20 replies to this topic

[kpz]

Like many other people here, my computer's been infected with the aforementioned viruses, which can be seen in the topic title. I've run the Malwarebytes Anti-Malware program, had it remove the viruses, but they still remain.

Below are the logs needed (1: MbAM, 2: DDS, 3: Attach).

-----------------------------------------------------------------------

8/10/2012 8:46:20 PM
mbam-log-2012-08-10 (20-48-33).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 222671
Time elapsed: 58 second(s)

Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 3236 -> No action taken.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\Windows\Installer\{2137bfcd-29e9-534b-910a-f787603f1930}\U\00000008.@ (Trojan.Dropper.BCMiner) -> No action taken.
C:\Windows\Installer\{2137bfcd-29e9-534b-910a-f787603f1930}\U\000000cb.@ (Rootkit.0Access) -> No action taken.
C:\Windows\Installer\{2137bfcd-29e9-534b-910a-f787603f1930}\U\80000032.@ (Rootkit.0Access) -> No action taken.
C:\Windows\svchost.exe (Trojan.Agent) -> No action taken.

(end)

-----------------------------------------------------------------------

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
Run by Kevin at 20:45:06 on 2012-08-10
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8191.6053 [GMT -5:00]
.
AV: Norton Internet Security *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
C:\Program Files\Common Files\Motive\pcCMService.exe
C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\ATT-SST\pcTrayApp.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Common Files\Motive\pcContextHookShim.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Razer\DeathAdder\razertra.exe
C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe
C:\Program Files (x86)\Razer\DeathAdder\vdDaemon.exe
C:\Program Files (x86)\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
-netsvcs
c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cndt
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cndt
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cndt
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.0.30\coIEPlg.dll
BHO: SteadyVideoBHO Class: {6c680bae-655c-4e3d-8fc4-e6a520c3d928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.0.30\IPSBHO.DLL
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: hpBHO Class: {abd3b5e1-b268-407b-a150-2641dab8d898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.0.30\coIEPlg.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Google Update] "C:\Users\Kevin\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Sony Creative Software] RUNDLL32.EXE "C:\Users\Kevin\AppData\Local\Sony Creative Software\wytvfypj.dll",InjectDll
mRun: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
LSP: mswsock.dll
Trusted Zone: $talisma_url$
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{3F15B4B8-496F-4121-AD1B-5162465E2AEF} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{6DE8DF63-D704-47BD-A36D-F889CAC8DBBE} : DhcpNameServer = 192.168.1.1
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.0.30\CoIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.0.30\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll
BHO-X64: AMD SteadyVideo BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.0.30\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: hpBHO Class: {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
BHO-X64: HelloWorldBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.0.30\coIEPlg.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\2vir7fcg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://swagbucks.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&q=
FF - component: C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\2vir7fcg.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\RadioWMPCoreGecko19.dll
FF - component: C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\2vir7fcg.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\RadioWMPCoreGecko5.dll
FF - component: C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\2vir7fcg.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\RadioWMPCoreGecko6.dll
FF - component: C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\2vir7fcg.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\RadioWMPCoreGecko7.dll
FF - component: C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\2vir7fcg.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - component: C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\2vir7fcg.default\extensions\toolbar@ask.com\chrome\content\AudioService.dll
FF - plugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll
FF - plugin: C:\Program Files (x86)\Common Files\Motive\npMotive.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Kevin\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Users\Kevin\AppData\Roaming\raidcall\plugins\nprcplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll
.
---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.brc - BRI/1
.
============= SERVICES / DRIVERS ===============
.
R0 ahcix64s;ahcix64s;C:\Windows\system32\DRIVERS\ahcix64s.sys --> C:\Windows\system32\DRIVERS\ahcix64s.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-8-9 655944]
R2 pcCMService;pcCMService;C:\Program Files (x86)\Common Files\Motive\pcCMService.exe [2012-8-9 361472]
R2 pcCMService64;pcCMService64;C:\Program Files\Common Files\Motive\pcCMService.exe [2012-8-9 441344]
R2 pcServiceHost;pcServiceHost;C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe [2012-8-9 342016]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-7-3 2666880]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 danewFltr;NewDeathAdder Mouse;C:\Windows\system32\drivers\danew.sys --> C:\Windows\system32\drivers\danew.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
R3 VKbms;Virtual HID Minidriver;C:\Windows\system32\DRIVERS\VKbms.sys --> C:\Windows\system32\DRIVERS\VKbms.sys [?]
S2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-8-9 250056]
S3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys --> C:\Windows\system32\DRIVERS\LVPr2M64.sys [?]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
S3 LVUVC64;Logitech Webcam Pro 9000(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
S4 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-4-5 361984]
S4 AMD_RAIDXpert;AMD RAIDXpert;C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2009-3-16 122880]
S4 HPBtnSrv;HP Easy Backup Button Service;C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [2009-9-4 192512]
S4 LVPrcS64;Process Monitor;C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe [2009-10-7 191000]
S4 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-3 113120]
S4 Norton Internet Security;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\16.7.0.30\ccSvcHst.exe [2009-9-4 117640]
.
=============== Created Last 30 ================
.
2012-08-10 14:34:41 20480 ----a-w- C:\Windows\svchost.exe
2012-08-10 01:00:31 -------- d-----w- C:\Users\Kevin\AppData\Roaming\Malwarebytes
2012-08-10 01:00:29 -------- d-----w- C:\ProgramData\Malwarebytes
2012-08-10 01:00:28 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-08-10 01:00:28 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-08-10 00:01:49 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-10 00:01:49 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-08-09 23:23:02 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-08-09 20:44:49 -------- d-----w- C:\Program Files\iTunes
2012-08-09 20:44:49 -------- d-----w- C:\Program Files (x86)\iTunes
2012-08-09 16:59:47 -------- d-----w- C:\Program Files\ATT-SST
2012-08-09 16:59:39 -------- d-----w- C:\Program Files (x86)\ATT-SST
2012-08-09 16:41:13 -------- d-----w- C:\Program Files (x86)\Common Files\Motive
2012-08-09 16:41:03 -------- d-----w- C:\Program Files\Common Files\Motive
2012-08-07 22:05:51 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F29922B5-5102-4977-8E03-6CC806D6FB73}\mpengine.dll
2012-08-01 18:42:16 24376 ----a-w- C:\Windows\System32\drivers\cqcpu.sys
2012-08-01 18:42:16 24376 ----a-w- C:\Windows\System32\drivers\cpqdfw.sys
2012-08-01 18:42:00 -------- d---a-w- C:\HPVNEW
2012-07-18 17:28:28 -------- d-----w- C:\Users\Kevin\AppData\Local\Sony Creative Software
2012-07-16 19:22:50 -------- d-----w- C:\Users\Kevin\AppData\Roaming\raidcall
2012-07-12 04:34:17 3148800 ----a-w- C:\Windows\System32\win32k.sys
.
==================== Find3M ====================
.
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 20:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 20:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-31 17:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 20:47:32.27 ===============

-----------------------------------------------------------------------

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 11/13/2009 6:10:36 PM
System Uptime: 8/10/2012 5:33:55 PM (3 hours ago)
.
Motherboard: FOXCONN | | ALOE
Processor: AMD Phenom™ II X4 910 Processor | CPU 1 | 2600/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 919 GiB total, 673.8 GiB free.
D: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: NAVEX15
Device ID: ROOT\LEGACY_NAVEX15\0000
Manufacturer:
Name: NAVEX15
PNP Device ID: ROOT\LEGACY_NAVEX15\0000
Service: NAVEX15
.
==== System Restore Points ===================
.
RP474: 7/17/2012 8:18:57 AM - Windows Update
RP475: 7/20/2012 8:27:07 AM - Windows Update
RP477: 8/1/2012 12:43:33 PM - Windows Defender Checkpoint
RP478: 8/7/2012 5:04:16 PM - Windows Update
RP480: 8/8/2012 11:59:08 PM - Windows Defender Checkpoint
RP481: 8/9/2012 6:44:55 PM - Removed JChem .NET API 5.4.1.1062
RP482: 8/10/2012 9:30:50 AM - Removed LogMeIn Hamachi
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Ace of Spades
Acrobat.com
Activate Norton Online Backup
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Community Help
Adobe Download Assistant
Adobe Flash Player 11 Plugin
Adobe Media Player
Adobe Reader 9.4.0
Adobe Shockwave Player 11.5
Adobe Story
AMD USB Filter Driver
AMD VISION Engine Control Center
Any Video Converter 2.7.9
Apple Application Support
Apple Software Update
Application Profiles
AT&T Troubleshoot & Resolve Tool
Bandicam
Bandisoft MPEG-1 Decoder
Bing Rewards Client Installer
Camtasia Studio 5
Canon Digital Camera Solution Disk 40-46 Software Starter Guide
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon MOV Decoder
Canon MOV Encoder
Canon MovieEdit Task for ZoomBrowser EX
Canon Personal Printing Guide
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
ChemAxon Marvin Beans 5.4.1.1
Compatibility Pack for the 2007 Office system
Counter-Strike: Source
Cross Fire En
CyberLink DVD Suite Deluxe
CyberLink YouCam
D3DX10
DirectX for Managed Code Update (Summer 2004)
Fallout 3 - Game of the Year Edition
Fallout 3 - The Garden of Eden Creation Kit
Fallout Mod Manager 0.12.6
FEARCombat
Fraps (remove only)
GIMP 2.6.11
Google Chrome
Homepage Protection
HP Advisor
HP Customer Experience Enhancements
HP Easy Backup
HP Games
HP MediaSmart Demo
HP MediaSmart DVD
HP MediaSmart Movie Themes
HP MediaSmart Music/Photo/Video
HP Odometer
HP Remote Solution
HP Setup
HP Support Assistant
HP Support Information
HP Update
HPAsset component for HP Active Support Library
HydraVision
iPod for Windows 2006-06-28
Java Auto Updater
Java™ 6 Update 31
LabelPrint
LightScribe System Software
Logitech Vid
Malwarebytes Anti-Malware version 1.62.0.1300
Microsoft Default Manager
Microsoft Games for Windows - LIVE Redistributable
Microsoft Live Search Toolbar
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Works
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
Mozilla Firefox 14.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT Redists
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML4 Parser
Mumble 1.2.3
Norton Internet Security
PictureMover
Power2Go
PowerDirector
PowerRecover
PxMergeModule
QuickTime
RaidCall
RAIDXpert
Razer DeathAdder™ Mouse
Realtek High Definition Audio Driver
RollerCoaster Tycoon 2
RollerCoaster Tycoon Deluxe
Safari
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Skype™ 4.2
Steam™
System Requirements Lab
System Requirements Lab CYRI
Team Fortress 2
TeamViewer 7
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Ventrilo Client
VideoCam Suite
VideoCam Suite 1.0
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Media Player Firefox Plugin
Windows Movie Maker 2.6
WinRAR archiver
Xfire (remove only)
.
==== Event Viewer Messages From Past Week ========
.
8/9/2012 9:59:02 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: The service has not been started.
8/9/2012 4:03:00 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000000000000, 0x0000000000000002, 0x0000000000000000, 0xfffff80002cdc915). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 080912-69264-01.
8/9/2012 3:41:15 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
8/9/2012 11:04:02 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000096, 0xfffff80002cc64aa, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 080912-24741-01.
8/9/2012 10:33:01 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
8/7/2012 5:06:05 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.131.1547.0).
8/10/2012 9:06:34 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.
8/10/2012 7:05:44 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
8/10/2012 7:05:44 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
8/10/2012 5:35:07 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SRTSP
8/10/2012 5:34:58 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
8/10/2012 5:34:57 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
8/10/2012 5:34:54 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
8/10/2012 5:34:51 PM, Error: Service Control Manager [7000] - The AODDriver4.1 service failed to start due to the following error: The system cannot find the file specified.
8/10/2012 5:34:19 PM, Error: SRTSP [5] - Error loading Symantec real time Anti-Virus driver.
8/10/2012 5:34:19 PM, Error: SRTSP [4] - Error loading virus definitions.
.
==== End Of File ===========================

