Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Infected with Trojan Host svchost.exe, trying to remove it

Started by JoeLangston, Aug 01 2012 06:31 PM

This topic is locked
Go to first unread post

10 replies to this topic

#1
JoeLangston

Posted 01 August 2012 - 06:31 PM

New Member

Members
5 posts

Everytime I have been running Malwarebyte Anti-Malware lately, I have been told that my computer is infected with Trojan Host svchost.exe. What do I need to do is order to get rid of this?

mbam-log-2012-08-01 (19-16-39).txt 2K 3 downloads

#2
MrCharlie

Posted 01 August 2012 - 06:52 PM

Forum Deity

Experts
17,527 posts

Gender:Male
Location:So. Plainfield, New Jersey, USA

Welcome to the forum, please start at the link below:

http://forums.malwar...?showtopic=9573

Post back the 2 logs here.....DDS.txt and Attach.txt

<====><====><====><====><====><====><====><====>

Next.......

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

Malware Removal Expert

I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Thanks MrC & crew

#3
JoeLangston

Posted 02 August 2012 - 01:35 AM

New Member

Members
5 posts

Gah, sorry about that there. Here you go.

DDS

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Peter at 2:22:45 on 2012-08-02
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8187.4384 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe
C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTShellHlp.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
-netsvcs
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\mIRC\mirc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\notepad.exe
C:\Program Files (x86)\AIM\aim.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: SearchHook Class: {bc86e1ab-eda5-4059-938f-ce307b0c6f0a} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll
uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: WinZip Courier BHO: {a8fb70fa-0fdf-4601-9dc4-bfa1b357204f} - C:\PROGRA~2\WINZIP~1\wzwmcie.dll
BHO: Support.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: BHO Class: {dd92de22-ed91-4560-b788-dee2b26612e6} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\IEHelper.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB: Support.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [Sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe /autoRun
uRun: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
StartupFolder: C:\Users\Peter\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENVP~1.LNK - C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\uiboot.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{66C4872E-3CE5-4011-A3A3-CF092E40EACE} : DhcpNameServer = 10.0.8.1
TCP: Interfaces\{7A3F43A8-9728-4647-B44D-455D570EFEEB} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{A4AF4F34-F273-4D77-8F27-73A0954F2480} : DhcpNameServer = 192.168.2.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
BHO-X64: uTorrentControl2 - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: WinZip Courier BHO: {A8FB70FA-0FDF-4601-9DC4-BFA1B357204F} - C:\PROGRA~2\WINZIP~1\wzwmcie.dll
BHO-X64: WinZip Courier BHO - No File
BHO-X64: Support.com Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: BHO Class: {DD92DE22-ED91-4560-B788-DEE2B26612E6} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\IEHelper.dll
BHO-X64: CStat - No File
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB-X64: Support.com Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll
TB-X64: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll
mRun-x64: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\tzsdh8o0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - uTorrentControl2 Customized Web Search
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
FF - prefs.js: network.proxy.ftp - falkenstein.tunnelr.com
FF - prefs.js: network.proxy.ftp_port - 53
FF - prefs.js: network.proxy.http - falkenstein.tunnelr.com
FF - prefs.js: network.proxy.http_port - 53
FF - prefs.js: network.proxy.socks - falkenstein.tunnelr.com
FF - prefs.js: network.proxy.socks_port - 53
FF - prefs.js: network.proxy.ssl - falkenstein.tunnelr.com
FF - prefs.js: network.proxy.ssl_port - 53
FF - prefs.js: network.proxy.type - 4
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\WinZip Courier\npwzwmc.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\tzsdh8o0.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\plugins\np-mswmp.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
============= SERVICES / DRIVERS ===============
.
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 BCUService;Browser Configuration Utility Service;C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2011-12-6 212232]
R2 DlinkNdPt60;D-Link NDIS Protocol Driver;C:\Windows\system32\DRIVERS\DlinkNdPt60.sys --> C:\Windows\system32\DRIVERS\DlinkNdPt60.sys [?]
R2 Dokan;Dokan;\??\C:\Windows\system32\drivers\dokan.sys --> C:\Windows\system32\drivers\dokan.sys [?]
R2 DokanMounter;DokanMounter;C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe [2011-1-10 14848]
R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-6-28 8704]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-13 655944]
R2 OpenVPNAccessClient;OpenVPN Access Client;C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe [2010-8-12 24064]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AN983X64;Infineon AN983B PCI Fast Ethernet Adapter for Windows X64;C:\Windows\system32\DRIVERS\AN983X64.sys --> C:\Windows\system32\DRIVERS\AN983X64.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 DLKRT64;D-Link DGE-530T Gigabit Ethernet Adapter Driver;C:\Windows\system32\DRIVERS\DLKRT64.sys --> C:\Windows\system32\DRIVERS\DLKRT64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 tapoas;TAP-Win32 Adapter OAS;C:\Windows\system32\DRIVERS\tapoas.sys --> C:\Windows\system32\DRIVERS\tapoas.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-2-17 136176]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-5-3 158856]
S3 DLINKVLANPT;D-Link Vlan Protocol Driver (NDIS 6.0);C:\Windows\system32\DRIVERS\DLINKVlan60.sys --> C:\Windows\system32\DRIVERS\DLINKVlan60.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-2-17 136176]
S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\system32\DRIVERS\ivusb.sys --> C:\Windows\system32\DRIVERS\ivusb.sys [?]
S3 mbamchameleon;mbamchameleon;\??\C:\Windows\system32\drivers\mbamchameleon.sys --> C:\Windows\system32\drivers\mbamchameleon.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 113120]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-08-02 03:07:57 -------- d-----w- C:\FRST
2012-08-01 22:44:28 20480 ------w- C:\Windows\svchost.exe
2012-08-01 22:37:14 -------- d-sh--w- C:\$RECYCLE.BIN
2012-08-01 21:04:27 98816 ----a-w- C:\Windows\sed.exe
2012-08-01 21:04:27 518144 ----a-w- C:\Windows\SWREG.exe
2012-08-01 21:04:27 256000 ----a-w- C:\Windows\PEV.exe
2012-08-01 21:04:27 208896 ----a-w- C:\Windows\MBR.exe
2012-08-01 21:02:15 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-01 20:10:41 -------- d-----w- C:\Users\Peter\AppData\Local\{E00CCE63-2786-4896-8F1F-E8D9FF427791}
2012-08-01 20:10:14 -------- d-----w- C:\Users\Peter\AppData\Local\{A42871C1-0583-484D-8551-E43A7AC9A095}
2012-07-31 20:06:37 -------- d-----w- C:\Users\Peter\AppData\Local\Package Cache
2012-07-31 13:43:27 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{AA33ED8E-0AB1-4307-A49B-4CF7BB523678}\mpengine.dll
2012-07-31 08:43:27 -------- d-----w- C:\Users\Peter\AppData\Local\{AF2209FB-AE6A-4382-8912-672377A796AB}
2012-07-31 08:43:11 -------- d-----w- C:\Users\Peter\AppData\Local\{1965026E-320D-443D-93BC-864518410D49}
2012-07-31 08:33:01 5120 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\B9D7.tmp
2012-07-27 23:03:42 -------- d-----w- C:\Users\Peter\AppData\Local\{AC01B674-844E-4AA7-BD22-83AEF05BF72C}
2012-07-27 23:03:31 -------- d-----w- C:\Users\Peter\AppData\Local\{F759E279-A27E-48DD-9C54-3A10FA79EF4C}
2012-07-27 04:05:40 -------- d-----w- C:\Program Files (x86)\Stellar Impact
2012-07-26 15:48:02 -------- d-----w- C:\ProgramData\Steam
2012-07-26 15:48:01 -------- d-----w- C:\ProgramData\PopCap Games
2012-07-26 13:21:21 -------- d-----w- C:\Users\Peter\AppData\Local\{783F2BE8-1ABA-43A7-B619-FC2C994E9BC8}
2012-07-26 13:20:59 -------- d-----w- C:\Users\Peter\AppData\Local\{4DEDE137-4BA3-4397-BC34-5543DE05028D}
2012-07-25 18:16:54 -------- d-----w- C:\Users\Peter\AppData\Local\{B6E43D3B-F451-4C81-9A12-844679920CE8}
2012-07-24 03:04:45 -------- d-----w- C:\Users\Peter\AppData\Local\{142B9F3C-5083-40E4-A64C-26199C641D1F}
2012-07-24 03:04:35 -------- d-----w- C:\Users\Peter\AppData\Local\{BAD4D8DE-160F-4533-A963-21672E95B223}
2012-07-22 06:20:38 -------- d-----w- C:\Users\Peter\AppData\Local\Demiurge Studios
2012-07-21 21:57:34 -------- d-----w- C:\Users\Peter\AppData\Local\{60A9FFD0-C6D2-470B-B52F-1FCB7C75B00C}
2012-07-21 21:57:22 -------- d-----w- C:\Users\Peter\AppData\Local\{0E1020E3-7695-49E7-BD49-9926D7809B82}
2012-07-21 04:20:02 -------- d-----w- C:\ProgramData\Nexon
2012-07-17 19:01:40 -------- d-----w- C:\Users\Peter\AppData\Local\{8521B565-FD9B-42D9-AAEA-0BF9C003AC2B}
2012-07-17 19:01:29 -------- d-----w- C:\Users\Peter\AppData\Local\{4209231D-E2BC-4F17-88B5-9BE081865263}
2012-07-17 03:14:04 -------- d-----w- C:\Users\Peter\AppData\Local\{18C11A2C-4A71-44D9-B63B-840C55CE0AC4}
