8 replies to this topic

[SPIKETAPPR]

Need some help getting rid of the Google Redirect Virus. My logs below, thanks for the help.



.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Ricky at 19:06:40 on 2012-08-20
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8163.5894 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe
C:\Users\Ricky\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
C:\Program Files (x86)\Samsung\Kies\Kies.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\MSI\Live Update 5\LU5.exe
C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Windows\system32\sppsvc.exe
C:\Users\Ricky\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
mWinlogon: Userinit=userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: StartNow Toolbar Helper: {6e13d095-45c3-4271-9475-f3b48227dd9f} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: StartNow Toolbar: {5911488e-9d1e-40ec-8cbb-06b231cc153f} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
uRun: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [Power2GoExpress] "C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe"
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [Google Update] "C:\Users\Ricky\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [MusicManager] "C:\Users\Ricky\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
uRun: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
uRun: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
uRun: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
uRun: [Spotify] "C:\Users\Ricky\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
uRun: [Spotify Web Helper] "C:\Users\Ricky\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [Super-Charger] C:\Program Files (x86)\MSI\Super-Charger\StartSuperCharger.exe
mRun: [StartNowToolbarHelper] "C:\Program Files (x86)\StartNow Toolbar\ToolbarHelper.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Live Update 5] C:\Program Files (x86)\MSI\Live Update 5\LU5.exe /reminder
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun: [TrayServer] C:\PROGRA~2\MAGIX\MOVIE_~1\TrayServer_en.exe
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{0C1221FE-52F8-465E-895B-7D25DF61E872} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{646D1E7B-27DF-42BB-A419-B3D158DF4C77} : DhcpNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO-X64: 0x1 - No File
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: StartNow Toolbar Helper: {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
BHO-X64: StartNow Toolbar Helper - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
BHO-X64: Vuze Remote - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO-X64: Yontoo Layers: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll
BHO-X64: Yontoo Layers - No File
BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: StartNow Toolbar: {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll
TB-X64: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll
TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [Super-Charger] C:\Program Files (x86)\MSI\Super-Charger\StartSuperCharger.exe
mRun-x64: [StartNowToolbarHelper] "C:\Program Files (x86)\StartNow Toolbar\ToolbarHelper.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [Live Update 5] C:\Program Files (x86)\MSI\Live Update 5\LU5.exe /reminder
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun-x64: [TrayServer] C:\PROGRA~2\MAGIX\MOVIE_~1\TrayServer_en.exe
mRun-x64: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
mRun-x64: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
R2 Fabs;FABS - Helping agent for MAGIX media database;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-8-27 1253376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-21 655944]
R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-3-15 2348352]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [2012-2-15 474168]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-2-29 382272]
R2 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe [2012-6-22 265952]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MBfilt;MBfilt;C:\Windows\system32\drivers\MBfilt64.sys --> C:\Windows\system32\drivers\MBfilt64.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;C:\Program Files (x86)\MSI\Live Update 5\msibios64_100507.sys [2011-11-22 33592]
R3 NTIOLib_1_0_4;NTIOLib_1_0_4;C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [2011-11-22 14136]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-13 136176]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys --> C:\Windows\system32\DRIVERS\ssudbus.sys [?]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-8-7 3276800]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-13 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 NTIOLib_1_0_6;NTIOLib_1_0_6;C:\Program Files (x86)\Setup Files\Ms7673v1E0\NTIOLib_X64.sys [2011-1-6 11888]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudmdm.sys --> C:\Windows\system32\DRIVERS\ssudmdm.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-08-21 02:03:08 -------- d-----w- C:\Users\Ricky\AppData\Roaming\StartNow Toolbar
2012-08-21 01:36:54 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9576CFC5-1EB7-4645-AB2F-BF99C48D127B}\offreg.dll
2012-08-21 01:31:09 927800 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4902E24E-3EB6-44D5-8EFF-77260B8E0208}\gapaengine.dll
2012-08-21 01:31:07 9309624 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9576CFC5-1EB7-4645-AB2F-BF99C48D127B}\mpengine.dll
2012-08-21 01:30:36 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2012-08-21 01:30:34 -------- d-----w- C:\Program Files\Microsoft Security Client
2012-08-19 20:53:22 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FC656006-BE38-4CFA-9E46-EC70EDC24C39}\mpengine.dll
2012-08-15 02:47:19 503808 ----a-w- C:\Windows\System32\srcore.dll
2012-08-15 02:47:19 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2012-08-15 02:47:18 751104 ----a-w- C:\Windows\System32\win32spl.dll
2012-08-15 02:47:18 67072 ----a-w- C:\Windows\splwow64.exe
2012-08-15 02:47:18 59392 ----a-w- C:\Windows\System32\browcli.dll
2012-08-15 02:47:18 559104 ----a-w- C:\Windows\System32\spoolsv.exe
2012-08-15 02:47:18 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2012-08-15 02:47:18 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-08-15 02:47:18 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-08-15 02:47:18 136704 ----a-w- C:\Windows\System32\browser.dll
2012-08-15 02:47:17 956928 ----a-w- C:\Windows\System32\localspl.dll
2012-08-04 12:01:57 -------- d-----w- C:\Users\Ricky\AppData\Local\Spotify
2012-08-04 12:01:49 -------- d-----w- C:\Users\Ricky\AppData\Roaming\Spotify
2012-07-30 23:43:52 -------- d-----w- C:\Users\Ricky\AppData\Local\Amazon
2012-07-27 20:51:30 184248 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
==================== Find3M ====================
.
2012-07-12 03:20:58 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 03:20:58 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-03 20:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-26 23:03:06 4659712 ----a-w- C:\Windows\SysWow64\Redemption.dll
2012-06-06 15:49:52 1070152 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-04 07:59:20 99384 ----a-w- C:\Windows\System32\drivers\ssudbus.sys
2012-06-04 07:59:20 203320 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys
2012-06-02 22:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
.
============= FINISH: 19:07:19.64 ===============



.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 11/13/2011 10:42:26 AM
System Uptime: 8/20/2012 7:02:31 PM (0 hours ago)
.
Motherboard: MSI | | P67A-G43 (MS-7673)
Processor: Intel® Core™ i5-2500K CPU @ 3.30GHz | SOCKET 0 | 3301/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 1863 GiB total, 1703.761 GiB free.
D: is CDROM (UDF)
E: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP106: 7/17/2012 2:57:47 PM - Windows Update
RP108: 7/21/2012 10:16:00 AM - Windows Defender Checkpoint
RP109: 7/25/2012 6:10:14 PM - Windows Update
RP110: 7/31/2012 5:09:03 PM - Windows Update
RP111: 8/7/2012 4:47:06 PM - Windows Update
RP112: 8/14/2012 7:45:59 PM - Windows Update
RP113: 8/15/2012 3:00:27 AM - Windows Update
RP114: 8/19/2012 1:52:51 PM - Windows Update
.
==== Installed Programs ======================
.
2600
2600_Help
2600Trb
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4)
Age of Empires Online
AIO_CDB_ProductContext
AIO_CDB_Software
AIO_Scan
Aiseesoft Blu-ray Ripper
Amazon Kindle
Amazon MP3 Downloader 1.0.15
Amazon MP3 Uploader
Apple Application Support
Apple Software Update
Battlefield 3™
Battlelog Web Plugins
BufferChm
Copy
CyberLink Power2Go
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Destinations
DeviceDiscovery
Diablo III
Diablo III Beta
DocProc
ESN Sonar
Fax
Firebird SQL Server - MAGIX Edition
Google Chrome
Google Earth Plug-in
Google Toolbar for Internet Explorer
Google Update Helper
GPBaseService2
Hewlett-Packard ACLM.NET v1.1.0.0
Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
HP Product Detection
HP Update
HPPhotoGadget
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
HPSSupply
Intel® Management Engine Components
Java Auto Updater
Java™ 6 Update 29
Java™ 7 Update 2
Live Update 5
Logitech Harmony Remote Software 7
MAGIX Movie Edit Pro 17 Plus
MAGIX Screenshare
MAGIX Speed burnR (MSI)
Malwarebytes Anti-Malware version 1.62.0.1300
MarketResearch
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Music Manager
MyFreeCodec
NVIDIA 3D Vision Controller Driver
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
Origin
PlayMemories Home
PS3 Media Server
PunkBuster Services
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Remote Control USB Driver
Renesas Electronics USB 3.0 Host Controller Driver
Samsung Kies
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2553431) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Sid Meier's Civilization V
Sid Meier's Civilization V SDK
SmartWebPrinting
SolutionCenter
Spotify
StartNow Toolbar
Status
Steam
Super-Charger
The Elder Scrolls V: Skyrim
Toolbox
TrayApp
UnloadSupport
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Vuze
Vuze Remote Toolbar
WebReg
WinZip 15.0
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
8/15/2012 3:19:36 AM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.
.
==== End Of File ===========================

[TheDarkKnight]

I am TheDarkKnight and will be assisting you. Please ask questions if anything is unclear.

I see that you have a P2P (Peer-to-Peer) file sharing program installed (Vuze). I highly recommend that you consider uninstalling it. P2P programs represent a security threat to the information on your system as they allow others to access your system. Just look at the number of high profile compromises in the news as a result of P2P software:
Data about Obama's helicopter breached via P2P?
Leak of congressional ethics document prompts calls for cybersecurity probe
Walter Reed suffers peer-to-peer data breach
Update: Seattle man arrested for p-to-p ID theft

More listed here:
Data Security Threats And Breaches
You should read the link at the bottom of that page:
Why File Sharing Networks Are Dangerous (Dartmouth study, .pdf file)

In many cases P2P programs also represent a risk of infection from the program itself, as some have installed adware/spyware, or other programs without consent. Even if the program itself is clean, many P2P networks are riddled with malware, and it's often the newest, most difficult to remove malware. There are many risks associated with P2P programs, none are worth the risks. If you don't uninstall the P2P software, we will continue to clean your system, but realize that it's likely only a matter of time before you are infected again.

Please also go here to view our policy on P2P programs.


Also, I notice that you have the following installed:

Yahoo! Toolbar - has been known to exhibit borderline behaviour (please see here for more information).

Vuze Remote Toolbar - has been known to exhibit suspicious behaviour (please see here for more information).

StartNow Toolbar Helper - adware (please see here for more information)

Yontoo Layers - adware (please see here for more information).

I recommend removing all of these browser additions.

Please go to Start>Control Panel>Programs and Features>Programs and uninstall the following (if present):

• StartNow Toolbar
  
• Vuze
  
• Vuze Remote Toolbar
  
• Yahoo! Toolbar
  
• Yontoo Layers

Please restart your computer after these program removals.
==========

Next, please follow these instructions to run ComboFix.exe. Please visit this webpage for download links and instructions for running this tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix (CF).

Please go here to see a list of programs that need to be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall.**

**Note 2: If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.**

Please include the C:\ComboFix.txt in your next reply for further review.
=========

Finally, please download to your Desktop:

• TDSSKiller.zip from here and extract it (right click on it => "Extract here").

