Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Antivirus being disabled & uninstalled


  • This topic is locked This topic is locked
9 replies to this topic

#1 malachi0420

malachi0420

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:36 PM

Posted 23 June 2012 - 03:04 PM

I restarted my computer a few weeks back, and it refused to boot Windows. After fooling around a bit and resetting the CMOS settings I finally got it to load Windows(dual boot Vista & Win7). Computer works fine but Microsoft Security Essentials is no longer present(it was installed before this started happening)& when I do a fresh install of Microsoft Security Essentials it will work fine untill I restart my computer. Windows Defender is also disabled and refuses to re-enable. I need some help PLEASE!!!

Here is my DDS log

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Robert at 15:08:06 on 2012-06-23
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4095.2699 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
LSP: C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15118/CTPID.cab
TCP: DhcpNameServer = 64.147.208.77 64.147.208.78
TCP: Interfaces\{1056C418-B904-4F63-8494-FD6757AF1880} : DhcpNameServer = 64.147.208.77 64.147.208.78
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\ndp5qpwd.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npWebLaunch.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\thriXXX\WebLaunch\Binaries\npWebLaunch.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Robert\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Users\Robert\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [2008-10-7 32240]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-6-13 1262400]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-5-15 382272]
R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?]
R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\system32\DRIVERS\LEqdUsb.Sys --> C:\Windows\system32\DRIVERS\LEqdUsb.Sys [?]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\system32\drivers\LGBusEnum.sys --> C:\Windows\system32\drivers\LGBusEnum.sys [?]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\system32\DRIVERS\LHidEqd.Sys --> C:\Windows\system32\DRIVERS\LHidEqd.Sys [?]
S2 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-8 257224]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-7-15 79360]
S3 CT20XUT;CT20XUT;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?]
S3 CTEXFIFX;CTEXFIFX;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?]
S3 CTHWIUT;CTHWIUT;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\system32\drivers\LGVirHid.sys --> C:\Windows\system32\drivers\LGVirHid.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-17 113120]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-4-9 3063968]
S3 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-4-5 158856]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-06-23 18:18:29 -------- d--h--w- C:\ProgramData\Common Files
2012-06-23 18:17:39 -------- d-----w- C:\ProgramData\MFAData
2012-06-23 17:06:06 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{84E6BD3E-A8E2-48BD-8A24-674C53C17EA4}\mpengine.dll
2012-06-22 17:08:29 9013136 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-21 08:54:38 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-21 08:54:31 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-21 08:54:18 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-21 08:54:18 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-18 03:30:20 -------- d-----w- C:\Windows\System32\appmgmt
2012-06-15 03:19:49 53248 ----a-r- C:\Users\Robert\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-06-14 14:20:20 -------- d-----w- C:\Users\Robert\AppData\Local\Macromedia
2012-06-14 03:50:05 889664 ----a-w- C:\Windows\System32\nvvsvc.exe
2012-06-14 03:50:05 63296 ----a-w- C:\Windows\System32\nvshext.dll
2012-06-14 03:50:05 6151488 ----a-w- C:\Windows\System32\nvcpl.dll
2012-06-14 03:50:05 3149632 ----a-w- C:\Windows\System32\nvsvc64.dll
2012-06-14 03:50:05 118080 ----a-w- C:\Windows\System32\nvmctray.dll
2012-06-14 03:49:48 68928 ----a-w- C:\Windows\System32\OpenCL.dll
2012-06-14 03:49:48 61248 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2012-06-14 03:47:55 -------- d-----w- C:\NVIDIA
2012-06-13 07:32:12 927800 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-06-13 07:32:12 927800 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AD04EB00-0FEC-46E7-8D3E-537FBFC1A97B}\gapaengine.dll
2012-06-10 21:58:50 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-10 21:58:50 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
2012-05-27 07:10:49 -------- d-sh--w- C:\$RECYCLE.BIN
2012-05-27 02:48:03 98816 ----a-w- C:\Windows\sed.exe
2012-05-27 02:48:03 518144 ----a-w- C:\Windows\SWREG.exe
2012-05-27 02:48:03 256000 ----a-w- C:\Windows\PEV.exe
2012-05-27 02:48:03 208896 ----a-w- C:\Windows\MBR.exe
2012-05-26 05:06:50 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-05-25 10:47:20 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F6460568-EFE0-4412-8A90-6DDE84191755}\mpengine.dll
.
==================== Find3M ====================
.
2012-06-15 03:19:30 18960 ----a-w- C:\Windows\System32\drivers\LNonPnP.sys
2012-06-14 03:46:35 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-14 03:46:35 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-05-15 06:21:50 423744 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2012-05-04 21:02:30 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-03-31 06:05:57 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-31 04:39:37 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-31 04:39:37 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-31 03:10:03 3146240 ----a-w- C:\Windows\System32\win32k.sys
2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
============= FINISH: 15:08:34.67 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 malachi0420

malachi0420
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:36 PM

Posted 24 June 2012 - 01:45 PM

I should have mentioned that I ran this scan after using msconfig to disable any service except those by microsoft, & disabled all startup programs...

#3 nasdaq

nasdaq

  • Malware Response Team
  • 39,924 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:36 PM

Posted 28 June 2012 - 09:07 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs for my review.

#4 malachi0420

malachi0420
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:36 PM

Posted 28 June 2012 - 01:35 PM

Thought I would mention, my OS is Win7 64bit on one HDD-Win Vista 32bit on a seperate HDD. Someone has been sending email from my email account...they were logged in from a different state, but I have since changed my password. I got Microsoft Security Essentials working finally, but Windows Defender still refuses to enable!!! Here is my TDSS log...