2012-07-17 03:13:52 -------- d-----w- C:\Users\Peter\AppData\Local\{8FA1A5B8-A5A4-4968-9C4C-D01E0ADD6818}
2012-07-13 22:37:02 -------- d-----w- C:\Users\Peter\AppData\Local\{6C07BBB7-2CAE-40E6-B3A9-CE0F7896B1BE}
2012-07-13 22:36:52 -------- d-----w- C:\Users\Peter\AppData\Local\{5182C70D-9160-47A5-A5BC-58113DA6C5F4}
2012-07-13 03:37:52 -------- d-----w- C:\Users\Peter\AppData\Local\{5E526D76-256F-4366-B67F-7B6E1434429C}
2012-07-12 15:37:31 -------- d-----w- C:\Users\Peter\AppData\Local\{2F5BED05-F013-40FF-937E-39F42F86478C}
2012-07-12 15:37:10 -------- d-----w- C:\Users\Peter\AppData\Local\{ECEB79D3-72E0-440C-A9CB-DD21B6144B99}
2012-07-12 03:36:45 -------- d-----w- C:\Users\Peter\AppData\Local\{A98CD1DA-C525-4323-9E1E-B3F61E87F069}
2012-07-12 03:36:35 -------- d-----w- C:\Users\Peter\AppData\Local\{D0D33F72-06AC-47E2-843F-2EFFB0544E8F}
2012-07-11 07:06:27 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-07-11 07:03:19 -------- d-----w- C:\Users\Peter\AppData\Local\{61F86160-63C1-4A87-A3C0-283744196D6F}
2012-07-11 07:02:56 -------- d-----w- C:\Users\Peter\AppData\Local\{AD9D592D-3FFE-4220-9843-FCB63C4345F1}
2012-07-11 02:25:24 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2012-07-10 19:02:30 -------- d-----w- C:\Users\Peter\AppData\Local\{9B8B1972-962C-46A6-81DB-114D0A33EDB1}
2012-07-10 19:02:20 -------- d-----w- C:\Users\Peter\AppData\Local\{A18FD625-F5CE-4C0F-9308-52DA157199A8}
2012-07-07 16:59:02 -------- d-----w- C:\New folder
2012-07-07 16:58:54 -------- d-----w- C:\Testing
2012-07-07 02:43:57 -------- d-----w- C:\Users\Peter\OilRush
2012-07-04 19:08:28 -------- d-----w- C:\Windows\8A809006C25A4A3A9DAB94659BCDB107.TMP
.
==================== Find3M ====================
.
2012-07-03 17:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-09 02:17:29 281288 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-06-09 02:17:29 281288 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-31 16:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-05-30 04:26:46 281288 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-05-21 00:28:21 560184 ----a-w- C:\Windows\System32\drivers\sptd.sys
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
.
============= FINISH: 2:24:03.34 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 12/6/2011 3:57:00 PM
System Uptime: 8/1/2012 7:15:10 PM (7 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | P55-UD3R
Processor: Intel® Core™ i5 CPU 750 @ 2.67GHz | Socket 1156 | 2793/133mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 596 GiB total, 125.989 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP168: 7/31/2012 3:20:15 AM - Installed DirectX
RP170: 7/31/2012 5:08:17 AM - Windows Defender Checkpoint
RP171: 7/31/2012 9:42:36 AM - Windows Update
.
==== Installed Programs ======================
.
7-Zip 9.20
Adobe Flash Player 11 ActiveX
Age of Empires III: Complete Collection
AIM 7
Alien Shooter 2 Conscription
All Zombies Must Die!
APB Reloaded
ARMA 2
ARMA 2: British Armed Forces
ARMA 2: Operation Arrowhead
Ask Toolbar
AZMD! Scorepocalypse
Battlefield 2142 Deluxe Edition
Binary Domain
Browser Configuration Utility
Bulletstorm
Burn Zombie Burn
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chantelise
City of Heroes
D3DX10
DAEMON Tools Lite
DarkStar One
DC Universe Online
Defense Grid: The Awakening
Deus Ex: Human Revolution
Deus Ex: Human Revolution - The Missing Link
DFOLauncher
DGE-530T Ethernet Controller All-In-One Windows Driver
Diagnostics
Disciples III: Renaissance
Disciples III: Resurrection
Dokan Library 0.6.0
Download Updater (AOL LLC)
Dungeon Defenders
Dungeon Siege
Evochron Mercenary
Face of Mankind
Fortune Summoners: Secret of the Elemental Stone
Fractal
Genesis Rising
Gigabyte Raid Configurer
Google Earth
Google Update Helper
Gratuitous Tank Battles
Hi-Rez Studios Authenticate and Update Service
HydraVision
Java Auto Updater
Java™ 6 Update 22
Java™ 6 Update 31
Junk Mail filter update
Killing Floor
League of Legends
Left 4 Dead
Left 4 Dead 2
Legend of Grimrock
Magicka
Malwarebytes Anti-Malware version 1.62.0.1300
Mass Effect
Mass Effect 2
Mass Effect™ 3 Demo
Max and the Magic Marker
MechWarrior Online
Memoir '44 Online
Microsoft Chart Controls for Microsoft .NET Framework 3.5
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft XNA Framework Redistributable 3.1
Microsoft XNA Framework Redistributable 4.0
Mozilla Firefox 14.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MTA:SA v1.3
Mumble 1.2.3
NCsoft Launcher
Nexon Game Manager
Nuclear Dawn
Nuclear Dawn Authoring Tools Beta
NVIDIA PhysX
Oil Rush
On the Rain-Slick Precipice of Darkness, Episode One
On the Rain-Slick Precipice of Darkness, Episode Two
OpenOffice.org 3.3
OpenVPN Client
Orcs Must Die!
Orcs Must Die! 2
Origin
Pando Media Booster
PAYDAY: The Heist
Penny Arcade's On the Rain-Slick Precipice of Darkness 3
PHANTASY STAR ONLINE 2 ??????????????
Plants vs. Zombies: Game of the Year
Portal 2
PunkBuster Services
Realtek High Definition Audio Driver
Saints Row 2
Saints Row: The Third
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Shoot Many Robots
Skype™ 5.9
SOL: Exodus
Star Trek Online
Star Wolves 3: Civil War
Steam
Stellar Impact
SumatraPDF
Syndicate™
The Ultimate DOOM
Tribes: Ascend
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
uTorrentControl2 Toolbar (huh, I thought I uninstalled Utorrent ages ago. Ooops.)
VLC media player 1.1.11
Wargame: European Escalation
Warhammer 40,000 Space Marine
Warhammer® 40,000®: Dawn of War® II – Retribution™
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinZip Courier
World in Conflict
World in Conflict: Soviet Assault
World of Tanks v.0.7.1
Wurm Online 3.1.4
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
Ys Origin
Ys: The Oath in Felghana
.
==== Event Viewer Messages From Past Week ========
.
8/1/2012 7:21:58 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
8/1/2012 7:05:23 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD cdrom DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf ws2ifsl
8/1/2012 7:05:21 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/1/2012 7:05:21 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
8/1/2012 7:05:21 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
8/1/2012 7:05:21 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
8/1/2012 7:05:21 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
8/1/2012 7:05:21 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
8/1/2012 7:05:21 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/1/2012 7:05:21 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/1/2012 7:05:21 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/1/2012 7:05:21 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/1/2012 7:05:21 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
8/1/2012 7:04:43 PM, Error: sptd [4] - Driver detected an internal error in its data structures for .
8/1/2012 6:05:06 PM, Error: Service Control Manager [7034] - The OpenVPN Access Client service terminated unexpectedly. It has done this 1 time(s).
8/1/2012 6:05:06 PM, Error: Service Control Manager [7034] - The DokanMounter service terminated unexpectedly. It has done this 1 time(s).
8/1/2012 6:04:12 PM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.
8/1/2012 6:03:03 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
8/1/2012 6:01:33 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
8/1/2012 5:42:38 PM, Error: Service Control Manager [7000] - The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: A device attached to the system is not functioning.
8/1/2012 5:40:16 PM, Error: Service Control Manager [7001] - The IKE and AuthIP IPsec Keying Modules service depends on the BFE service which failed to start because of the following error: Access is denied.
8/1/2012 5:40:14 PM, Error: Service Control Manager [7001] - The Windows Firewall service depends on the BFE service which failed to start because of the following error: Access is denied.
8/1/2012 5:40:14 PM, Error: Service Control Manager [7000] - The BFE service failed to start due to the following error: Access is denied.
8/1/2012 5:35:29 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
8/1/2012 5:35:28 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
8/1/2012 5:35:28 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
8/1/2012 5:35:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
8/1/2012 5:35:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
8/1/2012 5:35:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/1/2012 5:35:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
8/1/2012 4:56:07 PM, Error: Service Control Manager [7034] - The Browser Configuration Utility Service service terminated unexpectedly. It has done this 1 time(s).
8/1/2012 4:36:31 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD cdrom DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf
8/1/2012 4:34:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
8/1/2012 4:34:00 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
8/1/2012 4:34:00 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/1/2012 4:10:18 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
8/1/2012 4:10:18 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/31/2012 4:34:11 AM, Error: Service Control Manager [7023] - The Windows Time service terminated with the following error: A system shutdown is in progress.
.
==== End Of File ===========================

