[Closed] Help with removing C:\WinDir/Svchost.exe

[ricky splinter]

I was looking in my c:/ and I seen c:/windir/Svchost.exe and I know its not ment to be there my anti virus : macafee : doesnt find it / detect it as a virus and if I delete the folder and reboot it comes back and also comes back right away help plz.

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.15.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Rickyfk :: RICKYFK-PC [administrator]

Protection: Enabled

15/08/2012 3:03:27 AM
mbam-log-2012-08-15 (03-37-44).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 354429
Time elapsed: 33 minute(s), 15 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 19
HKCR\CLSID\{11111111-1111-1111-1111-110011501158} (PUP.215Apps) -> No action taken.
HKCR\TypeLib\{44444444-4444-4444-4444-440044504458} (PUP.215Apps) -> No action taken.
HKCR\Interface\{55555555-5555-5555-5555-550055505558} (PUP.215Apps) -> No action taken.
HKCR\CrossriderApp0005058.BHO.1 (PUP.215Apps) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011501158} (PUP.215Apps) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011501158} (PUP.215Apps) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011501158} (PUP.215Apps) -> No action taken.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011501158} (PUP.215Apps) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011501158} (PUP.215Apps) -> No action taken.
HKCR\CLSID\{22222222-2222-2222-2222-220022502258} (PUP.CrossRider.SSK) -> No action taken.
HKCR\CrossriderApp0005058.Sandbox.1 (PUP.CrossRider.SSK) -> No action taken.
HKCR\CrossriderApp0005058.Sandbox (PUP.CrossRider.SSK) -> No action taken.
HKCR\CLSID\{33333333-3333-3333-3333-330033503358} (PUP.CrossRider.SSK) -> No action taken.
HKCR\CrossriderApp0005058.FBApi.1 (PUP.CrossRider.SSK) -> No action taken.
HKCR\CrossriderApp0005058.FBApi (PUP.CrossRider.SSK) -> No action taken.
HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{PQJUV384-0MFJ-27M6-1Y4N-ABC8V386C7F3} (Backdoor.Agent) -> No action taken.
HKCR\CLSID\{PQJUV384-0MFJ-27M6-1Y4N-ABC8V386C7F3} (Backdoor.Agent) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Shopping Sidekick (PUP.215Apps) -> No action taken.
HKCU\SOFTWARE\CYBER (Backdoor.Trace) -> No action taken.

Registry Values Detected: 5
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Windows Defender (Backdoor.Agent) -> Data: C:\WinDir\Svchost.exe -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|Policies (Backdoor.Agent) -> Data: C:\WinDir\Svchost.exe -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Windows Defender (Backdoor.Agent) -> Data: C:\WinDir\Svchost.exe -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|Policies (Backdoor.Agent) -> Data: C:\WinDir\Svchost.exe -> No action taken.
HKCU\Software\Cyber|FirstExecution (Backdoor.Trace) -> Data: 13/08/2012 -- 16:54 -> No action taken.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 9
C:\Program Files (x86)\Shopping Sidekick\Shopping Sidekick.dll (PUP.215Apps) -> No action taken.
C:\WinDir\Svchost.exe (Backdoor.Agent) -> No action taken.
C:\Program Files (x86)\Shopping Sidekick\Shopping Sidekick.exe (PUP.215Apps) -> No action taken.
C:\Program Files (x86)\Shopping Sidekick\Shopping SidekickGui.exe (PUP.215Apps) -> No action taken.
C:\Program Files (x86)\Shopping Sidekick\Uninstall.exe (PUP.215Apps) -> No action taken.
C:\Users\Rickyfk\AppData\Local\Temp\qvIB4sJe.exe.part (RiskWare.Tool.CK) -> No action taken.
C:\Users\Rickyfk\AppData\Local\Temp\~nsu.tmp\Au_.exe (PUP.215Apps) -> No action taken.
C:\Users\Rickyfk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games\Civ3Complete+Steam++7.v3.exe (HackTool.GamesCheat.Gen) -> No action taken.
C:\Users\Rickyfk\AppData\Local\Temp\xxxyyyzzz.dat (Malware.Trace) -> No action taken.

(end)

 

[ricky splinter]