>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.

• Click on the Start Scan button and wait for the scan and disinfection process to be over.
  
• If an infected file is detected, the default action will be Cure. Instead, choose SKIP, then click on Continue
  
• If a suspicious file is detected, the default action will be Skip, click on Continue
  
• If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.

==========

In your next post please provide the following:

• ComboFix.txt.
  
• TDSSKiller log.

Are the redirects still occurring?

[SPIKETAPPR]

Deleted the programs listed and ran the two programs. Logs below. I appear to still be having the issue with redirected Google search links.


ComboFix 12-08-20.02 - Ricky 08/20/2012 22:45:00.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8163.6155 [GMT -7:00]
Running from: c:\users\Ricky\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
c:\program files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe
c:\users\Ricky\AppData\Local\Temp\99cab429-f99d-4f69-9d04-113ad532bd0f\CliSecureRT.dll
c:\users\Ricky\Favorites\Videos.url
c:\windows\SysWow64\muzapp.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-21 to 2012-08-21 )))))))))))))))))))))))))))))))
.
.
2012-08-21 05:48 . 2012-08-21 05:48 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-08-21 05:48 . 2012-08-21 05:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-21 01:36 . 2012-08-21 01:36 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9576CFC5-1EB7-4645-AB2F-BF99C48D127B}\offreg.dll
2012-08-21 01:31 . 2012-08-21 01:31 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4902E24E-3EB6-44D5-8EFF-77260B8E0208}\gapaengine.dll
2012-08-21 01:31 . 2012-08-01 22:58 9309624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9576CFC5-1EB7-4645-AB2F-BF99C48D127B}\mpengine.dll
2012-08-21 01:30 . 2012-08-21 01:30 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-08-21 01:30 . 2012-08-21 01:30 -------- d-----w- c:\program files\Microsoft Security Client
2012-08-19 20:53 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FC656006-BE38-4CFA-9E46-EC70EDC24C39}\mpengine.dll
2012-08-15 02:47 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
2012-08-15 02:47 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2012-08-15 02:47 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-08-15 02:47 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-08-15 02:47 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll
2012-08-15 02:47 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll
2012-08-15 02:47 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-08-15 02:47 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll
2012-08-15 02:47 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-15 02:47 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2012-08-15 02:47 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2012-08-15 02:47 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
2012-08-04 12:01 . 2012-08-21 05:32 -------- d-----w- c:\users\Ricky\AppData\Local\Spotify
2012-08-04 12:01 . 2012-08-21 05:32 -------- d-----w- c:\users\Ricky\AppData\Roaming\Spotify
2012-07-30 23:43 . 2012-07-30 23:43 -------- d-----w- c:\users\Ricky\AppData\Local\Amazon
2012-07-27 20:51 . 2012-07-27 20:51 184248 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-15 10:00 . 2011-11-23 11:00 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-07-12 03:20 . 2012-03-29 02:08 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-12 03:20 . 2011-11-13 19:13 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-03 20:46 . 2012-07-21 18:03 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-26 23:03 . 2012-07-15 23:02 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll
2012-06-26 23:02 . 2012-06-26 23:02 90112 ----a-w- c:\windows\MAMCityDownload.ocx
2012-06-26 23:02 . 2012-06-26 23:02 330240 ----a-w- c:\windows\MASetupCaller.dll
2012-06-26 23:02 . 2012-06-26 23:02 30568 ----a-w- c:\windows\MusiccityDownload.exe
2012-06-26 23:02 . 2012-06-26 23:02 974848 ----a-w- c:\windows\SysWow64\cis-2.4.dll
2012-06-26 23:02 . 2012-06-26 23:02 81920 ----a-w- c:\windows\SysWow64\issacapi_bs-2.3.dll
2012-06-26 23:02 . 2012-06-26 23:02 65536 ----a-w- c:\windows\SysWow64\issacapi_pe-2.3.dll
2012-06-26 23:02 . 2012-06-26 23:02 57344 ----a-w- c:\windows\SysWow64\MTXSYNCICON.dll
2012-06-26 23:02 . 2012-06-26 23:02 57344 ----a-w- c:\windows\SysWow64\MK_Lyric.dll
2012-06-26 23:02 . 2012-06-26 23:02 57344 ----a-w- c:\windows\SysWow64\issacapi_se-2.3.dll
2012-06-26 23:02 . 2012-06-26 23:02 569344 ----a-w- c:\windows\SysWow64\muzdecode.ax
2012-06-26 23:02 . 2012-06-26 23:02 491520 ----a-w- c:\windows\SysWow64\muzapp.dll
2012-06-26 23:02 . 2012-06-26 23:02 49152 ----a-w- c:\windows\SysWow64\MaJGUILib.dll
2012-06-26 23:02 . 2012-06-26 23:02 45320 ----a-w- c:\windows\SysWow64\MAMACExtract.dll
2012-06-26 23:02 . 2012-06-26 23:02 45056 ----a-w- c:\windows\SysWow64\MaXMLProto.dll
2012-06-26 23:02 . 2012-06-26 23:02 45056 ----a-w- c:\windows\SysWow64\MACXMLProto.dll
2012-06-26 23:02 . 2012-06-26 23:02 40960 ----a-w- c:\windows\SysWow64\MTTELECHIP.dll
2012-06-26 23:02 . 2012-06-26 23:02 352256 ----a-w- c:\windows\SysWow64\MSLUR71.dll
2012-06-26 23:02 . 2012-06-26 23:02 258048 ----a-w- c:\windows\SysWow64\muzoggsp.ax
2012-06-26 23:02 . 2012-06-26 23:02 245760 ----a-w- c:\windows\SysWow64\MSCLib.dll
2012-06-26 23:02 . 2012-06-26 23:02 24576 ----a-w- c:\windows\SysWow64\MASetupCleaner.exe
2012-06-26 23:02 . 2012-06-26 23:02 200704 ----a-w- c:\windows\SysWow64\muzwmts.dll
2012-06-26 23:02 . 2012-06-26 23:02 155648 ----a-w- c:\windows\SysWow64\MSFLib.dll
2012-06-26 23:02 . 2012-06-26 23:02 143360 ----a-w- c:\windows\SysWow64\3DAudio.ax
2012-06-26 23:02 . 2012-06-26 23:02 135168 ----a-w- c:\windows\SysWow64\muzaf1.dll
2012-06-26 23:02 . 2012-06-26 23:02 131072 ----a-w- c:\windows\SysWow64\muzmpgsp.ax
2012-06-26 23:02 . 2012-06-26 23:02 122880 ----a-w- c:\windows\SysWow64\muzeffect.ax
2012-06-26 23:02 . 2012-06-26 23:02 118784 ----a-w- c:\windows\SysWow64\MaDRM.dll
2012-06-26 23:02 . 2012-06-26 23:02 110592 ----a-w- c:\windows\SysWow64\muzmp4sp.ax
2012-06-26 23:02 . 2012-07-15 23:02 821824 ----a-w- c:\windows\SysWow64\dgderapi.dll
2012-06-09 05:43 . 2012-07-11 02:54 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 15:49 . 2012-06-06 15:49 1070152 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-06-06 06:06 . 2012-07-11 02:54 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-11 02:54 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-11 02:54 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-11 02:54 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-11 02:54 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-11 02:54 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-06-04 07:59 . 2012-07-15 23:03 99384 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2012-06-04 07:59 . 2012-07-15 23:03 203320 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2012-06-02 22:19 . 2012-06-19 00:15 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-19 00:15 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-19 00:15 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-19 00:15 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-19 00:15 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 22:19 . 2012-06-19 00:15 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-19 00:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-19 00:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 22:15 . 2012-06-19 00:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 05:50 . 2012-07-11 02:54 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-11 02:54 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:48 . 2012-07-11 02:54 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:45 . 2012-07-11 02:54 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-11 02:54 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-11 02:54 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-11 02:54 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-11 02:54 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-11 02:54 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-11-13 39408]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-08-05 1353080]
"Power2GoExpress"="c:\program files (x86)\CyberLink\Power2Go\Power2GoExpress.exe" [2010-11-26 2639144]
"MusicManager"="c:\users\Ricky\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2012-06-01 13806592]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2012-07-03 975288]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-07-03 21432]
"Spotify"="c:\users\Ricky\AppData\Roaming\Spotify\Spotify.exe" [2012-08-21 5576408]
"Spotify Web Helper"="c:\users\Ricky\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-08-21 1193176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"Super-Charger"="c:\program files (x86)\MSI\Super-Charger\StartSuperCharger.exe" [2011-01-25 303104]
"Live Update 5"="c:\program files (x86)\MSI\Live Update 5\LU5.exe" [2011-11-08 1858064]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2010-08-20 107816]
"TrayServer"="c:\progra~2\MAGIX\MOVIE_~1\TrayServer_en.exe" [2008-11-13 90112]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-23 150528]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-09-30 252296]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe" [2012-04-22 724536]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-07-03 3524536]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-13 136176]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-06-04 99384]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-13 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-27 291696]
R3 NTIOLib_1_0_6;NTIOLib_1_0_6;c:\program files (x86)\Setup Files\Ms7673v1E0\NTIOLib_X64.sys [2011-01-06 11888]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-06-04 203320]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-15 1255736]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-28 1253376]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [2012-04-22 474168]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-07-29 52584]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [2009-11-17 32344]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
S3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\program files (x86)\MSI\Live Update 5\msibios64_100507.sys [2010-05-10 33592]
S3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [2010-10-22 14136]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-01-17 188224]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-08-24 565352]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-13 19:12]
.
2012-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-13 19:12]
.
2012-08-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-581695653-2586300961-3122369496-1000Core.job
- c:\users\Ricky\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-16 01:32]
.
2012-08-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-581695653-2586300961-3122369496-1000UA.job
- c:\users\Ricky\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-16 01:32]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-01-17 6602856]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-11 1873256]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.yahoo.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-iCloudServices - c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
Wow6432Node-HKCU-Run-ApplePhotoStreams - c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
Wow6432Node-HKCU-Run-com.apple.dav.bookmarks.daemon - c:\program files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe
Wow6432Node-HKCU-Run-MobileDocuments - c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe
Wow6432Node-HKCU-Run-KiesAirMessage - c:\program files (x86)\Samsung\Kies\KiesAirMessage.exe
Wow6432Node-HKLM-Run-APSDaemon - c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)
AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]
"value"="?\01\02\18\01\00\1a\07"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\MSI\Super-Charger\Super-Charger.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2012-08-20 22:56:10 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-21 05:56
.
Pre-Run: 1,834,524,938,240 bytes free
Post-Run: 1,837,464,825,856 bytes free
.
- - End Of File - - DC3735F4420DE1EFEC87D1FD42F8EE55





