925 3288 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
19:35:13.0925 3288 ProtectedStorage - ok
19:35:13.0956 3288 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
19:35:13.0972 3288 PSched - ok
19:35:14.0019 3288 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
19:35:14.0034 3288 ql2300 - ok
19:35:14.0050 3288 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
19:35:14.0050 3288 ql40xx - ok
19:35:14.0081 3288 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
19:35:14.0081 3288 QWAVE - ok
19:35:14.0097 3288 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:35:14.0097 3288 QWAVEdrv - ok
19:35:14.0128 3288 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:35:14.0128 3288 RasAcd - ok
19:35:14.0143 3288 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
19:35:14.0143 3288 RasAuto - ok
19:35:14.0159 3288 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:35:14.0159 3288 Rasl2tp - ok
19:35:14.0190 3288 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
19:35:14.0206 3288 RasMan - ok
19:35:14.0237 3288 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:35:14.0237 3288 RasPppoe - ok
19:35:14.0237 3288 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:35:14.0237 3288 RasSstp - ok
19:35:14.0284 3288 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:35:14.0284 3288 rdbss - ok
19:35:14.0315 3288 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:35:14.0315 3288 RDPCDD - ok
19:35:14.0362 3288 [ 943B18305EAE3935598A9B4A3D560B4C ] rdpdr C:\Windows\system32\DRIVERS\rdpdr.sys
19:35:14.0362 3288 rdpdr - ok
19:35:14.0377 3288 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:35:14.0377 3288 RDPENCDD - ok
19:35:14.0424 3288 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:35:14.0424 3288 RDPWD - ok
19:35:14.0487 3288 [ ED8C9F16E10C1E4C4C5D16CD04966E24 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
19:35:14.0487 3288 RegSrvc - ok
19:35:14.0533 3288 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
19:35:14.0533 3288 RemoteAccess - ok
19:35:14.0565 3288 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:35:14.0565 3288 RemoteRegistry - ok
19:35:14.0611 3288 [ 355AAC141B214BEF1DBC1483AFD9BD50 ] rimmptsk C:\Windows\system32\DRIVERS\rimmptsk.sys
19:35:14.0611 3288 rimmptsk - ok
19:35:14.0627 3288 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
19:35:14.0643 3288 RpcLocator - ok
19:35:14.0705 3288 [ 6684437F3628EF237C354F77D33426D1 ] rpcnet C:\Windows\system32\rpcnet.exe
19:35:14.0705 3288 rpcnet - ok
19:35:14.0752 3288 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
19:35:14.0752 3288 RpcSs - ok
19:35:14.0799 3288 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:35:14.0814 3288 rspndr - ok
19:35:14.0877 3288 [ 293A2A421FD8D064803D22A252B2DE97 ] RTCore32 C:\Program Files\EVGA Precision X\RTCore32.sys
19:35:14.0877 3288 RTCore32 - ok
19:35:14.0892 3288 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
19:35:14.0908 3288 SamSs - ok
19:35:15.0251 3288 [ BCE943896289A91AD75CC5652620B1C6 ] SBAMSvc C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
19:35:15.0282 3288 SBAMSvc - ok
19:35:15.0329 3288 [ 3FFF8CDA4D2F29CA06F1557E85163C30 ] sbapifs C:\Windows\system32\DRIVERS\sbapifs.sys
19:35:15.0329 3288 sbapifs - ok
19:35:15.0360 3288 [ 1AFD7178AB9C4FCE2D332DA7AA474FA6 ] sbhips C:\Windows\system32\drivers\sbhips.sys
19:35:15.0360 3288 sbhips - ok
19:35:15.0376 3288 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:35:15.0376 3288 sbp2port - ok
19:35:15.0407 3288 [ 1FD538C4FEB36B793D2121F20BBDC16F ] SBRE C:\Windows\system32\drivers\SBREdrv.sys
19:35:15.0407 3288 SBRE - ok
19:35:15.0454 3288 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:35:15.0454 3288 SCardSvr - ok
19:35:15.0516 3288 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
19:35:15.0516 3288 Schedule - ok
19:35:15.0547 3288 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
19:35:15.0547 3288 SCPolicySvc - ok
19:35:15.0610 3288 [ 8F36B54688C31EED4580129040C6A3D3 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
19:35:15.0625 3288 sdbus - ok
19:35:15.0672 3288 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:35:15.0672 3288 SDRSVC - ok
19:35:15.0797 3288 [ D98E936BDD4A6CFE39535F3696D0EC6F ] SDScannerService C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
19:35:15.0797 3288 SDScannerService - ok
19:35:15.0844 3288 [ 2D5088524613D1ED55D20195AF42DDC7 ] SDUpdateService C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
19:35:15.0844 3288 SDUpdateService - ok
19:35:15.0875 3288 [ 59DCE6783F9ED27EB72C81466E363BF8 ] SDWSCService C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
19:35:15.0891 3288 SDWSCService - ok
19:35:15.0906 3288 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:35:15.0906 3288 secdrv - ok
19:35:15.0953 3288 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
19:35:15.0953 3288 seclogon - ok
19:35:15.0969 3288 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
19:35:15.0969 3288 SENS - ok
19:35:15.0984 3288 [ CE9EC966638EF0B10B864DDEDF62A099 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
19:35:15.0984 3288 Serenum - ok
19:35:16.0000 3288 [ 6D663022DB3E7058907784AE14B69898 ] Serial C:\Windows\system32\DRIVERS\serial.sys
19:35:16.0015 3288 Serial - ok
19:35:16.0047 3288 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
19:35:16.0047 3288 sermouse - ok
19:35:16.0078 3288 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
19:35:16.0078 3288 SessionEnv - ok
19:35:16.0093 3288 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
19:35:16.0093 3288 sffdisk - ok
19:35:16.0109 3288 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:35:16.0109 3288 sffp_mmc - ok
19:35:16.0109 3288 [ 9F66A46C55D6F1CCABC79BB7AFCCC545 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
19:35:16.0109 3288 sffp_sd - ok
19:35:16.0125 3288 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
19:35:16.0125 3288 sfloppy - ok
19:35:16.0171 3288 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:35:16.0187 3288 ShellHWDetection - ok