03:44:22.0473 4924 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05
03:44:22.0473 4924 UEFI system
03:44:23.0005 4924 ============================================================
03:44:23.0005 4924 Current date / time: 2012/08/15 03:44:23.0005
03:44:23.0005 4924 SystemInfo:
03:44:23.0005 4924
03:44:23.0005 4924 OS Version: 6.1.7601 ServicePack: 1.0
03:44:23.0005 4924 Product type: Workstation
03:44:23.0006 4924 ComputerName: RICKYFK-PC
03:44:23.0006 4924 UserName: Rickyfk
03:44:23.0006 4924 Windows directory: C:\Windows
03:44:23.0006 4924 System windows directory: C:\Windows
03:44:23.0006 4924 Running under WOW64
03:44:23.0006 4924 Processor architecture: Intel x64
03:44:23.0006 4924 Number of processors: 8
03:44:23.0006 4924 Page size: 0x1000
03:44:23.0006 4924 Boot type: Normal boot
03:44:23.0006 4924 ============================================================
03:44:23.0803 4924 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
03:44:23.0813 4924 ============================================================
03:44:23.0813 4924 \Device\Harddisk0\DR0:
03:44:23.0814 4924 GPT partitions:
03:44:23.0814 4924 \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {4D9C5534-8EBA-49D6-97C8-E38DC57219CA}, Name: EFI system partition, StartLBA 0x800, BlocksNum 0x96000
03:44:23.0814 4924 \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {32FA3F14-8239-4514-BC10-3B33A9D0872D}, Name: Basic data partition, StartLBA 0x98000, BlocksNum 0x14000
03:44:23.0814 4924 \Device\Harddisk0\DR0\Partition3: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {47CBD46C-8C40-4B29-9CE6-5B98920922DF}, Name: Microsoft reserved partition, StartLBA 0xAC000, BlocksNum 0x40000
03:44:23.0814 4924 \Device\Harddisk0\DR0\Partition4: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {9B84E60F-0C80-4BC1-8E70-18974CFB17D9}, Name: Basic data partition, StartLBA 0xEC000, BlocksNum 0x1560000
03:44:23.0814 4924 \Device\Harddisk0\DR0\Partition5: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {5AE25396-A34B-4F5E-A550-29D3E397E1D0}, Name: Basic data partition, StartLBA 0x164C000, BlocksNum 0x730BA000
03:44:23.0814 4924 MBR partitions:
03:44:23.0814 4924 ============================================================
03:44:23.0864 4924 C: <-> \Device\Harddisk0\DR0\Partition5
03:44:23.0864 4924 ============================================================
03:44:23.0864 4924 Initialize success
03:44:23.0864 4924 ============================================================
03:44:30.0552 3040 ============================================================
03:44:30.0552 3040 Scan started
03:44:30.0552 3040 Mode: Manual;
03:44:30.0552 3040 ============================================================
03:44:31.0694 3040 ================ Scan services =============================
03:44:31.0929 3040 [ a87d604aea360176311474c87a63bb88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
03:44:31.0931 3040 1394ohci - ok
03:44:31.0953 3040 [ d81d9e70b8a6dd14d42d7b4efa65d5f2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
03:44:31.0967 3040 ACPI - ok
03:44:31.0970 3040 [ 99f8e788246d495ce3794d7e7821d2ca ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
03:44:31.0970 3040 AcpiPmi - ok
03:44:33.0425 3040 [ f19c98ad81d2c0e1bbfd8153d2c80ee8 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
03:44:33.0425 3040 Suspicious file (NoAccess): C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe. md5: f19c98ad81d2c0e1bbfd8153d2c80ee8
03:44:33.0425 3040 AdobeFlashPlayerUpdateSvc ( LockedFile.Multi.Generic ) - warning
03:44:33.0425 3040 AdobeFlashPlayerUpdateSvc - detected LockedFile.Multi.Generic (1)
03:44:33.0446 3040 [ 2f6b34b83843f0c5118b63ac634f5bf4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
03:44:33.0450 3040 adp94xx - ok
03:44:33.0459 3040 [ 597f78224ee9224ea1a13d6350ced962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
03:44:33.0463 3040 adpahci - ok
03:44:33.0466 3040 [ e109549c90f62fb570b9540c4b148e54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
03:44:33.0468 3040 adpu320 - ok
03:44:33.0489 3040 [ 4b78b431f225fd8624c5655cb1de7b61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
03:44:33.0491 3040 AeLookupSvc - ok
03:44:33.0555 3040 [ d1e343bc00136ce03c4d403194d06a80 ] AERTFilters C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
03:44:33.0557 3040 AERTFilters - ok
03:44:33.0598 3040 [ 1c7857b62de5994a75b054a9fd4c3825 ] AFD C:\Windows\system32\drivers\afd.sys
03:44:33.0599 3040 AFD - ok
03:44:33.0606 3040 [ 608c14dba7299d8cb6ed035a68a15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
03:44:33.0607 3040 agp440 - ok
03:44:33.0627 3040 [ 3290d6946b5e30e70414990574883ddb ] ALG C:\Windows\System32\alg.exe
03:44:33.0628 3040 ALG - ok
03:44:33.0675 3040 [ 6e3300ec67edb3485d96e81ced73089a ] AlienFusionService C:\Program Files\Alienware\Command Center\AlienFusionService.exe
03:44:33.0677 3040 AlienFusionService - ok
03:44:33.0704 3040 [ 6ac953cd695b37cdaba6c822106f47ef ] AlienFXWindowsService C:\Program Files\Alienware\Command Center\AlienFXWindowsService.exe
03:44:33.0705 3040 AlienFXWindowsService - ok
03:44:33.0715 3040 [ 5812713a477a3ad7363c7438ca2ee038 ] aliide C:\Windows\system32\drivers\aliide.sys
03:44:33.0715 3040 aliide - ok
03:44:33.0963 3040 ALSysIO - ok
03:44:33.0965 3040 [ 1ff8b4431c353ce385c875f194924c0c ] amdide C:\Windows\system32\drivers\amdide.sys
03:44:33.0966 3040 amdide - ok
03:44:33.0973 3040 [ 7024f087cff1833a806193ef9d22cda9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
03:44:33.0983 3040 AmdK8 - ok
03:44:33.0987 3040 [ 1e56388b3fe0d031c44144eb8c4d6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
03:44:33.0988 3040 AmdPPM - ok
03:44:34.0004 3040 [ d4121ae6d0c0e7e13aa221aa57ef2d49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
03:44:34.0006 3040 amdsata - ok
03:44:34.0009 3040 [ f67f933e79241ed32ff46a4f29b5120b ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
03:44:34.0011 3040 amdsbs - ok
03:44:34.0023 3040 [ 540daf1cea6094886d72126fd7c33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
03:44:34.0024 3040 amdxata - ok
03:44:34.0029 3040 [ 89a69c3f2f319b43379399547526d952 ] AppID C:\Windows\system32\drivers\appid.sys
03:44:34.0030 3040 AppID - ok
03:44:34.0040 3040 [ 0bc381a15355a3982216f7172f545de1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
03:44:34.0042 3040 AppIDSvc - ok
03:44:34.0069 3040 [ 3977d4a871ca0d4f2ed1e7db46829731 ] Appinfo C:\Windows\System32\appinfo.dll
03:44:34.0070 3040 Appinfo - ok
03:44:34.0188 3040 [ f401929ee0cc92bfe7f15161ca535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
03:44:34.0189 3040 Apple Mobile Device - ok
03:44:34.0212 3040 [ c484f8ceb1717c540242531db7845c4e ] arc C:\Windows\system32\drivers\arc.sys
03:44:34.0214 3040 arc - ok
03:44:34.0230 3040 [ 019af6924aefe7839f61c830227fe79c ] arcsas C:\Windows\system32\drivers\arcsas.sys
03:44:34.0232 3040 arcsas - ok
03:44:34.0318 3040 [ 9217d874131ae6ff8f642f124f00a555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
03:44:34.0319 3040 aspnet_state - ok
03:44:34.0331 3040 [ 769765ce2cc62867468cea93969b2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
03:44:34.0332 3040 AsyncMac - ok
03:44:34.0338 3040 [ 02062c0b390b7729edc9e69c680a6f3c ] atapi C:\Windows\system32\drivers\atapi.sys
03:44:34.0338 3040 atapi - ok
03:44:34.0381 3040 [ 5493ed5d300afc7a9a0a87fca08e5381 ] athr C:\Windows\system32\DRIVERS\athrx.sys
03:44:34.0407 3040 athr - ok
03:44:34.0422 3040 [ f23fef6d569fce88671949894a8becf1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
03:44:34.0428 3040 AudioEndpointBuilder - ok
03:44:34.0434 3040 [ f23fef6d569fce88671949894a8becf1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
03:44:34.0436 3040 AudioSrv - ok
03:44:34.0461 3040 [ a6bf31a71b409dfa8cac83159e1e2aff ] AxInstSV C:\Windows\System32\AxInstSV.dll
03:44:34.0462 3040 AxInstSV - ok
03:44:34.0480 3040 [ 3e5b191307609f7514148c6832bb0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
03:44:34.0484 3040 b06bdrv - ok
03:44:34.0510 3040 [ b5ace6968304a3900eeb1ebfd9622df2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
03:44:34.0513 3040 b57nd60a - ok
03:44:34.0521 3040 [ fde360167101b4e45a96f939f388aeb0 ] BDESVC C:\Windows\System32\bdesvc.dll
03:44:34.0522 3040 BDESVC - ok
03:44:34.0524 3040 [ 16a47ce2decc9b099349a5f840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
03:44:34.0524 3040 Beep - ok
03:44:34.0582 3040 [ 82974d6a2fd19445cc5171fc378668a4 ] BFE C:\Windows\System32\bfe.dll
03:44:34.0584 3040 BFE - ok
03:44:34.0610 3040 [ 1ea7969e3271cbc59e1730697dc74682 ] BITS C:\Windows\System32\qmgr.dll
03:44:34.0633 3040 BITS - ok
03:44:34.0643 3040 [ 61583ee3c3a17003c4acd0475646b4d3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
03:44:34.0644 3040 blbdrive - ok
03:44:34.0684 3040 [ ebbcd5dfbb1de70e8f4af8fa59e401fd ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
03:44:34.0688 3040 Bonjour Service - ok
03:44:34.0736 3040 [ 6c02a83164f5cc0a262f4199f0871cf5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
03:44:34.0740 3040 bowser - ok
03:44:34.0742 3040 [ f09eee9edc320b5e1501f749fde686c8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
03:44:34.0743 3040 BrFiltLo - ok
03:44:34.0745 3040 [ b114d3098e9bdb8bea8b053685831be6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
03:44:34.0745 3040 BrFiltUp - ok
03:44:34.0773 3040 [ 05f5a0d14a2ee1d8255c2aa0e9e8e694 ] Browser C:\Windows\System32\browser.dll
03:44:34.0774 3040 Browser - ok
03:44:34.0791 3040 [ 43bea8d483bf1870f018e2d02e06a5bd ] Brserid C:\Windows\System32\Drivers\Brserid.sys
03:44:34.0793 3040 Brserid - ok
03:44:34.0795 3040 [ a6eca2151b08a09caceca35c07f05b42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
03:44:34.0797 3040 BrSerWdm - ok
03:44:34.0798 3040 [ b79968002c277e869cf38bd22cd61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
03:44:34.0799 3040 BrUsbMdm - ok
03:44:34.0801 3040 [ a87528880231c54e75ea7a44943b38bf ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
03:44:34.0808 3040 BrUsbSer - ok
03:44:34.0810 3040 [ 9da669f11d1f894ab4eb69bf546a42e8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
03:44:34.0811 3040 BTHMODEM - ok
03:44:34.0813 3040 [ 95f9c2976059462cbbf227f7aab10de9 ] bthserv C:\Windows\system32\bthserv.dll
03:44:34.0815 3040 bthserv - ok
03:44:34.0817 3040 [ b8bd2bb284668c84865658c77574381a ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
03:44:34.0818 3040 cdfs - ok
03:44:34.0827 3040 [ f036ce71586e93d94dab220d7bdf4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
03:44:34.0829 3040 cdrom - ok
03:44:34.0875 3040 [ f17d1d393bbc69c5322fbfafaca28c7f ] CertPropSvc C:\Windows\System32\certprop.dll
03:44:34.0876 3040 CertPropSvc - ok
03:44:34.0891 3040 [ 274ce03459896006f7a5069266e0469e ] cfwids C:\Windows\system32\drivers\cfwids.sys
03:44:34.0893 3040 cfwids - ok
03:44:34.0895 3040 [ d7cd5c4e1b71fa62050515314cfb52cf ] circlass C:\Windows\system32\drivers\circlass.sys
03:44:34.0895 3040 circlass - ok
03:44:34.0909 3040 [ fe1ec06f2253f691fe36217c592a0206 ] CLFS C:\Windows\system32\CLFS.sys
03:44:34.0912 3040 CLFS - ok
03:44:34.0947 3040 [ d88040f816fda31c3b466f0fa0918f29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
03:44:34.0948 3040 clr_optimization_v2.0.50727_32 - ok
03:44:34.0961 3040 [ d1ceea2b47cb998321c579651ce3e4f8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
03:44:34.0962 3040 clr_optimization_v2.0.50727_64 - ok
03:44:35.0007 3040 [ c5a75eb48e2344abdc162bda79e16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
03:44:35.0009 3040 clr_optimization_v4.0.30319_32 - ok
03:44:35.0035 3040 [ c6f9af94dcd58122a4d7e89db6bed29d ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
03:44:35.0037 3040 clr_optimization_v4.0.30319_64 - ok
03:44:35.0039 3040 [ 0840155d0bddf1190f84a663c284bd33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
03:44:35.0040 3040 CmBatt - ok
03:44:35.0042 3040 [ e19d3f095812725d88f9001985b94edd ] cmdide C:\Windows\system32\drivers\cmdide.sys
03:44:35.0042 3040 cmdide - ok
03:44:35.0053 3040 [ 9ac4f97c2d3e93367e2148ea940cd2cd ] CNG C:\Windows\system32\Drivers\cng.sys
03:44:35.0057 3040 CNG - ok
03:44:35.0064 3040 [ 102de219c3f61415f964c88e9085ad14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
03:44:35.0065 3040 Compbatt - ok
03:44:35.0082 3040 [ 03edb043586cceba243d689bdda370a8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
03:44:35.0084 3040 CompositeBus - ok
03:44:35.0094 3040 COMSysApp - ok
03:44:36.0496 3040 [ aa7a157729fb504e1eed535f2f6ad1c0 ] cphs C:\Windows\SysWow64\IntelCpHeciSvc.exe
03:44:36.0498 3040 cphs - ok
03:44:36.0501 3040 [ 1c827878a998c18847245fe1f34ee597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
03:44:36.0502 3040 crcdisk - ok
03:44:36.0518 3040 [ 4f5414602e2544a4554d95517948b705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
03:44:36.0520 3040 CryptSvc - ok
03:44:36.0541 3040 [ d00a4fe22216265783a08a05d268b902 ] DCamUSBVM C:\Windows\system32\Drivers\usbVM31b.sys
03:44:36.0543 3040 DCamUSBVM - ok
03:44:36.0563 3040 [ 5c627d1b1138676c0a7ab2c2c190d123 ] DcomLaunch C:\Windows\system32\rpcss.dll
03:44:36.0568 3040 DcomLaunch - ok
03:44:36.0582 3040 [ 3cec7631a84943677aa8fa8ee5b6b43d ] defragsvc C:\Windows\System32\defragsvc.dll
03:44:36.0584 3040 defragsvc - ok
03:44:36.0590 3040 [ 9bb2ef44eaa163b29c4a4587887a0fe4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
03:44:36.0592 3040 DfsC - ok
03:44:36.0609 3040 [ 43d808f5d9e1a18e5eeb5ebc83969e4e ] Dhcp C:\Windows\system32\dhcpcore.dll
03:44:36.0612 3040 Dhcp - ok
03:44:36.0621 3040 [ 13096b05847ec78f0977f2c0f79e9ab3 ] discache C:\Windows\system32\drivers\discache.sys
03:44:36.0621 3040 discache - ok
03:44:36.0635 3040 [ 9819eee8b5ea3784ec4af3b137a5244c ] Disk C:\Windows\system32\drivers\disk.sys
03:44:36.0636 3040 Disk - ok
03:44:36.0663 3040 [ 16835866aaa693c7d7fceba8fff706e4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
03:44:36.0671 3040 Dnscache - ok
03:44:36.0687 3040 [ b1fb3ddca0fdf408750d5843591afbc6 ] dot3svc C:\Windows\System32\dot3svc.dll
03:44:36.0689 3040 dot3svc - ok
03:44:36.0698 3040 [ b26f4f737e8f9df4f31af6cf31d05820 ] DPS C:\Windows\system32\dps.dll
03:44:36.0700 3040 DPS - ok