23:03:02.0273 5244 TDSS rootkit removing tool 2.8.7.0 Aug 20 2012 17:30:03
23:03:02.0754 5244 ============================================================
23:03:02.0754 5244 Current date / time: 2012/08/20 23:03:02.0754
23:03:02.0754 5244 SystemInfo:
23:03:02.0754 5244
23:03:02.0754 5244 OS Version: 6.1.7601 ServicePack: 1.0
23:03:02.0754 5244 Product type: Workstation
23:03:02.0754 5244 ComputerName: RICKY-PC
23:03:02.0754 5244 UserName: Ricky
23:03:02.0754 5244 Windows directory: C:\Windows
23:03:02.0754 5244 System windows directory: C:\Windows
23:03:02.0755 5244 Running under WOW64
23:03:02.0755 5244 Processor architecture: Intel x64
23:03:02.0755 5244 Number of processors: 4
23:03:02.0755 5244 Page size: 0x1000
23:03:02.0755 5244 Boot type: Normal boot
23:03:02.0755 5244 ============================================================
23:03:03.0311 5244 Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:03:03.0329 5244 ============================================================
23:03:03.0329 5244 \Device\Harddisk0\DR0:
23:03:03.0329 5244 MBR partitions:
23:03:03.0329 5244 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
23:03:03.0329 5244 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xE8DCE8B0
23:03:03.0329 5244 ============================================================
23:03:03.0381 5244 C: <-> \Device\Harddisk0\DR0\Partition2
23:03:03.0381 5244 ============================================================
23:03:03.0381 5244 Initialize success
23:03:03.0381 5244 ============================================================
23:03:05.0029 3868 ============================================================
23:03:05.0029 3868 Scan started
23:03:05.0029 3868 Mode: Manual;
23:03:05.0029 3868 ============================================================
23:03:05.0621 3868 ================ Scan system memory ========================
23:03:05.0621 3868 System memory - ok
23:03:05.0621 3868 ================ Scan services =============================
23:03:06.0112 3868 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
23:03:06.0115 3868 1394ohci - ok
23:03:06.0140 3868 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
23:03:06.0143 3868 ACPI - ok
23:03:06.0164 3868 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
23:03:06.0166 3868 AcpiPmi - ok
23:03:06.0297 3868 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
23:03:06.0297 3868 AdobeARMservice - ok
23:03:06.0320 3868 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
23:03:06.0326 3868 adp94xx - ok
23:03:06.0347 3868 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
23:03:06.0352 3868 adpahci - ok
23:03:06.0373 3868 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
23:03:06.0376 3868 adpu320 - ok
23:03:06.0396 3868 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
23:03:06.0398 3868 AeLookupSvc - ok
23:03:06.0455 3868 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
23:03:06.0461 3868 AFD - ok
23:03:06.0476 3868 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
23:03:06.0478 3868 agp440 - ok
23:03:06.0495 3868 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
23:03:06.0497 3868 ALG - ok
23:03:06.0512 3868 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
23:03:06.0514 3868 aliide - ok
23:03:06.0526 3868 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
23:03:06.0528 3868 amdide - ok
23:03:06.0546 3868 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
23:03:06.0548 3868 AmdK8 - ok
23:03:06.0563 3868 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
23:03:06.0565 3868 AmdPPM - ok
23:03:06.0594 3868 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
23:03:06.0596 3868 amdsata - ok
23:03:06.0611 3868 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
23:03:06.0614 3868 amdsbs - ok
23:03:06.0633 3868 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
23:03:06.0634 3868 amdxata - ok
23:03:06.0655 3868 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
23:03:06.0657 3868 AppID - ok
23:03:06.0665 3868 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
23:03:06.0667 3868 AppIDSvc - ok
23:03:06.0692 3868 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
23:03:06.0694 3868 Appinfo - ok
23:03:06.0746 3868 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:03:06.0747 3868 Apple Mobile Device - ok
23:03:06.0771 3868 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
23:03:06.0773 3868 arc - ok
23:03:06.0786 3868 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
23:03:06.0789 3868 arcsas - ok
23:03:06.0800 3868 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
23:03:06.0801 3868 AsyncMac - ok
23:03:06.0805 3868 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
23:03:06.0806 3868 atapi - ok
23:03:06.0821 3868 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:03:06.0828 3868 AudioEndpointBuilder - ok
23:03:06.0836 3868 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
23:03:06.0841 3868 AudioSrv - ok
23:03:06.0859 3868 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
23:03:06.0862 3868 AxInstSV - ok
23:03:06.0886 3868 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
23:03:06.0891 3868 b06bdrv - ok
23:03:06.0930 3868 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
23:03:06.0934 3868 b57nd60a - ok
23:03:06.0961 3868 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
23:03:06.0964 3868 BDESVC - ok
23:03:06.0973 3868 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
23:03:06.0975 3868 Beep - ok
23:03:07.0055 3868 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
23:03:07.0062 3868 BFE - ok
23:03:07.0088 3868 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
23:03:07.0095 3868 BITS - ok
23:03:07.0101 3868 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
23:03:07.0102 3868 blbdrive - ok
23:03:07.0161 3868 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
23:03:07.0165 3868 Bonjour Service - ok
23:03:07.0193 3868 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
23:03:07.0195 3868 bowser - ok
23:03:07.0213 3868 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
23:03:07.0215 3868 BrFiltLo - ok
23:03:07.0224 3868 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
23:03:07.0225 3868 BrFiltUp - ok
23:03:07.0238 3868 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
23:03:07.0240 3868 BridgeMP - ok
23:03:07.0323 3868 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
23:03:07.0324 3868 Browser - ok
23:03:07.0346 3868 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
23:03:07.0350 3868 Brserid - ok
23:03:07.0364 3868 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
23:03:07.0367 3868 BrSerWdm - ok
23:03:07.0372 3868 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
23:03:07.0373 3868 BrUsbMdm - ok
23:03:07.0380 3868 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
23:03:07.0382 3868 BrUsbSer - ok
23:03:07.0397 3868 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
23:03:07.0400 3868 BTHMODEM - ok
23:03:07.0428 3868 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
23:03:07.0430 3868 bthserv - ok
23:03:07.0433 3868 catchme - ok
23:03:07.0453 3868 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
23:03:07.0455 3868 cdfs - ok
23:03:07.0473 3868 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
23:03:07.0475 3868 cdrom - ok
23:03:07.0540 3868 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
23:03:07.0543 3868 CertPropSvc - ok
23:03:07.0558 3868 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
23:03:07.0559 3868 circlass - ok
23:03:07.0594 3868 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
23:03:07.0599 3868 CLFS - ok
23:03:07.0655 3868 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:03:07.0658 3868 clr_optimization_v2.0.50727_32 - ok
23:03:07.0699 3868 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:03:07.0701 3868 clr_optimization_v2.0.50727_64 - ok
23:03:07.0742 3868 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:03:07.0743 3868 clr_optimization_v4.0.30319_32 - ok
23:03:07.0773 3868 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:03:07.0774 3868 clr_optimization_v4.0.30319_64 - ok
23:03:07.0786 3868 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
23:03:07.0787 3868 CmBatt - ok
23:03:07.0796 3868 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
23:03:07.0797 3868 cmdide - ok
23:03:07.0851 3868 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
23:03:07.0856 3868 CNG - ok
23:03:07.0866 3868 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
23:03:07.0867 3868 Compbatt - ok
23:03:07.0890 3868 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
23:03:07.0892 3868 CompositeBus - ok
23:03:07.0904 3868 COMSysApp - ok
23:03:07.0915 3868 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
23:03:07.0917 3868 crcdisk - ok
23:03:07.0946 3868 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
23:03:07.0948 3868 CryptSvc - ok
23:03:07.0974 3868 [ 1CA90212A99DB6975C344826D11055C9 ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
23:03:07.0975 3868 dc3d - ok
23:03:08.0018 3868 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
23:03:08.0023 3868 DcomLaunch - ok
23:03:08.0047 3868 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
23:03:08.0051 3868 defragsvc - ok
23:03:08.0064 3868 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
23:03:08.0067 3868 DfsC - ok
23:03:08.0117 3868 [ 6060106CE00F32F63F1A73160E46E9D2 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
23:03:08.0118 3868 dg_ssudbus - ok
23:03:08.0155 3868 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
23:03:08.0159 3868 Dhcp - ok
23:03:08.0169 3868 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
23:03:08.0169 3868 discache - ok
23:03:08.0211 3868 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
23:03:08.0213 3868 Disk - ok
23:03:08.0230 3868 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
23:03:08.0233 3868 Dnscache - ok
23:03:08.0250 3868 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
23:03:08.0254 3868 dot3svc - ok
23:03:08.0287 3868 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
23:03:08.0289 3868 Dot4 - ok
23:03:08.0299 3868 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
23:03:08.0301 3868 Dot4Print - ok
23:03:08.0309 3868 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
23:03:08.0311 3868 dot4usb - ok
23:03:08.0323 3868 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
23:03:08.0326 3868 DPS - ok
23:03:08.0351 3868 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
23:03:08.0352 3868 drmkaud - ok
23:03:08.0377 3868 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
23:03:08.0385 3868 DXGKrnl - ok
23:03:08.0394 3868 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
23:03:08.0397 3868 EapHost - ok
23:03:08.0460 3868 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
23:03:08.0502 3868 ebdrv - ok
23:03:08.0529 3868 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
23:03:08.0530 3868 EFS - ok
23:03:08.0577 3868 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
23:03:08.0585 3868 ehRecvr - ok
23:03:08.0610 3868 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
23:03:08.0613 3868 ehSched - ok
23:03:08.0636 3868 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
23:03:08.0642 3868 elxstor - ok
23:03:08.0657 3868 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
23:03:08.0659 3868 ErrDev - ok
23:03:08.0684 3868 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
23:03:08.0687 3868 EventSystem - ok
23:03:08.0732 3868 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
23:03:08.0735 3868 exfat - ok
23:03:08.0777 3868 Fabs - ok
23:03:08.0793 3868 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
23:03:08.0797 3868 fastfat - ok
23:03:08.0815 3868 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
23:03:08.0823 3868 Fax - ok
23:03:08.0838 3868 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
23:03:08.0840 3868 fdc - ok
23:03:08.0851 3868 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
23:03:08.0853 3868 fdPHost - ok
23:03:08.0868 3868 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
23:03:08.0871 3868 FDResPub - ok
23:03:08.0883 3868 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
23:03:08.0885 3868 FileInfo - ok
23:03:08.0894 3868 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
23:03:08.0896 3868 Filetrace - ok
23:03:08.0968 3868 [ FFF1130F7C9FA01D093A1EDFC5CCE8FC ] FirebirdServerMAGIXInstance C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
23:03:09.0012 3868 FirebirdServerMAGIXInstance - ok
23:03:09.0045 3868 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
23:03:09.0047 3868 flpydisk - ok
23:03:09.0059 3868 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
23:03:09.0062 3868 FltMgr - ok
23:03:09.0096 3868 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
23:03:09.0117 3868 FontCache - ok
23:03:09.0144 3868 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:03:09.0167 3868 FontCache3.0.0.0 - ok
23:03:09.0178 3868 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
23:03:09.0180 3868 FsDepends - ok
23:03:09.0216 3868 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
23:03:09.0216 3868 Fs_Rec - ok
23:03:09.0233 3868 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
23:03:09.0236 3868 fvevol - ok
23:03:09.0244 3868 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
23:03:09.0246 3868 gagp30kx - ok
23:03:09.0278 3868 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:03:09.0279 3868 GEARAspiWDM - ok
23:03:09.0308 3868 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
23:03:09.0316 3868 gpsvc - ok
23:03:09.0392 3868 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:03:09.0394 3868 gupdate - ok
23:03:09.0401 3868 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:03:09.0402 3868 gupdatem - ok
23:03:09.0410 3868 [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
23:03:09.0412 3868 gusvc - ok
23:03:09.0426 3868 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
23:03:09.0433 3868 hcw85cir - ok
23:03:09.0472 3868 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:03:09.0477 3868 HdAudAddService - ok
23:03:09.0502 3868 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
23:03:09.0505 3868 HDAudBus - ok
23:03:09.0526 3868 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
23:03:09.0527 3868 HidBatt - ok
23:03:09.0544 3868 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
23:03:09.0547 3868 HidBth - ok
23:03:09.0554 3868 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
23:03:09.0556 3868 HidIr - ok
23:03:09.0576 3868 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
23:03:09.0578 3868 hidserv - ok
23:03:09.0600 3868 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
23:03:09.0602 3868 HidUsb - ok
23:03:09.0612 3868 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
23:03:09.0616 3868 hkmsvc - ok
23:03:09.0630 3868 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
23:03:09.0634 3868 HomeGroupListener - ok
23:03:09.0657 3868 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
23:03:09.0661 3868 HomeGroupProvider - ok
23:03:09.0744 3868 [ 1DAE5C46D42B02A6D5862E1482EFB390 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
23:03:09.0747 3868 hpqcxs08 - ok
23:03:09.0774 3868 [ 99E8EEF42FE2F4AF29B08C3355DD7685 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
23:03:09.0776 3868 hpqddsvc - ok
23:03:09.0788 3868 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
23:03:09.0790 3868 HpSAMD - ok
23:03:09.0900 3868 [ F37882F128EFACEFE353E0BAE2766909 ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
23:03:09.0927 3868 HPSLPSVC - ok
23:03:09.0981 3868 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
23:03:09.0997 3868 HTTP - ok
23:03:10.0032 3868 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
23:03:10.0032 3868 hwpolicy - ok
23:03:10.0050 3868 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
23:03:10.0052 3868 i8042prt - ok
23:03:10.0073 3868 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
23:03:10.0077 3868 iaStorV - ok
23:03:10.0128 3868 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:03:10.0134 3868 idsvc - ok
23:03:10.0148 3868 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
