Solved Sirefef; 1 minute restarts

jaylew · Aug 5, 2012

I am also infected with sirefef and get the 1 minute restarts. I did the FRST scan and my log is below. I ran the scan when my computer was not connected to the internet - hopefully that doesn't matter?

Thanks!

Scan result of Farbar Recovery Scan Tool Version: 04-08-2012 01
Ran by SYSTEM at 05-08-2012 12:00:27
Running from H:\
Windows 7 Ultimate (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1271168 2012-03-26] (Microsoft Corporation)
HKLM-x32\...\Run: [P17RunE] RunDll32 P17RunE.dll,RunDLLEntry [x]
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [61440 2010-02-10] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
HKU\Guest\...\Run: [Facebook Update] "C:\Users\Guest\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2012-07-12] (Facebook Inc.)
HKU\jaylew\...\Run: [EPSON Artisan 50 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFFA.EXE /FU "C:\Windows\TEMP\E_S1E78.tmp" /EF "HKCU" [223232 2008-10-09] (SEIKO EPSON CORPORATION)
HKU\jaylew\...\Run: [Google Update] "C:\Users\jaylew\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2012-02-17] (Google Inc.)
HKU\jaylew\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
HKU\jaylew\...\Run: [NETGEARGenie] "C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe" -mini -redirect [1091872 2012-03-12] ()
HKU\jaylew\...\Run: [OpenDNS Updater] "C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe" /autostart [839680 2010-06-16] ()
HKU\jaylew\...\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart [12163848 2012-06-20] (Google)
HKU\jaylew\...\Run: [sdrfs] "C:\Windows\System32\rundll32.exe" "C:\Users\jaylew\AppData\Roaming\sdrfs.dll",read_info [401920 2012-07-27] (Stardock Systems, Inc)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Startup: C:\Users\jaylew\Start Menu\Programs\Startup\Rainmeter.lnk
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()

==================== Services (Whitelisted) ======

2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [12600 2012-03-26] (Microsoft Corporation)
2 NETGEARGenieDaemon; C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [1370400 2012-03-06] (NETGEAR)
3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [291696 2012-03-26] (Microsoft Corporation)
2 PanService; C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe [624856 2012-04-06] (Pandora.TV)

========================== Drivers (Whitelisted) =============

3 E100B; C:\Windows\System32\DRIVERS\efe5b32e.sys [192256 2009-06-10] (Intel Corporation)
2 NPF; C:\Windows\System32\Drivers\NPF.sys [35344 2012-05-10] (CACE Technologies, Inc.)
3 P17; C:\Windows\System32\Drivers\P17.sys [1309696 2009-10-16] (Creative Technology Ltd.)
3 Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [x]
3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [x]
3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-08-04 12:33 - 2012-08-04 12:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.511C2FC13589DA82
2012-08-04 12:30 - 2012-08-04 12:30 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A2BFB6E870E35404
2012-08-04 12:27 - 2012-08-04 12:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.990923A08F656C41
2012-08-04 12:23 - 2012-08-04 12:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.68A7E0F2A554FEF2
2012-08-04 12:12 - 2012-08-04 12:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.33FB91C51B47D9C0
2012-08-04 12:08 - 2012-08-04 12:08 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6784E76DC6DD6797
2012-08-04 11:36 - 2012-08-04 11:36 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.410F7019A3E47DF6
2012-08-04 11:33 - 2012-08-04 11:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.88E4748589F250E6
2012-08-04 11:30 - 2012-08-04 11:30 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.50D44AC29DDC02EA
2012-08-04 11:26 - 2012-08-04 11:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5B83AD76B728BE57
2012-08-04 11:23 - 2012-08-04 11:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0B04096029ACE34A
2012-08-04 11:20 - 2012-08-04 11:20 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.076AF708EFE19D25
2012-08-04 11:18 - 2012-08-04 11:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2031C523EC85A960
2012-08-04 11:15 - 2012-08-04 11:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F8FA3A42C6AC1938
2012-08-04 11:12 - 2012-08-04 11:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B039D8C3437240D4
2012-08-04 11:08 - 2012-08-04 11:08 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D9450E568C651AAB
2012-08-04 11:05 - 2012-08-04 11:05 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B241077791B7EC74
2012-08-02 19:27 - 2012-08-02 19:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5B7CEC5ECBDB852E
2012-08-02 19:23 - 2012-08-02 19:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.35CD4692C176A4D1
2012-08-02 19:20 - 2012-08-02 19:20 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.839AF74635CCB65C
2012-08-02 19:16 - 2012-08-02 19:16 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F5F62BF72FA33FAF
2012-08-02 19:13 - 2012-08-02 19:13 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.04EEAB4BB4ECD247
2012-08-02 19:10 - 2012-08-02 19:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8695B827054DC989
2012-08-02 19:07 - 2012-08-02 19:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B1E37CF3108BA47B
2012-08-02 19:04 - 2012-08-02 19:04 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F7FFEFC6FC8B42D9
2012-08-02 19:00 - 2012-08-02 19:00 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.163DEE6D53864250
2012-08-02 18:58 - 2012-08-02 18:58 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0F13ABBCBCDDB242
2012-08-02 18:54 - 2012-08-02 18:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7B7DC66BA2866782
2012-08-02 18:51 - 2012-08-02 18:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3C535F3BFD8A7E43
2012-08-02 18:47 - 2012-08-02 18:47 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E8BDAE26EE54E693
2012-08-02 18:44 - 2012-08-02 18:44 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.94FA46219A300B86
2012-08-02 18:41 - 2012-08-02 18:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D8A0B5266BCBAF16
2012-07-30 17:26 - 2012-07-30 17:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A0E5FD3F6A654672
2012-07-30 17:20 - 2012-07-30 17:20 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5499FC4136D0A7E0
2012-07-30 17:16 - 2012-07-30 17:16 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7D519A640993AB49
2012-07-30 17:11 - 2012-07-30 17:12 - 12621696 ____A (Microsoft Corporation) C:\Users\jaylew\Downloads\mseinstall(2).exe
2012-07-30 17:10 - 2012-07-30 17:10 - 00347424 ____A (Microsoft Corporation) C:\Users\jaylew\Downloads\MicrosoftFixit.WindowsFirewall.RNP.136267127798690248.1.1.Run.exe
2012-07-30 17:07 - 2009-07-13 17:14 - 00020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe
2012-07-29 11:21 - 2012-07-29 11:21 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4185522F09C7AE52
2012-07-29 11:18 - 2012-07-29 11:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1A2729A2C5765B40
2012-07-29 11:15 - 2012-07-29 11:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FBFD2CE184A71BFB
2012-07-29 11:10 - 2012-07-29 11:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C8FB6A31690A5334
2012-07-29 11:10 - 2012-07-29 11:10 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\pxcohblz.sys
2012-07-29 11:07 - 2012-07-29 11:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A9F79618A4DD2055
2012-07-29 11:04 - 2012-07-29 11:04 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.024B0C076D4EC22F
2012-07-29 11:01 - 2012-07-29 11:01 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.66209165ABCC3DEC
2012-07-29 10:56 - 2012-07-29 10:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F90D1581347F5587
2012-07-29 10:53 - 2012-07-29 10:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.959B83F37C14C8B4
2012-07-29 10:49 - 2012-07-29 10:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3FC97012005433FC
2012-07-29 10:42 - 2012-07-30 17:12 - 00000000 ____D C:\Program Files\Microsoft Security Client
2012-07-29 10:42 - 2012-07-30 17:12 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2012-07-29 10:41 - 2012-07-29 10:41 - 12621696 ____A (Microsoft Corporation) C:\Users\jaylew\Downloads\mseinstall(1).exe
2012-07-27 08:37 - 2012-07-27 08:37 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-07-27 08:32 - 2012-07-27 08:32 - 00401920 ____A (Stardock Systems, Inc) C:\Users\jaylew\AppData\Roaming\sdrfs.dll
2012-07-27 08:32 - 2012-07-27 08:32 - 00000000 ____D C:\Users\jaylew\AppData\Local\{AE9C995C-D808-11E1-8270-B8AC6F996F26}
2012-07-27 08:32 - 2012-07-27 08:32 - 00000000 ____D C:\Users\jaylew\AppData\Local\{AE9C5E63-D808-11E1-8270-B8AC6F996F26}
2012-07-27 08:31 - 2012-07-27 08:31 - 00138752 ____A C:\Users\jaylew\AppData\Roaming\patbrt.dll
2012-07-25 06:45 - 2012-07-25 06:45 - 04419192 ____A (Krzysztof Kowalczyk) C:\Users\jaylew\Downloads\SumatraPDF-2.1.1-install.exe
2012-07-25 06:30 - 2012-07-25 06:30 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-07-25 06:29 - 2012-07-25 06:30 - 00000000 ____D C:\Program Files\iTunes
2012-07-25 06:29 - 2012-07-25 06:30 - 00000000 ____D C:\Program Files (x86)\iTunes
2012-07-25 06:29 - 2012-07-25 06:29 - 00000000 ____D C:\Program Files\iPod
2012-07-25 06:25 - 2012-07-25 06:25 - 00001845 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2012-07-25 06:25 - 2012-07-25 06:25 - 00000000 ____D C:\Program Files (x86)\QuickTime
2012-07-21 22:20 - 2012-02-29 21:30 - 00000517 ____A C:\Users\jaylew\Downloads\.htaccess
2012-07-19 14:12 - 2012-07-19 14:12 - 00002687 ____A C:\Users\jaylew\Desktop\alg2_syllabus1_0.txt
2012-07-11 00:20 - 2012-06-11 19:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-11 00:00 - 2012-06-02 04:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-11 00:00 - 2012-06-02 04:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-11 00:00 - 2012-06-02 04:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-11 00:00 - 2012-06-02 04:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-11 00:00 - 2012-06-02 04:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-11 00:00 - 2012-06-02 04:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-11 00:00 - 2012-06-02 04:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-11 00:00 - 2012-06-02 04:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-11 00:00 - 2012-06-02 04:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-11 00:00 - 2012-06-02 04:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-11 00:00 - 2012-06-02 03:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-11 00:00 - 2012-06-02 03:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-11 00:00 - 2012-06-02 03:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-11 00:00 - 2012-06-02 03:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-11 00:00 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-07-11 00:00 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-07-11 00:00 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-07-11 00:00 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-07-11 00:00 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-07-11 00:00 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-07-11 00:00 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-07-11 00:00 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-07-11 00:00 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-07-11 00:00 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-07-11 00:00 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-07-11 00:00 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-07-11 00:00 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-07-11 00:00 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-07-10 16:19 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-10 16:19 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-07-10 16:19 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-10 16:19 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-10 16:19 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-07-10 16:19 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-07-10 16:19 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-07-10 16:19 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-07-10 16:19 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-07-10 16:19 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-07-10 16:19 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-10 16:19 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-10 16:19 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-10 16:19 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-07-10 16:19 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-07-10 16:19 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-07-10 16:19 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-07-10 16:19 - 2012-04-23 21:37 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-07-10 16:19 - 2012-04-23 21:37 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-07-10 16:19 - 2012-04-23 21:37 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-07-10 16:19 - 2012-04-23 20:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-07-10 16:19 - 2012-04-23 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-07-10 16:19 - 2012-04-23 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-07-10 16:19 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2012-07-10 16:19 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2012-07-10 09:54 - 2012-07-21 22:23 - 00000000 ____D C:\Users\jaylew\AppData\Roaming\Cyberduck
2012-07-10 09:54 - 2012-07-21 21:57 - 00000000 __SHD C:\Users\jaylew\wc
2012-07-10 09:54 - 2012-07-10 09:54 - 00000000 __SHD C:\Users\jaylew\AppData\Roaming\wyUpdate AU
2012-07-10 09:51 - 2012-07-10 09:51 - 00001023 ____A C:\Users\Public\Desktop\Cyberduck.lnk
2012-07-10 09:42 - 2012-07-10 09:51 - 00000000 ____D C:\Program Files (x86)\Cyberduck
2012-07-10 09:35 - 2012-07-10 09:35 - 13928312 ____A C:\Users\jaylew\Downloads\Cyberduck-Installer-4.2.1.exe

============ 3 Months Modified Files ========================

2012-08-05 08:44 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-05 08:44 - 2009-07-13 20:51 - 00029709 ____A C:\Windows\setupact.log
2012-08-04 12:33 - 2012-08-04 12:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.511C2FC13589DA82
2012-08-04 12:32 - 2012-05-23 15:39 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-08-04 12:30 - 2012-08-04 12:30 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A2BFB6E870E35404
2012-08-04 12:29 - 2012-05-23 15:39 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-08-04 12:27 - 2012-08-04 12:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.990923A08F656C41
2012-08-04 12:23 - 2012-08-04 12:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.68A7E0F2A554FEF2
2012-08-04 12:12 - 2012-08-04 12:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.33FB91C51B47D9C0
2012-08-04 12:08 - 2012-08-04 12:08 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.6784E76DC6DD6797
2012-08-04 11:36 - 2012-08-04 11:36 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.410F7019A3E47DF6
2012-08-04 11:34 - 2009-07-13 21:08 - 00032560 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-08-04 11:33 - 2012-08-04 11:33 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.88E4748589F250E6
2012-08-04 11:30 - 2012-08-04 11:30 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.50D44AC29DDC02EA
2012-08-04 11:26 - 2012-08-04 11:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5B83AD76B728BE57
2012-08-04 11:23 - 2012-08-04 11:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0B04096029ACE34A
2012-08-04 11:21 - 2012-02-17 18:38 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2572511198-3776155673-3006782383-1001UA.job
2012-08-04 11:20 - 2012-08-04 11:20 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.076AF708EFE19D25
2012-08-04 11:18 - 2012-08-04 11:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.2031C523EC85A960
2012-08-04 11:15 - 2012-08-04 11:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F8FA3A42C6AC1938
2012-08-04 11:12 - 2012-08-04 11:12 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B039D8C3437240D4
2012-08-04 11:08 - 2012-08-04 11:08 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D9450E568C651AAB
2012-08-04 11:05 - 2012-08-04 11:05 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B241077791B7EC74
2012-08-02 19:27 - 2012-08-02 19:27 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5B7CEC5ECBDB852E
2012-08-02 19:23 - 2012-08-02 19:23 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.35CD4692C176A4D1
2012-08-02 19:20 - 2012-08-02 19:20 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.839AF74635CCB65C
2012-08-02 19:16 - 2012-08-02 19:16 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F5F62BF72FA33FAF
2012-08-02 19:13 - 2012-08-02 19:13 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.04EEAB4BB4ECD247
2012-08-02 19:10 - 2012-08-02 19:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.8695B827054DC989
2012-08-02 19:07 - 2012-08-02 19:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.B1E37CF3108BA47B
2012-08-02 19:04 - 2012-08-02 19:04 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F7FFEFC6FC8B42D9
2012-08-02 19:00 - 2012-08-02 19:00 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.163DEE6D53864250
2012-08-02 18:58 - 2012-08-02 18:58 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.0F13ABBCBCDDB242
2012-08-02 18:54 - 2012-08-02 18:54 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7B7DC66BA2866782
2012-08-02 18:51 - 2012-08-02 18:51 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3C535F3BFD8A7E43
2012-08-02 18:47 - 2012-08-02 18:47 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.E8BDAE26EE54E693
2012-08-02 18:44 - 2012-08-02 18:44 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.94FA46219A300B86
2012-08-02 18:41 - 2012-08-02 18:41 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.D8A0B5266BCBAF16
2012-07-30 17:26 - 2012-07-30 17:26 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A0E5FD3F6A654672
2012-07-30 17:20 - 2012-07-30 17:20 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.5499FC4136D0A7E0
2012-07-30 17:16 - 2012-07-30 17:16 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.7D519A640993AB49
2012-07-30 17:13 - 2012-02-15 17:00 - 01572903 ____A C:\Windows\WindowsUpdate.log
2012-07-30 17:13 - 2012-02-15 15:54 - 00001945 ____A C:\Windows\epplauncher.mif
2012-07-30 17:12 - 2012-07-30 17:11 - 12621696 ____A (Microsoft Corporation) C:\Users\jaylew\Downloads\mseinstall(2).exe
2012-07-30 17:11 - 2009-07-13 21:13 - 00729514 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-30 17:10 - 2012-07-30 17:10 - 00347424 ____A (Microsoft Corporation) C:\Users\jaylew\Downloads\MicrosoftFixit.WindowsFirewall.RNP.136267127798690248.1.1.Run.exe
2012-07-30 17:06 - 2012-02-15 15:55 - 00008876 ____A C:\Windows\PFRO.log
2012-07-30 17:06 - 2009-07-13 20:45 - 00016640 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-30 17:06 - 2009-07-13 20:45 - 00016640 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-30 16:26 - 2012-02-17 18:38 - 00000860 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2572511198-3776155673-3006782383-1001Core.job
2012-07-29 11:21 - 2012-07-29 11:21 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.4185522F09C7AE52
2012-07-29 11:18 - 2012-07-29 11:18 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.1A2729A2C5765B40
2012-07-29 11:15 - 2012-07-29 11:15 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.FBFD2CE184A71BFB
2012-07-29 11:10 - 2012-07-29 11:10 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.C8FB6A31690A5334
2012-07-29 11:10 - 2012-07-29 11:10 - 00050392 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\pxcohblz.sys
2012-07-29 11:07 - 2012-07-29 11:07 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.A9F79618A4DD2055
2012-07-29 11:04 - 2012-07-29 11:04 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.024B0C076D4EC22F
2012-07-29 11:01 - 2012-07-29 11:01 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.66209165ABCC3DEC
2012-07-29 10:56 - 2012-07-29 10:56 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.F90D1581347F5587
2012-07-29 10:53 - 2012-07-29 10:53 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.959B83F37C14C8B4
2012-07-29 10:49 - 2012-07-29 10:49 - 00328704 ____A (Microsoft Corporation) C:\Windows\System32\services.exe.3FC97012005433FC
2012-07-29 10:42 - 2012-02-15 15:54 - 00742892 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-07-29 10:41 - 2012-07-29 10:41 - 12621696 ____A (Microsoft Corporation) C:\Users\jaylew\Downloads\mseinstall(1).exe
2012-07-27 08:32 - 2012-07-27 08:32 - 00401920 ____A (Stardock Systems, Inc) C:\Users\jaylew\AppData\Roaming\sdrfs.dll
2012-07-27 08:32 - 2012-04-02 13:54 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-27 08:32 - 2012-02-15 22:54 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-27 08:31 - 2012-07-27 08:31 - 00138752 ____A C:\Users\jaylew\AppData\Roaming\patbrt.dll
2012-07-25 06:45 - 2012-07-25 06:45 - 04419192 ____A (Krzysztof Kowalczyk) C:\Users\jaylew\Downloads\SumatraPDF-2.1.1-install.exe
2012-07-25 06:30 - 2012-07-25 06:30 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-07-25 06:25 - 2012-07-25 06:25 - 00001845 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2012-07-19 14:12 - 2012-07-19 14:12 - 00002687 ____A C:\Users\jaylew\Desktop\alg2_syllabus1_0.txt
2012-07-12 05:18 - 2012-02-17 18:39 - 00002407 ____A C:\Users\jaylew\Desktop\Google Chrome.lnk
2012-07-11 00:37 - 2009-07-13 20:45 - 00309944 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-11 00:04 - 2012-02-18 16:17 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-10 09:51 - 2012-07-10 09:51 - 00001023 ____A C:\Users\Public\Desktop\Cyberduck.lnk
2012-07-10 09:35 - 2012-07-10 09:35 - 13928312 ____A C:\Users\jaylew\Downloads\Cyberduck-Installer-4.2.1.exe
2012-07-06 01:32 - 2012-07-04 23:09 - 00012756 ____A C:\Users\jaylew\Desktop\supplies.ods
2012-07-06 01:32 - 2012-07-02 02:27 - 00025953 ____A C:\Users\jaylew\Desktop\experiments.odt
2012-07-02 02:31 - 2012-07-02 02:30 - 58619658 ____A C:\Users\jaylew\Downloads\FJ5ZCXMFVO9RGPR.mov
2012-06-26 12:35 - 2012-06-26 12:35 - 00739832 ____A (Google Inc.) C:\Users\jaylew\Downloads\GoogleVoiceAndVideoSetup.exe
2012-06-25 06:08 - 2012-06-25 06:08 - 00000968 ____A C:\Users\jaylew\Desktop\Free Hide Folder.lnk
2012-06-25 06:08 - 2012-06-25 06:08 - 00000968 ____A C:\Users\Guest\Desktop\Free Hide Folder.lnk
2012-06-25 06:07 - 2012-06-25 06:07 - 00895896 ____A C:\Users\jaylew\Downloads\FHFSetup.exe
2012-06-11 19:08 - 2012-07-11 00:20 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-08 21:43 - 2012-07-10 16:19 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 20:41 - 2012-07-10 16:19 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-05 22:06 - 2012-07-10 16:19 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 22:06 - 2012-07-10 16:19 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 22:02 - 2012-07-10 16:19 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-05 21:05 - 2012-07-10 16:19 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 21:05 - 2012-07-10 16:19 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-05 21:03 - 2012-07-10 16:19 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-06-02 14:19 - 2012-06-22 06:59 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-22 06:59 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-22 06:59 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-22 06:59 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-22 06:59 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-22 06:59 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-22 06:59 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 12:19 - 2012-06-22 06:58 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 12:15 - 2012-06-22 06:58 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 04:49 - 2012-07-11 00:00 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 04:17 - 2012-07-11 00:00 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 04:12 - 2012-07-11 00:00 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 04:05 - 2012-07-11 00:00 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 04:05 - 2012-07-11 00:00 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 04:04 - 2012-07-11 00:00 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 04:04 - 2012-07-11 00:00 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 04:03 - 2012-07-11 00:00 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 04:01 - 2012-07-11 00:00 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 04:00 - 2012-07-11 00:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 03:59 - 2012-07-11 00:00 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 03:57 - 2012-07-11 00:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 03:57 - 2012-07-11 00:00 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 03:54 - 2012-07-11 00:00 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-02 01:07 - 2012-07-11 00:00 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-02 00:43 - 2012-07-11 00:00 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-02 00:33 - 2012-07-11 00:00 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-02 00:26 - 2012-07-11 00:00 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-02 00:25 - 2012-07-11 00:00 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-02 00:25 - 2012-07-11 00:00 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-02 00:23 - 2012-07-11 00:00 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-02 00:21 - 2012-07-11 00:00 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-02 00:20 - 2012-07-11 00:00 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-02 00:19 - 2012-07-11 00:00 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-02 00:19 - 2012-07-11 00:00 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-02 00:17 - 2012-07-11 00:00 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-02 00:16 - 2012-07-11 00:00 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-02 00:14 - 2012-07-11 00:00 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-01 21:50 - 2012-07-10 16:19 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 21:48 - 2012-07-10 16:19 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 21:48 - 2012-07-10 16:19 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 21:45 - 2012-07-10 16:19 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 21:44 - 2012-07-10 16:19 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 20:40 - 2012-07-10 16:19 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 20:40 - 2012-07-10 16:19 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 20:39 - 2012-07-10 16:19 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-01 20:34 - 2012-07-10 16:19 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-05-31 19:05 - 2012-05-31 19:05 - 00358246 ____A C:\Users\jaylew\Downloads\Attachments_2012_05_31(1).zip
2012-05-31 18:50 - 2012-05-31 18:50 - 01093184 ____A C:\Users\jaylew\Downloads\Attachments_2012_05_31.zip
2012-05-26 15:21 - 2012-02-16 14:43 - 00001738 ____A C:\Users\jaylew\Desktop\Rainmeter.lnk
2012-05-23 15:41 - 2012-05-23 15:41 - 00001701 ____A C:\Users\jaylew\Desktop\Google Drive.lnk
2012-05-10 21:17 - 2012-05-10 21:16 - 00225336 ____A C:\Users\jaylew\Downloads\OpenDNS-Updater-2.2.1.exe
2012-05-10 20:50 - 2012-02-29 14:23 - 00066984 ____A C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2012-05-10 20:06 - 2012-05-10 20:06 - 00198384 ____A C:\Users\jaylew\Downloads\NETGEARUserUtility-1.0b40-install.exe
2012-05-10 17:05 - 2012-05-10 17:05 - 00369168 ____A (CACE Technologies, Inc.) C:\Windows\System32\wpcap.dll
2012-05-10 17:05 - 2012-05-10 17:05 - 00281104 ____A (CACE Technologies, Inc.) C:\Windows\SysWOW64\wpcap.dll
2012-05-10 17:05 - 2012-05-10 17:05 - 00106000 ____A (CACE Technologies, Inc.) C:\Windows\System32\packet.dll
2012-05-10 17:05 - 2012-05-10 17:05 - 00096784 ____A (CACE Technologies, Inc.) C:\Windows\SysWOW64\packet.dll
2012-05-10 17:05 - 2012-05-10 17:05 - 00035344 ____A (CACE Technologies, Inc.) C:\Windows\System32\Drivers\npf.sys
2012-05-10 17:05 - 2012-05-10 17:05 - 00002060 ____A C:\Users\Public\Desktop\NETGEAR Genie.lnk
2012-05-10 17:03 - 2012-05-10 17:03 - 15375408 ____A (NETGEAR Inc.) C:\Users\jaylew\Downloads\NETGEARGenie-install.exe
2012-05-10 16:43 - 2012-02-15 15:55 - 00066984 ____A C:\Users\jaylew\AppData\Local\GDIPFONTCACHEV1.DAT