03:44:36.0722 3040 [ 9b19f34400d24df84c858a421c205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
03:44:36.0723 3040 drmkaud - ok
03:44:36.0738 3040 [ f5bee30450e18e6b83a5012c100616fd ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
03:44:36.0745 3040 DXGKrnl - ok
03:44:36.0754 3040 [ e2dda8726da9cb5b2c4000c9018a9633 ] EapHost C:\Windows\System32\eapsvc.dll
03:44:36.0756 3040 EapHost - ok
03:44:36.0793 3040 [ dc5d737f51be844d8c82c695eb17372f ] ebdrv C:\Windows\system32\drivers\evbda.sys
03:44:36.0827 3040 ebdrv - ok
03:44:36.0835 3040 [ c118a82cd78818c29ab228366ebf81c3 ] EFS C:\Windows\System32\lsass.exe
03:44:36.0837 3040 EFS - ok
03:44:36.0881 3040 [ c4002b6b41975f057d98c439030cea07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
03:44:36.0886 3040 ehRecvr - ok
03:44:36.0918 3040 [ 4705e8ef9934482c5bb488ce28afc681 ] ehSched C:\Windows\ehome\ehsched.exe
03:44:36.0921 3040 ehSched - ok
03:44:36.0936 3040 [ 0e5da5369a0fcaea12456dd852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
03:44:36.0941 3040 elxstor - ok
03:44:36.0942 3040 [ 34a3c54752046e79a126e15c51db409b ] ErrDev C:\Windows\system32\drivers\errdev.sys
03:44:36.0943 3040 ErrDev - ok
03:44:36.0966 3040 [ 4166f82be4d24938977dd1746be9b8a0 ] EventSystem C:\Windows\system32\es.dll
03:44:36.0969 3040 EventSystem - ok
03:44:36.0973 3040 [ a510c654ec00c1e9bdd91eeb3a59823b ] exfat C:\Windows\system32\drivers\exfat.sys
03:44:36.0975 3040 exfat - ok
03:44:36.0984 3040 [ 0adc83218b66a6db380c330836f3e36d ] fastfat C:\Windows\system32\drivers\fastfat.sys
03:44:36.0986 3040 fastfat - ok
03:44:37.0011 3040 [ dbefd454f8318a0ef691fdd2eaab44eb ] Fax C:\Windows\system32\fxssvc.exe
03:44:37.0017 3040 Fax - ok
03:44:37.0019 3040 [ d765d19cd8ef61f650c384f62fac00ab ] fdc C:\Windows\system32\drivers\fdc.sys
03:44:37.0019 3040 fdc - ok
03:44:37.0022 3040 [ 0438cab2e03f4fb61455a7956026fe86 ] fdPHost C:\Windows\system32\fdPHost.dll
03:44:37.0022 3040 fdPHost - ok
03:44:37.0031 3040 [ 802496cb59a30349f9a6dd22d6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
03:44:37.0033 3040 FDResPub - ok
03:44:37.0042 3040 [ 655661be46b5f5f3fd454e2c3095b930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
03:44:37.0044 3040 FileInfo - ok
03:44:37.0054 3040 [ 5f671ab5bc87eea04ec38a6cd5962a47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
03:44:37.0055 3040 Filetrace - ok
03:44:37.0057 3040 [ c172a0f53008eaeb8ea33fe10e177af5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
03:44:37.0058 3040 flpydisk - ok
03:44:37.0080 3040 [ da6b67270fd9db3697b20fce94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
03:44:37.0082 3040 FltMgr - ok
03:44:37.0109 3040 [ 5c4cb4086fb83115b153e47add961a0c ] FontCache C:\Windows\system32\FntCache.dll
03:44:37.0126 3040 FontCache - ok
03:44:37.0165 3040 [ a8b7f3818ab65695e3a0bb3279f6dce6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
03:44:37.0165 3040 FontCache3.0.0.0 - ok
03:44:37.0170 3040 [ d43703496149971890703b4b1b723eac ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
03:44:37.0172 3040 FsDepends - ok
03:44:37.0183 3040 [ 6bd9295cc032dd3077c671fccf579a7b ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
03:44:37.0184 3040 Fs_Rec - ok
03:44:37.0198 3040 [ 1f7b25b858fa27015169fe95e54108ed ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
03:44:37.0199 3040 fvevol - ok
03:44:37.0206 3040 [ 8c778d335c9d272cfd3298ab02abe3b6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
03:44:37.0207 3040 gagp30kx - ok
03:44:37.0244 3040 [ e403aacf8c7bb11375122d2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
03:44:37.0245 3040 GEARAspiWDM - ok
03:44:37.0268 3040 [ 277bbc7e1aa1ee957f573a10eca7ef3a ] gpsvc C:\Windows\System32\gpsvc.dll
03:44:37.0273 3040 gpsvc - ok
03:44:37.0295 3040 [ 1e6438d4ea6e1174a3b3b1edc4de660b ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
03:44:37.0296 3040 hamachi - ok
03:44:37.0357 3040 [ 21d24138b736983f6e23823e092e9428 ] Hamachi2Svc C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
03:44:37.0383 3040 Hamachi2Svc - ok
03:44:37.0390 3040 [ f2523ef6460fc42405b12248338ab2f0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
03:44:37.0391 3040 hcw85cir - ok
03:44:37.0418 3040 [ 975761c778e33cd22498059b91e7373a ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
03:44:37.0421 3040 HdAudAddService - ok
03:44:37.0444 3040 [ 97bfed39b6b79eb12cddbfeed51f56bb ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
03:44:37.0446 3040 HDAudBus - ok
03:44:37.0458 3040 [ 78e86380454a7b10a5eb255dc44a355f ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
03:44:37.0460 3040 HidBatt - ok
03:44:37.0467 3040 [ 7fd2a313f7afe5c4dab14798c48dd104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
03:44:37.0469 3040 HidBth - ok
03:44:37.0477 3040 [ 0a77d29f311b88cfae3b13f9c1a73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
03:44:37.0478 3040 HidIr - ok
03:44:37.0488 3040 [ bd9eb3958f213f96b97b1d897dee006d ] hidserv C:\Windows\system32\hidserv.dll
03:44:37.0489 3040 hidserv - ok
03:44:37.0509 3040 [ 9592090a7e2b61cd582b612b6df70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
03:44:37.0511 3040 HidUsb - ok
03:44:37.0523 3040 [ 387e72e739e15e3d37907a86d9ff98e2 ] hkmsvc C:\Windows\system32\kmsvc.dll
03:44:37.0525 3040 hkmsvc - ok
03:44:37.0535 3040 [ efdfb3dd38a4376f93e7985173813abd ] HomeGroupListener C:\Windows\system32\ListSvc.dll
03:44:37.0537 3040 HomeGroupListener - ok
03:44:37.0552 3040 [ 908acb1f594274965a53926b10c81e89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
03:44:37.0554 3040 HomeGroupProvider - ok
03:44:37.0562 3040 [ 39d2abcd392f3d8a6dce7b60ae7b8efc ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
03:44:37.0563 3040 HpSAMD - ok
03:44:37.0581 3040 [ 0ea7de1acb728dd5a369fd742d6eee28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
03:44:37.0587 3040 HTTP - ok
03:44:37.0598 3040 [ a5462bd6884960c9dc85ed49d34ff392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
03:44:37.0600 3040 hwpolicy - ok
03:44:37.0625 3040 [ fa55c73d4affa7ee23ac4be53b4592d3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
03:44:37.0627 3040 i8042prt - ok
03:44:37.0663 3040 [ aaaf44db3bd0b9d1fb6969b23ecc8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
03:44:37.0666 3040 iaStorV - ok
03:44:37.0728 3040 [ 5988fc40f8db5b0739cd1e3a5d0d78bd ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
03:44:37.0734 3040 idsvc - ok
03:44:37.0863 3040 [ 371d7f91c0d2314eb984a4a6cbeabc92 ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
03:44:38.0003 3040 igfx - ok
03:44:38.0055 3040 [ 5c18831c61933628f5bb0ea2675b9d21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
03:44:38.0075 3040 iirsp - ok
03:44:38.0154 3040 [ fcd84c381e0140af901e58d48882d26b ] IKEEXT C:\Windows\System32\ikeext.dll
03:44:38.0157 3040 IKEEXT - ok
03:44:38.0195 3040 [ f34322b229c05b88e768508431e0894e ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
03:44:38.0229 3040 IntcAzAudAddService - ok
03:44:38.0242 3040 [ 6c9fffeca9fed31347d211c5d1ffbd2d ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
03:44:38.0245 3040 IntcDAud - ok
03:44:38.0289 3040 [ 832ce330dd987227b7dea8c03f22aefa ] Intel(R) Capability Licensing Service Interface C:\Program Files\Intel\iCLS Client\HeciServer.exe
03:44:38.0294 3040 Intel(R) Capability Licensing Service Interface - ok
03:44:38.0299 3040 [ f00f20e70c6ec3aa366910083a0518aa ] intelide C:\Windows\system32\drivers\intelide.sys
03:44:38.0300 3040 intelide - ok
03:44:38.0314 3040 [ ada036632c664caa754079041cf1f8c1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
03:44:38.0315 3040 intelppm - ok
03:44:38.0330 3040 [ 098a91c54546a3b878dad6a7e90a455b ] IPBusEnum C:\Windows\system32\ipbusenum.dll
03:44:38.0331 3040 IPBusEnum - ok
03:44:38.0333 3040 [ c9f0e1bd74365a8771590e9008d22ab6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
03:44:38.0334 3040 IpFilterDriver - ok
03:44:38.0349 3040 [ a34a587fffd45fa649fba6d03784d257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
03:44:38.0354 3040 iphlpsvc - ok
03:44:38.0356 3040 [ 0fc1aea580957aa8817b8f305d18ca3a ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
03:44:38.0357 3040 IPMIDRV - ok
03:44:38.0359 3040 [ af9b39a7e7b6caa203b3862582e9f2d0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
03:44:38.0361 3040 IPNAT - ok
03:44:38.0416 3040 [ a9ab99ee7d39725eafec82732d2b3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
03:44:38.0423 3040 iPod Service - ok
03:44:38.0443 3040 [ 3abf5e7213eb28966d55d58b515d5ce9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
03:44:38.0444 3040 IRENUM - ok
03:44:38.0445 3040 [ 2f7b28dc3e1183e5eb418df55c204f38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
03:44:38.0446 3040 isapnp - ok
03:44:38.0455 3040 [ d931d7309deb2317035b07c9f9e6b0bd ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
03:44:38.0457 3040 iScsiPrt - ok
03:44:38.0502 3040 [ 16fb3c63287dc1e0061101012844f26f ] jhi_service C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
03:44:38.0504 3040 jhi_service - ok
03:44:38.0532 3040 [ bc02336f1cba7dcc7d1213bb588a68a5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
03:44:38.0534 3040 kbdclass - ok
03:44:38.0554 3040 [ 0705eff5b42a9db58548eec3b26bb484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
03:44:38.0555 3040 kbdhid - ok
03:44:38.0560 3040 [ c118a82cd78818c29ab228366ebf81c3 ] KeyIso C:\Windows\system32\lsass.exe
03:44:38.0561 3040 KeyIso - ok
03:44:38.0583 3040 [ 97a7070aea4c058b6418519e869a63b4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
03:44:38.0584 3040 KSecDD - ok
03:44:38.0596 3040 [ 26c43a7c2862447ec59deda188d1da07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
03:44:38.0598 3040 KSecPkg - ok
03:44:38.0608 3040 [ 6869281e78cb31a43e969f06b57347c4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
03:44:38.0609 3040 ksthunk - ok
03:44:38.0626 3040 [ 6ab66e16aa859232f64deb66887a8c9c ] KtmRm C:\Windows\system32\msdtckrm.dll
03:44:38.0630 3040 KtmRm - ok
03:44:38.0657 3040 [ d9f42719019740baa6d1c6d536cbdaa6 ] LanmanServer C:\Windows\system32\srvsvc.dll
03:44:38.0659 3040 LanmanServer - ok
03:44:38.0679 3040 [ 851a1382eed3e3a7476db004f4ee3e1a ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
03:44:38.0681 3040 LanmanWorkstation - ok
03:44:38.0699 3040 [ 1538831cf8ad2979a04c423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
03:44:38.0700 3040 lltdio - ok
03:44:38.0716 3040 [ c1185803384ab3feed115f79f109427f ] lltdsvc C:\Windows\System32\lltdsvc.dll
03:44:38.0718 3040 lltdsvc - ok
03:44:38.0723 3040 [ f993a32249b66c9d622ea5592a8b76b8 ] lmhosts C:\Windows\System32\lmhsvc.dll
03:44:38.0724 3040 lmhosts - ok
03:44:38.0782 3040 [ 8d7e37cde7393d59c46a3a61d30c6228 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
03:44:38.0784 3040 LMS - ok
03:44:38.0799 3040 [ 1a93e54eb0ece102495a51266dcdb6a6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
03:44:38.0801 3040 LSI_FC - ok
03:44:38.0817 3040 [ 1047184a9fdc8bdbff857175875ee810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
03:44:38.0819 3040 LSI_SAS - ok
03:44:38.0827 3040 [ 30f5c0de1ee8b5bc9306c1f0e4a75f93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
03:44:38.0828 3040 LSI_SAS2 - ok
03:44:38.0844 3040 [ 0504eacaff0d3c8aed161c4b0d369d4a ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
03:44:38.0846 3040 LSI_SCSI - ok
03:44:38.0859 3040 [ 43d0f98e1d56ccddb0d5254cff7b356e ] luafv C:\Windows\system32\drivers\luafv.sys
03:44:38.0861 3040 luafv - ok
03:44:38.0869 3040 [ e5ecf40e5fd459141e5f6685ffd51804 ] Lycosa C:\Windows\system32\drivers\Lycosa.sys
03:44:38.0871 3040 Lycosa - ok
03:44:38.0912 3040 [ dc8490812a3b72811ae534f423b4c206 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
03:44:38.0913 3040 MBAMProtector - ok
03:44:38.0992 3040 [ 43683e970f008c93c9429ef428147a54 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
03:44:38.0997 3040 MBAMService - ok
03:44:39.0048 3040 [ 9504f1dda1b67fb8d526fd4f8cc882f3 ] McAWFwk c:\PROGRA~1\mcafee\msc\mcawfwk.exe
03:44:39.0050 3040 McAWFwk - ok
03:44:39.0085 3040 [ acb01bf1a905356ab7f978c7fe852209 ] McMPFSvc C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
03:44:39.0087 3040 McMPFSvc - ok
03:44:39.0094 3040 [ acb01bf1a905356ab7f978c7fe852209 ] mcmscsvc C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
03:44:39.0095 3040 mcmscsvc - ok
03:44:39.0101 3040 [ acb01bf1a905356ab7f978c7fe852209 ] McNaiAnn C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
03:44:39.0102 3040 McNaiAnn - ok
03:44:39.0109 3040 [ acb01bf1a905356ab7f978c7fe852209 ] McNASvc C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
03:44:39.0110 3040 McNASvc - ok
03:44:39.0155 3040 [ dd2321925274f2902929d76ce2b0eb45 ] McODS C:\Program Files\mcafee\VirusScan\mcods.exe
03:44:39.0159 3040 McODS - ok
03:44:39.0163 3040 [ acb01bf1a905356ab7f978c7fe852209 ] McOobeSv C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
03:44:39.0164 3040 McOobeSv - ok
03:44:39.0171 3040 [ acb01bf1a905356ab7f978c7fe852209 ] McProxy C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
03:44:39.0172 3040 McProxy - ok
03:44:39.0192 3040 [ 597c77235621e7ddd32a68574fde6464 ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
03:44:39.0193 3040 McShield - ok
03:44:39.0205 3040 [ 0be09cd858abf9df6ed259d57a1a1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
03:44:39.0207 3040 Mcx2Svc - ok
03:44:39.0212 3040 [ a55805f747c6edb6a9080d7c633bd0f4 ] megasas C:\Windows\system32\drivers\megasas.sys
03:44:39.0213 3040 megasas - ok
03:44:39.0224 3040 [ baf74ce0072480c3b6b7c13b2a94d6b3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
03:44:39.0227 3040 MegaSR - ok
03:44:39.0250 3040 [ 6b01b7414a105b9e51652089a03027cf ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
03:44:39.0251 3040 MEIx64 - ok
03:44:39.0284 3040 [ 01884cb7655c8908b43ff5e364fe6fd2 ] mfeapfk C:\Windows\system32\drivers\mfeapfk.sys
03:44:39.0286 3040 mfeapfk - ok
03:44:39.0325 3040 [ dab9a9cdfb04e4d68924492aa043019d ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys
03:44:39.0327 3040 mfeavfk - ok
03:44:39.0352 3040 mfeavfk01 - ok
03:44:39.0364 3040 [ 134bb16f93a07c2c89b0b9c399382bdb ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
03:44:39.0366 3040 mfefire - ok