23:03:10.0150 3868 iirsp - ok
23:03:10.0176 3868 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
23:03:10.0182 3868 IKEEXT - ok
23:03:10.0245 3868 [ 13089F31AA37CDE1CE3784EE01A48484 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
23:03:10.0265 3868 IntcAzAudAddService - ok
23:03:10.0278 3868 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
23:03:10.0279 3868 intelide - ok
23:03:10.0291 3868 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
23:03:10.0292 3868 intelppm - ok
23:03:10.0302 3868 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
23:03:10.0304 3868 IPBusEnum - ok
23:03:10.0315 3868 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:03:10.0317 3868 IpFilterDriver - ok
23:03:10.0323 3868 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
23:03:10.0328 3868 iphlpsvc - ok
23:03:10.0343 3868 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
23:03:10.0345 3868 IPMIDRV - ok
23:03:10.0367 3868 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
23:03:10.0370 3868 IPNAT - ok
23:03:10.0418 3868 [ 50D6CCC6FF5561F9F56946B3E6164FB8 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
23:03:10.0425 3868 iPod Service - ok
23:03:10.0440 3868 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
23:03:10.0442 3868 IRENUM - ok
23:03:10.0468 3868 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
23:03:10.0471 3868 isapnp - ok
23:03:10.0486 3868 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
23:03:10.0489 3868 iScsiPrt - ok
23:03:10.0509 3868 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
23:03:10.0510 3868 kbdclass - ok
23:03:10.0531 3868 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
23:03:10.0533 3868 kbdhid - ok
23:03:10.0559 3868 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
23:03:10.0560 3868 KeyIso - ok
23:03:10.0603 3868 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
23:03:10.0605 3868 KSecDD - ok
23:03:10.0617 3868 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
23:03:10.0619 3868 KSecPkg - ok
23:03:10.0626 3868 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
23:03:10.0628 3868 ksthunk - ok
23:03:10.0643 3868 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
23:03:10.0648 3868 KtmRm - ok
23:03:10.0675 3868 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
23:03:10.0679 3868 LanmanServer - ok
23:03:10.0715 3868 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:03:10.0719 3868 LanmanWorkstation - ok
23:03:10.0745 3868 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
23:03:10.0747 3868 lltdio - ok
23:03:10.0766 3868 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
23:03:10.0771 3868 lltdsvc - ok
23:03:10.0787 3868 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
23:03:10.0789 3868 lmhosts - ok
23:03:10.0811 3868 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
23:03:10.0814 3868 LSI_FC - ok
23:03:10.0834 3868 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
23:03:10.0837 3868 LSI_SAS - ok
23:03:10.0856 3868 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
23:03:10.0857 3868 LSI_SAS2 - ok
23:03:10.0873 3868 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
23:03:10.0876 3868 LSI_SCSI - ok
23:03:10.0895 3868 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
23:03:10.0897 3868 luafv - ok
23:03:10.0932 3868 [ DC8490812A3B72811AE534F423B4C206 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
23:03:10.0933 3868 MBAMProtector - ok
23:03:11.0082 3868 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
23:03:11.0087 3868 MBAMService - ok
23:03:11.0112 3868 [ 8FF2D95CBA49B405C5DE27039FF0BF35 ] MBfilt C:\Windows\system32\drivers\MBfilt64.sys
23:03:11.0113 3868 MBfilt - ok
23:03:11.0132 3868 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
23:03:11.0135 3868 Mcx2Svc - ok
23:03:11.0145 3868 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
23:03:11.0147 3868 megasas - ok
23:03:11.0178 3868 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
23:03:11.0182 3868 MegaSR - ok
23:03:11.0203 3868 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
23:03:11.0204 3868 MEIx64 - ok
23:03:11.0245 3868 Microsoft SharePoint Workspace Audit Service - ok
23:03:11.0263 3868 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
23:03:11.0267 3868 MMCSS - ok
23:03:11.0275 3868 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
23:03:11.0277 3868 Modem - ok
23:03:11.0299 3868 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
23:03:11.0299 3868 monitor - ok
23:03:11.0312 3868 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
23:03:11.0313 3868 mouclass - ok
23:03:11.0325 3868 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
23:03:11.0326 3868 mouhid - ok
23:03:11.0360 3868 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
23:03:11.0362 3868 mountmgr - ok
23:03:11.0394 3868 [ 94C66EDEDCDB6A126880472F9A704D8E ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
23:03:11.0397 3868 MpFilter - ok
23:03:11.0418 3868 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
23:03:11.0421 3868 mpio - ok
23:03:11.0425 3868 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
23:03:11.0427 3868 mpsdrv - ok
23:03:11.0449 3868 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
23:03:11.0459 3868 MpsSvc - ok
23:03:11.0480 3868 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
23:03:11.0483 3868 MRxDAV - ok
23:03:11.0504 3868 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
23:03:11.0506 3868 mrxsmb - ok
23:03:11.0525 3868 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:03:11.0529 3868 mrxsmb10 - ok
23:03:11.0539 3868 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:03:11.0541 3868 mrxsmb20 - ok
23:03:11.0551 3868 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
23:03:11.0553 3868 msahci - ok
23:03:11.0564 3868 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
23:03:11.0566 3868 msdsm - ok
23:03:11.0583 3868 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
23:03:11.0586 3868 MSDTC - ok
23:03:11.0605 3868 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
23:03:11.0606 3868 Msfs - ok
23:03:11.0612 3868 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
23:03:11.0614 3868 mshidkmdf - ok
23:03:11.0625 3868 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
23:03:11.0625 3868 msisadrv - ok
23:03:11.0638 3868 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
23:03:11.0641 3868 MSiSCSI - ok
23:03:11.0644 3868 msiserver - ok
23:03:11.0685 3868 [ 192476C10371DC83243D67432B2CDCBF ] MSI_MSIBIOS_010507 C:\Program Files (x86)\MSI\Live Update 5\msibios64_100507.sys
23:03:11.0686 3868 MSI_MSIBIOS_010507 - ok
23:03:11.0710 3868 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
23:03:11.0713 3868 MSKSSRV - ok
23:03:11.0783 3868 [ 59FAAF2C83C8169EA20F9E335E418907 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
23:03:11.0784 3868 MsMpSvc - ok
23:03:11.0803 3868 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
23:03:11.0805 3868 MSPCLOCK - ok
23:03:11.0816 3868 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
23:03:11.0818 3868 MSPQM - ok
23:03:11.0833 3868 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
23:03:11.0837 3868 MsRPC - ok
23:03:11.0855 3868 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
23:03:11.0856 3868 mssmbios - ok
23:03:11.0871 3868 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
23:03:11.0873 3868 MSTEE - ok
23:03:11.0885 3868 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
23:03:11.0886 3868 MTConfig - ok
23:03:11.0905 3868 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
23:03:11.0906 3868 Mup - ok
23:03:11.0938 3868 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
23:03:11.0945 3868 napagent - ok
23:03:11.0980 3868 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
23:03:11.0984 3868 NativeWifiP - ok
23:03:12.0017 3868 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
23:03:12.0024 3868 NDIS - ok
23:03:12.0050 3868 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
23:03:12.0052 3868 NdisCap - ok
23:03:12.0075 3868 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
23:03:12.0077 3868 NdisTapi - ok
23:03:12.0097 3868 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
23:03:12.0099 3868 Ndisuio - ok
23:03:12.0112 3868 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
23:03:12.0115 3868 NdisWan - ok
23:03:12.0128 3868 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
23:03:12.0130 3868 NDProxy - ok
23:03:12.0174 3868 [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
23:03:12.0176 3868 Net Driver HPZ12 - ok
23:03:12.0202 3868 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
23:03:12.0205 3868 NetBIOS - ok
23:03:12.0219 3868 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
23:03:12.0223 3868 NetBT - ok
23:03:12.0238 3868 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
23:03:12.0239 3868 Netlogon - ok
23:03:12.0269 3868 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
23:03:12.0273 3868 Netman - ok
23:03:12.0282 3868 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
23:03:12.0289 3868 netprofm - ok
23:03:12.0308 3868 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:03:12.0311 3868 NetTcpPortSharing - ok
23:03:12.0359 3868 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
23:03:12.0361 3868 nfrd960 - ok
23:03:12.0418 3868 [ 91B4E0273D2F6C24EF845F2B41311289 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
23:03:12.0420 3868 NisDrv - ok
23:03:12.0441 3868 [ 10A43829A9E606AF3EEF25A1C1665923 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
23:03:12.0445 3868 NisSrv - ok
23:03:12.0465 3868 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
23:03:12.0471 3868 NlaSvc - ok
23:03:12.0483 3868 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
23:03:12.0485 3868 Npfs - ok
23:03:12.0495 3868 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
23:03:12.0498 3868 nsi - ok
23:03:12.0511 3868 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
23:03:12.0513 3868 nsiproxy - ok
23:03:12.0551 3868 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
23:03:12.0564 3868 Ntfs - ok
23:03:12.0604 3868 [ 1B32C54B95121AB1683C7B83B2DB4B96 ] NTIOLib_1_0_4 C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys
23:03:12.0604 3868 NTIOLib_1_0_4 - ok
23:03:12.0653 3868 [ C02F70960FA934B8DEFA16A03D7F6556 ] NTIOLib_1_0_6 C:\Program Files (x86)\Setup Files\Ms7673v1E0\NTIOLib_X64.sys
23:03:12.0655 3868 NTIOLib_1_0_6 - ok
23:03:12.0672 3868 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
23:03:12.0672 3868 Null - ok
23:03:12.0698 3868 [ 158AD24745BD85BA9BE3C51C38F48C32 ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
23:03:12.0701 3868 nusb3hub - ok
23:03:12.0721 3868 [ D40A13B2C0891E218F9523B376955DB6 ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
23:03:12.0724 3868 nusb3xhc - ok
23:03:12.0761 3868 [ 8D4AAC74B571FC356560E5B308955E93 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
23:03:12.0763 3868 NVHDA - ok
23:03:12.0963 3868 [ 0EB204639119370F5F8F2871FBF4E14B ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
23:03:13.0009 3868 nvlddmkm - ok
23:03:13.0030 3868 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
23:03:13.0032 3868 nvraid - ok
23:03:13.0054 3868 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
23:03:13.0055 3868 nvstor - ok
23:03:13.0078 3868 [ 32FF8EE6DCEE5C0CB91FF892FB1CA364 ] nvsvc C:\Windows\system32\nvvsvc.exe
23:03:13.0088 3868 nvsvc - ok
23:03:13.0171 3868 [ BD012DC22C78BE1071BC21EB125D782F ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
23:03:13.0185 3868 nvUpdatusService - ok
23:03:13.0202 3868 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
23:03:13.0204 3868 nv_agp - ok
23:03:13.0230 3868 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
23:03:13.0232 3868 ohci1394 - ok
23:03:13.0300 3868 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:03:13.0302 3868 ose - ok
23:03:13.0443 3868 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
23:03:13.0464 3868 osppsvc - ok
23:03:13.0491 3868 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
23:03:13.0494 3868 p2pimsvc - ok
23:03:13.0516 3868 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
23:03:13.0522 3868 p2psvc - ok
23:03:13.0533 3868 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
23:03:13.0535 3868 Parport - ok
23:03:13.0574 3868 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
23:03:13.0575 3868 partmgr - ok
23:03:13.0594 3868 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
23:03:13.0598 3868 PcaSvc - ok
23:03:13.0612 3868 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
23:03:13.0615 3868 pci - ok
23:03:13.0628 3868 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
23:03:13.0628 3868 pciide - ok
23:03:13.0644 3868 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
23:03:13.0647 3868 pcmcia - ok
23:03:13.0663 3868 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
23:03:13.0664 3868 pcw - ok
23:03:13.0677 3868 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
23:03:13.0684 3868 PEAUTH - ok
23:03:13.0741 3868 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
23:03:13.0743 3868 PerfHost - ok
23:03:13.0781 3868 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
23:03:13.0812 3868 pla - ok
23:03:13.0850 3868 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
23:03:13.0856 3868 PlugPlay - ok
23:03:13.0930 3868 [ 3072137896BFCCF4B190D248F583B48E ] PMBDeviceInfoProvider C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
23:03:13.0934 3868 PMBDeviceInfoProvider - ok
23:03:13.0975 3868 [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
23:03:13.0978 3868 Pml Driver HPZ12 - ok
23:03:13.0988 3868 PnkBstrA - ok
23:03:13.0997 3868 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
23:03:14.0000 3868 PNRPAutoReg - ok
23:03:14.0017 3868 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
23:03:14.0021 3868 PNRPsvc - ok
23:03:14.0044 3868 [ 4F0878FD62D5F7444C5F1C4C66D9D293 ] Point64 C:\Windows\system32\DRIVERS\point64.sys
23:03:14.0045 3868 Point64 - ok
23:03:14.0071 3868 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
23:03:14.0077 3868 PolicyAgent - ok
23:03:14.0102 3868 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
23:03:14.0106 3868 Power - ok
23:03:14.0132 3868 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
23:03:14.0134 3868 PptpMiniport - ok
23:03:14.0157 3868 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
23:03:14.0159 3868 Processor - ok
23:03:14.0185 3868 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
23:03:14.0189 3868 ProfSvc - ok
23:03:14.0196 3868 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
23:03:14.0197 3868 ProtectedStorage - ok
23:03:14.0208 3868 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
23:03:14.0210 3868 Psched - ok
23:03:14.0256 3868 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
23:03:14.0287 3868 ql2300 - ok
23:03:14.0302 3868 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
23:03:14.0304 3868 ql40xx - ok
23:03:14.0324 3868 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
23:03:14.0328 3868 QWAVE - ok
23:03:14.0343 3868 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
23:03:14.0346 3868 QWAVEdrv - ok
23:03:14.0353 3868 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
23:03:14.0354 3868 RasAcd - ok
23:03:14.0379 3868 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
23:03:14.0380 3868 RasAgileVpn - ok
23:03:14.0387 3868 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
23:03:14.0391 3868 RasAuto - ok
23:03:14.0404 3868 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
23:03:14.0407 3868 Rasl2tp - ok
23:03:14.0430 3868 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
23:03:14.0436 3868 RasMan - ok
23:03:14.0451 3868 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
23:03:14.0454 3868 RasPppoe - ok
23:03:14.0476 3868 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
23:03:14.0479 3868 RasSstp - ok
23:03:14.0495 3868 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
23:03:14.0499 3868 rdbss - ok
23:03:14.0515 3868 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
23:03:14.0517 3868 rdpbus - ok
23:03:14.0521 3868 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