19:35:16.0218 3288 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
19:35:16.0218 3288 sisagp - ok
19:35:16.0218 3288 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
19:35:16.0218 3288 SiSRaid2 - ok
19:35:16.0234 3288 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
19:35:16.0234 3288 SiSRaid4 - ok
19:35:16.0343 3288 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
19:35:16.0374 3288 slsvc - ok
19:35:16.0405 3288 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
19:35:16.0405 3288 SLUINotify - ok
19:35:16.0452 3288 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:35:16.0452 3288 Smb - ok
19:35:16.0499 3288 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:35:16.0499 3288 SNMPTRAP - ok
19:35:16.0530 3288 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
19:35:16.0530 3288 spldr - ok
19:35:16.0577 3288 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
19:35:16.0577 3288 Spooler - ok
19:35:16.0624 3288 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
19:35:16.0639 3288 srv - ok
19:35:16.0686 3288 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:35:16.0686 3288 srv2 - ok
19:35:16.0702 3288 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:35:16.0702 3288 srvnet - ok
19:35:16.0733 3288 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:35:16.0749 3288 SSDPSRV - ok
19:35:16.0749 3288 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:35:16.0764 3288 SstpSvc - ok
19:35:16.0780 3288 Steam Client Service - ok
19:35:16.0873 3288 [ AE937A7138EB60AA8D8C7ED305AD28B9 ] Stereo Service C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
19:35:16.0873 3288 Stereo Service - ok
19:35:16.0998 3288 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
19:35:17.0014 3288 stisvc - ok
19:35:17.0045 3288 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
19:35:17.0061 3288 swenum - ok
19:35:17.0107 3288 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
19:35:17.0107 3288 swprv - ok
19:35:17.0139 3288 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
19:35:17.0139 3288 Symc8xx - ok
19:35:17.0154 3288 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
19:35:17.0154 3288 Sym_hi - ok
19:35:17.0185 3288 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
19:35:17.0185 3288 Sym_u3 - ok
19:35:17.0232 3288 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
19:35:17.0248 3288 SysMain - ok
19:35:17.0279 3288 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:35:17.0279 3288 TabletInputService - ok
19:35:17.0326 3288 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
19:35:17.0326 3288 TapiSrv - ok
19:35:17.0388 3288 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
19:35:17.0388 3288 TBS - ok
19:35:17.0529 3288 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:35:17.0529 3288 Tcpip - ok
19:35:17.0544 3288 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
19:35:17.0560 3288 Tcpip6 - ok
19:35:17.0607 3288 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:35:17.0607 3288 tcpipreg - ok
19:35:17.0622 3288 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:35:17.0622 3288 TDPIPE - ok
19:35:17.0638 3288 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:35:17.0638 3288 TDTCP - ok
19:35:17.0685 3288 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:35:17.0685 3288 tdx - ok
19:35:17.0841 3288 [ A4D2CE94B028EF1E437CF4AC3D8FF26C ] TeamViewer7 C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
19:35:17.0856 3288 TeamViewer7 - ok
19:35:17.0887 3288 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
19:35:17.0887 3288 TermDD - ok
19:35:17.0934 3288 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
19:35:17.0934 3288 TermService - ok
19:35:18.0028 3288 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
19:35:18.0028 3288 Themes - ok
19:35:18.0043 3288 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
19:35:18.0043 3288 THREADORDER - ok
19:35:18.0075 3288 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
19:35:18.0075 3288 TrkWks - ok
19:35:18.0137 3288 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:35:18.0137 3288 TrustedInstaller - ok
19:35:18.0168 3288 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:35:18.0168 3288 tssecsrv - ok
19:35:18.0184 3288 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
19:35:18.0184 3288 tunmp - ok
19:35:18.0215 3288 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:35:18.0215 3288 tunnel - ok
19:35:18.0246 3288 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
19:35:18.0246 3288 uagp35 - ok
19:35:18.0293 3288 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:35:18.0293 3288 udfs - ok
19:35:18.0324 3288 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:35:18.0324 3288 UI0Detect - ok
19:35:18.0355 3288 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:35:18.0355 3288 uliagpkx - ok
19:35:18.0371 3288 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
19:35:18.0387 3288 uliahci - ok
19:35:18.0402 3288 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
19:35:18.0402 3288 UlSata - ok
19:35:18.0418 3288 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
19:35:18.0418 3288 ulsata2 - ok
19:35:18.0433 3288 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
19:35:18.0433 3288 umbus - ok
19:35:18.0480 3288 [ 8A66360F38F81E960E2367B428CBD5D9 ] UmRdpService C:\Windows\System32\umrdp.dll
19:35:18.0496 3288 UmRdpService - ok
19:35:18.0511 3288 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
19:35:18.0527 3288 upnphost - ok
19:35:18.0558 3288 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:35:18.0558 3288 usbccgp - ok
19:35:18.0605 3288 [ 32C068EAF37C92D7194EEE1FAA1E7853 ] USBCCID C:\Windows\system32\DRIVERS\usbccid.sys
19:35:18.0605 3288 USBCCID - ok
19:35:18.0621 3288 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:35:18.0621 3288 usbcir - ok
19:35:18.0652 3288 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
19:35:18.0652 3288 usbehci - ok
19:35:18.0667 3288 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:35:18.0667 3288 usbhub - ok
19:35:18.0699 3288 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