Ok and here is the Roguekiller one.
RogueKiller V7.6.4 [07/17/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Peter [Admin rights]
Mode: Scan -- Date: 08/01/2012 19:00:53

¤¤¤ Bad processes: 1 ¤¤¤
[SVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 3 ¤¤¤
[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD6401AALS-00L3B2 ATA Device +++++
--- User ---
[MBR] f20732921f567ea9cef1c60d5130ef25
[BSP] 759941890520dfa37ef32a58ee304908 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 610378 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 1cebe28478b2de6db2f2bf64c8ee0f96
[BSP] 759941890520dfa37ef32a58ee304908 : Windows 7 MBR Code
Partition table:
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 610378 Mo

+++++ PhysicalDrive1: USB Flash Memory USB Device +++++
--- User ---
[MBR] aa77f86568632ecebf56a67ad3cafe0b
[BSP] 4c9e7e8f6ad85054e2a36efc37abe227 : MBR Code unknown
Partition table:
0 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 63 | Size: 1910 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

Thank you for the assistance that you are providing to me.

#4
MrCharlie

Posted 02 August 2012 - 06:18 AM

Forum Deity

Experts
17,527 posts

Gender:Male
Location:So. Plainfield, New Jersey, USA

Please make sure system restore is running and create a new restore point before continuing.
XP <===> Vista & W7

XP users > please back up the registry using ERUNT.

-----------------------------------------

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Posted Image

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

Posted Image

------------------------

Click the Start Scan button.

Posted Image

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

Posted Image

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

Posted Image

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

Malware Removal Expert

I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Thanks MrC & crew

#5
JoeLangston

Posted 02 August 2012 - 10:40 AM

New Member

Members
5 posts

Alright, just ran TDSSKiller here.

11:32:58.0702 6920 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
11:32:58.0927 6920 ============================================================
11:32:58.0927 6920 Current date / time: 2012/08/02 11:32:58.0927
11:32:58.0927 6920 SystemInfo:
11:32:58.0927 6920
11:32:58.0927 6920 OS Version: 6.1.7601 ServicePack: 1.0
11:32:58.0927 6920 Product type: Workstation
11:32:58.0927 6920 ComputerName: PETER-PC
11:32:58.0927 6920 UserName: Peter
11:32:58.0927 6920 Windows directory: C:\Windows
11:32:58.0927 6920 System windows directory: C:\Windows
11:32:58.0927 6920 Running under WOW64
11:32:58.0927 6920 Processor architecture: Intel x64
11:32:58.0927 6920 Number of processors: 4
11:32:58.0927 6920 Page size: 0x1000
11:32:58.0927 6920 Boot type: Normal boot
11:32:58.0927 6920 ============================================================
11:32:59.0874 6920 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x14301, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
11:32:59.0877 6920 ============================================================
11:32:59.0877 6920 \Device\Harddisk0\DR0:
11:32:59.0877 6920 MBR partitions:
11:32:59.0877 6920 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x4A825000
11:32:59.0877 6920 ============================================================
11:32:59.0898 6920 C: <-> \Device\Harddisk0\DR0\Partition0
11:32:59.0898 6920 ============================================================
11:32:59.0898 6920 Initialize success
11:32:59.0898 6920 ============================================================
11:33:11.0426 4208 ============================================================
11:33:11.0426 4208 Scan started
11:33:11.0426 4208 Mode: Manual; SigCheck; TDLFS;
11:33:11.0426 4208 ============================================================
11:33:13.0725 4208 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
11:33:13.0816 4208 1394ohci - ok
11:33:13.0880 4208 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
11:33:13.0893 4208 ACPI - ok
11:33:13.0934 4208 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
11:33:13.0998 4208 AcpiPmi - ok
11:33:14.0085 4208 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
11:33:14.0143 4208 adp94xx - ok
11:33:14.0184 4208 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
11:33:14.0197 4208 adpahci - ok
11:33:14.0215 4208 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
11:33:14.0225 4208 adpu320 - ok
11:33:14.0262 4208 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
11:33:14.0405 4208 AeLookupSvc - ok
11:33:14.0485 4208 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
11:33:14.0532 4208 AFD - ok
11:33:14.0570 4208 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
11:33:14.0580 4208 agp440 - ok
11:33:14.0597 4208 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
11:33:14.0643 4208 ALG - ok
11:33:14.0683 4208 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
11:33:14.0693 4208 aliide - ok
11:33:14.0758 4208 AMD External Events Utility (20c8a3e435a47f0408a1ea674afa6194) C:\Windows\system32\atiesrxx.exe
11:33:14.0787 4208 AMD External Events Utility - ok
11:33:14.0790 4208 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
11:33:14.0798 4208 amdide - ok
11:33:14.0832 4208 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
11:33:14.0868 4208 AmdK8 - ok
11:33:15.0577 4208 amdkmdag (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys
11:33:15.0818 4208 amdkmdag - ok
11:33:16.0023 4208 amdkmdap (0e57258e5cc4cc7a9a9a877afdf0cec6) C:\Windows\system32\DRIVERS\atikmpag.sys
11:33:16.0075 4208 amdkmdap - ok
11:33:16.0113 4208 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
11:33:16.0147 4208 AmdPPM - ok
11:33:16.0210 4208 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
11:33:16.0225 4208 amdsata - ok
11:33:16.0258 4208 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
11:33:16.0274 4208 amdsbs - ok
11:33:16.0291 4208 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
11:33:16.0299 4208 amdxata - ok
11:33:16.0350 4208 AN983X64 (8b538d3e36efb49fa8a37f9f023862a4) C:\Windows\system32\DRIVERS\AN983X64.sys
11:33:16.0380 4208 AN983X64 - ok
11:33:16.0422 4208 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
11:33:16.0599 4208 AppID - ok
11:33:16.0645 4208 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
11:33:16.0701 4208 AppIDSvc - ok
11:33:16.0759 4208 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
11:33:16.0824 4208 Appinfo - ok
11:33:16.0873 4208 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
11:33:16.0886 4208 AppMgmt - ok
11:33:16.0905 4208 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
11:33:16.0914 4208 arc - ok
11:33:16.0937 4208 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
11:33:16.0947 4208 arcsas - ok
11:33:17.0107 4208 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
11:33:17.0121 4208 aspnet_state - ok
11:33:17.0146 4208 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
11:33:17.0195 4208 AsyncMac - ok
11:33:17.0228 4208 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
11:33:17.0239 4208 atapi - ok
11:33:17.0315 4208 AtiHDAudioService (24464b908e143d2561e9e452fee97309) C:\Windows\system32\drivers\AtihdW76.sys
11:33:17.0334 4208 AtiHDAudioService - ok
11:33:17.0375 4208 AtiHdmiService (9ddb366b23210f1d62b7abcf205cd6f3) C:\Windows\system32\drivers\AtiHdmi.sys
11:33:17.0385 4208 AtiHdmiService - ok
11:33:18.0115 4208 atikmdag (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys
11:33:18.0206 4208 atikmdag - ok
11:33:18.0409 4208 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
11:33:18.0479 4208 AudioEndpointBuilder - ok
11:33:18.0486 4208 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
11:33:18.0515 4208 AudioSrv - ok
11:33:18.0574 4208 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
11:33:18.0656 4208 AxInstSV - ok
11:33:18.0759 4208 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
11:33:18.0816 4208 b06bdrv - ok
11:33:18.0878 4208 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
11:33:18.0931 4208 b57nd60a - ok
11:33:19.0036 4208 BCUService (936209b6f93d0e11659cb2d229fe6583) C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
11:33:19.0053 4208 BCUService - ok
11:33:19.0096 4208 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
11:33:19.0137 4208 BDESVC - ok
11:33:19.0159 4208 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
11:33:19.0205 4208 Beep - ok
11:33:19.0303 4208 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
11:33:19.0355 4208 BFE - ok
11:33:19.0440 4208 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
11:33:19.0507 4208 BITS - ok
11:33:19.0555 4208 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
11:33:19.0581 4208 blbdrive - ok
11:33:19.0621 4208 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
11:33:19.0643 4208 bowser - ok
11:33:19.0674 4208 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:33:19.0727 4208 BrFiltLo - ok
11:33:19.0737 4208 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:33:19.0753 4208 BrFiltUp - ok
11:33:19.0788 4208 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
11:33:19.0835 4208 BridgeMP - ok
11:33:19.0907 4208 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
11:33:19.0969 4208 Browser - ok
11:33:20.0000 4208 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
11:33:20.0030 4208 Brserid - ok
11:33:20.0043 4208 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
11:33:20.0074 4208 BrSerWdm - ok
11:33:20.0089 4208 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:33:20.0113 4208 BrUsbMdm - ok
11:33:20.0131 4208 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
11:33:20.0155 4208 BrUsbSer - ok
11:33:20.0185 4208 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
11:33:20.0210 4208 BTHMODEM - ok
11:33:20.0252 4208 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
11:33:20.0294 4208 bthserv - ok
11:33:20.0311 4208 catchme - ok
11:33:20.0337 4208 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
11:33:20.0383 4208 cdfs - ok
11:33:20.0450 4208 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
11:33:20.0463 4208 cdrom - ok
11:33:20.0517 4208 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
11:33:20.0575 4208 CertPropSvc - ok
11:33:20.0593 4208 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
11:33:20.0606 4208 circlass - ok
11:33:20.0645 4208 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
11:33:20.0672 4208 CLFS - ok
11:33:20.0765 4208 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:33:20.0780 4208 clr_optimization_v2.0.50727_32 - ok
11:33:20.0860 4208 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:33:20.0874 4208 clr_optimization_v2.0.50727_64 - ok
11:33:20.0976 4208 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:33:20.0990 4208 clr_optimization_v4.0.30319_32 - ok
11:33:21.0236 4208 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:33:21.0253 4208 clr_optimization_v4.0.30319_64 - ok
11:33:21.0280 4208 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
11:33:21.0332 4208 CmBatt - ok
11:33:21.0363 4208 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
11:33:21.0372 4208 cmdide - ok
11:33:21.0432 4208 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
11:33:21.0490 4208 CNG - ok
11:33:21.0502 4208 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
11:33:21.0514 4208 Compbatt - ok
11:33:21.0572 4208 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
11:33:21.0606 4208 CompositeBus - ok
11:33:21.0624 4208 COMSysApp - ok
11:33:21.0639 4208 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
11:33:21.0655 4208 crcdisk - ok
11:33:21.0716 4208 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
11:33:21.0781 4208 CryptSvc - ok
11:33:21.0862 4208 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
11:33:21.0921 4208 CSC - ok
11:33:22.0008 4208 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
11:33:22.0049 4208 CscService - ok
11:33:22.0149 4208 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
11:33:22.0213 4208 DcomLaunch - ok
11:33:22.0259 4208 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
11:33:22.0292 4208 defragsvc - ok
11:33:22.0367 4208 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
11:33:22.0408 4208 DfsC - ok
11:33:22.0468 4208 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
11:33:22.0528 4208 Dhcp - ok
11:33:22.0572 4208 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
11:33:22.0625 4208 discache - ok
11:33:22.0662 4208 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
11:33:22.0672 4208 Disk - ok
11:33:22.0714 4208 DlinkNdPt60 (88c04fea41440605ac427d014f79cc02) C:\Windows\system32\DRIVERS\DlinkNdPt60.sys
11:33:22.0733 4208 DlinkNdPt60 - ok
11:33:22.0746 4208 DLINKVLANPT (18070add278c80fb56339794333c3cc2) C:\Windows\system32\DRIVERS\DLINKVlan60.sys
11:33:22.0764 4208 DLINKVLANPT - ok
11:33:22.0837 4208 DLKRT64 (ad4cd76e09cbb42fd3cd21d49451a5b9) C:\Windows\system32\DRIVERS\DLKRT64.sys
11:33:22.0899 4208 DLKRT64 - ok
11:33:22.0947 4208 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
11:33:22.0996 4208 Dnscache - ok
11:33:23.0041 4208 Dokan (fa122bc1451b1b35b7814fbe1acf1924) C:\Windows\system32\drivers\dokan.sys
11:33:23.0065 4208 Dokan - ok
11:33:23.0178 4208 DokanMounter (8c856e531a1170f53ac6844e89cd0b5f) C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe
11:33:23.0194 4208 DokanMounter ( UnsignedFile.Multi.Generic ) - warning
11:33:23.0194 4208 DokanMounter - detected UnsignedFile.Multi.Generic (1)
11:33:23.0245 4208 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
11:33:23.0296 4208 dot3svc - ok
11:33:23.0338 4208 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
11:33:23.0394 4208 DPS - ok
11:33:23.0439 4208 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
11:33:23.0470 4208 drmkaud - ok
11:33:23.0573 4208 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
11:33:23.0606 4208 DXGKrnl - ok
11:33:23.0618 4208 EagleX64 - ok
11:33:23.0661 4208 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
11:33:23.0731 4208 EapHost - ok
11:33:23.0996 4208 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
11:33:24.0080 4208 ebdrv - ok
11:33:24.0234 4208 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
11:33:24.0274 4208 EFS - ok
11:33:24.0363 4208 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
11:33:24.0417 4208 ehRecvr - ok
11:33:24.0456 4208 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
11:33:24.0500 4208 ehSched - ok
11:33:24.0616 4208 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
11:33:24.0644 4208 elxstor - ok
11:33:24.0684 4208 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
11:33:24.0711 4208 ErrDev - ok
11:33:24.0786 4208 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
11:33:24.0854 4208 EventSystem - ok
11:33:24.0897 4208 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
11:33:24.0938 4208 exfat - ok
11:33:24.0965 4208 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
11:33:25.0008 4208 fastfat - ok
11:33:25.0096 4208 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
11:33:25.0158 4208 Fax - ok
11:33:25.0170 4208 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
11:33:25.0197 4208 fdc - ok
11:33:25.0217 4208 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
11:33:25.0259 4208 fdPHost - ok
11:33:25.0273 4208 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
11:33:25.0323 4208 FDResPub - ok
11:33:25.0348 4208 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
11:33:25.0359 4208 FileInfo - ok
11:33:25.0374 4208 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
11:33:25.0409 4208 Filetrace - ok
11:33:25.0419 4208 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
11:33:25.0432 4208 flpydisk - ok
11:33:25.0497 4208 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
11:33:25.0513 4208 FltMgr - ok
11:33:25.0622 4208 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
11:33:25.0685 4208 FontCache - ok
11:33:25.0817 4208 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:33:25.0826 4208 FontCache3.0.0.0 - ok
11:33:25.0851 4208 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
11:33:25.0863 4208 FsDepends - ok
11:33:25.0890 4208 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
11:33:25.0901 4208 Fs_Rec - ok
11:33:25.0965 4208 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
11:33:25.0994 4208 fvevol - ok
11:33:26.0022 4208 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
11:33:26.0038 4208 gagp30kx - ok
11:33:26.0041 4208 gdrv - ok
11:33:26.0120 4208 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
11:33:26.0182 4208 gpsvc - ok
11:33:26.0353 4208 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:33:26.0363 4208 gupdate - ok
11:33:26.0366 4208 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:33:26.0375 4208 gupdatem - ok
11:33:26.0388 4208 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
11:33:26.0422 4208 hcw85cir - ok
11:33:26.0484 4208 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
11:33:26.0505 4208 HdAudAddService - ok
11:33:26.0554 4208 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
11:33:26.0584 4208 HDAudBus - ok
11:33:26.0604 4208 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
11:33:26.0617 4208 HidBatt - ok
11:33:26.0638 4208 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
11:33:26.0663 4208 HidBth - ok
11:33:26.0688 4208 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
11:33:26.0700 4208 HidIr - ok
11:33:26.0740 4208 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
11:33:26.0803 4208 hidserv - ok
11:33:26.0824 4208 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
11:33:26.0838 4208 HidUsb - ok
11:33:26.0935 4208 HiPatchService (8d1f00f4254c3ef428b715484940427c) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
11:33:26.0957 4208 HiPatchService ( UnsignedFile.Multi.Generic ) - warning
11:33:26.0957 4208 HiPatchService - detected UnsignedFile.Multi.Generic (1)
11:33:26.0992 4208 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
11:33:27.0057 4208 hkmsvc - ok
11:33:27.0101 4208 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
11:33:27.0149 4208 HomeGroupListener - ok
11:33:27.0203 4208 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
11:33:27.0236 4208 HomeGroupProvider - ok
11:33:27.0290 4208 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
11:33:27.0306 4208 HpSAMD - ok
11:33:27.0397 4208 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
11:33:27.0452 4208 HTTP - ok
11:33:27.0485 4208 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
11:33:27.0492 4208 hwpolicy - ok
11:33:27.0537 4208 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
11:33:27.0547 4208 i8042prt - ok
11:33:27.0637 4208 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
11:33:27.0654 4208 iaStorV - ok
11:33:27.0824 4208 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:33:27.0859 4208 idsvc - ok
11:33:27.0907 4208 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
11:33:27.0918 4208 iirsp - ok
11:33:27.0989 4208 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
11:33:28.0055 4208 IKEEXT - ok
11:33:28.0227 4208 IntcAzAudAddService (135856ac71116ccff05ed8481745241b) C:\Windows\system32\drivers\RTKVHD64.sys
11:33:28.0286 4208 IntcAzAudAddService - ok
11:33:28.0471 4208 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
11:33:28.0484 4208 intelide - ok
11:33:28.0532 4208 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
11:33:28.0561 4208 intelppm - ok
11:33:28.0595 4208 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
11:33:28.0646 4208 IPBusEnum - ok
11:33:28.0680 4208 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:33:28.0723 4208 IpFilterDriver - ok
11:33:28.0807 4208 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
11:33:28.0851 4208 iphlpsvc - ok
11:33:28.0883 4208 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
11:33:28.0894 4208 IPMIDRV - ok
11:33:28.0932 4208 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
11:33:28.0969 4208 IPNAT - ok
11:33:28.0996 4208 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
11:33:29.0049 4208 IRENUM - ok
11:33:29.0092 4208 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
11:33:29.0101 4208 isapnp - ok
11:33:29.0150 4208 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
11:33:29.0163 4208 iScsiPrt - ok
11:33:29.0227 4208 ivusb (bd5bf20ec242e003a2f570b8754a56d1) C:\Windows\system32\DRIVERS\ivusb.sys
11:33:29.0235 4208 ivusb - ok
11:33:29.0286 4208 JRAID (23ce9aae4e88b95484f616cc572391ac) C:\Windows\system32\DRIVERS\jraid.sys
11:33:29.0336 4208 JRAID ( UnsignedFile.Multi.Generic ) - warning
11:33:29.0336 4208 JRAID - detected UnsignedFile.Multi.Generic (1)
11:33:29.0382 4208 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
11:33:29.0392 4208 kbdclass - ok
11:33:29.0438 4208 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
11:33:29.0459 4208 kbdhid - ok
11:33:29.0493 4208 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:33:29.0502 4208 KeyIso - ok
11:33:29.0543 4208 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
11:33:29.0553 4208 KSecDD - ok
11:33:29.0573 4208 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
11:33:29.0583 4208 KSecPkg - ok
11:33:29.0596 4208 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
11:33:29.0639 4208 ksthunk - ok
11:33:29.0701 4208 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
11:33:29.0767 4208 KtmRm - ok
11:33:29.0834 4208 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
11:33:29.0902 4208 LanmanServer - ok
11:33:29.0945 4208 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
11:33:29.0990 4208 LanmanWorkstation - ok
11:33:30.0020 4208 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
11:33:30.0058 4208 lltdio - ok
11:33:30.0115 4208 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
11:33:30.0160 4208 lltdsvc - ok
11:33:30.0184 4208 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
11:33:30.0210 4208 lmhosts - ok
11:33:30.0235 4208 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
11:33:30.0244 4208 LSI_FC - ok
11:33:30.0267 4208 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
11:33:30.0276 4208 LSI_SAS - ok
11:33:30.0294 4208 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:33:30.0303 4208 LSI_SAS2 - ok
11:33:30.0324 4208 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:33:30.0333 4208 LSI_SCSI - ok
11:33:30.0356 4208 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
11:33:30.0400 4208 luafv - ok
11:33:30.0468 4208 mbamchameleon (08aa34bc5f95f4fdd58dd7528a9c63cc) C:\Windows\system32\drivers\mbamchameleon.sys
11:33:30.0484 4208 mbamchameleon - ok
11:33:30.0541 4208 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys
11:33:30.0553 4208 MBAMProtector - ok
11:33:30.0697 4208 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
11:33:30.0715 4208 MBAMService - ok
11:33:30.0755 4208 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
11:33:30.0778 4208 Mcx2Svc - ok
11:33:30.0798 4208 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
11:33:30.0807 4208 megasas - ok
11:33:30.0838 4208 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
11:33:30.0851 4208 MegaSR - ok
11:33:30.0992 4208 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
11:33:31.0028 4208 MMCSS - ok
11:33:31.0043 4208 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
11:33:31.0069 4208 Modem - ok
11:33:31.0088 4208 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
11:33:31.0118 4208 monitor - ok
11:33:31.0167 4208 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
11:33:31.0176 4208 mouclass - ok
11:33:31.0192 4208 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
11:33:31.0217 4208 mouhid - ok
11:33:31.0250 4208 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
11:33:31.0259 4208 mountmgr - ok
11:33:31.0333 4208 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
11:33:31.0342 4208 MozillaMaintenance - ok
11:33:31.0385 4208 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
11:33:31.0396 4208 mpio - ok
11:33:31.0415 4208 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
11:33:31.0441 4208 mpsdrv - ok
11:33:31.0526 4208 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
11:33:31.0568 4208 MpsSvc - ok
11:33:31.0618 4208 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
11:33:31.0662 4208 MRxDAV - ok
11:33:31.0720 4208 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:33:31.0760 4208 mrxsmb - ok
11:33:31.0787 4208 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:33:31.0816 4208 mrxsmb10 - ok
11:33:31.0852 4208 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:33:31.0873 4208 mrxsmb20 - ok
11:33:31.0906 4208 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
11:33:31.0915 4208 msahci - ok
11:33:31.0956 4208 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
11:33:31.0984 4208 msdsm - ok
11:33:32.0020 4208 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
11:33:32.0050 4208 MSDTC - ok
11:33:32.0078 4208 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
11:33:32.0106 4208 Msfs - ok
11:33:32.0116 4208 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
11:33:32.0142 4208 mshidkmdf - ok
11:33:32.0183 4208 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
11:33:32.0203 4208 msisadrv - ok
11:33:32.0252 4208 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
11:33:32.0304 4208 MSiSCSI - ok
11:33:32.0306 4208 msiserver - ok
11:33:32.0334 4208 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
11:33:32.0360 4208 MSKSSRV - ok
11:33:32.0381 4208 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
11:33:32.0423 4208 MSPCLOCK - ok
11:33:32.0437 4208 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
11:33:32.0476 4208 MSPQM - ok
11:33:32.0518 4208 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
11:33:32.0531 4208 MsRPC - ok
11:33:32.0547 4208 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
11:33:32.0556 4208 mssmbios - ok
11:33:32.0559 4208 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
11:33:32.0599 4208 MSTEE - ok
11:33:32.0616 4208 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
11:33:32.0624 4208 MTConfig - ok
11:33:32.0639 4208 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
11:33:32.0647 4208 Mup - ok
11:33:32.0732 4208 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
11:33:32.0784 4208 napagent - ok
11:33:32.0825 4208 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
11:33:32.0864 4208 NativeWifiP - ok
11:33:32.0955 4208 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
11:33:32.0982 4208 NDIS - ok
11:33:33.0005 4208 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
11:33:33.0030 4208 NdisCap - ok
11:33:33.0060 4208 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