03:44:39.0385 3040 [ ce9a3680675c0907ade16404ca967b49 ] mfefirek C:\Windows\system32\drivers\mfefirek.sys
03:44:39.0389 3040 mfefirek - ok
03:44:39.0427 3040 [ 60cf67458dd29cd17e77f2327b1a9a54 ] mfehidk C:\Windows\system32\drivers\mfehidk.sys
03:44:39.0432 3040 mfehidk - ok
03:44:39.0451 3040 [ a8129cfb919347f8533c934b365e9202 ] mfenlfk C:\Windows\system32\DRIVERS\mfenlfk.sys
03:44:39.0452 3040 mfenlfk - ok
03:44:39.0473 3040 [ 5041fa2bd2b3a2693b015771bfbf6dca ] mferkdet C:\Windows\system32\drivers\mferkdet.sys
03:44:39.0475 3040 mferkdet - ok
03:44:39.0491 3040 [ 4d0ecd05abb518ea323f651f4ab8458f ] mfevtp C:\Windows\system32\mfevtps.exe
03:44:39.0493 3040 mfevtp - ok
03:44:39.0505 3040 [ 919c56db14a0e1e2ab6da5d2821dc26e ] mfewfpk C:\Windows\system32\drivers\mfewfpk.sys
03:44:39.0507 3040 mfewfpk - ok
03:44:39.0525 3040 [ e40e80d0304a73e8d269f7141d77250b ] MMCSS C:\Windows\system32\mmcss.dll
03:44:39.0526 3040 MMCSS - ok
03:44:39.0528 3040 [ 800ba92f7010378b09f9ed9270f07137 ] Modem C:\Windows\system32\drivers\modem.sys
03:44:39.0529 3040 Modem - ok
03:44:39.0541 3040 [ b03d591dc7da45ece20b3b467e6aadaa ] monitor C:\Windows\system32\DRIVERS\monitor.sys
03:44:39.0542 3040 monitor - ok
03:44:39.0555 3040 [ 7d27ea49f3c1f687d357e77a470aea99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
03:44:39.0556 3040 mouclass - ok
03:44:39.0584 3040 [ d3bf052c40b0c4166d9fd86a4288c1e6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
03:44:39.0589 3040 mouhid - ok
03:44:39.0600 3040 [ 32e7a3d591d671a6df2db515a5cbe0fa ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
03:44:39.0602 3040 mountmgr - ok
03:44:39.0630 3040 [ 46297fa8e30a6007f14118fc2b942fbc ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
03:44:39.0632 3040 MozillaMaintenance - ok
03:44:39.0635 3040 [ a44b420d30bd56e145d6a2bc8768ec58 ] mpio C:\Windows\system32\drivers\mpio.sys
03:44:39.0637 3040 mpio - ok
03:44:39.0650 3040 [ 6c38c9e45ae0ea2fa5e551f2ed5e978f ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
03:44:39.0651 3040 mpsdrv - ok
03:44:39.0663 3040 [ 54ffc9c8898113ace189d4aa7199d2c1 ] MpsSvc C:\Windows\system32\mpssvc.dll
03:44:39.0667 3040 MpsSvc - ok
03:44:39.0679 3040 [ dc722758b8261e1abafd31a3c0a66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
03:44:39.0680 3040 MRxDAV - ok
03:44:39.0699 3040 [ a5d9106a73dc88564c825d317cac68ac ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
03:44:39.0699 3040 mrxsmb - ok
03:44:39.0712 3040 [ d711b3c1d5f42c0c2415687be09fc163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
03:44:39.0713 3040 mrxsmb10 - ok
03:44:39.0718 3040 [ 9423e9d355c8d303e76b8cfbd8a5c30c ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
03:44:39.0719 3040 mrxsmb20 - ok
03:44:39.0736 3040 [ c25f0bafa182cbca2dd3c851c2e75796 ] msahci C:\Windows\system32\drivers\msahci.sys
03:44:39.0737 3040 msahci - ok
03:44:39.0743 3040 [ db801a638d011b9633829eb6f663c900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
03:44:39.0744 3040 msdsm - ok
03:44:39.0757 3040 [ de0ece52236cfa3ed2dbfc03f28253a8 ] MSDTC C:\Windows\System32\msdtc.exe
03:44:39.0759 3040 MSDTC - ok
03:44:39.0763 3040 [ aa3fb40e17ce1388fa1bedab50ea8f96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
03:44:39.0763 3040 Msfs - ok
03:44:39.0775 3040 [ f9d215a46a8b9753f61767fa72a20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
03:44:39.0776 3040 mshidkmdf - ok
03:44:39.0789 3040 [ d916874bbd4f8b07bfb7fa9b3ccae29d ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
03:44:39.0790 3040 msisadrv - ok
03:44:39.0813 3040 [ 808e98ff49b155c522e6400953177b08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
03:44:39.0815 3040 MSiSCSI - ok
03:44:39.0817 3040 msiserver - ok
03:44:39.0838 3040 [ 583e83d46ccedb47476ac0db6114136a ] MSI_ODD_Service c:\Program Files (x86)\msi\ODD Monitor\ODD_Monitor.exe
03:44:39.0839 3040 MSI_ODD_Service - ok
03:44:39.0852 3040 [ acb01bf1a905356ab7f978c7fe852209 ] MSK80Service C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
03:44:39.0853 3040 MSK80Service - ok
03:44:39.0865 3040 [ 49ccf2c4fea34ffad8b1b59d49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
03:44:39.0865 3040 MSKSSRV - ok
03:44:39.0867 3040 [ bdd71ace35a232104ddd349ee70e1ab3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
03:44:39.0868 3040 MSPCLOCK - ok
03:44:39.0869 3040 [ 4ed981241db27c3383d72092b618a1d0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
03:44:39.0870 3040 MSPQM - ok
03:44:39.0889 3040 [ 759a9eeb0fa9ed79da1fb7d4ef78866d ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
03:44:39.0891 3040 MsRPC - ok
03:44:39.0898 3040 [ 0eed230e37515a0eaee3c2e1bc97b288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
03:44:39.0899 3040 mssmbios - ok
03:44:39.0908 3040 [ 2e66f9ecb30b4221a318c92ac2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
03:44:39.0910 3040 MSTEE - ok
03:44:39.0911 3040 [ 7ea404308934e675bffde8edf0757bcd ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
03:44:39.0912 3040 MTConfig - ok
03:44:39.0917 3040 [ f9a18612fd3526fe473c1bda678d61c8 ] Mup C:\Windows\system32\Drivers\mup.sys
03:44:39.0918 3040 Mup - ok
03:44:39.0935 3040 [ 582ac6d9873e31dfa28a4547270862dd ] napagent C:\Windows\system32\qagentRT.dll
03:44:39.0939 3040 napagent - ok
03:44:39.0956 3040 [ 1ea3749c4114db3e3161156ffffa6b33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
03:44:39.0959 3040 NativeWifiP - ok
03:44:40.0069 3040 [ 9d1cce440552500ded3a62f9d779cdb4 ] NAUpdate C:\Program Files (x86)\Nero\Update\NASvc.exe
03:44:40.0073 3040 NAUpdate - ok
03:44:40.0111 3040 [ c38b8ae57f78915905064a9a24dc1586 ] NDIS C:\Windows\system32\drivers\ndis.sys
03:44:40.0114 3040 NDIS - ok
03:44:40.0127 3040 [ 9f9a1f53aad7da4d6fef5bb73ab811ac ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
03:44:40.0128 3040 NdisCap - ok
03:44:40.0133 3040 [ 30639c932d9fef22b31268fe25a1b6e5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
03:44:40.0133 3040 NdisTapi - ok
03:44:40.0150 3040 [ 136185f9fb2cc61e573e676aa5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
03:44:40.0151 3040 Ndisuio - ok
03:44:40.0199 3040 [ 53f7305169863f0a2bddc49e116c2e11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
03:44:40.0200 3040 NdisWan - ok
03:44:40.0207 3040 [ 015c0d8e0e0421b4cfd48cffe2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
03:44:40.0208 3040 NDProxy - ok
03:44:40.0226 3040 [ 86743d9f5d2b1048062b14b1d84501c4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
03:44:40.0227 3040 NetBIOS - ok
03:44:40.0233 3040 [ 09594d1089c523423b32a4229263f068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
03:44:40.0234 3040 NetBT - ok
03:44:40.0244 3040 [ c118a82cd78818c29ab228366ebf81c3 ] Netlogon C:\Windows\system32\lsass.exe
03:44:40.0244 3040 Netlogon - ok
03:44:40.0279 3040 [ 847d3ae376c0817161a14a82c8922a9e ] Netman C:\Windows\System32\netman.dll
03:44:40.0281 3040 Netman - ok
03:44:40.0321 3040 [ d22cd77d4f0d63d1169bb35911bff12d ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
03:44:40.0322 3040 NetMsmqActivator - ok
03:44:40.0325 3040 [ d22cd77d4f0d63d1169bb35911bff12d ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
03:44:40.0325 3040 NetPipeActivator - ok
03:44:40.0331 3040 [ 5f28111c648f1e24f7dbc87cdeb091b8 ] netprofm C:\Windows\System32\netprofm.dll
03:44:40.0333 3040 netprofm - ok
03:44:40.0335 3040 [ d22cd77d4f0d63d1169bb35911bff12d ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
03:44:40.0336 3040 NetTcpActivator - ok
03:44:40.0338 3040 [ d22cd77d4f0d63d1169bb35911bff12d ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
03:44:40.0338 3040 NetTcpPortSharing - ok
03:44:40.0346 3040 [ 77889813be4d166cdab78ddba990da92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
03:44:40.0347 3040 nfrd960 - ok
03:44:40.0366 3040 [ 1ee99a89cc788ada662441d1e9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
03:44:40.0367 3040 NlaSvc - ok
03:44:40.0379 3040 [ 1e4c4ab5c9b8dd13179bbdc75a2a01f7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
03:44:40.0379 3040 Npfs - ok
03:44:40.0384 3040 [ d54bfdf3e0c953f823b3d0bfe4732528 ] nsi C:\Windows\system32\nsisvc.dll
03:44:40.0385 3040 nsi - ok
03:44:40.0393 3040 [ e7f5ae18af4168178a642a9247c63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
03:44:40.0393 3040 nsiproxy - ok
03:44:40.0421 3040 [ a2f74975097f52a00745f9637451fdd8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
03:44:40.0426 3040 Ntfs - ok
03:44:40.0442 3040 [ 3f39f013168428c8e505a7b9e6cba8a2 ] NTIOLib_X64 C:\Program Files (x86)\msi\ODD Monitor\NTIOLib_X64.sys
03:44:40.0443 3040 NTIOLib_X64 - ok
03:44:40.0454 3040 [ 9899284589f75fa8724ff3d16aed75c1 ] Null C:\Windows\system32\drivers\Null.sys
03:44:40.0455 3040 Null - ok
03:44:40.0485 3040 [ 10204955027011e08a9dc27737a48a54 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
03:44:40.0487 3040 NVHDA - ok
03:44:40.0618 3040 [ d877fd69e520de8cf2ba831bf76506e9 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
03:44:40.0728 3040 nvlddmkm - ok
03:44:40.0762 3040 [ ecaf81ac8637f9bcbfcb6658a31e1109 ] nvpciflt C:\Windows\system32\DRIVERS\nvpciflt.sys
03:44:40.0763 3040 nvpciflt - ok
03:44:40.0777 3040 [ 0a92cb65770442ed0dc44834632f66ad ] nvraid C:\Windows\system32\drivers\nvraid.sys
03:44:40.0778 3040 nvraid - ok
03:44:40.0781 3040 [ dab0e87525c10052bf65f06152f37e4a ] nvstor C:\Windows\system32\drivers\nvstor.sys
03:44:40.0783 3040 nvstor - ok
03:44:40.0805 3040 [ fcb83807e4954e13924f1dc31eb4ab11 ] NvStUSB C:\Windows\system32\drivers\nvstusb.sys
03:44:40.0809 3040 NvStUSB - ok
03:44:40.0834 3040 [ 8d1d42215100566824d2693d7ff4866d ] nvsvc C:\Windows\system32\nvvsvc.exe
03:44:40.0851 3040 nvsvc - ok
03:44:40.0902 3040 [ 496bd042f418e2b98a1947f5800e32f0 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
03:44:40.0928 3040 nvUpdatusService - ok
03:44:40.0931 3040 [ 270d7cd42d6e3979f6dd0146650f0e05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
03:44:40.0932 3040 nv_agp - ok
03:44:40.0945 3040 [ 3589478e4b22ce21b41fa1bfc0b8b8a0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
03:44:40.0947 3040 ohci1394 - ok
03:44:40.0984 3040 [ 9d10f99a6712e28f8acd5641e3a7ea6b ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
03:44:40.0986 3040 ose - ok
03:44:41.0080 3040 [ 61bffb5f57ad12f83ab64b7181829b34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
03:44:41.0131 3040 osppsvc - ok
03:44:41.0140 3040 [ 3eac4455472cc2c97107b5291e0dcafe ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
03:44:41.0142 3040 p2pimsvc - ok
03:44:41.0156 3040 [ 927463ecb02179f88e4b9a17568c63c3 ] p2psvc C:\Windows\system32\p2psvc.dll
03:44:41.0158 3040 p2psvc - ok
03:44:41.0171 3040 [ 0086431c29c35be1dbc43f52cc273887 ] Parport C:\Windows\system32\drivers\parport.sys
03:44:41.0173 3040 Parport - ok
03:44:41.0186 3040 [ e9766131eeade40a27dc27d2d68fba9c ] partmgr C:\Windows\system32\drivers\partmgr.sys
03:44:41.0186 3040 partmgr - ok
03:44:41.0195 3040 [ 3aeaa8b561e63452c655dc0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
03:44:41.0197 3040 PcaSvc - ok
03:44:41.0218 3040 [ 94575c0571d1462a0f70bde6bd6ee6b3 ] pci C:\Windows\system32\drivers\pci.sys
03:44:41.0220 3040 pci - ok
03:44:41.0231 3040 [ b5b8b5ef2e5cb34df8dcf8831e3534fa ] pciide C:\Windows\system32\drivers\pciide.sys
03:44:41.0232 3040 pciide - ok
03:44:41.0245 3040 [ b2e81d4e87ce48589f98cb8c05b01f2f ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
03:44:41.0247 3040 pcmcia - ok
03:44:41.0260 3040 [ d6b9c2e1a11a3a4b26a182ffef18f603 ] pcw C:\Windows\system32\drivers\pcw.sys
03:44:41.0260 3040 pcw - ok
03:44:41.0267 3040 [ 68769c3356b3be5d1c732c97b9a80d6e ] PEAUTH C:\Windows\system32\drivers\peauth.sys
03:44:41.0269 3040 PEAUTH - ok
03:44:42.0634 3040 [ e495e408c93141e8fc72dc0c6046ddfa ] PerfHost C:\Windows\SysWow64\perfhost.exe
03:44:42.0635 3040 PerfHost - ok
03:44:42.0670 3040 [ c7cf6a6e137463219e1259e3f0f0dd6c ] pla C:\Windows\system32\pla.dll
03:44:42.0675 3040 pla - ok
03:44:42.0708 3040 [ 25fbdef06c4d92815b353f6e792c8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
03:44:42.0712 3040 PlugPlay - ok
03:44:42.0714 3040 PnkBstrA - ok
03:44:42.0722 3040 [ 7195581cec9bb7d12abe54036acc2e38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
03:44:42.0722 3040 PNRPAutoReg - ok
03:44:42.0727 3040 [ 3eac4455472cc2c97107b5291e0dcafe ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
03:44:42.0728 3040 PNRPsvc - ok
03:44:42.0743 3040 [ 4f15d75adf6156bf56eced6d4a55c389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
03:44:42.0747 3040 PolicyAgent - ok
03:44:42.0762 3040 [ a2cca4fb273e6050f17a0a416cff2fcd ] Power C:\Windows\system32\umpo.dll
03:44:42.0763 3040 Power - ok
03:44:42.0779 3040 [ f92a2c41117a11a00be01ca01a7fcde9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
03:44:42.0780 3040 PptpMiniport - ok
03:44:42.0782 3040 [ 0d922e23c041efb1c3fac2a6f943c9bf ] Processor C:\Windows\system32\drivers\processr.sys
03:44:42.0783 3040 Processor - ok
03:44:42.0802 3040 [ 53e83f1f6cf9d62f32801cf66d8352a8 ] ProfSvc C:\Windows\system32\profsvc.dll
03:44:42.0804 3040 ProfSvc - ok
03:44:42.0811 3040 [ c118a82cd78818c29ab228366ebf81c3 ] ProtectedStorage C:\Windows\system32\lsass.exe
03:44:42.0812 3040 ProtectedStorage - ok
03:44:42.0827 3040 [ 0557cf5a2556bd58e26384169d72438d ] Psched C:\Windows\system32\DRIVERS\pacer.sys
03:44:42.0828 3040 Psched - ok
03:44:42.0852 3040 [ a53a15a11ebfd21077463ee2c7afeef0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
03:44:42.0869 3040 ql2300 - ok
03:44:42.0872 3040 [ 4f6d12b51de1aaeff7dc58c4d75423c8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
03:44:42.0873 3040 ql40xx - ok
03:44:42.0888 3040 [ 906191634e99aea92c4816150bda3732 ] QWAVE C:\Windows\system32\qwave.dll
03:44:42.0889 3040 QWAVE - ok
03:44:42.0896 3040 [ 76707bb36430888d9ce9d705398adb6c ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
03:44:42.0897 3040 QWAVEdrv - ok
03:44:42.0899 3040 [ 5a0da8ad5762fa2d91678a8a01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
03:44:42.0899 3040 RasAcd - ok
03:44:42.0925 3040 [ 7ecff9b22276b73f43a99a15a6094e90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
03:44:42.0925 3040 RasAgileVpn - ok
03:44:42.0938 3040 [ 8f26510c5383b8dbe976de1cd00fc8c7 ] RasAuto C:\Windows\System32\rasauto.dll
03:44:42.0939 3040 RasAuto - ok