12:29:43.0321 4980 TDSS rootkit removing tool 2.7.42.0 Jun 25 2012 21:18:44
12:29:43.0965 4980 ============================================================
12:29:43.0965 4980 Current date / time: 2012/06/28 12:29:43.0965
12:29:43.0965 4980 SystemInfo:
12:29:43.0965 4980
12:29:43.0965 4980 OS Version: 6.1.7601 ServicePack: 1.0
12:29:43.0965 4980 Product type: Workstation
12:29:43.0965 4980 ComputerName: NEBUCHADNEZZAR
12:29:43.0965 4980 UserName: Robert
12:29:43.0965 4980 Windows directory: C:\Windows
12:29:43.0965 4980 System windows directory: C:\Windows
12:29:43.0965 4980 Running under WOW64
12:29:43.0965 4980 Processor architecture: Intel x64
12:29:43.0965 4980 Number of processors: 4
12:29:43.0965 4980 Page size: 0x1000
12:29:43.0965 4980 Boot type: Normal boot
12:29:43.0965 4980 ============================================================
12:29:44.0932 4980 Drive \Device\Harddisk0\DR0 - Size: 0x22EF13E000 (139.74 Gb), SectorSize: 0x200, Cylinders: 0x4741, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:29:44.0941 4980 Drive \Device\Harddisk1\DR1 - Size: 0x22EF13E000 (139.74 Gb), SectorSize: 0x200, Cylinders: 0x4741, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:29:44.0956 4980 Drive \Device\Harddisk2\DR2 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:29:45.0113 4980 Drive \Device\Harddisk5\DR5 - Size: 0x79280000 (1.89 Gb), SectorSize: 0x200, Cylinders: 0xF7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:29:45.0122 4980 ============================================================
12:29:45.0122 4980 \Device\Harddisk0\DR0:
12:29:45.0122 4980 MBR partitions:
12:29:45.0122 4980 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x11777800
12:29:45.0122 4980 \Device\Harddisk1\DR1:
12:29:45.0122 4980 MBR partitions:
12:29:45.0122 4980 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x11777800
12:29:45.0122 4980 \Device\Harddisk2\DR2:
12:29:45.0122 4980 MBR partitions:
12:29:45.0122 4980 \Device\Harddisk2\DR2\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800
12:29:45.0122 4980 \Device\Harddisk5\DR5:
12:29:45.0124 4980 MBR partitions:
12:29:45.0124 4980 \Device\Harddisk5\DR5\Partition0: MBR, Type 0x6, StartLBA 0xF9, BlocksNum 0x3C8907
12:29:45.0124 4980 ============================================================
12:29:45.0136 4980 C: <-> \Device\Harddisk0\DR0\Partition0
12:29:45.0143 4980 D: <-> \Device\Harddisk2\DR2\Partition0
12:29:45.0144 4980 ============================================================
12:29:45.0144 4980 Initialize success
12:29:45.0144 4980 ============================================================
12:29:47.0241 3236 ============================================================
12:29:47.0241 3236 Scan started
12:29:47.0241 3236 Mode: Manual;
12:29:47.0241 3236 ============================================================
12:29:47.0770 3236 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
12:29:47.0773 3236 1394ohci - ok
12:29:47.0800 3236 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
12:29:47.0804 3236 ACPI - ok
12:29:47.0821 3236 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
12:29:47.0822 3236 AcpiPmi - ok
12:29:47.0906 3236 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
12:29:47.0908 3236 AdobeARMservice - ok
12:29:47.0984 3236 AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:29:47.0988 3236 AdobeFlashPlayerUpdateSvc - ok
12:29:48.0035 3236 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
12:29:48.0047 3236 adp94xx - ok
12:29:48.0067 3236 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
12:29:48.0072 3236 adpahci - ok
12:29:48.0086 3236 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
12:29:48.0089 3236 adpu320 - ok
12:29:48.0111 3236 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
12:29:48.0113 3236 AeLookupSvc - ok
12:29:48.0142 3236 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
12:29:48.0157 3236 AFD - ok
12:29:48.0173 3236 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
12:29:48.0173 3236 agp440 - ok
12:29:48.0189 3236 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
12:29:48.0189 3236 ALG - ok
12:29:48.0189 3236 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
12:29:48.0189 3236 aliide - ok
12:29:48.0204 3236 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
12:29:48.0204 3236 amdide - ok
12:29:48.0204 3236 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
12:29:48.0204 3236 AmdK8 - ok
12:29:48.0228 3236 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
12:29:48.0229 3236 AmdPPM - ok
12:29:48.0252 3236 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
12:29:48.0254 3236 amdsata - ok
12:29:48.0270 3236 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
12:29:48.0273 3236 amdsbs - ok
12:29:48.0282 3236 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
12:29:48.0283 3236 amdxata - ok
12:29:48.0297 3236 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
12:29:48.0298 3236 AppID - ok
12:29:48.0309 3236 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
12:29:48.0310 3236 AppIDSvc - ok
12:29:48.0331 3236 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
12:29:48.0333 3236 Appinfo - ok
12:29:48.0351 3236 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
12:29:48.0354 3236 AppMgmt - ok
12:29:48.0367 3236 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
12:29:48.0369 3236 arc - ok
12:29:48.0379 3236 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
12:29:48.0381 3236 arcsas - ok
12:29:48.0392 3236 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
12:29:48.0393 3236 AsyncMac - ok
12:29:48.0397 3236 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
12:29:48.0397 3236 atapi - ok
12:29:48.0452 3236 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
12:29:48.0467 3236 AudioEndpointBuilder - ok
12:29:48.0474 3236 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
12:29:48.0478 3236 AudioSrv - ok
12:29:48.0497 3236 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
12:29:48.0499 3236 AxInstSV - ok
12:29:48.0537 3236 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
12:29:48.0549 3236 b06bdrv - ok
12:29:48.0561 3236 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
12:29:48.0565 3236 b57nd60a - ok
12:29:48.0578 3236 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
12:29:48.0580 3236 BDESVC - ok
12:29:48.0589 3236 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
12:29:48.0590 3236 Beep - ok
12:29:48.0638 3236 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
12:29:48.0651 3236 BFE - ok
12:29:48.0704 3236 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
12:29:48.0719 3236 BITS - ok
12:29:48.0738 3236 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
12:29:48.0740 3236 blbdrive - ok
12:29:48.0753 3236 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
12:29:48.0754 3236 bowser - ok
12:29:48.0763 3236 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:29:48.0764 3236 BrFiltLo - ok
12:29:48.0766 3236 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:29:48.0767 3236 BrFiltUp - ok
12:29:48.0794 3236 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
12:29:48.0796 3236 BridgeMP - ok
12:29:48.0815 3236 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
12:29:48.0817 3236 Browser - ok
12:29:48.0830 3236 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
12:29:48.0835 3236 Brserid - ok
12:29:48.0845 3236 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
12:29:48.0846 3236 BrSerWdm - ok
12:29:48.0852 3236 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
12:29:48.0853 3236 BrUsbMdm - ok
12:29:48.0857 3236 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
12:29:48.0858 3236 BrUsbSer - ok
12:29:48.0868 3236 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
12:29:48.0869 3236 BTHMODEM - ok
12:29:48.0880 3236 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
12:29:48.0882 3236 bthserv - ok
12:29:48.0889 3236 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
12:29:48.0890 3236 cdfs - ok
12:29:48.0910 3236 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
12:29:48.0913 3236 cdrom - ok
12:29:48.0930 3236 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
12:29:48.0931 3236 CertPropSvc - ok
12:29:48.0935 3236 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
12:29:48.0936 3236 circlass - ok
12:29:48.0956 3236 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
12:29:48.0961 3236 CLFS - ok
12:29:48.0997 3236 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:29:48.0999 3236 clr_optimization_v2.0.50727_32 - ok
12:29:49.0027 3236 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:29:49.0029 3236 clr_optimization_v2.0.50727_64 - ok
12:29:49.0076 3236 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:29:49.0078 3236 clr_optimization_v4.0.30319_32 - ok
12:29:49.0102 3236 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:29:49.0104 3236 clr_optimization_v4.0.30319_64 - ok
12:29:49.0116 3236 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
12:29:49.0117 3236 CmBatt - ok
12:29:49.0123 3236 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
12:29:49.0124 3236 cmdide - ok
12:29:49.0171 3236 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
12:29:49.0177 3236 CNG - ok
12:29:49.0181 3236 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
12:29:49.0182 3236 Compbatt - ok
12:29:49.0196 3236 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
12:29:49.0197 3236 CompositeBus - ok
12:29:49.0200 3236 COMSysApp - ok
12:29:49.0210 3236 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
12:29:49.0211 3236 crcdisk - ok
12:29:49.0240 3236 Creative Audio Engine Licensing Service (c0ead9f8ab83d41ff07303c75589c2b8) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
12:29:49.0240 3236 Creative Audio Engine Licensing Service - ok
12:29:49.0272 3236 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
12:29:49.0272 3236 CryptSvc - ok
12:29:49.0322 3236 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
12:29:49.0334 3236 CSC - ok
12:29:49.0444 3236 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
12:29:49.0457 3236 CscService - ok
12:29:49.0486 3236 CT20XUT (229e3b8f266abdafd54e4a372b9d5ddc) C:\Windows\system32\drivers\CT20XUT.SYS