11:33:33.0099 4208 NdisTapi - ok
11:33:33.0132 4208 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
11:33:33.0175 4208 Ndisuio - ok
11:33:33.0218 4208 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
11:33:33.0265 4208 NdisWan - ok
11:33:33.0296 4208 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
11:33:33.0325 4208 NDProxy - ok
11:33:33.0336 4208 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
11:33:33.0371 4208 NetBIOS - ok
11:33:33.0420 4208 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
11:33:33.0465 4208 NetBT - ok
11:33:33.0502 4208 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:33:33.0510 4208 Netlogon - ok
11:33:33.0582 4208 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
11:33:33.0640 4208 Netman - ok
11:33:33.0809 4208 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:33:33.0824 4208 NetMsmqActivator - ok
11:33:33.0846 4208 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:33:33.0860 4208 NetPipeActivator - ok
11:33:33.0900 4208 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
11:33:33.0977 4208 netprofm - ok
11:33:33.0980 4208 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:33:33.0987 4208 NetTcpActivator - ok
11:33:33.0990 4208 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
11:33:33.0997 4208 NetTcpPortSharing - ok
11:33:34.0066 4208 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
11:33:34.0084 4208 nfrd960 - ok
11:33:34.0140 4208 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
11:33:34.0187 4208 NlaSvc - ok
11:33:34.0227 4208 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
11:33:34.0252 4208 Npfs - ok
11:33:34.0293 4208 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
11:33:34.0334 4208 nsi - ok
11:33:34.0348 4208 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
11:33:34.0385 4208 nsiproxy - ok
11:33:34.0519 4208 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
11:33:34.0561 4208 Ntfs - ok
11:33:34.0691 4208 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
11:33:34.0733 4208 Null - ok
11:33:34.0785 4208 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
11:33:34.0795 4208 nvraid - ok
11:33:34.0834 4208 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
11:33:34.0844 4208 nvstor - ok
11:33:34.0887 4208 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
11:33:34.0896 4208 nv_agp - ok
11:33:34.0935 4208 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
11:33:34.0963 4208 ohci1394 - ok
11:33:35.0069 4208 OpenVPNAccessClient (8c02b0cc65bee71124a565062ba77b39) C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe
11:33:35.0090 4208 OpenVPNAccessClient ( UnsignedFile.Multi.Generic ) - warning
11:33:35.0090 4208 OpenVPNAccessClient - detected UnsignedFile.Multi.Generic (1)
11:33:35.0149 4208 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
11:33:35.0168 4208 p2pimsvc - ok
11:33:35.0240 4208 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
11:33:35.0266 4208 p2psvc - ok
11:33:35.0286 4208 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
11:33:35.0303 4208 Parport - ok
11:33:35.0342 4208 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
11:33:35.0355 4208 partmgr - ok
11:33:35.0374 4208 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
11:33:35.0411 4208 PcaSvc - ok
11:33:35.0462 4208 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
11:33:35.0477 4208 pci - ok
11:33:35.0519 4208 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
11:33:35.0531 4208 pciide - ok
11:33:35.0559 4208 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
11:33:35.0574 4208 pcmcia - ok
11:33:35.0588 4208 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
11:33:35.0599 4208 pcw - ok
11:33:35.0644 4208 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
11:33:35.0702 4208 PEAUTH - ok
11:33:35.0846 4208 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
11:33:35.0912 4208 PeerDistSvc - ok
11:33:36.0004 4208 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
11:33:36.0039 4208 PerfHost - ok
11:33:36.0261 4208 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
11:33:36.0367 4208 pla - ok
11:33:36.0424 4208 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
11:33:36.0472 4208 PlugPlay - ok
11:33:36.0489 4208 PnkBstrA - ok
11:33:36.0530 4208 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
11:33:36.0561 4208 PNRPAutoReg - ok
11:33:36.0602 4208 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
11:33:36.0621 4208 PNRPsvc - ok
11:33:36.0688 4208 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
11:33:36.0725 4208 PolicyAgent - ok
11:33:36.0773 4208 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
11:33:36.0834 4208 Power - ok
11:33:36.0919 4208 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
11:33:36.0954 4208 PptpMiniport - ok
11:33:36.0990 4208 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
11:33:37.0009 4208 Processor - ok
11:33:37.0078 4208 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
11:33:37.0127 4208 ProfSvc - ok
11:33:37.0159 4208 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:33:37.0173 4208 ProtectedStorage - ok
11:33:37.0223 4208 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
11:33:37.0271 4208 Psched - ok
11:33:37.0391 4208 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
11:33:37.0445 4208 ql2300 - ok
11:33:37.0560 4208 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
11:33:37.0570 4208 ql40xx - ok
11:33:37.0616 4208 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
11:33:37.0653 4208 QWAVE - ok
11:33:37.0670 4208 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
11:33:37.0707 4208 QWAVEdrv - ok
11:33:37.0723 4208 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
11:33:37.0780 4208 RasAcd - ok
11:33:37.0813 4208 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:33:37.0843 4208 RasAgileVpn - ok
11:33:37.0864 4208 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
11:33:37.0914 4208 RasAuto - ok
11:33:37.0955 4208 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:33:37.0985 4208 Rasl2tp - ok
11:33:38.0043 4208 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
11:33:38.0101 4208 RasMan - ok
11:33:38.0121 4208 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
11:33:38.0166 4208 RasPppoe - ok
11:33:38.0186 4208 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
11:33:38.0235 4208 RasSstp - ok
11:33:38.0287 4208 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
11:33:38.0331 4208 rdbss - ok
11:33:38.0345 4208 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
11:33:38.0372 4208 rdpbus - ok
11:33:38.0386 4208 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:33:38.0422 4208 RDPCDD - ok
11:33:38.0492 4208 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
11:33:38.0512 4208 RDPDR - ok
11:33:38.0527 4208 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
11:33:38.0578 4208 RDPENCDD - ok
11:33:38.0638 4208 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
11:33:38.0676 4208 RDPREFMP - ok
11:33:38.0720 4208 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
11:33:38.0761 4208 RDPWD - ok
11:33:38.0818 4208 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
11:33:38.0832 4208 rdyboost - ok
11:33:38.0882 4208 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
11:33:38.0946 4208 RemoteAccess - ok
11:33:39.0186 4208 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
11:33:39.0214 4208 RemoteRegistry - ok
11:33:39.0240 4208 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
11:33:39.0267 4208 RpcEptMapper - ok
11:33:39.0284 4208 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
11:33:39.0310 4208 RpcLocator - ok
11:33:39.0377 4208 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
11:33:39.0405 4208 RpcSs - ok
11:33:39.0441 4208 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
11:33:39.0471 4208 rspndr - ok
11:33:39.0527 4208 RTL8167 (e843fdfa8bdd37d271fcdb764c72d054) C:\Windows\system32\DRIVERS\Rt64win7.sys
11:33:39.0564 4208 RTL8167 - ok
11:33:39.0601 4208 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:33:39.0612 4208 SamSs - ok
11:33:39.0651 4208 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
11:33:39.0662 4208 sbp2port - ok
11:33:39.0689 4208 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
11:33:39.0740 4208 SCardSvr - ok
11:33:39.0772 4208 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
11:33:39.0814 4208 scfilter - ok
11:33:39.0908 4208 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
11:33:39.0972 4208 Schedule - ok
11:33:40.0011 4208 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
11:33:40.0036 4208 SCPolicySvc - ok
11:33:40.0116 4208 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
11:33:40.0179 4208 SDRSVC - ok
11:33:40.0253 4208 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
11:33:40.0279 4208 secdrv - ok
11:33:40.0326 4208 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
11:33:40.0352 4208 seclogon - ok
11:33:40.0381 4208 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
11:33:40.0408 4208 SENS - ok
11:33:40.0451 4208 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
11:33:40.0465 4208 SensrSvc - ok
11:33:40.0480 4208 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
11:33:40.0507 4208 Serenum - ok
11:33:40.0537 4208 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
11:33:40.0550 4208 Serial - ok
11:33:40.0601 4208 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
11:33:40.0629 4208 sermouse - ok
11:33:40.0675 4208 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
11:33:40.0738 4208 SessionEnv - ok
11:33:40.0773 4208 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
11:33:40.0799 4208 sffdisk - ok
11:33:40.0811 4208 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
11:33:40.0846 4208 sffp_mmc - ok
11:33:40.0864 4208 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
11:33:40.0890 4208 sffp_sd - ok
11:33:40.0905 4208 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
11:33:40.0930 4208 sfloppy - ok
11:33:41.0002 4208 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
11:33:41.0080 4208 SharedAccess - ok
11:33:41.0138 4208 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
11:33:41.0238 4208 ShellHWDetection - ok
11:33:41.0282 4208 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:33:41.0291 4208 SiSRaid2 - ok
11:33:41.0305 4208 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
11:33:41.0314 4208 SiSRaid4 - ok
11:33:41.0421 4208 SkypeUpdate (579ba0a911ff5ea70cb604cd3b744b0a) C:\Program Files (x86)\Skype\Updater\Updater.exe
11:33:41.0436 4208 SkypeUpdate - ok
11:33:41.0483 4208 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
11:33:41.0545 4208 Smb - ok
11:33:41.0612 4208 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
11:33:41.0635 4208 SNMPTRAP - ok
11:33:41.0652 4208 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
11:33:41.0662 4208 spldr - ok
11:33:41.0737 4208 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
11:33:41.0783 4208 Spooler - ok
11:33:42.0057 4208 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
11:33:42.0140 4208 sppsvc - ok
11:33:42.0258 4208 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
11:33:42.0319 4208 sppuinotify - ok
11:33:42.0443 4208 sptd (a15860e920b02c9a7ce8f3a6c2ff1e3a) C:\Windows\System32\Drivers\sptd.sys
11:33:42.0470 4208 sptd - ok
11:33:42.0524 4208 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
11:33:42.0567 4208 srv - ok
11:33:42.0657 4208 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
11:33:42.0681 4208 srv2 - ok
11:33:42.0731 4208 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
11:33:42.0760 4208 srvnet - ok
11:33:42.0803 4208 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
11:33:42.0860 4208 SSDPSRV - ok
11:33:42.0878 4208 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
11:33:42.0904 4208 SstpSvc - ok
11:33:42.0963 4208 Steam Client Service - ok
11:33:42.0991 4208 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
11:33:42.0999 4208 stexstor - ok
11:33:43.0078 4208 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
11:33:43.0119 4208 stisvc - ok
11:33:43.0177 4208 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
11:33:43.0220 4208 StorSvc - ok
11:33:43.0259 4208 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
11:33:43.0273 4208 swenum - ok