19:35:18.0699 3288 usbohci - ok
19:35:18.0730 3288 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:35:18.0730 3288 usbprint - ok
19:35:18.0777 3288 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
19:35:18.0777 3288 usbscan - ok
19:35:18.0808 3288 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:35:18.0823 3288 USBSTOR - ok
19:35:18.0823 3288 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
19:35:18.0823 3288 usbuhci - ok
19:35:18.0855 3288 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
19:35:18.0855 3288 usbvideo - ok
19:35:18.0886 3288 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
19:35:18.0901 3288 UxSms - ok
19:35:18.0964 3288 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
19:35:18.0964 3288 vds - ok
19:35:18.0995 3288 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:35:18.0995 3288 vga - ok
19:35:19.0011 3288 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
19:35:19.0011 3288 VgaSave - ok
19:35:19.0042 3288 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
19:35:19.0042 3288 viaagp - ok
19:35:19.0057 3288 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
19:35:19.0057 3288 ViaC7 - ok
19:35:19.0073 3288 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
19:35:19.0073 3288 viaide - ok
19:35:19.0089 3288 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:35:19.0089 3288 volmgr - ok
19:35:19.0120 3288 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:35:19.0135 3288 volmgrx - ok
19:35:19.0151 3288 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:35:19.0167 3288 volsnap - ok
19:35:19.0198 3288 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
19:35:19.0198 3288 vsmraid - ok
19:35:19.0245 3288 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
19:35:19.0260 3288 VSS - ok
19:35:19.0291 3288 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
19:35:19.0291 3288 W32Time - ok
19:35:19.0323 3288 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
19:35:19.0323 3288 WacomPen - ok
19:35:19.0338 3288 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
19:35:19.0338 3288 Wanarp - ok
19:35:19.0338 3288 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:35:19.0338 3288 Wanarpv6 - ok
19:35:19.0369 3288 [ 20B23332885DFB93FE0185362EE811E9 ] wbengine C:\Windows\system32\wbengine.exe
19:35:19.0369 3288 wbengine - ok
19:35:19.0385 3288 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:35:19.0401 3288 wcncsvc - ok
19:35:19.0416 3288 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:35:19.0416 3288 WcsPlugInService - ok
19:35:19.0447 3288 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
19:35:19.0447 3288 Wd - ok
19:35:19.0463 3288 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:35:19.0479 3288 Wdf01000 - ok
19:35:19.0494 3288 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:35:19.0494 3288 WdiServiceHost - ok
19:35:19.0494 3288 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:35:19.0510 3288 WdiSystemHost - ok
19:35:19.0525 3288 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
19:35:19.0525 3288 WebClient - ok
19:35:19.0572 3288 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:35:19.0572 3288 Wecsvc - ok
19:35:19.0603 3288 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:35:19.0603 3288 wercplsupport - ok
19:35:19.0650 3288 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
19:35:19.0650 3288 WerSvc - ok
19:35:19.0713 3288 [ 5C7BDCF5864DB00323FE2D90FA26A8A2 ] winachsf C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
19:35:19.0728 3288 winachsf - ok
19:35:19.0728 3288 WinHttpAutoProxySvc - ok
19:35:19.0806 3288 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:35:19.0806 3288 Winmgmt - ok
19:35:19.0869 3288 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
19:35:19.0884 3288 WinRM - ok
19:35:19.0947 3288 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
19:35:19.0947 3288 Wlansvc - ok
19:35:19.0962 3288 wltrysvc - ok
19:35:19.0978 3288 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
19:35:19.0978 3288 WmiAcpi - ok
19:35:20.0025 3288 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:35:20.0040 3288 wmiApSrv - ok
19:35:20.0103 3288 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
19:35:20.0103 3288 WMPNetworkSvc - ok
19:35:20.0149 3288 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:35:20.0149 3288 WPDBusEnum - ok
19:35:20.0290 3288 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
19:35:20.0290 3288 WPFFontCache_v0400 - ok
19:35:20.0321 3288 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:35:20.0321 3288 ws2ifsl - ok
19:35:20.0337 3288 WSearch - ok
19:35:20.0399 3288 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
19:35:20.0430 3288 wuauserv - ok
19:35:20.0446 3288 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:35:20.0446 3288 WUDFRd - ok
19:35:20.0477 3288 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:35:20.0493 3288 wudfsvc - ok
19:35:20.0508 3288 ================ Scan global ===============================
19:35:20.0524 3288 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
19:35:20.0586 3288 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
19:35:20.0602 3288 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
19:35:20.0649 3288 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
19:35:20.0664 3288 [Global] - ok
19:35:20.0664 3288 ================ Scan MBR ==================================
19:35:20.0680 3288 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
19:35:21.0257 3288 \Device\Harddisk0\DR0 - ok
19:35:21.0257 3288 ================ Scan VBR ==================================
19:35:21.0273 3288 [ 57596A5D66749E4DBD6B95AEAB54C8EF ] \Device\Harddisk0\DR0\Partition1
19:35:21.0273 3288 \Device\Harddisk0\DR0\Partition1 - ok
19:35:21.0273 3288 ============================================================
19:35:21.0273 3288 Scan finished
19:35:21.0273 3288 ============================================================
19:35:21.0288 4900 Detected object count: 0
19:35:21.0288 4900 Actual detected object count: 0