12:29:49.0489 3236 CT20XUT - ok
12:29:49.0492 3236 CT20XUT.SYS (229e3b8f266abdafd54e4a372b9d5ddc) C:\Windows\System32\drivers\CT20XUT.SYS
12:29:49.0493 3236 CT20XUT.SYS - ok
12:29:49.0542 3236 ctac32k (eb3843a91a10150c9e05607cbcb44090) C:\Windows\system32\drivers\ctac32k.sys
12:29:49.0552 3236 ctac32k - ok
12:29:49.0611 3236 ctaud2k (bc06efb59a2316537765462dfe40f764) C:\Windows\system32\drivers\ctaud2k.sys
12:29:49.0624 3236 ctaud2k - ok
12:29:49.0706 3236 CTAudSvcService (5ce3d0e1d1b3832ee052cfc442eee0fa) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
12:29:49.0989 3236 CTAudSvcService - ok
12:29:50.0062 3236 CTEXFIFX (63b2b6ce9d3ef182981fb64bd5433da4) C:\Windows\system32\drivers\CTEXFIFX.SYS
12:29:50.0100 3236 CTEXFIFX - ok
12:29:50.0206 3236 CTEXFIFX.SYS (63b2b6ce9d3ef182981fb64bd5433da4) C:\Windows\System32\drivers\CTEXFIFX.SYS
12:29:50.0214 3236 CTEXFIFX.SYS - ok
12:29:50.0242 3236 CTHWIUT (6d115cc80873b85fd80dda1c41f75a2c) C:\Windows\system32\drivers\CTHWIUT.SYS
12:29:50.0244 3236 CTHWIUT - ok
12:29:50.0255 3236 CTHWIUT.SYS (6d115cc80873b85fd80dda1c41f75a2c) C:\Windows\System32\drivers\CTHWIUT.SYS
12:29:50.0256 3236 CTHWIUT.SYS - ok
12:29:50.0271 3236 ctprxy2k (ebc9548ef5838cb5aa8f18b3ac28af12) C:\Windows\system32\drivers\ctprxy2k.sys
12:29:50.0272 3236 ctprxy2k - ok
12:29:50.0301 3236 ctsfm2k (459bee1682121842285c162e2d98d81a) C:\Windows\system32\drivers\ctsfm2k.sys
12:29:50.0304 3236 ctsfm2k - ok
12:29:50.0342 3236 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
12:29:50.0342 3236 DcomLaunch - ok
12:29:50.0382 3236 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
12:29:50.0387 3236 defragsvc - ok
12:29:50.0404 3236 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
12:29:50.0405 3236 DfsC - ok
12:29:50.0420 3236 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
12:29:50.0425 3236 Dhcp - ok
12:29:50.0441 3236 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
12:29:50.0442 3236 discache - ok
12:29:50.0451 3236 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
12:29:50.0452 3236 Disk - ok
12:29:50.0479 3236 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
12:29:50.0482 3236 Dnscache - ok
12:29:50.0499 3236 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
12:29:50.0503 3236 dot3svc - ok
12:29:50.0521 3236 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
12:29:50.0524 3236 DPS - ok
12:29:50.0544 3236 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
12:29:50.0544 3236 drmkaud - ok
12:29:50.0603 3236 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
12:29:50.0623 3236 DXGKrnl - ok
12:29:50.0634 3236 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
12:29:50.0636 3236 EapHost - ok
12:29:50.0758 3236 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
12:29:50.0825 3236 ebdrv - ok
12:29:50.0885 3236 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
12:29:50.0887 3236 EFS - ok
12:29:50.0936 3236 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
12:29:50.0951 3236 ehRecvr - ok
12:29:50.0984 3236 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
12:29:50.0986 3236 ehSched - ok
12:29:51.0046 3236 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
12:29:51.0058 3236 elxstor - ok
12:29:51.0087 3236 emupia (c26133b6165928fbd156c6fe570f9ed2) C:\Windows\system32\drivers\emupia2k.sys
12:29:51.0089 3236 emupia - ok
12:29:51.0102 3236 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
12:29:51.0103 3236 ErrDev - ok
12:29:51.0139 3236 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
12:29:51.0145 3236 EventSystem - ok
12:29:51.0160 3236 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
12:29:51.0163 3236 exfat - ok
12:29:51.0184 3236 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
12:29:51.0187 3236 fastfat - ok
12:29:51.0229 3236 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
12:29:51.0245 3236 Fax - ok
12:29:51.0257 3236 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
12:29:51.0258 3236 fdc - ok
12:29:51.0269 3236 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
12:29:51.0270 3236 fdPHost - ok
12:29:51.0274 3236 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
12:29:51.0275 3236 FDResPub - ok
12:29:51.0288 3236 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
12:29:51.0288 3236 FileInfo - ok
12:29:51.0301 3236 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
12:29:51.0302 3236 Filetrace - ok
12:29:51.0317 3236 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
12:29:51.0319 3236 flpydisk - ok
12:29:51.0343 3236 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
12:29:51.0347 3236 FltMgr - ok
12:29:51.0412 3236 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
12:29:51.0432 3236 FontCache - ok
12:29:51.0476 3236 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:29:51.0477 3236 FontCache3.0.0.0 - ok
12:29:51.0564 3236 ForceWare Intelligent Application Manager (IAM) (52b58a46beefb238c580b69fd051cb5b) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
12:29:51.0575 3236 ForceWare Intelligent Application Manager (IAM) - ok
12:29:51.0636 3236 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
12:29:51.0637 3236 FsDepends - ok
12:29:51.0658 3236 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
12:29:51.0660 3236 Fs_Rec - ok
12:29:51.0690 3236 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
12:29:51.0693 3236 fvevol - ok
12:29:51.0702 3236 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
12:29:51.0703 3236 gagp30kx - ok
12:29:51.0749 3236 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
12:29:51.0766 3236 gpsvc - ok
12:29:51.0840 3236 ha20x2k (a3f010d5dbfb589a3b3288c05c2ea3f9) C:\Windows\system32\drivers\ha20x2k.sys
12:29:51.0887 3236 ha20x2k - ok
12:29:51.0924 3236 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
12:29:51.0925 3236 hcw85cir - ok
12:29:51.0944 3236 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
12:29:51.0947 3236 HDAudBus - ok
12:29:51.0957 3236 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
12:29:51.0958 3236 HidBatt - ok
12:29:51.0965 3236 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
12:29:51.0967 3236 HidBth - ok
12:29:51.0973 3236 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
12:29:51.0974 3236 HidIr - ok
12:29:51.0992 3236 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
12:29:51.0994 3236 hidserv - ok
12:29:52.0005 3236 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
12:29:52.0006 3236 HidUsb - ok
12:29:52.0023 3236 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
12:29:52.0025 3236 hkmsvc - ok
12:29:52.0054 3236 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
12:29:52.0058 3236 HomeGroupListener - ok
12:29:52.0093 3236 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
12:29:52.0099 3236 HomeGroupProvider - ok
12:29:52.0107 3236 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
12:29:52.0109 3236 HpSAMD - ok
12:29:52.0151 3236 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
12:29:52.0167 3236 HTTP - ok
12:29:52.0188 3236 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
12:29:52.0189 3236 hwpolicy - ok
12:29:52.0197 3236 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
12:29:52.0199 3236 i8042prt - ok
12:29:52.0228 3236 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
12:29:52.0233 3236 iaStorV - ok
12:29:52.0294 3236 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:29:52.0313 3236 idsvc - ok
12:29:52.0325 3236 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
12:29:52.0326 3236 iirsp - ok
12:29:52.0374 3236 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
12:29:52.0392 3236 IKEEXT - ok
12:29:52.0401 3236 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
12:29:52.0403 3236 intelide - ok
12:29:52.0421 3236 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
12:29:52.0423 3236 intelppm - ok
12:29:52.0442 3236 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
12:29:52.0444 3236 IPBusEnum - ok
12:29:52.0464 3236 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:29:52.0466 3236 IpFilterDriver - ok
12:29:52.0501 3236 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
12:29:52.0512 3236 iphlpsvc - ok
12:29:52.0522 3236 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
12:29:52.0524 3236 IPMIDRV - ok
12:29:52.0537 3236 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
12:29:52.0539 3236 IPNAT - ok
12:29:52.0546 3236 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
12:29:52.0547 3236 IRENUM - ok
12:29:52.0553 3236 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
12:29:52.0554 3236 isapnp - ok
12:29:52.0572 3236 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\DRIVERS\msiscsi.sys
12:29:52.0576 3236 iScsiPrt - ok
12:29:52.0605 3236 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
12:29:52.0606 3236 kbdclass - ok
12:29:52.0617 3236 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
12:29:52.0618 3236 kbdhid - ok
12:29:52.0636 3236 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:29:52.0638 3236 KeyIso - ok
12:29:52.0645 3236 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
12:29:52.0646 3236 KSecDD - ok
12:29:52.0667 3236 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
12:29:52.0668 3236 KSecPkg - ok
12:29:52.0681 3236 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
12:29:52.0682 3236 ksthunk - ok
12:29:52.0707 3236 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
12:29:52.0714 3236 KtmRm - ok
12:29:52.0746 3236 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
12:29:52.0751 3236 LanmanServer - ok
12:29:52.0770 3236 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
12:29:52.0774 3236 LanmanWorkstation - ok
12:29:52.0839 3236 LBTServ (7772dfab22611050b79504e671b06e6e) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
12:29:52.0845 3236 LBTServ - ok
12:29:52.0864 3236 LEqdUsb (ed7ec050cd6c20e1a93a4dafb7efd14d) C:\Windows\system32\DRIVERS\LEqdUsb.Sys
12:29:52.0866 3236 LEqdUsb - ok
12:29:52.0876 3236 LGBusEnum (fa529fb35694c24bf98a9ef67c1cd9d0) C:\Windows\system32\drivers\LGBusEnum.sys
12:29:52.0877 3236 LGBusEnum - ok
12:29:52.0890 3236 LGVirHid (94b29ce153765e768f004fb3440be2b0) C:\Windows\system32\drivers\LGVirHid.sys