ZeroAccess:
C:\Windows\Installer\{a25a49f1-4e6a-3f67-1ed2-711ac4661659}
C:\Windows\Installer\{a25a49f1-4e6a-3f67-1ed2-711ac4661659}\@
C:\Windows\Installer\{a25a49f1-4e6a-3f67-1ed2-711ac4661659}\L
C:\Windows\Installer\{a25a49f1-4e6a-3f67-1ed2-711ac4661659}\n
C:\Windows\Installer\{a25a49f1-4e6a-3f67-1ed2-711ac4661659}\U
C:\Windows\Installer\{a25a49f1-4e6a-3f67-1ed2-711ac4661659}\L\00000004.@
C:\Windows\Installer\{a25a49f1-4e6a-3f67-1ed2-711ac4661659}\L\201d3dde
C:\Windows\Installer\{a25a49f1-4e6a-3f67-1ed2-711ac4661659}\U\00000008.@

ZeroAccess:
C:\Users\jaylew\AppData\Local\{a25a49f1-4e6a-3f67-1ed2-711ac4661659}
C:\Users\jaylew\AppData\Local\{a25a49f1-4e6a-3f67-1ed2-711ac4661659}\@
C:\Users\jaylew\AppData\Local\{a25a49f1-4e6a-3f67-1ed2-711ac4661659}\L
C:\Users\jaylew\AppData\Local\{a25a49f1-4e6a-3f67-1ed2-711ac4661659}\U

Possible partition infection:
C:\Windows\svchost.exe

========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 15%
Total physical RAM: 3582.16 MB
Available physical RAM: 3023.91 MB
Total Pagefile: 3580.31 MB
Available Pagefile: 3022.55 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:55.8 GB) (Free:23.73 GB) NTFS
2 Drive d: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
5 Drive h: (Transcend) (Removable) (Total:3.73 GB) (Free:1.82 GB) FAT32
6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
7 Drive y: () (Fixed) (Total:143.97 GB) (Free:13.24 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 149 GB 0 B
Disk 1 Online 55 GB 0 B
Disk 2 Online 3830 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 OEM 47 MB 31 KB
Partition 2 Primary 143 GB 47 MB
Partition 3 Primary 5114 MB 144 GB

==================================================================================

Disk: 0
Partition 1
Type : DE
Hidden: Yes
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 6 FAT Partition 47 MB Healthy Hidden

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 Y NTFS Partition 143 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : DB
Hidden: Yes
Active: No

There is no volume associated with this partition.

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 55 GB 101 MB

==================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D System Rese NTFS Partition 100 MB Healthy

==================================================================================

Disk: 1
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 C NTFS Partition 55 GB Healthy

==================================================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 3826 MB 4096 KB

==================================================================================

Disk: 2
Partition 1
Type : 0B
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 H Transcend FAT32 Removable 3826 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-06-27 22:04

======================= End Of Log ==========================

Broni · Aug 5, 2012

Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

====================================

Re-run FRST again.
Type the following in the edit box after "Search:".

services.exe

Click Search button and post the log (Search.txt) it makes in your reply.

jaylew · Aug 5, 2012

Farbar Recovery Scan Tool Version: 04-08-2012 01
Ran by SYSTEM at 2012-08-05 12:40:17
Running from H:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

====== End Of Search ======

Broni · Aug 5, 2012

Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Next...

Restart normally.

Download TDSSKiller and save it to your desktop.

Extract (unzip) its contents to your desktop.
Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
If an infected file is detected, the default action will be Cure, click on Continue.
If a suspicious file is detected, the default action will be Skip, click on Continue.
It may ask you to reboot the computer to complete the process. Click on Reboot Now.
If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

jaylew · Aug 5, 2012

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 04-08-2012 01
Ran by SYSTEM at 2012-08-05 17:10:30 Run:1
Running from H:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
C:\Windows\System32\consrv.dll not found.
HKEY_USERS\jaylew\Software\Microsoft\Windows\CurrentVersion\Run\\sdrfs Value deleted successfully.
C:\Users\jaylew\AppData\Roaming\sdrfs.dll moved successfully.
C:\Windows\System32\services.exe.511C2FC13589DA82 moved successfully.
C:\Windows\System32\services.exe.A2BFB6E870E35404 moved successfully.
C:\Windows\System32\services.exe.990923A08F656C41 moved successfully.
C:\Windows\System32\services.exe.68A7E0F2A554FEF2 moved successfully.
C:\Windows\System32\services.exe.33FB91C51B47D9C0 moved successfully.
C:\Windows\System32\services.exe.6784E76DC6DD6797 moved successfully.
C:\Windows\System32\services.exe.410F7019A3E47DF6 moved successfully.
C:\Windows\System32\services.exe.88E4748589F250E6 moved successfully.
C:\Windows\System32\services.exe.50D44AC29DDC02EA moved successfully.
C:\Windows\System32\services.exe.5B83AD76B728BE57 moved successfully.
C:\Windows\System32\services.exe.0B04096029ACE34A moved successfully.
C:\Windows\System32\services.exe.076AF708EFE19D25 moved successfully.
C:\Windows\System32\services.exe.2031C523EC85A960 moved successfully.
C:\Windows\System32\services.exe.F8FA3A42C6AC1938 moved successfully.
C:\Windows\System32\services.exe.B039D8C3437240D4 moved successfully.
C:\Windows\System32\services.exe.D9450E568C651AAB moved successfully.
C:\Windows\System32\services.exe.B241077791B7EC74 moved successfully.
C:\Windows\System32\services.exe.5B7CEC5ECBDB852E moved successfully.
C:\Windows\System32\services.exe.35CD4692C176A4D1 moved successfully.
C:\Windows\System32\services.exe.839AF74635CCB65C moved successfully.
C:\Windows\System32\services.exe.F5F62BF72FA33FAF moved successfully.
C:\Windows\System32\services.exe.04EEAB4BB4ECD247 moved successfully.
C:\Windows\System32\services.exe.8695B827054DC989 moved successfully.
C:\Windows\System32\services.exe.B1E37CF3108BA47B moved successfully.
C:\Windows\System32\services.exe.F7FFEFC6FC8B42D9 moved successfully.
C:\Windows\System32\services.exe.163DEE6D53864250 moved successfully.
C:\Windows\System32\services.exe.0F13ABBCBCDDB242 moved successfully.
C:\Windows\System32\services.exe.7B7DC66BA2866782 moved successfully.
C:\Windows\System32\services.exe.3C535F3BFD8A7E43 moved successfully.
C:\Windows\System32\services.exe.E8BDAE26EE54E693 moved successfully.
C:\Windows\System32\services.exe.94FA46219A300B86 moved successfully.
C:\Windows\System32\services.exe.D8A0B5266BCBAF16 moved successfully.
C:\Windows\System32\services.exe.A0E5FD3F6A654672 moved successfully.
C:\Windows\System32\services.exe.5499FC4136D0A7E0 moved successfully.
C:\Windows\System32\services.exe.7D519A640993AB49 moved successfully.
C:\Windows\svchost.exe moved successfully.
C:\Windows\System32\services.exe.4185522F09C7AE52 moved successfully.
C:\Windows\System32\services.exe.1A2729A2C5765B40 moved successfully.
C:\Windows\System32\services.exe.FBFD2CE184A71BFB moved successfully.
C:\Windows\System32\services.exe.C8FB6A31690A5334 moved successfully.
C:\Windows\System32\Drivers\pxcohblz.sys moved successfully.
C:\Windows\System32\services.exe.A9F79618A4DD2055 moved successfully.
C:\Windows\System32\services.exe.024B0C076D4EC22F moved successfully.
C:\Windows\System32\services.exe.66209165ABCC3DEC moved successfully.
C:\Windows\System32\services.exe.F90D1581347F5587 moved successfully.
C:\Windows\System32\services.exe.959B83F37C14C8B4 moved successfully.
C:\Windows\System32\services.exe.3FC97012005433FC moved successfully.
C:\Users\jaylew\AppData\Roaming\patbrt.dll moved successfully.
C:\Windows\Installer\{a25a49f1-4e6a-3f67-1ed2-711ac4661659} moved successfully.
C:\Users\jaylew\AppData\Local\{a25a49f1-4e6a-3f67-1ed2-711ac4661659} moved successfully.
C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

==== End of Fixlog ====

jaylew · Aug 5, 2012

17:19:31.0677 0320 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
17:19:32.0118 0320 ============================================================
17:19:32.0119 0320 Current date / time: 2012/08/05 17:19:32.0118
17:19:32.0119 0320 SystemInfo:
17:19:32.0119 0320
17:19:32.0119 0320 OS Version: 6.1.7601 ServicePack: 1.0
17:19:32.0119 0320 Product type: Workstation
17:19:32.0119 0320 ComputerName: JAYLEW-PC
17:19:32.0119 0320 UserName: jaylew
17:19:32.0119 0320 Windows directory: C:\Windows
17:19:32.0119 0320 System windows directory: C:\Windows
17:19:32.0119 0320 Running under WOW64
17:19:32.0119 0320 Processor architecture: Intel x64
17:19:32.0119 0320 Number of processors: 2
17:19:32.0119 0320 Page size: 0x1000
17:19:32.0119 0320 Boot type: Normal boot
17:19:32.0119 0320 ============================================================
17:19:35.0369 0320 Drive \Device\Harddisk1\DR1 - Size: 0xDF99E6000 (55.90 Gb), SectorSize: 0x200, Cylinders: 0x1C81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:19:35.0380 0320 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:19:35.0506 0320 ============================================================
17:19:35.0506 0320 \Device\Harddisk1\DR1:
17:19:35.0508 0320 MBR partitions:
17:19:35.0508 0320 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
17:19:35.0508 0320 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x6F99800
17:19:35.0508 0320 \Device\Harddisk0\DR0:
17:19:35.0508 0320 MBR partitions:
17:19:35.0508 0320 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x17886, BlocksNum 0x11FF04EA
17:19:35.0508 0320 ============================================================
17:19:35.0510 0320 C: <-> \Device\Harddisk1\DR1\Partition1
17:19:35.0541 0320 F: <-> \Device\Harddisk0\DR0\Partition0
17:19:35.0541 0320 ============================================================
17:19:35.0541 0320 Initialize success
17:19:35.0541 0320 ============================================================
17:19:39.0349 4320 ============================================================
17:19:39.0349 4320 Scan started
17:19:39.0349 4320 Mode: Manual;
17:19:39.0349 4320 ============================================================
17:19:39.0578 4320 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
17:19:39.0601 4320 1394ohci - ok
17:19:39.0631 4320 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
17:19:39.0634 4320 ACPI - ok
17:19:39.0646 4320 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
17:19:39.0659 4320 AcpiPmi - ok
17:19:39.0674 4320 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:19:39.0675 4320 AdobeARMservice - ok
17:19:39.0706 4320 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
17:19:39.0735 4320 adp94xx - ok
17:19:39.0758 4320 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
17:19:39.0785 4320 adpahci - ok
17:19:39.0804 4320 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
17:19:39.0830 4320 adpu320 - ok
17:19:39.0847 4320 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
17:19:39.0848 4320 AeLookupSvc - ok
17:19:39.0886 4320 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
17:19:39.0929 4320 AFD - ok
17:19:39.0938 4320 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
17:19:39.0963 4320 agp440 - ok
17:19:39.0971 4320 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
17:19:40.0033 4320 ALG - ok
17:19:40.0039 4320 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
17:19:40.0059 4320 aliide - ok
17:19:40.0070 4320 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
17:19:40.0100 4320 amdide - ok
17:19:40.0109 4320 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
17:19:40.0128 4320 AmdK8 - ok
17:19:40.0135 4320 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
17:19:40.0159 4320 AmdPPM - ok
17:19:40.0169 4320 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
17:19:40.0194 4320 amdsata - ok
17:19:40.0211 4320 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
17:19:40.0241 4320 amdsbs - ok
17:19:40.0248 4320 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
17:19:40.0265 4320 amdxata - ok
17:19:40.0279 4320 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
17:19:40.0304 4320 AppID - ok
17:19:40.0310 4320 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
17:19:40.0344 4320 AppIDSvc - ok
17:19:40.0352 4320 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
17:19:40.0353 4320 Appinfo - ok
17:19:40.0377 4320 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
17:19:40.0379 4320 Apple Mobile Device - ok
17:19:40.0401 4320 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
17:19:40.0444 4320 AppMgmt - ok
17:19:40.0456 4320 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
17:19:40.0475 4320 arc - ok
17:19:40.0490 4320 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
17:19:40.0510 4320 arcsas - ok
17:19:40.0516 4320 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
17:19:40.0531 4320 AsyncMac - ok
17:19:40.0540 4320 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
17:19:40.0541 4320 atapi - ok
17:19:40.0597 4320 Ati External Event Utility (ca4a0176fa380efd45de9d0acb9e1f86) C:\Windows\system32\Ati2evxx.exe
17:19:40.0752 4320 Ati External Event Utility - ok
17:19:41.0015 4320 atikmdag (aeae4abe6419923c037a0b2a157e1fc6) C:\Windows\system32\DRIVERS\atikmdag.sys
17:19:41.0127 4320 atikmdag - ok
17:19:41.0196 4320 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
17:19:41.0244 4320 AudioEndpointBuilder - ok
17:19:41.0254 4320 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
17:19:41.0259 4320 AudioSrv - ok
17:19:41.0273 4320 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
17:19:41.0319 4320 AxInstSV - ok
17:19:41.0346 4320 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
17:19:41.0372 4320 b06bdrv - ok
17:19:41.0393 4320 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
17:19:41.0418 4320 b57nd60a - ok
17:19:41.0440 4320 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
17:19:41.0481 4320 BDESVC - ok
17:19:41.0488 4320 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
17:19:41.0501 4320 Beep - ok
17:19:41.0517 4320 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
17:19:41.0535 4320 blbdrive - ok
17:19:41.0566 4320 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
17:19:41.0570 4320 Bonjour Service - ok
17:19:41.0580 4320 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
17:19:41.0601 4320 bowser - ok
17:19:41.0625 4320 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:19:41.0640 4320 BrFiltLo - ok
17:19:41.0646 4320 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:19:41.0660 4320 BrFiltUp - ok
17:19:41.0684 4320 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
17:19:41.0722 4320 Browser - ok
17:19:41.0737 4320 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
17:19:41.0761 4320 Brserid - ok
17:19:41.0768 4320 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
17:19:41.0785 4320 BrSerWdm - ok
17:19:41.0795 4320 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
17:19:41.0812 4320 BrUsbMdm - ok
17:19:41.0818 4320 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
17:19:41.0834 4320 BrUsbSer - ok
17:19:41.0860 4320 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
17:19:41.0885 4320 BTHMODEM - ok
17:19:41.0900 4320 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
17:19:41.0935 4320 bthserv - ok
17:19:41.0944 4320 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
17:19:41.0964 4320 cdfs - ok
17:19:41.0977 4320 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
17:19:42.0000 4320 cdrom - ok
17:19:42.0009 4320 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
17:19:42.0047 4320 CertPropSvc - ok
17:19:42.0064 4320 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
17:19:42.0081 4320 circlass - ok
17:19:42.0108 4320 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
17:19:42.0153 4320 CLFS - ok
17:19:42.0164 4320 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:19:42.0214 4320 clr_optimization_v2.0.50727_32 - ok
17:19:42.0225 4320 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:19:42.0250 4320 clr_optimization_v2.0.50727_64 - ok
17:19:42.0268 4320 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:19:42.0273 4320 clr_optimization_v4.0.30319_32 - ok
17:19:42.0286 4320 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:19:42.0290 4320 clr_optimization_v4.0.30319_64 - ok
17:19:42.0296 4320 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
17:19:42.0313 4320 CmBatt - ok
17:19:42.0325 4320 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
17:19:42.0339 4320 cmdide - ok
17:19:42.0366 4320 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
17:19:42.0409 4320 CNG - ok
17:19:42.0416 4320 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
17:19:42.0435 4320 Compbatt - ok
17:19:42.0444 4320 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
17:19:42.0460 4320 CompositeBus - ok
17:19:42.0466 4320 COMSysApp - ok
17:19:42.0477 4320 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
17:19:42.0493 4320 crcdisk - ok
17:19:42.0508 4320 Creative Audio Engine Licensing Service (c0ead9f8ab83d41ff07303c75589c2b8) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
17:19:49.0766 4320 Creative Audio Engine Licensing Service - ok
17:19:49.0785 4320 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
17:19:49.0827 4320 CryptSvc - ok
17:19:49.0858 4320 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
17:19:49.0893 4320 CSC - ok
17:19:49.0928 4320 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
17:19:49.0977 4320 CscService - ok
17:19:50.0002 4320 CTAudSvcService (69cdba2b9c397e349a04fa70dd9170a2) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
17:19:50.0163 4320 CTAudSvcService - ok
17:19:50.0214 4320 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
17:19:50.0223 4320 DcomLaunch - ok
17:19:50.0247 4320 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
17:19:50.0293 4320 defragsvc - ok
17:19:50.0311 4320 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
17:19:50.0337 4320 DfsC - ok
17:19:50.0358 4320 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
17:19:50.0402 4320 Dhcp - ok
17:19:50.0409 4320 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
17:19:50.0451 4320 discache - ok
17:19:50.0459 4320 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
17:19:50.0483 4320 Disk - ok
17:19:50.0501 4320 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
17:19:50.0569 4320 Dnscache - ok
17:19:50.0585 4320 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
17:19:50.0627 4320 dot3svc - ok
17:19:50.0639 4320 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
17:19:50.0642 4320 DPS - ok
17:19:50.0648 4320 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
17:19:50.0664 4320 drmkaud - ok
17:19:50.0709 4320 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
17:19:50.0743 4320 DXGKrnl - ok
17:19:50.0760 4320 E100B (a6db3a7828b456a574243066e2e77d8c) C:\Windows\system32\DRIVERS\efe5b32e.sys
17:19:50.0763 4320 E100B - ok
17:19:50.0778 4320 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
17:19:50.0822 4320 EapHost - ok
17:19:50.0940 4320 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
17:19:50.0995 4320 ebdrv - ok
17:19:51.0031 4320 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
17:19:51.0056 4320 EFS - ok
17:19:51.0096 4320 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
17:19:51.0166 4320 ehRecvr - ok
17:19:51.0179 4320 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
17:19:51.0235 4320 ehSched - ok
17:19:51.0271 4320 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
17:19:51.0305 4320 elxstor - ok
17:19:51.0317 4320 EPSON_EB_RPCV4_01 (b5581646636759d0dafa8b008881c079) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
17:19:51.0423 4320 EPSON_EB_RPCV4_01 - ok
17:19:51.0437 4320 EPSON_PM_RPCV4_01 (1e345f2a2d95da3190596e691cde9342) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
17:19:51.0525 4320 EPSON_PM_RPCV4_01 - ok
17:19:51.0532 4320 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
17:19:51.0546 4320 ErrDev - ok
17:19:51.0590 4320 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
17:19:51.0597 4320 EventSystem - ok
17:19:51.0614 4320 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
17:19:51.0639 4320 exfat - ok
17:19:51.0655 4320 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
17:19:51.0677 4320 fastfat - ok
17:19:51.0716 4320 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
17:19:51.0723 4320 Fax - ok
17:19:51.0730 4320 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
17:19:51.0772 4320 fdc - ok
17:19:51.0779 4320 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
17:19:51.0819 4320 fdPHost - ok
17:19:51.0827 4320 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
17:19:51.0863 4320 FDResPub - ok
17:19:51.0876 4320 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
17:19:51.0897 4320 FileInfo - ok
17:19:51.0905 4320 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
17:19:51.0932 4320 Filetrace - ok
17:19:51.0939 4320 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
17:19:51.0954 4320 flpydisk - ok
17:19:51.0975 4320 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
17:19:52.0010 4320 FltMgr - ok
17:19:52.0077 4320 FontCache (b4447f606bb19fd8ad0bafb59b90f5d9) C:\Windows\system32\FntCache.dll
17:19:52.0092 4320 FontCache - ok
17:19:52.0104 4320 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:19:52.0129 4320 FontCache3.0.0.0 - ok
17:19:52.0140 4320 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
17:19:52.0170 4320 FsDepends - ok
17:19:52.0176 4320 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
17:19:52.0194 4320 Fs_Rec - ok
17:19:52.0215 4320 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
17:19:52.0244 4320 fvevol - ok
17:19:52.0252 4320 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
17:19:52.0277 4320 gagp30kx - ok
17:19:52.0292 4320 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
17:19:52.0309 4320 GEARAspiWDM - ok
17:19:52.0353 4320 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
17:19:52.0406 4320 gpsvc - ok
17:19:52.0422 4320 gupdate (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:19:52.0423 4320 gupdate - ok
17:19:52.0431 4320 gupdatem (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:19:52.0433 4320 gupdatem - ok
17:19:52.0461 4320 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
17:19:52.0477 4320 hcw85cir - ok
17:19:52.0490 4320 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
17:19:52.0507 4320 HDAudBus - ok
17:19:52.0523 4320 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
17:19:52.0537 4320 HidBatt - ok
17:19:52.0555 4320 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
17:19:52.0579 4320 HidBth - ok
17:19:52.0592 4320 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
17:19:52.0611 4320 HidIr - ok
17:19:52.0620 4320 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
17:19:52.0621 4320 hidserv - ok
17:19:52.0628 4320 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
17:19:52.0650 4320 HidUsb - ok
17:19:52.0659 4320 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
17:19:52.0704 4320 hkmsvc - ok
17:19:52.0719 4320 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
17:19:52.0768 4320 HomeGroupListener - ok
17:19:52.0784 4320 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
17:19:52.0788 4320 HomeGroupProvider - ok
17:19:52.0797 4320 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
17:19:52.0818 4320 HpSAMD - ok
17:19:52.0859 4320 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
17:19:52.0904 4320 HTTP - ok
17:19:52.0911 4320 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
17:19:52.0924 4320 hwpolicy - ok
17:19:52.0934 4320 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
17:19:52.0964 4320 i8042prt - ok
17:19:52.0994 4320 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
17:19:53.0051 4320 iaStorV - ok
17:19:53.0097 4320 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:19:53.0147 4320 idsvc - ok
17:19:53.0156 4320 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
17:19:53.0175 4320 iirsp - ok
17:19:53.0214 4320 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
17:19:53.0270 4320 IKEEXT - ok
17:19:53.0281 4320 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
17:19:53.0295 4320 intelide - ok
17:19:53.0309 4320 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
17:19:53.0310 4320 intelppm - ok
17:19:53.0323 4320 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
17:19:53.0375 4320 IPBusEnum - ok
17:19:53.0384 4320 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:19:53.0409 4320 IpFilterDriver - ok
17:19:53.0421 4320 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
17:19:53.0442 4320 IPMIDRV - ok
17:19:53.0454 4320 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
17:19:53.0482 4320 IPNAT - ok
17:19:53.0528 4320 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe
17:19:53.0535 4320 iPod Service - ok
17:19:53.0542 4320 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
17:19:53.0559 4320 IRENUM - ok
17:19:53.0565 4320 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
17:19:53.0585 4320 isapnp - ok
17:19:53.0606 4320 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
17:19:53.0635 4320 iScsiPrt - ok
17:19:53.0664 4320 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
17:19:53.0699 4320 kbdclass - ok
17:19:53.0706 4320 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
17:19:53.0736 4320 kbdhid - ok
17:19:53.0743 4320 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:19:53.0744 4320 KeyIso - ok
17:19:53.0760 4320 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
17:19:53.0789 4320 KSecDD - ok
17:19:53.0804 4320 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
17:19:53.0837 4320 KSecPkg - ok
17:19:53.0844 4320 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
17:19:53.0864 4320 ksthunk - ok
17:19:53.0883 4320 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
17:19:53.0929 4320 KtmRm - ok
17:19:53.0949 4320 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
17:19:53.0994 4320 LanmanServer - ok
17:19:54.0010 4320 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
17:19:54.0056 4320 LanmanWorkstation - ok
17:19:54.0072 4320 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
17:19:54.0093 4320 lltdio - ok
17:19:54.0110 4320 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
17:19:54.0156 4320 lltdsvc - ok
17:19:54.0163 4320 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
17:19:54.0193 4320 lmhosts - ok
17:19:54.0220 4320 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
17:19:54.0239 4320 LSI_FC - ok
17:19:54.0249 4320 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
17:19:54.0268 4320 LSI_SAS - ok
17:19:54.0280 4320 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:19:54.0298 4320 LSI_SAS2 - ok
17:19:54.0308 4320 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:19:54.0326 4320 LSI_SCSI - ok
17:19:54.0342 4320 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
17:19:54.0370 4320 luafv - ok
17:19:54.0393 4320 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
17:19:54.0430 4320 Mcx2Svc - ok
17:19:54.0438 4320 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
17:19:54.0455 4320 megasas - ok
17:19:54.0478 4320 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
17:19:54.0514 4320 MegaSR - ok
17:19:54.0527 4320 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:19:54.0557 4320 MMCSS - ok
17:19:54.0564 4320 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
17:19:54.0581 4320 Modem - ok
17:19:54.0595 4320 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
17:19:54.0596 4320 monitor - ok
17:19:54.0609 4320 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
17:19:54.0634 4320 mouclass - ok
17:19:54.0641 4320 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
17:19:54.0664 4320 mouhid - ok
17:19:54.0678 4320 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
17:19:54.0704 4320 mountmgr - ok
17:19:54.0714 4320 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
17:19:54.0836 4320 MozillaMaintenance - ok
17:19:54.0852 4320 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
17:19:54.0880 4320 MpFilter - ok
17:19:54.0892 4320 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
17:19:54.0917 4320 mpio - ok
17:19:54.0926 4320 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
17:19:54.0952 4320 mpsdrv - ok
17:19:54.0964 4320 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
17:19:54.0992 4320 MRxDAV - ok
17:19:55.0008 4320 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
17:19:55.0041 4320 mrxsmb - ok
17:19:55.0063 4320 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:19:55.0094 4320 mrxsmb10 - ok
17:19:55.0110 4320 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:19:55.0135 4320 mrxsmb20 - ok
17:19:55.0142 4320 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
17:19:55.0157 4320 msahci - ok
17:19:55.0168 4320 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
17:19:55.0194 4320 msdsm - ok
17:19:55.0211 4320 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
17:19:55.0249 4320 MSDTC - ok
17:19:55.0263 4320 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
17:19:55.0280 4320 Msfs - ok
17:19:55.0287 4320 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
17:19:55.0309 4320 mshidkmdf - ok
17:19:55.0315 4320 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
17:19:55.0331 4320 msisadrv - ok
17:19:55.0349 4320 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
17:19:55.0393 4320 MSiSCSI - ok
17:19:55.0399 4320 msiserver - ok
17:19:55.0414 4320 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
17:19:55.0430 4320 MSKSSRV - ok
17:19:55.0439 4320 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
17:19:55.0440 4320 MsMpSvc - ok
17:19:55.0448 4320 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
17:19:55.0464 4320 MSPCLOCK - ok
17:19:55.0472 4320 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
17:19:55.0487 4320 MSPQM - ok
17:19:55.0508 4320 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
17:19:55.0538 4320 MsRPC - ok
17:19:55.0554 4320 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
17:19:55.0555 4320 mssmbios - ok
17:19:55.0561 4320 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
17:19:55.0585 4320 MSTEE - ok
17:19:55.0592 4320 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
17:19:55.0613 4320 MTConfig - ok
17:19:55.0621 4320 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
17:19:55.0660 4320 Mup - ok
17:19:55.0684 4320 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
17:19:55.0692 4320 napagent - ok
17:19:55.0711 4320 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
17:19:55.0744 4320 NativeWifiP - ok
17:19:55.0807 4320 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
17:19:55.0834 4320 NDIS - ok
17:19:55.0844 4320 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
17:19:55.0866 4320 NdisCap - ok
17:19:55.0873 4320 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
17:19:55.0898 4320 NdisTapi - ok
17:19:55.0906 4320 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
17:19:55.0926 4320 Ndisuio - ok
17:19:55.0940 4320 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
17:19:55.0971 4320 NdisWan - ok
17:19:55.0980 4320 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
17:19:56.0009 4320 NDProxy - ok
17:19:56.0016 4320 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
17:19:56.0042 4320 NetBIOS - ok
17:19:56.0061 4320 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
17:19:56.0096 4320 NetBT - ok
17:19:56.0166 4320 NETGEARGenieDaemon (ea833758be56a68aabecd50e1ddcf4a3) C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe
17:19:56.0175 4320 NETGEARGenieDaemon - ok
17:19:56.0211 4320 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:19:56.0213 4320 Netlogon - ok
17:19:56.0237 4320 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
17:19:56.0244 4320 Netman - ok
17:19:56.0279 4320 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
17:19:56.0289 4320 netprofm - ok
17:19:56.0299 4320 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:19:56.0347 4320 NetTcpPortSharing - ok
17:19:56.0364 4320 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
17:19:56.0382 4320 nfrd960 - ok
17:19:56.0391 4320 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
17:19:56.0415 4320 NisDrv - ok
17:19:56.0432 4320 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
17:19:56.0483 4320 NisSrv - ok
17:19:56.0509 4320 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
17:19:56.0514 4320 NlaSvc - ok
17:19:56.0523 4320 NPF (351533acc2a069b94e80bbfc177e8fdf) C:\Windows\system32\drivers\npf.sys
17:19:56.0542 4320 NPF - ok
17:19:56.0553 4320 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
17:19:56.0572 4320 Npfs - ok
17:19:56.0590 4320 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
17:19:56.0622 4320 nsi - ok
17:19:56.0629 4320 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
17:19:56.0650 4320 nsiproxy - ok
17:19:56.0833 4320 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
17:19:56.0893 4320 Ntfs - ok
17:19:56.0929 4320 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
17:19:56.0942 4320 Null - ok
17:19:56.0958 4320 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
17:19:56.0983 4320 nvraid - ok
17:19:56.0996 4320 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
17:19:57.0017 4320 nvstor - ok
17:19:57.0028 4320 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
17:19:57.0060 4320 nv_agp - ok
17:19:57.0074 4320 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
17:19:57.0095 4320 ohci1394 - ok
17:19:57.0175 4320 P17 (edd1dcd36f6115acc6935c3f88ff54d7) C:\Windows\system32\drivers\P17.sys
17:19:57.0208 4320 P17 - ok
17:19:57.0231 4320 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:19:57.0283 4320 p2pimsvc - ok
17:19:57.0310 4320 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
17:19:57.0375 4320 p2psvc - ok
17:19:57.0418 4320 PanService (77cdc6c43d8c3e05d0e21b36eaabebae) C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
17:19:57.0422 4320 PanService - ok
17:19:57.0448 4320 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
17:19:57.0474 4320 Parport - ok
17:19:57.0485 4320 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
17:19:57.0507 4320 partmgr - ok
17:19:57.0525 4320 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
17:19:57.0565 4320 PcaSvc - ok
17:19:57.0579 4320 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
17:19:57.0581 4320 pci - ok
17:19:57.0593 4320 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
17:19:57.0606 4320 pciide - ok
17:19:57.0622 4320 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
17:19:57.0647 4320 pcmcia - ok
17:19:57.0656 4320 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
17:19:57.0674 4320 pcw - ok
17:19:57.0707 4320 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
17:19:57.0734 4320 PEAUTH - ok
17:19:57.0789 4320 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
17:19:57.0847 4320 PeerDistSvc - ok
17:19:57.0884 4320 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
17:19:57.0913 4320 PerfHost - ok
17:19:58.0029 4320 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
17:19:58.0117 4320 pla - ok
17:19:58.0141 4320 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
17:19:58.0186 4320 PlugPlay - ok
17:19:58.0194 4320 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
17:19:58.0234 4320 PNRPAutoReg - ok
17:19:58.0256 4320 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
17:19:58.0261 4320 PNRPsvc - ok
17:19:58.0292 4320 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
17:19:58.0345 4320 PolicyAgent - ok
17:19:58.0368 4320 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