 

[ricky splinter]

03:44:42.0956 3040 [ 471815800ae33e6f1c32fb1b97c490ca ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
03:44:42.0956 3040 Rasl2tp - ok
03:44:42.0971 3040 [ ee867a0870fc9e4972ba9eaad35651e2 ] RasMan C:\Windows\System32\rasmans.dll
03:44:42.0973 3040 RasMan - ok
03:44:42.0989 3040 [ 855c9b1cd4756c5e9a2aa58a15f58c25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
03:44:42.0990 3040 RasPppoe - ok
03:44:43.0003 3040 [ e8b1e447b008d07ff47d016c2b0eeecb ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
03:44:43.0003 3040 RasSstp - ok
03:44:43.0010 3040 [ 77f665941019a1594d887a74f301fa2f ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
03:44:43.0011 3040 rdbss - ok
03:44:43.0023 3040 [ 302da2a0539f2cf54d7c6cc30c1f2d8d ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
03:44:43.0025 3040 rdpbus - ok
03:44:43.0037 3040 [ cea6cc257fc9b7715f1c2b4849286d24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
03:44:43.0037 3040 RDPCDD - ok
03:44:43.0053 3040 [ bb5971a4f00659529a5c44831af22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
03:44:43.0054 3040 RDPENCDD - ok
03:44:43.0059 3040 [ 216f3fa57533d98e1f74ded70113177a ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
03:44:43.0060 3040 RDPREFMP - ok
03:44:43.0081 3040 [ e61608aa35e98999af9aaeeea6114b0a ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
03:44:43.0082 3040 RDPWD - ok
03:44:43.0104 3040 [ 34ed295fa0121c241bfef24764fc4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
03:44:43.0105 3040 rdyboost - ok
03:44:43.0119 3040 [ 254fb7a22d74e5511c73a3f6d802f192 ] RemoteAccess C:\Windows\System32\mprdim.dll
03:44:43.0120 3040 RemoteAccess - ok
03:44:43.0129 3040 [ e4d94f24081440b5fc5aa556c7c62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
03:44:43.0130 3040 RemoteRegistry - ok
03:44:43.0141 3040 [ e4dc58cf7b3ea515ae917ff0d402a7bb ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
03:44:43.0142 3040 RpcEptMapper - ok
03:44:43.0148 3040 [ d5ba242d4cf8e384db90e6a8ed850b8c ] RpcLocator C:\Windows\system32\locator.exe
03:44:43.0149 3040 RpcLocator - ok
03:44:43.0202 3040 [ 5c627d1b1138676c0a7ab2c2c190d123 ] RpcSs C:\Windows\system32\rpcss.dll
03:44:43.0205 3040 RpcSs - ok
03:44:43.0221 3040 [ ddc86e4f8e7456261e637e3552e804ff ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
03:44:43.0221 3040 rspndr - ok
03:44:43.0251 3040 [ ee082e06a82ff630351d1e0ebbd3d8d0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
03:44:43.0255 3040 RTL8167 - ok
03:44:43.0277 3040 [ cab06ca598638e0457e1dcf8ca824ec2 ] rusb3hub C:\Windows\system32\DRIVERS\rusb3hub.sys
03:44:43.0278 3040 rusb3hub - ok
03:44:43.0290 3040 [ f47e2920f2a8c34562aae24b73800c5c ] rusb3xhc C:\Windows\system32\DRIVERS\rusb3xhc.sys
03:44:43.0292 3040 rusb3xhc - ok
03:44:43.0294 3040 [ c118a82cd78818c29ab228366ebf81c3 ] SamSs C:\Windows\system32\lsass.exe
03:44:43.0295 3040 SamSs - ok
03:44:43.0304 3040 [ ac03af3329579fffb455aa2daabbe22b ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
03:44:43.0306 3040 sbp2port - ok
03:44:43.0319 3040 [ 9b7395789e3791a3b6d000fe6f8b131e ] SCardSvr C:\Windows\System32\SCardSvr.dll
03:44:43.0321 3040 SCardSvr - ok
03:44:43.0327 3040 [ 253f38d0d7074c02ff8deb9836c97d2b ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
03:44:43.0328 3040 scfilter - ok
03:44:43.0348 3040 [ 262f6592c3299c005fd6bec90fc4463a ] Schedule C:\Windows\system32\schedsvc.dll
03:44:43.0352 3040 Schedule - ok
03:44:43.0376 3040 [ f17d1d393bbc69c5322fbfafaca28c7f ] SCPolicySvc C:\Windows\System32\certprop.dll
03:44:43.0376 3040 SCPolicySvc - ok
03:44:43.0383 3040 [ 6ea4234dc55346e0709560fe7c2c1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
03:44:43.0385 3040 SDRSVC - ok
03:44:43.0398 3040 [ 3ea8a16169c26afbeb544e0e48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
03:44:43.0399 3040 secdrv - ok
03:44:43.0406 3040 [ bc617a4e1b4fa8df523a061739a0bd87 ] seclogon C:\Windows\system32\seclogon.dll
03:44:43.0407 3040 seclogon - ok
03:44:43.0418 3040 [ c32ab8fa018ef34c0f113bd501436d21 ] SENS C:\Windows\System32\sens.dll
03:44:43.0419 3040 SENS - ok
03:44:43.0432 3040 [ 0336cffafaab87a11541f1cf1594b2b2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
03:44:43.0434 3040 SensrSvc - ok
03:44:43.0443 3040 [ cb624c0035412af0debec78c41f5ca1b ] Serenum C:\Windows\system32\drivers\serenum.sys
03:44:43.0443 3040 Serenum - ok
03:44:43.0457 3040 [ c1d8e28b2c2adfaec4ba89e9fda69bd6 ] Serial C:\Windows\system32\drivers\serial.sys
03:44:43.0459 3040 Serial - ok
03:44:43.0461 3040 [ 1c545a7d0691cc4a027396535691c3e3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
03:44:43.0462 3040 sermouse - ok
03:44:43.0477 3040 [ 0b6231bf38174a1628c4ac812cc75804 ] SessionEnv C:\Windows\system32\sessenv.dll
03:44:43.0478 3040 SessionEnv - ok
03:44:43.0480 3040 [ a554811bcd09279536440c964ae35bbf ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
03:44:43.0480 3040 sffdisk - ok
03:44:43.0482 3040 [ ff414f0baefeba59bc6c04b3db0b87bf ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
03:44:43.0483 3040 sffp_mmc - ok
03:44:43.0484 3040 [ dd85b78243a19b59f0637dcf284da63c ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
03:44:43.0485 3040 sffp_sd - ok
03:44:43.0492 3040 [ a9d601643a1647211a1ee2ec4e433ff4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
03:44:43.0493 3040 sfloppy - ok
03:44:43.0524 3040 [ 4215c271d6e6898c3f4dabab4f387dc9 ] SftService C:\Program Files (x86)\AlienRespawn\sftservice.EXE
03:44:43.0541 3040 SftService - ok
03:44:43.0556 3040 [ b95f6501a2f8b2e78c697fec401970ce ] SharedAccess C:\Windows\System32\ipnathlp.dll
03:44:43.0558 3040 SharedAccess - ok
03:44:43.0573 3040 [ aaf932b4011d14052955d4b212a4da8d ] ShellHWDetection C:\Windows\System32\shsvcs.dll
03:44:43.0575 3040 ShellHWDetection - ok
03:44:43.0578 3040 [ 843caf1e5fde1ffd5ff768f23a51e2e1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
03:44:43.0578 3040 SiSRaid2 - ok
03:44:43.0585 3040 [ 6a6c106d42e9ffff8b9fcb4f754f6da4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
03:44:43.0586 3040 SiSRaid4 - ok
03:44:43.0606 3040 [ f07af60b152221472fbdb2fecec4896d ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
03:44:43.0607 3040 SkypeUpdate - ok
03:44:43.0627 3040 [ 548260a7b8654e024dc30bf8a7c5baa4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
03:44:43.0628 3040 Smb - ok
03:44:43.0642 3040 [ 6313f223e817cc09aa41811daa7f541d ] SNMPTRAP C:\Windows\System32\snmptrap.exe
03:44:43.0643 3040 SNMPTRAP - ok
03:44:43.0655 3040 [ b9e31e5cacdfe584f34f730a677803f9 ] spldr C:\Windows\system32\drivers\spldr.sys
03:44:43.0656 3040 spldr - ok
03:44:43.0675 3040 [ 85daa09a98c9286d4ea2ba8d0e644377 ] Spooler C:\Windows\System32\spoolsv.exe
03:44:43.0678 3040 Spooler - ok
03:44:43.0723 3040 [ e17e0188bb90fae42d83e98707efa59c ] sppsvc C:\Windows\system32\sppsvc.exe
03:44:43.0734 3040 sppsvc - ok
03:44:43.0741 3040 [ 93d7d61317f3d4bc4f4e9f8a96a7de45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
03:44:43.0742 3040 sppuinotify - ok
03:44:43.0757 3040 [ 441fba48bff01fdb9d5969ebc1838f0b ] srv C:\Windows\system32\DRIVERS\srv.sys
03:44:43.0758 3040 srv - ok
03:44:43.0772 3040 [ b4adebbf5e3677cce9651e0f01f7cc28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
03:44:43.0774 3040 srv2 - ok
03:44:43.0829 3040 [ 27e461f0be5bff5fc737328f749538c3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
03:44:43.0830 3040 srvnet - ok
03:44:43.0854 3040 [ 51b52fbd583cde8aa9ba62b8b4298f33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
03:44:43.0856 3040 SSDPSRV - ok
03:44:43.0865 3040 [ ab7aebf58dad8daab7a6c45e6a8885cb ] SstpSvc C:\Windows\system32\sstpsvc.dll
03:44:43.0866 3040 SstpSvc - ok
03:44:43.0890 3040 Steam Client Service - ok
03:44:43.0916 3040 [ 37e909075c910b37779dbe1dbe7f180b ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
03:44:43.0920 3040 Stereo Service - ok
03:44:43.0929 3040 [ f3817967ed533d08327dc73bc4d5542a ] stexstor C:\Windows\system32\drivers\stexstor.sys
03:44:43.0930 3040 stexstor - ok
03:44:43.0957 3040 [ 8dd52e8e6128f4b2da92ce27402871c1 ] stisvc C:\Windows\System32\wiaservc.dll
03:44:43.0960 3040 stisvc - ok
03:44:43.0969 3040 [ d01ec09b6711a5f8e7e6564a4d0fbc90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
03:44:43.0970 3040 swenum - ok
03:44:43.0981 3040 [ e08e46fdd841b7184194011ca1955a0b ] swprv C:\Windows\System32\swprv.dll
03:44:43.0983 3040 swprv - ok
03:44:44.0007 3040 [ bf9ccc0bf39b418c8d0ae8b05cf95b7d ] SysMain C:\Windows\system32\sysmain.dll
03:44:44.0013 3040 SysMain - ok
03:44:44.0016 3040 [ e3c61fd7b7c2557e1f1b0b4cec713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
03:44:44.0017 3040 TabletInputService - ok
03:44:44.0032 3040 [ 40f0849f65d13ee87b9a9ae3c1dd6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
03:44:44.0034 3040 TapiSrv - ok
03:44:44.0044 3040 [ 1be03ac720f4d302ea01d40f588162f6 ] TBS C:\Windows\System32\tbssvc.dll
03:44:44.0045 3040 TBS - ok
03:44:44.0071 3040 [ acb82bda8f46c84f465c1afa517dc4b9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
03:44:44.0077 3040 Tcpip - ok
03:44:44.0112 3040 [ acb82bda8f46c84f465c1afa517dc4b9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
03:44:44.0118 3040 TCPIP6 - ok
03:44:44.0125 3040 [ df687e3d8836bfb04fcc0615bf15a519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
03:44:44.0126 3040 tcpipreg - ok
03:44:44.0129 3040 [ 3371d21011695b16333a3934340c4e7c ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
03:44:44.0130 3040 TDPIPE - ok
03:44:44.0146 3040 [ 51c5eceb1cdee2468a1748be550cfbc8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
03:44:44.0146 3040 TDTCP - ok
03:44:44.0149 3040 [ ddad5a7ab24d8b65f8d724f5c20fd806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
03:44:44.0150 3040 tdx - ok
03:44:44.0152 3040 [ 561e7e1f06895d78de991e01dd0fb6e5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
03:44:44.0153 3040 TermDD - ok
03:44:44.0170 3040 [ 2e648163254233755035b46dd7b89123 ] TermService C:\Windows\System32\termsrv.dll
03:44:44.0172 3040 TermService - ok
03:44:44.0182 3040 [ f0344071948d1a1fa732231785a0664c ] Themes C:\Windows\system32\themeservice.dll
03:44:44.0183 3040 Themes - ok
03:44:44.0209 3040 [ e40e80d0304a73e8d269f7141d77250b ] THREADORDER C:\Windows\system32\mmcss.dll
03:44:44.0210 3040 THREADORDER - ok
03:44:44.0221 3040 [ 7e7afd841694f6ac397e99d75cead49d ] TrkWks C:\Windows\System32\trkwks.dll
03:44:44.0222 3040 TrkWks - ok
03:44:44.0265 3040 [ 773212b2aaa24c1e31f10246b15b276c ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
03:44:44.0266 3040 TrustedInstaller - ok
03:44:44.0280 3040 [ ce18b2cdfc837c99e5fae9ca6cba5d30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
03:44:44.0281 3040 tssecsrv - ok
03:44:44.0303 3040 [ d11c783e3ef9a3c52c0ebe83cc5000e9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
03:44:44.0303 3040 TsUsbFlt - ok
03:44:44.0305 3040 [ 9cc2ccae8a84820eaecb886d477cbcb8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
03:44:44.0306 3040 TsUsbGD - ok
03:44:44.0328 3040 [ 3566a8daafa27af944f5d705eaa64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
03:44:44.0329 3040 tunnel - ok
03:44:44.0361 3040 [ 42350e49da754d2d77362fdae3491651 ] TurboB C:\Windows\system32\DRIVERS\TurboB.sys
03:44:44.0362 3040 TurboB - ok
03:44:44.0397 3040 [ 4f4b0ab2fb69c414ccbcef7cf2e1c8d8 ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe
03:44:44.0400 3040 TurboBoost - ok
03:44:44.0402 3040 [ b4dd609bd7e282bfc683cec7eaaaad67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
03:44:44.0403 3040 uagp35 - ok
03:44:44.0418 3040 [ ff4232a1a64012baa1fd97c7b67df593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
03:44:44.0419 3040 udfs - ok
03:44:44.0427 3040 [ 3cbdec8d06b9968aba702eba076364a1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
03:44:44.0428 3040 UI0Detect - ok
03:44:44.0431 3040 [ 4bfe1bc28391222894cbf1e7d0e42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
03:44:44.0432 3040 uliagpkx - ok
03:44:44.0448 3040 [ dc54a574663a895c8763af0fa1ff7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
03:44:44.0449 3040 umbus - ok
03:44:44.0451 3040 [ b2e8e8cb557b156da5493bbddcc1474d ] UmPass C:\Windows\system32\drivers\umpass.sys
03:44:44.0452 3040 UmPass - ok
03:44:44.0506 3040 [ f8626f1d56fa417c3b4ab6114d8471d5 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
03:44:44.0509 3040 UNS - ok
03:44:44.0521 3040 [ d47ec6a8e81633dd18d2436b19baf6de ] upnphost C:\Windows\System32\upnphost.dll
03:44:44.0522 3040 upnphost - ok
03:44:44.0531 3040 [ 19ad7990c0b67e48dac5b26f99628223 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
03:44:44.0532 3040 usbccgp - ok
03:44:44.0542 3040 [ af0892a803fdda7492f595368e3b68e7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
03:44:44.0543 3040 usbcir - ok
03:44:44.0555 3040 [ c025055fe7b87701eb042095df1a2d7b ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
03:44:44.0556 3040 usbehci - ok
03:44:44.0582 3040 [ 287c6c9410b111b68b52ca298f7b8c24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
03:44:44.0585 3040 usbhub - ok
03:44:44.0600 3040 [ 9840fc418b4cbd632d3d0a667a725c31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
03:44:44.0602 3040 usbohci - ok
03:44:44.0613 3040 [ 73188f58fb384e75c4063d29413cee3d ] usbprint C:\Windows\system32\drivers\usbprint.sys
03:44:44.0615 3040 usbprint - ok
03:44:44.0625 3040 [ fed648b01349a3c8395a5169db5fb7d6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
03:44:44.0626 3040 USBSTOR - ok
03:44:44.0633 3040 [ 62069a34518bcf9c1fd9e74b3f6db7cd ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
03:44:44.0634 3040 usbuhci - ok
03:44:44.0644 3040 [ edbb23cbcf2cdf727d64ff9b51a6070e ] UxSms C:\Windows\System32\uxsms.dll
03:44:44.0646 3040 UxSms - ok
03:44:44.0653 3040 [ c118a82cd78818c29ab228366ebf81c3 ] VaultSvc C:\Windows\system32\lsass.exe
03:44:44.0654 3040 VaultSvc - ok
03:44:44.0669 3040 [ c5c876ccfc083ff3b128f933823e87bd ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
03:44:44.0670 3040 vdrvroot - ok
03:44:44.0678 3040 [ 8d6b481601d01a456e75c3210f1830be ] vds C:\Windows\System32\vds.exe
03:44:44.0681 3040 vds - ok
03:44:44.0699 3040 [ da4da3f5e02943c2dc8c6ed875de68dd ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
03:44:44.0700 3040 vga - ok
03:44:44.0707 3040 [ 53e92a310193cb3c03bea963de7d9cfc ] VgaSave C:\Windows\System32\drivers\vga.sys
03:44:44.0707 3040 VgaSave - ok
03:44:44.0710 3040 [ 2ce2df28c83aeaf30084e1b1eb253cbb ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
03:44:44.0713 3040 vhdmp - ok
03:44:44.0715 3040 [ e5689d93ffe4e5d66c0178761240dd54 ] viaide C:\Windows\system32\drivers\viaide.sys
03:44:44.0716 3040 viaide - ok
03:44:44.0718 3040 [ d2aafd421940f640b407aefaaebd91b0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
03:44:44.0719 3040 volmgr - ok
03:44:44.0742 3040 [ a255814907c89be58b79ef2f189b843b ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
03:44:44.0745 3040 volmgrx - ok
03:44:44.0754 3040 [ df8126bd41180351a093a3ad2fc8903b ] volsnap C:\Windows\system32\drivers\volsnap.sys
03:44:44.0757 3040 volsnap - ok
03:44:44.0770 3040 [ 5e2016ea6ebaca03c04feac5f330d997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
03:44:44.0772 3040 vsmraid - ok
03:44:44.0791 3040 [ b60ba0bc31b0cb414593e169f6f21cc2 ] VSS C:\Windows\system32\vssvc.exe
03:44:44.0796 3040 VSS - ok
03:44:44.0803 3040 [ 36d4720b72b5c5d9cb2b9c29e9df67a1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
03:44:44.0804 3040 vwifibus - ok
03:44:44.0806 3040 [ 6a3d66263414ff0d6fa754c646612f3f ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
03:44:44.0807 3040 vwififlt - ok
03:44:44.0822 3040 [ 1c9d80cc3849b3788048078c26486e1a ] W32Time C:\Windows\system32\w32time.dll
03:44:44.0824 3040 W32Time - ok
03:44:44.0827 3040 [ 4e9440f4f152a7b944cb1663d3935a3e ] WacomPen C:\Windows\system32\drivers\wacompen.sys
03:44:44.0827 3040 WacomPen - ok
03:44:44.0837 3040 [ 356afd78a6ed4457169241ac3965230c ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
03:44:44.0838 3040 WANARP - ok
03:44:44.0842 3040 [ 356afd78a6ed4457169241ac3965230c ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
03:44:44.0843 3040 Wanarpv6 - ok
03:44:44.0876 3040 [ 3cec96de223e49eaae3651fcf8faea6c ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
03:44:44.0894 3040 WatAdminSvc - ok
03:44:44.0917 3040 [ 78f4e7f5c56cb9716238eb57da4b6a75 ] wbengine C:\Windows\system32\wbengine.exe
03:44:44.0934 3040 wbengine - ok
03:44:44.0946 3040 [ 3aa101e8edab2db4131333f4325c76a3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
03:44:44.0947 3040 WbioSrvc - ok
03:44:44.0960 3040 [ 7368a2afd46e5a4481d1de9d14848edd ] wcncsvc C:\Windows\System32\wcncsvc.dll
03:44:44.0963 3040 wcncsvc - ok
03:44:44.0974 3040 [ 20f7441334b18cee52027661df4a6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
03:44:44.0976 3040 WcsPlugInService - ok
03:44:44.0979 3040 [ 72889e16ff12ba0f235467d6091b17dc ] Wd C:\Windows\system32\drivers\wd.sys
03:44:44.0979 3040 Wd - ok
03:44:44.0995 3040 [ 441bd2d7b4f98134c3a4f9fa570fd250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
03:44:44.0997 3040 Wdf01000 - ok
03:44:45.0008 3040 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiServiceHost C:\Windows\system32\wdi.dll
03:44:45.0010 3040 WdiServiceHost - ok
03:44:45.0012 3040 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiSystemHost C:\Windows\system32\wdi.dll
03:44:45.0013 3040 WdiSystemHost - ok
03:44:45.0024 3040 [ 3db6d04e1c64272f8b14eb8bc4616280 ] WebClient C:\Windows\System32\webclnt.dll
03:44:45.0026 3040 WebClient - ok
03:44:45.0037 3040 [ c749025a679c5103e575e3b48e092c43 ] Wecsvc C:\Windows\system32\wecsvc.dll
03:44:45.0040 3040 Wecsvc - ok
03:44:45.0052 3040 [ 7e591867422dc788b9e5bd337a669a08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
03:44:45.0055 3040 wercplsupport - ok
03:44:45.0066 3040 [ 6d137963730144698cbd10f202e9f251 ] WerSvc C:\Windows\System32\WerSvc.dll
03:44:45.0067 3040 WerSvc - ok
03:44:45.0093 3040 [ 611b23304bf067451a9fdee01fbdd725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
03:44:45.0093 3040 WfpLwf - ok
03:44:45.0115 3040 [ b14ef15bd757fa488f9c970eee9c0d35 ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
03:44:45.0117 3040 WimFltr - ok
03:44:45.0119 3040 [ 05ecaec3e4529a7153b3136ceb49f0ec ] WIMMount C:\Windows\system32\drivers\wimmount.sys
03:44:45.0119 3040 WIMMount - ok
03:44:45.0126 3040 WinDefend - ok
03:44:45.0129 3040 WinHttpAutoProxySvc - ok
03:44:45.0160 3040 [ 19b07e7e8915d701225da41cb3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
03:44:45.0161 3040 Winmgmt - ok
03:44:45.0213 3040 [ bcb1310604aa415c4508708975b3931e ] WinRM C:\Windows\system32\WsmSvc.dll
03:44:45.0220 3040 WinRM - ok
03:44:45.0245 3040 [ 4fada86e62f18a1b2f42ba18ae24e6aa ] Wlansvc C:\Windows\System32\wlansvc.dll
03:44:45.0248 3040 Wlansvc - ok
03:44:45.0307 3040 [ 357cabbf155afd1d3926e62539d2a3a7 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
03:44:45.0333 3040 wlidsvc - ok
03:44:45.0344 3040 [ f6ff8944478594d0e414d3f048f0d778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
03:44:45.0345 3040 WmiAcpi - ok
03:44:45.0357 3040 [ 38b84c94c5a8af291adfea478ae54f93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
03:44:45.0358 3040 wmiApSrv - ok
03:44:45.0368 3040 WMPNetworkSvc - ok
03:44:45.0382 3040 [ 96c6e7100d724c69fcf9e7bf590d1dca ] WPCSvc C:\Windows\System32\wpcsvc.dll
03:44:45.0383 3040 WPCSvc - ok
03:44:45.0396 3040 [ 93221146d4ebbf314c29b23cd6cc391d ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
03:44:45.0397 3040 WPDBusEnum - ok
03:44:45.0403 3040 [ 6bcc1d7d2fd2453957c5479a32364e52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
03:44:45.0403 3040 ws2ifsl - ok
03:44:45.0416 3040 [ e8b1fe6669397d1772d8196df0e57a9e ] wscsvc C:\Windows\System32\wscsvc.dll
03:44:45.0417 3040 wscsvc - ok
03:44:45.0419 3040 WSearch - ok
03:44:45.0460 3040 [ d9ef901dca379cfe914e9fa13b73b4c4 ] wuauserv C:\Windows\system32\wuaueng.dll
03:44:45.0469 3040 wuauserv - ok
03:44:45.0472 3040 [ d3381dc54c34d79b22cee0d65ba91b7c ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
03:44:45.0474 3040 WudfPf - ok
03:44:45.0501 3040 [ cf8d590be3373029d57af80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
03:44:45.0504 3040 WUDFRd - ok
03:44:45.0515 3040 [ 7a95c95b6c4cf292d689106bcae49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
03:44:45.0517 3040 wudfsvc - ok
03:44:45.0532 3040 [ 9a3452b3c2a46c073166c5cf49fad1ae ] WwanSvc C:\Windows\System32\wwansvc.dll
03:44:45.0534 3040 WwanSvc - ok
03:44:45.0569 3040 [ 38f55d07b1d3391065c40ec065f984e2 ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys
03:44:45.0570 3040 xusb21 - ok
03:44:45.0573 3040 ================ Scan global ===============================
03:44:45.0584 3040 (ba0cd8c393e8c9f83354106093832c7b) C:\Windows\system32\basesrv.dll
03:44:45.0600 3040 (eb6a48cc998e1090e44e8e7f1009a640) C:\Windows\system32\winsrv.dll
03:44:45.0604 3040 (eb6a48cc998e1090e44e8e7f1009a640) C:\Windows\system32\winsrv.dll
03:44:45.0620 3040 (d6160f9d869ba3af0b787f971db56368) C:\Windows\system32\sxssrv.dll
03:44:45.0634 3040 (24acb7e5be595468e3b9aa488b9b4fcb) C:\Windows\system32\services.exe
03:44:45.0636 3040 [Global] - ok
03:44:45.0636 3040 ================ Scan MBR ==================================
03:44:45.0646 3040 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk0\DR0
03:44:45.0667 3040 \Device\Harddisk0\DR0 - ok
03:44:45.0668 3040 ================ Scan VBR ==================================
03:44:45.0685 3040 Boot (0x1200) (dea2f3e53524dfe6a36ef6612bb5b1b7) \Device\Harddisk0\DR0\Partition1
03:44:45.0686 3040 \Device\Harddisk0\DR0\Partition1 - ok
03:44:45.0696 3040 Boot (0x1200) (fbe742dd17158827e4b81b411b2640a5) \Device\Harddisk0\DR0\Partition2
03:44:45.0697 3040 \Device\Harddisk0\DR0\Partition2 - ok
03:44:45.0701 3040 Boot (0x1200) (b1e27aa018409de6bfd73f8afb883a65) \Device\Harddisk0\DR0\Partition3
03:44:45.0703 3040 \Device\Harddisk0\DR0\Partition3 - ok
03:44:45.0714 3040 Boot (0x1200) (865f43f108e551cead12438297721243) \Device\Harddisk0\DR0\Partition4
03:44:45.0719 3040 \Device\Harddisk0\DR0\Partition4 - ok
03:44:45.0749 3040 Boot (0x1200) (1c7e4590746d4e2a25109e5003f301c8) \Device\Harddisk0\DR0\Partition5
03:44:45.0750 3040 \Device\Harddisk0\DR0\Partition5 - ok
03:44:45.0750 3040 ============================================================
03:44:45.0750 3040 Scan finished
03:44:45.0750 3040 ============================================================
03:44:45.0755 5604 Detected object count: 1
03:44:45.0755 5604 Actual detected object count: 1
03:44:58.0214 5604 AdobeFlashPlayerUpdateSvc ( LockedFile.Multi.Generic ) - skipped by user
03:44:58.0214 5604 AdobeFlashPlayerUpdateSvc ( LockedFile.Multi.Generic ) - User select action: Skip