23:03:14.0522 3868 RDPCDD - ok
23:03:14.0537 3868 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
23:03:14.0538 3868 RDPENCDD - ok
23:03:14.0551 3868 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
23:03:14.0553 3868 RDPREFMP - ok
23:03:14.0567 3868 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
23:03:14.0570 3868 RDPWD - ok
23:03:14.0589 3868 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
23:03:14.0592 3868 rdyboost - ok
23:03:14.0606 3868 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
23:03:14.0609 3868 RemoteAccess - ok
23:03:14.0615 3868 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
23:03:14.0617 3868 RemoteRegistry - ok
23:03:14.0634 3868 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
23:03:14.0637 3868 RpcEptMapper - ok
23:03:14.0647 3868 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
23:03:14.0650 3868 RpcLocator - ok
23:03:14.0664 3868 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
23:03:14.0670 3868 RpcSs - ok
23:03:14.0689 3868 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
23:03:14.0691 3868 rspndr - ok
23:03:14.0733 3868 [ 9140DB0911DE035FED0A9A77A2D156EA ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
23:03:14.0738 3868 RTL8167 - ok
23:03:14.0751 3868 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
23:03:14.0753 3868 SamSs - ok
23:03:14.0767 3868 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
23:03:14.0770 3868 sbp2port - ok
23:03:14.0788 3868 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
23:03:14.0792 3868 SCardSvr - ok
23:03:14.0808 3868 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
23:03:14.0810 3868 scfilter - ok
23:03:14.0836 3868 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
23:03:14.0845 3868 Schedule - ok
23:03:14.0863 3868 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
23:03:14.0864 3868 SCPolicySvc - ok
23:03:14.0876 3868 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
23:03:14.0880 3868 SDRSVC - ok
23:03:14.0899 3868 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
23:03:14.0901 3868 secdrv - ok
23:03:14.0914 3868 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
23:03:14.0917 3868 seclogon - ok
23:03:14.0936 3868 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
23:03:14.0939 3868 SENS - ok
23:03:14.0960 3868 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
23:03:14.0963 3868 SensrSvc - ok
23:03:14.0984 3868 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
23:03:14.0986 3868 Serenum - ok
23:03:15.0050 3868 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
23:03:15.0052 3868 Serial - ok
23:03:15.0095 3868 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
23:03:15.0119 3868 sermouse - ok
23:03:15.0140 3868 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
23:03:15.0144 3868 SessionEnv - ok
23:03:15.0160 3868 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
23:03:15.0163 3868 sffdisk - ok
23:03:15.0175 3868 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
23:03:15.0178 3868 sffp_mmc - ok
23:03:15.0187 3868 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
23:03:15.0188 3868 sffp_sd - ok
23:03:15.0201 3868 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
23:03:15.0204 3868 sfloppy - ok
23:03:15.0223 3868 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
23:03:15.0228 3868 SharedAccess - ok
23:03:15.0240 3868 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:03:15.0244 3868 ShellHWDetection - ok
23:03:15.0257 3868 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
23:03:15.0260 3868 SiSRaid2 - ok
23:03:15.0276 3868 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
23:03:15.0278 3868 SiSRaid4 - ok
23:03:15.0290 3868 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
23:03:15.0293 3868 Smb - ok
23:03:15.0320 3868 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
23:03:15.0323 3868 SNMPTRAP - ok
23:03:15.0333 3868 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
23:03:15.0334 3868 spldr - ok
23:03:15.0372 3868 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
23:03:15.0378 3868 Spooler - ok
23:03:15.0442 3868 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
23:03:15.0504 3868 sppsvc - ok
23:03:15.0521 3868 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
23:03:15.0524 3868 sppuinotify - ok
23:03:15.0548 3868 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
23:03:15.0553 3868 srv - ok
23:03:15.0561 3868 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
23:03:15.0566 3868 srv2 - ok
23:03:15.0578 3868 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
23:03:15.0581 3868 srvnet - ok
23:03:15.0594 3868 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
23:03:15.0597 3868 SSDPSRV - ok
23:03:15.0607 3868 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
23:03:15.0611 3868 SstpSvc - ok
23:03:15.0645 3868 [ 855335BF5792E56164F98C012E3D92DD ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
23:03:15.0647 3868 ssudmdm - ok
23:03:15.0698 3868 Steam Client Service - ok
23:03:15.0748 3868 [ FC0A58529A02B1EED55DDC58696B7908 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
23:03:15.0751 3868 Stereo Service - ok
23:03:15.0755 3868 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
23:03:15.0756 3868 stexstor - ok
23:03:15.0793 3868 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
23:03:15.0802 3868 stisvc - ok
23:03:15.0813 3868 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
23:03:15.0814 3868 swenum - ok
23:03:15.0828 3868 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
23:03:15.0835 3868 swprv - ok
23:03:15.0867 3868 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
23:03:15.0898 3868 SysMain - ok
23:03:15.0909 3868 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:03:15.0912 3868 TabletInputService - ok
23:03:15.0923 3868 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
23:03:15.0927 3868 TapiSrv - ok
23:03:15.0940 3868 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
23:03:15.0943 3868 TBS - ok
23:03:16.0009 3868 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
23:03:16.0023 3868 Tcpip - ok
23:03:16.0067 3868 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
23:03:16.0081 3868 TCPIP6 - ok
23:03:16.0098 3868 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
23:03:16.0100 3868 tcpipreg - ok
23:03:16.0113 3868 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
23:03:16.0114 3868 TDPIPE - ok
23:03:16.0132 3868 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
23:03:16.0133 3868 TDTCP - ok
23:03:16.0147 3868 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
23:03:16.0148 3868 tdx - ok
23:03:16.0162 3868 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
23:03:16.0163 3868 TermDD - ok
23:03:16.0179 3868 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
23:03:16.0184 3868 TermService - ok
23:03:16.0187 3868 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
23:03:16.0189 3868 Themes - ok
23:03:16.0203 3868 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
23:03:16.0204 3868 THREADORDER - ok
23:03:16.0212 3868 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
23:03:16.0215 3868 TrkWks - ok
23:03:16.0249 3868 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:03:16.0251 3868 TrustedInstaller - ok
23:03:16.0259 3868 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
23:03:16.0261 3868 tssecsrv - ok
23:03:16.0286 3868 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
23:03:16.0288 3868 TsUsbFlt - ok
23:03:16.0297 3868 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
23:03:16.0299 3868 TsUsbGD - ok
23:03:16.0328 3868 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
23:03:16.0331 3868 tunnel - ok
23:03:16.0347 3868 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
23:03:16.0349 3868 uagp35 - ok
23:03:16.0368 3868 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
23:03:16.0372 3868 udfs - ok
23:03:16.0388 3868 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
23:03:16.0391 3868 UI0Detect - ok
23:03:16.0417 3868 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
23:03:16.0419 3868 uliagpkx - ok
23:03:16.0473 3868 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
23:03:16.0474 3868 umbus - ok
23:03:16.0494 3868 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
23:03:16.0496 3868 UmPass - ok
23:03:16.0515 3868 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
23:03:16.0521 3868 upnphost - ok
23:03:16.0551 3868 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
23:03:16.0554 3868 USBAAPL64 - ok
23:03:16.0568 3868 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
23:03:16.0570 3868 usbccgp - ok
23:03:16.0591 3868 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
23:03:16.0593 3868 usbcir - ok
23:03:16.0620 3868 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
23:03:16.0622 3868 usbehci - ok
23:03:16.0642 3868 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
23:03:16.0646 3868 usbhub - ok
23:03:16.0662 3868 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
23:03:16.0664 3868 usbohci - ok
23:03:16.0685 3868 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
23:03:16.0686 3868 usbprint - ok
23:03:16.0715 3868 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
23:03:16.0716 3868 usbscan - ok
23:03:16.0727 3868 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:03:16.0729 3868 USBSTOR - ok
23:03:16.0755 3868 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
23:03:16.0757 3868 usbuhci - ok
23:03:16.0762 3868 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
23:03:16.0764 3868 UxSms - ok
23:03:16.0781 3868 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
23:03:16.0783 3868 VaultSvc - ok
23:03:16.0795 3868 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
23:03:16.0796 3868 vdrvroot - ok
23:03:16.0814 3868 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
23:03:16.0822 3868 vds - ok
23:03:16.0839 3868 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
23:03:16.0841 3868 vga - ok
23:03:16.0853 3868 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
23:03:16.0856 3868 VgaSave - ok
23:03:16.0874 3868 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
23:03:16.0878 3868 vhdmp - ok
23:03:16.0885 3868 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
23:03:16.0887 3868 viaide - ok
23:03:16.0908 3868 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
23:03:16.0910 3868 volmgr - ok
23:03:16.0924 3868 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
23:03:16.0928 3868 volmgrx - ok
23:03:16.0942 3868 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
23:03:16.0946 3868 volsnap - ok
23:03:16.0963 3868 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
23:03:16.0966 3868 vsmraid - ok
23:03:17.0002 3868 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
23:03:17.0034 3868 VSS - ok
23:03:17.0062 3868 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
23:03:17.0065 3868 vwifibus - ok
23:03:17.0084 3868 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
23:03:17.0090 3868 W32Time - ok
23:03:17.0107 3868 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
23:03:17.0109 3868 WacomPen - ok
23:03:17.0129 3868 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
23:03:17.0131 3868 WANARP - ok
23:03:17.0144 3868 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
23:03:17.0145 3868 Wanarpv6 - ok
23:03:17.0213 3868 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
23:03:17.0234 3868 WatAdminSvc - ok
23:03:17.0270 3868 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
23:03:17.0301 3868 wbengine - ok
23:03:17.0318 3868 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
23:03:17.0323 3868 WbioSrvc - ok
23:03:17.0334 3868 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
23:03:17.0340 3868 wcncsvc - ok
23:03:17.0348 3868 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:03:17.0352 3868 WcsPlugInService - ok
23:03:17.0359 3868 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
23:03:17.0360 3868 Wd - ok
23:03:17.0380 3868 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
23:03:17.0388 3868 Wdf01000 - ok
23:03:17.0399 3868 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
23:03:17.0403 3868 WdiServiceHost - ok
23:03:17.0406 3868 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
23:03:17.0409 3868 WdiSystemHost - ok
23:03:17.0424 3868 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
23:03:17.0429 3868 WebClient - ok
23:03:17.0445 3868 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
23:03:17.0450 3868 Wecsvc - ok
23:03:17.0464 3868 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
23:03:17.0468 3868 wercplsupport - ok
23:03:17.0500 3868 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
23:03:17.0504 3868 WerSvc - ok
23:03:17.0531 3868 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
23:03:17.0533 3868 WfpLwf - ok
23:03:17.0545 3868 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
23:03:17.0546 3868 WIMMount - ok
23:03:17.0558 3868 WinDefend - ok
23:03:17.0562 3868 WinHttpAutoProxySvc - ok
23:03:17.0604 3868 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
23:03:17.0607 3868 Winmgmt - ok
23:03:17.0655 3868 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
23:03:17.0696 3868 WinRM - ok
23:03:17.0729 3868 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
23:03:17.0731 3868 WinUsb - ok
23:03:17.0756 3868 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
23:03:17.0767 3868 Wlansvc - ok
23:03:17.0898 3868 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:03:17.0914 3868 wlidsvc - ok
23:03:17.0927 3868 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
23:03:17.0928 3868 WmiAcpi - ok
23:03:17.0943 3868 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
23:03:17.0945 3868 wmiApSrv - ok
23:03:17.0966 3868 WMPNetworkSvc - ok
23:03:17.0979 3868 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
23:03:17.0981 3868 WPCSvc - ok
23:03:17.0986 3868 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
23:03:17.0989 3868 WPDBusEnum - ok
23:03:18.0000 3868 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
23:03:18.0002 3868 ws2ifsl - ok
23:03:18.0009 3868 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
23:03:18.0012 3868 wscsvc - ok
23:03:18.0015 3868 WSearch - ok
23:03:18.0076 3868 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
23:03:18.0117 3868 wuauserv - ok
23:03:18.0134 3868 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
23:03:18.0136 3868 WudfPf - ok
23:03:18.0156 3868 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
23:03:18.0159 3868 WUDFRd - ok
23:03:18.0182 3868 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
23:03:18.0184 3868 wudfsvc - ok
23:03:18.0207 3868 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
23:03:18.0210 3868 WwanSvc - ok
23:03:18.0214 3868 ================ Scan global ===============================
23:03:18.0235 3868 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
23:03:18.0252 3868 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
23:03:18.0260 3868 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
23:03:18.0276 3868 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
23:03:18.0293 3868 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
23:03:18.0297 3868 [Global] - ok
23:03:18.0298 3868 ================ Scan MBR ==================================
23:03:18.0309 3868 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
23:03:18.0456 3868 \Device\Harddisk0\DR0 - ok
23:03:18.0456 3868 ================ Scan VBR ==================================
23:03:18.0460 3868 [ E1D0ED0F5E3937A21DAE1EA31BC6802F ] \Device\Harddisk0\DR0\Partition1
23:03:18.0462 3868 \Device\Harddisk0\DR0\Partition1 - ok
23:03:18.0470 3868 [ 089CF8ACFCEF5A60BE6EB156D686EB63 ] \Device\Harddisk0\DR0\Partition2
23:03:18.0472 3868 \Device\Harddisk0\DR0\Partition2 - ok
23:03:18.0472 3868 ============================================================
23:03:18.0472 3868 Scan finished
23:03:18.0472 3868 ============================================================
23:03:18.0483 5680 Detected object count: 0
23:03:18.0483 5680 Actual detected object count: 0
23:03:42.0126 1792 Deinitialize success

[TheDarkKnight]

Hello SPIKETAPPR.

Thank you for the logs.

I'd like you to upload a couple of files please (you will only be able to scan one at a time):

• Go to VirusTotal.
  
• Click Choose File.
  
• Copy and paste the exact file name in bold:
  
  • muzoggsp.ax
    
  • muzaf1.dll
    
  • MTTELECHIP.dll
    
  • MASetupCleaner.exe
• Click Send It!.
  
• Copy and paste the results once VirusTotal has finished scanning the file in your reply.
  
• Note: If it says the file has already being scanned please have it rescanned.

==========

Next, please download MBRCheck by a_d_13 to your Desktop from one of these locations:

http://ad13.geekstogo.com/MBRCheck.exe
http://download.blee...al/MBRCheck.exe
http://www.kernelmod...fo/MBRCheck.exe

Close all opened programs/ windows and double-click on MBRCheck.exe.
It will produce a log file saved automatically on your Desktop as "MBRCheck_[Date]_[Time].txt".

Press the "Enter" key to close the MBRCheck window and post the contents of the log file.

Finally, please download aswMBR by gmer to your Desktop.

• Please visit this site for instructions on how to run the tool.
  
• Once familiar with this tool, double click aswMBR.exe to run it.
  
• Click the Scan button to start the scan. Note: Do NOT fix anything.
  
• Once the scan has completed, please save the aswMBR.txt log to the Desktop and post it in your next reply.

==========

Please post the following in your reply:

• Results from VirusTotal.
  
• MBRCheck log.
  
• aswMBR.txt.