12:29:52.0891 3236 LGVirHid - ok
12:29:52.0907 3236 LHidEqd (3267bc698e29474a8381e68904eb0390) C:\Windows\system32\DRIVERS\LHidEqd.Sys
12:29:52.0909 3236 LHidEqd - ok
12:29:52.0916 3236 LHidFilt (241f2648adf090e2a10095bd6d6f5dcb) C:\Windows\system32\DRIVERS\LHidFilt.Sys
12:29:52.0917 3236 LHidFilt - ok
12:29:52.0939 3236 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
12:29:52.0940 3236 lltdio - ok
12:29:52.0961 3236 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
12:29:52.0967 3236 lltdsvc - ok
12:29:52.0978 3236 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
12:29:52.0980 3236 lmhosts - ok
12:29:52.0989 3236 LMouFilt (342ed5a4b3326014438f36d22d803737) C:\Windows\system32\DRIVERS\LMouFilt.Sys
12:29:52.0991 3236 LMouFilt - ok
12:29:53.0002 3236 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
12:29:53.0004 3236 LSI_FC - ok
12:29:53.0013 3236 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
12:29:53.0015 3236 LSI_SAS - ok
12:29:53.0026 3236 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:29:53.0027 3236 LSI_SAS2 - ok
12:29:53.0042 3236 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:29:53.0044 3236 LSI_SCSI - ok
12:29:53.0060 3236 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
12:29:53.0062 3236 luafv - ok
12:29:53.0075 3236 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
12:29:53.0077 3236 Mcx2Svc - ok
12:29:53.0090 3236 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
12:29:53.0091 3236 megasas - ok
12:29:53.0113 3236 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
12:29:53.0117 3236 MegaSR - ok
12:29:53.0130 3236 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
12:29:53.0132 3236 MMCSS - ok
12:29:53.0143 3236 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
12:29:53.0144 3236 Modem - ok
12:29:53.0153 3236 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
12:29:53.0154 3236 monitor - ok
12:29:53.0176 3236 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
12:29:53.0178 3236 mouclass - ok
12:29:53.0192 3236 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
12:29:53.0193 3236 mouhid - ok
12:29:53.0210 3236 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
12:29:53.0211 3236 mountmgr - ok
12:29:53.0258 3236 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
12:29:53.0260 3236 MozillaMaintenance - ok
12:29:53.0310 3236 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
12:29:53.0316 3236 MpFilter - ok
12:29:53.0340 3236 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
12:29:53.0342 3236 mpio - ok
12:29:53.0363 3236 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
12:29:53.0365 3236 mpsdrv - ok
12:29:53.0426 3236 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
12:29:53.0446 3236 MpsSvc - ok
12:29:53.0464 3236 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
12:29:53.0467 3236 MRxDAV - ok
12:29:53.0492 3236 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:29:53.0494 3236 mrxsmb - ok
12:29:53.0519 3236 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:29:53.0522 3236 mrxsmb10 - ok
12:29:53.0550 3236 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:29:53.0552 3236 mrxsmb20 - ok
12:29:53.0568 3236 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
12:29:53.0569 3236 msahci - ok
12:29:53.0592 3236 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
12:29:53.0595 3236 msdsm - ok
12:29:53.0620 3236 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
12:29:53.0623 3236 MSDTC - ok
12:29:53.0641 3236 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
12:29:53.0642 3236 Msfs - ok
12:29:53.0647 3236 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
12:29:53.0648 3236 mshidkmdf - ok
12:29:53.0657 3236 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
12:29:53.0658 3236 msisadrv - ok
12:29:53.0678 3236 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
12:29:53.0682 3236 MSiSCSI - ok
12:29:53.0685 3236 msiserver - ok
12:29:53.0696 3236 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
12:29:53.0697 3236 MSKSSRV - ok
12:29:53.0749 3236 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) C:\Program Files\Microsoft Security Client\MsMpEng.exe
12:29:53.0750 3236 MsMpSvc - ok
12:29:53.0753 3236 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
12:29:53.0754 3236 MSPCLOCK - ok
12:29:53.0758 3236 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
12:29:53.0758 3236 MSPQM - ok
12:29:53.0783 3236 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
12:29:53.0787 3236 MsRPC - ok
12:29:53.0798 3236 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
12:29:53.0799 3236 mssmbios - ok
12:29:53.0809 3236 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
12:29:53.0810 3236 MSTEE - ok
12:29:53.0818 3236 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
12:29:53.0819 3236 MTConfig - ok
12:29:53.0840 3236 MTsensor (03b7145c889603537e9ffeabb1ad1089) C:\Windows\system32\DRIVERS\ASACPI.sys
12:29:53.0841 3236 MTsensor - ok
12:29:53.0850 3236 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
12:29:53.0850 3236 Mup - ok
12:29:53.0893 3236 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
12:29:53.0905 3236 napagent - ok
12:29:53.0930 3236 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
12:29:53.0935 3236 NativeWifiP - ok
12:29:53.0987 3236 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
12:29:54.0003 3236 NDIS - ok
12:29:54.0017 3236 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
12:29:54.0018 3236 NdisCap - ok
12:29:54.0026 3236 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
12:29:54.0028 3236 NdisTapi - ok
12:29:54.0046 3236 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
12:29:54.0047 3236 Ndisuio - ok
12:29:54.0073 3236 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
12:29:54.0076 3236 NdisWan - ok
12:29:54.0093 3236 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
12:29:54.0094 3236 NDProxy - ok
12:29:54.0195 3236 Nero BackItUp Scheduler 4.0 (0ff3c6aa3e0fe0eb316df5449b569463) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
12:29:54.0212 3236 Nero BackItUp Scheduler 4.0 - ok
12:29:54.0221 3236 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
12:29:54.0221 3236 NetBIOS - ok
12:29:54.0247 3236 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
12:29:54.0251 3236 NetBT - ok
12:29:54.0262 3236 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:29:54.0263 3236 Netlogon - ok
12:29:54.0286 3236 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
12:29:54.0292 3236 Netman - ok
12:29:54.0322 3236 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
12:29:54.0334 3236 netprofm - ok
12:29:54.0376 3236 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:29:54.0378 3236 NetTcpPortSharing - ok
12:29:54.0394 3236 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
12:29:54.0396 3236 nfrd960 - ok
12:29:54.0419 3236 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
12:29:54.0420 3236 NisDrv - ok
12:29:54.0465 3236 NisSrv (10a43829a9e606af3eef25a1c1665923) C:\Program Files\Microsoft Security Client\NisSrv.exe
12:29:54.0469 3236 NisSrv - ok
12:29:54.0491 3236 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
12:29:54.0496 3236 NlaSvc - ok
12:29:54.0505 3236 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
12:29:54.0506 3236 Npfs - ok
12:29:54.0514 3236 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
12:29:54.0516 3236 nsi - ok
12:29:54.0525 3236 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
12:29:54.0526 3236 nsiproxy - ok
12:29:54.0575 3236 nSvcIp (20e179a7fe78b37a02d30c4d34c870e7) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
12:29:54.0579 3236 nSvcIp - ok
12:29:54.0660 3236 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
12:29:54.0699 3236 Ntfs - ok
12:29:54.0756 3236 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
12:29:54.0757 3236 Null - ok
12:29:54.0788 3236 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
12:29:54.0794 3236 NVENETFD - ok
12:29:55.0389 3236 nvlddmkm (ba0b4889c40380a01ecdf84c227a89c9) C:\Windows\system32\DRIVERS\nvlddmkm.sys
12:29:55.0661 3236 nvlddmkm - ok
12:29:55.0756 3236 NVNET (c42c32bf90a78d72d4b7c144ff907fb6) C:\Windows\system32\DRIVERS\nvmf6264.sys
12:29:55.0771 3236 NVNET - ok
12:29:55.0787 3236 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
12:29:55.0787 3236 nvraid - ok
12:29:55.0812 3236 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
12:29:55.0813 3236 nvstor - ok
12:29:55.0846 3236 nvstor64 (71b6ecd3c56fbf12fb1968da3953b703) C:\Windows\system32\DRIVERS\nvstor64.sys
12:29:55.0849 3236 nvstor64 - ok
12:29:55.0919 3236 nvsvc (06633cf95bea62164c3bfca24bce6b11) C:\Windows\system32\nvvsvc.exe
12:29:55.0943 3236 nvsvc - ok
12:29:56.0042 3236 nvUpdatusService (53b629ce436b110c5689c2f6439e567b) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
12:29:56.0078 3236 nvUpdatusService - ok
12:29:56.0117 3236 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
12:29:56.0119 3236 nv_agp - ok
12:29:56.0140 3236 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
12:29:56.0141 3236 ohci1394 - ok
12:29:56.0174 3236 ossrv (0e2de427ebe106e7e5b52869d5c99f68) C:\Windows\system32\drivers\ctoss2k.sys
12:29:56.0176 3236 ossrv - ok
12:29:56.0197 3236 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
12:29:56.0203 3236 p2pimsvc - ok
12:29:56.0241 3236 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
12:29:56.0253 3236 p2psvc - ok
12:29:56.0265 3236 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
12:29:56.0267 3236 Parport - ok
12:29:56.0289 3236 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
12:29:56.0290 3236 partmgr - ok
12:29:56.0310 3236 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
12:29:56.0313 3236 PcaSvc - ok
12:29:56.0329 3236 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
12:29:56.0331 3236 pci - ok
12:29:56.0351 3236 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
12:29:56.0352 3236 pciide - ok
12:29:56.0385 3236 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
12:29:56.0402 3236 pcmcia - ok
12:29:56.0424 3236 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
12:29:56.0424 3236 pcw - ok