11:33:43.0319 4208 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
11:33:43.0388 4208 swprv - ok
11:33:43.0531 4208 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
11:33:43.0606 4208 SysMain - ok
11:33:43.0745 4208 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
11:33:43.0771 4208 TabletInputService - ok
11:33:43.0823 4208 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
11:33:43.0886 4208 TapiSrv - ok
11:33:43.0973 4208 tapoas (927d0cdb3f96efc1e98fb1a2c9fb67ad) C:\Windows\system32\DRIVERS\tapoas.sys
11:33:44.0016 4208 tapoas - ok
11:33:44.0066 4208 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
11:33:44.0113 4208 TBS - ok
11:33:44.0337 4208 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
11:33:44.0395 4208 Tcpip - ok
11:33:44.0537 4208 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
11:33:44.0563 4208 TCPIP6 - ok
11:33:44.0639 4208 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
11:33:44.0665 4208 tcpipreg - ok
11:33:44.0703 4208 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
11:33:44.0740 4208 TDPIPE - ok
11:33:44.0774 4208 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
11:33:44.0798 4208 TDTCP - ok
11:33:44.0861 4208 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
11:33:44.0894 4208 tdx - ok
11:33:44.0936 4208 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
11:33:44.0946 4208 TermDD - ok
11:33:45.0024 4208 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
11:33:45.0082 4208 TermService - ok
11:33:45.0098 4208 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
11:33:45.0122 4208 Themes - ok
11:33:45.0155 4208 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
11:33:45.0183 4208 THREADORDER - ok
11:33:45.0194 4208 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
11:33:45.0230 4208 TrkWks - ok
11:33:45.0279 4208 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
11:33:45.0316 4208 TrustedInstaller - ok
11:33:45.0345 4208 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:33:45.0384 4208 tssecsrv - ok
11:33:45.0448 4208 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
11:33:45.0493 4208 TsUsbFlt - ok
11:33:45.0544 4208 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
11:33:45.0595 4208 tunnel - ok
11:33:45.0626 4208 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
11:33:45.0635 4208 uagp35 - ok
11:33:45.0687 4208 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
11:33:45.0716 4208 udfs - ok
11:33:45.0758 4208 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
11:33:45.0770 4208 UI0Detect - ok
11:33:45.0813 4208 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
11:33:45.0822 4208 uliagpkx - ok
11:33:45.0865 4208 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
11:33:45.0902 4208 umbus - ok
11:33:45.0949 4208 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
11:33:46.0074 4208 UmPass - ok
11:33:46.0156 4208 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
11:33:46.0182 4208 UmRdpService - ok
11:33:46.0243 4208 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
11:33:46.0345 4208 upnphost - ok
11:33:46.0405 4208 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
11:33:46.0431 4208 usbaudio - ok
11:33:46.0455 4208 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
11:33:46.0475 4208 usbccgp - ok
11:33:46.0508 4208 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
11:33:46.0523 4208 usbcir - ok
11:33:46.0569 4208 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
11:33:46.0595 4208 usbehci - ok
11:33:46.0639 4208 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
11:33:46.0668 4208 usbhub - ok
11:33:46.0685 4208 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
11:33:46.0698 4208 usbohci - ok
11:33:46.0711 4208 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
11:33:46.0741 4208 usbprint - ok
11:33:46.0762 4208 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:33:46.0783 4208 USBSTOR - ok
11:33:46.0791 4208 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
11:33:46.0822 4208 usbuhci - ok
11:33:46.0855 4208 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
11:33:46.0906 4208 UxSms - ok
11:33:46.0951 4208 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:33:46.0969 4208 VaultSvc - ok
11:33:46.0992 4208 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
11:33:47.0007 4208 vdrvroot - ok
11:33:47.0077 4208 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
11:33:47.0128 4208 vds - ok
11:33:47.0140 4208 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
11:33:47.0151 4208 vga - ok
11:33:47.0168 4208 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
11:33:47.0207 4208 VgaSave - ok
11:33:47.0255 4208 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
11:33:47.0278 4208 vhdmp - ok
11:33:47.0312 4208 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
11:33:47.0327 4208 viaide - ok
11:33:47.0358 4208 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
11:33:47.0374 4208 volmgr - ok
11:33:47.0437 4208 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
11:33:47.0458 4208 volmgrx - ok
11:33:47.0516 4208 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
11:33:47.0535 4208 volsnap - ok
11:33:47.0570 4208 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
11:33:47.0580 4208 vsmraid - ok
11:33:47.0713 4208 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
11:33:47.0809 4208 VSS - ok
11:33:47.0961 4208 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
11:33:47.0996 4208 vwifibus - ok
11:33:48.0054 4208 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
11:33:48.0108 4208 W32Time - ok
11:33:48.0125 4208 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
11:33:48.0136 4208 WacomPen - ok
11:33:48.0162 4208 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:33:48.0202 4208 WANARP - ok
11:33:48.0216 4208 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:33:48.0239 4208 Wanarpv6 - ok
11:33:48.0360 4208 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
11:33:48.0403 4208 WatAdminSvc - ok
11:33:48.0532 4208 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
11:33:48.0610 4208 wbengine - ok
11:33:48.0730 4208 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
11:33:48.0760 4208 WbioSrvc - ok
11:33:48.0827 4208 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
11:33:48.0862 4208 wcncsvc - ok
11:33:48.0876 4208 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
11:33:48.0895 4208 WcsPlugInService - ok
11:33:48.0978 4208 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
11:33:48.0995 4208 Wd - ok
11:33:49.0054 4208 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
11:33:49.0083 4208 Wdf01000 - ok
11:33:49.0099 4208 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
11:33:49.0161 4208 WdiServiceHost - ok
11:33:49.0164 4208 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
11:33:49.0181 4208 WdiSystemHost - ok
11:33:49.0419 4208 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
11:33:49.0461 4208 WebClient - ok
11:33:49.0493 4208 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
11:33:49.0531 4208 Wecsvc - ok
11:33:49.0549 4208 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
11:33:49.0594 4208 wercplsupport - ok
11:33:49.0622 4208 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
11:33:49.0649 4208 WerSvc - ok
11:33:49.0678 4208 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
11:33:49.0703 4208 WfpLwf - ok
11:33:49.0716 4208 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
11:33:49.0725 4208 WIMMount - ok
11:33:49.0780 4208 WinDefend - ok
11:33:49.0804 4208 WinHttpAutoProxySvc - ok
11:33:49.0902 4208 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
11:33:49.0939 4208 Winmgmt - ok
11:33:50.0108 4208 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
11:33:50.0187 4208 WinRM - ok
11:33:50.0442 4208 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
11:33:50.0497 4208 Wlansvc - ok
11:33:50.0786 4208 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:33:50.0847 4208 wlidsvc - ok
11:33:50.0956 4208 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
11:33:50.0989 4208 WmiAcpi - ok
11:33:51.0082 4208 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
11:33:51.0120 4208 wmiApSrv - ok
11:33:51.0186 4208 WMPNetworkSvc - ok
11:33:51.0230 4208 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
11:33:51.0257 4208 WPCSvc - ok
11:33:51.0298 4208 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
11:33:51.0332 4208 WPDBusEnum - ok
11:33:51.0364 4208 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
11:33:51.0416 4208 ws2ifsl - ok
11:33:51.0437 4208 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
11:33:51.0468 4208 wscsvc - ok
11:33:51.0470 4208 WSearch - ok
11:33:51.0667 4208 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
11:33:51.0727 4208 wuauserv - ok
11:33:51.0910 4208 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
11:33:51.0972 4208 WudfPf - ok
11:33:52.0014 4208 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:33:52.0049 4208 WUDFRd - ok
11:33:52.0081 4208 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
11:33:52.0107 4208 wudfsvc - ok
11:33:52.0128 4208 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
11:33:52.0159 4208 WwanSvc - ok
11:33:52.0318 4208 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
11:33:52.0345 4208 YahooAUService - ok
11:33:52.0364 4208 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
11:33:52.0413 4208 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
11:33:52.0413 4208 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
11:33:52.0469 4208 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
11:33:52.0469 4208 \Device\Harddisk0\DR0 - detected TDSS File System (1)
11:33:52.0473 4208 Boot (0x1200) (6198039ee81b761d1bac1fb5ba278087) \Device\Harddisk0\DR0\Partition0
11:33:52.0475 4208 \Device\Harddisk0\DR0\Partition0 - ok
11:33:52.0476 4208 ============================================================
11:33:52.0476 4208 Scan finished
11:33:52.0476 4208 ============================================================
11:33:52.0488 0648 Detected object count: 6
11:33:52.0488 0648 Actual detected object count: 6
11:34:26.0779 0648 DokanMounter ( UnsignedFile.Multi.Generic ) - skipped by user
11:34:26.0779 0648 DokanMounter ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:34:26.0779 0648 HiPatchService ( UnsignedFile.Multi.Generic ) - skipped by user
11:34:26.0779 0648 HiPatchService ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:34:26.0781 0648 JRAID ( UnsignedFile.Multi.Generic ) - skipped by user
11:34:26.0781 0648 JRAID ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:34:26.0782 0648 OpenVPNAccessClient ( UnsignedFile.Multi.Generic ) - skipped by user
11:34:26.0782 0648 OpenVPNAccessClient ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:34:27.0440 0648 \Device\Harddisk0\DR0\# - copied to quarantine
11:34:27.0440 0648 \Device\Harddisk0\DR0 - copied to quarantine
11:34:27.0474 0648 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
11:34:27.0476 0648 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
11:34:27.0501 0648 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
11:34:27.0507 0648 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
11:34:27.0519 0648 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
11:34:27.0526 0648 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
11:34:27.0527 0648 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
11:34:27.0528 0648 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
11:34:27.0530 0648 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
11:34:27.0531 0648 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
11:34:27.0533 0648 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
11:34:27.0536 0648 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
11:34:27.0537 0648 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
11:34:27.0538 0648 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
11:34:27.0541 0648 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
11:34:27.0542 0648 \Device\Harddisk0\DR0 - ok
11:34:33.0126 0648 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
11:34:33.0128 0648 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
11:34:33.0128 0648 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
11:35:25.0075 5456 Deinitialize success

