thanksinadvance

ok did both procedures and quarantined everything and rebooted and no FBI screen going to run MBAM & MBAR in regular mode and see what they find

I wrote the .ISO to a usb stick and booted from it so i don't know if there's any difference but i don't see it in the menu MrC

I don't see Kaspersky Windows Unlocker in my menu choices just Kaspersky Registry Editor & Rescue Disk

Hello, I'm back again trying to fix an XP Pro 32bit box Can't get into any of the 3 Safe Modes varieties. Downloaded Kaspersky Rescue Disk and is running full scan now What next? TIA

No malicious items detected. Thanks again MrC!

ComboFix 12-07-25.04 - Garcia 07/24/2012 20:45:11.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3561.2027 [GMT -7:00] Running from: c:\users\Garcia\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Garcia\AppData\Local\Microsoft\Windows\Temporary Internet Files\{30E781BB-EFEB-4056-B514-2FED416B0555}.xps c:\users\Garcia\AppData\Local\Microsoft\Windows\Temporary Internet Files\{35B582CB-0510-42D7-B593-3CCDDD8EA367}.xps c:\users\Garcia\AppData\Local\Microsoft\Windows\Temporary Internet Files\{ABCAAEBD-DF02-4392-A6BC-AB0F3C51D2C2}.xps c:\users\Garcia\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E71AF224-73F8-4A22-88FF-6B8E90CF3653}.xps c:\windows\svchost.exe . . ((((((((((((((((((((((((( Files Created from 2012-06-25 to 2012-07-25 ))))))))))))))))))))))))))))))) . . 2012-07-25 04:00 . 2012-07-25 04:00 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1EDD1839-EE2B-402C-889F-9F7E29189BAB}\offreg.dll 2012-07-25 03:58 . 2012-07-25 03:58 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-25 01:44 . 2012-07-25 02:02 -------- d-----w- C:\TDSSKiller_Quarantine 2012-07-25 01:23 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1EDD1839-EE2B-402C-889F-9F7E29189BAB}\mpengine.dll 2012-07-22 05:37 . 2012-07-22 05:59 -------- d-----w- c:\windows\Microsoft Antimalware 2012-07-22 03:38 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-07-22 03:33 . 2012-07-22 03:33 -------- d-----w- c:\windows\Sun 2012-07-21 18:46 . 2012-07-21 18:46 121344 ----a-w- c:\programdata\Microsoft\Windows\DRM\D6DA.tmp 2012-07-21 18:46 . 2012-07-21 18:46 121344 ----a-w- c:\programdata\Microsoft\Windows\DRM\D4D6.tmp.dat 2012-07-12 05:56 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys 2012-07-11 02:26 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll 2012-07-04 15:43 . 2012-02-12 06:50 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{742977BE-95CE-4C4B-A5ED-7F1E179731AE}\gapaengine.dll 2012-07-04 03:22 . 2012-07-25 00:32 -------- d-----w- c:\users\Garcia\AppData\Local\Spotify 2012-07-04 03:21 . 2012-07-25 01:47 -------- d-----w- c:\users\Garcia\AppData\Roaming\Spotify . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-13 21:32 . 2012-04-17 16:41 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-07-13 21:32 . 2011-10-15 06:06 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-12 05:50 . 2012-02-12 08:46 59701280 ----a-w- c:\windows\system32\MRT.exe 2012-07-03 20:46 . 2012-02-12 07:04 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-04 02:40 . 2011-12-17 08:50 878184 ----a-w- c:\windows\system32\drivers\rtl8192ce.sys 2012-06-02 22:19 . 2012-06-21 03:37 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-02 22:19 . 2012-06-21 03:37 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 22:19 . 2012-06-21 03:37 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 22:19 . 2012-06-21 03:37 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 22:19 . 2012-06-21 03:37 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 22:19 . 2012-06-21 03:37 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 22:15 . 2012-06-21 03:37 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:15 . 2012-06-21 03:37 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-02 22:15 . 2012-06-21 03:37 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-05-04 11:06 . 2012-06-12 23:26 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-04 11:00 . 2012-06-15 21:31 366592 ----a-w- c:\windows\system32\qdvd.dll 2012-05-04 10:03 . 2012-06-12 23:26 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-05-04 10:03 . 2012-06-12 23:26 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-05-04 09:59 . 2012-06-15 21:31 514560 ----a-w- c:\windows\SysWow64\qdvd.dll 2012-05-01 05:40 . 2012-06-12 23:26 209920 ----a-w- c:\windows\system32\profsvc.dll 2012-04-28 03:55 . 2012-06-12 23:26 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-04-26 05:41 . 2012-06-12 23:27 77312 ----a-w- c:\windows\system32\rdpwsx.dll 2012-04-26 05:41 . 2012-06-12 23:27 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-04-26 05:34 . 2012-06-12 23:27 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Spotify"="c:\users\Garcia\AppData\Roaming\Spotify\Spotify.exe" [2012-07-21 7601880] "Spotify Web Helper"="c:\users\Garcia\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-07-21 1193176] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-09-28 343168] "HPQuickWebProxy"="c:\program files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-10-08 169528] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712] "HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-02-15 577408] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736] . c:\users\Garcia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2010-12-21 227712] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-18 136176] R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-10 86072] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-13 250056] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-08-01 195320] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-18 136176] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-26 113120] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-27 291696] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-14 1255736] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2011-06-17 79488] S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2011-06-17 40064] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-09-29 204288] S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-09-28 361984] S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-07-20 249648] S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-02-17 682040] S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-13 227896] S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-02-15 34872] S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-06-29 2413056] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944] S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-09-29 10210304] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-09-29 317952] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-03-30 114704] S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904] S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-05-31 338536] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-01-27 425064] S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2012-06-04 878184] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2011-08-18 53376] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . Contents of the 'Scheduled Tasks' folder . 2012-07-25 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-17 21:32] . 2012-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-18 03:33] . 2012-07-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-18 03:33] . 2012-07-25 c:\windows\Tasks\HPCeeScheduleForGARCIA-HP$.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 11:43] . 2012-07-25 c:\windows\Tasks\HPCeeScheduleForGarcia.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 11:43] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-05-27 1128448] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 1271168] "SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-12-20 44880] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uStart Page = hxxp://start.funmoods.com/?f=1&a=ironto uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.1.254 FF - ProfilePath - c:\users\Garcia\AppData\Roaming\Mozilla\Firefox\Profiles\n6n6vcp0.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/ FF - prefs.js: network.proxy.type - 0 FF - user.js: extensions.funmoods.autoRvrt - false FF - user.js: extensions.funmoods_i.hmpg - true FF - user.js: extensions.funmoods_i.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=ironto FF - user.js: extensions.funmoods_i.dfltSrch - true FF - user.js: extensions.funmoods.srchPrvdr - Search FF - user.js: extensions.funmoods_i.dnsErr - true FF - user.js: extensions.funmoods_i.newTab - true FF - user.js: extensions.funmoods.newTabUrl - hxxp://start.funmoods.com/?f=2&a=ironto FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=ironto&q= FF - user.js: extensions.funmoods.id - 1e3d589700000000000020107a0cbd4a FF - user.js: extensions.funmoods.instlDay - 15444 FF - user.js: extensions.funmoods.vrsn - 1.5.19.3 FF - user.js: extensions.funmoods.vrsni - 1.5.19.3 FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.19.315:04 FF - user.js: extensions.funmoods.prtnrId - funmoods FF - user.js: extensions.funmoods.prdct - funmoods FF - user.js: extensions.funmoods.aflt - ironto FF - user.js: extensions.funmoods_i.smplGrp - none FF - user.js: extensions.funmoods.tlbrId - base FF - user.js: extensions.funmoods.instlRef - FF - user.js: extensions.funmoods.dfltLng - FF - user.js: extensions.funmoods.excTlbr - false FF - user.js: extensions.funmoods.admin - false . - - - - ORPHANS REMOVED - - - - . HKLM_Wow6432Node-ActiveSetup-{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe . ************************************************************************** . Completion time: 2012-07-24 21:18:34 - machine was rebooted ComboFix-quarantined-files.txt 2012-07-25 04:18 . Pre-Run: 401,126,596,608 bytes free Post-Run: 405,438,238,720 bytes free . - - End Of File - - 1D5CB18BC64FEE52DB3320DDC4A3A5F3

attached. it told me post was too long. TDSSKiller.2.7.48.0_24.07.2012_19.01.08_log.txt