#4 patndoris

SuperMember

Malware Team
2,593 posts

Posted 11 September 2012 - 06:23 PM

P2P - I see you have P2P software ( µTorrent ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It likely contributed to your current situation. This page will give you further information.
Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.
Please see this topic for more information:
Perils of P2P File Sharing.
I would strongly recommend that you uninstall these now. You can do so via Control Panel >> Programs and Features.

If you choose to leave them on the machine, please refrain from using them while we are cleaning the machine to prevent further infection.

It would appear that you have more than one anti-virus solution on your machine. I can see both Avast and Microsoft Forefront Client Security installed.
Having more than one anti-virus program on your machine, even if only one is running, can cause conflicts and slowdowns in the performance of the machine.
Before continuing on, please completely uninstall one of the programs. If you are not directed to do so, please reboot after removing one.

If this is a business computer (as I see you are running Vista Enterprise) and Microsoft Forefront Client Security is your corporate security program, it is possible that you are unable to make any changes to the Windows Firewall or the Security Center due to corporate policies that are in place on your system by your system administrator. Can you please let me know if this is a business computer?

We need to get additional information about a file.

Please go to the following site:
http://www.virustotal.com/
Click on Choose File, and then upload the following file for analysis:

c:\windows\is-4H4V1.exe

Then click Send File and allow the file to be scanned.