12:29:56.0468 3236 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
12:29:56.0485 3236 PEAUTH - ok
12:29:56.0569 3236 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
12:29:56.0603 3236 PeerDistSvc - ok
12:29:56.0675 3236 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
12:29:56.0677 3236 PerfHost - ok
12:29:56.0807 3236 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
12:29:56.0842 3236 pla - ok
12:29:56.0870 3236 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
12:29:56.0877 3236 PlugPlay - ok
12:29:56.0900 3236 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
12:29:56.0903 3236 PNRPAutoReg - ok
12:29:56.0983 3236 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
12:29:56.0986 3236 PNRPsvc - ok
12:29:57.0266 3236 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
12:29:57.0301 3236 PolicyAgent - ok
12:29:57.0426 3236 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
12:29:57.0431 3236 Power - ok
12:29:57.0559 3236 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
12:29:57.0564 3236 PptpMiniport - ok
12:29:57.0624 3236 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
12:29:57.0628 3236 Processor - ok
12:29:57.0761 3236 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
12:29:57.0766 3236 ProfSvc - ok
12:29:57.0808 3236 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:29:57.0809 3236 ProtectedStorage - ok
12:29:57.0907 3236 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
12:29:57.0923 3236 Psched - ok
12:29:58.0020 3236 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
12:29:58.0021 3236 PxHlpa64 - ok
12:29:59.0138 3236 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
12:29:59.0200 3236 ql2300 - ok
12:29:59.0681 3236 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
12:29:59.0693 3236 ql40xx - ok
12:29:59.0718 3236 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
12:29:59.0722 3236 QWAVE - ok
12:29:59.0737 3236 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
12:29:59.0738 3236 QWAVEdrv - ok
12:29:59.0758 3236 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
12:29:59.0759 3236 RasAcd - ok
12:29:59.0780 3236 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
12:29:59.0782 3236 RasAgileVpn - ok
12:29:59.0805 3236 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
12:29:59.0808 3236 RasAuto - ok
12:29:59.0836 3236 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:29:59.0838 3236 Rasl2tp - ok
12:29:59.0866 3236 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
12:29:59.0872 3236 RasMan - ok
12:29:59.0888 3236 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
12:29:59.0890 3236 RasPppoe - ok
12:29:59.0896 3236 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
12:29:59.0898 3236 RasSstp - ok
12:29:59.0929 3236 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
12:29:59.0933 3236 rdbss - ok
12:29:59.0941 3236 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
12:29:59.0942 3236 rdpbus - ok
12:29:59.0957 3236 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:29:59.0957 3236 RDPCDD - ok
12:29:59.0987 3236 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
12:29:59.0989 3236 RDPDR - ok
12:29:59.0992 3236 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
12:29:59.0993 3236 RDPENCDD - ok
12:30:00.0014 3236 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
12:30:00.0015 3236 RDPREFMP - ok
12:30:00.0044 3236 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
12:30:00.0047 3236 RDPWD - ok
12:30:00.0074 3236 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
12:30:00.0077 3236 rdyboost - ok
12:30:00.0103 3236 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
12:30:00.0105 3236 RemoteAccess - ok
12:30:00.0125 3236 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
12:30:00.0129 3236 RemoteRegistry - ok
12:30:00.0190 3236 RichVideo (06a49b7bdc36cfbf97dd90804f833369) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
12:30:00.0194 3236 RichVideo - ok
12:30:00.0206 3236 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
12:30:00.0208 3236 RpcEptMapper - ok
12:30:00.0226 3236 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
12:30:00.0227 3236 RpcLocator - ok
12:30:00.0270 3236 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
12:30:00.0275 3236 RpcSs - ok
12:30:00.0293 3236 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
12:30:00.0295 3236 rspndr - ok
12:30:00.0315 3236 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
12:30:00.0316 3236 s3cap - ok
12:30:00.0337 3236 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:30:00.0338 3236 SamSs - ok
12:30:00.0348 3236 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
12:30:00.0350 3236 sbp2port - ok
12:30:00.0364 3236 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
12:30:00.0368 3236 SCardSvr - ok
12:30:00.0390 3236 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
12:30:00.0391 3236 scfilter - ok
12:30:00.0450 3236 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
12:30:00.0476 3236 Schedule - ok
12:30:00.0493 3236 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
12:30:00.0494 3236 SCPolicySvc - ok
12:30:00.0512 3236 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
12:30:00.0516 3236 SDRSVC - ok
12:30:00.0525 3236 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
12:30:00.0526 3236 secdrv - ok
12:30:00.0541 3236 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
12:30:00.0544 3236 seclogon - ok
12:30:00.0556 3236 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
12:30:00.0559 3236 SENS - ok
12:30:00.0573 3236 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
12:30:00.0576 3236 SensrSvc - ok
12:30:00.0591 3236 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
12:30:00.0592 3236 Serenum - ok
12:30:00.0608 3236 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
12:30:00.0610 3236 Serial - ok
12:30:00.0614 3236 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
12:30:00.0615 3236 sermouse - ok
12:30:00.0641 3236 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
12:30:00.0644 3236 SessionEnv - ok
12:30:00.0662 3236 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
12:30:00.0663 3236 sffdisk - ok
12:30:00.0666 3236 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
12:30:00.0667 3236 sffp_mmc - ok
12:30:00.0670 3236 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
12:30:00.0672 3236 sffp_sd - ok
12:30:00.0675 3236 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
12:30:00.0676 3236 sfloppy - ok
12:30:00.0711 3236 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
12:30:00.0717 3236 SharedAccess - ok
12:30:00.0748 3236 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
12:30:00.0755 3236 ShellHWDetection - ok
12:30:00.0769 3236 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:30:00.0771 3236 SiSRaid2 - ok
12:30:00.0783 3236 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
12:30:00.0785 3236 SiSRaid4 - ok
12:30:00.0954 3236 Skype C2C Service (192d93ee7ae6a3c599c96cd8d736e914) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
12:30:01.0028 3236 Skype C2C Service - ok
12:30:01.0075 3236 SkypeUpdate (68ea68d03bf58389fe6ad2b38fad798c) C:\Program Files (x86)\Skype\Updater\Updater.exe
12:30:01.0077 3236 SkypeUpdate - ok
12:30:01.0127 3236 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
12:30:01.0127 3236 Smb - ok
12:30:01.0173 3236 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
12:30:01.0173 3236 SNMPTRAP - ok
12:30:01.0189 3236 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
12:30:01.0189 3236 spldr - ok
12:30:01.0230 3236 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
12:30:01.0253 3236 Spooler - ok
12:30:01.0388 3236 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
12:30:01.0463 3236 sppsvc - ok
12:30:01.0497 3236 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
12:30:01.0500 3236 sppuinotify - ok
12:30:01.0554 3236 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
12:30:01.0565 3236 srv - ok
12:30:01.0600 3236 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
12:30:01.0605 3236 srv2 - ok
12:30:01.0629 3236 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
12:30:01.0631 3236 srvnet - ok
12:30:01.0645 3236 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
12:30:01.0649 3236 SSDPSRV - ok
12:30:01.0661 3236 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
12:30:01.0664 3236 SstpSvc - ok
12:30:01.0718 3236 Stereo Service (c354621b6b94e10ae7f5cdbe745feb86) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
12:30:01.0724 3236 Stereo Service - ok
12:30:01.0736 3236 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
12:30:01.0737 3236 stexstor - ok
12:30:01.0784 3236 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
12:30:01.0800 3236 stisvc - ok
12:30:01.0815 3236 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
12:30:01.0816 3236 storflt - ok
12:30:01.0830 3236 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
12:30:01.0833 3236 StorSvc - ok
12:30:01.0843 3236 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
12:30:01.0844 3236 storvsc - ok
12:30:01.0851 3236 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
12:30:01.0852 3236 swenum - ok
12:30:01.0931 3236 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
12:30:02.0034 3236 SwitchBoard - ok
12:30:02.0068 3236 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
12:30:02.0081 3236 swprv - ok
12:30:02.0167 3236 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
12:30:02.0207 3236 SysMain - ok
12:30:02.0266 3236 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
12:30:02.0269 3236 TabletInputService - ok
12:30:02.0298 3236 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
12:30:02.0304 3236 TapiSrv - ok
12:30:02.0321 3236 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
12:30:02.0324 3236 TBS - ok
12:30:02.0436 3236 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
12:30:02.0477 3236 Tcpip - ok
12:30:02.0562 3236 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
12:30:02.0572 3236 TCPIP6 - ok
12:30:02.0608 3236 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
12:30:02.0609 3236 tcpipreg - ok
12:30:02.0635 3236 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