#6
MrCharlie

Posted 02 August 2012 - 10:44 AM

Forum Deity

Experts
17,527 posts

Gender:Male
Location:So. Plainfield, New Jersey, USA

Run TDSSKiller again and just Delete this one Only!

Quote

11:34:33.0128 0648 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
11:34:33.0128 0648 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

---------------------------------------

Then.........

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Malware Removal Expert

I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Thanks MrC & crew

#7
JoeLangston

Posted 02 August 2012 - 11:54 AM

New Member

Members
5 posts

Here we go.

ComboFix 12-07-31.03 - Peter 08/02/2012 12:29:17.3.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8187.5983 [GMT -4:00]
Running from: c:\users\Peter\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-07-02 to 2012-08-02 )))))))))))))))))))))))))))))))
.
.
2012-08-02 16:40 . 2012-08-02 16:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-02 03:07 . 2012-08-02 03:08 -------- d-----w- C:\FRST
2012-08-01 21:02 . 2012-08-02 16:26 -------- d-----w- C:\TDSSKiller_Quarantine
2012-07-31 20:06 . 2012-07-31 20:06 -------- d-----w- c:\users\Peter\AppData\Local\Package Cache
2012-07-31 13:43 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AA33ED8E-0AB1-4307-A49B-4CF7BB523678}\mpengine.dll
2012-07-31 08:33 . 2012-07-31 08:33 5120 ----a-w- c:\programdata\Microsoft\Windows\DRM\B9D7.tmp
2012-07-27 04:05 . 2012-07-27 04:16 -------- d-----w- c:\program files (x86)\Stellar Impact
2012-07-26 15:48 . 2012-07-26 15:48 -------- d-----w- c:\programdata\Steam
2012-07-26 15:48 . 2012-07-26 16:53 -------- d-----w- c:\programdata\PopCap Games
2012-07-22 06:20 . 2012-07-22 06:20 -------- d-----w- c:\users\Peter\AppData\Local\Demiurge Studios
2012-07-21 04:20 . 2012-07-21 04:20 -------- d-----w- c:\programdata\Nexon
2012-07-11 07:06 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 02:25 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-07 16:59 . 2012-07-07 17:01 -------- d-----w- C:\New folder
2012-07-07 16:58 . 2012-07-07 16:58 -------- d-----w- C:\Testing
2012-07-07 02:43 . 2012-07-07 09:02 -------- d-----w- c:\users\Peter\OilRush
2012-07-04 19:08 . 2012-07-04 19:08 -------- d-----w- c:\windows\8A809006C25A4A3A9DAB94659BCDB107.TMP
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-11 07:02 . 2011-12-15 18:55 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-03 17:46 . 2011-12-07 02:59 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-09 02:17 . 2011-12-18 20:14 281288 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-06-09 02:17 . 2011-12-18 20:02 281288 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-06-02 22:19 . 2012-06-21 22:26 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 22:26 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 22:26 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 22:26 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 22:26 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 22:26 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 22:26 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-21 22:25 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-21 22:25 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-31 16:25 . 2011-12-07 02:42 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-31 16:08 . 2012-05-31 16:08 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
2012-05-30 04:26 . 2011-12-18 20:02 281288 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-05-21 00:28 . 2011-12-23 05:34 560184 ----a-w- c:\windows\system32\drivers\sptd.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-01_22.05.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-07-31 09:02 . 2012-08-01 23:17 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
- 2012-07-31 09:02 . 2012-08-01 18:08 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat
+ 2012-07-31 08:43 . 2012-08-01 23:17 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
- 2012-07-31 08:43 . 2012-08-01 18:08 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat
+ 2011-12-06 21:09 . 2012-08-02 16:43 26024 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-08-02 16:43 25522 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2011-12-06 20:54 . 2012-07-31 06:14 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-12-06 20:54 . 2012-08-01 23:40 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-12-06 20:54 . 2012-08-01 23:40 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-12-06 20:54 . 2012-07-31 06:14 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-31 06:14 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-01 23:40 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-12-09 08:20 . 2012-08-01 22:35 3032 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2011-12-06 21:09 . 2012-08-02 16:43 9990 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1726822986-547998923-3148758179-1000_UserData.bin
- 2012-08-01 22:04 . 2012-08-01 22:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-02 16:41 . 2012-08-02 16:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-02 16:41 . 2012-08-02 16:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-08-01 22:04 . 2012-08-01 22:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-31 08:42 . 2012-08-01 23:17 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2012-07-31 08:42 . 2012-08-01 18:08 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 04:54 . 2012-08-02 15:35 114688 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-12-09 08:20 . 2012-08-02 16:41 907784 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-12-09 08:20 . 2012-08-01 20:28 907784 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-07-14 05:01 . 2012-08-02 16:41 276452 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-08-01 22:03 276452 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2012-08-01 20:28 . 2012-08-01 22:03 398724 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
+ 2012-08-01 20:28 . 2012-08-02 15:35 398724 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat
+ 2009-07-14 04:54 . 2012-08-02 15:35 3063808 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-01 22:05 3063808 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-02 15:35 6193152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-12-07 17:06 . 2012-08-02 16:41 18989772 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1726822986-547998923-3148758179-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}]
2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\uTorrentControl2\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-07-27 02:23 1493160 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-07-27 1493160]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-12-07 1242448]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
"Sidebar"="c:\program files (x86)\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2011-07-27 397992]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 641664]
.
c:\users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
OpenVPN Client.lnk - c:\program files (x86)\OpenVPN Technologies\OpenVPN Client\core\uiboot.exe [2010-8-12 19968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-17 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856]
R3 DLINKVLANPT;D-Link Vlan Protocol Driver (NDIS 6.0);c:\windows\system32\DRIVERS\DLINKVlan60.sys [2010-11-24 24064]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-17 136176]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-29 29720]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2012-04-13 33096]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-31 113120]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-07 1255736]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544]
S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-06-23 212232]
S2 DlinkNdPt60;D-Link NDIS Protocol Driver;c:\windows\system32\DRIVERS\DlinkNdPt60.sys [2010-11-24 27648]
S2 Dokan;Dokan;c:\windows\system32\drivers\dokan.sys [2011-01-10 120408]
S2 DokanMounter;DokanMounter;c:\program files (x86)\Dokan\DokanLibrary\mounter.exe [2011-01-10 14848]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-07-12 8704]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 OpenVPNAccessClient;OpenVPN Access Client;c:\program files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe [2010-08-12 24064]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-04-06 343040]
S3 AN983X64;Infineon AN983B PCI Fast Ethernet Adapter for Windows X64;c:\windows\system32\DRIVERS\AN983X64.sys [2005-05-19 48128]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
S3 DLKRT64;D-Link DGE-530T Gigabit Ethernet Adapter Driver;c:\windows\system32\DRIVERS\DLKRT64.sys [2010-11-24 346144]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-07-10 233472]
S3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys [2010-08-03 30720]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-17 21:09]
.
2012-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-17 21:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-06-25 7883296]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-06-25 1833504]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\tzsdh8o0.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - uTorrentControl2 Customized Web Search
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
FF - prefs.js: network.proxy.ftp - falkenstein.tunnelr.com
FF - prefs.js: network.proxy.ftp_port - 53
FF - prefs.js: network.proxy.http - falkenstein.tunnelr.com
FF - prefs.js: network.proxy.http_port - 53
FF - prefs.js: network.proxy.socks - falkenstein.tunnelr.com
FF - prefs.js: network.proxy.socks_port - 53
FF - prefs.js: network.proxy.ssl - falkenstein.tunnelr.com
FF - prefs.js: network.proxy.ssl_port - 53
FF - prefs.js: network.proxy.type - 4
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1726822986-547998923-3148758179-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1726822986-547998923-3148758179-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
.
**************************************************************************
.
Completion time: 2012-08-02 12:48:00 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-02 16:48
ComboFix2.txt 2012-08-01 22:15
.
Pre-Run: 135,521,001,472 bytes free
Post-Run: 136,572,518,400 bytes free
.
- - End Of File - - 5F1622C19296EF10D97D96E39B897547

#8
MrCharlie

Posted 02 August 2012 - 12:03 PM

Forum Deity

Experts
17,527 posts

Gender:Male
Location:So. Plainfield, New Jersey, USA

Looks Good.....

Please Update and run a Quick Scan with MBAM, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

Malware Removal Expert

I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Thanks MrC & crew

#9
JoeLangston

Posted 02 August 2012 - 04:10 PM

New Member

Members
5 posts

I am not getting that message that my computer is being infected by that Trojan Horse now. Thank you for the assistance you have provided.

Malwarebytes Anti-Malware (PRO) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.02.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Peter :: PETER-PC [administrator]

Protection: Enabled

8/2/2012 5:08:06 PM
mbam-log-2012-08-02 (17-08-06).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 195217
Time elapsed: 28 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#10
MrCharlie

Posted 02 August 2012 - 04:20 PM

Forum Deity

Experts
17,527 posts

Gender:Male
Location:So. Plainfield, New Jersey, USA

Great

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

Posted Image

Then hit enter.
This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall)

---------------------------------

Please download OTL from one of the links below: (you may already have OTL on the system)
http://oldtimer.geekstogo.com/OTL.exe
http://oldtimer.geekstogo.com/OTL.com

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, etc....

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Malware Removal Expert

I volunteer my free time to help you, if you would like to donate to show your appreciation, it will be much appreciated.

Thanks MrC & crew

#11
Maurice Naggar

Posted 03 August 2012 - 07:11 AM

Eradicator de logiciels malveillants

Moderators
13,229 posts

Gender:Male
Location:USA
Interests:Security, Windows, Windows Update, malware prevention

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.

~Maurice Naggar

I close my threads if there is 5 days without a response.