jaylew · Aug 5, 2012

17:19:58.0409 4320 Power - ok
17:19:58.0423 4320 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
17:19:58.0446 4320 PptpMiniport - ok
17:19:58.0454 4320 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
17:19:58.0473 4320 Processor - ok
17:19:58.0491 4320 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
17:19:58.0548 4320 ProfSvc - ok
17:19:58.0561 4320 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:19:58.0563 4320 ProtectedStorage - ok
17:19:58.0577 4320 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
17:19:58.0601 4320 Psched - ok
17:19:58.0693 4320 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
17:19:58.0746 4320 ql2300 - ok
17:19:58.0786 4320 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
17:19:58.0817 4320 ql40xx - ok
17:19:58.0832 4320 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
17:19:58.0885 4320 QWAVE - ok
17:19:58.0893 4320 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
17:19:58.0919 4320 QWAVEdrv - ok
17:19:58.0926 4320 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
17:19:58.0945 4320 RasAcd - ok
17:19:58.0954 4320 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
17:19:58.0975 4320 RasAgileVpn - ok
17:19:58.0991 4320 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
17:19:59.0031 4320 RasAuto - ok
17:19:59.0042 4320 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
17:19:59.0067 4320 Rasl2tp - ok
17:19:59.0089 4320 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
17:19:59.0135 4320 RasMan - ok
17:19:59.0153 4320 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
17:19:59.0173 4320 RasPppoe - ok
17:19:59.0185 4320 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
17:19:59.0208 4320 RasSstp - ok
17:19:59.0231 4320 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
17:19:59.0269 4320 rdbss - ok
17:19:59.0276 4320 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
17:19:59.0298 4320 rdpbus - ok
17:19:59.0305 4320 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
17:19:59.0324 4320 RDPCDD - ok
17:19:59.0341 4320 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
17:19:59.0380 4320 RDPDR - ok
17:19:59.0388 4320 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
17:19:59.0411 4320 RDPENCDD - ok
17:19:59.0422 4320 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
17:19:59.0438 4320 RDPREFMP - ok
17:19:59.0455 4320 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
17:19:59.0476 4320 RdpVideoMiniport - ok
17:19:59.0496 4320 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
17:19:59.0525 4320 RDPWD - ok
17:19:59.0543 4320 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
17:19:59.0574 4320 rdyboost - ok
17:19:59.0585 4320 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
17:19:59.0626 4320 RemoteAccess - ok
17:19:59.0644 4320 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
17:19:59.0684 4320 RemoteRegistry - ok
17:19:59.0694 4320 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
17:19:59.0731 4320 RpcEptMapper - ok
17:19:59.0737 4320 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
17:19:59.0763 4320 RpcLocator - ok
17:19:59.0792 4320 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
17:19:59.0798 4320 RpcSs - ok
17:19:59.0813 4320 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
17:19:59.0833 4320 rspndr - ok
17:19:59.0840 4320 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
17:19:59.0856 4320 s3cap - ok
17:19:59.0876 4320 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:19:59.0878 4320 SamSs - ok
17:19:59.0892 4320 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
17:19:59.0920 4320 sbp2port - ok
17:19:59.0935 4320 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
17:19:59.0981 4320 SCardSvr - ok
17:19:59.0990 4320 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
17:20:00.0008 4320 scfilter - ok
17:20:00.0064 4320 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
17:20:00.0129 4320 Schedule - ok
17:20:00.0144 4320 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
17:20:00.0146 4320 SCPolicySvc - ok
17:20:00.0164 4320 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
17:20:00.0210 4320 SDRSVC - ok
17:20:00.0221 4320 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
17:20:00.0241 4320 secdrv - ok
17:20:00.0251 4320 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
17:20:00.0284 4320 seclogon - ok
17:20:00.0297 4320 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
17:20:00.0300 4320 SENS - ok
17:20:00.0312 4320 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
17:20:00.0351 4320 SensrSvc - ok
17:20:00.0358 4320 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
17:20:00.0379 4320 Serenum - ok
17:20:00.0388 4320 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
17:20:00.0408 4320 Serial - ok
17:20:00.0420 4320 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
17:20:00.0436 4320 sermouse - ok
17:20:00.0468 4320 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
17:20:00.0514 4320 SessionEnv - ok
17:20:00.0521 4320 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
17:20:00.0538 4320 sffdisk - ok
17:20:00.0547 4320 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
17:20:00.0569 4320 sffp_mmc - ok
17:20:00.0576 4320 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
17:20:00.0595 4320 sffp_sd - ok
17:20:00.0602 4320 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
17:20:00.0617 4320 sfloppy - ok
17:20:00.0643 4320 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
17:20:00.0686 4320 ShellHWDetection - ok
17:20:00.0694 4320 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:20:00.0710 4320 SiSRaid2 - ok
17:20:00.0720 4320 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
17:20:00.0738 4320 SiSRaid4 - ok
17:20:00.0747 4320 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
17:20:00.0773 4320 Smb - ok
17:20:00.0792 4320 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
17:20:00.0883 4320 SNMPTRAP - ok
17:20:00.0896 4320 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
17:20:00.0923 4320 spldr - ok
17:20:00.0955 4320 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
17:20:01.0002 4320 Spooler - ok
17:20:01.0137 4320 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
17:20:01.0162 4320 sppsvc - ok
17:20:01.0199 4320 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
17:20:01.0235 4320 sppuinotify - ok
17:20:01.0263 4320 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
17:20:01.0303 4320 srv - ok
17:20:01.0325 4320 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
17:20:01.0357 4320 srv2 - ok
17:20:01.0376 4320 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
17:20:01.0413 4320 srvnet - ok
17:20:01.0436 4320 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
17:20:01.0441 4320 SSDPSRV - ok
17:20:01.0455 4320 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
17:20:01.0499 4320 SstpSvc - ok
17:20:01.0507 4320 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
17:20:01.0533 4320 stexstor - ok
17:20:01.0565 4320 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
17:20:01.0620 4320 stisvc - ok
17:20:01.0629 4320 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
17:20:01.0647 4320 storflt - ok
17:20:01.0695 4320 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
17:20:01.0712 4320 storvsc - ok
17:20:01.0741 4320 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
17:20:01.0758 4320 swenum - ok
17:20:01.0792 4320 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
17:20:01.0840 4320 swprv - ok
17:20:01.0849 4320 Synth3dVsc - ok
17:20:01.0943 4320 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
17:20:02.0016 4320 SysMain - ok
17:20:02.0060 4320 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
17:20:02.0101 4320 TabletInputService - ok
17:20:02.0119 4320 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
17:20:02.0163 4320 TapiSrv - ok
17:20:02.0177 4320 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
17:20:02.0213 4320 TBS - ok
17:20:02.0296 4320 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
17:20:02.0364 4320 Tcpip - ok
17:20:02.0474 4320 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
17:20:02.0486 4320 TCPIP6 - ok
17:20:02.0531 4320 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
17:20:02.0559 4320 tcpipreg - ok
17:20:02.0575 4320 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
17:20:02.0599 4320 TDPIPE - ok
17:20:02.0608 4320 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
17:20:02.0626 4320 TDTCP - ok
17:20:02.0639 4320 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
17:20:02.0666 4320 tdx - ok
17:20:02.0677 4320 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
17:20:02.0707 4320 TermDD - ok
17:20:02.0744 4320 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
17:20:02.0804 4320 TermService - ok
17:20:02.0819 4320 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
17:20:02.0863 4320 Themes - ok
17:20:02.0872 4320 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
17:20:02.0874 4320 THREADORDER - ok
17:20:02.0893 4320 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
17:20:02.0945 4320 TrkWks - ok
17:20:02.0958 4320 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
17:20:03.0007 4320 TrustedInstaller - ok
17:20:03.0020 4320 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
17:20:03.0039 4320 tssecsrv - ok
17:20:03.0050 4320 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
17:20:03.0073 4320 TsUsbFlt - ok
17:20:03.0080 4320 tsusbhub - ok
17:20:03.0099 4320 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
17:20:03.0125 4320 tunnel - ok
17:20:03.0136 4320 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
17:20:03.0156 4320 uagp35 - ok
17:20:03.0187 4320 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
17:20:03.0213 4320 udfs - ok
17:20:03.0230 4320 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
17:20:03.0263 4320 UI0Detect - ok
17:20:03.0276 4320 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
17:20:03.0301 4320 uliagpkx - ok
17:20:03.0310 4320 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
17:20:03.0330 4320 umbus - ok
17:20:03.0337 4320 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
17:20:03.0355 4320 UmPass - ok
17:20:03.0376 4320 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
17:20:03.0421 4320 UmRdpService - ok
17:20:03.0444 4320 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
17:20:03.0456 4320 upnphost - ok
17:20:03.0468 4320 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
17:20:03.0492 4320 USBAAPL64 - ok
17:20:03.0508 4320 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\drivers\usbccgp.sys
17:20:03.0533 4320 usbccgp - ok
17:20:03.0543 4320 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
17:20:03.0566 4320 usbcir - ok
17:20:03.0576 4320 usbehci (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\drivers\usbehci.sys
17:20:03.0594 4320 usbehci - ok
17:20:03.0615 4320 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\drivers\usbhub.sys
17:20:03.0657 4320 usbhub - ok
17:20:03.0670 4320 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys
17:20:03.0685 4320 usbohci - ok
17:20:03.0692 4320 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
17:20:03.0708 4320 usbprint - ok
17:20:03.0717 4320 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:20:03.0741 4320 USBSTOR - ok
17:20:03.0749 4320 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys
17:20:03.0766 4320 usbuhci - ok
17:20:03.0775 4320 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
17:20:03.0810 4320 UxSms - ok
17:20:03.0825 4320 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
17:20:03.0827 4320 VaultSvc - ok
17:20:03.0838 4320 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
17:20:03.0856 4320 vdrvroot - ok
17:20:03.0885 4320 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
17:20:03.0936 4320 vds - ok
17:20:03.0948 4320 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
17:20:03.0969 4320 vga - ok
17:20:03.0977 4320 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
17:20:03.0992 4320 VgaSave - ok
17:20:03.0999 4320 VGPU - ok
17:20:04.0021 4320 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
17:20:04.0051 4320 vhdmp - ok
17:20:04.0065 4320 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
17:20:04.0086 4320 viaide - ok
17:20:04.0103 4320 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
17:20:04.0131 4320 vmbus - ok
17:20:04.0138 4320 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
17:20:04.0155 4320 VMBusHID - ok
17:20:04.0169 4320 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
17:20:04.0190 4320 volmgr - ok
17:20:04.0210 4320 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
17:20:04.0239 4320 volmgrx - ok
17:20:04.0259 4320 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
17:20:04.0286 4320 volsnap - ok
17:20:04.0300 4320 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
17:20:04.0321 4320 vsmraid - ok
17:20:04.0391 4320 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
17:20:04.0456 4320 VSS - ok
17:20:04.0493 4320 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
17:20:04.0510 4320 vwifibus - ok
17:20:04.0535 4320 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
17:20:04.0582 4320 W32Time - ok
17:20:04.0594 4320 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
17:20:04.0612 4320 WacomPen - ok
17:20:04.0623 4320 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:20:04.0653 4320 WANARP - ok
17:20:04.0659 4320 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
17:20:04.0660 4320 Wanarpv6 - ok
17:20:04.0720 4320 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
17:20:05.0169 4320 WatAdminSvc - ok
17:20:05.0242 4320 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
17:20:05.0355 4320 wbengine - ok
17:20:05.0404 4320 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
17:20:05.0452 4320 WbioSrvc - ok
17:20:05.0475 4320 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
17:20:05.0518 4320 wcncsvc - ok
17:20:05.0527 4320 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
17:20:05.0568 4320 WcsPlugInService - ok
17:20:05.0579 4320 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
17:20:05.0596 4320 Wd - ok
17:20:05.0633 4320 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
17:20:05.0670 4320 Wdf01000 - ok
17:20:05.0684 4320 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:20:05.0687 4320 WdiServiceHost - ok
17:20:05.0696 4320 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
17:20:05.0699 4320 WdiSystemHost - ok
17:20:05.0721 4320 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
17:20:05.0766 4320 WebClient - ok
17:20:05.0781 4320 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
17:20:05.0884 4320 Wecsvc - ok
17:20:05.0894 4320 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
17:20:05.0961 4320 wercplsupport - ok
17:20:05.0972 4320 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
17:20:05.0975 4320 WerSvc - ok
17:20:05.0986 4320 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
17:20:06.0037 4320 WfpLwf - ok
17:20:06.0045 4320 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
17:20:06.0078 4320 WIMMount - ok
17:20:06.0087 4320 WinHttpAutoProxySvc - ok
17:20:06.0113 4320 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
17:20:06.0157 4320 Winmgmt - ok
17:20:06.0238 4320 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
17:20:06.0313 4320 WinRM - ok
17:20:06.0361 4320 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
17:20:06.0387 4320 WinUsb - ok
17:20:06.0427 4320 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
17:20:06.0484 4320 Wlansvc - ok
17:20:06.0492 4320 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
17:20:06.0509 4320 WmiAcpi - ok
17:20:06.0535 4320 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
17:20:06.0571 4320 wmiApSrv - ok
17:20:06.0578 4320 WMPNetworkSvc - ok
17:20:06.0589 4320 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
17:20:06.0620 4320 WPCSvc - ok
17:20:06.0635 4320 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
17:20:06.0638 4320 WPDBusEnum - ok
17:20:06.0647 4320 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
17:20:06.0669 4320 ws2ifsl - ok
17:20:06.0675 4320 WSearch - ok
17:20:06.0708 4320 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
17:20:06.0736 4320 WudfPf - ok
17:20:06.0752 4320 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
17:20:06.0779 4320 WUDFRd - ok
17:20:06.0789 4320 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
17:20:06.0827 4320 wudfsvc - ok
17:20:06.0843 4320 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
17:20:06.0886 4320 WwanSvc - ok
17:20:06.0928 4320 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
17:20:06.0929 4320 \Device\Harddisk1\DR1 ( Rootkit.Boot.Pihar.c ) - infected
17:20:06.0929 4320 \Device\Harddisk1\DR1 - detected Rootkit.Boot.Pihar.c (0)
17:20:06.0938 4320 MBR (0x1B8) (b16a2359f4962b0c622d81a1c1f4b703) \Device\Harddisk0\DR0
17:20:07.0486 4320 \Device\Harddisk0\DR0 - ok
17:20:07.0492 4320 Boot (0x1200) (e72b4f5bdb2779fe93a708dc6860eba0) \Device\Harddisk1\DR1\Partition0
17:20:07.0494 4320 \Device\Harddisk1\DR1\Partition0 - ok
17:20:07.0506 4320 Boot (0x1200) (1e0a3ee9bda1836cb9da0ade945ff519) \Device\Harddisk1\DR1\Partition1
17:20:07.0508 4320 \Device\Harddisk1\DR1\Partition1 - ok
17:20:07.0525 4320 Boot (0x1200) (d2326dc2fd790f05219d3757d1a56d31) \Device\Harddisk0\DR0\Partition0
17:20:07.0527 4320 \Device\Harddisk0\DR0\Partition0 - ok
17:20:07.0528 4320 ============================================================
17:20:07.0528 4320 Scan finished
17:20:07.0528 4320 ============================================================
17:20:07.0550 0832 Detected object count: 1
17:20:07.0550 0832 Actual detected object count: 1
17:20:19.0023 0832 \Device\Harddisk1\DR1\# - copied to quarantine
17:20:19.0421 0832 \Device\Harddisk1\DR1 - copied to quarantine
17:20:22.0246 0832 \Device\Harddisk1\DR1\TDLFS\cmd.dll - copied to quarantine
17:20:22.0316 0832 \Device\Harddisk1\DR1\TDLFS\cmd64.dll - copied to quarantine
17:20:22.0347 0832 \Device\Harddisk1\DR1\TDLFS\sub.dll - copied to quarantine
17:20:22.0379 0832 \Device\Harddisk1\DR1\TDLFS\subx.dll - copied to quarantine
17:20:22.0430 0832 \Device\Harddisk1\DR1\TDLFS\drv32 - copied to quarantine
17:20:25.0288 0832 \Device\Harddisk1\DR1\TDLFS\drv64 - copied to quarantine
17:20:25.0306 0832 \Device\Harddisk1\DR1\TDLFS\servers.dat - copied to quarantine
17:20:25.0313 0832 \Device\Harddisk1\DR1\TDLFS\config.ini - copied to quarantine
17:20:25.0319 0832 \Device\Harddisk1\DR1\TDLFS\ldr16 - copied to quarantine
17:20:25.0802 0832 \Device\Harddisk1\DR1\TDLFS\ldr32 - copied to quarantine
17:20:25.0837 0832 \Device\Harddisk1\DR1\TDLFS\ldr64 - copied to quarantine
17:20:25.0868 0832 \Device\Harddisk1\DR1\TDLFS\s - copied to quarantine
17:20:25.0883 0832 \Device\Harddisk1\DR1\TDLFS\ldrm - copied to quarantine
17:20:25.0888 0832 \Device\Harddisk1\DR1\TDLFS\u - copied to quarantine
17:20:25.0903 0832 \Device\Harddisk1\DR1 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
17:20:25.0904 0832 \Device\Harddisk1\DR1 - ok
17:20:25.0913 0832 \Device\Harddisk1\DR1 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
17:20:39.0738 3452 Deinitialize success

Broni · Aug 5, 2012

Very good

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
Double click on combofix.exe & follow the prompts.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe

Double-click on the Rkill icon to run the tool.
If using Vista or Windows 7 right-click on it and choose Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
Do not reboot until instructed.
If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

jaylew · Aug 5, 2012

ComboFix 12-08-05.02 - jaylew 08/05/2012 20:11:34.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3582.2715 [GMT -5:00]
Running from: c:\users\jaylew\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\jaylew\AppData\Local\Temp\_MEI21082\_ctypes.pyd
c:\users\jaylew\AppData\Local\Temp\_MEI21082\_elementtree.pyd
c:\users\jaylew\AppData\Local\Temp\_MEI21082\_hashlib.pyd
c:\users\jaylew\AppData\Local\Temp\_MEI21082\_socket.pyd
c:\users\jaylew\AppData\Local\Temp\_MEI21082\_ssl.pyd
c:\users\jaylew\AppData\Local\Temp\_MEI21082\pyexpat.pyd
c:\users\jaylew\AppData\Local\Temp\_MEI21082\pysqlite2._sqlite.pyd
c:\users\jaylew\AppData\Local\Temp\_MEI21082\python26.dll
c:\users\jaylew\AppData\Local\Temp\_MEI21082\pythoncom26.dll
c:\users\jaylew\AppData\Local\Temp\_MEI21082\PyWinTypes26.dll
c:\users\jaylew\AppData\Local\Temp\_MEI21082\select.pyd
c:\users\jaylew\AppData\Local\Temp\_MEI21082\unicodedata.pyd
c:\users\jaylew\AppData\Local\Temp\_MEI21082\win32api.pyd
c:\users\jaylew\AppData\Local\Temp\_MEI21082\win32com.shell.shell.pyd
c:\users\jaylew\AppData\Local\Temp\_MEI21082\win32crypt.pyd
c:\users\jaylew\AppData\Local\Temp\_MEI21082\win32event.pyd
c:\users\jaylew\AppData\Local\Temp\_MEI21082\win32file.pyd
c:\users\jaylew\AppData\Local\Temp\_MEI21082\win32inet.pyd
c:\users\jaylew\AppData\Local\Temp\_MEI21082\win32pdh.pyd
c:\users\jaylew\AppData\Local\Temp\_MEI21082\win32process.pyd
c:\users\jaylew\AppData\Local\Temp\_MEI21082\windows._cacheinvalidation.pyd
c:\users\jaylew\AppData\Local\Temp\_MEI21082\wx._controls_.pyd
c:\users\jaylew\AppData\Local\Temp\_MEI21082\wx._core_.pyd
c:\users\jaylew\AppData\Local\Temp\_MEI21082\wx._gdi_.pyd
c:\users\jaylew\AppData\Local\Temp\_MEI21082\wx._html2.pyd
c:\users\jaylew\AppData\Local\Temp\_MEI21082\wx._misc_.pyd
c:\users\jaylew\AppData\Local\Temp\_MEI21082\wx._windows_.pyd
c:\users\jaylew\AppData\Local\Temp\_MEI21082\wx._wizard.pyd
c:\users\jaylew\AppData\Local\Temp\_MEI21082\wxbase293u_net_vc.dll
c:\users\jaylew\AppData\Local\Temp\_MEI21082\wxbase293u_vc.dll
c:\users\jaylew\AppData\Local\Temp\_MEI21082\wxmsw293u_adv_vc.dll
c:\users\jaylew\AppData\Local\Temp\_MEI21082\wxmsw293u_core_vc.dll
c:\users\jaylew\AppData\Local\Temp\_MEI21082\wxmsw293u_html_vc.dll
c:\users\jaylew\AppData\Local\Temp\_MEI21082\wxmsw293u_webview_vc.dll
c:\windows\security\Database\tmp.edb
c:\windows\svchost.exe
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2012-07-06 to 2012-08-06 )))))))))))))))))))))))))))))))
.
.
2012-08-05 22:20 . 2012-08-05 22:20 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-05 19:59 . 2012-08-05 20:00 -------- d-----w- C:\FRST
2012-08-05 17:05 . 2012-08-05 17:05 328704 ----a-w- c:\windows\system32\services.exe.19DC38DAF7E8AAD3
2012-07-31 01:05 . 2012-07-31 01:05 5120 ----a-w- c:\programdata\Microsoft\Windows\DRM\62E8.tmp
2012-07-31 01:05 . 2012-07-31 01:05 5120 ----a-w- c:\programdata\Microsoft\Windows\DRM\62E7.tmp
2012-07-27 16:37 . 2012-07-27 16:37 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-27 16:32 . 2012-07-27 16:32 -------- d-----w- c:\users\jaylew\AppData\Local\{AE9C995C-D808-11E1-8270-B8AC6F996F26}
2012-07-27 16:32 . 2012-07-27 16:32 -------- d-----w- c:\users\jaylew\AppData\Local\{AE9C5E63-D808-11E1-8270-B8AC6F996F26}
2012-07-25 14:29 . 2012-07-25 14:29 -------- d-----w- c:\program files\iPod
2012-07-25 14:29 . 2012-07-25 14:30 -------- d-----w- c:\program files\iTunes
2012-07-25 14:29 . 2012-07-25 14:30 -------- d-----w- c:\program files (x86)\iTunes
2012-07-25 14:26 . 2012-07-25 14:26 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-07-25 14:26 . 2012-07-25 14:26 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-07-25 14:26 . 2012-07-25 14:26 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-07-25 14:26 . 2012-07-25 14:25 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-07-25 14:26 . 2012-07-25 14:25 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-07-25 14:26 . 2012-07-25 14:25 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-07-25 14:26 . 2012-07-25 14:25 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-07-25 14:25 . 2012-07-25 14:25 -------- d-----w- c:\program files (x86)\QuickTime
2012-07-11 08:20 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 00:19 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-10 17:54 . 2012-07-22 05:57 -------- d-sh--w- c:\users\jaylew\wc
2012-07-10 17:54 . 2012-07-10 17:54 -------- d-sh--w- c:\users\jaylew\AppData\Roaming\wyUpdate AU
2012-07-10 17:54 . 2012-07-22 06:23 -------- d-----w- c:\users\jaylew\AppData\Roaming\Cyberduck
2012-07-10 17:45 . 2012-07-10 17:45 -------- d-----w- c:\program files (x86)\Microsoft.NET
2012-07-10 17:42 . 2012-07-10 17:51 -------- d-----w- c:\program files (x86)\Cyberduck
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-27 16:32 . 2012-04-02 21:54 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-27 16:32 . 2012-02-16 06:54 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 08:04 . 2012-02-19 00:17 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-02 22:19 . 2012-06-22 14:59 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 14:59 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-22 14:59 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 14:59 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 14:59 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-22 14:59 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-22 14:59 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 20:19 . 2012-06-22 14:58 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 20:15 . 2012-06-22 14:58 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-11 01:05 . 2012-05-11 01:05 369168 ----a-w- c:\windows\system32\wpcap.dll
2012-05-11 01:05 . 2012-05-11 01:05 35344 ----a-w- c:\windows\system32\drivers\npf.sys
2012-05-11 01:05 . 2012-05-11 01:05 106000 ----a-w- c:\windows\system32\packet.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"NETGEARGenie"="c:\program files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe" [2012-03-12 1091872]
"OpenDNS Updater"="c:\program files (x86)\OpenDNS Updater\OpenDNSUpdater.exe" [2010-06-16 839680]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2012-06-21 12163848]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"P17RunE"="P17RunE.dll" [2008-03-28 14848]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-11 61440]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]
.
c:\users\jaylew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2012-1-8 107720]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-23 116648]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-02-15 79360]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-23 116648]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-19 113120]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-19 1255736]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 NETGEARGenieDaemon;NETGEARGenieDaemon;c:\program files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [2012-03-07 1370400]
S2 PanService;PandoraService;c:\program files (x86)\PANDORA.TV\PanService\PandoraService.exe [2012-04-06 624856]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - NPF
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-23 23:39]
.
2012-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-23 23:39]
.
2012-08-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2572511198-3776155673-3006782383-1001Core.job
- c:\users\jaylew\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-18 02:38]
.
2012-08-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2572511198-3776155673-3006782383-1001UA.job
- c:\users\jaylew\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-18 02:38]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-06-21 00:02 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-06-21 00:02 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-06-21 00:02 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-06-21 00:02 755224 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF7513.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
FF - ProfilePath - c:\users\jaylew\AppData\Roaming\Mozilla\Firefox\Profiles\uxf9rexz.default\
FF - prefs.js: browser.search.selectedEngine - SpeedBit Search
FF - prefs.js: browser.startup.homepage - hxxp://lifehacker.com/
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
.
**************************************************************************
.
Completion time: 2012-08-05 20:24:08 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-06 01:24
.
Pre-Run: 26,461,474,816 bytes free
Post-Run: 26,171,531,264 bytes free
.
- - End Of File - - 61382C9A0D52494BB80DCC4A2267476E

Broni · Aug 5, 2012

1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code:

File::
c:\windows\system32\services.exe.19DC38DAF7E8AAD3

ClearJavaCache::

3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

jaylew · Aug 5, 2012

ComboFix 12-08-05.02 - jaylew 08/05/2012 22:33:39.2.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3582.2803 [GMT -5:00]
Running from: c:\users\jaylew\Desktop\ComboFix.exe
Command switches used :: c:\users\jaylew\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\services.exe.19DC38DAF7E8AAD3"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\jaylew\AppData\Local\Temp\_MEI37682\_ctypes.pyd
c:\users\jaylew\AppData\Local\Temp\_MEI37682\_elementtree.pyd
c:\users\jaylew\AppData\Local\Temp\_MEI37682\_hashlib.pyd
c:\users\jaylew\AppData\Local\Temp\_MEI37682\_socket.pyd
c:\users\jaylew\AppData\Local\Temp\_MEI37682\_ssl.pyd
c:\users\jaylew\AppData\Local\Temp\_MEI37682\pyexpat.pyd
c:\users\jaylew\AppData\Local\Temp\_MEI37682\pysqlite2._sqlite.pyd
c:\users\jaylew\AppData\Local\Temp\_MEI37682\python26.dll
c:\users\jaylew\AppData\Local\Temp\_MEI37682\pythoncom26.dll
c:\users\jaylew\AppData\Local\Temp\_MEI37682\PyWinTypes26.dll
c:\users\jaylew\AppData\Local\Temp\_MEI37682\select.pyd
c:\users\jaylew\AppData\Local\Temp\_MEI37682\unicodedata.pyd
c:\users\jaylew\AppData\Local\Temp\_MEI37682\win32api.pyd
c:\users\jaylew\AppData\Local\Temp\_MEI37682\win32com.shell.shell.pyd
c:\users\jaylew\AppData\Local\Temp\_MEI37682\win32crypt.pyd
c:\users\jaylew\AppData\Local\Temp\_MEI37682\win32event.pyd
c:\users\jaylew\AppData\Local\Temp\_MEI37682\win32file.pyd
c:\users\jaylew\AppData\Local\Temp\_MEI37682\win32inet.pyd
c:\users\jaylew\AppData\Local\Temp\_MEI37682\win32pdh.pyd
c:\users\jaylew\AppData\Local\Temp\_MEI37682\win32process.pyd
c:\users\jaylew\AppData\Local\Temp\_MEI37682\windows._cacheinvalidation.pyd
c:\users\jaylew\AppData\Local\Temp\_MEI37682\wx._controls_.pyd
c:\users\jaylew\AppData\Local\Temp\_MEI37682\wx._core_.pyd
c:\users\jaylew\AppData\Local\Temp\_MEI37682\wx._gdi_.pyd
c:\users\jaylew\AppData\Local\Temp\_MEI37682\wx._html2.pyd
c:\users\jaylew\AppData\Local\Temp\_MEI37682\wx._misc_.pyd
c:\users\jaylew\AppData\Local\Temp\_MEI37682\wx._windows_.pyd
c:\users\jaylew\AppData\Local\Temp\_MEI37682\wx._wizard.pyd
c:\users\jaylew\AppData\Local\Temp\_MEI37682\wxbase293u_net_vc.dll
c:\users\jaylew\AppData\Local\Temp\_MEI37682\wxbase293u_vc.dll
c:\users\jaylew\AppData\Local\Temp\_MEI37682\wxmsw293u_adv_vc.dll
c:\users\jaylew\AppData\Local\Temp\_MEI37682\wxmsw293u_core_vc.dll
c:\users\jaylew\AppData\Local\Temp\_MEI37682\wxmsw293u_html_vc.dll
c:\users\jaylew\AppData\Local\Temp\_MEI37682\wxmsw293u_webview_vc.dll
c:\users\jaylew\AppData\Local\Temp\tmpfdtpor\googledrivesync.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2012-07-06 to 2012-08-06 )))))))))))))))))))))))))))))))
.
.
2012-08-06 03:39 . 2012-08-06 03:39 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-08-06 03:39 . 2012-08-06 03:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-05 22:20 . 2012-08-05 22:20 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-05 19:59 . 2012-08-05 20:00 -------- d-----w- C:\FRST
2012-08-05 17:05 . 2012-08-05 17:05 328704 ----a-w- c:\windows\system32\services.exe.19DC38DAF7E8AAD3
2012-07-31 01:05 . 2012-07-31 01:05 5120 ----a-w- c:\programdata\Microsoft\Windows\DRM\62E8.tmp
2012-07-31 01:05 . 2012-07-31 01:05 5120 ----a-w- c:\programdata\Microsoft\Windows\DRM\62E7.tmp
2012-07-27 16:37 . 2012-07-27 16:37 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-27 16:32 . 2012-07-27 16:32 -------- d-----w- c:\users\jaylew\AppData\Local\{AE9C995C-D808-11E1-8270-B8AC6F996F26}
2012-07-27 16:32 . 2012-07-27 16:32 -------- d-----w- c:\users\jaylew\AppData\Local\{AE9C5E63-D808-11E1-8270-B8AC6F996F26}
2012-07-25 14:29 . 2012-07-25 14:29 -------- d-----w- c:\program files\iPod
2012-07-25 14:29 . 2012-07-25 14:30 -------- d-----w- c:\program files\iTunes
2012-07-25 14:29 . 2012-07-25 14:30 -------- d-----w- c:\program files (x86)\iTunes
2012-07-25 14:26 . 2012-07-25 14:26 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-07-25 14:26 . 2012-07-25 14:26 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-07-25 14:26 . 2012-07-25 14:26 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-07-25 14:26 . 2012-07-25 14:25 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-07-25 14:26 . 2012-07-25 14:25 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-07-25 14:26 . 2012-07-25 14:25 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-07-25 14:26 . 2012-07-25 14:25 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-07-25 14:25 . 2012-07-25 14:25 -------- d-----w- c:\program files (x86)\QuickTime
2012-07-11 08:20 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 00:19 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-10 17:54 . 2012-07-22 05:57 -------- d-sh--w- c:\users\jaylew\wc
2012-07-10 17:54 . 2012-07-10 17:54 -------- d-sh--w- c:\users\jaylew\AppData\Roaming\wyUpdate AU
2012-07-10 17:54 . 2012-07-22 06:23 -------- d-----w- c:\users\jaylew\AppData\Roaming\Cyberduck
2012-07-10 17:45 . 2012-07-10 17:45 -------- d-----w- c:\program files (x86)\Microsoft.NET
2012-07-10 17:42 . 2012-07-10 17:51 -------- d-----w- c:\program files (x86)\Cyberduck
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-27 16:32 . 2012-04-02 21:54 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-27 16:32 . 2012-02-16 06:54 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 08:04 . 2012-02-19 00:17 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-02 22:19 . 2012-06-22 14:59 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 14:59 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-22 14:59 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 14:59 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 14:59 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-22 14:59 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-22 14:59 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 20:19 . 2012-06-22 14:58 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 20:15 . 2012-06-22 14:58 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-11 01:05 . 2012-05-11 01:05 369168 ----a-w- c:\windows\system32\wpcap.dll
2012-05-11 01:05 . 2012-05-11 01:05 35344 ----a-w- c:\windows\system32\drivers\npf.sys
2012-05-11 01:05 . 2012-05-11 01:05 106000 ----a-w- c:\windows\system32\packet.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-06_01.21.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-02-15 23:57 . 2012-08-06 01:30 31156 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-08-06 01:30 32094 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2012-02-15 23:48 . 2012-08-05 22:26 6186 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2572511198-3776155673-3006782383-1001_UserData.bin
+ 2012-02-15 23:48 . 2012-08-06 01:30 6186 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2572511198-3776155673-3006782383-1001_UserData.bin
- 2012-08-06 01:18 . 2012-08-06 01:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-06 03:40 . 2012-08-06 03:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-06 03:40 . 2012-08-06 03:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-08-06 01:18 . 2012-08-06 01:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-02-17 02:43 . 2012-08-06 03:26 245920 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
- 2009-07-14 02:36 . 2012-08-06 01:09 623940 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-08-06 01:31 623940 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-08-06 01:09 106316 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-08-06 01:31 106316 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-08-06 03:39 289184 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-08-06 01:17 289184 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2012-02-16 01:47 . 2012-08-06 01:17 1157520 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2572511198-3776155673-3006782383-1001-8192.dat
+ 2012-02-16 01:47 . 2012-08-06 03:39 1157520 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2572511198-3776155673-3006782383-1001-8192.dat
+ 2012-08-06 03:27 . 2012-08-06 03:27 12752896 c:\windows\Installer\6e86a6.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"NETGEARGenie"="c:\program files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe" [2012-03-12 1091872]
"OpenDNS Updater"="c:\program files (x86)\OpenDNS Updater\OpenDNSUpdater.exe" [2010-06-16 839680]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2012-07-20 12218904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"P17RunE"="P17RunE.dll" [2008-03-28 14848]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-11 61440]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]
.
c:\users\jaylew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2012-1-8 107720]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-23 116648]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-02-15 79360]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-23 116648]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-19 113120]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-19 1255736]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 NETGEARGenieDaemon;NETGEARGenieDaemon;c:\program files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [2012-03-07 1370400]
S2 PanService;PandoraService;c:\program files (x86)\PANDORA.TV\PanService\PandoraService.exe [2012-04-06 624856]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - NPF
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-23 23:39]
.
2012-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-23 23:39]
.
2012-08-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2572511198-3776155673-3006782383-1001Core.job
- c:\users\jaylew\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-18 02:38]
.
2012-08-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2572511198-3776155673-3006782383-1001UA.job
- c:\users\jaylew\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-18 02:38]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-07-20 20:17 755544 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-07-20 20:17 755544 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-07-20 20:17 755544 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-07-20 20:17 755544 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF2859.3XE" [2010-11-20 345088]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
FF - ProfilePath - c:\users\jaylew\AppData\Roaming\Mozilla\Firefox\Profiles\uxf9rexz.default\
FF - prefs.js: browser.search.selectedEngine - SpeedBit Search
FF - prefs.js: browser.startup.homepage - hxxp://lifehacker.com/
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
.
**************************************************************************
.
Completion time: 2012-08-05 22:44:40 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-06 03:44
ComboFix2.txt 2012-08-06 01:24
.
Pre-Run: 26,018,357,248 bytes free
Post-Run: 25,928,679,424 bytes free
.
- - End Of File - - 71DD47AC4C394AF26AB27052EAE1A55F

Broni · Aug 6, 2012

1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code:

File::
c:\windows\system32\services.exe.19DC38DAF7E8AAD3
c:\programdata\Microsoft\Windows\DRM\62E8.tmp
c:\programdata\Microsoft\Windows\DRM\62E7.tmp

ClearJavaCache::

3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

jaylew · Aug 6, 2012

ComboFix 12-08-05.02 - jaylew 08/06/2012 0:01.3.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3582.2554 [GMT -5:00]
Running from: c:\users\jaylew\Desktop\ComboFix.exe
Command switches used :: c:\users\jaylew\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\programdata\Microsoft\Windows\DRM\62E7.tmp"
"c:\programdata\Microsoft\Windows\DRM\62E8.tmp"
"c:\windows\system32\services.exe.19DC38DAF7E8AAD3"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\jaylew\AppData\Local\Temp\_MEI6282\_ctypes.pyd
c:\users\jaylew\AppData\Local\Temp\_MEI6282\_elementtree.pyd
c:\users\jaylew\AppData\Local\Temp\_MEI6282\_hashlib.pyd
c:\users\jaylew\AppData\Local\Temp\_MEI6282\_socket.pyd
c:\users\jaylew\AppData\Local\Temp\_MEI6282\_ssl.pyd
c:\users\jaylew\AppData\Local\Temp\_MEI6282\pyexpat.pyd
c:\users\jaylew\AppData\Local\Temp\_MEI6282\pysqlite2._sqlite.pyd
c:\users\jaylew\AppData\Local\Temp\_MEI6282\python26.dll
c:\users\jaylew\AppData\Local\Temp\_MEI6282\pythoncom26.dll
c:\users\jaylew\AppData\Local\Temp\_MEI6282\PyWinTypes26.dll
c:\users\jaylew\AppData\Local\Temp\_MEI6282\select.pyd
c:\users\jaylew\AppData\Local\Temp\_MEI6282\unicodedata.pyd
c:\users\jaylew\AppData\Local\Temp\_MEI6282\win32api.pyd
c:\users\jaylew\AppData\Local\Temp\_MEI6282\win32com.shell.shell.pyd
c:\users\jaylew\AppData\Local\Temp\_MEI6282\win32crypt.pyd
c:\users\jaylew\AppData\Local\Temp\_MEI6282\win32event.pyd
c:\users\jaylew\AppData\Local\Temp\_MEI6282\win32file.pyd
c:\users\jaylew\AppData\Local\Temp\_MEI6282\win32inet.pyd
c:\users\jaylew\AppData\Local\Temp\_MEI6282\win32pdh.pyd
c:\users\jaylew\AppData\Local\Temp\_MEI6282\win32process.pyd
c:\users\jaylew\AppData\Local\Temp\_MEI6282\windows._cacheinvalidation.pyd
c:\users\jaylew\AppData\Local\Temp\_MEI6282\wx._controls_.pyd
c:\users\jaylew\AppData\Local\Temp\_MEI6282\wx._core_.pyd
c:\users\jaylew\AppData\Local\Temp\_MEI6282\wx._gdi_.pyd
c:\users\jaylew\AppData\Local\Temp\_MEI6282\wx._html2.pyd
c:\users\jaylew\AppData\Local\Temp\_MEI6282\wx._misc_.pyd
c:\users\jaylew\AppData\Local\Temp\_MEI6282\wx._windows_.pyd
c:\users\jaylew\AppData\Local\Temp\_MEI6282\wx._wizard.pyd
c:\users\jaylew\AppData\Local\Temp\_MEI6282\wxbase293u_net_vc.dll
c:\users\jaylew\AppData\Local\Temp\_MEI6282\wxbase293u_vc.dll
c:\users\jaylew\AppData\Local\Temp\_MEI6282\wxmsw293u_adv_vc.dll
c:\users\jaylew\AppData\Local\Temp\_MEI6282\wxmsw293u_core_vc.dll
c:\users\jaylew\AppData\Local\Temp\_MEI6282\wxmsw293u_html_vc.dll
c:\users\jaylew\AppData\Local\Temp\_MEI6282\wxmsw293u_webview_vc.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2012-07-06 to 2012-08-06 )))))))))))))))))))))))))))))))
.
.
2012-08-06 05:07 . 2012-08-06 05:07 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-08-06 05:07 . 2012-08-06 05:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-05 22:20 . 2012-08-05 22:20 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-05 19:59 . 2012-08-05 20:00 -------- d-----w- C:\FRST
2012-08-05 17:05 . 2012-08-05 17:05 328704 ----a-w- c:\windows\system32\services.exe.19DC38DAF7E8AAD3
2012-07-31 01:05 . 2012-07-31 01:05 5120 ----a-w- c:\programdata\Microsoft\Windows\DRM\62E8.tmp
2012-07-31 01:05 . 2012-07-31 01:05 5120 ----a-w- c:\programdata\Microsoft\Windows\DRM\62E7.tmp
2012-07-27 16:37 . 2012-07-27 16:37 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-27 16:32 . 2012-07-27 16:32 -------- d-----w- c:\users\jaylew\AppData\Local\{AE9C995C-D808-11E1-8270-B8AC6F996F26}
2012-07-27 16:32 . 2012-07-27 16:32 -------- d-----w- c:\users\jaylew\AppData\Local\{AE9C5E63-D808-11E1-8270-B8AC6F996F26}
2012-07-25 14:29 . 2012-07-25 14:29 -------- d-----w- c:\program files\iPod
2012-07-25 14:29 . 2012-07-25 14:30 -------- d-----w- c:\program files\iTunes
2012-07-25 14:29 . 2012-07-25 14:30 -------- d-----w- c:\program files (x86)\iTunes
2012-07-25 14:26 . 2012-07-25 14:26 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-07-25 14:26 . 2012-07-25 14:26 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-07-25 14:26 . 2012-07-25 14:26 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-07-25 14:26 . 2012-07-25 14:25 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-07-25 14:26 . 2012-07-25 14:25 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-07-25 14:26 . 2012-07-25 14:25 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-07-25 14:26 . 2012-07-25 14:25 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-07-25 14:25 . 2012-07-25 14:25 -------- d-----w- c:\program files (x86)\QuickTime
2012-07-11 08:20 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 00:19 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-10 17:54 . 2012-07-22 05:57 -------- d-sh--w- c:\users\jaylew\wc
2012-07-10 17:54 . 2012-07-10 17:54 -------- d-sh--w- c:\users\jaylew\AppData\Roaming\wyUpdate AU
2012-07-10 17:54 . 2012-07-22 06:23 -------- d-----w- c:\users\jaylew\AppData\Roaming\Cyberduck
2012-07-10 17:45 . 2012-07-10 17:45 -------- d-----w- c:\program files (x86)\Microsoft.NET
2012-07-10 17:42 . 2012-07-10 17:51 -------- d-----w- c:\program files (x86)\Cyberduck
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-27 16:32 . 2012-04-02 21:54 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-27 16:32 . 2012-02-16 06:54 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 08:04 . 2012-02-19 00:17 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-02 22:19 . 2012-06-22 14:59 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 14:59 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-22 14:59 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 14:59 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 14:59 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-22 14:59 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-22 14:59 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 20:19 . 2012-06-22 14:58 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 20:15 . 2012-06-22 14:58 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-11 01:05 . 2012-05-11 01:05 369168 ----a-w- c:\windows\system32\wpcap.dll
2012-05-11 01:05 . 2012-05-11 01:05 35344 ----a-w- c:\windows\system32\drivers\npf.sys
2012-05-11 01:05 . 2012-05-11 01:05 106000 ----a-w- c:\windows\system32\packet.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-06_01.21.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-02-15 23:57 . 2012-08-06 03:51 31188 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-08-06 03:51 32916 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2012-02-15 23:48 . 2012-08-05 22:26 6186 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2572511198-3776155673-3006782383-1001_UserData.bin
+ 2012-02-15 23:48 . 2012-08-06 03:51 6186 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2572511198-3776155673-3006782383-1001_UserData.bin
- 2012-08-06 01:18 . 2012-08-06 01:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-06 05:07 . 2012-08-06 05:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-06 05:07 . 2012-08-06 05:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-08-06 01:18 . 2012-08-06 01:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-02-17 02:43 . 2012-08-06 03:26 245920 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
- 2009-07-14 02:36 . 2012-08-06 01:09 623940 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-08-06 03:51 623940 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-08-06 01:09 106316 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-08-06 03:51 106316 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2012-08-06 05:07 289184 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-08-06 01:17 289184 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2012-02-16 01:47 . 2012-08-06 01:17 1157520 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2572511198-3776155673-3006782383-1001-8192.dat
+ 2012-02-16 01:47 . 2012-08-06 05:07 1157520 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2572511198-3776155673-3006782383-1001-8192.dat
+ 2012-08-06 03:27 . 2012-08-06 03:27 12752896 c:\windows\Installer\6e86a6.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"NETGEARGenie"="c:\program files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe" [2012-03-12 1091872]
"OpenDNS Updater"="c:\program files (x86)\OpenDNS Updater\OpenDNSUpdater.exe" [2010-06-16 839680]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2012-07-20 12218904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"P17RunE"="P17RunE.dll" [2008-03-28 14848]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-11 61440]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]
.
c:\users\jaylew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2012-1-8 107720]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-23 116648]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-02-15 79360]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-23 116648]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-19 113120]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-19 1255736]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 NETGEARGenieDaemon;NETGEARGenieDaemon;c:\program files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [2012-03-07 1370400]
S2 PanService;PandoraService;c:\program files (x86)\PANDORA.TV\PanService\PandoraService.exe [2012-04-06 624856]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - NPF
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-23 23:39]
.
2012-08-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-23 23:39]
.
2012-08-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2572511198-3776155673-3006782383-1001Core.job
- c:\users\jaylew\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-18 02:38]
.
2012-08-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2572511198-3776155673-3006782383-1001UA.job
- c:\users\jaylew\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-18 02:38]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-07-20 20:17 755544 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-07-20 20:17 755544 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-07-20 20:17 755544 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-07-20 20:17 755544 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF20016.3XE" [2010-11-20 345088]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
FF - ProfilePath - c:\users\jaylew\AppData\Roaming\Mozilla\Firefox\Profiles\uxf9rexz.default\
FF - prefs.js: browser.search.selectedEngine - SpeedBit Search
FF - prefs.js: browser.startup.homepage - hxxp://lifehacker.com/
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
.
**************************************************************************
.
Completion time: 2012-08-06 00:12:19 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-06 05:12
ComboFix2.txt 2012-08-06 03:44
ComboFix3.txt 2012-08-06 01:24
.
Pre-Run: 26,012,495,872 bytes free
Post-Run: 25,683,062,784 bytes free
.
- - End Of File - - 874F123A5847CD1A5286187C0168E05A

Broni · Aug 6, 2012

Something is still going on there.

Please re-run TDSSKiller.

jaylew · Aug 8, 2012

15:42:15.0398 4820 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
15:42:15.0800 4820 ============================================================
15:42:15.0800 4820 Current date / time: 2012/08/08 15:42:15.0800
15:42:15.0800 4820 SystemInfo:
15:42:15.0800 4820
15:42:15.0800 4820 OS Version: 6.1.7601 ServicePack: 1.0
15:42:15.0800 4820 Product type: Workstation
15:42:15.0801 4820 ComputerName: JAYLEW-PC
15:42:15.0801 4820 UserName: jaylew
15:42:15.0801 4820 Windows directory: C:\Windows
15:42:15.0801 4820 System windows directory: C:\Windows
15:42:15.0801 4820 Running under WOW64
15:42:15.0801 4820 Processor architecture: Intel x64
15:42:15.0801 4820 Number of processors: 2
15:42:15.0801 4820 Page size: 0x1000
15:42:15.0801 4820 Boot type: Normal boot
15:42:15.0801 4820 ============================================================
15:42:16.0452 4820 Drive \Device\Harddisk1\DR1 - Size: 0xDF99E6000 (55.90 Gb), SectorSize: 0x200, Cylinders: 0x1C81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:42:16.0486 4820 Drive \Device\Harddisk0\DR0 - Size: 0x2540BE4000 (149.01 Gb), SectorSize: 0x200, Cylinders: 0x4BFC, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:42:16.0494 4820 ============================================================
15:42:16.0494 4820 \Device\Harddisk1\DR1:
15:42:16.0494 4820 MBR partitions:
15:42:16.0494 4820 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:42:16.0494 4820 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x6F99800
15:42:16.0494 4820 \Device\Harddisk0\DR0:
15:42:16.0495 4820 MBR partitions:
15:42:16.0495 4820 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x17886, BlocksNum 0x11FF04EA
15:42:16.0495 4820 ============================================================
15:42:16.0496 4820 C: <-> \Device\Harddisk1\DR1\Partition1
15:42:16.0530 4820 F: <-> \Device\Harddisk0\DR0\Partition0
15:42:16.0530 4820 ============================================================
15:42:16.0530 4820 Initialize success
15:42:16.0531 4820 ============================================================
15:42:19.0062 4196 ============================================================
15:42:19.0062 4196 Scan started
15:42:19.0062 4196 Mode: Manual;
15:42:19.0062 4196 ============================================================
15:42:19.0215 4196 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
15:42:19.0219 4196 1394ohci - ok
15:42:19.0240 4196 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
15:42:19.0246 4196 ACPI - ok
15:42:19.0252 4196 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
15:42:19.0253 4196 AcpiPmi - ok
15:42:19.0263 4196 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:42:19.0264 4196 AdobeARMservice - ok
15:42:19.0292 4196 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
15:42:19.0298 4196 adp94xx - ok
15:42:19.0321 4196 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
15:42:19.0328 4196 adpahci - ok
15:42:19.0345 4196 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
15:42:19.0349 4196 adpu320 - ok
15:42:19.0361 4196 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
15:42:19.0363 4196 AeLookupSvc - ok
15:42:19.0392 4196 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
15:42:19.0397 4196 AFD - ok
15:42:19.0405 4196 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
15:42:19.0407 4196 agp440 - ok
15:42:19.0415 4196 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
15:42:19.0417 4196 ALG - ok
15:42:19.0424 4196 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
15:42:19.0426 4196 aliide - ok
15:42:19.0435 4196 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
15:42:19.0436 4196 amdide - ok
15:42:19.0445 4196 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
15:42:19.0447 4196 AmdK8 - ok
15:42:19.0456 4196 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
15:42:19.0458 4196 AmdPPM - ok
15:42:19.0467 4196 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
15:42:19.0469 4196 amdsata - ok
15:42:19.0483 4196 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
15:42:19.0487 4196 amdsbs - ok
15:42:19.0494 4196 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
15:42:19.0495 4196 amdxata - ok
15:42:19.0507 4196 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
15:42:19.0509 4196 AppID - ok
15:42:19.0518 4196 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
15:42:19.0519 4196 AppIDSvc - ok
15:42:19.0528 4196 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
15:42:19.0530 4196 Appinfo - ok
15:42:19.0539 4196 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
15:42:19.0541 4196 Apple Mobile Device - ok
15:42:19.0555 4196 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
15:42:19.0558 4196 AppMgmt - ok
15:42:19.0567 4196 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
15:42:19.0569 4196 arc - ok
15:42:19.0579 4196 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
15:42:19.0581 4196 arcsas - ok
15:42:19.0588 4196 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:42:19.0590 4196 AsyncMac - ok
15:42:19.0597 4196 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
15:42:19.0598 4196 atapi - ok
15:42:19.0650 4196 Ati External Event Utility (ca4a0176fa380efd45de9d0acb9e1f86) C:\Windows\system32\Ati2evxx.exe
15:42:19.0657 4196 Ati External Event Utility - ok
15:42:19.0904 4196 atikmdag (aeae4abe6419923c037a0b2a157e1fc6) C:\Windows\system32\DRIVERS\atikmdag.sys
15:42:19.0986 4196 atikmdag - ok
15:42:20.0053 4196 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:42:20.0070 4196 AudioEndpointBuilder - ok
15:42:20.0086 4196 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
15:42:20.0090 4196 AudioSrv - ok
15:42:20.0104 4196 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
15:42:20.0107 4196 AxInstSV - ok
15:42:20.0131 4196 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
15:42:20.0137 4196 b06bdrv - ok
15:42:20.0156 4196 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:42:20.0160 4196 b57nd60a - ok
15:42:20.0174 4196 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
15:42:20.0177 4196 BDESVC - ok
15:42:20.0184 4196 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:42:20.0185 4196 Beep - ok
15:42:20.0222 4196 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
15:42:20.0231 4196 BFE - ok
15:42:20.0246 4196 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
15:42:20.0248 4196 blbdrive - ok
15:42:20.0276 4196 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
15:42:20.0281 4196 Bonjour Service - ok
15:42:20.0294 4196 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
15:42:20.0296 4196 bowser - ok
15:42:20.0304 4196 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:42:20.0305 4196 BrFiltLo - ok
15:42:20.0312 4196 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:42:20.0313 4196 BrFiltUp - ok
15:42:20.0326 4196 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
15:42:20.0328 4196 BridgeMP - ok
15:42:20.0341 4196 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
15:42:20.0344 4196 Browser - ok
15:42:20.0361 4196 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:42:20.0366 4196 Brserid - ok
15:42:20.0377 4196 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:42:20.0378 4196 BrSerWdm - ok
15:42:20.0387 4196 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:42:20.0388 4196 BrUsbMdm - ok
15:42:20.0395 4196 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:42:20.0397 4196 BrUsbSer - ok
15:42:20.0411 4196 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
15:42:20.0413 4196 BTHMODEM - ok
15:42:20.0427 4196 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
15:42:20.0429 4196 bthserv - ok
15:42:20.0435 4196 catchme - ok
15:42:20.0446 4196 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:42:20.0448 4196 cdfs - ok
15:42:20.0459 4196 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
15:42:20.0462 4196 cdrom - ok
15:42:20.0473 4196 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:42:20.0475 4196 CertPropSvc - ok
15:42:20.0482 4196 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
15:42:20.0484 4196 circlass - ok
15:42:20.0506 4196 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:42:20.0511 4196 CLFS - ok
15:42:20.0520 4196 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:42:20.0523 4196 clr_optimization_v2.0.50727_32 - ok
15:42:20.0532 4196 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:42:20.0535 4196 clr_optimization_v2.0.50727_64 - ok
15:42:20.0549 4196 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:42:20.0552 4196 clr_optimization_v4.0.30319_32 - ok
15:42:20.0564 4196 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:42:20.0567 4196 clr_optimization_v4.0.30319_64 - ok
15:42:20.0573 4196 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
15:42:20.0574 4196 CmBatt - ok
15:42:20.0584 4196 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
15:42:20.0585 4196 cmdide - ok
15:42:20.0610 4196 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
15:42:20.0615 4196 CNG - ok
15:42:20.0625 4196 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
15:42:20.0626 4196 Compbatt - ok
15:42:20.0636 4196 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
15:42:20.0637 4196 CompositeBus - ok
15:42:20.0643 4196 COMSysApp - ok
15:42:20.0654 4196 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
15:42:20.0655 4196 crcdisk - ok
15:42:20.0665 4196 Creative Audio Engine Licensing Service (c0ead9f8ab83d41ff07303c75589c2b8) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
15:42:20.0667 4196 Creative Audio Engine Licensing Service - ok
15:42:20.0684 4196 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
15:42:20.0687 4196 CryptSvc - ok
15:42:20.0714 4196 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
15:42:20.0721 4196 CSC - ok
15:42:20.0758 4196 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
15:42:20.0767 4196 CscService - ok
15:42:20.0784 4196 CTAudSvcService (69cdba2b9c397e349a04fa70dd9170a2) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
15:42:20.0787 4196 CTAudSvcService - ok
15:42:20.0834 4196 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:42:20.0844 4196 DcomLaunch - ok
15:42:20.0861 4196 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
15:42:20.0866 4196 defragsvc - ok
15:42:20.0877 4196 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
15:42:20.0879 4196 DfsC - ok
15:42:20.0900 4196 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
15:42:20.0906 4196 Dhcp - ok
15:42:20.0913 4196 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:42:20.0914 4196 discache - ok
15:42:20.0926 4196 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
15:42:20.0927 4196 Disk - ok
15:42:20.0946 4196 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
15:42:20.0950 4196 Dnscache - ok
15:42:20.0965 4196 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
15:42:20.0969 4196 dot3svc - ok
15:42:20.0982 4196 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
15:42:20.0987 4196 DPS - ok
15:42:20.0993 4196 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:42:20.0994 4196 drmkaud - ok
15:42:21.0044 4196 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
15:42:21.0055 4196 DXGKrnl - ok
15:42:21.0075 4196 E100B (a6db3a7828b456a574243066e2e77d8c) C:\Windows\system32\DRIVERS\efe5b32e.sys
15:42:21.0078 4196 E100B - ok
15:42:21.0091 4196 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
15:42:21.0094 4196 EapHost - ok
15:42:21.0214 4196 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
15:42:21.0247 4196 ebdrv - ok
15:42:21.0292 4196 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
15:42:21.0295 4196 EFS - ok
15:42:21.0329 4196 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
15:42:21.0337 4196 ehRecvr - ok
15:42:21.0349 4196 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
15:42:21.0351 4196 ehSched - ok
15:42:21.0384 4196 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
15:42:21.0392 4196 elxstor - ok
15:42:21.0408 4196 EPSON_EB_RPCV4_01 (b5581646636759d0dafa8b008881c079) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
15:42:21.0410 4196 EPSON_EB_RPCV4_01 - ok
15:42:21.0423 4196 EPSON_PM_RPCV4_01 (1e345f2a2d95da3190596e691cde9342) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
15:42:21.0424 4196 EPSON_PM_RPCV4_01 - ok
15:42:21.0430 4196 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
15:42:21.0431 4196 ErrDev - ok
15:42:21.0472 4196 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
15:42:21.0480 4196 EventSystem - ok
15:42:21.0500 4196 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:42:21.0503 4196 exfat - ok
15:42:21.0515 4196 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:42:21.0518 4196 fastfat - ok
15:42:21.0551 4196 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
15:42:21.0561 4196 Fax - ok
15:42:21.0568 4196 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
15:42:21.0569 4196 fdc - ok
15:42:21.0576 4196 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
15:42:21.0578 4196 fdPHost - ok
15:42:21.0588 4196 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
15:42:21.0591 4196 FDResPub - ok
15:42:21.0600 4196 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:42:21.0601 4196 FileInfo - ok
15:42:21.0608 4196 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:42:21.0609 4196 Filetrace - ok
15:42:21.0618 4196 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
15:42:21.0619 4196 flpydisk - ok
15:42:21.0640 4196 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
15:42:21.0645 4196 FltMgr - ok
15:42:21.0701 4196 FontCache (b4447f606bb19fd8ad0bafb59b90f5d9) C:\Windows\system32\FntCache.dll
15:42:21.0717 4196 FontCache - ok
15:42:21.0725 4196 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:42:21.0727 4196 FontCache3.0.0.0 - ok
15:42:21.0738 4196 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:42:21.0739 4196 FsDepends - ok
15:42:21.0747 4196 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
15:42:21.0748 4196 Fs_Rec - ok
15:42:21.0769 4196 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:42:21.0772 4196 fvevol - ok
15:42:21.0781 4196 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:42:21.0783 4196 gagp30kx - ok
15:42:21.0793 4196 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
15:42:21.0794 4196 GEARAspiWDM - ok
15:42:21.0835 4196 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
15:42:21.0847 4196 gpsvc - ok
15:42:21.0864 4196 gupdate (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:42:21.0866 4196 gupdate - ok
15:42:21.0874 4196 gupdatem (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
15:42:21.0875 4196 gupdatem - ok
15:42:21.0906 4196 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:42:21.0908 4196 hcw85cir - ok
15:42:21.0921 4196 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
15:42:21.0923 4196 HDAudBus - ok
15:42:21.0937 4196 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
15:42:21.0939 4196 HidBatt - ok
15:42:21.0949 4196 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
15:42:21.0951 4196 HidBth - ok
15:42:21.0959 4196 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
15:42:21.0960 4196 HidIr - ok
15:42:21.0969 4196 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
15:42:21.0971 4196 hidserv - ok
15:42:21.0978 4196 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
15:42:21.0979 4196 HidUsb - ok
15:42:21.0990 4196 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
15:42:21.0993 4196 hkmsvc - ok
15:42:22.0009 4196 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
15:42:22.0014 4196 HomeGroupListener - ok
15:42:22.0028 4196 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
15:42:22.0034 4196 HomeGroupProvider - ok
15:42:22.0043 4196 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
15:42:22.0045 4196 HpSAMD - ok
15:42:22.0084 4196 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
15:42:22.0095 4196 HTTP - ok
15:42:22.0103 4196 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
15:42:22.0103 4196 hwpolicy - ok
15:42:22.0114 4196 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
15:42:22.0116 4196 i8042prt - ok
15:42:22.0144 4196 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
15:42:22.0152 4196 iaStorV - ok
15:42:22.0204 4196 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:42:22.0217 4196 idsvc - ok
15:42:22.0225 4196 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
15:42:22.0227 4196 iirsp - ok
15:42:22.0266 4196 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
15:42:22.0276 4196 IKEEXT - ok
15:42:22.0292 4196 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
15:42:22.0293 4196 intelide - ok
15:42:22.0304 4196 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:42:22.0305 4196 intelppm - ok
15:42:22.0314 4196 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
15:42:22.0317 4196 IPBusEnum - ok
15:42:22.0326 4196 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:42:22.0328 4196 IpFilterDriver - ok
15:42:22.0362 4196 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
15:42:22.0370 4196 iphlpsvc - ok
15:42:22.0388 4196 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
15:42:22.0390 4196 IPMIDRV - ok
15:42:22.0400 4196 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:42:22.0402 4196 IPNAT - ok
15:42:22.0441 4196 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe
15:42:22.0451 4196 iPod Service - ok
15:42:22.0458 4196 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:42:22.0459 4196 IRENUM - ok
15:42:22.0468 4196 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
15:42:22.0470 4196 isapnp - ok
15:42:22.0487 4196 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
15:42:22.0491 4196 iScsiPrt - ok
15:42:22.0518 4196 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
15:42:22.0519 4196 kbdclass - ok
15:42:22.0527 4196 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
15:42:22.0528 4196 kbdhid - ok
15:42:22.0537 4196 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:42:22.0540 4196 KeyIso - ok
15:42:22.0553 4196 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
15:42:22.0555 4196 KSecDD - ok
15:42:22.0566 4196 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
15:42:22.0568 4196 KSecPkg - ok
15:42:22.0574 4196 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:42:22.0575 4196 ksthunk - ok
15:42:22.0598 4196 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
15:42:22.0604 4196 KtmRm - ok
15:42:22.0626 4196 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
15:42:22.0632 4196 LanmanServer - ok
15:42:22.0643 4196 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
15:42:22.0647 4196 LanmanWorkstation - ok
15:42:22.0664 4196 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:42:22.0666 4196 lltdio - ok
15:42:22.0685 4196 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
15:42:22.0691 4196 lltdsvc - ok
15:42:22.0697 4196 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
15:42:22.0699 4196 lmhosts - ok
15:42:22.0720 4196 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:42:22.0723 4196 LSI_FC - ok
15:42:22.0733 4196 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:42:22.0735 4196 LSI_SAS - ok
15:42:22.0744 4196 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:42:22.0746 4196 LSI_SAS2 - ok
15:42:22.0758 4196 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:42:22.0760 4196 LSI_SCSI - ok
15:42:22.0774 4196 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:42:22.0777 4196 luafv - ok
15:42:22.0791 4196 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
15:42:22.0794 4196 Mcx2Svc - ok
15:42:22.0802 4196 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
15:42:22.0804 4196 megasas - ok
15:42:22.0823 4196 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
15:42:22.0827 4196 MegaSR - ok
15:42:22.0837 4196 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:42:22.0840 4196 MMCSS - ok
15:42:22.0847 4196 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:42:22.0848 4196 Modem - ok
15:42:22.0857 4196 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:42:22.0858 4196 monitor - ok
15:42:22.0869 4196 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
15:42:22.0870 4196 mouclass - ok
15:42:22.0877 4196 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:42:22.0878 4196 mouhid - ok
15:42:22.0889 4196 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
15:42:22.0891 4196 mountmgr - ok
15:42:22.0900 4196 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:42:22.0903 4196 MozillaMaintenance - ok
15:42:22.0914 4196 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
15:42:22.0917 4196 mpio - ok
15:42:22.0925 4196 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:42:22.0927 4196 mpsdrv - ok
15:42:22.0970 4196 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
15:42:22.0980 4196 MpsSvc - ok
15:42:22.0991 4196 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
15:42:22.0994 4196 MRxDAV - ok
15:42:23.0007 4196 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:42:23.0010 4196 mrxsmb - ok
15:42:23.0028 4196 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:42:23.0032 4196 mrxsmb10 - ok
15:42:23.0043 4196 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:42:23.0045 4196 mrxsmb20 - ok
15:42:23.0060 4196 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
15:42:23.0061 4196 msahci - ok
15:42:23.0075 4196 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
15:42:23.0078 4196 msdsm - ok
15:42:23.0092 4196 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
15:42:23.0096 4196 MSDTC - ok
15:42:23.0111 4196 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:42:23.0112 4196 Msfs - ok
15:42:23.0121 4196 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:42:23.0123 4196 mshidkmdf - ok
15:42:23.0130 4196 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
15:42:23.0131 4196 msisadrv - ok
15:42:23.0149 4196 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
15:42:23.0153 4196 MSiSCSI - ok
15:42:23.0158 4196 msiserver - ok
15:42:23.0171 4196 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:42:23.0173 4196 MSKSSRV - ok
15:42:23.0179 4196 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:42:23.0181 4196 MSPCLOCK - ok
15:42:23.0191 4196 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:42:23.0192 4196 MSPQM - ok
15:42:23.0217 4196 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
15:42:23.0221 4196 MsRPC - ok
15:42:23.0233 4196 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
15:42:23.0234 4196 mssmbios - ok
15:42:23.0242 4196 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:42:23.0243 4196 MSTEE - ok
15:42:23.0253 4196 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
15:42:23.0254 4196 MTConfig - ok
15:42:23.0263 4196 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:42:23.0264 4196 Mup - ok
15:42:23.0290 4196 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
15:42:23.0298 4196 napagent - ok
15:42:23.0316 4196 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:42:23.0320 4196 NativeWifiP - ok
15:42:23.0369 4196 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
15:42:23.0382 4196 NDIS - ok
15:42:23.0394 4196 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:42:23.0395 4196 NdisCap - ok
15:42:23.0404 4196 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:42:23.0405 4196 NdisTapi - ok
15:42:23.0415 4196 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
15:42:23.0416 4196 Ndisuio - ok
15:42:23.0433 4196 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
15:42:23.0437 4196 NdisWan - ok
15:42:23.0445 4196 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
15:42:23.0446 4196 NDProxy - ok
15:42:23.0455 4196 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:42:23.0456 4196 NetBIOS - ok

jaylew · Aug 8, 2012

15:42:23.0473 4196 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
15:42:23.0476 4196 NetBT - ok
15:42:23.0547 4196 NETGEARGenieDaemon (ea833758be56a68aabecd50e1ddcf4a3) C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe
15:42:23.0567 4196 NETGEARGenieDaemon - ok
15:42:23.0601 4196 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:42:23.0604 4196 Netlogon - ok
15:42:23.0624 4196 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
15:42:23.0632 4196 Netman - ok
15:42:23.0659 4196 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
15:42:23.0670 4196 netprofm - ok
15:42:23.0680 4196 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:42:23.0682 4196 NetTcpPortSharing - ok
15:42:23.0704 4196 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
15:42:23.0706 4196 nfrd960 - ok
15:42:23.0742 4196 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
15:42:23.0749 4196 NlaSvc - ok
15:42:23.0765 4196 NPF (351533acc2a069b94e80bbfc177e8fdf) C:\Windows\system32\drivers\NPF.sys
15:42:23.0766 4196 NPF - ok
15:42:23.0783 4196 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:42:23.0784 4196 Npfs - ok
15:42:23.0800 4196 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
15:42:23.0803 4196 nsi - ok
15:42:23.0809 4196 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:42:23.0809 4196 nsiproxy - ok
15:42:23.0892 4196 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
15:42:23.0913 4196 Ntfs - ok
15:42:23.0951 4196 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:42:23.0952 4196 Null - ok
15:42:23.0965 4196 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
15:42:23.0967 4196 nvraid - ok
15:42:23.0980 4196 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
15:42:23.0983 4196 nvstor - ok
15:42:23.0993 4196 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
15:42:23.0995 4196 nv_agp - ok
15:42:24.0009 4196 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
15:42:24.0011 4196 ohci1394 - ok
15:42:24.0087 4196 P17 (edd1dcd36f6115acc6935c3f88ff54d7) C:\Windows\system32\drivers\P17.sys
15:42:24.0101 4196 P17 - ok
15:42:24.0120 4196 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:42:24.0126 4196 p2pimsvc - ok
15:42:24.0147 4196 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
15:42:24.0154 4196 p2psvc - ok
15:42:24.0192 4196 PanService (77cdc6c43d8c3e05d0e21b36eaabebae) C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
15:42:24.0196 4196 PanService - ok
15:42:24.0209 4196 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
15:42:24.0211 4196 Parport - ok
15:42:24.0224 4196 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
15:42:24.0225 4196 partmgr - ok
15:42:24.0240 4196 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
15:42:24.0245 4196 PcaSvc - ok
15:42:24.0260 4196 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
15:42:24.0263 4196 pci - ok
15:42:24.0273 4196 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
15:42:24.0275 4196 pciide - ok
15:42:24.0291 4196 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
15:42:24.0294 4196 pcmcia - ok
15:42:24.0303 4196 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:42:24.0304 4196 pcw - ok
15:42:24.0340 4196 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:42:24.0351 4196 PEAUTH - ok
15:42:24.0406 4196 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
15:42:24.0422 4196 PeerDistSvc - ok
15:42:24.0451 4196 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
15:42:24.0454 4196 PerfHost - ok
15:42:24.0551 4196 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
15:42:24.0568 4196 pla - ok
15:42:24.0591 4196 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
15:42:24.0598 4196 PlugPlay - ok
15:42:24.0605 4196 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
15:42:24.0608 4196 PNRPAutoReg - ok
15:42:24.0627 4196 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:42:24.0632 4196 PNRPsvc - ok
15:42:24.0662 4196 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
15:42:24.0669 4196 PolicyAgent - ok
15:42:24.0689 4196 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
15:42:24.0694 4196 Power - ok
15:42:24.0707 4196 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
15:42:24.0709 4196 PptpMiniport - ok
15:42:24.0718 4196 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
15:42:24.0720 4196 Processor - ok
15:42:24.0734 4196 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
15:42:24.0739 4196 ProfSvc - ok
15:42:24.0746 4196 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:42:24.0748 4196 ProtectedStorage - ok
15:42:24.0760 4196 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
15:42:24.0762 4196 Psched - ok
15:42:24.0839 4196 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
15:42:24.0860 4196 ql2300 - ok
15:42:24.0899 4196 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
15:42:24.0902 4196 ql40xx - ok
15:42:24.0916 4196 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
15:42:24.0921 4196 QWAVE - ok
15:42:24.0928 4196 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:42:24.0930 4196 QWAVEdrv - ok
15:42:24.0938 4196 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:42:24.0939 4196 RasAcd - ok
15:42:24.0952 4196 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:42:24.0953 4196 RasAgileVpn - ok
15:42:24.0963 4196 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
15:42:24.0967 4196 RasAuto - ok
15:42:24.0978 4196 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:42:24.0980 4196 Rasl2tp - ok
15:42:25.0002 4196 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
15:42:25.0008 4196 RasMan - ok
15:42:25.0019 4196 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:42:25.0021 4196 RasPppoe - ok
15:42:25.0030 4196 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:42:25.0033 4196 RasSstp - ok
15:42:25.0052 4196 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
15:42:25.0057 4196 rdbss - ok
15:42:25.0063 4196 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
15:42:25.0065 4196 rdpbus - ok
15:42:25.0074 4196 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:42:25.0074 4196 RDPCDD - ok
15:42:25.0094 4196 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
15:42:25.0097 4196 RDPDR - ok
15:42:25.0104 4196 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:42:25.0105 4196 RDPENCDD - ok
15:42:25.0119 4196 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:42:25.0120 4196 RDPREFMP - ok
15:42:25.0134 4196 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
15:42:25.0136 4196 RdpVideoMiniport - ok
15:42:25.0151 4196 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
15:42:25.0155 4196 RDPWD - ok
15:42:25.0172 4196 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
15:42:25.0176 4196 rdyboost - ok
15:42:25.0186 4196 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
15:42:25.0189 4196 RemoteAccess - ok
15:42:25.0201 4196 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
15:42:25.0205 4196 RemoteRegistry - ok
15:42:25.0214 4196 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
15:42:25.0218 4196 RpcEptMapper - ok
15:42:25.0224 4196 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
15:42:25.0226 4196 RpcLocator - ok
15:42:25.0255 4196 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
15:42:25.0261 4196 RpcSs - ok
15:42:25.0270 4196 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:42:25.0272 4196 rspndr - ok
15:42:25.0278 4196 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
15:42:25.0279 4196 s3cap - ok
15:42:25.0289 4196 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:42:25.0291 4196 SamSs - ok
15:42:25.0302 4196 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
15:42:25.0304 4196 sbp2port - ok
15:42:25.0318 4196 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
15:42:25.0323 4196 SCardSvr - ok
15:42:25.0330 4196 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
15:42:25.0332 4196 scfilter - ok
15:42:25.0382 4196 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
15:42:25.0400 4196 Schedule - ok
15:42:25.0409 4196 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
15:42:25.0410 4196 SCPolicySvc - ok
15:42:25.0423 4196 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
15:42:25.0428 4196 SDRSVC - ok
15:42:25.0444 4196 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:42:25.0445 4196 secdrv - ok
15:42:25.0453 4196 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
15:42:25.0457 4196 seclogon - ok
15:42:25.0464 4196 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
15:42:25.0468 4196 SENS - ok
15:42:25.0475 4196 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
15:42:25.0478 4196 SensrSvc - ok
15:42:25.0486 4196 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
15:42:25.0488 4196 Serenum - ok
15:42:25.0498 4196 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
15:42:25.0500 4196 Serial - ok
15:42:25.0508 4196 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
15:42:25.0509 4196 sermouse - ok
15:42:25.0534 4196 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
15:42:25.0538 4196 SessionEnv - ok
15:42:25.0544 4196 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
15:42:25.0546 4196 sffdisk - ok
15:42:25.0556 4196 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
15:42:25.0557 4196 sffp_mmc - ok
15:42:25.0567 4196 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
15:42:25.0568 4196 sffp_sd - ok
15:42:25.0575 4196 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
15:42:25.0577 4196 sfloppy - ok
15:42:25.0600 4196 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
15:42:25.0606 4196 SharedAccess - ok
15:42:25.0626 4196 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
15:42:25.0633 4196 ShellHWDetection - ok
15:42:25.0641 4196 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:42:25.0643 4196 SiSRaid2 - ok
15:42:25.0654 4196 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
15:42:25.0656 4196 SiSRaid4 - ok
15:42:25.0670 4196 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:42:25.0672 4196 Smb - ok
15:42:25.0694 4196 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
15:42:25.0698 4196 SNMPTRAP - ok
15:42:25.0710 4196 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:42:25.0710 4196 spldr - ok
15:42:25.0744 4196 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
15:42:25.0753 4196 Spooler - ok
15:42:25.0917 4196 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
15:42:25.0973 4196 sppsvc - ok
15:42:26.0009 4196 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
15:42:26.0013 4196 sppuinotify - ok
15:42:26.0040 4196 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
15:42:26.0046 4196 srv - ok
15:42:26.0068 4196 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
15:42:26.0073 4196 srv2 - ok
15:42:26.0085 4196 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
15:42:26.0088 4196 srvnet - ok
15:42:26.0108 4196 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
15:42:26.0116 4196 SSDPSRV - ok
15:42:26.0128 4196 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
15:42:26.0133 4196 SstpSvc - ok
15:42:26.0139 4196 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
15:42:26.0141 4196 stexstor - ok
15:42:26.0173 4196 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
15:42:26.0183 4196 stisvc - ok
15:42:26.0191 4196 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
15:42:26.0192 4196 storflt - ok
15:42:26.0204 4196 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
15:42:26.0206 4196 storvsc - ok
15:42:26.0217 4196 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
15:42:26.0218 4196 swenum - ok
15:42:26.0250 4196 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
15:42:26.0262 4196 swprv - ok
15:42:26.0268 4196 Synth3dVsc - ok
15:42:26.0341 4196 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
15:42:26.0362 4196 SysMain - ok
15:42:26.0396 4196 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
15:42:26.0401 4196 TabletInputService - ok
15:42:26.0418 4196 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
15:42:26.0425 4196 TapiSrv - ok
15:42:26.0434 4196 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
15:42:26.0438 4196 TBS - ok
15:42:26.0517 4196 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
15:42:26.0536 4196 Tcpip - ok
15:42:26.0636 4196 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
15:42:26.0648 4196 TCPIP6 - ok
15:42:26.0696 4196 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
15:42:26.0697 4196 tcpipreg - ok
15:42:26.0709 4196 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:42:26.0710 4196 TDPIPE - ok
15:42:26.0720 4196 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
15:42:26.0721 4196 TDTCP - ok
15:42:26.0735 4196 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
15:42:26.0737 4196 tdx - ok
15:42:26.0745 4196 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
15:42:26.0746 4196 TermDD - ok
15:42:26.0785 4196 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
15:42:26.0800 4196 TermService - ok
15:42:26.0807 4196 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
15:42:26.0811 4196 Themes - ok
15:42:26.0822 4196 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:42:26.0825 4196 THREADORDER - ok
15:42:26.0840 4196 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
15:42:26.0845 4196 TrkWks - ok
15:42:26.0859 4196 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
15:42:26.0863 4196 TrustedInstaller - ok
15:42:26.0874 4196 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:42:26.0876 4196 tssecsrv - ok
15:42:26.0886 4196 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
15:42:26.0888 4196 TsUsbFlt - ok
15:42:26.0894 4196 tsusbhub - ok
15:42:26.0909 4196 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
15:42:26.0911 4196 tunnel - ok
15:42:26.0921 4196 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
15:42:26.0923 4196 uagp35 - ok
15:42:26.0951 4196 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
15:42:26.0956 4196 udfs - ok
15:42:26.0972 4196 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
15:42:26.0976 4196 UI0Detect - ok
15:42:26.0989 4196 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
15:42:26.0991 4196 uliagpkx - ok
15:42:27.0001 4196 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
15:42:27.0003 4196 umbus - ok
15:42:27.0008 4196 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
15:42:27.0010 4196 UmPass - ok
15:42:27.0030 4196 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
15:42:27.0036 4196 UmRdpService - ok
15:42:27.0063 4196 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
15:42:27.0070 4196 upnphost - ok
15:42:27.0078 4196 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
15:42:27.0080 4196 USBAAPL64 - ok
15:42:27.0091 4196 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\drivers\usbccgp.sys
15:42:27.0094 4196 usbccgp - ok
15:42:27.0104 4196 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
15:42:27.0106 4196 usbcir - ok
15:42:27.0114 4196 usbehci (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\drivers\usbehci.sys
15:42:27.0116 4196 usbehci - ok
15:42:27.0138 4196 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\drivers\usbhub.sys
15:42:27.0143 4196 usbhub - ok
15:42:27.0152 4196 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys
15:42:27.0153 4196 usbohci - ok
15:42:27.0161 4196 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
15:42:27.0163 4196 usbprint - ok
15:42:27.0175 4196 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:42:27.0178 4196 USBSTOR - ok
15:42:27.0187 4196 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys
15:42:27.0189 4196 usbuhci - ok
15:42:27.0200 4196 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
15:42:27.0204 4196 UxSms - ok
15:42:27.0216 4196 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
15:42:27.0218 4196 VaultSvc - ok
15:42:27.0225 4196 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
15:42:27.0226 4196 vdrvroot - ok
15:42:27.0259 4196 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
15:42:27.0268 4196 vds - ok
15:42:27.0275 4196 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:42:27.0277 4196 vga - ok
15:42:27.0286 4196 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:42:27.0287 4196 VgaSave - ok
15:42:27.0294 4196 VGPU - ok
15:42:27.0314 4196 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
15:42:27.0317 4196 vhdmp - ok
15:42:27.0324 4196 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
15:42:27.0325 4196 viaide - ok
15:42:27.0343 4196 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
15:42:27.0348 4196 vmbus - ok
15:42:27.0354 4196 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
15:42:27.0356 4196 VMBusHID - ok
15:42:27.0367 4196 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
15:42:27.0369 4196 volmgr - ok
15:42:27.0391 4196 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
15:42:27.0397 4196 volmgrx - ok
15:42:27.0418 4196 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
15:42:27.0423 4196 volsnap - ok
15:42:27.0438 4196 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
15:42:27.0441 4196 vsmraid - ok
15:42:27.0509 4196 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
15:42:27.0531 4196 VSS - ok
15:42:27.0572 4196 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
15:42:27.0574 4196 vwifibus - ok
15:42:27.0598 4196 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
15:42:27.0606 4196 W32Time - ok
15:42:27.0618 4196 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
15:42:27.0620 4196 WacomPen - ok
15:42:27.0631 4196 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:42:27.0633 4196 WANARP - ok
15:42:27.0639 4196 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
15:42:27.0640 4196 Wanarpv6 - ok
15:42:27.0699 4196 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
15:42:27.0714 4196 WatAdminSvc - ok
15:42:27.0776 4196 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
15:42:27.0796 4196 wbengine - ok
15:42:27.0835 4196 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
15:42:27.0840 4196 WbioSrvc - ok
15:42:27.0862 4196 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
15:42:27.0869 4196 wcncsvc - ok
15:42:27.0886 4196 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
15:42:27.0890 4196 WcsPlugInService - ok
15:42:27.0899 4196 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
15:42:27.0901 4196 Wd - ok
15:42:27.0936 4196 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:42:27.0947 4196 Wdf01000 - ok
15:42:27.0956 4196 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:42:27.0960 4196 WdiServiceHost - ok
15:42:27.0970 4196 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:42:27.0974 4196 WdiSystemHost - ok
15:42:27.0991 4196 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
15:42:27.0998 4196 WebClient - ok
15:42:28.0012 4196 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
15:42:28.0018 4196 Wecsvc - ok
15:42:28.0028 4196 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
15:42:28.0033 4196 wercplsupport - ok
15:42:28.0041 4196 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
15:42:28.0046 4196 WerSvc - ok
15:42:28.0058 4196 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:42:28.0059 4196 WfpLwf - ok
15:42:28.0070 4196 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:42:28.0072 4196 WIMMount - ok
15:42:28.0078 4196 WinDefend - ok
15:42:28.0091 4196 WinHttpAutoProxySvc - ok
15:42:28.0115 4196 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
15:42:28.0120 4196 Winmgmt - ok
15:42:28.0199 4196 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
15:42:28.0224 4196 WinRM - ok
15:42:28.0271 4196 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
15:42:28.0273 4196 WinUsb - ok
15:42:28.0320 4196 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
15:42:28.0333 4196 Wlansvc - ok
15:42:28.0340 4196 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
15:42:28.0341 4196 WmiAcpi - ok
15:42:28.0368 4196 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
15:42:28.0371 4196 wmiApSrv - ok
15:42:28.0377 4196 WMPNetworkSvc - ok
15:42:28.0391 4196 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
15:42:28.0395 4196 WPCSvc - ok
15:42:28.0407 4196 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
15:42:28.0412 4196 WPDBusEnum - ok
15:42:28.0420 4196 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:42:28.0421 4196 ws2ifsl - ok
15:42:28.0435 4196 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
15:42:28.0440 4196 wscsvc - ok
15:42:28.0447 4196 WSearch - ok
15:42:28.0556 4196 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
15:42:28.0583 4196 wuauserv - ok
15:42:28.0630 4196 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
15:42:28.0632 4196 WudfPf - ok
15:42:28.0645 4196 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:42:28.0648 4196 WUDFRd - ok
15:42:28.0657 4196 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
15:42:28.0661 4196 wudfsvc - ok
15:42:28.0677 4196 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
15:42:28.0684 4196 WwanSvc - ok
15:42:28.0719 4196 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
15:42:28.0834 4196 \Device\Harddisk1\DR1 - ok
15:42:28.0839 4196 MBR (0x1B8) (b16a2359f4962b0c622d81a1c1f4b703) \Device\Harddisk0\DR0
15:42:29.0361 4196 \Device\Harddisk0\DR0 - ok
15:42:29.0368 4196 Boot (0x1200) (e72b4f5bdb2779fe93a708dc6860eba0) \Device\Harddisk1\DR1\Partition0
15:42:29.0370 4196 \Device\Harddisk1\DR1\Partition0 - ok
15:42:29.0375 4196 Boot (0x1200) (1e0a3ee9bda1836cb9da0ade945ff519) \Device\Harddisk1\DR1\Partition1
15:42:29.0377 4196 \Device\Harddisk1\DR1\Partition1 - ok
15:42:29.0393 4196 Boot (0x1200) (d2326dc2fd790f05219d3757d1a56d31) \Device\Harddisk0\DR0\Partition0
15:42:29.0397 4196 \Device\Harddisk0\DR0\Partition0 - ok
15:42:29.0398 4196 ============================================================
15:42:29.0398 4196 Scan finished
15:42:29.0398 4196 ============================================================
15:42:29.0416 2084 Detected object count: 0
15:42:29.0416 2084 Actual detected object count: 0

Broni · Aug 8, 2012

1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code:

File::
c:\windows\system32\services.exe.19DC38DAF7E8AAD3
c:\programdata\Microsoft\Windows\DRM\62E8.tmp
c:\programdata\Microsoft\Windows\DRM\62E7.tmp

DirLook::
c:\windows\SysWow64\%APPDATA%
c:\users\jaylew\AppData\Local\{AE9C995C-D808-11E1-8270-B8AC6F996F26}
c:\users\jaylew\AppData\Local\{AE9C5E63-D808-11E1-8270-B8AC6F996F26}
c:\users\jaylew\wc
c:\users\jaylew\AppData\Roaming\wyUpdate AU

ClearJavaCache::

3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

jaylew · Aug 8, 2012

ComboFix 12-08-05.02 - jaylew 08/08/2012 18:31:32.4.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3582.2493 [GMT -5:00]
Running from: c:\users\jaylew\Desktop\ComboFix.exe
Command switches used :: c:\users\jaylew\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\programdata\Microsoft\Windows\DRM\62E7.tmp"
"c:\programdata\Microsoft\Windows\DRM\62E8.tmp"
"c:\windows\system32\services.exe.19DC38DAF7E8AAD3"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\jaylew\AppData\Local\Temp\_MEI19322\_ctypes.pyd
c:\users\jaylew\AppData\Local\Temp\_MEI19322\_elementtree.pyd
c:\users\jaylew\AppData\Local\Temp\_MEI19322\_hashlib.pyd
c:\users\jaylew\AppData\Local\Temp\_MEI19322\_socket.pyd
c:\users\jaylew\AppData\Local\Temp\_MEI19322\_ssl.pyd
c:\users\jaylew\AppData\Local\Temp\_MEI19322\pyexpat.pyd
c:\users\jaylew\AppData\Local\Temp\_MEI19322\pysqlite2._sqlite.pyd
c:\users\jaylew\AppData\Local\Temp\_MEI19322\python26.dll
c:\users\jaylew\AppData\Local\Temp\_MEI19322\pythoncom26.dll
c:\users\jaylew\AppData\Local\Temp\_MEI19322\PyWinTypes26.dll
c:\users\jaylew\AppData\Local\Temp\_MEI19322\select.pyd
c:\users\jaylew\AppData\Local\Temp\_MEI19322\unicodedata.pyd
c:\users\jaylew\AppData\Local\Temp\_MEI19322\win32api.pyd
c:\users\jaylew\AppData\Local\Temp\_MEI19322\win32com.shell.shell.pyd
c:\users\jaylew\AppData\Local\Temp\_MEI19322\win32crypt.pyd
c:\users\jaylew\AppData\Local\Temp\_MEI19322\win32event.pyd
c:\users\jaylew\AppData\Local\Temp\_MEI19322\win32file.pyd
c:\users\jaylew\AppData\Local\Temp\_MEI19322\win32inet.pyd
c:\users\jaylew\AppData\Local\Temp\_MEI19322\win32pdh.pyd
c:\users\jaylew\AppData\Local\Temp\_MEI19322\win32process.pyd
c:\users\jaylew\AppData\Local\Temp\_MEI19322\windows._cacheinvalidation.pyd
c:\users\jaylew\AppData\Local\Temp\_MEI19322\wx._controls_.pyd
c:\users\jaylew\AppData\Local\Temp\_MEI19322\wx._core_.pyd
c:\users\jaylew\AppData\Local\Temp\_MEI19322\wx._gdi_.pyd
c:\users\jaylew\AppData\Local\Temp\_MEI19322\wx._html2.pyd
c:\users\jaylew\AppData\Local\Temp\_MEI19322\wx._misc_.pyd
c:\users\jaylew\AppData\Local\Temp\_MEI19322\wx._windows_.pyd
c:\users\jaylew\AppData\Local\Temp\_MEI19322\wx._wizard.pyd
c:\users\jaylew\AppData\Local\Temp\_MEI19322\wxbase293u_net_vc.dll
c:\users\jaylew\AppData\Local\Temp\_MEI19322\wxbase293u_vc.dll
c:\users\jaylew\AppData\Local\Temp\_MEI19322\wxmsw293u_adv_vc.dll
c:\users\jaylew\AppData\Local\Temp\_MEI19322\wxmsw293u_core_vc.dll
c:\users\jaylew\AppData\Local\Temp\_MEI19322\wxmsw293u_html_vc.dll
c:\users\jaylew\AppData\Local\Temp\_MEI19322\wxmsw293u_webview_vc.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
((((((((((((((((((((((((( Files Created from 2012-07-08 to 2012-08-08 )))))))))))))))))))))))))))))))
.
.
2012-08-08 23:37 . 2012-08-08 23:37 -------- d-----w- c:\users\Guest\AppData\Local\temp
2012-08-08 23:37 . 2012-08-08 23:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-05 22:20 . 2012-08-05 22:20 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-05 19:59 . 2012-08-05 20:00 -------- d-----w- C:\FRST
2012-08-05 17:05 . 2012-08-05 17:05 328704 ----a-w- c:\windows\system32\services.exe.19DC38DAF7E8AAD3
2012-07-31 01:05 . 2012-07-31 01:05 5120 ----a-w- c:\programdata\Microsoft\Windows\DRM\62E8.tmp
2012-07-31 01:05 . 2012-07-31 01:05 5120 ----a-w- c:\programdata\Microsoft\Windows\DRM\62E7.tmp
2012-07-27 16:37 . 2012-07-27 16:37 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-07-27 16:32 . 2012-07-27 16:32 -------- d-----w- c:\users\jaylew\AppData\Local\{AE9C995C-D808-11E1-8270-B8AC6F996F26}
2012-07-27 16:32 . 2012-07-27 16:32 -------- d-----w- c:\users\jaylew\AppData\Local\{AE9C5E63-D808-11E1-8270-B8AC6F996F26}
2012-07-25 14:29 . 2012-07-25 14:29 -------- d-----w- c:\program files\iPod
2012-07-25 14:29 . 2012-07-25 14:30 -------- d-----w- c:\program files\iTunes
2012-07-25 14:29 . 2012-07-25 14:30 -------- d-----w- c:\program files (x86)\iTunes
2012-07-25 14:26 . 2012-07-25 14:26 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-07-25 14:26 . 2012-07-25 14:26 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-07-25 14:26 . 2012-07-25 14:26 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-07-25 14:26 . 2012-07-25 14:25 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-07-25 14:26 . 2012-07-25 14:25 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-07-25 14:26 . 2012-07-25 14:25 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-07-25 14:26 . 2012-07-25 14:25 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-07-25 14:25 . 2012-07-25 14:25 -------- d-----w- c:\program files (x86)\QuickTime
2012-07-11 08:20 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 00:19 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-10 17:54 . 2012-07-22 05:57 -------- d-sh--w- c:\users\jaylew\wc
2012-07-10 17:54 . 2012-07-10 17:54 -------- d-sh--w- c:\users\jaylew\AppData\Roaming\wyUpdate AU
2012-07-10 17:54 . 2012-07-22 06:23 -------- d-----w- c:\users\jaylew\AppData\Roaming\Cyberduck
2012-07-10 17:45 . 2012-07-10 17:45 -------- d-----w- c:\program files (x86)\Microsoft.NET
2012-07-10 17:42 . 2012-07-10 17:51 -------- d-----w- c:\program files (x86)\Cyberduck
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-27 16:32 . 2012-04-02 21:54 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-27 16:32 . 2012-02-16 06:54 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 08:04 . 2012-02-19 00:17 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-02 22:19 . 2012-06-22 14:59 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 14:59 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-22 14:59 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 14:59 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 14:59 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-22 14:59 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-22 14:59 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 20:19 . 2012-06-22 14:58 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 20:15 . 2012-06-22 14:58 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-11 01:05 . 2012-05-11 01:05 369168 ----a-w- c:\windows\system32\wpcap.dll
2012-05-11 01:05 . 2012-05-11 01:05 35344 ----a-w- c:\windows\system32\drivers\npf.sys
2012-05-11 01:05 . 2012-05-11 01:05 106000 ----a-w- c:\windows\system32\packet.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\users\jaylew\AppData\Local\{AE9C5E63-D808-11E1-8270-B8AC6F996F26} ----
.
2012-07-27 16:32 . 2012-07-27 16:32 6546 ----a-w- c:\users\jaylew\AppData\Local\{AE9C5E63-D808-11E1-8270-B8AC6F996F26}\chrome\content\browser.xul
2012-07-27 16:32 . 2012-07-27 16:32 804 ----a-w- c:\users\jaylew\AppData\Local\{AE9C5E63-D808-11E1-8270-B8AC6F996F26}\install.rdf
2012-07-27 16:32 . 2012-07-27 16:32 129 ----a-w- c:\users\jaylew\AppData\Local\{AE9C5E63-D808-11E1-8270-B8AC6F996F26}\chrome.manifest
.
---- Directory of c:\users\jaylew\AppData\Local\{AE9C995C-D808-11E1-8270-B8AC6F996F26} ----
.
2012-07-27 16:32 . 2012-07-27 16:32 1806 ----a-w- c:\users\jaylew\AppData\Local\{AE9C995C-D808-11E1-8270-B8AC6F996F26}\manager.js
2012-07-27 16:32 . 2012-07-27 16:32 574 ----a-w- c:\users\jaylew\AppData\Local\{AE9C995C-D808-11E1-8270-B8AC6F996F26}\manifest.json
2012-07-27 16:32 . 2012-07-27 16:32 3789 ----a-w- c:\users\jaylew\AppData\Local\{AE9C995C-D808-11E1-8270-B8AC6F996F26}\icon.png
2012-07-27 16:32 . 2012-07-27 16:32 889 ----a-w- c:\users\jaylew\AppData\Local\{AE9C995C-D808-11E1-8270-B8AC6F996F26}\background.html
.
---- Directory of c:\users\jaylew\AppData\Roaming\wyUpdate AU ----
.
2012-07-10 17:54 . 2012-07-22 16:59 43 ----a-w- c:\users\jaylew\AppData\Roaming\wyUpdate AU\Cyberduck.exe.autoupdate
.
---- Directory of c:\users\jaylew\wc ----
.
.
---- Directory of c:\windows\SysWow64\%APPDATA% ----
.
2012-07-27 16:37 . 2012-07-31 01:11 16384 --sha-w- c:\windows\SysWow64\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-06_01.21.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-02-15 23:57 . 2012-08-08 20:36 31324 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-08-08 20:36 32948 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:30 . 2012-07-25 14:27 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-14 05:30 . 2012-08-06 05:28 86016 c:\windows\system32\DriverStore\infpub.dat
- 2012-02-15 23:48 . 2012-08-05 22:26 6186 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2572511198-3776155673-3006782383-1001_UserData.bin
+ 2012-02-15 23:48 . 2012-08-08 20:36 6186 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2572511198-3776155673-3006782383-1001_UserData.bin
- 2012-08-06 01:18 . 2012-08-06 01:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-08 23:38 . 2012-08-08 23:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-06 01:18 . 2012-08-06 01:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-08-08 23:38 . 2012-08-08 23:38 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-02-17 02:43 . 2012-08-06 08:10 246176 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
- 2009-07-14 02:36 . 2012-08-06 01:09 623940 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-08-08 23:42 623940 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-08-06 01:09 106316 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-08-08 23:42 106316 c:\windows\system32\perfc009.dat
- 2009-07-14 05:30 . 2012-07-25 14:27 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2012-08-06 05:28 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:01 . 2012-08-08 23:37 289184 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-08-06 01:17 289184 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-02-16 01:47 . 2012-08-08 23:37 1157520 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2572511198-3776155673-3006782383-1001-8192.dat
- 2012-02-16 01:47 . 2012-08-06 01:17 1157520 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2572511198-3776155673-3006782383-1001-8192.dat
+ 2012-08-06 03:27 . 2012-08-06 03:27 12752896 c:\windows\Installer\6e86a6.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"NETGEARGenie"="c:\program files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe" [2012-03-12 1091872]
"OpenDNS Updater"="c:\program files (x86)\OpenDNS Updater\OpenDNSUpdater.exe" [2010-06-16 839680]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2012-07-20 12218904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"P17RunE"="P17RunE.dll" [2008-03-28 14848]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-11 61440]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]
.
c:\users\jaylew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Rainmeter.lnk - c:\program files\Rainmeter\Rainmeter.exe [2012-1-8 107720]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-23 116648]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-02-15 79360]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-23 116648]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-19 113120]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-19 1255736]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 NETGEARGenieDaemon;NETGEARGenieDaemon;c:\program files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe [2012-03-07 1370400]
S2 PanService;PandoraService;c:\program files (x86)\PANDORA.TV\PanService\PandoraService.exe [2012-04-06 624856]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - NPF
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-23 23:39]
.
2012-08-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-23 23:39]
.
2012-08-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2572511198-3776155673-3006782383-1001Core.job
- c:\users\jaylew\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-18 02:38]
.
2012-08-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2572511198-3776155673-3006782383-1001UA.job
- c:\users\jaylew\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-18 02:38]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-07-20 20:17 755544 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-07-20 20:17 755544 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-07-20 20:17 755544 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-07-20 20:17 755544 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF15393.3XE" [2010-11-20 345088]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
FF - ProfilePath - c:\users\jaylew\AppData\Roaming\Mozilla\Firefox\Profiles\uxf9rexz.default\
FF - prefs.js: browser.search.selectedEngine - SpeedBit Search
FF - prefs.js: browser.startup.homepage - hxxp://lifehacker.com/
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
.
**************************************************************************
.
Completion time: 2012-08-08 18:53:00 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-08 23:53
ComboFix2.txt 2012-08-06 05:12
ComboFix3.txt 2012-08-06 03:44
ComboFix4.txt 2012-08-06 01:24
.
Pre-Run: 26,460,790,784 bytes free
Post-Run: 26,256,969,728 bytes free
.
- - End Of File - - 2FA5252DED9A24AAC826B6FF0AAC3363

Broni · Aug 8, 2012

Please download the below tool named Rkill (courtesy of BleepingComputer.com) to your desktop.

There are 2 different versions. If one of them won't run then download and try to run the other one.

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

http://download.bleepingcomputer.com/grinler/beta/rkill.exe
http://download.bleepingcomputer.com/grinler/beta/iExplore.exe

Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7 right-click on it and choose Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
Do not reboot until instructed.
If the tool does not run from any of the links provided, please let me know.

If normal mode still doesn't work, run the tool from safe mode.

When the scan is done Notepad will open with rKill log.
Post it in your next reply.

NOTE. rKill.txt log will also be present on your desktop.

jaylew · Aug 8, 2012

Rkill 2.1.0 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/08/2012 07:53:23 PM in x64 mode.
Windows Version: Windows 7

Checking for Windows services to stop.

* No malware services found to stop.

Checking for processes to terminate.

* No malware processes found to kill.

Checking Registry for malware related settings.

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
* HKLM\Software\Classes\.com "@" has been changed to ComFile!
* HKLM\Software\Classes\.com "@" was reset to comfile!

Performing miscellaneous checks.

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Restarting Explorer.exe in order to apply changes.

Program finished at: 08/08/2012 07:53:42 PM
Execution time: 0 hours(s), 0 minute(s), and 18 seconds(s)

Broni · Aug 8, 2012

How is computer doing?

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Click the Scan All Users checkbox.
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

jaylew · Aug 8, 2012

OTL logfile created on: 8/8/2012 8:17:44 PM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\jaylew\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.50 Gb Total Physical Memory | 2.55 Gb Available Physical Memory | 72.80% Memory free
6.99 Gb Paging File | 5.88 Gb Available in Paging File | 84.13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 55.80 Gb Total Space | 24.43 Gb Free Space | 43.78% Space Free | Partition Type: NTFS
Drive F: | 143.97 Gb Total Space | 14.11 Gb Free Space | 9.80% Space Free | Partition Type: NTFS

Computer Name: JAYLEW-PC | User Name: jaylew | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/08 20:16:24 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\jaylew\Desktop\OTL.exe
PRC - [2012/07/20 15:17:14 | 012,218,904 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2012/04/06 12:28:49 | 000,624,856 | ---- | M] (Pandora.TV) -- C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe
PRC - [2012/03/12 03:08:24 | 001,091,872 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe
PRC - [2012/03/07 01:36:28 | 000,546,080 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\genie_tray.exe
PRC - [2012/02/23 12:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010/06/16 16:42:58 | 000,839,680 | ---- | M] () -- C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe
PRC - [2008/11/18 14:15:30 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

========== Modules (No Company Name) ==========

MOD - [2012/08/08 18:57:58 | 001,169,408 | ---- | M] () -- C:\Users\jaylew\AppData\Local\Temp\_MEI18282\wx._core_.pyd
MOD - [2012/08/08 18:57:58 | 001,056,256 | ---- | M] () -- C:\Users\jaylew\AppData\Local\Temp\_MEI18282\wx._controls_.pyd
MOD - [2012/08/08 18:57:58 | 001,018,368 | ---- | M] () -- C:\Users\jaylew\AppData\Local\Temp\_MEI18282\windows._cacheinvalidation.pyd
MOD - [2012/08/08 18:57:58 | 000,807,424 | ---- | M] () -- C:\Users\jaylew\AppData\Local\Temp\_MEI18282\wx._windows_.pyd
MOD - [2012/08/08 18:57:58 | 000,792,576 | ---- | M] () -- C:\Users\jaylew\AppData\Local\Temp\_MEI18282\wx._gdi_.pyd
MOD - [2012/08/08 18:57:58 | 000,731,136 | ---- | M] () -- C:\Users\jaylew\AppData\Local\Temp\_MEI18282\wx._misc_.pyd
MOD - [2012/08/08 18:57:58 | 000,645,120 | ---- | M] () -- C:\Users\jaylew\AppData\Local\Temp\_MEI18282\_ssl.pyd
MOD - [2012/08/08 18:57:58 | 000,571,392 | ---- | M] () -- C:\Users\jaylew\AppData\Local\Temp\_MEI18282\pysqlite2._sqlite.pyd
MOD - [2012/08/08 18:57:58 | 000,354,304 | ---- | M] () -- C:\Users\jaylew\AppData\Local\Temp\_MEI18282\pythoncom26.dll
MOD - [2012/08/08 18:57:58 | 000,311,808 | ---- | M] () -- C:\Users\jaylew\AppData\Local\Temp\_MEI18282\_hashlib.pyd
MOD - [2012/08/08 18:57:58 | 000,263,168 | ---- | M] () -- C:\Users\jaylew\AppData\Local\Temp\_MEI18282\win32com.shell.shell.pyd
MOD - [2012/08/08 18:57:58 | 000,153,088 | ---- | M] () -- C:\Users\jaylew\AppData\Local\Temp\_MEI18282\pyexpat.pyd
MOD - [2012/08/08 18:57:58 | 000,121,856 | ---- | M] () -- C:\Users\jaylew\AppData\Local\Temp\_MEI18282\wx._wizard.pyd
MOD - [2012/08/08 18:57:58 | 000,111,104 | ---- | M] () -- C:\Users\jaylew\AppData\Local\Temp\_MEI18282\win32file.pyd
MOD - [2012/08/08 18:57:58 | 000,110,592 | ---- | M] () -- C:\Users\jaylew\AppData\Local\Temp\_MEI18282\PyWinTypes26.dll
MOD - [2012/08/08 18:57:58 | 000,096,256 | ---- | M] () -- C:\Users\jaylew\AppData\Local\Temp\_MEI18282\win32api.pyd
MOD - [2012/08/08 18:57:58 | 000,086,016 | ---- | M] () -- C:\Users\jaylew\AppData\Local\Temp\_MEI18282\_elementtree.pyd
MOD - [2012/08/08 18:57:58 | 000,073,728 | ---- | M] () -- C:\Users\jaylew\AppData\Local\Temp\_MEI18282\_ctypes.pyd
MOD - [2012/08/08 18:57:58 | 000,070,656 | ---- | M] () -- C:\Users\jaylew\AppData\Local\Temp\_MEI18282\wx._html2.pyd
MOD - [2012/08/08 18:57:58 | 000,040,448 | ---- | M] () -- C:\Users\jaylew\AppData\Local\Temp\_MEI18282\_socket.pyd
MOD - [2012/08/08 18:57:58 | 000,039,424 | ---- | M] () -- C:\Users\jaylew\AppData\Local\Temp\_MEI18282\win32inet.pyd
MOD - [2012/08/08 18:57:58 | 000,036,352 | ---- | M] () -- C:\Users\jaylew\AppData\Local\Temp\_MEI18282\win32process.pyd
MOD - [2012/08/08 18:57:58 | 000,022,528 | ---- | M] () -- C:\Users\jaylew\AppData\Local\Temp\_MEI18282\win32pdh.pyd
MOD - [2012/08/08 18:57:58 | 000,011,776 | ---- | M] () -- C:\Users\jaylew\AppData\Local\Temp\_MEI18282\win32crypt.pyd
MOD - [2012/08/08 18:57:57 | 000,585,728 | ---- | M] () -- C:\Users\jaylew\AppData\Local\Temp\_MEI18282\unicodedata.pyd
MOD - [2012/08/08 18:57:57 | 000,017,920 | ---- | M] () -- C:\Users\jaylew\AppData\Local\Temp\_MEI18282\win32event.pyd
MOD - [2012/08/08 18:57:57 | 000,011,776 | ---- | M] () -- C:\Users\jaylew\AppData\Local\Temp\_MEI18282\select.pyd
MOD - [2012/03/20 01:20:22 | 006,586,368 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Resource.dll
MOD - [2012/03/20 00:55:16 | 001,139,200 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Internet.dll
MOD - [2012/03/20 00:55:16 | 000,150,528 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\DiagnoseDll.dll
MOD - [2012/03/20 00:55:16 | 000,136,704 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\DiagnosePlugin.dll
MOD - [2012/03/20 00:14:24 | 002,582,016 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Map.dll
MOD - [2012/03/20 00:14:24 | 000,083,968 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\NetcardApi.dll
MOD - [2012/03/20 00:14:24 | 000,081,920 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\SVTUtils.dll
MOD - [2012/03/19 21:57:46 | 001,110,016 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_ParentalControl.dll
MOD - [2012/03/19 21:56:18 | 000,261,632 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_FirmwareUpdate.dll
MOD - [2012/03/19 21:54:02 | 001,327,616 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\Genie.dll
MOD - [2012/03/14 01:16:50 | 000,394,240 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_TrafficMeter.dll
MOD - [2012/03/12 20:58:12 | 000,217,088 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Airprint.dll
MOD - [2012/03/12 20:58:12 | 000,138,752 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\airprintdll.dll
MOD - [2012/03/12 03:08:24 | 001,091,872 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe
MOD - [2012/03/12 02:17:08 | 000,914,432 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_RouterConfiguration.dll
MOD - [2012/03/11 20:49:26 | 000,467,456 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_NetworkProblem.dll
MOD - [2012/03/11 20:49:26 | 000,186,368 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\DragonNetTool.dll
MOD - [2012/03/07 02:55:50 | 000,643,072 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Wireless.dll
MOD - [2012/03/07 02:42:18 | 000,613,888 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\GeniePlugin_Statistics.dll
MOD - [2012/03/07 01:36:28 | 009,814,016 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\QtGui4.dll
MOD - [2012/03/07 01:36:28 | 002,537,472 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\QtCore4.dll
MOD - [2012/03/07 01:36:28 | 001,140,224 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\QtNetwork4.dll
MOD - [2012/03/07 01:36:28 | 000,546,080 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\genie_tray.exe
MOD - [2012/03/07 01:36:28 | 000,489,472 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\InnerPlugin_WirelessExport.dll
MOD - [2012/03/07 01:36:28 | 000,399,360 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\QtXml4.dll
MOD - [2012/03/07 01:36:28 | 000,287,232 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qjpeg4.dll
MOD - [2012/03/07 01:36:28 | 000,116,224 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\WSetupApiPlugin.dll
MOD - [2012/03/07 01:36:28 | 000,083,456 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qico4.dll
MOD - [2012/03/07 01:36:28 | 000,083,456 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\imageformats\qgif4.dll
MOD - [2012/03/07 01:36:28 | 000,076,288 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\WSetupDll.dll
MOD - [2012/03/07 01:36:28 | 000,043,008 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\libgcc_s_dw2-1.dll
MOD - [2012/03/07 01:36:28 | 000,011,362 | ---- | M] () -- C:\Program Files (x86)\NETGEAR Genie\bin\mingwm10.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/06/16 16:42:58 | 000,839,680 | ---- | M] () -- C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe
MOD - [2009/07/10 10:07:18 | 000,166,912 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL
MOD - [2009/02/06 19:52:24 | 000,073,728 | ---- | M] () -- C:\Windows\SysWOW64\CmdRtr.DLL

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/02/11 00:29:30 | 000,952,320 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\Windows\SysNative\Ati2evxx.exe -- (Ati External Event Utility)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012/07/19 01:14:49 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/06 12:28:49 | 000,624,856 | ---- | M] (Pandora.TV) [Auto | Running] -- C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe -- (PanService)
SRV - [2012/03/07 01:36:28 | 001,370,400 | ---- | M] (NETGEAR) [Auto | Running] -- C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenieDaemon64.exe -- (NETGEARGenieDaemon)
SRV - [2012/02/15 18:47:39 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2012/01/03 08:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008/11/18 14:15:30 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2007/12/17 05:00:00 | 000,163,840 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE -- (EPSON_EB_RPCV4_01)
SRV - [2007/01/11 05:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/05/10 20:05:01 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 08:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 08:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 06:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/02/11 02:42:54 | 005,352,960 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/10/16 07:44:56 | 001,309,696 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\P17.sys -- (P17)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 15:35:03 | 000,192,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\eFE5b32e.sys -- (E100B)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2572511198-3776155673-3006782383-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2572511198-3776155673-3006782383-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A4 4E CD 80 3C EC CC 01 [binary data]
IE - HKU\S-1-5-21-2572511198-3776155673-3006782383-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2572511198-3776155673-3006782383-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2572511198-3776155673-3006782383-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2572511198-3776155673-3006782383-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "SpeedBit Search"
FF - prefs.js..browser.startup.homepage: "http://lifehacker.com/"
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\jaylew\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\jaylew\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\jaylew\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\jaylew\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/25 09:26:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{AE9C5E63-D808-11E1-8270-B8AC6F996F26}: C:\Users\jaylew\AppData\Local\{AE9C5E63-D808-11E1-8270-B8AC6F996F26}\ [2012/07/27 11:32:39 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/25 09:26:00 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/02/15 20:22:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jaylew\AppData\Roaming\Mozilla\Extensions
[2012/06/25 08:17:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\jaylew\AppData\Roaming\Mozilla\Firefox\Profiles\uxf9rexz.default\extensions
[2012/06/25 08:17:00 | 000,000,000 | ---D | M] (LavaFox V2) -- C:\Users\jaylew\AppData\Roaming\Mozilla\Firefox\Profiles\uxf9rexz.default\extensions\info@djzig.com
[2012/05/04 14:01:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/07/27 11:32:39 | 000,000,000 | ---D | M] (Mozilla Safe Browsing) -- C:\USERS\JAYLEW\APPDATA\LOCAL\{AE9C5E63-D808-11E1-8270-B8AC6F996F26}
[2012/07/19 01:14:50 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/02/08 12:12:58 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/02/08 12:12:58 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google

riginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\jaylew\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\jaylew\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\jaylew\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\jaylew\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\jaylew\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\jaylew\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\jaylew\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Users\jaylew\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/08/08 18:50:31 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [P17RunE] C:\Windows\SysWow64\P17RunE.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-2572511198-3776155673-3006782383-1001..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKU\S-1-5-21-2572511198-3776155673-3006782383-1001..\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2572511198-3776155673-3006782383-1001..\Run: [NETGEARGenie] C:\Program Files (x86)\NETGEAR Genie\bin\NETGEARGenie.exe ()
O4 - HKU\S-1-5-21-2572511198-3776155673-3006782383-1001..\Run: [OpenDNS Updater] C:\Program Files (x86)\OpenDNS Updater\OpenDNSUpdater.exe ()
O4 - Startup: C:\Users\jaylew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2572511198-3776155673-3006782383-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2572511198-3776155673-3006782383-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab (Creative Software AutoUpdate 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B9F80D8D-E33C-4913-A6A1-3B447D3DCCCA}: DhcpNameServer = 192.168.1.1
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/19 16:07:14 | 000,000,000 | ---- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/08 20:16:22 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\jaylew\Desktop\OTL.exe
[2012/08/08 19:51:57 | 001,118,624 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\jaylew\Desktop\rkill.exe
[2012/08/08 18:53:02 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/08/08 18:50:33 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/08/05 22:27:17 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012/08/05 20:09:50 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/08/05 20:09:50 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/08/05 20:09:50 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/08/05 20:08:13 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/05 20:08:04 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/08/05 19:53:17 | 004,725,168 | R--- | C] (Swearware) -- C:\Users\jaylew\Desktop\ComboFix.exe
[2012/08/05 17:20:18 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/08/05 17:19:07 | 000,000,000 | ---D | C] -- C:\Users\jaylew\Desktop\tdsskiller
[2012/08/05 14:59:37 | 000,000,000 | ---D | C] -- C:\FRST
[2012/07/27 11:37:54 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012/07/27 11:32:39 | 000,000,000 | ---D | C] -- C:\Users\jaylew\AppData\Local\{AE9C995C-D808-11E1-8270-B8AC6F996F26}
[2012/07/27 11:32:39 | 000,000,000 | ---D | C] -- C:\Users\jaylew\AppData\Local\{AE9C5E63-D808-11E1-8270-B8AC6F996F26}
[2012/07/25 09:30:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/07/25 09:29:29 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/07/25 09:29:28 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/07/25 09:29:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/07/25 09:25:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/07/25 09:25:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2012/07/10 12:54:20 | 000,000,000 | -HSD | C] -- C:\Users\jaylew\wc
[2012/07/10 12:54:18 | 000,000,000 | -HSD | C] -- C:\Users\jaylew\AppData\Roaming\wyUpdate AU
[2012/07/10 12:54:17 | 000,000,000 | ---D | C] -- C:\Users\jaylew\AppData\Roaming\Cyberduck
[2012/07/10 12:51:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cyberduck
[2012/07/10 12:45:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2012/07/10 12:42:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cyberduck

========== Files - Modified Within 30 Days ==========

[2012/08/08 20:21:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2572511198-3776155673-3006782383-1001UA.job
[2012/08/08 20:16:24 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\jaylew\Desktop\OTL.exe
[2012/08/08 19:56:56 | 000,016,640 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/08 19:56:56 | 000,016,640 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/08 19:51:58 | 001,118,624 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\jaylew\Desktop\rkill.exe
[2012/08/08 19:29:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/08 19:21:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2572511198-3776155673-3006782383-1001Core.job
[2012/08/08 18:59:28 | 000,726,142 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/08 18:59:28 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/08 18:59:28 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/08 18:55:26 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/08 18:55:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/08 18:55:08 | 2817,126,400 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/08 18:50:31 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/08/05 20:09:43 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/08/05 19:54:12 | 004,725,168 | R--- | M] (Swearware) -- C:\Users\jaylew\Desktop\ComboFix.exe
[2012/08/05 17:17:32 | 002,117,108 | ---- | M] () -- C:\Users\jaylew\Desktop\tdsskiller.zip
[2012/08/05 17:16:46 | 000,002,459 | ---- | M] () -- C:\Users\jaylew\Desktop\Google Chrome.lnk
[2012/07/29 13:42:25 | 000,742,892 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/07/25 15:58:44 | 000,028,661 | ---- | M] () -- C:\Users\jaylew\Desktop\Lion Logo.jpg
[2012/07/25 09:30:13 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/07/25 09:25:52 | 000,001,845 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/07/11 03:37:50 | 000,309,944 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/10 12:51:39 | 000,001,023 | ---- | M] () -- C:\Users\Public\Desktop\Cyberduck.lnk

========== Files Created - No Company Name ==========

[2012/08/05 20:09:50 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/08/05 20:09:50 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/08/05 20:09:50 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/08/05 20:09:50 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/08/05 20:09:50 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/08/05 17:17:20 | 002,117,108 | ---- | C] () -- C:\Users\jaylew\Desktop\tdsskiller.zip
[2012/07/25 15:58:40 | 000,028,661 | ---- | C] () -- C:\Users\jaylew\Desktop\Lion Logo.jpg
[2012/07/25 09:30:13 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/07/25 09:25:52 | 000,001,845 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/07/10 12:51:39 | 000,001,023 | ---- | C] () -- C:\Users\Public\Desktop\Cyberduck.lnk
[2012/02/15 19:52:55 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012/02/15 18:54:30 | 000,742,892 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/02/15 18:45:10 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2012/02/15 18:45:09 | 000,166,912 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL

========== LOP Check ==========

[2012/05/07 19:52:02 | 000,000,000 | ---D | M] -- C:\Users\Guest\AppData\Roaming\LibreOffice
[2012/07/22 01:23:08 | 000,000,000 | ---D | M] -- C:\Users\jaylew\AppData\Roaming\Cyberduck
[2012/03/28 00:47:41 | 000,000,000 | ---D | M] -- C:\Users\jaylew\AppData\Roaming\LibreOffice
[2012/05/10 23:06:45 | 000,000,000 | ---D | M] -- C:\Users\jaylew\AppData\Roaming\Netgear Live Parental Controls
[2012/05/11 00:17:13 | 000,000,000 | ---D | M] -- C:\Users\jaylew\AppData\Roaming\OpenDNS Updater
[2012/02/16 19:21:01 | 000,000,000 | ---D | M] -- C:\Users\jaylew\AppData\Roaming\Rainmeter
[2012/02/16 08:47:29 | 000,000,000 | ---D | M] -- C:\Users\jaylew\AppData\Roaming\SumatraPDF
[2012/02/16 03:37:26 | 000,000,000 | ---D | M] -- C:\Users\jaylew\AppData\Roaming\uTorrent
[2012/07/10 12:54:18 | 000,000,000 | -HSD | M] -- C:\Users\jaylew\AppData\Roaming\wyUpdate AU
[2012/08/04 14:34:37 | 000,032,560 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

jaylew · Aug 8, 2012

OTL Extras logfile created on: 8/8/2012 8:17:44 PM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\jaylew\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.50 Gb Total Physical Memory | 2.55 Gb Available Physical Memory | 72.80% Memory free
6.99 Gb Paging File | 5.88 Gb Available in Paging File | 84.13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 55.80 Gb Total Space | 24.43 Gb Free Space | 43.78% Space Free | Partition Type: NTFS
Drive F: | 143.97 Gb Total Space | 14.11 Gb Free Space | 9.80% Space Free | Partition Type: NTFS

Computer Name: JAYLEW-PC | User Name: jaylew | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2572511198-3776155673-3006782383-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |
"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |
"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |
"{1286DC7E-83D1-4655-BBAB-E0AED1182E54}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |
"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |
"{5B759569-B744-4C1E-A5AD-B50824BA67FE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |
"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |
"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |
"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |
"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{026F3536-7F99-4D2F-AD97-9DF8DD744138}" = protocol=6 | dir=in | app=c:\program files (x86)\pandora.tv\panservice\pandoraservice.exe |
"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |
"{CB08BF6F-F4D5-4946-8758-0308AB2E39F7}" = protocol=17 | dir=in | app=c:\program files (x86)\pandora.tv\panservice\pandoraservice.exe |
"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{5595AE58-6C39-4E26-B614-4D53278B519B}C:\program files (x86)\netgear genie\bin\netgeargenie.exe" = protocol=6 | dir=in | app=c:\program files (x86)\netgear genie\bin\netgeargenie.exe |
"TCP Query User{84A74495-0450-4FF0-A15B-8884DA9911CB}C:\program files (x86)\itunes\itunes.exe" = protocol=6 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"UDP Query User{8BF04EE8-6160-4821-AE97-00760A18AA19}C:\program files (x86)\netgear genie\bin\netgeargenie.exe" = protocol=17 | dir=in | app=c:\program files (x86)\netgear genie\bin\netgeargenie.exe |
"UDP Query User{F6C533C0-E352-4FE0-9E1F-71ADAAE45A14}C:\program files (x86)\itunes\itunes.exe" = protocol=17 | dir=in | app=c:\program files (x86)\itunes\itunes.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
"{9D00A8DA-650F-21C6-E787-78756733F15F}" = ATI Catalyst Install Manager
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{E5A509B4-D9B1-4FD9-B3EF-EDB216AA8651}" = ccc-utility64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"EPSON Artisan 50 Series" = EPSON Artisan 50 Series Printer Uninstall
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0E8E4718-0702-4D33-B007-5E95849BAB3C}" = LibreOffice 3.5
"{0FFAC7BB-50DC-CB54-6CA7-A8B74513280B}" = CCC Help Chinese Traditional
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{1C802083-6D79-78ED-BF1C-601DDF908DD1}" = Catalyst Control Center Core Implementation
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{28728178-FF15-218B-0B63-012692F42C28}" = CCC Help Danish
"{2C1D4263-77F0-46F6-A3A3-F89A95F6EB8F}" = SSDlife Free
"{32851025-1E46-83A3-1320-471619254E39}" = Catalyst Control Center Localization All
"{40217B2F-462B-94A4-E84E-6A1C6EDBCE2F}" = CCC Help Swedish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5343A801-92E5-C234-9F27-AB27EC738BF6}" = CCC Help Japanese
"{5D22226D-EBC1-C95F-7746-2E3A9F4C97BA}" = CCC Help Russian
"{600C37F2-098B-A165-C1DB-6AE2B89D8D49}" = Catalyst Control Center Graphics Previews Common
"{61F8CA2C-9A80-8A1B-D3B9-347530CB387F}" = CCC Help Norwegian
"{674B407D-EAB1-B6B6-F9BF-C34CEE4CD83F}" = Catalyst Control Center Graphics Light
"{69F411C5-4851-6DA9-EA4C-160BEF8788AA}" = CCC Help French
"{6DD27E54-2598-0FEC-7CE1-BE00924C0570}" = Catalyst Control Center Graphics Previews Vista
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7C27114E-6FC8-21F5-E501-FE48F09243DF}" = CCC Help Dutch
"{7CAC6A44-C3DE-4153-ACA6-7524602C789E}" = Facebook Video Calling 1.2.0.159
"{80237C20-CBF3-F841-4AD5-E727AA86FBD1}" = CCC Help Italian
"{802EE127-D32A-1447-09DC-77419772BCDC}" = CCC Help Portuguese
"{836AFA32-7B8B-2C19-99D9-36EF32B42EB8}" = CCC Help Thai
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{946942CB-D078-F33A-A3CD-27E0393507FD}" = CCC Help Turkish
"{9682B99B-BB28-AD37-CA50-C1CB5BFF0FA6}" = Catalyst Control Center Graphics Full New
"{9DBCF44B-77AC-81D8-0F8E-1E60D6330AC2}" = Catalyst Control Center InstallProxy
"{A02CC93A-134F-0319-1438-B1E895B52577}" = CCC Help German
"{A7E1ADB8-162B-7C33-60FB-0561A17BD876}" = CCC Help Spanish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96EEF55-155C-552E-ABB1-6FDAEF5BD944}" = CCC Help Polish
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.3)
"{ADB25FF0-AEC4-2CFB-130C-2C60D80C5934}" = CCC Help Greek
"{B04D5DA5-11DA-830C-85C6-0FF9185787E7}" = Skins
"{BA31F48A-C811-30B4-AD93-1986C7838442}" = Google Talk Plugin
"{BB603E9F-ECE8-7713-B0AC-7E0614E8C058}" = Catalyst Control Center HydraVision Full
"{BE232D60-AEA5-502F-ACBF-9AC188A82C21}" = CCC Help Finnish
"{C15C4AB5-EF5D-5050-273C-4636E3FBE301}" = CCC Help Czech
"{E09CD13D-7CE3-351C-1625-8DC7F21A99C0}" = ccc-core-static
"{E373E0E2-20F5-90DF-B315-615EA6E52101}" = Catalyst Control Center Graphics Full Existing
"{E6DA746E-1175-88BD-2B16-1DC62018E060}" = CCC Help Chinese Standard
"{E77A53A2-4623-4635-AE7F-702152168EE5}" = Google Drive
"{F053BFD9-4357-6A82-6042-CF919667448F}" = CCC Help English
"{F17EB02C-DA0D-EDEF-2E16-501FB700A710}" = CCC Help Hungarian
"{F5DDC0CD-F13A-83F0-5103-563A17EA306F}" = CCC Help Korean
"4F6D5E84-5826-4394-9F40-3A9A19165651_is1" = Pandora Service
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AudioCS" = Creative Audio Control Panel
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"Cyberduck" = Cyberduck 4.2.1 (9350)
"Free Hide Folder" = Free Hide Folder
"Mozilla Firefox 14.0.1 (x86 en-US)" = Mozilla Firefox 14.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NETGEAR Genie" = NETGEAR Genie
"NETGEAR Live Parental Controls User Utility" = NETGEAR Live Parental Controls User Utility 1.0b40
"OpenDNS Updater" = OpenDNS Updater 2.2.1
"Rainmeter" = Rainmeter
"Soulseek2" = SoulSeek 157 NS 13e
"SumatraPDF" = SumatraPDF
"The KMPlayer" = The KMPlayer (remove only)
"uTorrent" = µTorrent

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2572511198-3776155673-3006782383-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 8/6/2012 3:23:28 AM | Computer Name = jaylew-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1451

Error - 8/6/2012 3:23:29 AM | Computer Name = jaylew-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 8/6/2012 3:23:29 AM | Computer Name = jaylew-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2449

Error - 8/6/2012 3:23:29 AM | Computer Name = jaylew-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2449

Error - 8/6/2012 3:23:31 AM | Computer Name = jaylew-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 8/6/2012 3:23:31 AM | Computer Name = jaylew-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 4056

Error - 8/6/2012 3:23:31 AM | Computer Name = jaylew-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 4056

Error - 8/6/2012 3:23:32 AM | Computer Name = jaylew-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 8/6/2012 3:23:32 AM | Computer Name = jaylew-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5101

Error - 8/6/2012 3:23:32 AM | Computer Name = jaylew-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5101

[ System Events ]
Error - 8/8/2012 4:34:58 PM | Computer Name = jaylew-PC | Source = Service Control Manager | ID = 7022
Description = The NETGEARGenieDaemon service hung on starting.

Error - 8/8/2012 7:34:16 PM | Computer Name = jaylew-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 8/8/2012 7:36:48 PM | Computer Name = jaylew-PC | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.

Error - 8/8/2012 7:36:48 PM | Computer Name = jaylew-PC | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.

Error - 8/8/2012 7:37:28 PM | Computer Name = jaylew-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 8/8/2012 7:37:32 PM | Computer Name = jaylew-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 8/8/2012 7:38:09 PM | Computer Name = jaylew-PC | Source = Service Control Manager | ID = 7023
Description = The Windows Defender service terminated with the following error:
%%126

Error - 8/8/2012 7:39:49 PM | Computer Name = jaylew-PC | Source = Service Control Manager | ID = 7022
Description = The NETGEARGenieDaemon service hung on starting.

Error - 8/8/2012 7:56:54 PM | Computer Name = jaylew-PC | Source = Service Control Manager | ID = 7022
Description = The NETGEARGenieDaemon service hung on starting.

Error - 8/8/2012 7:57:57 PM | Computer Name = jaylew-PC | Source = DCOM | ID = 10010
Description =

< End of report >

Broni · Aug 8, 2012

You didn't say:

How is computer doing?

Broni · Aug 8, 2012

We posted at the same time.

Solved Sirefef; 1 minute restarts

Posts: 23 +0

Posts: 56,041 +516

Posts: 23 +0

Posts: 56,041 +516

Attachments

Posts: 23 +0

Posts: 23 +0

Posts: 23 +0

Posts: 56,041 +516

Posts: 23 +0

Posts: 56,041 +516

Posts: 23 +0

Posts: 56,041 +516

Posts: 23 +0

Posts: 56,041 +516

Posts: 23 +0

Posts: 23 +0

Posts: 56,041 +516

Posts: 23 +0

Posts: 56,041 +516

Posts: 23 +0

Posts: 56,041 +516

Posts: 23 +0

Posts: 23 +0

Posts: 56,041 +516

Posts: 56,041 +516

Similar threads