12:30:02.0636 3236 TDPIPE - ok
12:30:02.0662 3236 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
12:30:02.0663 3236 TDTCP - ok
12:30:02.0694 3236 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
12:30:02.0696 3236 tdx - ok
12:30:02.0714 3236 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
12:30:02.0716 3236 TermDD - ok
12:30:02.0763 3236 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
12:30:02.0779 3236 TermService - ok
12:30:02.0801 3236 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
12:30:02.0804 3236 Themes - ok
12:30:02.0822 3236 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
12:30:02.0823 3236 THREADORDER - ok
12:30:02.0832 3236 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
12:30:02.0835 3236 TrkWks - ok
12:30:02.0854 3236 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
12:30:02.0857 3236 TrustedInstaller - ok
12:30:02.0873 3236 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:30:02.0875 3236 tssecsrv - ok
12:30:02.0899 3236 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
12:30:02.0901 3236 TsUsbFlt - ok
12:30:02.0932 3236 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
12:30:02.0935 3236 tunnel - ok
12:30:02.0939 3236 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
12:30:02.0941 3236 uagp35 - ok
12:30:02.0961 3236 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
12:30:02.0965 3236 udfs - ok
12:30:02.0987 3236 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
12:30:02.0989 3236 UI0Detect - ok
12:30:03.0005 3236 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
12:30:03.0007 3236 uliagpkx - ok
12:30:03.0020 3236 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
12:30:03.0022 3236 umbus - ok
12:30:03.0032 3236 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
12:30:03.0033 3236 UmPass - ok
12:30:03.0045 3236 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
12:30:03.0050 3236 UmRdpService - ok
12:30:03.0070 3236 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
12:30:03.0076 3236 upnphost - ok
12:30:03.0103 3236 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
12:30:03.0105 3236 usbaudio - ok
12:30:03.0120 3236 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
12:30:03.0122 3236 usbccgp - ok
12:30:03.0141 3236 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
12:30:03.0143 3236 usbcir - ok
12:30:03.0162 3236 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
12:30:03.0164 3236 usbehci - ok
12:30:03.0187 3236 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
12:30:03.0192 3236 usbhub - ok
12:30:03.0202 3236 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
12:30:03.0203 3236 usbohci - ok
12:30:03.0214 3236 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
12:30:03.0215 3236 usbprint - ok
12:30:03.0238 3236 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
12:30:03.0240 3236 USBSTOR - ok
12:30:03.0254 3236 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
12:30:03.0255 3236 usbuhci - ok
12:30:03.0272 3236 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
12:30:03.0275 3236 UxSms - ok
12:30:03.0288 3236 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
12:30:03.0289 3236 VaultSvc - ok
12:30:03.0304 3236 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
12:30:03.0305 3236 vdrvroot - ok
12:30:03.0348 3236 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
12:30:03.0359 3236 vds - ok
12:30:03.0377 3236 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
12:30:03.0378 3236 vga - ok
12:30:03.0393 3236 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
12:30:03.0395 3236 VgaSave - ok
12:30:03.0404 3236 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
12:30:03.0407 3236 vhdmp - ok
12:30:03.0413 3236 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
12:30:03.0415 3236 viaide - ok
12:30:03.0427 3236 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
12:30:03.0430 3236 vmbus - ok
12:30:03.0442 3236 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
12:30:03.0443 3236 VMBusHID - ok
12:30:03.0453 3236 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
12:30:03.0454 3236 volmgr - ok
12:30:03.0489 3236 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
12:30:03.0493 3236 volmgrx - ok
12:30:03.0510 3236 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
12:30:03.0514 3236 volsnap - ok
12:30:03.0529 3236 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
12:30:03.0532 3236 vsmraid - ok
12:30:03.0603 3236 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
12:30:03.0643 3236 VSS - ok
12:30:03.0722 3236 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
12:30:03.0723 3236 vwifibus - ok
12:30:03.0751 3236 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
12:30:03.0757 3236 W32Time - ok
12:30:03.0765 3236 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
12:30:03.0767 3236 WacomPen - ok
12:30:03.0779 3236 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:30:03.0780 3236 WANARP - ok
12:30:03.0783 3236 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:30:03.0784 3236 Wanarpv6 - ok
12:30:03.0857 3236 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
12:30:03.0878 3236 WatAdminSvc - ok
12:30:03.0949 3236 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
12:30:03.0986 3236 wbengine - ok
12:30:04.0032 3236 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
12:30:04.0036 3236 WbioSrvc - ok
12:30:04.0069 3236 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
12:30:04.0075 3236 wcncsvc - ok
12:30:04.0102 3236 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
12:30:04.0171 3236 WcsPlugInService - ok
12:30:04.0202 3236 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
12:30:04.0203 3236 Wd - ok
12:30:04.0243 3236 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
12:30:04.0259 3236 Wdf01000 - ok
12:30:04.0271 3236 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
12:30:04.0274 3236 WdiServiceHost - ok
12:30:04.0277 3236 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
12:30:04.0279 3236 WdiSystemHost - ok
12:30:04.0306 3236 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
12:30:04.0311 3236 WebClient - ok
12:30:04.0343 3236 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
12:30:04.0348 3236 Wecsvc - ok
12:30:04.0365 3236 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
12:30:04.0369 3236 wercplsupport - ok
12:30:04.0379 3236 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
12:30:04.0383 3236 WerSvc - ok
12:30:04.0405 3236 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
12:30:04.0406 3236 WfpLwf - ok
12:30:04.0421 3236 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
12:30:04.0422 3236 WIMMount - ok
12:30:04.0445 3236 WinDefend - ok
12:30:04.0450 3236 WinHttpAutoProxySvc - ok
12:30:04.0500 3236 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
12:30:04.0504 3236 Winmgmt - ok
12:30:04.0626 3236 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
12:30:04.0681 3236 WinRM - ok
12:30:04.0783 3236 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
12:30:04.0802 3236 Wlansvc - ok
12:30:04.0946 3236 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
12:30:04.0995 3236 wlidsvc - ok
12:30:05.0054 3236 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
12:30:05.0055 3236 WmiAcpi - ok
12:30:05.0085 3236 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
12:30:05.0088 3236 wmiApSrv - ok
12:30:05.0098 3236 WMPNetworkSvc - ok
12:30:05.0119 3236 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
12:30:05.0121 3236 WPCSvc - ok
12:30:05.0144 3236 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
12:30:05.0147 3236 WPDBusEnum - ok
12:30:05.0166 3236 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
12:30:05.0167 3236 ws2ifsl - ok
12:30:05.0191 3236 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
12:30:05.0194 3236 wscsvc - ok
12:30:05.0197 3236 WSearch - ok
12:30:05.0307 3236 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
12:30:05.0408 3236 wuauserv - ok
12:30:05.0454 3236 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
12:30:05.0457 3236 WudfPf - ok
12:30:05.0472 3236 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:30:05.0475 3236 WUDFRd - ok
12:30:05.0490 3236 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
12:30:05.0490 3236 wudfsvc - ok
12:30:05.0521 3236 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
12:30:05.0521 3236 WwanSvc - ok
12:30:05.0594 3236 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
12:30:05.0611 3236 YahooAUService - ok
12:30:05.0636 3236 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} (177590b0d2f8be513626bb8c8d6e6a08) C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl
12:30:05.0637 3236 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054} - ok
12:30:05.0648 3236 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
12:30:05.0900 3236 \Device\Harddisk0\DR0 - ok
12:30:05.0903 3236 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
12:30:05.0905 3236 \Device\Harddisk1\DR1 - ok
12:30:05.0908 3236 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk2\DR2
12:30:06.0057 3236 \Device\Harddisk2\DR2 - ok
12:30:06.0064 3236 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk5\DR5
12:30:06.0093 3236 \Device\Harddisk5\DR5 - ok
12:30:06.0096 3236 Boot (0x1200) (28796de43a8bc125f9a8e6e510d6ef7e) \Device\Harddisk0\DR0\Partition0
12:30:06.0097 3236 \Device\Harddisk0\DR0\Partition0 - ok
12:30:06.0106 3236 Boot (0x1200) (587dacab87265597a41642e059cec461) \Device\Harddisk1\DR1\Partition0
12:30:06.0108 3236 \Device\Harddisk1\DR1\Partition0 - ok
12:30:06.0110 3236 Boot (0x1200) (b950a6f4b260e8755151b888810978eb) \Device\Harddisk2\DR2\Partition0
12:30:06.0111 3236 \Device\Harddisk2\DR2\Partition0 - ok
12:30:06.0115 3236 Boot (0x1200) (d06d2dec4eb6b4f45c61d4c60a4a6b6e) \Device\Harddisk5\DR5\Partition0
12:30:06.0117 3236 \Device\Harddisk5\DR5\Partition0 - ok
12:30:06.0117 3236 ============================================================
12:30:06.0117 3236 Scan finished
12:30:06.0117 3236 ============================================================
12:30:06.0126 4952 Detected object count: 0
12:30:06.0126 4952 Actual detected object count: 0