[MrCharlie]

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

[kpz]

RogueKiller V7.6.6 [08/10/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo...13-roguekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Kevin [Admin rights]
Mode: Scan -- Date: 08/10/2012 21:24:45

¤¤¤ Bad processes: 1 ¤¤¤
[SVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 6 ¤¤¤
[SUSP PATH] HKCU\[...]\Run : Sony Creative Software (RUNDLL32.EXE "C:\Users\Kevin\AppData\Local\Sony Creative Software\wytvfypj.dll",InjectDll) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-3666074475-405161259-3935603811-1001[...]\Run : Sony Creative Software (RUNDLL32.EXE "C:\Users\Kevin\AppData\Local\Sony Creative Software\wytvfypj.dll",InjectDll) -> FOUND
[SUSP PATH] RunAsStdUser Task.job @ : C:\Users\Kevin\AppData\Local\cheerychickenSA\bin\1.0.7.0\CheeryChickenSA.exe -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] @ : c:\windows\installer\{2137bfcd-29e9-534b-910a-f787603f1930}\@ --> FOUND
[ZeroAccess][FOLDER] U : c:\windows\installer\{2137bfcd-29e9-534b-910a-f787603f1930}\U --> FOUND
[ZeroAccess][FOLDER] L : c:\windows\installer\{2137bfcd-29e9-534b-910a-f787603f1930}\L --> FOUND
[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_32\desktop.ini --> FOUND
[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_64\desktop.ini --> FOUND
[Susp.ASLR][ASLR WIPED-OFF] services.exe : c:\windows\system32\services.exe --> FOUND

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess|Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 adobe.activate.com


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD10EADS-65M2BX ATA Device +++++
--- User ---
[MBR] 15a751cc298b5602b95153470e61fc20
[BSP] 221cbeb2319437e35aa64d3da59a294e : Windows Vista/7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 941137 Mo
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1927655424 | Size: 12630 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] 7ded78816d13e200389e120fd745864f
[BSP] 221cbeb2319437e35aa64d3da59a294e : Windows Vista/7 MBR Code
Partition table:
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 941137 Mo

Finished : << RKreport[1].txt >>
RKreport[1].txt

[MrCharlie]

Here you go......

Your computer is infected with a nasty rootkit. Please read the following information first.

Quote

You're infected with Rootkit.ZeroAccess, a BackDoor Trojan.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
http://www.dslreports.com/faq/10451

When Should I Format, How Should I Reinstall
http://www.dslreports.com/faq/10063

I will try my best to clean this machine but I can't guarantee that it will be 100% secure afterwards.

Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

-----------------------------------------

Please make sure system restore is running and create a new restore point before continuing!

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

How to tell > 32 or 64 bit

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

• Restart the computer.
  
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  
• Use the arrow keys to select the Repair your computer menu item.
  
• Select US as the keyboard language settings, and then click Next.
  
• Select the operating system you want to repair, and then click Next.
  
• Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

• Insert the installation disc.
  
• Restart your computer.
  
• If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  
• Click Repair your computer.
  
• Select US as the keyboard language settings, and then click Next.
  
• Select the operating system you want to repair, and then click Next.
  
• Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
• Select Command Prompt
  
• In the command window type in notepad and press Enter.
  
• The notepad opens. Under File menu select Open.
  
• Select "Computer" and find your flash drive letter and close the notepad.
  
• In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
  Note: Replace letter e with the drive letter of your flash drive.
  
• The tool will start to run.
  
• When the tool opens click Yes to disclaimer.
  
• Press Scan button.
  
• FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:
  services.exe
  
• Now press the Search button
  
• When the search is complete, search.txt will also be written to your USB
  
• Type exit and reboot the computer normally
  
• Please copy and paste both logs in your reply.(FRST.txt and Search.txt)

MrC

[kpz]

MrCharlie, on 10 August 2012 - 09:32 PM, said:

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

• Restart the computer.
  
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  
• Use the arrow keys to select the Repair your computer menu item.
  
• Select US as the keyboard language settings, and then click Next.
  
• Select the operating system you want to repair, and then click Next.
  
• Select your user account an click Next.

The section I've quoted is what I'm having trouble with. When I select the "Repair your computer" option, Windows Boot Manager comes up and tells me that I need to 'insert my Windows installation disc and restart my computer.' Since I don't have/can't find the disc, is there any way to get around this issue? If not, then I have two options: 1) find the disc. 2) contact the computer manufacturer, as the Boot Manager tells me, to have a disc sent to me, I'm assuming.

[MrCharlie]

Lets try it this way.........

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

[kpz]

I'm supposed to disable my firewall before running ComboFix, but I keep getting the following message when I click on the button that says, "Use recommended settings," so that I can turn the firewall off:

[MrCharlie]

It's OK to leave it on. MrC

[kpz]

Whenever I run ComboFix, the installation process starts, but about 3/4 of the way through, it causes my computer to crash. I haven't run the program as an administrator, so if you think that might help, I'll go ahead and try that. If, however, that doesn't work either, should I try running it in Safe Mode w/ Networking?

[MrCharlie]

Try this.......

Delete your copy of ComboFix. Grab a fresh copy and save it to your Desktop, but do not run it yet.

Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).

Click Start --> Run, and enter this command exactly as shown: (copy and paste)

"%userprofile%\desktop\combofix.exe" /nombr

See if it will run successfully now. MrC

[kpz]

Unfortunately, my computer still crashes.

[MrCharlie]

Please make sure system restore is running and create a new restore point before continuing.
XP <===> Vista & W7

XP users > please back up the registry using ERUNT.

-----------------------------------------

TDSSKiller can be run in safe mode if needed.

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.



-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.



------------------------

Click the Start Scan button.



-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue




----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.





--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.
Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

[kpz]