18:41:29.0680 2816 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32 18:41:30.0070 2816 ============================================================ 18:41:30.0070 2816 Current date / time: 2012/07/24 18:41:30.0070 18:41:30.0070 2816 SystemInfo: 18:41:30.0070 2816 18:41:30.0070 2816 OS Version: 6.1.7601 ServicePack: 1.0 18:41:30.0070 2816 Product type: Workstation 18:41:30.0070 2816 ComputerName: GARCIA-HP 18:41:30.0070 2816 UserName: Garcia 18:41:30.0070 2816 Windows directory: C:\Windows 18:41:30.0070 2816 System windows directory: C:\Windows 18:41:30.0070 2816 Running under WOW64 18:41:30.0070 2816 Processor architecture: Intel x64 18:41:30.0070 2816 Number of processors: 4 18:41:30.0070 2816 Page size: 0x1000 18:41:30.0070 2816 Boot type: Normal boot 18:41:30.0070 2816 ============================================================ 18:41:31.0396 2816 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 18:41:31.0396 2816 ============================================================ 18:41:31.0396 2816 \Device\Harddisk0\DR0: 18:41:31.0396 2816 MBR partitions: 18:41:31.0396 2816 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800 18:41:31.0396 2816 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x3734C000 18:41:31.0396 2816 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x373B0000, BlocksNum 0x27E6000 18:41:31.0396 2816 ============================================================ 18:41:31.0427 2816 C: <-> \Device\Harddisk0\DR0\Partition1 18:41:31.0458 2816 D: <-> \Device\Harddisk0\DR0\Partition2 18:41:31.0458 2816 ============================================================ 18:41:31.0458 2816 Initialize success 18:41:31.0458 2816 ============================================================ 18:41:55.0342 5004 ============================================================ 18:41:55.0342 5004 Scan started 18:41:55.0342 5004 Mode: Manual; SigCheck; TDLFS; 18:41:55.0342 5004 ============================================================ 18:41:55.0857 5004 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys 18:41:56.0028 5004 1394ohci - ok 18:41:56.0075 5004 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 18:41:56.0122 5004 ACPI - ok 18:41:56.0153 5004 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 18:41:56.0247 5004 AcpiPmi - ok 18:41:56.0340 5004 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 18:41:56.0372 5004 AdobeARMservice - ok 18:41:56.0512 5004 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 18:41:56.0543 5004 AdobeFlashPlayerUpdateSvc - ok 18:41:56.0637 5004 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys 18:41:56.0715 5004 adp94xx - ok 18:41:56.0793 5004 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys 18:41:56.0824 5004 adpahci - ok 18:41:56.0886 5004 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys 18:41:56.0933 5004 adpu320 - ok 18:41:56.0964 5004 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll 18:41:57.0136 5004 AeLookupSvc - ok 18:41:57.0214 5004 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys 18:41:57.0292 5004 AFD - ok 18:41:57.0323 5004 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 18:41:57.0354 5004 agp440 - ok 18:41:57.0401 5004 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe 18:41:57.0448 5004 ALG - ok 18:41:57.0495 5004 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 18:41:57.0526 5004 aliide - ok 18:41:57.0573 5004 AMD External Events Utility (850f0c8034225fa3f50d551a905fa503) C:\Windows\system32\atiesrxx.exe 18:41:57.0682 5004 AMD External Events Utility - ok 18:41:57.0729 5004 AMD FUEL Service - ok 18:41:57.0776 5004 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 18:41:57.0807 5004 amdide - ok 18:41:57.0822 5004 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys 18:41:57.0854 5004 amdiox64 - ok 18:41:57.0900 5004 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys 18:41:57.0947 5004 AmdK8 - ok 18:41:58.0665 5004 amdkmdag (7979bf4a66efdadf3d00a052409609b1) C:\Windows\system32\DRIVERS\atikmdag.sys 18:41:58.0977 5004 amdkmdag - ok 18:41:59.0148 5004 amdkmdap (7d5cdb0161e91951d3dd99e55cea4d01) C:\Windows\system32\DRIVERS\atikmpag.sys 18:41:59.0211 5004 amdkmdap - ok 18:41:59.0258 5004 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 18:41:59.0289 5004 AmdPPM - ok 18:41:59.0336 5004 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys 18:41:59.0367 5004 amdsata - ok 18:41:59.0414 5004 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys 18:41:59.0445 5004 amdsbs - ok 18:41:59.0460 5004 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys 18:41:59.0476 5004 amdxata - ok 18:41:59.0523 5004 amd_sata (bb4fe7889db9cbbe61a308e99697f53c) C:\Windows\system32\DRIVERS\amd_sata.sys 18:41:59.0523 5004 amd_sata - ok 18:41:59.0538 5004 amd_xata (5631cba53f1cbea3f9e88348e6723391) C:\Windows\system32\DRIVERS\amd_xata.sys 18:41:59.0554 5004 amd_xata - ok 18:41:59.0585 5004 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 18:41:59.0788 5004 AppID - ok 18:41:59.0819 5004 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll 18:41:59.0866 5004 AppIDSvc - ok 18:41:59.0897 5004 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll 18:41:59.0944 5004 Appinfo - ok 18:42:00.0069 5004 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 18:42:00.0100 5004 Apple Mobile Device - ok 18:42:00.0147 5004 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys 18:42:00.0178 5004 arc - ok 18:42:00.0225 5004 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys 18:42:00.0256 5004 arcsas - ok 18:42:00.0350 5004 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 18:42:00.0381 5004 aspnet_state - ok 18:42:00.0428 5004 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 18:42:00.0506 5004 AsyncMac - ok 18:42:00.0537 5004 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 18:42:00.0552 5004 atapi - ok 18:42:00.0615 5004 AtiHDAudioService (cbd14f698def12ee3557604b726cb8eb) C:\Windows\system32\drivers\AtihdW76.sys 18:42:00.0630 5004 AtiHDAudioService - ok 18:42:00.0724 5004 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 18:42:00.0786 5004 AudioEndpointBuilder - ok 18:42:00.0802 5004 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 18:42:00.0833 5004 AudioSrv - ok 18:42:00.0896 5004 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll 18:42:01.0036 5004 AxInstSV - ok 18:42:01.0114 5004 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys 18:42:01.0192 5004 b06bdrv - ok 18:42:01.0254 5004 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 18:42:01.0317 5004 b57nd60a - ok 18:42:01.0442 5004 BBSvc (28a4012e68bc9597bcb9b26b51aac4b6) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE 18:42:01.0488 5004 BBSvc - ok 18:42:01.0520 5004 BBUpdate (785de7abda13309d6065305542829e76) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE 18:42:01.0551 5004 BBUpdate - ok 18:42:01.0691 5004 BCM43XX (9e84a931dbee0292e38ed672f6293a99) C:\Windows\system32\DRIVERS\bcmwl664.sys 18:42:01.0769 5004 BCM43XX - ok 18:42:01.0800 5004 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll 18:42:01.0832 5004 BDESVC - ok 18:42:01.0894 5004 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 18:42:01.0972 5004 Beep - ok 18:42:02.0066 5004 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll 18:42:02.0159 5004 BFE - ok 18:42:02.0253 5004 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll 18:42:02.0331 5004 BITS - ok 18:42:02.0393 5004 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys 18:42:02.0440 5004 blbdrive - ok 18:42:02.0549 5004 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe 18:42:02.0596 5004 Bonjour Service - ok 18:42:02.0643 5004 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 18:42:02.0690 5004 bowser - ok 18:42:02.0736 5004 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys 18:42:02.0783 5004 BrFiltLo - ok 18:42:02.0799 5004 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys 18:42:02.0814 5004 BrFiltUp - ok 18:42:02.0861 5004 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll 18:42:02.0908 5004 Browser - ok 18:42:02.0939 5004 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 18:42:03.0033 5004 Brserid - ok 18:42:03.0064 5004 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 18:42:03.0111 5004 BrSerWdm - ok 18:42:03.0158 5004 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 18:42:03.0220 5004 BrUsbMdm - ok 18:42:03.0236 5004 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 18:42:03.0267 5004 BrUsbSer - ok 18:42:03.0314 5004 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys 18:42:03.0329 5004 BTHMODEM - ok 18:42:03.0376 5004 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll 18:42:03.0454 5004 bthserv - ok 18:42:03.0485 5004 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 18:42:03.0532 5004 cdfs - ok 18:42:03.0579 5004 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys 18:42:03.0610 5004 cdrom - ok 18:42:03.0657 5004 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 18:42:03.0735 5004 CertPropSvc - ok 18:42:03.0797 5004 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys 18:42:03.0844 5004 circlass - ok 18:42:03.0891 5004 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 18:42:03.0922 5004 CLFS - ok 18:42:04.0000 5004 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 18:42:04.0047 5004 clr_optimization_v2.0.50727_32 - ok 18:42:04.0109 5004 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 18:42:04.0125 5004 clr_optimization_v2.0.50727_64 - ok 18:42:04.0203 5004 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 18:42:04.0234 5004 clr_optimization_v4.0.30319_32 - ok 18:42:04.0265 5004 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 18:42:04.0296 5004 clr_optimization_v4.0.30319_64 - ok 18:42:04.0421 5004 clwvd (50f92c943f18b070f166d019dfab3d9a) C:\Windows\system32\DRIVERS\clwvd.sys 18:42:04.0437 5004 clwvd - ok 18:42:04.0499 5004 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys 18:42:04.0562 5004 CmBatt - ok 18:42:04.0593 5004 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 18:42:04.0608 5004 cmdide - ok 18:42:04.0671 5004 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys 18:42:04.0702 5004 CNG - ok 18:42:04.0733 5004 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys 18:42:04.0749 5004 Compbatt - ok 18:42:04.0780 5004 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys 18:42:04.0811 5004 CompositeBus - ok 18:42:04.0827 5004 COMSysApp - ok 18:42:04.0858 5004 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys 18:42:04.0874 5004 crcdisk - ok 18:42:04.0936 5004 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll 18:42:04.0998 5004 CryptSvc - ok 18:42:05.0092 5004 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 18:42:05.0170 5004 DcomLaunch - ok 18:42:05.0232 5004 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll 18:42:05.0310 5004 defragsvc - ok 18:42:05.0357 5004 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 18:42:05.0420 5004 DfsC - ok 18:42:05.0482 5004 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll 18:42:05.0544 5004 Dhcp - ok 18:42:05.0576 5004 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 18:42:05.0622 5004 discache - ok 18:42:05.0700 5004 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys 18:42:05.0716 5004 Disk - ok 18:42:05.0763 5004 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll 18:42:05.0841 5004 Dnscache - ok 18:42:05.0903 5004 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll 18:42:05.0981 5004 dot3svc - ok 18:42:06.0012 5004 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll 18:42:06.0075 5004 DPS - ok 18:42:06.0122 5004 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 18:42:06.0153 5004 drmkaud - ok 18:42:06.0246 5004 DXGKrnl (a4f408ad1065c7ad2ed332c68025b435) C:\Windows\System32\drivers\dxgkrnl.sys 18:42:06.0293 5004 DXGKrnl - ok 18:42:06.0340 5004 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll 18:42:06.0434 5004 EapHost - ok 18:42:06.0683 5004 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys 18:42:06.0777 5004 ebdrv - ok 18:42:06.0917 5004 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe 18:42:06.0995 5004 EFS - ok 18:42:07.0120 5004 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe 18:42:07.0214 5004 ehRecvr - ok 18:42:07.0245 5004 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe 18:42:07.0260 5004 ehSched - ok 18:42:07.0370 5004 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys 18:42:07.0432 5004 elxstor - ok 18:42:07.0448 5004 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 18:42:07.0463 5004 ErrDev - ok 18:42:07.0541 5004 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll 18:42:07.0604 5004 EventSystem - ok 18:42:07.0635 5004 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 18:42:07.0682 5004 exfat - ok 18:42:07.0713 5004 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 18:42:07.0775 5004 fastfat - ok 18:42:07.0869 5004 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe 18:42:07.0916 5004 Fax - ok 18:42:07.0962 5004 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys 18:42:07.0994 5004 fdc - ok 18:42:08.0025 5004 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll 18:42:08.0087 5004 fdPHost - ok 18:42:08.0103 5004 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll 18:42:08.0134 5004 FDResPub - ok 18:42:08.0165 5004 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 18:42:08.0181 5004 FileInfo - ok 18:42:08.0181 5004 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 18:42:08.0228 5004 Filetrace - ok 18:42:08.0274 5004 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys 18:42:08.0274 5004 flpydisk - ok 18:42:08.0321 5004 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 18:42:08.0337 5004 FltMgr - ok 18:42:08.0462 5004 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll 18:42:08.0540 5004 FontCache - ok 18:42:08.0602 5004 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 18:42:08.0618 5004 FontCache3.0.0.0 - ok 18:42:08.0649 5004 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 18:42:08.0664 5004 FsDepends - ok 18:42:08.0696 5004 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys 18:42:08.0711 5004 Fs_Rec - ok 18:42:08.0758 5004 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 18:42:08.0789 5004 fvevol - ok 18:42:08.0820 5004 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys 18:42:08.0820 5004 gagp30kx - ok 18:42:08.0930 5004 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe 18:42:08.0961 5004 GamesAppService - ok 18:42:09.0008 5004 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 18:42:09.0039 5004 GEARAspiWDM - ok 18:42:09.0148 5004 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll 18:42:09.0226 5004 gpsvc - ok 18:42:09.0288 5004 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 18:42:09.0320 5004 gupdate - ok 18:42:09.0335 5004 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe 18:42:09.0351 5004 gupdatem - ok 18:42:09.0398 5004 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 18:42:09.0444 5004 hcw85cir - ok 18:42:09.0491 5004 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys 18:42:09.0554 5004 HdAudAddService - ok 18:42:09.0600 5004 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys 18:42:09.0632 5004 HDAudBus - ok 18:42:09.0663 5004 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys 18:42:09.0694 5004 HidBatt - ok 18:42:09.0710 5004 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys 18:42:09.0741 5004 HidBth - ok 18:42:09.0772 5004 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys 18:42:09.0788 5004 HidIr - ok 18:42:09.0819 5004 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll 18:42:09.0912 5004 hidserv - ok 18:42:09.0959 5004 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys 18:42:09.0975 5004 HidUsb - ok 18:42:10.0006 5004 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll 18:42:10.0068 5004 hkmsvc - ok 18:42:10.0100 5004 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll 18:42:10.0162 5004 HomeGroupListener - ok 18:42:10.0193 5004 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll 18:42:10.0224 5004 HomeGroupProvider - ok 18:42:10.0334 5004 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe 18:42:10.0365 5004 HP Support Assistant Service - ok 18:42:10.0458 5004 HPAuto (7b8c1b09c11e8db7c4480abd7d17e821) C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe 18:42:10.0521 5004 HPAuto - ok 18:42:10.0568 5004 HPClientSvc (6a181452d4e240b8ecc7614b9a19bde9) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe 18:42:10.0614 5004 HPClientSvc - ok 18:42:10.0677 5004 HPDrvMntSvc.exe (e6ab9e7ff923928e9f549fddfcedb28a) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe 18:42:10.0708 5004 HPDrvMntSvc.exe - ok 18:42:10.0802 5004 hpqwmiex (dbdc0581d4506c13e6bef48d14b1c55b) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe 18:42:10.0833 5004 hpqwmiex - ok 18:42:11.0020 5004 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 18:42:11.0051 5004 HpSAMD - ok 18:42:11.0129 5004 HPWMISVC (77c15d7e8f002a173eebff0b20cd697d) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe 18:42:11.0145 5004 HPWMISVC - ok 18:42:11.0238 5004 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 18:42:11.0332 5004 HTTP - ok 18:42:11.0348 5004 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 18:42:11.0348 5004 hwpolicy - ok 18:42:11.0426 5004 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys 18:42:11.0457 5004 i8042prt - ok 18:42:11.0504 5004 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys 18:42:11.0566 5004 iaStorV - ok 18:42:11.0816 5004 IconMan_R (d72bf0ae484f88399e8343e821c10d6a) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe 18:42:12.0190 5004 IconMan_R ( UnsignedFile.Multi.Generic ) - warning 18:42:12.0190 5004 IconMan_R - detected UnsignedFile.Multi.Generic (1) 18:42:12.0346 5004 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 18:42:12.0408 5004 idsvc - ok 18:42:12.0518 5004 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys 18:42:12.0549 5004 iirsp - ok 18:42:12.0627 5004 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll 18:42:12.0783 5004 IKEEXT - ok 18:42:12.0798 5004 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 18:42:12.0814 5004 intelide - ok 18:42:12.0845 5004 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys 18:42:12.0876 5004 intelppm - ok 18:42:12.0908 5004 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll 18:42:12.0970 5004 IPBusEnum - ok 18:42:13.0032 5004 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 18:42:13.0095 5004 IpFilterDriver - ok 18:42:13.0188 5004 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll 18:42:13.0298 5004 iphlpsvc - ok 18:42:13.0329 5004 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 18:42:13.0376 5004 IPMIDRV - ok 18:42:13.0438 5004 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 18:42:13.0500 5004 IPNAT - ok 18:42:13.0672 5004 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe 18:42:13.0734 5004 iPod Service - ok 18:42:13.0766 5004 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 18:42:13.0781 5004 IRENUM - ok 18:42:13.0828 5004 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 18:42:13.0859 5004 isapnp - ok 18:42:13.0922 5004 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 18:42:13.0953 5004 iScsiPrt - ok 18:42:14.0046 5004 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys 18:42:14.0078 5004 kbdclass - ok 18:42:14.0109 5004 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys 18:42:14.0140 5004 kbdhid - ok 18:42:14.0171 5004 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 18:42:14.0187 5004 KeyIso - ok 18:42:14.0218 5004 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys 18:42:14.0234 5004 KSecDD - ok 18:42:14.0265 5004 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys 18:42:14.0296 5004 KSecPkg - ok 18:42:14.0343 5004 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 18:42:14.0390 5004 ksthunk - ok 18:42:14.0452 5004 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll 18:42:14.0546 5004 KtmRm - ok 18:42:14.0608 5004 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll 18:42:14.0686 5004 LanmanServer - ok 18:42:14.0733 5004 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll 18:42:14.0780 5004 LanmanWorkstation - ok 18:42:14.0811 5004 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 18:42:14.0873 5004 lltdio - ok 18:42:14.0920 5004 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll 18:42:14.0982 5004 lltdsvc - ok 18:42:15.0014 5004 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll 18:42:15.0045 5004 lmhosts - ok 18:42:15.0107 5004 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys 18:42:15.0123 5004 LSI_FC - ok 18:42:15.0154 5004 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys 18:42:15.0170 5004 LSI_SAS - ok 18:42:15.0216 5004 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys 18:42:15.0232 5004 LSI_SAS2 - ok 18:42:15.0248 5004 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys 18:42:15.0263 5004 LSI_SCSI - ok 18:42:15.0310 5004 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 18:42:15.0372 5004 luafv - ok 18:42:15.0404 5004 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys 18:42:15.0435 5004 MBAMProtector - ok 18:42:15.0560 5004 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 18:42:15.0591 5004 MBAMService - ok 18:42:15.0622 5004 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll 18:42:15.0653 5004 Mcx2Svc - ok 18:42:15.0684 5004 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys 18:42:15.0700 5004 megasas - ok 18:42:15.0778 5004 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys 18:42:15.0825 5004 MegaSR - ok 18:42:15.0887 5004 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 18:42:15.0950 5004 MMCSS - ok 18:42:15.0981 5004 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 18:42:16.0028 5004 Modem - ok 18:42:16.0059 5004 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 18:42:16.0090 5004 monitor - ok 18:42:16.0152 5004 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 18:42:16.0184 5004 mouclass - ok 18:42:16.0215 5004 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\drivers\mouhid.sys 18:42:16.0277 5004 mouhid - ok 18:42:16.0309 5004 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 18:42:16.0340 5004 mountmgr - ok 18:42:16.0418 5004 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 18:42:16.0449 5004 MozillaMaintenance - ok 18:42:16.0496 5004 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys 18:42:16.0511 5004 MpFilter - ok 18:42:16.0558 5004 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 18:42:16.0574 5004 mpio - ok 18:42:16.0605 5004 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 18:42:16.0652 5004 mpsdrv - ok 18:42:16.0730 5004 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll 18:42:16.0823 5004 MpsSvc - ok 18:42:16.0855 5004 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 18:42:16.0886 5004 MRxDAV - ok 18:42:16.0917 5004 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys 18:42:16.0979 5004 mrxsmb - ok 18:42:17.0011 5004 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys 18:42:17.0057 5004 mrxsmb10 - ok 18:42:17.0073 5004 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 18:42:17.0089 5004 mrxsmb20 - ok 18:42:17.0104 5004 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 18:42:17.0120 5004 msahci - ok 18:42:17.0167 5004 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 18:42:17.0182 5004 msdsm - ok 18:42:17.0213 5004 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe 18:42:17.0245 5004 MSDTC - ok 18:42:17.0260 5004 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 18:42:17.0307 5004 Msfs - ok 18:42:17.0323 5004 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 18:42:17.0369 5004 mshidkmdf - ok 18:42:17.0416 5004 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 18:42:17.0416 5004 msisadrv - ok 18:42:17.0463 5004 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll 18:42:17.0557 5004 MSiSCSI - ok 18:42:17.0557 5004 msiserver - ok 18:42:17.0588 5004 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 18:42:17.0635 5004 MSKSSRV - ok 18:42:17.0744 5004 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe 18:42:17.0759 5004 MsMpSvc - ok 18:42:17.0806 5004 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 18:42:17.0853 5004 MSPCLOCK - ok 18:42:17.0853 5004 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 18:42:17.0900 5004 MSPQM - ok 18:42:17.0947 5004 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 18:42:17.0978 5004 MsRPC - ok 18:42:18.0009 5004 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys 18:42:18.0009 5004 mssmbios - ok 18:42:18.0056 5004 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 18:42:18.0103 5004 MSTEE - ok 18:42:18.0118 5004 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys 18:42:18.0118 5004 MTConfig - ok 18:42:18.0149 5004 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 18:42:18.0165 5004 Mup - ok 18:42:18.0227 5004 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll 18:42:18.0305 5004 napagent - ok 18:42:18.0368 5004 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 18:42:18.0446 5004 NativeWifiP - ok 18:42:18.0571 5004 NDIS (c38b8ae57f78915905064a9a24dc1586) C:\Windows\system32\drivers\ndis.sys 18:42:18.0649 5004 NDIS - ok 18:42:18.0680 5004 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 18:42:18.0742 5004 NdisCap - ok 18:42:18.0773 5004 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 18:42:18.0836 5004 NdisTapi - ok 18:42:18.0851 5004 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 18:42:18.0883 5004 Ndisuio - ok 18:42:18.0898 5004 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 