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-06-28 12:37:58
-----------------------------
12:37:58.913 OS Version: Windows x64 6.1.7601 Service Pack 1
12:37:58.913 Number of processors: 4 586 0xF0B
12:37:58.914 ComputerName: NEBUCHADNEZZAR UserName: Robert
12:38:00.252 Initialize success
13:38:29.083 AVAST engine defs: 12062800
13:48:20.657 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000006a
13:48:20.657 Disk 0 Vendor: WDC_WD15 21.0 Size: 143089MB BusType: 3
13:48:20.657 Disk 1 \Device\Harddisk1\DR1 -> \Device\0000006b
13:48:20.657 Disk 1 Vendor: WDC_WD15 04.0 Size: 143089MB BusType: 3
13:48:20.657 Disk 2 \Device\Harddisk2\DR2 -> \Device\0000006e
13:48:20.673 Disk 2 Vendor: ST310005 CC35 Size: 953869MB BusType: 3
13:48:20.673 Disk 5 \Device\Harddisk5\DR5 -> \Device\00000078
13:48:20.673 Disk 5 Vendor: Size: 953869MB BusType: 0
13:48:20.688 Disk 0 MBR read successfully
13:48:20.688 Disk 0 MBR scan
13:48:20.704 Disk 0 Windows VISTA default MBR code
13:48:20.721 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 143087 MB offset 2048
13:48:20.764 Disk 0 scanning C:\Windows\system32\drivers
13:48:30.120 Service scanning
13:48:57.617 Modules scanning
13:48:57.629 Disk 0 trace - called modules:
13:48:57.647 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor.sys
13:48:57.653 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c1b060]
13:48:57.659 3 CLASSPNP.SYS[fffff88001b6443f] -> nt!IofCallDriver -> [0xfffffa8003d0d330]
13:48:57.666 5 ACPI.sys[fffff88000eff7a1] -> nt!IofCallDriver -> \Device\0000006a[0xfffffa80049009c0]
13:48:58.443 AVAST engine scan C:\Windows
13:49:02.366 AVAST engine scan C:\Windows\system32
13:52:31.357 AVAST engine scan C:\Windows\system32\drivers
13:52:47.454 AVAST engine scan C:\Users\Robert
14:07:33.323 AVAST engine scan C:\ProgramData
14:08:51.261 Scan finished successfully
14:31:57.814 Disk 0 MBR has been saved successfully to "C:\Users\Robert\Desktop\MBR.dat"
14:31:57.841 The log file has been saved successfully to "C:\Users\Robert\Desktop\aswMBR.txt"