20:09:04.0357 5072 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
20:09:04.0930 5072 ============================================================
20:09:04.0930 5072 Current date / time: 2012/08/12 20:09:04.0930
20:09:04.0930 5072 SystemInfo:
20:09:04.0930 5072
20:09:04.0930 5072 OS Version: 6.1.7601 ServicePack: 1.0
20:09:04.0930 5072 Product type: Workstation
20:09:04.0930 5072 ComputerName: KEVIN-PC
20:09:04.0930 5072 UserName: Kevin
20:09:04.0930 5072 Windows directory: C:\Windows
20:09:04.0930 5072 System windows directory: C:\Windows
20:09:04.0930 5072 Running under WOW64
20:09:04.0930 5072 Processor architecture: Intel x64
20:09:04.0930 5072 Number of processors: 4
20:09:04.0930 5072 Page size: 0x1000
20:09:04.0930 5072 Boot type: Normal boot
20:09:04.0930 5072 ============================================================
20:09:07.0150 5072 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:09:07.0170 5072 ============================================================
20:09:07.0170 5072 \Device\Harddisk0\DR0:
20:09:07.0171 5072 MBR partitions:
20:09:07.0171 5072 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:09:07.0171 5072 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x72E28800
20:09:07.0171 5072 ============================================================
20:09:07.0224 5072 C: <-> \Device\Harddisk0\DR0\Partition1
20:09:07.0224 5072 ============================================================
20:09:07.0224 5072 Initialize success
20:09:07.0224 5072 ============================================================
20:09:29.0447 4816 ============================================================
20:09:29.0447 4816 Scan started
20:09:29.0447 4816 Mode: Manual; SigCheck; TDLFS;
20:09:29.0447 4816 ============================================================
20:09:32.0061 4816 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
20:09:32.0218 4816 1394ohci - ok
20:09:32.0251 4816 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
20:09:32.0296 4816 ACPI - ok
20:09:32.0330 4816 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
20:09:32.0420 4816 AcpiPmi - ok
20:09:32.0541 4816 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:09:32.0585 4816 AdobeFlashPlayerUpdateSvc - ok
20:09:32.0646 4816 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
20:09:32.0695 4816 adp94xx - ok
20:09:32.0728 4816 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
20:09:32.0774 4816 adpahci - ok
20:09:32.0803 4816 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
20:09:32.0835 4816 adpu320 - ok
20:09:32.0862 4816 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
20:09:32.0985 4816 AeLookupSvc - ok
20:09:33.0062 4816 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
20:09:33.0155 4816 AFD - ok
20:09:33.0200 4816 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
20:09:33.0229 4816 agp440 - ok
20:09:33.0269 4816 ahcix64s (3327e85cadb3b65ee36016e35bcc0adc) C:\Windows\system32\DRIVERS\ahcix64s.sys
20:09:33.0331 4816 ahcix64s - ok
20:09:33.0351 4816 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
20:09:33.0402 4816 ALG - ok
20:09:33.0458 4816 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
20:09:33.0531 4816 aliide - ok
20:09:33.0578 4816 AMD External Events Utility (20c8a3e435a47f0408a1ea674afa6194) C:\Windows\system32\atiesrxx.exe
20:09:33.0663 4816 AMD External Events Utility - ok
20:09:33.0768 4816 AMD FUEL Service - ok
20:09:33.0785 4816 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
20:09:33.0850 4816 amdide - ok
20:09:33.0875 4816 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
20:09:33.0902 4816 amdiox64 - ok
20:09:33.0930 4816 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
20:09:34.0050 4816 AmdK8 - ok
20:09:34.0611 4816 amdkmdag (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys
20:09:34.0924 4816 amdkmdag - ok
20:09:35.0099 4816 amdkmdap (0e57258e5cc4cc7a9a9a877afdf0cec6) C:\Windows\system32\DRIVERS\atikmpag.sys
20:09:35.0164 4816 amdkmdap - ok
20:09:35.0211 4816 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
20:09:35.0269 4816 AmdPPM - ok
20:09:35.0327 4816 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
20:09:35.0390 4816 amdsata - ok
20:09:35.0429 4816 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
20:09:35.0487 4816 amdsbs - ok
20:09:35.0498 4816 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
20:09:35.0527 4816 amdxata - ok
20:09:35.0605 4816 AMD_RAIDXpert (b01289cc07a2e21c4efca722d1efb243) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
20:09:35.0673 4816 AMD_RAIDXpert ( UnsignedFile.Multi.Generic ) - warning
20:09:35.0673 4816 AMD_RAIDXpert - detected UnsignedFile.Multi.Generic (1)
20:09:35.0782 4816 AODDriver4.01 (5b25d1a753cc3a3edb909bb759ac1098) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
20:09:35.0827 4816 AODDriver4.01 - ok
20:09:35.0841 4816 AODDriver4.1 (5b25d1a753cc3a3edb909bb759ac1098) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
20:09:35.0868 4816 AODDriver4.1 - ok
20:09:35.0957 4816 AppHostSvc (59d01fa91962c9c1e9b4022b2d3b46db) C:\Windows\system32\inetsrv\apphostsvc.dll
20:09:36.0031 4816 AppHostSvc - ok
20:09:36.0075 4816 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
20:09:36.0262 4816 AppID - ok
20:09:36.0291 4816 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
20:09:36.0356 4816 AppIDSvc - ok
20:09:36.0411 4816 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
20:09:36.0483 4816 Appinfo - ok
20:09:36.0615 4816 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
20:09:36.0676 4816 Apple Mobile Device - ok
20:09:36.0730 4816 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
20:09:36.0770 4816 arc - ok
20:09:36.0780 4816 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
20:09:36.0809 4816 arcsas - ok
20:09:36.0882 4816 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
20:09:36.0997 4816 AsyncMac - ok
20:09:37.0074 4816 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
20:09:37.0136 4816 atapi - ok
20:09:37.0263 4816 athr (e0fabc10635c670bd7d89fd214a405d7) C:\Windows\system32\DRIVERS\athrx.sys
20:09:37.0356 4816 athr - ok
20:09:37.0477 4816 AtiHdmiService (77c149e6d702737b2e372dee166faef8) C:\Windows\system32\drivers\AtiHdmi.sys
20:09:37.0551 4816 AtiHdmiService - ok
20:09:38.0054 4816 atikmdag (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys
20:09:38.0185 4816 atikmdag - ok
20:09:38.0322 4816 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
20:09:38.0373 4816 AtiPcie - ok
20:09:38.0451 4816 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
20:09:38.0590 4816 AudioEndpointBuilder - ok
20:09:38.0596 4816 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
20:09:38.0648 4816 AudioSrv - ok
20:09:38.0714 4816 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
20:09:38.0813 4816 AxInstSV - ok
20:09:38.0889 4816 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
20:09:38.0991 4816 b06bdrv - ok
20:09:39.0048 4816 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
20:09:39.0122 4816 b57nd60a - ok
20:09:39.0164 4816 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
20:09:39.0257 4816 BDESVC - ok
20:09:39.0282 4816 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
20:09:39.0364 4816 Beep - ok
20:09:39.0470 4816 bgsvcgen (acc9c8c560c567fad6f79c977ab2ea09) C:\Windows\SysWOW64\bgsvcgen.exe
20:09:39.0531 4816 bgsvcgen - ok
20:09:39.0579 4816 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
20:09:39.0651 4816 blbdrive - ok
20:09:39.0763 4816 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
20:09:39.0835 4816 Bonjour Service - ok
20:09:39.0891 4816 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
20:09:39.0955 4816 bowser - ok
20:09:39.0973 4816 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
20:09:40.0070 4816 BrFiltLo - ok
20:09:40.0092 4816 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
20:09:40.0147 4816 BrFiltUp - ok
20:09:40.0203 4816 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
20:09:40.0290 4816 Browser - ok
20:09:40.0335 4816 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
20:09:40.0395 4816 Brserid - ok
20:09:40.0424 4816 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
20:09:40.0470 4816 BrSerWdm - ok
20:09:40.0492 4816 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
20:09:40.0541 4816 BrUsbMdm - ok
20:09:40.0562 4816 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
20:09:40.0599 4816 BrUsbSer - ok
20:09:40.0619 4816 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
20:09:40.0668 4816 BTHMODEM - ok
20:09:40.0709 4816 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
20:09:40.0763 4816 bthserv - ok
20:09:40.0798 4816 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
20:09:40.0892 4816 cdfs - ok
20:09:40.0947 4816 cdrbsdrv (9edd76d0800a022ae10b9243d0224e72) C:\Windows\system32\drivers\cdrbsdrv.sys
20:09:40.0973 4816 cdrbsdrv - ok
20:09:41.0031 4816 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
20:09:41.0074 4816 cdrom - ok
20:09:41.0129 4816 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
20:09:41.0219 4816 CertPropSvc - ok
20:09:41.0267 4816 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
20:09:41.0298 4816 circlass - ok
20:09:41.0349 4816 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
20:09:41.0409 4816 CLFS - ok
20:09:41.0478 4816 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:09:41.0506 4816 clr_optimization_v2.0.50727_32 - ok
20:09:41.0585 4816 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:09:41.0642 4816 clr_optimization_v2.0.50727_64 - ok
20:09:41.0751 4816 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:09:41.0811 4816 clr_optimization_v4.0.30319_32 - ok
20:09:41.0875 4816 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:09:41.0926 4816 clr_optimization_v4.0.30319_64 - ok
20:09:41.0958 4816 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
20:09:42.0006 4816 CmBatt - ok
20:09:42.0035 4816 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
20:09:42.0064 4816 cmdide - ok
20:09:42.0141 4816 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
20:09:42.0185 4816 CNG - ok
20:09:42.0202 4816 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
20:09:42.0231 4816 Compbatt - ok
20:09:42.0293 4816 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
20:09:42.0367 4816 CompositeBus - ok
20:09:42.0387 4816 COMSysApp - ok
20:09:42.0447 4816 CpqDfw (a398ed024f739e7be74ecffa8a713a89) C:\Windows\system32\drivers\CpqDfw.sys
20:09:42.0501 4816 CpqDfw - ok
20:09:42.0529 4816 cqcpu (10fb0ff62af6262bf88e3607e2ae2a69) C:\Windows\system32\drivers\cqcpu.sys
20:09:42.0566 4816 cqcpu - ok
20:09:42.0593 4816 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
20:09:42.0621 4816 crcdisk - ok
20:09:42.0673 4816 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
20:09:42.0751 4816 CryptSvc - ok
20:09:42.0805 4816 danewFltr (003626f7ca17c204f16cd5047af0703a) C:\Windows\system32\drivers\danew.sys
20:09:42.0873 4816 danewFltr - ok
20:09:42.0937 4816 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
20:09:43.0028 4816 DcomLaunch - ok
20:09:43.0095 4816 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
20:09:43.0184 4816 defragsvc - ok
20:09:43.0244 4816 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
20:09:43.0334 4816 DfsC - ok
20:09:43.0401 4816 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
20:09:43.0500 4816 Dhcp - ok
20:09:43.0530 4816 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
20:09:43.0578 4816 discache - ok
20:09:43.0633 4816 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
20:09:43.0693 4816 Disk - ok
20:09:43.0730 4816 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
20:09:43.0787 4816 Dnscache - ok
20:09:43.0825 4816 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
20:09:43.0904 4816 dot3svc - ok
20:09:43.0950 4816 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
20:09:44.0054 4816 DPS - ok
20:09:44.0090 4816 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
20:09:44.0142 4816 drmkaud - ok
20:09:44.0213 4816 dump_wmimmc - ok
20:09:44.0323 4816 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
20:09:44.0383 4816 DXGKrnl - ok
20:09:44.0414 4816 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
20:09:44.0479 4816 EapHost - ok
20:09:44.0659 4816 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
20:09:44.0776 4816 ebdrv - ok
20:09:44.0889 4816 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
20:09:44.0990 4816 EFS - ok
20:09:45.0085 4816 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
20:09:45.0170 4816 ehRecvr - ok
20:09:45.0192 4816 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
20:09:45.0266 4816 ehSched - ok
20:09:45.0358 4816 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
20:09:45.0399 4816 elxstor - ok
20:09:45.0429 4816 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
20:09:45.0475 4816 ErrDev - ok
20:09:45.0531 4816 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
20:09:45.0598 4816 EventSystem - ok
20:09:45.0642 4816 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
20:09:45.0692 4816 exfat - ok
20:09:45.0715 4816 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
20:09:45.0782 4816 fastfat - ok
20:09:45.0862 4816 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
20:09:45.0977 4816 Fax - ok
20:09:46.0002 4816 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
20:09:46.0088 4816 fdc - ok
20:09:46.0121 4816 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
20:09:46.0190 4816 fdPHost - ok