Please ensure the scan is complete and the results saved before submitting the next.
If a pop-up appears saying the file has been scanned already, please select the ReScan button.

Please copy and paste the link to each of the results here for me.

#5 CaptFivehead

New Member

Authentic Member
9 posts

Posted 11 September 2012 - 10:08 PM

I understand the risk of P2P programs, and I did actually uninstall µTorrent from my computer after reading the post. I honestly never use the program, so yeah...it's gone. Also, the computer I'm using is not a business computer, but a computer for school. The manufacturer made the computers specifically for complete compatibility with my school's network, curriculum, etc. So any aspects of the computer that appear business-related likely come from there.

I went to http://www.virustotal.com and scanned the .exe file you asked, but realized I did so before I restarted the computer after removing Microsoft Forefront Client Security. So I saved the results, then rebooted. When I went back to the site to re-scan the .exe, I got an error message saying that the file couldn't be found. I kept trying for a couple minutes, but to no avail. I'm not sure why that might be, but I figured I'd still paste the results of the pre-reboot scan since that's the only one there is. Here it is:

SHA256: f2d0822697f76bd02c532ed0776759a2c14e850cfa8293ad5a0bc9120c1bccb3
SHA1: b94822813a190be81614a5b56bf7fc5d88224930
MD5: ff75fcd579534cda3a438b9a595225e8
File size: 694.6 KB ( 711240 bytes )
File name: is-4H4V1.exe
File type: Win32 EXE
Detection ratio: 0 / 41
Analysis date: 2012-09-12 03:56:22 UTC ( 0 minutes ago )

Antivirus Result Update
AntiVir - 20120912
Antiy-AVL - 20120911
Avast - 20120911
AVG - 20120912
BitDefender - 20120912
ByteHero - 20120817
CAT-QuickHeal - 20120911
ClamAV - 20120912
Commtouch - 20120912
Comodo - 20120912
DrWeb - 20120912
Emsisoft - 20120912
eSafe - 20120911
ESET-NOD32 - 20120911
F-Prot - 20120911
F-Secure - 20120912
Fortinet - 20120830
GData - 20120912
Ikarus - 20120912
Jiangmin - 20120912
K7AntiVirus - 20120911
Kaspersky - 20120912
McAfee - 20120912
McAfee-GW-Edition - 20120911
Microsoft - 20120912
Norman - 20120911
nProtect - 20120912
Panda - 20120911
PCTools - 20120912
Rising - 20120912
Sophos - 20120912
SUPERAntiSpyware - 20120911
Symantec - 20120912
TheHacker - 20120911
TotalDefense - 20120911
TrendMicro - 20120912
TrendMicro-HouseCall - 20120912
VBA32 - 20120911
VIPRE - 20120912
ViRobot - 20120912
VirusBuster - 20120911

#6 patndoris

SuperMember

Malware Team
2,593 posts

Posted 12 September 2012 - 05:31 AM

It's ok the file is gone - it may have been part of something that was being installed. I'm not seeing any malware on the machine, but we can run an online scan just to look in a few more spots.

Were you ever able to access this and something changed or was this something you just happened to notice when you got the computer?

This scan make take awhile depending on how many items are on the computer. You may want to run it at a time you won't be needing the machine. It should be run from IE and I'd recommend not doing anything else while it's running.

Go here to run an online scannner from ESET.

Note: For browsers other than Internet Explorer, you will need to download and install esetsmartinstaller_enu.exe. Click on it and save the file to a convenient location. Double click on it to install and a new window will open.
Turn off the real time scanner of any existing antivirus program while performing the online scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
Click Scan
Wait for the scan to finish
Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
Copy and paste that log as a reply to this topic and also let me know how things are now.

#7 CaptFivehead

New Member

Authentic Member
9 posts

Posted 12 September 2012 - 06:05 PM

I have been able to access these settings in the past. I've had to allow access to ports for some of the games I play in the past for downloading game updates and so forth. I first noticed that I was unable to access them a bit more than a week ago when I tried and failed to download a patch for the game. I wasn't sure why it wasn't downloading, so I tried to check the ports that were allowed and found that access wasn't possible. Anyway, here is the log from the ESET scan: ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=95a24222730fd947bedfb9f2e44ab5ce # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2012-09-12 09:44:35 # local_time=2012-09-12 05:44:35 (-0500, Eastern Daylight Time) # country="United States" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=512 16777215 100 0 9839915 9839915 0 0 # compatibility_mode=5892 16776574 66 100 4099635 184090539 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=114204 # found=1 # cleaned=0 # scan_time=3224 C:\Users\Tyler\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41\79b91e29-2e7865eb multiple threats (unable to clean) 00000000000000000000000000000000 I Thank you again for all the help you've given so far!