[SPIKETAPPR]

Antivirus Result Updat AhnLab-V3 - 20120821 AntiVir - 20120821 Antiy-AVL - 20120821 Avast - 20120821 AVG - 20120822 BitDefender - 20120821 ByteHero - 20120814 CAT-QuickHeal - 20120821 ClamAV - 20120822 Commtouch - 20120822 Comodo - 20120821 DrWeb - 20120822 Emsisoft - 20120821 eSafe - 20120821 ESET-NOD32 - 20120821 F-Prot - 20120821 F-Secure - 20120821 Fortinet - 20120822 GData - 20120821 Ikarus - 20120818 Jiangmin - 20120821 K7AntiVirus - 20120821 Kaspersky - 20120822 McAfee - 20120822 McAfee-GW-Edition - 20120822 Microsoft - 20120822 Norman - 20120821 nProtect - 20120821 Panda - 20120821 PCTools - 20120822 Rising - 20120821 Sophos - 20120822 SUPERAntiSpyware - 20120821 Symantec - 20120821 TheHacker - 20120820 TotalDefense - 20120821 TrendMicro - 20120822 TrendMicro-HouseCall - 20120822 VBA32 - 20120821 VIPRE - 20120822 ViRobot - 20120821 VirusBuster -
20120821

SHA256: 2d467a46756a10cd764abf3d8344050066b027c8f368e96237ef0e9e69c923c2 File name: muzoggsp.ax Detection ratio: 0 / 42 Analysis date: 2012-08-22 00:47:34 UTC ( 0 minutes ago

Antivirus Result Update AhnLab-V3 - 20120821 AntiVir - 20120821 Antiy-AVL - 20120821 Avast - 20120821 AVG - 20120821 BitDefender - 20120821 ByteHero - 20120814 CAT-QuickHeal - 20120821 ClamAV - 20120821 Commtouch - 20120821 Comodo - 20120821 DrWeb - 20120821 Emsisoft - 20120821 eSafe - 20120821 ESET-NOD32 - 20120821 F-Prot - 20120820 F-Secure - 20120821 Fortinet - 20120821 GData - 20120821 Ikarus - 20120818 Jiangmin - 20120821 K7AntiVirus - 20120820 Kaspersky - 20120821 McAfee - 20120821 McAfee-GW-Edition - 20120821 Microsoft - 20120821 Norman - 20120821 nProtect - 20120821 Panda - 20120821 PCTools - 20120821 Rising - 20120821 Sophos - 20120821 SUPERAntiSpyware - 20120821 Symantec - 20120821 TheHacker - 20120820 TotalDefense - 20120821 TrendMicro - 20120821 TrendMicro-HouseCall - 20120821 VBA32 - 20120821 VIPRE - 20120821 ViRobot - 20120821 VirusBuster - 20120821

SHA256: b6079e6a6159ff9d21fd1cf26a96e851d09c35448b66a08b314978368bf771d1 File name: muzaf1.dll Detection ratio: 0 / 42 Analysis date: 2012-08-22 00:48:07 UTC ( 0 minutes a

Antivirus Result Update AhnLab-V3 - 20120821 AntiVir - 20120821 Antiy-AVL - 20120821 Avast - 20120821 AVG - 20120821 BitDefender - 20120821 ByteHero - 20120814 CAT-QuickHeal - 20120821 ClamAV - 20120821 Commtouch - 20120821 Comodo - 20120821 DrWeb - 20120821 Emsisoft - 20120821 eSafe - 20120821 ESET-NOD32 - 20120821 F-Prot - 20120820 F-Secure - 20120821 Fortinet - 20120821 GData - 20120821 Ikarus - 20120818 Jiangmin - 20120821 K7AntiVirus - 20120820 Kaspersky - 20120821 McAfee - 20120821 McAfee-GW-Edition - 20120821 Microsoft - 20120821 Norman - 20120821 nProtect - 20120821 Panda - 20120821 PCTools - 20120821 Rising - 20120821 Sophos - 20120821 SUPERAntiSpyware - 20120821 Symantec - 20120821 TheHacker - 20120820 TotalDefense - 20120821 TrendMicro - 20120821 TrendMicro-HouseCall - 20120821 VBA32 - 20120821 VIPRE - 20120821 ViRobot - 20120821 VirusBuster - 20120821

SHA256: 98a67ad02f8d49726d09e3c8bb83de4c1abf46874d43db62c494ec92c693ce6c File name: MASetupCleaner.exe Detection ratio: 0 / 42 Analysis date: 2012-08-22 00:50:56 UTC ( 1 minute ago

More details

Antivirus Result Update AhnLab-V3 - 20120821 AntiVir - 20120821 Antiy-AVL - 20120821 Avast - 20120821 AVG - 20120822 BitDefender - 20120821 ByteHero - 20120817 CAT-QuickHeal - 20120821 ClamAV - 20120822 Commtouch - 20120822 Comodo - 20120821 DrWeb - 20120822 Emsisoft - 20120821 eSafe - 20120821 ESET-NOD32 - 20120821 F-Prot - 20120821 F-Secure - 20120821 Fortinet - 20120822 GData - 20120821 Ikarus - 20120818 Jiangmin - 20120821 K7AntiVirus - 20120821 Kaspersky - 20120822 McAfee - 20120822 McAfee-GW-Edition - 20120822 Microsoft - 20120822 Norman - 20120821 nProtect - 20120821 Panda - 20120821 PCTools - 20120822 Rising - 20120821 Sophos - 20120822 SUPERAntiSpyware - 20120821 Symantec - 20120821 TheHacker - 20120820 TotalDefense - 20120821 TrendMicro - 20120822 TrendMicro-HouseCall - 20120822 VBA32 - 20120821 VIPRE - 20120822 ViRobot - 20120821 VirusBuster - 20120821

SHA256: 98c9392c16f8f02a8fb812124f9cf6af4e9ebd5c232d0bffdd2313edc8f5c187 File name: MTTELECHIP.dll Detection ratio: 0 / 42 Analysis date: 2012-08-22 00:45:13 UTC ( 10 minutes ago )

More details

Antivirus Result Update AhnLab-V3 - 20120821 AntiVir - 20120821 Antiy-AVL - 20120821 Avast - 20120821 AVG - 20120822 BitDefender - 20120821 ByteHero - 20120814 CAT-QuickHeal - 20120821 ClamAV - 20120822 Commtouch - 20120822 Comodo - 20120821 DrWeb - 20120822 Emsisoft - 20120821 eSafe - 20120821 ESET-NOD32 - 20120821 F-Prot - 20120821 F-Secure - 20120821 Fortinet - 20120822 GData - 20120821 Ikarus - 20120818 Jiangmin - 20120821 K7AntiVirus - 20120821 Kaspersky - 20120822 McAfee - 20120822 McAfee-GW-Edition - 20120822 Microsoft - 20120822 Norman - 20120821 nProtect - 20120821 Panda - 20120821 PCTools - 20120822 Rising - 20120821 Sophos - 20120822 SUPERAntiSpyware - 20120821 Symantec - 20120821 TheHacker - 20120820 TotalDefense - 20120821 TrendMicro - 20120822 TrendMicro-HouseCall - 20120822 VBA32 - 20120821 VIPRE - 20120822 ViRobot - 20120821 VirusBuster - 20120821


MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: MSI
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: MSI
System Product Name: MS-7673
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 198):
0x03208000 \SystemRoot\system32\ntoskrnl.exe
0x037F0000 \SystemRoot\system32\hal.dll
0x00BC3000 \SystemRoot\system32\kdcom.dll
0x00C4C000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00C9B000 \SystemRoot\system32\PSHED.dll
0x00CAF000 \SystemRoot\system32\CLFS.SYS
0x00D0D000 \SystemRoot\system32\CI.dll
0x00E7E000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F22000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F31000 \SystemRoot\system32\drivers\ACPI.sys
0x00F88000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00F91000 \SystemRoot\system32\drivers\msisadrv.sys
0x00F9B000 \SystemRoot\system32\drivers\pci.sys
0x00FCE000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00FDB000 \SystemRoot\System32\drivers\partmgr.sys
0x00E00000 \SystemRoot\system32\drivers\volmgr.sys
0x00E15000 \SystemRoot\System32\drivers\volmgrx.sys
0x00E71000 \SystemRoot\system32\drivers\pciide.sys
0x00FF0000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x00DCD000 \SystemRoot\System32\drivers\mountmgr.sys
0x00DE7000 \SystemRoot\system32\drivers\atapi.sys
0x00C00000 \SystemRoot\system32\drivers\ataport.SYS
0x00C2A000 \SystemRoot\system32\drivers\amdxata.sys
0x010AF000 \SystemRoot\system32\drivers\fltmgr.sys
0x010FB000 \SystemRoot\system32\drivers\fileinfo.sys
0x0110F000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x01204000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01144000 \SystemRoot\System32\Drivers\msrpc.sys
0x013A7000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01000000 \SystemRoot\System32\Drivers\cng.sys
0x013C2000 \SystemRoot\System32\drivers\pcw.sys
0x013D3000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01406000 \SystemRoot\system32\drivers\ndis.sys
0x014F9000 \SystemRoot\system32\drivers\NETIO.SYS
0x01559000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01637000 \SystemRoot\System32\drivers\tcpip.sys
0x0183A000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01884000 \SystemRoot\system32\drivers\volsnap.sys
0x018D0000 \SystemRoot\System32\Drivers\spldr.sys
0x018D8000 \SystemRoot\System32\drivers\rdyboost.sys
0x01912000 \SystemRoot\System32\Drivers\mup.sys
0x01924000 \SystemRoot\System32\drivers\hwpolicy.sys
0x0192D000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01967000 \SystemRoot\system32\drivers\disk.sys
0x0197D000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x01600000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x0162A000 \SystemRoot\System32\Drivers\Null.SYS
0x019E3000 \SystemRoot\System32\Drivers\Beep.SYS
0x019EA000 \SystemRoot\System32\drivers\vga.sys
0x01583000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x015A8000 \SystemRoot\System32\drivers\watchdog.sys
0x015B8000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x015C1000 \SystemRoot\system32\drivers\rdpencdd.sys
0x015CA000 \SystemRoot\system32\drivers\rdprefmp.sys
0x015D3000 \SystemRoot\System32\Drivers\Msfs.SYS
0x015DE000 \SystemRoot\System32\Drivers\Npfs.SYS
0x013DD000 \SystemRoot\system32\DRIVERS\tdx.sys
0x015EF000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x03E90000 \SystemRoot\system32\drivers\afd.sys
0x03F19000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03F5E000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x03F69000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x03F72000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03F98000 \SystemRoot\system32\DRIVERS\netbios.sys
0x03FA7000 \SystemRoot\system32\DRIVERS\serial.sys
0x03FC4000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03FDF000 \SystemRoot\system32\DRIVERS\termdd.sys
0x03E00000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03E51000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03E5D000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x03E68000 \SystemRoot\System32\drivers\discache.sys
0x01072000 \SystemRoot\System32\Drivers\dfsc.sys
0x03E77000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x011A2000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x0F0B6000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x0FDD4000 \SystemRoot\System32\Drivers\nvBridge.kmd
0x04201000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x042F5000 \SystemRoot\System32\drivers\dxgmms1.sys
0x0433B000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x0435F000 \SystemRoot\system32\DRIVERS\HECIx64.sys
0x04370000 \SystemRoot\system32\drivers\usbehci.sys
0x04381000 \SystemRoot\system32\drivers\USBPORT.SYS
0x0F000000 \SystemRoot\system32\DRIVERS\nusb3xhc.sys
0x043D7000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x040CB000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x04158000 \SystemRoot\system32\DRIVERS\serenum.sys
0x04164000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x04171000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x0417A000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x04190000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x041A0000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x041B6000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x041DA000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x04000000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x0402F000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x0404A000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x0406B000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x04085000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x04094000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x040A3000 \SystemRoot\system32\DRIVERS\swenum.sys
0x0F031000 \SystemRoot\system32\DRIVERS\ks.sys
0x040A5000 \SystemRoot\system32\DRIVERS\umbus.sys
0x048E5000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x0493F000 \SystemRoot\system32\DRIVERS\nusb3hub.sys
0x04958000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x0496D000 \SystemRoot\system32\drivers\nvhda64v.sys
0x0499F000 \SystemRoot\system32\drivers\portcls.sys
0x049DC000 \SystemRoot\system32\drivers\drmk.sys
0x04800000 \SystemRoot\system32\drivers\ksthunk.sys
0x058E0000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x05B79000 \SystemRoot\system32\drivers\MBfilt64.sys
0x000A0000 \SystemRoot\System32\win32k.sys
0x05B87000 \SystemRoot\System32\drivers\Dxapi.sys
0x05B93000 \SystemRoot\system32\DRIVERS\udfs.sys
0x05BE8000 \SystemRoot\system32\DRIVERS\monitor.sys
0x05800000 \SystemRoot\System32\Drivers\crashdmp.sys
0x0580E000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x0581A000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x05823000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x005F0000 \SystemRoot\System32\TSDDD.dll
0x00650000 \SystemRoot\System32\cdd.dll
0x05836000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x05853000 \SystemRoot\system32\DRIVERS\dc3d.sys
0x05865000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x0586E000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x0587C000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x05895000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x058A3000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x058B0000 \SystemRoot\system32\DRIVERS\point64.sys
0x058C0000 \SystemRoot\system32\DRIVERS\usbscan.sys
0x058D1000 \SystemRoot\system32\DRIVERS\usbprint.sys
0x04806000 \SystemRoot\system32\DRIVERS\dot4usb.sys
0x04816000 \SystemRoot\system32\DRIVERS\Dot4.sys
0x0483E000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x05BF6000 \SystemRoot\system32\DRIVERS\Dot4Prt.sys
0x008C0000 \SystemRoot\System32\ATMFD.DLL
0x04859000 \SystemRoot\system32\drivers\luafv.sys
0x0487C000 \SystemRoot\system32\drivers\WudfPf.sys
0x0489D000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x048B2000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x03A0D000 \SystemRoot\system32\drivers\HTTP.sys
0x03AD6000 \SystemRoot\system32\DRIVERS\bowser.sys
0x03AF4000 \SystemRoot\System32\drivers\mpsdrv.sys
0x03B0C000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x03B39000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x03B87000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x05407000 \SystemRoot\system32\drivers\peauth.sys
0x054AD000 \SystemRoot\System32\Drivers\secdrv.SYS
0x054B8000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x054E9000 \SystemRoot\System32\drivers\tcpipreg.sys
0x054FB000 \SystemRoot\System32\DRIVERS\srv2.sys
0x05564000 \SystemRoot\System32\DRIVERS\srv.sys
0x03BAB000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x05400000 \??\C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys
0x03BDC000 \??\C:\Program Files (x86)\MSI\Live Update 5\msibios64_100507.sys
0x03BE9000 \??\C:\Windows\system32\drivers\mbam.sys
0x09077000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x09082000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS
0x77060000 \Windows\System32\ntdll.dll
0x47CA0000 \Windows\System32\smss.exe
0xFF380000 \Windows\System32\apisetschema.dll
0xFF240000 \Windows\System32\autochk.exe
0xFF2D0000 \Windows\System32\clbcatq.dll
0xFF260000 \Windows\System32\gdi32.dll
0xFF1E0000 \Windows\System32\shlwapi.dll
0xFF110000 \Windows\System32\usp10.dll
0x76E50000 \Windows\System32\iertutil.dll
0xFF000000 \Windows\System32\msctf.dll
0xFEF60000 \Windows\System32\comdlg32.dll
0xFEF40000 \Windows\System32\sechost.dll
0xFEEF0000 \Windows\System32\ws2_32.dll
0xFEE70000 \Windows\System32\difxapi.dll
0xFEE60000 \Windows\System32\lpk.dll
0xFE0D0000 \Windows\System32\shell32.dll
0xFE0A0000 \Windows\System32\imm32.dll
0xFDFC0000 \Windows\System32\oleaut32.dll
0xFDDE0000 \Windows\System32\setupapi.dll
0x76D50000 \Windows\System32\user32.dll
0x77230000 \Windows\System32\normaliz.dll
0xFDD00000 \Windows\System32\advapi32.dll
0x76C00000 \Windows\System32\urlmon.dll
0x76AE0000 \Windows\System32\kernel32.dll
0xFDCE0000 \Windows\System32\imagehlp.dll
0x77220000 \Windows\System32\psapi.dll
0xFDCD0000 \Windows\System32\nsi.dll
0xFDC70000 \Windows\System32\Wldap32.dll
0x76980000 \Windows\System32\wininet.dll
0xFDA60000 \Windows\System32\ole32.dll
0xFD930000 \Windows\System32\rpcrt4.dll
0xFD890000 \Windows\System32\msvcrt.dll
0xFD7F0000 \Windows\System32\comctl32.dll
0xFD7B0000 \Windows\System32\cfgmgr32.dll
0xFD640000 \Windows\System32\crypt32.dll
0xFD5D0000 \Windows\System32\KernelBase.dll
0xFD5B0000 \Windows\System32\devobj.dll
0xFD570000 \Windows\System32\wintrust.dll
0xFD560000 \Windows\System32\msasn1.dll
0x77210000 \Windows\SysWOW64\normaliz.dll

Processes (total 85):
0 System Idle Process
4 System
292 C:\Windows\System32\smss.exe
452 csrss.exe
516 C:\Windows\System32\wininit.exe
540 csrss.exe
580 C:\Windows\System32\services.exe
600 C:\Windows\System32\lsass.exe
608 C:\Windows\System32\lsm.exe
660 C:\Windows\System32\winlogon.exe
752 C:\Windows\System32\svchost.exe
816 C:\Windows\System32\nvvsvc.exe
840 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
884 C:\Windows\System32\svchost.exe
976 C:\Program Files\Microsoft Security Client\MsMpEng.exe
120 C:\Windows\System32\svchost.exe
336 C:\Windows\System32\svchost.exe
436 C:\Windows\System32\svchost.exe
1052 C:\Windows\System32\svchost.exe
1140 C:\Windows\System32\svchost.exe
1248 C:\Windows\System32\spoolsv.exe
1280 C:\Windows\System32\svchost.exe
1380 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
1520 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1556 C:\Program Files\Bonjour\mDNSResponder.exe
1600 C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
1648 C:\Windows\SysWOW64\svchost.exe
1800 C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
1864 C:\Windows\SysWOW64\PnkBstrA.exe
1896 C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
1908 C:\Windows\System32\nvvsvc.exe
1960 C:\Windows\System32\svchost.exe
2028 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
2340 C:\Windows\System32\SearchIndexer.exe
2496 C:\Windows\System32\svchost.exe
2728 C:\Windows\System32\svchost.exe
2764 WUDFHost.exe
2864 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
2984 C:\Windows\System32\taskhost.exe
3064 C:\Windows\System32\dwm.exe
2384 C:\Windows\explorer.exe
3456 C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
3468 C:\Program Files\Microsoft IntelliPoint\ipoint.exe
3484 C:\Program Files\Microsoft IntelliType Pro\itype.exe
3672 C:\Program Files\Microsoft Security Client\msseces.exe
3680 C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
3976 C:\Program Files (x86)\Samsung\Kies\Kies.exe
4020 C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
4084 C:\Users\Ricky\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
3628 C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
3840 C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
4008 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
3924 C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
3104 C:\Program Files (x86)\iTunes\iTunesHelper.exe
3152 C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
1788 C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
2216 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
1796 C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
3448 C:\Windows\System32\svchost.exe
3112 C:\Program Files\iPod\bin\iPodService.exe
4240 C:\Program Files\Windows Media Player\wmpnetwk.exe
4440 C:\Windows\System32\svchost.exe
5092 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
4524 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
3724 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
5084 dllhost.exe
1456 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
5788 C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
2600 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
2412 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
5660 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
3580 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
5856 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
2368 C:\Windows\System32\svchost.exe
5968 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
4496 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
1580 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
4572 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
3600 C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
5032 C:\Windows\splwow64.exe
5088 C:\Windows\System32\audiodg.exe
4908 C:\Windows\System32\taskeng.exe
5820 C:\Users\Ricky\Desktop\MBRCheck.exe
3240 C:\Windows\System32\conhost.exe
2440 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)

PhysicalDrive0 Model Number: ST2000DL003-9VT166, Rev: CC32

Size Device Name MBR Status
--------------------------------------------
1863 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!

[SPIKETAPPR]

ok sorry for the formatting above that is not what it looked like when i posted. did not appear to find anything when i analyzed the 4 files. Posted the log from the MBR check below that. However I could not download the aswMBR.exe file or connect to their website. Is it currently down? Thanks

[TheDarkKnight]

Quote

ok sorry for the formatting above that is not what it looked like when i posted. did not appear to find anything when i analyzed the 4 files.

All good.

Quote

Posted the log from the MBR check below that. However I could not download the aswMBR.exe file or connect to their website. Is it currently down? Thanks

I just checked and it let me go there. Interesting.

Please download to the Desktop RogueKiller (by tigzy).

• Please quit all programs.
  
• Start RogueKiller.exe.
  
• Wait until Prescan has finished.
  
• Click on Scan.
  
• Click on Report and copy/paste the contents of the report in your next reply.

===========

Then, please try this tool.
For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

• Restart the computer.
  
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  
• Use the arrow keys to select the Repair your computer menu item.
  
• Select US as the keyboard language settings, and then click Next.
  
• Select the operating system you want to repair, and then click Next.
  
• Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

• Insert the installation disc.
  
• Restart your computer.
  
• If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  
• Click Repair your computer.
  
• Select US as the keyboard language settings, and then click Next.
  
• Select the operating system you want to repair, and then click Next.
  
• Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
• Select Command Prompt
  
• In the command window type in notepad and press Enter.
  
• The notepad opens. Under File menu select Open.
  
• Select "Computer" and find your flash drive letter and close the notepad.
  
• In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
  Note: Replace letter e with the drive letter of your flash drive.
  
• The tool will start to run.
  
• When the tool opens click Yes to disclaimer.
  
• Press Scan button.
  
• It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

==========

In your reply I would like to see the following please:

• RogueKiller log.
  
• FRST.txt.

[screen317]

Are you still with us? This topic will be closed in a few days if we do not hear back from you.

[Maurice Naggar]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!