20:09:46.0206 4816 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
20:09:46.0265 4816 FDResPub - ok
20:09:46.0285 4816 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
20:09:46.0314 4816 FileInfo - ok
20:09:46.0337 4816 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
20:09:46.0396 4816 Filetrace - ok
20:09:46.0412 4816 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
20:09:46.0441 4816 flpydisk - ok
20:09:46.0489 4816 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
20:09:46.0522 4816 FltMgr - ok
20:09:46.0610 4816 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
20:09:46.0689 4816 FontCache - ok
20:09:46.0783 4816 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:09:46.0840 4816 FontCache3.0.0.0 - ok
20:09:46.0873 4816 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
20:09:46.0902 4816 FsDepends - ok
20:09:46.0944 4816 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
20:09:46.0973 4816 Fs_Rec - ok
20:09:47.0022 4816 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
20:09:47.0087 4816 fvevol - ok
20:09:47.0114 4816 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
20:09:47.0143 4816 gagp30kx - ok
20:09:47.0289 4816 GameConsoleService (c44d560e441f091ea3b72f778ec60de2) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
20:09:47.0393 4816 GameConsoleService - ok
20:09:47.0434 4816 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:09:47.0497 4816 GEARAspiWDM - ok
20:09:47.0564 4816 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
20:09:47.0639 4816 gpsvc - ok
20:09:47.0700 4816 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys
20:09:47.0735 4816 hamachi - ok
20:09:47.0749 4816 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
20:09:47.0818 4816 hcw85cir - ok
20:09:47.0876 4816 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
20:09:47.0948 4816 HDAudBus - ok
20:09:47.0971 4816 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
20:09:48.0000 4816 HidBatt - ok
20:09:48.0030 4816 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
20:09:48.0081 4816 HidBth - ok
20:09:48.0096 4816 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
20:09:48.0127 4816 HidIr - ok
20:09:48.0149 4816 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
20:09:48.0207 4816 hidserv - ok
20:09:48.0231 4816 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
20:09:48.0260 4816 HidUsb - ok
20:09:48.0310 4816 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
20:09:48.0433 4816 hkmsvc - ok
20:09:48.0477 4816 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
20:09:48.0514 4816 HomeGroupListener - ok
20:09:48.0558 4816 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
20:09:48.0597 4816 HomeGroupProvider - ok
20:09:48.0693 4816 HP Health Check Service (0141816a095a3f5a83ffa5b4a47b8023) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
20:09:48.0752 4816 HP Health Check Service ( UnsignedFile.Multi.Generic ) - warning
20:09:48.0752 4816 HP Health Check Service - detected UnsignedFile.Multi.Generic (1)
20:09:48.0785 4816 HPBtnSrv (deab3bf5aefbdc3f9ac0e020926ec81d) C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe
20:09:48.0830 4816 HPBtnSrv ( UnsignedFile.Multi.Generic ) - warning
20:09:48.0830 4816 HPBtnSrv - detected UnsignedFile.Multi.Generic (1)
20:09:48.0896 4816 hpqwmiex (fdf273a845f1ffcceadf363aaf47582f) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
20:09:48.0953 4816 hpqwmiex - ok
20:09:49.0007 4816 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
20:09:49.0077 4816 HpSAMD - ok
20:09:49.0169 4816 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
20:09:49.0293 4816 HTTP - ok
20:09:49.0340 4816 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
20:09:49.0402 4816 hwpolicy - ok
20:09:49.0451 4816 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
20:09:49.0511 4816 i8042prt - ok
20:09:49.0543 4816 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
20:09:49.0578 4816 iaStorV - ok
20:09:49.0661 4816 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
20:09:49.0731 4816 IDriverT ( UnsignedFile.Multi.Generic ) - warning
20:09:49.0731 4816 IDriverT - detected UnsignedFile.Multi.Generic (1)
20:09:49.0869 4816 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:09:49.0941 4816 idsvc - ok
20:09:50.0026 4816 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
20:09:50.0083 4816 iirsp - ok
20:09:50.0181 4816 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
20:09:50.0273 4816 IKEEXT - ok
20:09:50.0369 4816 IntcAzAudAddService (31c32bc56d85d109ebb0c526be5caca7) C:\Windows\system32\drivers\RTKVHD64.sys
20:09:50.0418 4816 IntcAzAudAddService - ok
20:09:50.0546 4816 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
20:09:50.0602 4816 intelide - ok
20:09:50.0628 4816 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
20:09:50.0671 4816 intelppm - ok
20:09:50.0716 4816 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
20:09:50.0777 4816 IPBusEnum - ok
20:09:50.0818 4816 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:09:50.0881 4816 IpFilterDriver - ok
20:09:50.0918 4816 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
20:09:50.0958 4816 IPMIDRV - ok
20:09:51.0017 4816 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
20:09:51.0111 4816 IPNAT - ok
20:09:51.0246 4816 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files (x86)\iPod\bin\iPodService.exe
20:09:51.0319 4816 iPod Service - ok
20:09:51.0348 4816 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
20:09:51.0420 4816 IRENUM - ok
20:09:51.0458 4816 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
20:09:51.0487 4816 isapnp - ok
20:09:51.0520 4816 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
20:09:51.0553 4816 iScsiPrt - ok
20:09:51.0606 4816 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
20:09:51.0657 4816 kbdclass - ok
20:09:51.0704 4816 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
20:09:51.0770 4816 kbdhid - ok
20:09:51.0800 4816 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:09:51.0828 4816 KeyIso - ok
20:09:51.0871 4816 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
20:09:51.0901 4816 KSecDD - ok
20:09:51.0951 4816 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
20:09:52.0013 4816 KSecPkg - ok
20:09:52.0033 4816 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
20:09:52.0089 4816 ksthunk - ok
20:09:52.0141 4816 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
20:09:52.0233 4816 KtmRm - ok
20:09:52.0297 4816 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
20:09:52.0392 4816 LanmanServer - ok
20:09:52.0578 4816 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
20:09:52.0688 4816 LanmanWorkstation - ok
20:09:52.0752 4816 LightScribeService (108333981c841eb0ff198aa5dfcf3d3b) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
20:09:52.0807 4816 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
20:09:52.0807 4816 LightScribeService - detected UnsignedFile.Multi.Generic (1)
20:09:52.0830 4816 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
20:09:52.0892 4816 lltdio - ok
20:09:52.0950 4816 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
20:09:53.0033 4816 lltdsvc - ok
20:09:53.0052 4816 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
20:09:53.0100 4816 lmhosts - ok
20:09:53.0134 4816 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
20:09:53.0164 4816 LSI_FC - ok
20:09:53.0190 4816 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
20:09:53.0219 4816 LSI_SAS - ok
20:09:53.0238 4816 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
20:09:53.0267 4816 LSI_SAS2 - ok
20:09:53.0288 4816 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
20:09:53.0317 4816 LSI_SCSI - ok
20:09:53.0348 4816 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
20:09:53.0409 4816 luafv - ok
20:09:53.0476 4816 LVPr2M64 (ded333dbdbbcc3555a6e6244522e2f1a) C:\Windows\system32\DRIVERS\LVPr2M64.sys
20:09:53.0524 4816 LVPr2M64 - ok
20:09:53.0555 4816 LVPr2Mon (ded333dbdbbcc3555a6e6244522e2f1a) C:\Windows\system32\DRIVERS\LVPr2M64.sys
20:09:53.0581 4816 LVPr2Mon - ok
20:09:53.0660 4816 LVPrcS64 (a35679e56e78091e1042a2d7adbf2958) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
20:09:53.0708 4816 LVPrcS64 - ok
20:09:53.0746 4816 LVRS64 (986c1cb787a007baa5f74e7d316d7246) C:\Windows\system32\DRIVERS\lvrs64.sys
20:09:53.0778 4816 LVRS64 - ok
20:09:54.0051 4816 LVUVC64 (5747bc465abea2858c5d037252aed84e) C:\Windows\system32\DRIVERS\lvuvc64.sys
20:09:54.0234 4816 LVUVC64 - ok
20:09:54.0414 4816 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys
20:09:54.0467 4816 MBAMProtector - ok
20:09:54.0623 4816 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
20:09:54.0719 4816 MBAMService - ok
20:09:54.0750 4816 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
20:09:54.0798 4816 Mcx2Svc - ok
20:09:54.0824 4816 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
20:09:54.0852 4816 megasas - ok
20:09:54.0887 4816 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
20:09:54.0920 4816 MegaSR - ok
20:09:55.0195 4816 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
20:09:55.0260 4816 Microsoft Office Groove Audit Service - ok
20:09:55.0399 4816 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:09:55.0495 4816 MMCSS - ok
20:09:55.0590 4816 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
20:09:55.0685 4816 Modem - ok
20:09:55.0796 4816 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
20:09:55.0881 4816 monitor - ok
20:09:56.0007 4816 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
20:09:56.0070 4816 mouclass - ok
20:09:56.0152 4816 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
20:09:56.0222 4816 mouhid - ok
20:09:56.0344 4816 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
20:09:56.0427 4816 mountmgr - ok
20:09:56.0708 4816 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:09:56.0773 4816 MozillaMaintenance - ok
20:09:56.0916 4816 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
20:09:56.0984 4816 mpio - ok
20:09:57.0123 4816 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
20:09:57.0206 4816 mpsdrv - ok
20:09:57.0423 4816 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS
20:09:57.0502 4816 MREMP50 ( UnsignedFile.Multi.Generic ) - warning
20:09:57.0502 4816 MREMP50 - detected UnsignedFile.Multi.Generic (1)
20:09:57.0841 4816 MREMP50a64 (c2758df79c83a0d12a5599a040ca1818) C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS
20:09:57.0893 4816 MREMP50a64 - ok
20:09:57.0956 4816 MREMPR5 - ok
20:09:57.0974 4816 MRENDIS5 - ok
20:09:58.0072 4816 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS
20:09:58.0130 4816 MRESP50 ( UnsignedFile.Multi.Generic ) - warning
20:09:58.0130 4816 MRESP50 - detected UnsignedFile.Multi.Generic (1)
20:09:58.0237 4816 MRESP50a64 (38bd5b32e0722752be8465d2a6da43d9) C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS
20:09:58.0291 4816 MRESP50a64 - ok
20:09:58.0457 4816 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
20:09:58.0559 4816 MRxDAV - ok
20:09:58.0832 4816 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:09:58.0970 4816 mrxsmb - ok
20:09:59.0477 4816 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:09:59.0590 4816 mrxsmb10 - ok
20:09:59.0698 4816 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:09:59.0743 4816 mrxsmb20 - ok
20:09:59.0807 4816 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
20:09:59.0844 4816 msahci - ok
20:09:59.0927 4816 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
20:09:59.0992 4816 msdsm - ok
20:10:00.0126 4816 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
20:10:00.0227 4816 MSDTC - ok
20:10:00.0314 4816 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
20:10:00.0411 4816 Msfs - ok
20:10:00.0439 4816 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
20:10:00.0549 4816 mshidkmdf - ok
20:10:00.0591 4816 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
20:10:00.0620 4816 msisadrv - ok
20:10:00.0823 4816 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
20:10:00.0916 4816 MSiSCSI - ok
20:10:00.0918 4816 msiserver - ok
20:10:00.0999 4816 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
20:10:01.0107 4816 MSKSSRV - ok
20:10:01.0155 4816 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
20:10:01.0243 4816 MSPCLOCK - ok
20:10:01.0270 4816 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
20:10:01.0336 4816 MSPQM - ok
20:10:01.0748 4816 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
20:10:01.0817 4816 MsRPC - ok
20:10:01.0873 4816 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
20:10:01.0932 4816 mssmbios - ok
20:10:01.0993 4816 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
20:10:02.0097 4816 MSTEE - ok
20:10:02.0146 4816 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
20:10:02.0214 4816 MTConfig - ok
20:10:02.0333 4816 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
20:10:02.0389 4816 Mup - ok
20:10:02.0990 4816 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
20:10:03.0115 4816 napagent - ok
20:10:03.0514 4816 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
20:10:03.0635 4816 NativeWifiP - ok
20:10:03.0931 4816 NAVENG - ok
20:10:03.0940 4816 NAVEX15 - ok
20:10:05.0170 4816 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
20:10:05.0269 4816 NDIS - ok
20:10:05.0396 4816 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
20:10:05.0504 4816 NdisCap - ok
20:10:05.0569 4816 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
20:10:05.0652 4816 NdisTapi - ok
20:10:05.0777 4816 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