18:42:18.0961 5004 NdisWan - ok 18:42:18.0992 5004 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 18:42:19.0023 5004 NDProxy - ok 18:42:19.0039 5004 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 18:42:19.0101 5004 NetBIOS - ok 18:42:19.0132 5004 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 18:42:19.0163 5004 NetBT - ok 18:42:19.0195 5004 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 18:42:19.0210 5004 Netlogon - ok 18:42:19.0288 5004 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll 18:42:19.0382 5004 Netman - ok 18:42:19.0460 5004 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 18:42:19.0491 5004 NetMsmqActivator - ok 18:42:19.0507 5004 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 18:42:19.0522 5004 NetPipeActivator - ok 18:42:19.0585 5004 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll 18:42:19.0663 5004 netprofm - ok 18:42:19.0663 5004 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 18:42:19.0678 5004 NetTcpActivator - ok 18:42:19.0678 5004 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 18:42:19.0694 5004 NetTcpPortSharing - ok 18:42:19.0772 5004 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys 18:42:19.0803 5004 nfrd960 - ok 18:42:19.0881 5004 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys 18:42:19.0912 5004 NisDrv - ok 18:42:20.0006 5004 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe 18:42:20.0037 5004 NisSrv - ok 18:42:20.0115 5004 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll 18:42:20.0193 5004 NlaSvc - ok 18:42:20.0224 5004 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 18:42:20.0255 5004 Npfs - ok 18:42:20.0271 5004 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll 18:42:20.0318 5004 nsi - ok 18:42:20.0333 5004 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 18:42:20.0365 5004 nsiproxy - ok 18:42:20.0505 5004 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys 18:42:20.0614 5004 Ntfs - ok 18:42:20.0770 5004 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 18:42:20.0833 5004 Null - ok 18:42:20.0879 5004 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys 18:42:20.0942 5004 NVENETFD - ok 18:42:21.0020 5004 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys 18:42:21.0051 5004 nvraid - ok 18:42:21.0113 5004 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys 18:42:21.0145 5004 nvstor - ok 18:42:21.0223 5004 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 18:42:21.0254 5004 nv_agp - ok 18:42:21.0285 5004 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 18:42:21.0301 5004 ohci1394 - ok 18:42:21.0410 5004 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 18:42:21.0441 5004 ose - ok 18:42:21.0878 5004 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 18:42:22.0081 5004 osppsvc - ok 18:42:22.0221 5004 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 18:42:22.0299 5004 p2pimsvc - ok 18:42:22.0393 5004 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll 18:42:22.0439 5004 p2psvc - ok 18:42:22.0502 5004 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys 18:42:22.0533 5004 Parport - ok 18:42:22.0564 5004 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys 18:42:22.0595 5004 partmgr - ok 18:42:22.0658 5004 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll 18:42:22.0689 5004 PcaSvc - ok 18:42:22.0720 5004 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 18:42:22.0767 5004 pci - ok 18:42:22.0798 5004 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 18:42:22.0814 5004 pciide - ok 18:42:22.0845 5004 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys 18:42:22.0876 5004 pcmcia - ok 18:42:22.0907 5004 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 18:42:22.0923 5004 pcw - ok 18:42:22.0985 5004 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 18:42:23.0095 5004 PEAUTH - ok 18:42:23.0188 5004 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe 18:42:23.0219 5004 PerfHost - ok 18:42:23.0360 5004 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll 18:42:23.0469 5004 pla - ok 18:42:23.0547 5004 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll 18:42:23.0625 5004 PlugPlay - ok 18:42:23.0656 5004 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll 18:42:23.0687 5004 PNRPAutoReg - ok 18:42:23.0719 5004 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 18:42:23.0734 5004 PNRPsvc - ok 18:42:23.0797 5004 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll 18:42:23.0875 5004 PolicyAgent - ok 18:42:23.0937 5004 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll 18:42:24.0031 5004 Power - ok 18:42:24.0093 5004 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 18:42:24.0171 5004 PptpMiniport - ok 18:42:24.0202 5004 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys 18:42:24.0311 5004 Processor - ok 18:42:24.0358 5004 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll 18:42:24.0452 5004 ProfSvc - ok 18:42:24.0499 5004 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 18:42:24.0514 5004 ProtectedStorage - ok 18:42:24.0561 5004 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 18:42:24.0623 5004 Psched - ok 18:42:24.0795 5004 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys 18:42:24.0873 5004 ql2300 - ok 18:42:25.0045 5004 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys 18:42:25.0091 5004 ql40xx - ok 18:42:25.0138 5004 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll 18:42:25.0185 5004 QWAVE - ok 18:42:25.0216 5004 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 18:42:25.0247 5004 QWAVEdrv - ok 18:42:25.0263 5004 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 18:42:25.0310 5004 RasAcd - ok 18:42:25.0341 5004 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 18:42:25.0372 5004 RasAgileVpn - ok 18:42:25.0450 5004 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll 18:42:25.0528 5004 RasAuto - ok 18:42:25.0559 5004 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 18:42:25.0606 5004 Rasl2tp - ok 18:42:25.0669 5004 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll 18:42:25.0731 5004 RasMan - ok 18:42:25.0747 5004 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 18:42:25.0793 5004 RasPppoe - ok 18:42:25.0825 5004 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 18:42:25.0871 5004 RasSstp - ok 18:42:25.0918 5004 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 18:42:26.0012 5004 rdbss - ok 18:42:26.0043 5004 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys 18:42:26.0059 5004 rdpbus - ok 18:42:26.0105 5004 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 18:42:26.0152 5004 RDPCDD - ok 18:42:26.0152 5004 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 18:42:26.0215 5004 RDPENCDD - ok 18:42:26.0230 5004 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 18:42:26.0261 5004 RDPREFMP - ok 18:42:26.0293 5004 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys 18:42:26.0339 5004 RDPWD - ok 18:42:26.0386 5004 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 18:42:26.0417 5004 rdyboost - ok 18:42:26.0449 5004 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll 18:42:26.0511 5004 RemoteAccess - ok 18:42:26.0542 5004 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll 18:42:26.0605 5004 RemoteRegistry - ok 18:42:26.0636 5004 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll 18:42:26.0683 5004 RpcEptMapper - ok 18:42:26.0729 5004 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe 18:42:26.0745 5004 RpcLocator - ok 18:42:26.0792 5004 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 18:42:26.0823 5004 RpcSs - ok 18:42:26.0870 5004 RSPCIESTOR (1f5e7af59b390261a85f5bedb1bb88b3) C:\Windows\system32\DRIVERS\RtsPStor.sys 18:42:26.0917 5004 RSPCIESTOR - ok 18:42:26.0963 5004 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 18:42:27.0041 5004 rspndr - ok 18:42:27.0104 5004 RTL8167 (ea5532868ba76923d75bcb2a1448d810) C:\Windows\system32\DRIVERS\Rt64win7.sys 18:42:27.0166 5004 RTL8167 - ok 18:42:27.0307 5004 RTL8192Ce (508d997a5e9f400fade6c85251bf13df) C:\Windows\system32\DRIVERS\rtl8192Ce.sys 18:42:27.0385 5004 RTL8192Ce - ok 18:42:27.0416 5004 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 18:42:27.0431 5004 SamSs - ok 18:42:27.0463 5004 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 18:42:27.0478 5004 sbp2port - ok 18:42:27.0525 5004 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll 18:42:27.0603 5004 SCardSvr - ok 18:42:27.0634 5004 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 18:42:27.0712 5004 scfilter - ok 18:42:27.0806 5004 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll 18:42:27.0915 5004 Schedule - ok 18:42:27.0946 5004 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 18:42:27.0977 5004 SCPolicySvc - ok 18:42:28.0040 5004 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys 18:42:28.0087 5004 sdbus - ok 18:42:28.0133 5004 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll 18:42:28.0211 5004 SDRSVC - ok 18:42:28.0243 5004 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 18:42:28.0321 5004 secdrv - ok 18:42:28.0352 5004 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll 18:42:28.0383 5004 seclogon - ok 18:42:28.0414 5004 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll 18:42:28.0461 5004 SENS - ok 18:42:28.0492 5004 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll 18:42:28.0523 5004 SensrSvc - ok 18:42:28.0570 5004 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys 18:42:28.0617 5004 Serenum - ok 18:42:28.0648 5004 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys 18:42:28.0695 5004 Serial - ok 18:42:28.0742 5004 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys 18:42:28.0757 5004 sermouse - ok 18:42:28.0804 5004 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll 18:42:28.0882 5004 SessionEnv - ok 18:42:28.0913 5004 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 18:42:28.0929 5004 sffdisk - ok 18:42:28.0945 5004 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 18:42:28.0976 5004 sffp_mmc - ok 18:42:29.0007 5004 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys 18:42:29.0038 5004 sffp_sd - ok 18:42:29.0085 5004 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys 18:42:29.0116 5004 sfloppy - ok 18:42:29.0179 5004 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll 18:42:29.0225 5004 SharedAccess - ok 18:42:29.0272 5004 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll 18:42:29.0335 5004 ShellHWDetection - ok 18:42:29.0366 5004 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys 18:42:29.0381 5004 SiSRaid2 - ok 18:42:29.0428 5004 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys 18:42:29.0459 5004 SiSRaid4 - ok 18:42:29.0506 5004 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 18:42:29.0569 5004 Smb - ok 18:42:29.0615 5004 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe 18:42:29.0647 5004 SNMPTRAP - ok 18:42:29.0662 5004 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 18:42:29.0678 5004 spldr - ok 18:42:29.0725 5004 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe 18:42:29.0787 5004 Spooler - ok 18:42:30.0037 5004 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe 18:42:30.0208 5004 sppsvc - ok 18:42:30.0333 5004 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll 18:42:30.0395 5004 sppuinotify - ok 18:42:30.0473 5004 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys 18:42:30.0536 5004 srv - ok 18:42:30.0583 5004 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys 18:42:30.0645 5004 srv2 - ok 18:42:30.0692 5004 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS 18:42:30.0723 5004 SrvHsfHDA - ok 18:42:30.0832 5004 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS 18:42:30.0926 5004 SrvHsfV92 - ok 18:42:31.0113 5004 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS 18:42:31.0191 5004 SrvHsfWinac - ok 18:42:31.0238 5004 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys 18:42:31.0285 5004 srvnet - ok 18:42:31.0347 5004 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll 18:42:31.0425 5004 SSDPSRV - ok 18:42:31.0441 5004 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll 18:42:31.0487 5004 SstpSvc - ok 18:42:31.0581 5004 STacSV (a6b2ec3a2b6ad7c3f7b2f3495cade4c0) C:\Program Files\IDT\WDM\STacSV64.exe 18:42:31.0659 5004 STacSV - ok 18:42:31.0706 5004 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys 18:42:31.0721 5004 stexstor - ok 18:42:31.0815 5004 STHDA (eba98394a7d58f7552c52192bd8fa7e6) C:\Windows\system32\DRIVERS\stwrt64.sys 18:42:31.0877 5004 STHDA - ok 18:42:31.0971 5004 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll 18:42:32.0033 5004 stisvc - ok 18:42:32.0049 5004 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys 18:42:32.0065 5004 swenum - ok 18:42:32.0127 5004 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll 18:42:32.0189 5004 swprv - ok 18:42:32.0267 5004 SynTP (ac3cc98b1bdb6540021d3ffb105ac2b9) C:\Windows\system32\DRIVERS\SynTP.sys 18:42:32.0314 5004 SynTP - ok 18:42:32.0455 5004 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll 18:42:32.0548 5004 SysMain - ok 18:42:32.0673 5004 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll 18:42:32.0720 5004 TabletInputService - ok 18:42:32.0751 5004 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll 18:42:32.0813 5004 TapiSrv - ok 18:42:32.0829 5004 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll 18:42:32.0876 5004 TBS - ok 18:42:33.0079 5004 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys 18:42:33.0157 5004 Tcpip - ok 18:42:33.0453 5004 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys 18:42:33.0500 5004 TCPIP6 - ok 18:42:33.0640 5004 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 18:42:33.0718 5004 tcpipreg - ok 18:42:33.0734 5004 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 18:42:33.0765 5004 TDPIPE - ok 18:42:33.0796 5004 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys 18:42:33.0827 5004 TDTCP - ok 18:42:33.0843 5004 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 18:42:33.0890 5004 tdx - ok 18:42:33.0921 5004 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys 18:42:33.0937 5004 TermDD - ok 18:42:33.0999 5004 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll 18:42:34.0077 5004 TermService - ok 18:42:34.0093 5004 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll 18:42:34.0124 5004 Themes - ok 18:42:34.0155 5004 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 18:42:34.0202 5004 THREADORDER - ok 18:42:34.0217 5004 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll 18:42:34.0264 5004 TrkWks - ok 18:42:34.0327 5004 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe 18:42:34.0405 5004 TrustedInstaller - ok 18:42:34.0436 5004 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 18:42:34.0483 5004 tssecsrv - ok 18:42:34.0514 5004 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 18:42:34.0561 5004 TsUsbFlt - ok 18:42:34.0592 5004 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys 18:42:34.0607 5004 TsUsbGD - ok 18:42:34.0654 5004 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 18:42:34.0701 5004 tunnel - ok 18:42:34.0717 5004 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys 18:42:34.0732 5004 uagp35 - ok 18:42:34.0810 5004 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 18:42:34.0904 5004 udfs - ok 18:42:34.0951 5004 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe 18:42:34.0966 5004 UI0Detect - ok 18:42:34.0997 5004 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 18:42:35.0013 5004 uliagpkx - ok 18:42:35.0029 5004 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys 18:42:35.0060 5004 umbus - ok 18:42:35.0075 5004 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys 18:42:35.0091 5004 UmPass - ok 18:42:35.0122 5004 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll 18:42:35.0200 5004 upnphost - ok 18:42:35.0231 5004 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys 18:42:35.0278 5004 USBAAPL64 - ok 18:42:35.0309 5004 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys 18:42:35.0341 5004 usbccgp - ok 18:42:35.0372 5004 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 18:42:35.0403 5004 usbcir - ok 18:42:35.0434 5004 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys 18:42:35.0450 5004 usbehci - ok 18:42:35.0481 5004 usbfilter (b7037444dc5138fc7d3d3968b4de5c4b) C:\Windows\system32\DRIVERS\usbfilter.sys 18:42:35.0497 5004 usbfilter - ok 18:42:35.0543 5004 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\drivers\usbhub.sys 18:42:35.0621 5004 usbhub - ok 18:42:35.0653 5004 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys 18:42:35.0699 5004 usbohci - ok 18:42:35.0746 5004 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 18:42:35.0793 5004 usbprint - ok 18:42:35.0824 5004 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys 18:42:35.0855 5004 usbscan - ok 18:42:35.0902 5004 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS 18:42:35.0949 5004 USBSTOR - ok 18:42:35.0980 5004 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys 18:42:36.0011 5004 usbuhci - ok 18:42:36.0043 5004 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys 18:42:36.0089 5004 usbvideo - ok 18:42:36.0121 5004 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll 18:42:36.0183 5004 UxSms - ok 18:42:36.0230 5004 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 18:42:36.0261 5004 VaultSvc - ok 18:42:36.0292 5004 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 18:42:36.0308 5004 vdrvroot - ok 18:42:36.0386 5004 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe 18:42:36.0511 5004 vds - ok 18:42:36.0526 5004 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 18:42:36.0542 5004 vga - ok 18:42:36.0542 5004 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 18:42:36.0589 5004 VgaSave - ok 18:42:36.0635 5004 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 18:42:36.0682 5004 vhdmp - ok 18:42:36.0713 5004 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 18:42:36.0729 5004 viaide - ok 18:42:36.0745 5004 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 18:42:36.0760 5004 volmgr - ok 18:42:36.0807 5004 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 18:42:36.0838 5004 volmgrx - ok 18:42:36.0869 5004 volsnap (df8126bd41180351a093a3ad2fc8903b) C:\Windows\system32\drivers\volsnap.sys 18:42:36.0901 5004 volsnap - ok 18:42:36.0947 5004 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys 18:42:36.0979 5004 vsmraid - ok 18:42:37.0119 5004 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe 18:42:37.0228 5004 VSS - ok 18:42:37.0369 5004 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys 18:42:37.0415 5004 vwifibus - ok 18:42:37.0447 5004 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys 18:42:37.0478 5004 vwififlt - ok 18:42:37.0493 5004 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys 18:42:37.0509 5004 vwifimp - ok 18:42:37.0571 5004 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll 18:42:37.0649 5004 W32Time - ok 18:42:37.0665 5004 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys 18:42:37.0681 5004 WacomPen - ok 18:42:37.0727 5004 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 18:42:37.0805 5004 WANARP - ok 18:42:37.0805 5004 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 18:42:37.0837 5004 Wanarpv6 - ok 18:42:37.0961 5004 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe 18:42:38.0039 5004 WatAdminSvc - ok 18:42:38.0164 5004 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe 18:42:38.0258 5004 wbengine - ok 18:42:38.0383 5004 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll 18:42:38.0429 5004 WbioSrvc - ok 18:42:38.0461 5004 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll 18:42:38.0507 5004 wcncsvc - ok 18:42:38.0523 5004 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll 18:42:38.0554 5004 WcsPlugInService - ok 18:42:38.0601 5004 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys 18:42:38.0617 5004 Wd - ok 18:42:38.0679 5004 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 18:42:38.0726 5004 Wdf01000 - ok 18:42:38.0757 5004 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 18:42:38.0851 5004 WdiServiceHost - ok 18:42:38.0866 5004 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 18:42:38.0882 5004 WdiSystemHost - ok 18:42:38.0929 5004 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll 18:42:39.0022 5004 WebClient - ok 18:42:39.0038 5004 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll 18:42:39.0116 5004 Wecsvc - ok 18:42:39.0131 5004 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll 18:42:39.0163 5004 wercplsupport - ok 18:42:39.0194 5004 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll 18:42:39.0256 5004 WerSvc - ok 18:42:39.0334 5004 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 18:42:39.0397 5004 WfpLwf - ok 18:42:39.0412 5004 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 18:42:39.0428 5004 WIMMount - ok 18:42:39.0459 5004 WinDefend - ok 18:42:39.0475 5004 WinHttpAutoProxySvc - ok 18:42:39.0537 5004 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll 18:42:39.0615 5004 Winmgmt - ok 18:42:39.0787 5004 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll 18:42:39.0927 5004 WinRM - ok 18:42:40.0130 5004 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll 18:42:40.0208 5004 Wlansvc - ok 18:42:40.0286 5004 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe 18:42:40.0301 5004 wlcrasvc - ok 18:42:40.0535 5004 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 18:42:40.0660 5004 wlidsvc - ok 18:42:40.0801 5004 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys 18:42:40.0847 5004 WmiAcpi - ok 18:42:40.0910 5004 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe 18:42:40.0972 5004 wmiApSrv - ok 18:42:41.0035 5004 WMPNetworkSvc - ok 18:42:41.0066 5004 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll 18:42:41.0113 5004 WPCSvc - ok 18:42:41.0144 5004 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll 18:42:41.0191 5004 WPDBusEnum - ok 18:42:41.0206 5004 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 18:42:41.0253 5004 ws2ifsl - ok 18:42:41.0269 5004 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll 18:42:41.0300 5004 wscsvc - ok 18:42:41.0300 5004 WSearch - ok 18:42:41.0518 5004 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll 18:42:41.0659 5004 wuauserv - ok 18:42:41.0846 5004 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 18:42:41.0924 5004 WudfPf - ok 18:42:41.0971 5004 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 18:42:42.0033 5004 WUDFRd - ok 18:42:42.0049 5004 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll 18:42:42.0080 5004 wudfsvc - ok 18:42:42.0127 5004 WwanSvc (ce8cf9de9cbfdaa318bd04d8be3fcada) C:\Windows\System32\wwansvc.dll 18:42:42.0189 5004 WwanSvc - ok 18:42:42.0236 5004 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 18:42:42.0298 5004 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected 18:42:42.0298 5004 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0) 18:42:42.0392 5004 \Device\Harddisk0\DR0 ( TDSS File System ) - warning 18:42:42.0392 5004 \Device\Harddisk0\DR0 - detected TDSS File System (1) 18:42:42.0407 5004 Boot (0x1200) (4d47ceb3bf85d42623c9a7ffe15ac44b) \Device\Harddisk0\DR0\Partition0 18:42:42.0407 5004 \Device\Harddisk0\DR0\Partition0 - ok 18:42:42.0454 5004 Boot (0x1200) (59af69a5151ac842a25dad878ead5245) \Device\Harddisk0\DR0\Partition1 18:42:42.0454 5004 \Device\Harddisk0\DR0\Partition1 - ok 18:42:42.0485 5004 Boot (0x1200) (4ed319b030ed9d2db20124d453d35c56) \Device\Harddisk0\DR0\Partition2 18:42:42.0485 5004 \Device\Harddisk0\DR0\Partition2 - ok 18:42:42.0485 5004 ============================================================ 18:42:42.0485 5004 Scan finished 18:42:42.0485 5004 ============================================================ 18:42:42.0517 5488 Detected object count: 3 18:42:42.0517 5488 Actual detected object count: 3 18:44:26.0165 5488 IconMan_R ( UnsignedFile.Multi.Generic ) - skipped by user 18:44:26.0165 5488 IconMan_R ( UnsignedFile.Multi.Generic ) - User select action: Skip 18:44:27.0246 5488 \Device\Harddisk0\DR0\# - copied to quarantine 18:44:27.0600 5488 \Device\Harddisk0\DR0 - copied to quarantine 18:44:29.0344 5488 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine 18:44:29.0442 5488 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine 18:44:29.0490 5488 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine 18:44:29.0555 5488 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine 18:44:29.0657 5488 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine 18:44:29.0672 5488 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine 18:44:29.0677 5488 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine 18:44:29.0711 5488 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine 18:44:29.0940 5488 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine 18:44:30.0010 5488 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine 18:44:30.0043 5488 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine 18:44:30.0048 5488 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine 18:44:30.0052 5488 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine 18:44:30.0182 5488 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot 18:44:30.0192 5488 \Device\Harddisk0\DR0 - ok 18:44:31.0114 5488 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure 18:44:31.0115 5488 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user 18:44:31.0115 5488 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip 18:44:56.0745 3320 Deinitialize success