 

[Jay Pfoutz]

Hello, and welcome to TechSpot.

Please see here for the board rules and other FAQ.

Please feel free to introduce yourself, after you follow the steps below to get started.

Information

• From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
• Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
• If you have already asked for help somewhere, please post the link to the topic you were helped.
• We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
• Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.

ComboFix

Please download ComboFix

by sUBs
From BleepingComputer.com

Please save the file to your Desktop, but rename it first to svchost.exe

Important information about ComboFix

Before the download:

• Please copy and paste these instructions to Notepad and save to your Desktop, or print them - for easier access.
• It is important to rename ComboFix before the download.
• Please do not rename ComboFix to other names, but only the one indicated.

After the download:

• Close any open browsers.
• Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
• If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.

Running ComboFix:

• Double click on svchost.exe & follow the prompts.
• It will attempt to install the Recovery Console:

• When ComboFix finishes, it will produce a report for you.
• Please post the "C:\Combo-Fix.txt" in your next reply.

Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

 

[ricky splinter]

ComboFix 12-08-15.01 - Rickyfk 15/08/2012 19:33:41.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.2.1033.18.8090.4318 [GMT -4:00]
Running from: C:\Users\Rickyfk\Downloads\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\ProgramData\PCDr\5907\Downloads\f0fc9c9c-10ba-435b-8365-dadb523644ff.dll
C:\Users\Rickyfk\AppData\Roaming\Rickyfklog.dat
C:\WinDir
C:\Windows\RPSETUP.EXE.LOG


((((((((((((((((((((((((( Files Created from 2012-07-15 to 2012-08-15 )))))))))))))))))))))))))))))))