20:10:05.0879 4816 Ndisuio - ok
20:10:06.0115 4816 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
20:10:06.0190 4816 NdisWan - ok
20:10:06.0304 4816 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
20:10:06.0379 4816 NDProxy - ok
20:10:06.0485 4816 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
20:10:06.0600 4816 NetBIOS - ok
20:10:06.0895 4816 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
20:10:06.0963 4816 NetBT - ok
20:10:07.0039 4816 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:10:07.0116 4816 Netlogon - ok
20:10:07.0455 4816 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
20:10:07.0577 4816 Netman - ok
20:10:07.0822 4816 NetMsmqActivator (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:10:07.0897 4816 NetMsmqActivator - ok
20:10:07.0900 4816 NetPipeActivator (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:10:07.0928 4816 NetPipeActivator - ok
20:10:08.0513 4816 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
20:10:08.0635 4816 netprofm - ok
20:10:08.0650 4816 NetTcpActivator (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:10:08.0677 4816 NetTcpActivator - ok
20:10:08.0680 4816 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:10:08.0708 4816 NetTcpPortSharing - ok
20:10:08.0840 4816 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
20:10:08.0909 4816 nfrd960 - ok
20:10:09.0155 4816 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
20:10:09.0265 4816 NlaSvc - ok
20:10:09.0508 4816 Norton Internet Security (ee215321e83be72ab77b6627fd149eae) C:\Program Files (x86)\Norton Internet Security\Engine\16.7.0.30\ccSvcHst.exe
20:10:09.0610 4816 Norton Internet Security - ok
20:10:09.0678 4816 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
20:10:09.0764 4816 Npfs - ok
20:10:09.0932 4816 npggsvc - ok
20:10:10.0008 4816 NPPTNT2 - ok
20:10:10.0080 4816 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
20:10:10.0183 4816 nsi - ok
20:10:10.0229 4816 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
20:10:10.0324 4816 nsiproxy - ok
20:10:11.0948 4816 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
20:10:12.0061 4816 Ntfs - ok
20:10:12.0959 4816 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
20:10:13.0071 4816 Null - ok
20:10:13.0246 4816 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
20:10:13.0313 4816 nvraid - ok
20:10:13.0487 4816 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
20:10:13.0554 4816 nvstor - ok
20:10:13.0659 4816 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
20:10:13.0716 4816 nv_agp - ok
20:10:14.0119 4816 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
20:10:14.0186 4816 odserv - ok
20:10:14.0267 4816 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
20:10:14.0348 4816 ohci1394 - ok
20:10:14.0857 4816 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:10:14.0921 4816 ose - ok
20:10:15.0425 4816 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:10:15.0580 4816 p2pimsvc - ok
20:10:16.0075 4816 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
20:10:16.0137 4816 p2psvc - ok
20:10:16.0263 4816 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
20:10:16.0317 4816 Parport - ok
20:10:17.0517 4816 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
20:10:17.0662 4816 partmgr - ok
20:10:21.0150 4816 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
20:10:21.0362 4816 PcaSvc - ok
20:10:24.0891 4816 pcCMService (bae04007a679893e975a2b75e9e001e9) C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
20:10:25.0048 4816 pcCMService ( UnsignedFile.Multi.Generic ) - warning
20:10:25.0048 4816 pcCMService - detected UnsignedFile.Multi.Generic (1)
20:10:30.0844 4816 pcCMService64 (3bea1d461531d1d26f5695bb9ca97a18) C:\Program Files\Common Files\Motive\pcCMService.exe
20:10:31.0096 4816 pcCMService64 ( UnsignedFile.Multi.Generic ) - warning
20:10:31.0096 4816 pcCMService64 - detected UnsignedFile.Multi.Generic (1)
20:10:32.0585 4816 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
20:10:32.0651 4816 pci - ok
20:10:32.0813 4816 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
20:10:32.0858 4816 pciide - ok
20:10:33.0186 4816 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
20:10:33.0244 4816 pcmcia - ok
20:10:33.0437 4816 pcServiceHost (a792405e6c84c3debc02b1cf29a928f0) C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe
20:10:33.0542 4816 pcServiceHost ( UnsignedFile.Multi.Generic ) - warning
20:10:33.0543 4816 pcServiceHost - detected UnsignedFile.Multi.Generic (1)
20:10:33.0636 4816 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
20:10:33.0687 4816 pcw - ok
20:10:34.0027 4816 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
20:10:34.0128 4816 PEAUTH - ok
20:10:34.0648 4816 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
20:10:34.0695 4816 PerfHost - ok
20:10:35.0227 4816 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
20:10:35.0310 4816 pla - ok
20:10:35.0368 4816 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
20:10:35.0427 4816 PlugPlay - ok
20:10:35.0449 4816 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
20:10:35.0493 4816 PNRPAutoReg - ok
20:10:35.0509 4816 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
20:10:35.0540 4816 PNRPsvc - ok
20:10:35.0591 4816 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
20:10:35.0673 4816 PolicyAgent - ok
20:10:35.0708 4816 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
20:10:35.0773 4816 Power - ok
20:10:35.0834 4816 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
20:10:35.0896 4816 PptpMiniport - ok
20:10:35.0919 4816 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
20:10:35.0960 4816 Processor - ok
20:10:35.0998 4816 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
20:10:36.0051 4816 ProfSvc - ok
20:10:36.0077 4816 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:10:36.0105 4816 ProtectedStorage - ok
20:10:36.0163 4816 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
20:10:36.0222 4816 Psched - ok
20:10:36.0306 4816 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
20:10:36.0333 4816 PxHlpa64 - ok
20:10:36.0491 4816 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
20:10:36.0560 4816 ql2300 - ok
20:10:36.0672 4816 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
20:10:36.0703 4816 ql40xx - ok
20:10:36.0762 4816 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
20:10:36.0797 4816 QWAVE - ok
20:10:36.0838 4816 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
20:10:36.0882 4816 QWAVEdrv - ok
20:10:36.0894 4816 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
20:10:36.0950 4816 RasAcd - ok
20:10:37.0016 4816 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
20:10:37.0063 4816 RasAgileVpn - ok
20:10:37.0092 4816 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
20:10:37.0155 4816 RasAuto - ok
20:10:37.0206 4816 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:10:37.0253 4816 Rasl2tp - ok
20:10:37.0301 4816 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
20:10:37.0353 4816 RasMan - ok
20:10:37.0370 4816 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
20:10:37.0422 4816 RasPppoe - ok
20:10:37.0448 4816 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
20:10:37.0515 4816 RasSstp - ok
20:10:37.0561 4816 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
20:10:37.0611 4816 rdbss - ok
20:10:37.0630 4816 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
20:10:37.0674 4816 rdpbus - ok
20:10:37.0687 4816 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:10:37.0749 4816 RDPCDD - ok
20:10:37.0802 4816 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
20:10:37.0849 4816 RDPENCDD - ok
20:10:37.0856 4816 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
20:10:37.0903 4816 RDPREFMP - ok
20:10:37.0945 4816 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
20:10:38.0002 4816 RDPWD - ok
20:10:38.0053 4816 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
20:10:38.0085 4816 rdyboost - ok
20:10:38.0121 4816 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
20:10:38.0189 4816 RemoteAccess - ok
20:10:38.0244 4816 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
20:10:38.0304 4816 RemoteRegistry - ok
20:10:38.0317 4816 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
20:10:38.0376 4816 RpcEptMapper - ok
20:10:38.0452 4816 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
20:10:38.0521 4816 RpcLocator - ok
20:10:38.0582 4816 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
20:10:38.0679 4816 RpcSs - ok
20:10:38.0759 4816 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
20:10:38.0894 4816 rspndr - ok
20:10:38.0951 4816 RTL8167 (91296f0b2653281b2f11e0fce56aa427) C:\Windows\system32\DRIVERS\Rt64win7.sys
20:10:39.0012 4816 RTL8167 - ok
20:10:39.0043 4816 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:10:39.0072 4816 SamSs - ok
20:10:39.0111 4816 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
20:10:39.0141 4816 sbp2port - ok
20:10:39.0157 4816 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
20:10:39.0208 4816 SCardSvr - ok
20:10:39.0248 4816 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
20:10:39.0313 4816 scfilter - ok
20:10:39.0471 4816 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
20:10:39.0555 4816 Schedule - ok
20:10:39.0594 4816 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
20:10:39.0654 4816 SCPolicySvc - ok
20:10:39.0700 4816 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
20:10:39.0743 4816 SDRSVC - ok
20:10:39.0780 4816 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
20:10:39.0886 4816 seclogon - ok
20:10:39.0900 4816 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
20:10:39.0949 4816 SENS - ok
20:10:39.0961 4816 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
20:10:40.0014 4816 SensrSvc - ok
20:10:40.0056 4816 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
20:10:40.0104 4816 Serenum - ok
20:10:40.0134 4816 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
20:10:40.0164 4816 Serial - ok
20:10:40.0196 4816 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
20:10:40.0243 4816 sermouse - ok
20:10:40.0295 4816 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
20:10:40.0387 4816 SessionEnv - ok
20:10:40.0424 4816 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
20:10:40.0464 4816 sffdisk - ok
20:10:40.0482 4816 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
20:10:40.0513 4816 sffp_mmc - ok
20:10:40.0546 4816 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
20:10:40.0618 4816 sffp_sd - ok
20:10:40.0634 4816 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
20:10:40.0663 4816 sfloppy - ok
20:10:40.0731 4816 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
20:10:40.0784 4816 ShellHWDetection - ok
20:10:40.0814 4816 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
20:10:40.0843 4816 SiSRaid2 - ok
20:10:40.0880 4816 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
20:10:40.0910 4816 SiSRaid4 - ok
20:10:40.0934 4816 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
20:10:40.0996 4816 Smb - ok
20:10:41.0027 4816 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
20:10:41.0071 4816 SNMPTRAP - ok
20:10:41.0091 4816 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
20:10:41.0119 4816 spldr - ok
20:10:41.0179 4816 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
20:10:41.0256 4816 Spooler - ok
20:10:41.0434 4816 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
20:10:41.0553 4816 sppsvc - ok
20:10:41.0652 4816 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
20:10:41.0712 4816 sppuinotify - ok
20:10:41.0796 4816 SRTSP (9e399476e5d5e0d3c8822c857a7e9a9a) C:\Windows\system32\drivers\NISx64\1007000.01E\SRTSP64.SYS
20:10:41.0830 4816 SRTSP - ok
20:10:41.0847 4816 SRTSPX (3d7717b582f0365e75071556936e5a6b) C:\Windows\system32\drivers\NISx64\1007000.01E\SRTSPX64.SYS
20:10:41.0885 4816 SRTSPX - ok
20:10:41.0932 4816 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
20:10:42.0009 4816 srv - ok
20:10:42.0041 4816 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
20:10:42.0077 4816 srv2 - ok
20:10:42.0093 4816 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
20:10:42.0134 4816 srvnet - ok
20:10:42.0166 4816 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
20:10:42.0227 4816 SSDPSRV - ok
20:10:42.0249 4816 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
20:10:42.0299 4816 SstpSvc - ok
20:10:42.0390 4816 Steam Client Service - ok
20:10:42.0434 4816 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
20:10:42.0473 4816 stexstor - ok
20:10:42.0551 4816 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
20:10:42.0687 4816 stisvc - ok
20:10:42.0737 4816 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
20:10:42.0783 4816 swenum - ok
20:10:42.0886 4816 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
20:10:43.0057 4816 swprv - ok
20:10:43.0201 4816 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
20:10:43.0311 4816 SysMain - ok
20:10:43.0439 4816 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
20:10:43.0474 4816 TabletInputService - ok
20:10:43.0529 4816 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
20:10:43.0590 4816 TapiSrv - ok
20:10:43.0625 4816 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
20:10:43.0674 4816 TBS - ok
20:10:43.0812 4816 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
20:10:43.0879 4816 Tcpip - ok
20:10:43.0997 4816 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