Ran MBAM Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Database version: v2012.07.24.12 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Garcia :: GARCIA-HP [administrator] Protection: Enabled 7/24/2012 6:15:29 PM mbam-log-2012-07-24 (18-26-15).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 192399 Time elapsed: 8 minute(s), 19 second(s) Memory Processes Detected: 1 C:\Windows\svchost.exe (Trojan.Agent) -> 3116 -> No action taken. Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Windows\svchost.exe (Trojan.Agent) -> No action taken. (end) Ran RogueKiller and did NOT fix anything. Just scan. RogueKiller V7.6.4 [07/17/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User: Garcia [Admin rights] Mode: Scan -- Date: 07/24/2012 18:31:09 ¤¤¤ Bad processes: 1 ¤¤¤ [sVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc] ¤¤¤ Registry Entries: 2 ¤¤¤ [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [NOT LOADED] ¤¤¤ ¤¤¤ Infection : Root.MBR ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST950032 5AS SATA Disk Device +++++ --- User --- [MBR] 4fe3708a56449a85c0f6eadf7ea17587 [bSP] bee1f23af191fbaa51922b5a56c0af45 : Windows 7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 452248 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 926613504 | Size: 20428 Mo 3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 968450048 | Size: 4063 Mo User = LL1 ... OK! User != LL2 ... KO! --- LL2 --- [MBR] f422c3a2e25804b54a2e495407f8f578 [bSP] 7d12ba7f0c72df697c5b2a28b89020cb : TDL4 MBR Code! Partition table: Finished : << RKreport[1].txt >> RKreport[1].txt

Updated and ran Malwarebytes Quick scan and system scanned clean. Thanks to the experts who run this forum!

ComboFix 12-07-13.03 - Al 07/13/2012 16:47:44.1.8 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.12279.10622 [GMT -7:00] Running from: c:\users\Al\Desktop\ComboFix.exe AV: Panda Cloud Antivirus *Enabled/Updated* {86971480-9989-6750-B122-681A86518D59} SP: Panda Cloud Antivirus *Enabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\PCDr\5907\Downloads\246b20c1-8ea9-4148-a34e-d03c8a1d5a76.dll c:\programdata\PCDr\5907\Downloads\27e5bc9a-105f-4d7f-8352-e6ef1c8933dd.dll c:\programdata\PCDr\5907\Downloads\a2192d8a-3d73-4ff7-be9b-02134f41db63.dll c:\users\Al\GoToAssistDownloadHelper.exe c:\windows\security\Database\tmp.edb c:\windows\SysWow64\tmp4A78.tmp c:\windows\SysWow64\tmp4B24.tmp . . ((((((((((((((((((((((((( Files Created from 2012-06-13 to 2012-07-13 ))))))))))))))))))))))))))))))) . . 2012-07-13 23:54 . 2012-07-13 23:54 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-07-13 20:26 . 2012-07-13 20:26 -------- d-----w- C:\FRST 2012-07-12 20:12 . 2012-04-17 16:37 2154032 ----a-w- c:\windows\system32\Incinerator64.dll 2012-07-12 20:12 . 2012-04-17 16:37 2095816 ----a-w- c:\windows\SysWow64\Incinerator32.dll 2012-07-12 20:12 . 2012-07-12 20:12 -------- d-----w- c:\program files (x86)\iolo 2012-07-12 20:12 . 2012-04-17 17:11 49152 ----a-w- c:\windows\system32\iolobtdfg.exe 2012-07-12 20:12 . 2012-04-17 17:11 17920 ----a-w- c:\windows\system32\smrgdf.exe 2012-07-12 20:12 . 2012-04-17 15:25 69000 ----a-w- c:\windows\system32\offreg.dll 2012-07-12 20:12 . 2012-04-17 15:25 56200 ----a-w- c:\windows\SysWow64\offreg.dll 2012-07-12 20:10 . 2012-07-12 20:10 -------- d-----w- C:\iolo 2012-07-12 20:09 . 2012-07-12 20:17 -------- d-----w- c:\users\Al\AppData\Roaming\iolo 2012-07-12 20:09 . 2012-07-12 20:17 -------- d-----w- c:\programdata\iolo 2012-07-11 18:32 . 2012-07-12 02:27 -------- d-sh--w- c:\windows\SysWow64\%APPDATA% 2012-07-11 18:23 . 2012-07-11 18:23 -------- d-----w- c:\windows\Sun 2012-07-11 10:03 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys 2012-07-11 04:59 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll 2012-07-10 07:41 . 2012-05-31 04:04 9013136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9CBB2B04-000D-43B5-83A4-DADC66096250}\mpengine.dll 2012-06-19 04:07 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-19 04:07 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-19 04:07 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-19 04:07 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-19 04:07 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-19 04:07 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-19 04:07 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-19 04:07 . 2012-06-02 22:19 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-19 04:07 . 2012-06-02 22:15 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-16 19:23 . 2012-06-16 19:23 -------- d-----w- c:\program files\iPod 2012-06-16 19:23 . 2012-06-16 19:23 -------- d-----w- c:\program files\iTunes 2012-06-16 19:23 . 2012-06-16 19:23 -------- d-----w- c:\program files (x86)\iTunes . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-07-12 18:59 . 2012-04-09 18:27 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-07-12 18:59 . 2011-10-21 16:41 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-03 20:46 . 2012-01-09 01:07 24904 ----a-w- c:\windows\system32\drivers\mbam.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}] 2011-06-24 17:37 86696 ----a-w- c:\program files (x86)\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}"= "c:\program files (x86)\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll" [2011-06-24 86696] . [HKEY_CLASSES_ROOT\clsid\{b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4}] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] "iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-02-23 59240] "MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520] "VolPanel"="c:\program files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" [2009-02-03 237693] "SPIRunE"="SPIRunE.dll" [2009-03-05 18432] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-01-14 98304] "ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296] "PSUNMain"="c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2011-04-28 439616] "Panda Security URL Filtering"="c:\programdata\Panda Security URL Filtering\Panda_URL_Filtering.exe" [2012-03-19 217256] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776] "iolo Startup"="c:\program files (x86)\iolo\Common\Lib\ioloLManager.exe" [2012-04-17 938680] . c:\users\Al\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ WD Backup Monitor.lnk - c:\program files (x86)\My Book\WD Backup\uBBMonitor.exe [2010-8-7 98304] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk /p \??\G:\0autocheck autochk * . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-08 136176] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056] R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-06-30 79360] R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-06-30 79360] R3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe [2010-07-17 79360] R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-08 136176] R3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0;PCDSRVC{1E208CE0-FB7451FF-06020101}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2012-04-10 25072] R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-30 1255736] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280] S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [2008-12-09 23464] S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys [2011-11-23 149768] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-04-20 203776] S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648] S2 ioloSystemService;iolo System Service;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe [2012-04-17 1047336] S2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2011-04-28 140608] S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys [2012-01-05 161032] S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys [2011-04-28 114760] S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys [2011-04-28 121928] S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys [2011-11-30 128264] S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-06-20 3048136] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-04-20 9319936] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-04-20 306176] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-05 216064] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-23 215040] S3 t3;Sound Blaster X-Fi Xtreme Audio;c:\windows\system32\drivers\t3.sys [2009-05-06 639512] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . Contents of the 'Scheduled Tasks' folder . 2012-07-13 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 18:59] . 2012-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-08 20:07] . 2012-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-08 20:07] . 2012-07-11 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job - c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11] . 2012-07-13 c:\windows\Tasks\SystemToolsDailyTest.job - c:\program files\Dell Support Center\uaclauncher.exe [2012-04-13 06:11] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uStart Page = hxxp://www.foxnews.com/ uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 . . ------- File Associations ------- . JSEFile=NOTEPAD.EXE %1 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Wow6432Node-HKCU-Run-Start WingMan Profiler - (no file) Toolbar-Locked - (no file) AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020101}_0] "ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc, 1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7 "{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96, 76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23, 94,30,02,d1,0f,f1,da,12,24,73,56,27,d2 "{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93, aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83 "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd "{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47, 2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85 "{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16, fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17 "{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9, b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:48,66,1b,1d,a2,74,cc,01 . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,45,42,3f,5b,e6,d6,81,47,ba,63,73,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,45,42,3f,5b,e6,d6,81,47,ba,63,73,\ . [HKEY_USERS\S-1-5-21-3372766108-2329903281-2714972612-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] @Allowed: (Read) (RestrictedCode) . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe c:\windows\SysWOW64\PnkBstrA.exe c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe c:\windows\SysWOW64\rundll32.exe c:\program files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe . ************************************************************************** . Completion time: 2012-07-13 17:04:38 - machine was rebooted ComboFix-quarantined-files.txt 2012-07-14 00:04 . Pre-Run: 794,356,555,776 bytes free Post-Run: 794,369,896,448 bytes free . - - End Of File - - 11CBE4E2BCCE8C29DB9FF42C68292F25