2012-08-15 23:38:24 . 2012-08-15 23:38:24 -------- d-----w- C:\Users\Default\AppData\Local\temp
2012-08-15 09:34:01 . 2012-08-15 09:35:31 -------- d-----w- C:\Program Files (x86)\SpeedFan
2012-08-15 06:53:47 . 2012-08-15 06:53:47 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-08-15 06:53:23 . 2012-08-15 06:53:23 -------- d-----w- C:\ProgramData\Malwarebytes
2012-08-15 06:53:22 . 2012-07-03 17:46:44 24904 ----a-w- C:\Windows\system32\drivers\mbam.sys
2012-08-15 06:53:21 . 2012-08-15 06:53:26 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-08-15 06:28:40 . 2012-02-11 06:43:47 751104 ----a-w- C:\Windows\system32\win32spl.dll
2012-08-15 06:28:40 . 2012-02-11 06:36:02 559104 ----a-w- C:\Windows\system32\spoolsv.exe
2012-08-15 06:28:40 . 2012-02-11 06:36:01 67072 ----a-w- C:\Windows\splwow64.exe
2012-08-15 06:28:40 . 2012-02-11 05:43:49 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2012-08-15 06:28:39 . 2012-05-05 08:36:55 503808 ----a-w- C:\Windows\system32\srcore.dll
2012-08-15 06:28:38 . 2012-07-04 22:13:27 59392 ----a-w- C:\Windows\system32\browcli.dll
2012-08-15 06:28:38 . 2012-07-04 22:13:27 136704 ----a-w- C:\Windows\system32\browser.dll
2012-08-15 06:28:38 . 2012-05-05 07:46:52 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2012-08-15 06:28:37 . 2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\system32\win32k.sys
2012-08-15 06:28:37 . 2012-07-04 22:16:43 73216 ----a-w- C:\Windows\system32\netapi32.dll
2012-08-15 06:28:37 . 2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-08-15 06:28:36 . 2012-05-14 05:26:34 956928 ----a-w- C:\Windows\system32\localspl.dll
2012-08-15 03:55:14 . 2012-08-15 03:58:46 -------- d-----w- C:\ProgramData\TrackMania
2012-08-14 23:42:23 . 2012-08-14 23:42:23 -------- d-----w- C:\Program Files (x86)\Xiph.Org
2012-08-14 23:42:10 . 2012-08-14 23:42:10 -------- d-----w- C:\Program Files (x86)\Red 5 Studios
2012-08-14 23:16:02 . 2012-08-14 23:16:02 -------- dc----w- C:\Windows\system32\DRVSTORE
2012-08-14 23:16:02 . 2009-05-18 17:17:08 34152 ----a-w- C:\Windows\system32\drivers\GEARAspiWDM.sys
2012-08-14 23:16:02 . 2008-04-17 16:12:54 126312 ----a-w- C:\Windows\system32\GEARAspi64.dll
2012-08-14 23:16:02 . 2008-04-17 16:12:54 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2012-08-14 23:15:13 . 2012-08-14 23:16:00 -------- d-----w- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-08-14 23:15:13 . 2012-08-14 23:15:59 -------- d-----w- C:\Program Files\iTunes
2012-08-14 23:15:13 . 2012-08-14 23:15:59 -------- d-----w- C:\Program Files (x86)\iTunes
2012-08-14 23:15:13 . 2012-08-14 23:15:13 -------- d-----w- C:\ProgramData\Apple Computer
2012-08-14 23:15:13 . 2012-08-14 23:15:13 -------- d-----w- C:\Program Files\iPod
2012-08-14 23:14:34 . 2012-08-14 23:14:35 -------- d-----w- C:\Program Files (x86)\Apple Software Update
2012-08-14 23:14:20 . 2012-08-14 23:14:20 -------- d-----w- C:\Program Files\Common Files\Apple
2012-08-14 23:14:09 . 2012-08-14 23:14:10 -------- d-----w- C:\Program Files\Bonjour
2012-08-14 23:14:09 . 2012-08-14 23:14:10 -------- d-----w- C:\Program Files (x86)\Bonjour
2012-08-14 23:14:02 . 2012-08-14 23:15:13 -------- d-----w- C:\Program Files (x86)\Common Files\Apple
2012-08-14 23:14:02 . 2012-08-14 23:14:26 -------- d-----w- C:\ProgramData\Apple
2012-08-13 00:23:36 . 2012-08-13 00:23:36 -------- d-----w- C:\ProgramData\Dell
2012-08-13 00:23:19 . 2012-08-13 00:23:36 -------- d-----w- C:\Program Files (x86)\Common Files\Nero
2012-08-13 00:23:13 . 2012-08-13 00:23:54 -------- d-----w- C:\Program Files (x86)\Nero
2012-08-13 00:23:06 . 2012-08-13 00:23:56 -------- d-----w- C:\ProgramData\Nero
2012-08-11 02:45:14 . 2009-03-18 21:35:42 33856 ---ha-w- C:\Windows\system32\hamachi.sys
2012-08-10 23:37:28 . 2012-08-10 23:37:28 -------- d-----w- C:\Windows\DEA314C409294250BC9298E4C105F28D.TMP
2012-08-10 20:59:05 . 2012-08-10 20:59:05 -------- d-sh--w- C:\ProgramData\SecuROM
2012-08-10 20:57:58 . 2012-08-10 20:57:58 178800 ----a-w- C:\Windows\SysWow64\CmdLineExt_x64.dll
2012-08-10 16:50:15 . 2012-08-10 16:50:15 -------- d-----w- C:\Windows\SysWow64\xlive
2012-08-10 16:50:11 . 2012-08-10 16:50:15 -------- d-----w- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
2012-08-10 10:22:27 . 2012-08-10 10:22:27 -------- d-----w- C:\Windows\SysWow64\searchplugins
2012-08-10 10:22:27 . 2012-08-10 10:22:27 -------- d-----w- C:\Windows\SysWow64\Extensions
2012-08-10 07:00:27 . 2012-08-10 07:00:27 -------- d-----w- C:\Program Files\VS Revo Group
2012-08-10 03:34:10 . 2012-08-10 08:12:40 283312 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-08-10 03:27:45 . 2012-08-10 08:12:40 283312 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-08-10 03:27:45 . 2012-08-10 08:07:52 283312 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-08-10 03:27:44 . 2012-08-10 07:54:13 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-08-10 03:27:44 . 2012-08-10 03:15:49 3360624 ----a-w- C:\Windows\SysWow64\pbsvc.exe
2012-08-10 03:14:14 . 2012-08-10 03:14:14 -------- d-----w- C:\ProgramData\Browser Manager
2012-08-10 03:14:12 . 2012-08-10 03:14:12 315 ----a-w- C:\user.js
2012-08-10 00:12:58 . 2012-08-13 05:30:46 -------- d-----w- C:\Program Files\Core Temp
2012-08-09 17:35:13 . 2012-08-09 17:35:13 -------- d-----w- C:\Program Files\Microsoft Silverlight
2012-08-09 17:35:13 . 2012-08-09 17:35:13 -------- d-----w- C:\Program Files (x86)\Microsoft Silverlight
2012-08-09 17:03:36 . 2012-08-09 17:03:36 -------- d-----w- C:\Program Files\Windows Live
2012-08-09 17:03:14 . 2012-08-09 17:04:23 -------- d-----w- C:\Program Files (x86)\Windows Live
2012-08-09 17:02:30 . 2012-08-09 17:02:30 -------- d-----w- C:\Program Files (x86)\Microsoft SkyDrive
2012-08-09 17:02:26 . 2012-08-09 17:02:26 -------- d-----w- C:\ProgramData\Microsoft SkyDrive
2012-08-09 16:59:12 . 2012-08-09 16:59:12 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
2012-08-09 16:16:10 . 2012-08-09 16:18:13 -------- d-----w- C:\Program Files (x86)\mIRC
2012-08-08 21:52:18 . 2012-08-08 21:52:26 -------- d-----w- C:\ProgramData\WebcamMax
2012-08-08 21:51:27 . 2012-08-08 21:51:30 -------- d-----w- C:\Program Files (x86)\WebcamMax
2012-08-08 21:44:21 . 2012-08-08 21:44:47 -------- d-----w- C:\ProgramData\WinZip
2012-08-08 21:27:06 . 2012-08-08 21:27:06 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi
2012-08-08 20:58:35 . 2012-08-15 19:37:11 -------- d-----w- C:\Program Files (x86)\Steam
2012-08-08 20:37:51 . 2012-08-08 20:37:51 -------- d-----w- C:\Program Files\Ventrilo
2012-08-08 19:46:17 . 2008-10-15 10:22:52 519000 ----a-w- C:\Windows\system32\d3dx10_40.dll
2012-08-08 19:46:17 . 2008-10-15 10:22:52 452440 ----a-w- C:\Windows\SysWow64\d3dx10_40.dll
2012-08-08 19:46:17 . 2008-10-15 10:22:52 2605920 ----a-w- C:\Windows\system32\D3DCompiler_40.dll
2012-08-08 19:46:17 . 2008-10-15 10:22:52 2036576 ----a-w- C:\Windows\SysWow64\D3DCompiler_40.dll
2012-08-08 19:46:16 . 2008-10-15 10:22:52 5631312 ----a-w- C:\Windows\system32\D3DX9_40.dll
2012-08-08 19:46:16 . 2008-10-15 10:22:52 4379984 ----a-w- C:\Windows\SysWow64\D3DX9_40.dll
2012-08-08 19:44:03 . 2012-08-08 19:44:03 -------- d-----w- C:\Windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP
2012-08-08 19:43:39 . 2012-08-10 23:37:15 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2012-08-08 19:04:09 . 2012-08-14 23:04:10 9232584 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-08-08 18:47:33 . 2012-08-08 18:47:33 -------- d-----w- C:\ProgramData\Alienware
2012-08-08 18:34:27 . 2012-08-08 18:34:29 -------- d-----w- C:\Program Files (x86)\Guild Wars 2
2012-08-08 18:01:10 . 2012-05-04 11:00:43 366592 ----a-w- C:\Windows\system32\qdvd.dll
2012-08-08 18:01:10 . 2012-05-04 09:59:54 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
2012-08-08 17:57:38 . 2012-08-08 17:57:38 -------- d-----w- C:\Windows\PCHEALTH
2012-08-08 17:56:32 . 2012-08-08 17:56:32 -------- d-----w- C:\Program Files\Microsoft Office
2012-08-08 17:56:27 . 2012-08-08 17:56:27 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2012-08-08 17:56:05 . 2012-08-15 06:31:00 -------- d-----w- C:\ProgramData\Microsoft Help
2012-08-08 17:55:55 . 2012-08-08 17:55:55 -------- d-----r- C:\MSOCache
2012-08-08 17:45:36 . 2011-10-20 09:20:00 837952 ----a-w- C:\Windows\system32\easyupdatusapiu64.dll
2012-08-08 17:45:02 . 2011-07-07 20:21:32 29288 ----a-w- C:\Windows\system32\nvhdap64.dll
2012-08-08 17:45:02 . 2011-07-07 20:21:28 174184 ----a-w- C:\Windows\system32\drivers\nvhda64v.sys
2012-08-08 17:45:02 . 2011-07-07 20:21:26 1452648 ----a-w- C:\Windows\system32\nvhdagenco6420102.dll
2012-08-08 17:42:01 . 2012-08-08 17:42:01 -------- d-----w- C:\Windows\system32\2C0A
2012-08-08 17:41:58 . 2012-08-08 17:41:58 -------- d-----w- C:\Program Files (x86)\Renesas Electronics
2012-08-08 17:41:10 . 2012-08-08 17:41:10 -------- d-----w- C:\Dell
2012-08-08 17:32:05 . 2012-08-08 17:32:05 -------- d-----w- C:\Windows\SysWow64\Wat
2012-08-08 17:32:05 . 2012-08-08 17:32:05 -------- d-----w- C:\Windows\system32\Wat
2012-08-08 17:28:37 . 2012-08-08 17:28:37 -------- d-----w- C:\Program Files (x86)\Dell
2012-08-08 17:28:36 . 2012-08-08 17:28:36 -------- d-----w- C:\Windows\SysWow64\Dell
2012-08-08 17:19:40 . 2012-08-15 06:28:55 62134624 ----a-w- C:\Windows\system32\MRT.exe
2012-08-08 17:17:19 . 2012-08-08 17:17:19 -------- d-----w- C:\Program Files (x86)\Common Files\Skype
2012-08-08 17:17:19 . 2012-08-08 17:17:19 -------- d-----r- C:\Program Files (x86)\Skype
2012-08-08 17:16:24 . 2012-08-08 17:16:24 -------- d-----w- C:\Program Files (x86)\Common Files\Java
2012-08-08 17:16:03 . 2012-08-08 17:16:03 -------- d-----w- C:\Program Files (x86)\Oracle
2012-08-08 17:15:54 . 2012-08-08 17:15:43 772592 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-08-08 17:15:54 . 2012-07-06 02:06:20 687544 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-08-08 17:15:42 . 2012-08-08 17:15:42 -------- d-----w- C:\Program Files (x86)\Java
2012-08-08 17:13:09 . 2012-08-08 17:17:26 -------- d-----w- C:\ProgramData\Skype
2012-08-08 17:09:59 . 2012-05-01 05:40:20 209920 ----a-w- C:\Windows\system32\profsvc.dll
2012-08-08 17:08:54 . 2012-04-28 03:55:21 210944 ----a-w- C:\Windows\system32\drivers\rdpwd.sys
2012-08-08 17:08:52 . 2011-02-23 04:55:04 90624 ----a-w- C:\Windows\system32\drivers\bowser.sys
2012-08-08 17:05:59 . 2008-10-27 14:04:16 25936 ----a-w- C:\Windows\system32\X3DAudio1_5.dll
2012-08-08 17:03:30 . 2012-08-14 23:42:17 -------- d--h--w- C:\Windows\msdownld.tmp
2012-08-08 17:03:25 . 2012-08-08 17:03:25 -------- d-----w- C:\Games
2012-08-08 17:01:31 . 2012-08-08 18:39:23 -------- d-----w- C:\Program Files\AlienAutopsy
2012-08-08 17:00:34 . 2012-08-08 17:00:35 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2012-08-08 16:57:45 . 2012-08-12 23:35:43 -------- d-----w- C:\ProgramData\PCDr
2012-08-08 16:44:36 . 2012-06-02 22:19:43 2428952 ----a-w- C:\Windows\system32\wuaueng.dll
2012-08-08 16:44:36 . 2012-06-02 22:19:42 57880 ----a-w- C:\Windows\system32\wuauclt.exe
2012-08-08 16:44:36 . 2012-06-02 22:19:42 44056 ----a-w- C:\Windows\system32\wups2.dll
2012-08-08 16:44:36 . 2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\system32\wucltux.dll
2012-08-08 16:44:32 . 2012-06-02 22:19:46 38424 ----a-w- C:\Windows\system32\wups.dll
2012-08-08 16:44:31 . 2012-06-02 22:19:23 701976 ----a-w- C:\Windows\system32\wuapi.dll
2012-08-08 16:44:31 . 2012-06-02 22:15:08 99840 ----a-w- C:\Windows\system32\wudriver.dll


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2012-08-02 14:14:18 . 2012-08-02 14:14:18 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2012-08-02 14:14:16 . 2012-08-02 14:14:16 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2012-08-02 14:14:16 . 2012-08-02 14:14:16 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2012-06-18 21:07:12 . 2012-06-18 21:07:12 21360 ----a-w- C:\Windows\SysWow64\LightFXConfigurator32.dll
2012-06-18 21:07:08 . 2012-06-18 21:07:08 22384 ----a-w- C:\Windows\SysWow64\LightFX.dll
2012-06-18 21:07:00 . 2012-06-18 21:07:00 23408 ----a-w- C:\Windows\system32\LightFXConfigurator64.dll
2012-06-18 21:06:56 . 2012-06-18 21:06:56 23408 ----a-w- C:\Windows\system32\LightFX.dll
2012-06-18 20:41:38 . 2012-06-18 20:41:38 15728 ----a-w- C:\Windows\SysWow64\alienfusionapi.dll
2012-06-06 12:49:52 . 2012-06-06 12:49:52 1070152 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2012-05-30 17:10:50 . 2012-05-30 17:10:50 16168 ----a-w- C:\Windows\system32\drivers\TurboB.sys


------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.

[-] 2012-07-04 22:13:27 . 05F5A0D14A2EE1D8255C2AA0E9E8E694 . 136704 . . [6.1.7601.17887 (win7sp1_gdr.120704-0720)] .. C:\Windows\winsxs\amd64_microsoft-windows-browserservice_31bf3856ad364e35_6.1.7601.17887_none_d6c68344b4d406bf\browser.dll
[-] 2012-07-04 22:06:49 . 156768ABAE1DAF29BA0B0C05C21FEF09 . 136704 . . [6.1.7601.22044 (win7sp1_ldr.120704-0720)] .. C:\Windows\winsxs\amd64_microsoft-windows-browserservice_31bf3856ad364e35_6.1.7601.22044_none_d7783703cdd41e02\browser.dll
[7] 2010-11-21 03:24:16 . 8EF0D5C41EC907751B8429162B1239ED . 136192 . . [6.1.7601.17514 (win7sp1_rtm.101119-1850)] .. C:\Windows\winsxs\amd64_microsoft-windows-browserservice_31bf3856ad364e35_6.1.7601.17514_none_d70f2c28b49dffae\browser.dll
[-] 2012-07-04 22:13:27 . 05F5A0D14A2EE1D8255C2AA0E9E8E694 . 136704 . . [6.1.7600.16385 (win7_rtm.090713-1255)] .. C:\Windows\system32\browser.dll

[-] 2012-02-11 06:36:02 . 85DAA09A98C9286D4EA2BA8D0E644377 . 559104 . . [6.1.7600.16385 (win7_rtm.090713-1255)] .. C:\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.17777_none_3433cdb2d8563d50\spoolsv.exe
[-] 2012-02-11 06:20:28 . B9D7A4858CF32A6A15D2763F1DE47E0E . 559616 . . [6.1.7600.16385 (win7_rtm.090713-1255)] .. C:\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.21921_none_34ed7a43f150b682\spoolsv.exe
[7] 2010-11-21 03:24:27 . B96C17B5DC1424D56EEA3A99E97428CD . 559104 . . [6.1.7600.16385 (win7_rtm.090713-1255)] .. C:\Windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.17514_none_3471a890d8284f57\spoolsv.exe
[-] 2012-02-11 06:36:02 . 85DAA09A98C9286D4EA2BA8D0E644377 . 559104 . . [6.1.7600.16385 (win7_rtm.090713-1255)] .. C:\Windows\system32\spoolsv.exe

[7] 2012-08-02 14:14:24 . D785A16A6F03F76CB862F28C9F8C9672 . 17790976 . . [9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)] .. C:\Windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16443_none_87cdb199f4dba857\mshtml.dll
[7] 2012-08-02 14:14:24 . 97BB8C752A400556A4FF2E1AAFA0A138 . 17790976 . . [9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)] .. C:\Windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20548_none_885c4fd70df4c6d4\mshtml.dll
[7] 2012-08-02 14:04:05 . 82682BA2DF50B94CD798B8315B3F7896 . 17773056 . . [9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)] .. C:\Windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16421_none_87e150ddf4cd3dc7\mshtml.dll
[-] 2012-06-29 04:55:23 . 8415F4792D7BC07BE328DF56FE32045A . 17809920 . . [9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)] .. C:\Windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16448_none_87d2b30bf4d7270a\mshtml.dll
[-] 2012-06-29 02:39:19 . C4DE0E2B31F60ACB15E6B4154E26298A . 17809920 . . [9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)] .. C:\Windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20554_none_884d7ec30e007d69\mshtml.dll
[7] 2012-06-02 12:49:39 . 89C4B3BF66D3C2F3D83F9DEDF1B218D6 . 17807360 . . [9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)] .. C:\Windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16447_none_87d1b2c1f4d80db3\mshtml.dll
[7] 2012-06-02 11:45:43 . 0C26F50D6C347CE294C84347E6FAEAA8 . 17807360 . . [9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)] .. C:\Windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20553_none_884c7e790e016412\mshtml.dll
[7] 2010-11-21 03:24:42 . 1C8B787BAA52DEAD1A6FEC1502D652F0 . 8988160 . . [8.00.7601.17514 (win7sp1_rtm.101119-1850)] .. C:\Windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17514_none_8c235f42afcafdda\mshtml.dll
[-] 2012-06-29 04:55:23 . 8415F4792D7BC07BE328DF56FE32045A . 17809920 . . [9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)] .. C:\Windows\system32\mshtml.dll