20:10:44.0050 4816 TCPIP6 - ok
20:10:44.0106 4816 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
20:10:44.0171 4816 tcpipreg - ok
20:10:44.0196 4816 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
20:10:44.0251 4816 TDPIPE - ok
20:10:44.0293 4816 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
20:10:44.0332 4816 TDTCP - ok
20:10:44.0367 4816 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
20:10:44.0415 4816 tdx - ok
20:10:44.0988 4816 TeamViewer7 (a4d2ce94b028ef1e437cf4ac3d8ff26c) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
20:10:45.0047 4816 TeamViewer7 - ok
20:10:45.0362 4816 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
20:10:45.0422 4816 TermDD - ok
20:10:45.0554 4816 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
20:10:45.0651 4816 TermService - ok
20:10:45.0674 4816 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
20:10:45.0724 4816 Themes - ok
20:10:45.0924 4816 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
20:10:46.0003 4816 THREADORDER - ok
20:10:46.0263 4816 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
20:10:46.0377 4816 TrkWks - ok
20:10:46.0518 4816 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
20:10:46.0595 4816 TrustedInstaller - ok
20:10:46.0887 4816 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:10:47.0082 4816 tssecsrv - ok
20:10:47.0916 4816 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
20:10:48.0027 4816 TsUsbFlt - ok
20:10:50.0015 4816 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
20:10:50.0177 4816 tunnel - ok
20:10:50.0762 4816 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
20:10:50.0800 4816 uagp35 - ok
20:10:52.0796 4816 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
20:10:52.0924 4816 udfs - ok
20:10:53.0006 4816 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
20:10:53.0038 4816 UI0Detect - ok
20:10:53.0258 4816 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
20:10:53.0302 4816 uliagpkx - ok
20:10:53.0435 4816 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
20:10:53.0486 4816 umbus - ok
20:10:53.0590 4816 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
20:10:53.0623 4816 UmPass - ok
20:10:53.0764 4816 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
20:10:53.0871 4816 upnphost - ok
20:10:53.0953 4816 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
20:10:53.0973 4816 USBAAPL64 - ok
20:10:54.0057 4816 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
20:10:54.0082 4816 usbaudio - ok
20:10:54.0101 4816 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
20:10:54.0140 4816 usbccgp - ok
20:10:54.0236 4816 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
20:10:54.0274 4816 usbcir - ok
20:10:54.0297 4816 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
20:10:54.0307 4816 usbehci - ok
20:10:54.0336 4816 usbfilter (6648c6d7323a2ce0c4776c36cefbcb14) C:\Windows\system32\DRIVERS\usbfilter.sys
20:10:54.0345 4816 usbfilter - ok
20:10:54.0523 4816 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
20:10:54.0572 4816 usbhub - ok
20:10:54.0603 4816 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
20:10:54.0642 4816 usbohci - ok
20:10:54.0670 4816 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
20:10:54.0699 4816 usbprint - ok
20:10:54.0740 4816 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
20:10:54.0788 4816 usbscan - ok
20:10:54.0854 4816 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:10:54.0903 4816 USBSTOR - ok
20:10:54.0920 4816 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
20:10:54.0954 4816 usbuhci - ok
20:10:55.0002 4816 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
20:10:55.0042 4816 UxSms - ok
20:10:55.0099 4816 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
20:10:55.0124 4816 VaultSvc - ok
20:10:55.0175 4816 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
20:10:55.0186 4816 vdrvroot - ok
20:10:55.0263 4816 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
20:10:55.0321 4816 vds - ok
20:10:55.0357 4816 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
20:10:55.0393 4816 vga - ok
20:10:55.0401 4816 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
20:10:55.0477 4816 VgaSave - ok
20:10:55.0520 4816 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
20:10:55.0532 4816 vhdmp - ok
20:10:55.0558 4816 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
20:10:55.0567 4816 viaide - ok
20:10:55.0602 4816 VKbms (3b59bb6d10cf969dbe4db93d9ead7fb4) C:\Windows\system32\DRIVERS\VKbms.sys
20:10:55.0642 4816 VKbms - ok
20:10:55.0659 4816 VMnetAdapter - ok
20:10:56.0231 4816 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
20:10:56.0241 4816 volmgr - ok
20:10:56.0561 4816 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
20:10:56.0586 4816 volmgrx - ok
20:10:56.0609 4816 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
20:10:56.0632 4816 volsnap - ok
20:10:56.0671 4816 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
20:10:56.0700 4816 vsmraid - ok
20:10:56.0795 4816 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
20:10:56.0879 4816 VSS - ok
20:10:57.0002 4816 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
20:10:57.0047 4816 vwifibus - ok
20:10:57.0078 4816 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
20:10:57.0123 4816 vwififlt - ok
20:10:57.0176 4816 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
20:10:57.0223 4816 W32Time - ok
20:10:57.0349 4816 W3SVC (b32009db1972e7f2c227499289c4384a) C:\Windows\system32\inetsrv\iisw3adm.dll
20:10:57.0401 4816 W3SVC - ok
20:10:57.0426 4816 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
20:10:57.0451 4816 WacomPen - ok
20:10:57.0509 4816 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:10:57.0573 4816 WANARP - ok
20:10:57.0576 4816 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
20:10:57.0603 4816 Wanarpv6 - ok
20:10:57.0629 4816 WAS (b32009db1972e7f2c227499289c4384a) C:\Windows\system32\inetsrv\iisw3adm.dll
20:10:57.0640 4816 WAS - ok
20:10:57.0752 4816 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
20:10:57.0810 4816 WatAdminSvc - ok
20:10:57.0896 4816 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
20:10:57.0952 4816 wbengine - ok
20:10:58.0070 4816 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
20:10:58.0110 4816 WbioSrvc - ok
20:10:58.0167 4816 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
20:10:58.0190 4816 wcncsvc - ok
20:10:58.0219 4816 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
20:10:58.0254 4816 WcsPlugInService - ok
20:10:58.0283 4816 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
20:10:58.0306 4816 Wd - ok
20:10:58.0441 4816 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
20:10:58.0474 4816 Wdf01000 - ok
20:10:58.0484 4816 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:10:58.0580 4816 WdiServiceHost - ok
20:10:58.0587 4816 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
20:10:58.0623 4816 WdiSystemHost - ok
20:10:58.0682 4816 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
20:10:58.0719 4816 WebClient - ok
20:10:58.0752 4816 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
20:10:58.0825 4816 Wecsvc - ok
20:10:58.0846 4816 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
20:10:58.0888 4816 wercplsupport - ok
20:10:58.0909 4816 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
20:10:58.0955 4816 WerSvc - ok
20:10:59.0009 4816 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
20:10:59.0079 4816 WfpLwf - ok
20:10:59.0116 4816 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
20:10:59.0125 4816 WIMMount - ok
20:10:59.0137 4816 WinHttpAutoProxySvc - ok
20:10:59.0193 4816 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
20:10:59.0251 4816 Winmgmt - ok
20:10:59.0483 4816 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
20:10:59.0559 4816 WinRM - ok
20:10:59.0808 4816 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
20:10:59.0845 4816 WinUsb - ok
20:10:59.0929 4816 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
20:10:59.0979 4816 Wlansvc - ok
20:11:00.0210 4816 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
20:11:00.0259 4816 wlidsvc - ok
20:11:00.0403 4816 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
20:11:00.0440 4816 WmiAcpi - ok
20:11:00.0556 4816 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
20:11:00.0599 4816 wmiApSrv - ok
20:11:00.0667 4816 WMPNetworkSvc - ok
20:11:00.0746 4816 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
20:11:00.0801 4816 WPCSvc - ok
20:11:01.0017 4816 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
20:11:01.0172 4816 WPDBusEnum - ok
20:11:01.0189 4816 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
20:11:01.0231 4816 ws2ifsl - ok
20:11:01.0234 4816 WSearch - ok
20:11:01.0343 4816 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
20:11:01.0394 4816 WudfPf - ok
20:11:01.0474 4816 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:11:01.0566 4816 WUDFRd - ok
20:11:01.0831 4816 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
20:11:01.0932 4816 wudfsvc - ok
20:11:01.0972 4816 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
20:11:01.0999 4816 WwanSvc - ok
20:11:02.0156 4816 X6va001 - ok
20:11:02.0164 4816 X6va002 - ok
20:11:02.0178 4816 X6va003 - ok
20:11:02.0190 4816 X6va005 - ok
20:11:02.0215 4816 X6va006 - ok
20:11:02.0223 4816 X6va007 - ok
20:11:02.0348 4816 X6va008 - ok
20:11:02.0353 4816 X6va009 - ok
20:11:02.0370 4816 MBR (0x1B8) (d903658e313289c7e22a468124057bec) \Device\Harddisk0\DR0
20:11:02.0434 4816 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
20:11:02.0434 4816 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
20:11:02.0695 4816 \Device\Harddisk0\DR0 ( TDSS File System ) - warning
20:11:02.0695 4816 \Device\Harddisk0\DR0 - detected TDSS File System (1)
20:11:02.0705 4816 Boot (0x1200) (5319ab105eb2cdafbc4dab0af835f236) \Device\Harddisk0\DR0\Partition0
20:11:02.0708 4816 \Device\Harddisk0\DR0\Partition0 - ok
20:11:02.0726 4816 Boot (0x1200) (0be0791d5a858884a5e2a19c936b2799) \Device\Harddisk0\DR0\Partition1
20:11:02.0728 4816 \Device\Harddisk0\DR0\Partition1 - ok
20:11:02.0729 4816 ============================================================
20:11:02.0729 4816 Scan finished
20:11:02.0729 4816 ============================================================
20:11:02.0740 4104 Detected object count: 12
20:11:02.0740 4104 Actual detected object count: 12
20:12:35.0839 4104 AMD_RAIDXpert ( UnsignedFile.Multi.Generic ) - skipped by user
20:12:35.0839 4104 AMD_RAIDXpert ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:12:35.0842 4104 HP Health Check Service ( UnsignedFile.Multi.Generic ) - skipped by user
20:12:35.0843 4104 HP Health Check Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:12:35.0846 4104 HPBtnSrv ( UnsignedFile.Multi.Generic ) - skipped by user
20:12:35.0846 4104 HPBtnSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:12:35.0848 4104 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
20:12:35.0848 4104 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:12:35.0850 4104 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
20:12:35.0850 4104 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:12:35.0851 4104 MREMP50 ( UnsignedFile.Multi.Generic ) - skipped by user
20:12:35.0851 4104 MREMP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:12:35.0853 4104 MRESP50 ( UnsignedFile.Multi.Generic ) - skipped by user
20:12:35.0853 4104 MRESP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:12:35.0855 4104 pcCMService ( UnsignedFile.Multi.Generic ) - skipped by user
20:12:35.0855 4104 pcCMService ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:12:35.0856 4104 pcCMService64 ( UnsignedFile.Multi.Generic ) - skipped by user
20:12:35.0856 4104 pcCMService64 ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:12:35.0858 4104 pcServiceHost ( UnsignedFile.Multi.Generic ) - skipped by user
20:12:35.0858 4104 pcServiceHost ( UnsignedFile.Multi.Generic ) - User select action: Skip
20:12:36.0470 4104 \Device\Harddisk0\DR0\# - copied to quarantine
20:12:36.0471 4104 \Device\Harddisk0\DR0 - copied to quarantine
20:12:36.0512 4104 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
20:12:36.0514 4104 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
20:12:36.0520 4104 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
20:12:36.0525 4104 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
20:12:36.0537 4104 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
20:12:36.0545 4104 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
20:12:36.0547 4104 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
20:12:36.0549 4104 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
20:12:36.0552 4104 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
20:12:36.0555 4104 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
20:12:36.0558 4104 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
20:12:36.0561 4104 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
20:12:36.0564 4104 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
20:12:36.0566 4104 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
20:12:36.0604 4104 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
20:12:36.0615 4104 \Device\Harddisk0\DR0 - ok
20:12:37.0128 4104 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
20:12:37.0129 4104 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
20:12:37.0129 4104 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip
20:12:50.0191 4888 Deinitialize success