Reading from the other thread i see i have the same exact problem so I am trying to run what I think you will ask me to run in advance. I hope no offense is taken. Ran this script below in fixlist.txt ----------------------------------------------------- C:\Windows\Installer\{b954169c-eadd-b369-a749-4e15d32da830} C:\Windows\Installer\{b954169c-eadd-b369-a749-4e15d32da830}\@ C:\Windows\Installer\{b954169c-eadd-b369-a749-4e15d32da830}\L C:\Windows\Installer\{b954169c-eadd-b369-a749-4e15d32da830}\U C:\Windows\Installer\{b954169c-eadd-b369-a749-4e15d32da830}\L\00000004.@ C:\Windows\Installer\{b954169c-eadd-b369-a749-4e15d32da830}\L\1afb2d56 C:\Windows\Installer\{b954169c-eadd-b369-a749-4e15d32da830}\L\201d3dde C:\Windows\Installer\{b954169c-eadd-b369-a749-4e15d32da830}\U\00000004.@ C:\Windows\Installer\{b954169c-eadd-b369-a749-4e15d32da830}\U\00000008.@ C:\Windows\Installer\{b954169c-eadd-b369-a749-4e15d32da830}\U\000000cb.@ C:\Windows\Installer\{b954169c-eadd-b369-a749-4e15d32da830}\U\80000000.@ C:\Windows\Installer\{b954169c-eadd-b369-a749-4e15d32da830}\U\80000032.@ C:\Windows\Installer\{b954169c-eadd-b369-a749-4e15d32da830}\U\80000064.@ C:\Users\Al\AppData\Local\{b954169c-eadd-b369-a749-4e15d32da830} C:\Users\Al\AppData\Local\{b954169c-eadd-b369-a749-4e15d32da830}\@ C:\Users\Al\AppData\Local\{b954169c-eadd-b369-a749-4e15d32da830}\L C:\Users\Al\AppData\Local\{b954169c-eadd-b369-a749-4e15d32da830}\U C:\Windows\assembly\GAC_32\Desktop.ini C:\Windows\assembly\GAC_64\Desktop.ini Replace: C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\Windows\system32\services.exe ----------------------------------------------------- Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 11-07-2012 Ran by SYSTEM at 2012-07-13 16:33:38 Run:1 Running from G:\ ============================================== C:\Windows\Installer\{b954169c-eadd-b369-a749-4e15d32da830} moved successfully. C:\Windows\Installer\{b954169c-eadd-b369-a749-4e15d32da830}\@ not found. C:\Windows\Installer\{b954169c-eadd-b369-a749-4e15d32da830}\L not found. C:\Windows\Installer\{b954169c-eadd-b369-a749-4e15d32da830}\U not found. C:\Windows\Installer\{b954169c-eadd-b369-a749-4e15d32da830}\L\00000004.@ not found. C:\Windows\Installer\{b954169c-eadd-b369-a749-4e15d32da830}\L\1afb2d56 not found. C:\Windows\Installer\{b954169c-eadd-b369-a749-4e15d32da830}\L\201d3dde not found. C:\Windows\Installer\{b954169c-eadd-b369-a749-4e15d32da830}\U\00000004.@ not found. C:\Windows\Installer\{b954169c-eadd-b369-a749-4e15d32da830}\U\00000008.@ not found. C:\Windows\Installer\{b954169c-eadd-b369-a749-4e15d32da830}\U\000000cb.@ not found. C:\Windows\Installer\{b954169c-eadd-b369-a749-4e15d32da830}\U\80000000.@ not found. C:\Windows\Installer\{b954169c-eadd-b369-a749-4e15d32da830}\U\80000032.@ not found. C:\Windows\Installer\{b954169c-eadd-b369-a749-4e15d32da830}\U\80000064.@ not found. C:\Users\Al\AppData\Local\{b954169c-eadd-b369-a749-4e15d32da830} moved successfully. C:\Users\Al\AppData\Local\{b954169c-eadd-b369-a749-4e15d32da830}\@ not found. C:\Users\Al\AppData\Local\{b954169c-eadd-b369-a749-4e15d32da830}\L not found. C:\Users\Al\AppData\Local\{b954169c-eadd-b369-a749-4e15d32da830}\U not found. C:\Windows\assembly\GAC_32\Desktop.ini moved successfully. C:\Windows\assembly\GAC_64\Desktop.ini moved successfully. C:\Windows\system32\services.exe moved successfully. C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\system32\services.exe ==== End of Fixlog ====

Farbar Recovery Scan Tool Version: 11-07-2012 Ran by SYSTEM at 2012-07-13 16:07:02 Running from G:\ ================== Search: "services.exe" =================== C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe [2009-07-13 18:19] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB C:\Windows\System32\services.exe [2009-07-13 18:19] - [2009-07-13 20:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06 ====== End Of Search ======

The Farbar log was truncated. Here is it in its entirety. Scan result of Farbar Recovery Scan Tool Version: 11-07-2012 Ran by SYSTEM at 13-07-2012 15:26:57 Running from G:\ Windows 7 Home Premium (X64) OS Language: English(US) The current controlset is ControlSet001 ========================== Registry (Whitelisted) ============= HKLM\...\Run: [iAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation) HKLM-x32\...\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [140520 2009-12-29] (CyberLink Corp.) HKLM-x32\...\Run: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r [237693 2009-02-03] (Creative Technology Ltd) HKLM-x32\...\Run: [sPIRunE] Rundll32 SPIRunE.dll,RunDLLEntry [x] HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-01-13] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [311296 2010-03-04] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [PSUNMain] "C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" /Traybar [439616 2011-04-28] (Panda Security, S.L.) HKLM-x32\...\Run: [Panda Security URL Filtering] "C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe" [217256 2012-03-19] (Panda Security) HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.) HKLM-x32\...\Run: [iolo Startup] "C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe" [938680 2012-04-17] (iolo technologies, LLC) HKU\Al\...\Run: [start WingMan Profiler] [x] HKU\Al\...\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59240 2012-02-23] (Apple Inc.) HKU\Al\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.) HKLM-x32\...\runonceex: [ContentMerger] c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe [19952 2009-06-26] (Sonic Solutions) Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\822\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Startup: C:\Users\Al\Start Menu\Programs\Startup\Dell Dock.lnk ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\All Users\Start Menu\Programs\Startup\WD Backup Monitor.lnk ShortcutTarget: WD Backup Monitor.lnk -> C:\Program Files (x86)\My Book\WD Backup\uBBMonitor.exe (ArcSoft, Inc.) Startup: C:\Users\Default\Start Menu\Programs\Startup\Dell Dock First Run.lnk ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Default User\Start Menu\Programs\Startup\Dell Dock First Run.lnk ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) ==================== Services (Whitelisted) ====== 3 Creative Media Toolbox 6 Licensing Service; "C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe" [79360 2010-07-17] (Creative Labs) 2 ioloSystemService; "C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe" [1047336 2012-04-17] (iolo technologies, LLC) 2 NanoServiceMain; "C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe" [140608 2011-04-28] (Panda Security, S.L.) 2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [66872 2010-06-30] () ========================== Drivers (Whitelisted) ============= 1 ElRawDisk; \??\C:\Windows\system32\drivers\ElRawDsk.sys [23464 2008-12-09] (EldoS Corporation) 2 PSINAflt; C:\Windows\System32\Drivers\PSINAflt.sys [161032 2012-01-05] (Panda Security, S.L.) 2 PSINFile; C:\Windows\System32\Drivers\PSINFile.sys [114760 2011-04-28] (Panda Security, S.L.) 1 PSINKNC; C:\Windows\System32\Drivers\PSINKNC.sys [149768 2011-11-23] (Panda Security, S.L.) 2 PSINProc; C:\Windows\System32\Drivers\PSINProc.sys [121928 2011-04-28] (Panda Security, S.L.) 2 PSINProt; C:\Windows\System32\Drivers\PSINProt.sys [128264 2011-11-30] (Panda Security, S.L.) 1 RxFilter; C:\Windows\SysWow64\Drivers\RxFilter.sys [65520 2009-06-26] (Sonic Solutions) 1 FileDisk; [x] 3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [x] ========================== NetSvcs (Whitelisted) =========== ============ One Month Created Files and Folders ============== 2012-07-13 17:08 - 2012-07-13 17:08 - 01434551 ____A (Farbar) C:\Users\Al\Downloads\FRST64.exe 2012-07-13 17:04 - 2012-07-13 17:04 - 00002174 ____A C:\Users\Al\Desktop\RKreport[1].txt 2012-07-13 17:03 - 2012-07-13 17:04 - 00000000 ____D C:\Users\Al\Desktop\RK_Quarantine 2012-07-13 17:02 - 2012-07-13 17:02 - 01558528 ____A C:\Users\Al\Downloads\RogueKiller.exe 2012-07-13 15:26 - 2012-07-13 15:26 - 00000000 ____D C:\FRST 2012-07-12 15:13 - 2012-07-12 15:13 - 00002277 ____A C:\Users\Al\Desktop\System Mechanic Professional.lnk 2012-07-12 15:12 - 2012-07-12 15:12 - 00000000 ____D C:\Program Files (x86)\iolo 2012-07-12 15:12 - 2012-04-17 12:11 - 00049152 ____A (iolo technologies, LLC) C:\Windows\System32\iolobtdfg.exe 2012-07-12 15:12 - 2012-04-17 12:11 - 00017920 ____A (iolo technologies, LLC) C:\Windows\System32\smrgdf.exe 2012-07-12 15:12 - 2012-04-17 11:37 - 02154032 ____A (iolo technologies, LLC) C:\Windows\System32\Incinerator64.dll 2012-07-12 15:12 - 2012-04-17 11:37 - 02095816 ____A (iolo technologies, LLC) C:\Windows\SysWOW64\Incinerator32.dll 2012-07-12 15:12 - 2012-04-17 10:25 - 00069000 ____A (Microsoft Corporation) C:\Windows\System32\offreg.dll 2012-07-12 15:12 - 2012-04-17 10:25 - 00056200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\offreg.dll 2012-07-12 15:11 - 2012-04-17 13:02 - 89419176 ____A (iolo technologies, LLC ) C:\Users\Al\Desktop\SystemMechanicPro.exe 2012-07-12 15:10 - 2012-07-12 15:10 - 00000000 ____D C:\iolo 2012-07-12 15:09 - 2012-07-12 15:17 - 00000000 ____D C:\Users\All Users\iolo 2012-07-12 15:09 - 2012-07-12 15:17 - 00000000 ____D C:\Users\All Users\Application Data\iolo 2012-07-12 15:09 - 2012-07-12 15:17 - 00000000 ____D C:\Users\Al\Application Data\iolo 2012-07-12 15:09 - 2012-07-12 15:17 - 00000000 ____D C:\Users\Al\AppData\Roaming\iolo 2012-07-11 13:32 - 2012-07-11 21:27 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA% 2012-07-11 13:23 - 2012-07-11 13:23 - 00000000 ____D C:\Windows\Sun 2012-07-11 05:03 - 2012-06-11 22:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-07-11 05:01 - 2012-06-02 07:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-07-11 05:01 - 2012-06-02 07:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-07-11 05:01 - 2012-06-02 07:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-07-11 05:01 - 2012-06-02 07:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-07-11 05:01 - 2012-06-02 07:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-07-11 05:01 - 2012-06-02 07:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-07-11 05:01 - 2012-06-02 07:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-07-11 05:01 - 2012-06-02 07:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-07-11 05:01 - 2012-06-02 07:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-07-11 05:01 - 2012-06-02 07:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-07-11 05:01 - 2012-06-02 06:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-07-11 05:01 - 2012-06-02 06:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-07-11 05:01 - 2012-06-02 06:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-07-11 05:01 - 2012-06-02 06:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-07-11 05:01 - 2012-06-02 04:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2012-07-11 05:01 - 2012-06-02 03:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2012-07-11 05:01 - 2012-06-02 03:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2012-07-11 05:01 - 2012-06-02 03:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2012-07-11 05:01 - 2012-06-02 03:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2012-07-11 05:01 - 2012-06-02 03:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2012-07-11 05:01 - 2012-06-02 03:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2012-07-11 05:01 - 2012-06-02 03:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2012-07-11 05:01 - 2012-06-02 03:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2012-07-11 05:01 - 2012-06-02 03:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2012-07-11 05:01 - 2012-06-02 03:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2012-07-11 05:01 - 2012-06-02 03:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2012-07-11 05:01 - 2012-06-02 03:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2012-07-11 05:01 - 2012-06-02 03:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2012-07-10 23:59 - 2012-06-09 00:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll 2012-07-10 23:59 - 2012-06-08 23:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2012-07-10 23:59 - 2012-06-06 01:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll 2012-07-10 23:59 - 2012-06-06 01:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll 2012-07-10 23:59 - 2012-06-06 01:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll 2012-07-10 23:59 - 2012-06-06 00:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2012-07-10 23:59 - 2012-06-06 00:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2012-07-10 23:59 - 2012-06-06 00:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll 2012-07-10 23:59 - 2012-06-02 00:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys 2012-07-10 23:59 - 2012-06-02 00:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys 2012-07-10 23:59 - 2012-06-02 00:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys 2012-07-10 23:59 - 2012-06-02 00:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll 2012-07-10 23:59 - 2012-06-02 00:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll 2012-07-10 23:59 - 2012-06-01 23:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2012-07-10 23:59 - 2012-06-01 23:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2012-07-10 23:59 - 2012-06-01 23:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2012-07-10 23:59 - 2012-06-01 23:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2012-07-10 23:59 - 2010-06-25 22:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll 2012-07-10 23:59 - 2010-06-25 22:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll 2012-06-18 23:07 - 2012-06-02 17:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll 2012-06-18 23:07 - 2012-06-02 17:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll 2012-06-18 23:07 - 2012-06-02 17:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll 2012-06-18 23:07 - 2012-06-02 17:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe 2012-06-18 23:07 - 2012-06-02 17:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll 2012-06-18 23:07 - 2012-06-02 17:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll 2012-06-18 23:07 - 2012-06-02 17:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll 2012-06-18 23:07 - 2012-06-02 17:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll 2012-06-18 23:07 - 2012-06-02 17:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe 2012-06-16 14:23 - 2012-06-16 14:23 - 00001785 ____A C:\Users\Public\Desktop\iTunes.lnk 2012-06-16 14:23 - 2012-06-16 14:23 - 00001785 ____A C:\Users\All Users\Desktop\iTunes.lnk 2012-06-16 14:23 - 2012-06-16 14:23 - 00000000 ____D C:\Program Files\iTunes 2012-06-16 14:23 - 2012-06-16 14:23 - 00000000 ____D C:\Program Files\iPod 2012-06-16 14:23 - 2012-06-16 14:23 - 00000000 ____D C:\Program Files (x86)\iTunes 2012-06-13 23:05 - 2012-05-04 06:06 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2012-06-13 23:05 - 2012-05-04 05:03 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2012-06-13 23:05 - 2012-05-04 05:03 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2012-06-13 23:05 - 2012-05-01 00:40 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll 2012-06-13 23:05 - 2012-04-27 22:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys 2012-06-13 23:05 - 2012-04-26 00:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll 2012-06-13 23:05 - 2012-04-26 00:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll 2012-06-13 23:05 - 2012-04-26 00:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe 2012-06-13 23:05 - 2012-04-24 00:37 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2012-06-13 23:05 - 2012-04-24 00:37 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll 2012-06-13 23:05 - 2012-04-24 00:37 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll 2012-06-13 23:05 - 2012-04-23 23:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2012-06-13 23:05 - 2012-04-23 23:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2012-06-13 23:05 - 2012-04-23 23:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2012-06-13 23:05 - 2012-04-07 07:31 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll 2012-06-13 23:05 - 2012-04-07 06:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll ============ 3 Months Modified Files ======================== 2012-07-13 17:23 - 2009-07-14 00:10 - 01476963 ____A C:\Windows\WindowsUpdate.log 2012-07-13 17:22 - 2012-07-13 17:22 - 00000000 ____A C:\Users\Al\Desktop\New Text Document.txt 2012-07-13 17:10 - 2012-04-17 17:16 - 00000506 ____A C:\Windows\Tasks\SystemToolsDailyTest.job 2012-07-13 17:09 - 2009-07-14 00:13 - 00743860 ____A C:\Windows\System32\PerfStringBackup.INI 2012-07-13 17:08 - 2012-07-13 17:08 - 01434551 ____A (Farbar) C:\Users\Al\Downloads\FRST64.exe 2012-07-13 17:04 - 2012-07-13 17:04 - 00002174 ____A C:\Users\Al\Desktop\RKreport[1].txt 2012-07-13 17:02 - 2012-07-13 17:02 - 01558528 ____A C:\Users\Al\Downloads\RogueKiller.exe 2012-07-13 17:02 - 2010-09-08 15:07 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2012-07-13 16:59 - 2012-04-09 13:27 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2012-07-13 16:54 - 2009-07-13 23:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2012-07-13 16:54 - 2009-07-13 23:45 - 00014240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2012-07-13 16:46 - 2011-12-31 16:32 - 00026690 ____A C:\Windows\SysWOW64\temp.txt 2012-07-13 16:46 - 2010-09-08 15:07 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2012-07-13 16:46 - 2009-07-14 00:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-07-13 16:46 - 2009-07-13 23:51 - 00048940 ____A C:\Windows\setupact.log 2012-07-12 15:21 - 2010-06-18 11:07 - 00098306 ____A C:\Windows\PFRO.log 2012-07-12 15:13 - 2012-07-12 15:13 - 00002277 ____A C:\Users\Al\Desktop\System Mechanic Professional.lnk 2012-07-12 13:59 - 2012-04-09 13:27 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2012-07-12 13:59 - 2011-10-21 11:41 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2012-07-12 13:40 - 2012-06-04 11:23 - 00001115 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2012-07-12 13:40 - 2012-06-04 11:23 - 00001115 ____A C:\Users\All Users\Desktop\Malwarebytes Anti-Malware.lnk 2012-07-11 20:55 - 2010-07-03 13:39 - 00103272 ____A C:\Users\Al\GoToAssistDownloadHelper.exe 2012-07-11 18:15 - 2012-04-17 17:16 - 00000564 ____A C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job 2012-07-11 05:21 - 2009-07-13 23:45 - 00494264 ____A C:\Windows\System32\FNTCACHE.DAT 2012-07-11 05:03 - 2009-07-13 21:34 - 00000478 ____A C:\Windows\win.ini 2012-07-11 05:01 - 2010-06-29 22:11 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2012-07-03 15:46 - 2012-01-08 20:07 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-06-16 14:23 - 2012-06-16 14:23 - 00001785 ____A C:\Users\Public\Desktop\iTunes.lnk 2012-06-16 14:23 - 2012-06-16 14:23 - 00001785 ____A C:\Users\All Users\Desktop\iTunes.lnk 2012-06-11 22:08 - 2012-07-11 05:03 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-06-09 00:43 - 2012-07-10 23:59 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll 2012-06-08 23:41 - 2012-07-10 23:59 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2012-06-06 01:06 - 2012-07-10 23:59 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll 2012-06-06 01:06 - 2012-07-10 23:59 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll 2012-06-06 01:02 - 2012-07-10 23:59 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll 2012-06-06 00:05 - 2012-07-10 23:59 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2012-06-06 00:05 - 2012-07-10 23:59 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2012-06-06 00:03 - 2012-07-10 23:59 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll 2012-06-02 17:19 - 2012-06-18 23:07 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll 2012-06-02 17:19 - 2012-06-18 23:07 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll 2012-06-02 17:19 - 2012-06-18 23:07 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll 2012-06-02 17:19 - 2012-06-18 23:07 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe 2012-06-02 17:19 - 2012-06-18 23:07 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll 2012-06-02 17:19 - 2012-06-18 23:07 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll 2012-06-02 17:15 - 2012-06-18 23:07 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll 2012-06-02 17:15 - 2012-06-18 23:07 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll 2012-06-02 17:15 - 2012-06-18 23:07 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe 2012-06-02 07:49 - 2012-07-11 05:01 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-06-02 07:17 - 2012-07-11 05:01 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-06-02 07:12 - 2012-07-11 05:01 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2012-06-02 07:05 - 2012-07-11 05:01 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-06-02 07:05 - 2012-07-11 05:01 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-06-02 07:04 - 2012-07-11 05:01 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-06-02 07:04 - 2012-07-11 05:01 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2012-06-02 07:03 - 2012-07-11 05:01 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-06-02 07:01 - 2012-07-11 05:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2012-06-02 07:00 - 2012-07-11 05:01 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2012-06-02 06:59 - 2012-07-11 05:01 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-06-02 06:57 - 2012-07-11 05:01 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2012-06-02 06:57 - 2012-07-11 05:01 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-06-02 06:54 - 2012-07-11 05:01 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2012-06-02 04:07 - 2012-07-11 05:01 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2012-06-02 03:43 - 2012-07-11 05:01 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2012-06-02 03:33 - 2012-07-11 05:01 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2012-06-02 03:26 - 2012-07-11 05:01 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2012-06-02 03:25 - 2012-07-11 05:01 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2012-06-02 03:25 - 2012-07-11 05:01 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2012-06-02 03:23 - 2012-07-11 05:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2012-06-02 03:21 - 2012-07-11 05:01 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2012-06-02 03:20 - 2012-07-11 05:01 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2012-06-02 03:19 - 2012-07-11 05:01 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2012-06-02 03:19 - 2012-07-11 05:01 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2012-06-02 03:17 - 2012-07-11 05:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2012-06-02 03:16 - 2012-07-11 05:01 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2012-06-02 03:14 - 2012-07-11 05:01 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2012-06-02 00:50 - 2012-07-10 23:59 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys 2012-06-02 00:48 - 2012-07-10 23:59 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys 2012-06-02 00:48 - 2012-07-10 23:59 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys 2012-06-02 00:45 - 2012-07-10 23:59 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll 2012-06-02 00:44 - 2012-07-10 23:59 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll 2012-06-01 23:40 - 2012-07-10 23:59 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2012-06-01 23:40 - 2012-07-10 23:59 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2012-06-01 23:39 - 2012-07-10 23:59 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2012-06-01 23:34 - 2012-07-10 23:59 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2012-05-05 12:43 - 2012-05-05 12:43 - 00000056 ___AH C:\Windows\SysWOW64\ezsidmv.dat 2012-05-04 06:06 - 2012-06-13 23:05 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2012-05-04 05:03 - 2012-06-13 23:05 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2012-05-04 05:03 - 2012-06-13 23:05 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2012-05-01 00:40 - 2012-06-13 23:05 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll 2012-04-27 22:55 - 2012-06-13 23:05 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys 2012-04-26 00:41 - 2012-06-13 23:05 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll 2012-04-26 00:41 - 2012-06-13 23:05 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll 2012-04-26 00:34 - 2012-06-13 23:05 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe 2012-04-24 00:37 - 2012-06-13 23:05 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll 2012-04-24 00:37 - 2012-06-13 23:05 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll 2012-04-24 00:37 - 2012-06-13 23:05 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll 2012-04-23 23:36 - 2012-06-13 23:05 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2012-04-23 23:36 - 2012-06-13 23:05 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2012-04-23 23:36 - 2012-06-13 23:05 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2012-04-23 12:15 - 2012-04-23 12:15 - 00000406 ____A C:\Windows\System32\ioloBootDefrag.cfg 2012-04-17 13:02 - 2012-07-12 15:11 - 89419176 ____A (iolo technologies, LLC ) C:\Users\Al\Desktop\SystemMechanicPro.exe 2012-04-17 12:11 - 2012-07-12 15:12 - 00049152 ____A (iolo technologies, LLC) C:\Windows\System32\iolobtdfg.exe 2012-04-17 12:11 - 2012-07-12 15:12 - 00017920 ____A (iolo technologies, LLC) C:\Windows\System32\smrgdf.exe 2012-04-17 11:37 - 2012-07-12 15:12 - 02154032 ____A (iolo technologies, LLC) C:\Windows\System32\Incinerator64.dll 2012-04-17 11:37 - 2012-07-12 15:12 - 02095816 ____A (iolo technologies, LLC) C:\Windows\SysWOW64\Incinerator32.dll 2012-04-17 10:25 - 2012-07-12 15:12 - 00069000 ____A (Microsoft Corporation) C:\Windows\System32\offreg.dll 2012-04-17 10:25 - 2012-07-12 15:12 - 00056200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\offreg.dll ZeroAccess: C:\Windows\Installer\{b954169c-eadd-b369-a749-4e15d32da830} C:\Windows\Installer\{b954169c-eadd-b369-a749-4e15d32da830}\@ C:\Windows\Installer\{b954169c-eadd-b369-a749-4e15d32da830}\L C:\Windows\Installer\{b954169c-eadd-b369-a749-4e15d32da830}\U C:\Windows\Installer\{b954169c-eadd-b369-a749-4e15d32da830}\L\00000004.@ C:\Windows\Installer\{b954169c-eadd-b369-a749-4e15d32da830}\L\1afb2d56 C:\Windows\Installer\{b954169c-eadd-b369-a749-4e15d32da830}\L\201d3dde C:\Windows\Installer\{b954169c-eadd-b369-a749-4e15d32da830}\U\00000004.@ C:\Windows\Installer\{b954169c-eadd-b369-a749-4e15d32da830}\U\00000008.@ C:\Windows\Installer\{b954169c-eadd-b369-a749-4e15d32da830}\U\000000cb.@ C:\Windows\Installer\{b954169c-eadd-b369-a749-4e15d32da830}\U\80000000.@ C:\Windows\Installer\{b954169c-eadd-b369-a749-4e15d32da830}\U\80000032.@ C:\Windows\Installer\{b954169c-eadd-b369-a749-4e15d32da830}\U\80000064.@ ZeroAccess: C:\Users\Al\AppData\Local\{b954169c-eadd-b369-a749-4e15d32da830} C:\Users\Al\AppData\Local\{b954169c-eadd-b369-a749-4e15d32da830}\@ C:\Users\Al\AppData\Local\{b954169c-eadd-b369-a749-4e15d32da830}\L C:\Users\Al\AppData\Local\{b954169c-eadd-b369-a749-4e15d32da830}\U ZeroAccess: C:\Windows\assembly\GAC_32\Desktop.ini ZeroAccess: C:\Windows\assembly\GAC_64\Desktop.ini ========================= Known DLLs (Whitelisted) ============ ========================= Bamital & volsnap Check ============ C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!. C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ========================= Memory info ====================== Percentage of memory in use: 8% Total physical RAM: 12278.97 MB Available physical RAM: 11287.27 MB Total Pagefile: 12277.12 MB Available Pagefile: 11279.32 MB Total Virtual: 8192 MB Available Virtual: 8191.9 MB ======================= Partitions ========================= 1 Drive c: (OS) (Fixed) (Total:921.08 GB) (Free:739.75 GB) NTFS 3 Drive e: (Crysis 2) (CDROM) (Total:7.59 GB) (Free:0 GB) CDFS 4 Drive f: (RECOVERY) (Fixed) (Total:10.39 GB) (Free:4.56 GB) NTFS ==>[system with boot components (obtained from reading drive)] 5 Drive g: () (Removable) (Total:1.91 GB) (Free:0.54 GB) FAT 11 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 931 GB 0 B Disk 1 Online 1959 MB 0 B Disk 2 No Media 0 B 0 B Disk 3 No Media 0 B 0 B Disk 4 No Media 0 B 0 B Disk 5 No Media 0 B 0 B Disk 6 No Media 0 B 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 OEM 39 MB 31 KB Partition 2 Primary 10 GB 40 MB Partition 3 Primary 921 GB 10 GB ================================================================================== Disk: 0 Partition 1 Type : DE Hidden: Yes Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 10 FAT Partition 39 MB Healthy Hidden ================================================================================== Disk: 0 Partition 2 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 F RECOVERY NTFS Partition 10 GB Healthy ================================================================================== Disk: 0 Partition 3 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 C OS NTFS Partition 921 GB Healthy ================================================================================== Partitions of Disk 1: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 1959 MB 31 KB ================================================================================== Disk: 1 Partition 1 Type : 06 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 4 G FAT Removable 1959 MB Healthy ================================================================================== ========================================================== Last Boot: 2012-07-08 02:30 ======================= End Of Log ==========================

Attached are the logs for RKiller and then the Farbar x64 tool RogueKiller V7.6.3 [07/08/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User: Al [Admin rights] Mode: Scan -- Date: 07/13/2012 15:04:04 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 4 ¤¤¤ [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ [ZeroAccess][FILE] @ : c:\windows\installer\{b954169c-eadd-b369-a749-4e15d32da830}\@ --> FOUND [ZeroAccess][FOLDER] U : c:\windows\installer\{b954169c-eadd-b369-a749-4e15d32da830}\U --> FOUND [ZeroAccess][FOLDER] L : c:\windows\installer\{b954169c-eadd-b369-a749-4e15d32da830}\L --> FOUND [ZeroAccess][FILE] @ : c:\users\al\appdata\local\{b954169c-eadd-b369-a749-4e15d32da830}\@ --> FOUND [ZeroAccess][FOLDER] U : c:\users\al\appdata\local\{b954169c-eadd-b369-a749-4e15d32da830}\U --> FOUND [ZeroAccess][FOLDER] L : c:\users\al\appdata\local\{b954169c-eadd-b369-a749-4e15d32da830}\L --> FOUND [ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_32\desktop.ini --> FOUND [ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_64\desktop.ini --> FOUND ¤¤¤ Driver: [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ZeroAccess ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD1001FAES-75W7A0 +++++ --- User --- [MBR] acf4d5646dcc1decb7ef8b8f2d12ba76 [bSP] b70017239a24bcc9c4980ea39ca71343 : Windows Vista MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 63 | Size: 39 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 81920 | Size: 10642 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 21876736 | Size: 943186 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1].txt >> RKreport[1].txt ----------------------------------------------------- Scan result of Farbar Recovery Scan Tool Version: 11-07-2012 Ran by SYSTEM at 13-07-2012 15:26:57 Running from G:\ Windows 7 Home Premium (X64) OS Language: English(US) The current controlset is ControlSet001 ========================== Registry (Whitelisted) ============= HKLM\...\Run: [iAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation) HKLM-x32\...\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [140520 2009-12-29] (CyberLink Corp.) HKLM-x32\...\Run: [VolPanel] "C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe" /r [237693 2009-02-03] (Creative Technology Ltd) HKLM-x32\...\Run: [sPIRunE] Rundll32 SPIRunE.dll,RunDLLEntry [x] HKLM-x32\...\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation) HKLM-x32\...\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-01-13] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [311296 2010-03-04] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [PSUNMain] "C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" /Traybar [439616 2011-04-28] (Panda Security, S.L.) HKLM-x32\...\Run: [Panda Security URL Filtering] "C:\ProgramData\Panda Security URL Filtering\Panda_URL_Filtering.exe" [217256 2012-03-19] (Panda Security) HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.) HKLM-x32\...\Run: [iolo Startup] "C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe" [938680 2012-04-17] (iolo technologies, LLC) HKU\Al\...\Run: [start WingMan Profiler] [x] HKU\Al\...\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59240 2012-02-23] (Apple Inc.) HKU\Al\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.) HKLM-x32\...\runonceex: [ContentMerger] c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe [19952 2009-06-26] (Sonic Solutions) Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\822\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Startup: C:\Users\Al\Start Menu\Programs\Startup\Dell Dock.lnk ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\All Users\Start Menu\Programs\Startup\WD Backup Monitor.lnk ShortcutTarget: WD Backup Monitor.lnk -> C:\Program Files (x86)\My Book\WD Backup\uBBMonitor.exe (ArcSoft, Inc.) Startup: C:\Users\Default\Start Menu\Programs\Startup\Dell Dock First Run.lnk ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Default User\Start Menu\Programs\Startup\Dell Dock First Run.lnk ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) ==================== Services (Whitelisted) ====== 3 Creative Media Toolbox 6 Licensing Service; "C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\MT6Licensing.exe" [79360 2010-07-17] (Creative Labs) 2 ioloSystemService; "C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe" [1047336 2012-04-17] (iolo technologies, LLC) 2 NanoServiceMain; "C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe" [140608 2011-04-28] (Panda Security, S.L.) 2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [66872 2010-06-30] () Thanks in advance for the help!