#8 patndoris

SuperMember

Malware Team
2,593 posts

Posted 12 September 2012 - 06:37 PM

One of the reasons we do several scans is that different tools look in different places for malware. Although the other scans didn't show any malware, based on the results of the ESET scan, I'd like to go ahead with a more aggressive tool and see if we have any luck.

We can certainly use it to deal with the Java Cache items if it does not locate them on it's own.

Download and Install Combofix

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

Double click on ComboFix.exe & follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. 1. Do not mouse-click anywhere on the screen while it is running. That may cause it to stall. In fact, I suggest you do not do anything else on the computer while Combofix is running as it can cause it to stall. It may appear at times that it isn't doing anything but it is. Just let it run. It may also reboot the machine as a part of what it is doing and that is not unusual. (If your computer requires a login then you WILL need to fill in the login/password for it to continue. If your computer does not have a login then it will continue on it's own..) Then, just sit tight until it finishes. Sometimes it takes 10 minutes, sometimes it takes an hour. Just be patient until the log pops up. If it takes more than an hour and doesn't appear to be doing anything, you can stop it and come back and let me know.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Please make sure you include the combo fix log in your next reply as well as describe how your computer is running now

#9 CaptFivehead

New Member

Authentic Member
9 posts

Posted 12 September 2012 - 07:44 PM

I just wanted to check in before I ran ComboFix, because it did come up as saying that software from both Avast and Microsoft Forefront Client Security were running. I exited ComboFix after seeing this. I'm confused, because I disabled all shields in Avast, and as of last night I had uninstalled Microsoft Forefront Client Security. I figure I will wait to run ComboFix until I get the go ahead.

#10 patndoris

SuperMember

Malware Team
2,593 posts

Posted 13 September 2012 - 05:01 AM

Go ahead and run it. There may be some leftover files from the Forefront Client still on the machine and Combofix will likely remove those. If not, and I can see them in the log, we can manually remove them. If they seem to inhibit it from running (i.e. it gets stuck for any reason for a really long time) we can use a tool to look for any leftover files.

Advertisements

Register to Remove

#11 CaptFivehead

New Member

Authentic Member
9 posts

Posted 14 September 2012 - 07:20 AM

I just wanted to post very quickly that I'll be on a camping trip untuil Sunday so I won't be able to run anything on my computer. I'll be back Sunday night and will run combofix. So if it's possible, please don't assume that I've left the thread for dead. I'll beback Sunday!

#12 patndoris

SuperMember

Malware Team
2,593 posts

Posted 15 September 2012 - 09:45 AM

Not a problem! Thank you for letting me know. I'll leave this open until you get back - have a great time!

#13 CaptFivehead

New Member

Authentic Member
9 posts

Posted 16 September 2012 - 07:23 PM

Good evening! I had a great time, and thank you for the well wishes. I unfortunately made the mistake of closing the log text file from ComboFix. Right now, it seems that a decently important registry key that helps run programs has been marked for deletion. I tried opening both Firefox and the ComboFix log, but an error message came up saying the following: "Illegal operation attempted on a registry key that has been marked for deletion." This message came up with both Firefox and the log file, but I was able to open Firefox by right-clicking and running the program as an Administrator. I'll keep trying to open the file, but figured I'd at least post an update. If anything changes, I'll definitely post and let you know.

- Tyler

UPDATE

I restarted the computer to see what good it may or may not do, and it seemed to fix the problem I described above. At least that's the case so far, because Firefox and the log file both opened up without a problem as normal. Here is the log from ComboFix:

ComboFix 12-09-15.02 - Tyler 09/16/2012 20:55:11.1.2 - x86
Microsoft® Windows Vista™ Enterprise 6.0.6002.2.1252.1.1033.18.3059.1936 [GMT -4:00]
Running from: c:\users\Tyler\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Spybot - Search and Destroy *Disabled/Updated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\3002.abs
c:\programdata\3002.xml
c:\windows\BackUp
c:\windows\BackUp\Apple Software Update.lnk
c:\windows\BackUp\CompuTraceAgent101286-101544\Absolute_logo_vertical.gif
c:\windows\BackUp\CompuTraceAgent101286-101544\Application Agent Release Notes.TXT
c:\windows\BackUp\CompuTraceAgent101286-101544\CompuTrace.msi
c:\windows\BackUp\CompuTraceAgent101286-101544\ctmweb.exe
c:\windows\BackUp\CompuTraceAgent101286-101544\ctmweb.xsl
c:\windows\BackUp\CompuTraceAgent101286-101544\InstallationGuide.pdf
c:\windows\BackUp\CompuTraceAgent101286-101544\logo_computrace.gif
c:\windows\BackUp\CompuTraceAgent101286-101544\ntagent.exe
c:\windows\BackUp\CompuTraceAgent101286-101544\README.TXT
c:\windows\BackUp\CompuTraceAgent101286-101544\spacer.gif
c:\windows\BackUp\CompuTraceAgent101286-101544\warning.gif
c:\windows\BackUp\Default Programs.lnk
c:\windows\BackUp\desktop.ini
c:\windows\BackUp\Extras and Upgrades\Desktop.ini
c:\windows\BackUp\Extras and Upgrades\Windows Marketplace.lnk
c:\windows\BackUp\Extras and Upgrades\Windows Web.lnk
c:\windows\BackUp\Favorites\desktop.ini
c:\windows\BackUp\Favorites\Links\Customize Links.url
c:\windows\BackUp\Favorites\Links\desktop.ini
c:\windows\BackUp\Favorites\Microsoft Websites\IE Add-on site.url
c:\windows\BackUp\Favorites\Microsoft Websites\IE site on Microsoft.com.url
c:\windows\BackUp\Favorites\Microsoft Websites\Marketplace.url
c:\windows\BackUp\Favorites\Microsoft Websites\Microsoft At Home.url
c:\windows\BackUp\Favorites\Microsoft Websites\Microsoft At Work.url
c:\windows\BackUp\Favorites\Microsoft Websites\Welcome to IE7.url
c:\windows\BackUp\Favorites\MSN Websites\MSN Autos.url
c:\windows\BackUp\Favorites\MSN Websites\MSN Entertainment.url
c:\windows\BackUp\Favorites\MSN Websites\MSN Money.url
c:\windows\BackUp\Favorites\MSN Websites\MSN Sports.url
c:\windows\BackUp\Favorites\MSN Websites\MSN.url
c:\windows\BackUp\Favorites\MSN Websites\MSNBC News.url
c:\windows\BackUp\Favorites\Windows Live\Get Windows Live.url
c:\windows\BackUp\Favorites\Windows Live\Windows Live Gallery.url
c:\windows\BackUp\Favorites\Windows Live\Windows Live Mail.url
c:\windows\BackUp\Favorites\Windows Live\Windows Live Spaces.url
c:\windows\BackUp\hklm-run-20080411.reg
c:\windows\BackUp\hklm-run-20080422.reg
c:\windows\BackUp\Windows Calendar.lnk
c:\windows\BackUp\Windows Contacts.lnk
c:\windows\BackUp\Windows Live.lnk
c:\windows\BackUp\Windows Mail.lnk
.
.
((((((((((((((((((((((((( Files Created from 2012-08-17 to 2012-09-17 )))))))))))))))))))))))))))))))
.
.
2012-09-17 01:02 . 2012-09-17 01:04 -------- d-----w- c:\users\Tyler\AppData\Local\temp
2012-09-12 20:47 . 2012-09-12 20:47 -------- d-----w- c:\program files\ESET
2012-09-07 21:42 . 2012-09-07 21:43 -------- d-----w- c:\programdata\Battle.net
2012-09-06 14:27 . 2012-09-06 14:27 -------- d-----w- c:\users\Tyler\AppData\Roaming\Malwarebytes
2012-09-06 14:27 . 2012-09-06 14:27 -------- d-----w- c:\programdata\Malwarebytes
2012-09-06 14:27 . 2012-09-12 03:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-06 14:27 . 2012-09-07 21:04 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-05 23:17 . 2012-09-05 23:17 -------- d-----w- c:\users\Tyler\AppData\Local\adaware
2012-09-05 23:17 . 2012-09-13 12:37 -------- d-----w- c:\programdata\Ad-Aware Browsing Protection
2012-09-05 23:16 . 2012-09-05 23:16 -------- d-----w- c:\users\Tyler\AppData\Local\Downloaded Installations
2012-09-05 22:40 . 2012-09-05 23:01 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-09-05 22:40 . 2009-01-25 17:14 15224 ----a-w- c:\windows\system32\sdnclean.exe
2012-09-05 22:40 . 2012-09-05 22:41 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2012-09-02 02:02 . 2012-09-02 02:02 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-08-28 18:21 . 2012-08-28 18:21 -------- d-----w- c:\programdata\McAfee
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-17 01:03 . 2008-05-07 13:43 17920 ----a-w- c:\windows\system32\rpcnetp.exe
2012-09-17 01:03 . 2008-04-24 17:22 58288 ----a-w- c:\windows\system32\rpcnet.dll
2012-09-02 02:04 . 2011-12-13 21:02 73416 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-02 02:04 . 2011-12-13 21:02 696520 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-02 02:02 . 2011-12-13 21:09 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-02 02:02 . 2011-12-13 21:09 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-21 09:13 . 2011-12-13 21:18 729752 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:13 . 2011-12-13 21:18 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-08-21 09:13 . 2011-12-13 21:18 355632 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-08-21 09:13 . 2011-12-13 21:18 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-08-21 09:13 . 2011-12-13 21:18 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-08-21 09:13 . 2011-12-13 21:18 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-08-21 09:12 . 2011-12-13 21:17 41224 ----a-w- c:\windows\avastSS.scr
2012-08-21 09:12 . 2011-12-13 21:17 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-07-16 17:53 . 2008-05-07 14:49 58288 ------w- c:\windows\system32\rpcnet.exe
2012-07-16 17:50 . 2008-05-07 13:45 17920 ----a-w- c:\windows\system32\rpcnetp.dll
2012-07-04 14:02 . 2012-08-15 00:50 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-06-29 00:16 . 2012-08-15 00:51 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-06-29 00:09 . 2012-08-15 00:51 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-29 00:08 . 2012-08-15 00:50 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-29 00:04 . 2012-08-15 00:51 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-29 00:00 . 2012-08-15 00:51 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-09-11 02:40 . 2012-09-11 02:39 260576 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:12 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spybot-S&D Cleaning"="c:\program files\Spybot - Search & Destroy 2\SDCleaner.exe" [2012-08-30 3513352]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-10-24 3563520]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-10-02 200704]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell.exe" [2008-10-17 442536]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2012-04-27 1634112]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2012-08-30 3904536]
"Ad-Aware Browsing Protection"="c:\programdata\Ad-Aware Browsing Protection\adawarebp.exe" [2011-10-21 198032]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Clean Access Agent.lnk - c:\program files\Cisco Systems\Clean Access Agent\CCAAgent.exe [2007-6-28 2056266]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rpcnet]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2011-12-13 02:04]
.
2012-09-17 c:\windows\Tasks\Check for updates (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDUpdate.exe [2012-09-05 18:11]
.
2012-09-12 c:\windows\Tasks\Refresh immunization (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDImmunize.exe [2012-09-05 18:10]
.
2012-09-05 c:\windows\Tasks\Scan the system (Spybot - Search & Destroy).job
- c:\program files\Spybot - Search & Destroy 2\SDScan.exe [2012-09-05 18:11]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bridgew.edu/
uInternet Settings,ProxyOverride = *.local
Trusted Zone: bridgew.edu
Trusted Zone: microsoft.com\update
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
FF - ProfilePath -
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
Notify-SDWinLogon - SDWinLogon.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-16 21:04
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\windows\System32\WLTRYSVC.EXE
c:\windows\system32\WLANExt.exe
c:\windows\System32\bcmwltry.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\dldtcoms.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\windows\system32\rpcnet.exe
c:\program files\Spybot - Search & Destroy 2\SDFSSvc.exe
c:\program files\TeamViewer\Version7\TeamViewer_Service.exe
c:\program files\Spybot - Search & Destroy 2\SDUpdSvc.exe
c:\program files\Spybot - Search & Destroy 2\SDWSCSvc.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2012-09-16 21:08:50 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-17 01:08
.
Pre-Run: 52,245,741,568 bytes free
Post-Run: 51,833,683,968 bytes free
.
- - End Of File - - 3EE97CB87E3C28625B3BFA44EB43B07D

Edited by CaptFivehead, 16 September 2012 - 07:33 PM.

#14 patndoris

SuperMember

Malware Team
2,593 posts

Posted 16 September 2012 - 07:58 PM

Reboot your computer to fix the programs opening problem. I'll look at the log and get back to you shortly.

#15 patndoris

SuperMember

Malware Team
2,593 posts

Posted 16 September 2012 - 08:05 PM

I know you do some gaming, and doing this step may remove some of your saved scores, etc. However, the ESET scan shows that you have multiple threats in your Java Cache. It's important that we remove those.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

ClearJavaCache::

Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe. ComboFix may request an update; please allow it.

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Please let me know how the system is running and/or if you are able to access your security settings yet. If not, please try this:

Body Background

skin color theme