[MrCharlie]

Run TDSSKiller again and choose Delete for this one only: (You don't have to post the log)

Quote

20:12:37.0129 4104 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
20:12:37.0129 4104 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

Now see if you can run ComboFix, MrC

[kpz]

I ran it, and it seemed to work, but it closed after about two minutes (I think it installed successfully, but I'm not sure), and the blue screen never came up.

[MrCharlie]

Try it like this.......

Delete your copy of ComboFix. Grab a fresh copy and save it to your Desktop, but do not run it yet.

Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).

Click Start --> Run, and enter this command exactly as shown: (copy and paste)

"%userprofile%\desktop\combofix.exe" /nombr

See if it will run successfully now. MrC

[kpz]

Yep, it ran. The log's below.

-----------------------------------------------------------------------

ComboFix 12-08-10.02 - Kevin 08/12/2012 20:45:18.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8191.6945 [GMT -5:00]
Running from: c:\users\Kevin\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\CFLog
c:\cflog\CrashLog_20100811.txt
c:\cflog\CrashLog_20100815.txt
c:\cflog\CrashLog_20100816.txt
c:\cflog\CrashLog_20100817.txt
c:\cflog\CrashLog_20100820.txt
c:\cflog\CrashLog_20100821.txt
c:\cflog\CrashLog_20100822.txt
c:\cflog\CrashLog_20100824.txt
c:\cflog\CrashLog_20100825.txt
c:\cflog\CrashLog_20100826.txt
c:\cflog\CrashLog_20100904.txt
c:\cflog\CrashLog_20100916.txt
c:\cflog\CrashLog_20100920.txt
c:\cflog\CrashLog_20101107.txt
c:\cflog\CrashLog_20101210.txt
c:\cflog\CrashLog_20101220.txt
c:\cflog\CrashLog_20110101.txt
c:\cflog\CrashLog_20110103.txt
c:\cflog\CrashLog_20110108.txt
c:\cflog\CrashLog_20110207.txt
c:\cflog\CrashLog_20110217.txt
c:\cflog\CrashLog_20110218.txt
c:\cflog\CrashLog_20110219.txt
c:\cflog\CrashLog_20110221.txt
c:\cflog\CrashLog_20110226.txt
c:\cflog\CrashLog_20110302.txt
c:\cflog\CrashLog_20110320.txt
c:\cflog\CrashLog_20110325.txt
c:\cflog\CrashLog_20110421.txt
c:\cflog\CrashLog_20110502.txt
c:\cflog\CrashLog_20110508.txt
c:\cflog\CrashLog_20110520.txt
c:\cflog\CrashLog_20110610.txt
c:\cflog\CrashLog_20110614.txt
c:\cflog\CrashLog_20110802.txt
c:\cflog\CrashLog_20110807.txt
c:\cflog\CrashLog_20110810.txt
c:\cflog\CrashLog_20110811.txt
c:\cflog\CrashLog_20110814.txt
c:\cflog\CrashLog_20110817.txt
c:\cflog\CrashLog_20110819.txt
c:\cflog\CrashLog_20110822.txt
c:\cflog\CrashLog_20110825.txt
c:\cflog\CrashLog_20110826.txt
c:\cflog\CrashLog_20110828.txt
c:\cflog\CrashLog_20110831.txt
c:\cflog\CrashLog_20110903.txt
c:\cflog\CrashLog_20110910.txt
c:\cflog\CrashLog_20110918.txt
c:\cflog\CrashLog_20110923.txt
c:\cflog\CrashLog_20110928.txt
c:\cflog\CrashLog_20110930.txt
c:\cflog\CrashLog_20111001.txt
c:\cflog\CrashLog_20111009.txt
c:\cflog\CrashLog_20111012.txt
c:\cflog\CrashLog_20111015.txt
c:\cflog\CrashLog_20111016.txt
c:\cflog\CrashLog_20111022.txt
c:\cflog\CrashLog_20111023.txt
c:\cflog\CrashLog_20111027.txt
c:\cflog\CrashLog_20111028.txt
c:\cflog\CrashLog_20111029.txt
c:\cflog\CrashLog_20111030.txt
c:\cflog\CrashLog_20111110.txt
c:\cflog\CrashLog_20111112.txt
c:\cflog\CrashLog_20111122.txt
c:\cflog\CrashLog_20111123.txt
c:\cflog\CrashLog_20111213.txt
c:\cflog\CrashLog_20111215.txt
c:\cflog\CrashLog_20111216.txt
c:\cflog\CrashLog_20111218.txt
c:\cflog\CrashLog_20111219.txt
c:\cflog\CrashLog_20111220.txt
c:\cflog\CrashLog_20111222.txt
c:\cflog\CrashLog_20111225.txt
c:\cflog\CrashLog_20120212.txt
c:\cflog\CrashLog_20120301.txt
c:\cflog\CrashLog_20120307.txt
c:\cflog\CrashLog_20120311.txt
c:\cflog\CrashLog_20120319.txt
c:\cflog\CrashLog_20120331.txt
c:\cflog\CrashLog_20120401.txt
c:\cflog\CrashLog_20120407.txt
c:\cflog\CrashLog_20120416.txt
c:\cflog\CrashLog_20120417.txt
c:\cflog\CrashLog_20120420.txt
c:\cflog\CrashLog_20120421.txt
c:\cflog\CrashLog_20120422.txt
c:\cflog\CrashLog_20120428.txt
c:\cflog\CrashLog_20120529.txt
c:\cflog\CrashLog_20120602.txt
c:\cflog\CrashLog_20120603.txt
c:\cflog\CrashLog_20120607.txt
c:\cflog\CrashLog_20120630.txt
c:\cflog\CrashLog_20120705.txt
c:\cflog\CrashLog_20120707.txt
C:\Install.exe
c:\users\Kevin\AppData\Local\Sony Creative Software\wytvfypj.dll
c:\windows\assembly\GAC_32\Desktop.ini
c:\windows\assembly\GAC_64\Desktop.ini
c:\windows\Installer\{2137bfcd-29e9-534b-910a-f787603f1930}\@
c:\windows\Installer\{2137bfcd-29e9-534b-910a-f787603f1930}\L\00000004.@
c:\windows\Installer\{2137bfcd-29e9-534b-910a-f787603f1930}\L\201d3dde
c:\windows\Installer\{2137bfcd-29e9-534b-910a-f787603f1930}\U\00000004.@
c:\windows\Installer\{2137bfcd-29e9-534b-910a-f787603f1930}\U\00000008.@
c:\windows\Installer\{2137bfcd-29e9-534b-910a-f787603f1930}\U\000000cb.@
c:\windows\Installer\{2137bfcd-29e9-534b-910a-f787603f1930}\U\80000000.@
c:\windows\Installer\{2137bfcd-29e9-534b-910a-f787603f1930}\U\80000032.@
c:\windows\Installer\{2137bfcd-29e9-534b-910a-f787603f1930}\U\80000064.@
.
Infected copy of c:\windows\system32\services.exe was found and disinfected
Restored copy from - c:\32788r22fwjfw\HarddiskVolumeShadowCopy5_!Windows!System32!services.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-13 to 2012-08-13 )))))))))))))))))))))))))))))))
.
.
2012-08-13 01:56 . 2012-08-13 01:56 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2012-08-13 01:56 . 2012-08-13 01:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-13 01:12 . 2012-08-13 01:22 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-10 01:00 . 2012-08-10 01:00 -------- d-----w- c:\users\Kevin\AppData\Roaming\Malwarebytes
2012-08-10 01:00 . 2012-08-10 01:00 -------- d-----w- c:\programdata\Malwarebytes
2012-08-10 01:00 . 2012-08-10 01:00 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-10 01:00 . 2012-07-03 18:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-10 00:01 . 2012-08-10 00:07 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-10 00:01 . 2012-08-10 00:07 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-09 23:58 . 2012-08-09 23:58 -------- d-----w- c:\programdata\McAfee
2012-08-09 23:23 . 2012-08-09 23:23 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-08-09 23:14 . 2012-08-09 23:14 -------- d-----w- c:\windows\Sun
2012-08-09 20:44 . 2012-08-09 20:47 -------- d-----w- c:\program files\iTunes
2012-08-09 20:44 . 2012-08-09 20:47 -------- d-----w- c:\program files (x86)\iTunes
2012-08-09 17:01 . 2012-08-09 17:01 -------- d-----w- c:\users\Kevin\AppData\Roaming\Motive
2012-08-09 16:59 . 2012-08-09 17:00 -------- d-----w- c:\program files\ATT-SST
2012-08-09 16:59 . 2012-08-09 17:00 -------- d-----w- c:\program files (x86)\ATT-SST
2012-08-09 16:41 . 2012-08-09 16:59 -------- d-----w- c:\program files (x86)\Common Files\Motive
2012-08-09 16:41 . 2012-08-09 17:00 -------- d-----w- c:\program files\Common Files\Motive
2012-08-09 16:40 . 2012-08-09 17:06 -------- d-----w- c:\programdata\Motive
2012-08-01 18:42 . 2010-03-01 21:59 24376 ----a-w- c:\windows\system32\drivers\cqcpu.sys
2012-08-01 18:42 . 2010-03-01 21:59 24376 ----a-w- c:\windows\system32\drivers\cpqdfw.sys
2012-08-01 18:42 . 2012-08-02 11:01 -------- d---a-w- C:\HPVNEW
2012-07-18 17:28 . 2012-08-13 01:56 -------- d-----w- c:\users\Kevin\AppData\Local\Sony Creative Software
2012-07-16 19:22 . 2012-07-16 19:22 -------- d-----w- c:\users\Kevin\AppData\Roaming\raidcall
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 04:31 . 2010-01-23 21:04 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-29 10:04 . 2012-08-07 22:05 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F29922B5-5102-4977-8E03-6CC806D6FB73}\mpengine.dll
2012-06-12 03:08 . 2012-07-12 04:34 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-06-09 05:43 . 2012-07-11 10:14 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 06:06 . 2012-07-11 10:14 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-11 10:14 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-11 10:13 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-11 10:14 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-11 10:14 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-11 10:13 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-06-02 22:19 . 2012-06-22 14:42 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 14:42 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-22 14:42 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 14:42 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 14:42 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-22 14:42 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-22 14:42 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 20:19 . 2012-06-22 14:42 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 20:15 . 2012-06-22 14:42 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 12:49 . 2012-07-12 04:30 17807360 ----a-w- c:\windows\system32\mshtml.dll
2012-06-02 12:17 . 2012-07-12 04:30 10924032 ----a-w- c:\windows\system32\ieframe.dll
2012-06-02 12:12 . 2012-07-12 04:30 2311680 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 12:05 . 2012-07-12 04:30 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-06-02 12:05 . 2012-07-12 04:30 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 12:04 . 2012-07-12 04:30 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 12:04 . 2012-07-12 04:30 237056 ----a-w- c:\windows\system32\url.dll