Attached Files

  • Attached File  MBR.zip   542bytes   0 downloads


#5 nasdaq

nasdaq

  • Malware Response Team
  • 39,924 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:36 PM

Posted 29 June 2012 - 07:23 AM

I got Microsoft Security Essentials working finally, but Windows Defender still refuses to enable!!! Here is my TDSS log...


There is no need to have both programs working in real time.
They are protecting the same things.

http://answers.microsoft.com/en-us/windows/forum/windows_xp-security/can-windows-defender-co-exist-with-ms-security/7502fe24-502d-472c-ab9e-907c72c5785a

===

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
==============

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please post the logs for my review.

#6 malachi0420

malachi0420
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:36 PM

Posted 29 June 2012 - 12:06 PM

ComboFix log


ComboFix 12-06-28.03 - Robert 06/29/2012 12:40:59.3.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.4095.2209 [GMT -4:00]
Running from: d:\my files\Software\ComboFix\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\isRS-000.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-05-28 to 2012-06-29 )))))))))))))))))))))))))))))))
.
.
2012-06-29 16:49 . 2012-06-29 16:49 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-06-29 16:49 . 2012-06-29 16:49 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-06-29 16:49 . 2012-06-29 16:49 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-06-29 16:49 . 2012-06-29 16:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-29 16:22 . 2012-06-29 16:22 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2A2138A8-647B-414A-B666-F0ECCA4EB77E}\offreg.dll
2012-06-28 20:47 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2A2138A8-647B-414A-B666-F0ECCA4EB77E}\mpengine.dll
2012-06-27 20:48 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-23 18:18 . 2012-06-23 18:18 -------- d--h--w- c:\programdata\Common Files
2012-06-23 18:17 . 2012-06-23 18:29 -------- d-----w- c:\programdata\MFAData
2012-06-21 08:54 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-21 08:54 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-21 08:54 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-21 08:54 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-21 08:54 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-21 08:54 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-21 08:54 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-21 08:54 . 2012-06-02 19:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-21 08:54 . 2012-06-02 19:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-18 03:30 . 2012-06-18 03:30 -------- d-----w- c:\windows\system32\appmgmt
2012-06-15 03:19 . 2012-06-15 03:19 53248 ----a-r- c:\users\Robert\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-06-14 14:20 . 2012-06-14 14:20 -------- d-----w- c:\users\Robert\AppData\Local\Macromedia
2012-06-14 03:50 . 2012-06-24 20:37 -------- d-----w- c:\programdata\NVIDIA
2012-06-14 03:50 . 2012-06-14 03:50 -------- d-----w- c:\users\UpdatusUser.Nebuchadnezzar
2012-06-14 03:50 . 2012-05-15 09:29 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-06-14 03:50 . 2012-05-15 09:29 63296 ----a-w- c:\windows\system32\nvshext.dll
2012-06-14 03:50 . 2012-05-15 09:29 118080 ----a-w- c:\windows\system32\nvmctray.dll
2012-06-14 03:50 . 2012-05-15 09:29 3149632 ----a-w- c:\windows\system32\nvsvc64.dll
2012-06-14 03:50 . 2012-05-15 09:28 6151488 ----a-w- c:\windows\system32\nvcpl.dll
2012-06-14 03:49 . 2012-05-15 10:48 68928 ----a-w- c:\windows\system32\OpenCL.dll
2012-06-14 03:49 . 2012-05-15 10:48 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-06-14 03:47 . 2012-06-14 03:47 -------- d-----w- C:\NVIDIA
2012-06-13 07:32 . 2012-05-09 21:29 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-06-13 07:32 . 2012-05-09 21:29 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AD04EB00-0FEC-46E7-8D3E-537FBFC1A97B}\gapaengine.dll
2012-06-10 21:58 . 2012-06-10 21:58 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-10 21:58 . 2012-06-10 21:58 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-24 23:58 . 2012-04-08 13:03 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-24 23:58 . 2011-05-16 10:21 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-15 03:19 . 2010-06-11 04:45 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-05-15 06:21 . 2012-05-15 06:21 423744 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-05-08 17:02 . 2012-05-25 10:47 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F6460568-EFE0-4412-8A90-6DDE84191755}\mpengine.dll
2012-04-04 19:56 . 2010-07-19 03:38 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((( SnapShot_2012-06-24_20.25.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-06-11 02:23 . 2012-06-24 20:38 43472 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-24 20:38 37942 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-06-11 01:58 . 2012-06-24 20:38 14288 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-425265214-460648453-1764136749-1000_UserData.bin
- 2012-06-23 20:59 . 2012-06-23 20:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-24 20:37 . 2012-06-24 20:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-06-23 20:59 . 2012-06-23 20:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-24 20:37 . 2012-06-24 20:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-24 23:58 . 2012-06-24 23:58 686280 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_262_Plugin.exe
+ 2012-04-08 13:03 . 2012-06-24 23:58 250056 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
- 2009-07-14 02:36 . 2012-06-23 21:03 626290 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-06-24 20:43 626290 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-06-24 20:43 107566 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-06-23 21:03 107566 c:\windows\system32\perfc009.dat
+ 2012-06-24 23:58 . 2012-06-24 23:58 417992 c:\windows\system32\Macromed\Flash\FlashUtil64_11_3_300_262_Plugin.exe
+ 2009-07-14 04:46 . 2012-06-28 18:04 107456 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2009-07-14 05:01 . 2012-06-23 20:58 372940 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-06-24 20:36 372940 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-06-24 23:58 . 2012-06-24 23:58 9459912 c:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
+ 2012-06-24 23:58 . 2012-06-24 23:58 1535176 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe
+ 2011-03-07 02:24 . 2012-06-24 20:36 2096788 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-425265214-460648453-1764136749-1000-12288.dat
- 2011-03-07 02:24 . 2012-06-21 16:35 2096788 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-425265214-460648453-1764136749-1000-12288.dat
+ 2012-06-24 23:58 . 2012-06-24 23:58 12310216 c:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-24 250056]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-07-16 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2010-05-06 202840]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2010-05-06 1417304]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2010-05-06 94808]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-23 16008]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-17 113120]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-04-09 3063968]
R3 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-04-05 158856]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-11 1255736]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\program files (x86)\CyberLink\PowerDVD8\000.fcl [2008-10-08 32240]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2010-05-06 202840]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2010-05-06 1417304]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2010-05-06 94808]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [2011-09-02 76056]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 22408]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [2011-09-02 15128]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 34237811
*NewlyCreated* - 52496033
*NewlyCreated* - 90182279
*NewlyCreated* - ASWMBR
*Deregistered* - 34237811
*Deregistered* - 52496033
*Deregistered* - 90182279
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-08 23:58]
.
2012-06-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-425265214-460648453-1764136749-1000Core.job
- c:\users\Robert\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-28 22:45]
.
2012-06-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-425265214-460648453-1764136749-1000UA.job
- c:\users\Robert\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-28 22:45]
.
.
--------- X64 Entries -----------
.
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
LSP: c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nvLsp.dll
TCP: DhcpNameServer = 64.147.208.77 64.147.208.78
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
FF - ProfilePath - c:\users\Robert\AppData\Roaming\Mozilla\Firefox\Profiles\ndp5qpwd.default\
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD8\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-425265214-460648453-1764136749-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:1e,f6,f8,96,f6,01,01,44,f3,a2,a5,59,7e,23,95,04,f1,5b,2a,40,10,42,bb,
02,df,c8,09,af,bf,95,64,c7,b1,0e,73,5c,cf,a2,b1,b3,0c,71,14,c4,8e,e2,db,80,\
"??"=hex:cf,f5,de,c2,2a,eb,2d,89,ff,2e,5c,52,de,20,18,ab
.
[HKEY_USERS\S-1-5-21-425265214-460648453-1764136749-1000\Software\SecuROM\License information*]
"datasecu"=hex:39,b3,e7,48,0a,c2,57,bb,d9,f1,1c,da,92,a1,cf,06,cf,b4,c4,ec,06,
b3,34,09,f1,5d,d8,24,d2,8e,7f,80,43,51,fc,71,65,6d,44,ff,d4,cf,b3,39,6f,61,\
"rkeysecu"=hex:0b,2a,56,a6,e8,7d,e1,bf,b7,0c,82,2e,b3,72,7e,f5
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-06-29 12:57:04
ComboFix-quarantined-files.txt 2012-06-29 16:57
ComboFix2.txt 2012-06-24 20:33
ComboFix3.txt 2012-05-27 03:07
.
Pre-Run: 39,590,408,192 bytes free
Post-Run: 39,136,989,184 bytes free
.
- - End Of File - - 3832FC97B06543C249BF0F1C166AB87F


Results of screen317's Security Check version 0.99.42
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
(On Access scanning disabled!)
Error obtaining update status for antivirus!
`````````Anti-malware/Other Utilities Check:`````````
SpywareBlaster 4.6
Malwarebytes Anti-Malware version 1.61.0.1400
Adobe Reader X (10.1.3)
Mozilla Firefox (13.0.1)
Google Chrome 19.0.1084.52
Google Chrome 19.0.1084.56
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1%
````````````````````End of Log``````````````````````

#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,924 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:36 PM

Posted 30 June 2012 - 07:11 AM

Your logs are clean.

Any remaining issues?

#8 malachi0420

malachi0420
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:01:36 PM

Posted 30 June 2012 - 01:17 PM

No other problems...thank you sooooooo much!!! :thumbsup:

#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,924 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:36 PM

Posted 30 June 2012 - 01:20 PM

Glad we could help.

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

Delete the other tools we used.

#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,924 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:36 PM

Posted 30 June 2012 - 01:21 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users