[7] 2012-08-02 14:14:24 . 228443FF3A1FB0B974D278F7C6403FAD . 1390080 . . [9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)] .. C:\Windows\winsxs\amd64_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_9.4.8112.16443_none_7673927b74853f21\wininet.dll
[7] 2012-08-02 14:14:24 . B70CDC073F70E6D082A62AB5880D6B07 . 1390080 . . [9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)] .. C:\Windows\winsxs\amd64_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_9.4.8112.20548_none_770230b88d9e5d9e\wininet.dll
[7] 2012-08-02 14:04:05 . 1BF2BCC7E3C26FD4C8EF0C9EFB0CC25D . 1389056 . . [9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)] .. C:\Windows\winsxs\amd64_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_9.4.8112.16421_none_768731bf7476d491\wininet.dll
[-] 2012-06-29 03:49:11 . 8EA68FD3780DDDD5072F8CB830B3CB3D . 1392128 . . [9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)] .. C:\Windows\winsxs\amd64_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_9.4.8112.16448_none_767893ed7480bdd4\wininet.dll
[-] 2012-06-29 01:51:43 . 8BA7EDA2656ED7FBC93BDD5CB02B8D4E . 1392128 . . [9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)] .. C:\Windows\winsxs\amd64_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_9.4.8112.20554_none_76f35fa48daa1433\wininet.dll
[7] 2012-06-02 12:05:28 . 5A45FA344F4AD99D903F4B20E43B89EC . 1392128 . . [9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)] .. C:\Windows\winsxs\amd64_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_9.4.8112.16447_none_767793a37481a47d\wininet.dll
[7] 2012-06-02 11:09:20 . 571E809181EBF0A04FEFAA9BC9961F5B . 1392128 . . [9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)] .. C:\Windows\winsxs\amd64_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_9.4.8112.20553_none_76f25f5a8daafadc\wininet.dll
[7] 2010-11-21 03:23:55 . F6C5302E1F4813D552F41A0AC82455E5 . 1188864 . . [8.00.7601.17514 (win7sp1_rtm.101119-1850)] .. C:\Windows\winsxs\amd64_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7601.17514_none_7ac940242f7494a4\wininet.dll
[-] 2012-06-29 03:49:11 . 8EA68FD3780DDDD5072F8CB830B3CB3D . 1392128 . . [9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)] .. C:\Windows\system32\wininet.dll

[7] 2012-08-02 14:14:24 . F82BF2CB075B49E9FAB5FF213C45C020 . 12281856 . . [9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)] .. C:\Windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16443_none_92225bec293c6a52\mshtml.dll
[7] 2012-08-02 14:14:24 . B9E083B14B1994F1255983F2DF31C7DF . 12281856 . . [9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)] .. C:\Windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20548_none_92b0fa29425588cf\mshtml.dll
[7] 2012-08-02 14:04:05 . 4DEF8126CABAA6CDC12103CD74C6A919 . 12268544 . . [9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)] .. C:\Windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16421_none_9235fb30292dffc2\mshtml.dll
[-] 2012-06-29 00:52:30 . 5E8E869E1342308752A37A2C90CCA79D . 12317184 . . [9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)] .. C:\Windows\SysWOW64\mshtml.dll
[-] 2012-06-29 00:52:30 . 5E8E869E1342308752A37A2C90CCA79D . 12317184 . . [9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)] .. C:\Windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16448_none_92275d5e2937e905\mshtml.dll
[-] 2012-06-28 23:11:03 . AEC51857AEC2F5CE4520366240AFC671 . 12317184 . . [9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)] .. C:\Windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20554_none_92a2291542613f64\mshtml.dll
[7] 2012-06-02 09:07:00 . 6820A9E91AFF7CB3A510360D8CCD9BDD . 12314624 . . [9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)] .. C:\Windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.16447_none_92265d142938cfae\mshtml.dll
[7] 2012-06-02 08:48:46 . 1ABF770552EA9D4FE90F654468FAF4CE . 12314624 . . [9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)] .. C:\Windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_9.4.8112.20553_none_92a128cb4262260d\mshtml.dll
[7] 2010-11-21 03:25:08 . C50799F0D47DFB9774F721521B6C41D5 . 5977600 . . [8.00.7601.17514 (win7sp1_rtm.101119-1850)] .. C:\Windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_8.0.7601.17514_none_96780994e42bbfd5\mshtml.dll

[7] 2012-08-02 14:14:24 . 44465367256D1C72B58F5ABAA19E7016 . 1127424 . . [9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)] .. C:\Windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_9.4.8112.16443_none_1a54f6f7bc27cdeb\wininet.dll
[7] 2012-08-02 14:14:24 . 11A34DCA08EB2A586246F2D6C2A81D58 . 1127424 . . [9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)] .. C:\Windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_9.4.8112.20548_none_1ae39534d540ec68\wininet.dll
[7] 2012-08-02 14:04:05 . A1236375B74EA63C75657D564890C436 . 1126912 . . [9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)] .. C:\Windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_9.4.8112.16421_none_1a68963bbc19635b\wininet.dll
[-] 2012-06-29 00:09:01 . 75A97A2C060E72AB49E071E08C7DD2BA . 1129472 . . [9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)] .. C:\Windows\SysWOW64\wininet.dll
[-] 2012-06-29 00:09:01 . 75A97A2C060E72AB49E071E08C7DD2BA . 1129472 . . [9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)] .. C:\Windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_9.4.8112.16448_none_1a59f869bc234c9e\wininet.dll
[-] 2012-06-28 22:54:19 . 54C30A4066A28F9A017E095E283B2762 . 1129472 . . [9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)] .. C:\Windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_9.4.8112.20554_none_1ad4c420d54ca2fd\wininet.dll
[7] 2012-06-02 08:25:08 . 8E87270C4704CF2951E1E7820D6C8A2B . 1129472 . . [9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)] .. C:\Windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_9.4.8112.16447_none_1a58f81fbc243347\wininet.dll
[7] 2012-06-02 08:16:44 . E430161A632F9A8FE512DE0CA5685559 . 1129472 . . [9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)] .. C:\Windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_9.4.8112.20553_none_1ad3c3d6d54d89a6\wininet.dll
[7] 2010-11-21 03:24:08 . 44214C94911C7CFB1D52CB64D5E8368D . 980992 . . [8.00.7601.17514 (win7sp1_rtm.101119-1850)] .. C:\Windows\winsxs\x86_microsoft-windows-I..tocolimplementation_31bf3856ad364e35_8.0.7601.17514_none_1eaaa4a07717236e\wininet.dll

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-08-09 17:02:28 220608 ----a-w- C:\Users\Rickyfk\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-08-09 17:02:28 220608 ----a-w- C:\Users\Rickyfk\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-08-09 17:02:28 220608 ----a-w- C:\Users\Rickyfk\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19:10 94208 ----a-w- C:\Users\Rickyfk\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19:10 94208 ----a-w- C:\Users\Rickyfk\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19:10 94208 ----a-w- C:\Users\Rickyfk\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2010-11-21 03:24:51 1475584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"mcui_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2012-03-22 01:18:44 1675160]
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 15:07:54 252296]
"RUSB3MON"="C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\rusb3mon.exe" [2011-09-20 13:17:44 115048]
"Malwarebytes' Anti-Malware"="C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 17:46:44 462920]

C:\Users\Rickyfk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - C:\Users\Rickyfk\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-7-24 26909544]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\Windows\SysWOW64\nvinit.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer4"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

R2 AlienFusionService;Alienware Fusion Service;C:\Program Files\Alienware\Command Center\AlienFusionService.exe [2012-06-18 20:43:48 14704]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 22:27:14 138576]
R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-07-13 17:28:36 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-08 19:04:13 250056]
R3 ALSysIO;ALSysIO;C:\Users\Rickyfk\AppData\Local\Temp\ALSysIO64.sys [x]
R3 cphs;Intel(R) Content Protection HECI Service;C:\Windows\SysWow64\IntelCpHeciSvc.exe [2012-03-22 21:34:18 276248]
R3 McAWFwk;McAfee Activation Service;c:\PROGRA~1\mcafee\msc\mcawfwk.exe [2011-03-08 22:00:50 224704]
R3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys [2012-02-22 17:29:46 100912]
R3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-14 00:17:12 113120]
R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;C:\Windows\system32\drivers\nvstusb.sys [2012-03-04 23:31:18 398656]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 01:34:24 4925184]
R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 03:24:33 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 03:23:47 31232]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.6;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2012-05-30 17:11:34 149544]
R3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe [2012-08-08 17:22:48 1255736]
R4 McOobeSv;McAfee OOBE Service;C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-27 23:28:20 249936]
S0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys [2012-02-22 17:29:46 289664]
S0 nvpciflt;nvpciflt;C:\Windows\system32\DRIVERS\nvpciflt.sys [2011-10-20 09:20:00 28992]
S1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys [2012-02-22 17:29:46 75936]
S1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 00:07:22 59904]
S2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-11-18 02:14:26 98208]
S2 AlienFXWindowsService;AlienFXWindowsService;C:\Program Files\Alienware\Command Center\AlienFXWindowsService.exe [2012-06-18 20:56:54 13168]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-06-27 16:29:24 2369960]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-02-03 03:29:52 628448]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-03-06 19:40:14 163608]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 17:46:44 655944]
S2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-01-27 23:28:20 249936]
S2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [2011-01-27 23:28:20 249936]
S2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [2012-05-25 20:59:02 210616]
S2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\system32\mfevtps.exe [2012-05-25 21:13:54 162224]
S2 MSI_ODD_Service;MSI_ODD_Service;c:\Program Files (x86)\msi\ODD Monitor\ODD_Monitor.exe [2011-10-05 00:42:30 76800]
S2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-05-04 16:07:22 503080]
S2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-20 09:20:00 2253120]
S2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\AlienRespawn\sftservice.EXE [2012-02-16 17:49:44 1695040]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-20 08:26:00 381248]
S2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys [2012-05-30 17:10:50 16168]
S2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-03-06 19:41:36 363800]
S3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys [2012-02-22 17:29:46 65264]
S3 DCamUSBVM;Lenovo Q350 USB PC Camera;C:\Windows\system32\Drivers\usbVM31b.sys [2005-09-19 17:57:36 142336]
S3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys [2011-12-06 11:23:08 331264]
S3 Lycosa;Lycosa Keyboard;C:\Windows\system32\drivers\Lycosa.sys [2008-01-17 20:51:44 18816]
S3 MBAMProtector;MBAMProtector;C:\Windows\system32\drivers\mbam.sys [2012-07-03 17:46:44 24904]
S3 MEIx64;Intel(R) Management Engine Interface ;C:\Windows\system32\DRIVERS\HECIx64.sys [2011-11-10 06:04:14 60184]
S3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys [2012-02-22 17:29:46 487296]
S3 NTIOLib_X64;NTIOLib_X64;C:\Program Files (x86)\msi\ODD Monitor\NTIOLib_X64.sys [2010-01-18 18:36:44 14136]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys [2011-07-07 20:21:28 174184]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 23:34:52 539240]
S3 rusb3hub;Renesas Electronics USB 3.0 Hub Driver (Version 3.0);C:\Windows\system32\DRIVERS\rusb3hub.sys [2011-09-15 19:14:58 100352]
S3 rusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver (Version 3.0);C:\Windows\system32\DRIVERS\rusb3xhc.sys [2011-09-15 19:15:00 216064]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - WS2IFSL
*Deregistered* - mfeavfk01

Contents of the 'Scheduled Tasks' folder

2012-08-15 C:\Windows\Tasks\Adobe Flash Player Updater.job
- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-02 12:28:27 . 2012-08-08 19:04:13]

2012-08-11 C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
- C:\Program Files\AlienAutopsy\uaclauncher.exe [2012-05-22 07:09:58 . 2012-05-22 07:09:58]

2012-08-15 C:\Windows\Tasks\SystemToolsDailyTest.job
- C:\Program Files\AlienAutopsy\uaclauncher.exe [2012-05-22 07:09:58 . 2012-05-22 07:09:58]


--------- X64 Entries -----------


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-08-09 17:02:27 244672 ----a-w- C:\Users\Rickyfk\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-08-09 17:02:27 244672 ----a-w- C:\Users\Rickyfk\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-08-09 17:02:27 244672 ----a-w- C:\Users\Rickyfk\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64\SkyDriveShell64.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19:10 97792 ----a-w- C:\Users\Rickyfk\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19:10 97792 ----a-w- C:\Users\Rickyfk\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19:10 97792 ----a-w- C:\Users\Rickyfk\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19:10 97792 ----a-w- C:\Users\Rickyfk\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-11-03 05:07:06 6412904]
"RtHDVBg"="C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" [2011-10-20 07:46:24 1157224]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2012-03-22 21:34:10 170264]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2012-03-22 21:34:02 398616]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2012-03-22 21:34:06 439064]
"Command Center Controllers"="C:\Program Files\Alienware\Command Center\AWCCStartupOrchestrator.exe" [2012-06-18 21:15:12 12656]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 01:39:57 168960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=C:\Windows\System32\nvinitx.dll

------- Supplementary Scan -------

uLocal Page = C:\Windows\system32\blank.htm
uStart Page = www.alienwarearena.com/welcome-ca-e
mLocal Page = C:\Windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 24.226.1.93 24.226.10.193 24.226.10.194 24.226.1.94
FF - ProfilePath - C:\Users\Rickyfk\AppData\Roaming\Mozilla\Firefox\Profiles\ycru0hz5.default\
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112542&tt=090812_ppc_3212_8
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://www.google.com/search?babsrc=TB_ggl&q=
FF - user.js: extensions.BabylonToolbar.id - d0c8a7b2000000000000844bf5824044
FF - user.js: extensions.BabylonToolbar.instlDay - 15562
FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.4.6
FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.4.6
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.4.623:14:11
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false

- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-(Default) - (no file)



------------------------ Other Running Processes ------------------------

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\AlienRespawn\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\AlienRespawn\TOASTER.EXE
C:\Program Files (x86)\AlienRespawn\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

**************************************************************************

Completion time: 2012-08-15 19:46:19 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-15 23:46:19

Pre-Run: 832,415,150,080 bytes free
Post-Run: 833,612,673,024 bytes free

- - End Of File - - C7C7292F007A9ECCC83961FCC0CBD39A

 

[ricky splinter]

I have a new porb now if I click in my start all porgrams then try to click a folder it shows none its weird and I cant do a reisntall top end of month lol as I only have 15 gigs free left of my net

 

[Jay Pfoutz]

ComboFix Script

• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Open notepad and copy/paste the text in the codebox below into it:
  

  ClearJavaCache::

• Save this as CFScript.txt, in the same location as ComboFix.exe
  
  
  
• Referring to the picture above, drag CFScript into ComboFix.exe
• When finished, it shall produce a log for you at C:\ComboFix.txt
• Please post the contents of the log in your next reply.

 

[ricky splinter]

I don get a txt file it acts like a folder but also it opems my computer also

 

[ricky splinter]

I had to make a 2ed account just to do anything I cant run anything from my main account not even my computer I will have to reformat it at end of month its only a week old also + I know what I download lol

 

[Jay Pfoutz]

Are you wanting to continue disinfection?

 

[ricky splinter]

thanks for your help I just reformatted

 

[Jay Pfoutz]

Topic closed. Sorry for wasting your time.