2012-06-02 12:03 . 2012-07-12 04:30 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-06-02 12:01 . 2012-07-12 04:30 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 12:00 . 2012-07-12 04:30 818688 ----a-w- c:\windows\system32\jscript.dll
2012-06-02 11:59 . 2012-07-12 04:30 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-06-02 11:57 . 2012-07-12 04:30 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-06-02 11:57 . 2012-07-12 04:30 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 11:54 . 2012-07-12 04:30 248320 ----a-w- c:\windows\system32\ieui.dll
2012-06-02 08:33 . 2012-07-12 04:30 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-06-02 08:25 . 2012-07-12 04:30 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-06-02 08:25 . 2012-07-12 04:30 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-06-02 08:20 . 2012-07-12 04:30 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-06-02 08:16 . 2012-07-12 04:30 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-06-02 05:50 . 2012-07-11 10:14 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-11 10:14 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:48 . 2012-07-11 10:14 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:45 . 2012-07-11 10:14 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-11 10:14 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-11 10:14 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-11 10:14 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-11 10:14 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-11 10:14 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-05-31 17:25 . 2009-11-14 00:35 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}]
2009-06-08 21:41 120104 ----a-w- c:\program files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"DeathAdder"="c:\program files (x86)\Razer\DeathAdder\razerhid.exe" [2011-03-21 248320]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
.
R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-10 250056]
R3 dump_wmimmc;dump_wmimmc;c:\ijji\ENGLISH\AVA\Binaries\GameGuard\dump_wmimmc.sys [x]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2009-10-07 30232]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2009-10-07 327704]
R3 LVUVC64;Logitech Webcam Pro 9000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2009-10-07 6379288]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-03 1255736]
R3 X6va001;X6va001;c:\users\Kevin\AppData\Local\Temp\0014C0.tmp [x]
R3 X6va002;X6va002;c:\users\Kevin\AppData\Local\Temp\0027ED4.tmp [x]
R3 X6va003;X6va003;c:\users\Kevin\AppData\Local\Temp\00392A8.tmp [x]
R3 X6va005;X6va005;c:\users\Kevin\AppData\Local\Temp\005E4A3.tmp [x]
R3 X6va006;X6va006;c:\users\Kevin\AppData\Local\Temp\00663E3.tmp [x]
R3 X6va007;X6va007;c:\users\Kevin\AppData\Local\Temp\007F941.tmp [x]
R3 X6va008;X6va008;c:\windows\SysWOW64\Drivers\X6va008 [x]
R3 X6va009;X6va009;c:\windows\SysWOW64\Drivers\X6va009 [x]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544]
R4 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-04-06 361984]
R4 AMD_RAIDXpert;AMD RAIDXpert;c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2009-03-16 122880]
R4 HPBtnSrv;HP Easy Backup Button Service;c:\program files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [2008-10-01 192512]
R4 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-07 191000]
R4 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-19 113120]
R4 Norton Internet Security;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\16.7.0.30\ccSvcHst.exe [2009-09-04 117640]
S0 ahcix64s;ahcix64s;c:\windows\system32\DRIVERS\ahcix64s.sys [2009-07-31 237936]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 pcCMService;pcCMService;c:\program files (x86)\Common Files\Motive\pcCMService.exe [2012-07-06 361472]
S2 pcCMService64;pcCMService64;c:\program files\Common Files\Motive\pcCMService.exe [2012-07-06 441344]
S2 pcServiceHost;pcServiceHost;c:\program files (x86)\Common Files\Motive\pcServiceHost.exe [2012-06-14 342016]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-04-06 343040]
S3 danewFltr;NewDeathAdder Mouse;c:\windows\system32\drivers\danew.sys [2010-03-23 12032]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-07-13 233472]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-04-03 34872]
S3 VKbms;Virtual HID Minidriver;c:\windows\system32\DRIVERS\VKbms.sys [2010-10-01 13312]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-10 00:07]
.
2012-08-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3666074475-405161259-3935603811-1001Core.job
- c:\users\Kevin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-30 13:47]
.
2012-08-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3666074475-405161259-3935603811-1001UA.job
- c:\users\Kevin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-30 13:47]
.
2012-08-01 c:\windows\Tasks\HPCeeScheduleForKevin.job
- c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2009-09-04 21:38]
.
2012-06-30 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-06-10 11:04]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATT-SST_McciTrayApp"="c:\program files\ATT-SST\pcTrayApp.exe" [2012-06-07 2727936]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cndt
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: $talisma_url$
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\2vir7fcg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://swagbucks.com/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&q=
FF - user.js: general.useragent.extra.brc - BRI/1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-Sony Creative Software - c:\users\Kevin\AppData\Local\Sony Creative Software\wytvfypj.dll
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Norton Internet Security]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\16.7.0.30\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files (x86)\Norton Internet Security\Engine\16.7.0.30\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va001]
"ImagePath"="\??\c:\users\Kevin\AppData\Local\Temp\0014C0.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va002]
"ImagePath"="\??\c:\users\Kevin\AppData\Local\Temp\0027ED4.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va003]
"ImagePath"="\??\c:\users\Kevin\AppData\Local\Temp\00392A8.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va005]
"ImagePath"="\??\c:\users\Kevin\AppData\Local\Temp\005E4A3.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va006]
"ImagePath"="\??\c:\users\Kevin\AppData\Local\Temp\00663E3.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va007]
"ImagePath"="\??\c:\users\Kevin\AppData\Local\Temp\007F941.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va008]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va008"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va009]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va009"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,
7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=hex:51,66,7a,6c,4c,1d,38,12,11,7f,11,
d0,78,5b,08,05,de,bb,01,03,dd,4c,30,54
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39,
64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c
"{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}"=hex:51,66,7a,6c,4c,1d,38,12,c0,08,7b,
68,6e,2b,53,0b,f0,d2,a5,e5,25,9d,9d,3c
"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,
69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,
72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{ABD3B5E1-B268-407B-A150-2641DAB8D898}"=hex:51,66,7a,6c,4c,1d,38,12,8f,b6,c0,
af,5a,fc,15,05,de,46,65,01,df,e6,9c,8c
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,
df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:0a,7a,57,39,e9,74,cd,01
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
.
**************************************************************************
.
Completion time: 2012-08-12 21:07:29 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-13 02:07
.
Pre-Run: 772,679,155,712 bytes free
Post-Run: 774,224,338,944 bytes free
.
- - End Of File - - 13071AAA7288B53A9DE7142C4898623E

[MrCharlie]

Looks Good.....

Please Update and run a Quick Scan with MBAM, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

[kpz]

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.13.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Kevin :: KEVIN-PC [administrator]

Protection: Enabled

8/13/2012 10:18:33 AM
mbam-log-2012-08-13 (10-18-33).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 222481
Time elapsed: 4 minute(s), 52 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

-----------------------------------------------------------------------

My computer's running well now. Thank you so much.

[MrCharlie]

Great

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /



Then hit enter.
This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall)

---------------------------------

Please download OTL from one of the links below: (you may already have OTL on the system)
http://oldtimer.geekstogo.com/OTL.exe
http://oldtimer.geekstogo.com/OTL.com
http://www.itxassoci...T-Tools/OTL.exe

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, etc....

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC