Komodo

Members
  • Content count

    8
  • Joined

  • Last visited

About Komodo

  • Rank
    New Member
  1. MrC, you have been fantastic to work with. Thank you for your outstanding professional help. I would like to say I look forward to working with you again, but that would mean I have a problem. Thank you again.

  2. Yes, the scan came up clean. Thank you MrC!!
  3. The computer is running fine. I'm not being redirected anymore while on the internet. There was still one item that came up on the scan. Here is the latest mbam log: Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Database version: v2012.08.19.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Tice :: TICE-HP [administrator] 8/19/2012 5:52:10 PM mbam-log-2012-08-19 (17-52-10).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 202151 Time elapsed: 2 minute(s), 26 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully. (end)
  4. TDSKiller log: 14:56:58.0708 3272 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05 14:56:59.0207 3272 ============================================================ 14:56:59.0207 3272 Current date / time: 2012/08/19 14:56:59.0207 14:56:59.0207 3272 SystemInfo: 14:56:59.0207 3272 14:56:59.0207 3272 OS Version: 6.1.7601 ServicePack: 1.0 14:56:59.0207 3272 Product type: Workstation 14:56:59.0207 3272 ComputerName: TICE-HP 14:56:59.0207 3272 UserName: Tice 14:56:59.0207 3272 Windows directory: C:\Windows 14:56:59.0207 3272 System windows directory: C:\Windows 14:56:59.0207 3272 Running under WOW64 14:56:59.0207 3272 Processor architecture: Intel x64 14:56:59.0207 3272 Number of processors: 2 14:56:59.0207 3272 Page size: 0x1000 14:56:59.0207 3272 Boot type: Normal boot 14:56:59.0207 3272 ============================================================ 14:57:00.0221 3272 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 14:57:00.0377 3272 ============================================================ 14:57:00.0377 3272 \Device\Harddisk0\DR0: 14:57:00.0377 3272 MBR partitions: 14:57:00.0377 3272 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 14:57:00.0377 3272 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x73088000 14:57:00.0377 3272 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x730BA800, BlocksNum 0x164B800 14:57:00.0377 3272 ============================================================ 14:57:00.0393 3272 C: <-> \Device\Harddisk0\DR0\Partition2 14:57:00.0440 3272 D: <-> \Device\Harddisk0\DR0\Partition3 14:57:00.0440 3272 ============================================================ 14:57:00.0455 3272 Initialize success 14:57:00.0455 3272 ============================================================ 14:57:50.0189 3864 ============================================================ 14:57:50.0189 3864 Scan started 14:57:50.0189 3864 Mode: Manual; SigCheck; TDLFS; 14:57:50.0189 3864 ============================================================ 14:57:51.0000 3864 ================ Scan services ============================= 14:57:51.0172 3864 [ a87d604aea360176311474c87a63bb88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 14:57:51.0281 3864 1394ohci - ok 14:57:51.0328 3864 [ d81d9e70b8a6dd14d42d7b4efa65d5f2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 14:57:51.0375 3864 ACPI - ok 14:57:51.0422 3864 [ 99f8e788246d495ce3794d7e7821d2ca ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 14:57:51.0484 3864 AcpiPmi - ok 14:57:51.0624 3864 [ a9d3b95e8466bd58eeb8a1154654e162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 14:57:51.0656 3864 AdobeFlashPlayerUpdateSvc - ok 14:57:51.0718 3864 [ 2f6b34b83843f0c5118b63ac634f5bf4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 14:57:51.0765 3864 adp94xx - ok 14:57:51.0827 3864 [ 597f78224ee9224ea1a13d6350ced962 ] adpahci C:\Windows\system32\drivers\adpahci.sys 14:57:51.0858 3864 adpahci - ok 14:57:51.0874 3864 [ e109549c90f62fb570b9540c4b148e54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 14:57:51.0890 3864 adpu320 - ok 14:57:51.0921 3864 [ 4b78b431f225fd8624c5655cb1de7b61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 14:57:51.0952 3864 AeLookupSvc - ok 14:57:52.0030 3864 [ 1c7857b62de5994a75b054a9fd4c3825 ] AFD C:\Windows\system32\drivers\afd.sys 14:57:52.0092 3864 AFD - ok 14:57:52.0139 3864 [ 608c14dba7299d8cb6ed035a68a15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 14:57:52.0155 3864 agp440 - ok 14:57:52.0155 3864 [ 3290d6946b5e30e70414990574883ddb ] ALG C:\Windows\System32\alg.exe 14:57:52.0170 3864 ALG - ok 14:57:52.0217 3864 [ 5812713a477a3ad7363c7438ca2ee038 ] aliide C:\Windows\system32\drivers\aliide.sys 14:57:52.0248 3864 aliide - ok 14:57:52.0295 3864 [ ca0d6c1390f4b3baf2a0a69d1a7f8332 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe 14:57:52.0358 3864 AMD External Events Utility - ok 14:57:52.0436 3864 AMD FUEL Service - ok 14:57:52.0451 3864 [ 1ff8b4431c353ce385c875f194924c0c ] amdide C:\Windows\system32\drivers\amdide.sys 14:57:52.0467 3864 amdide - ok 14:57:52.0498 3864 [ 6a2eeb0c4133b20773bb3dd0b7b377b4 ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys 14:57:52.0560 3864 amdiox64 - ok 14:57:52.0592 3864 [ 7024f087cff1833a806193ef9d22cda9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 14:57:52.0607 3864 AmdK8 - ok 14:57:52.0779 3864 [ 75e4baca583ae02c11e9ac8747e2abe0 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys 14:57:52.0888 3864 amdkmdag - ok 14:57:52.0904 3864 [ b765cf4b32f347be747b21ae22641025 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys 14:57:52.0919 3864 amdkmdap - ok 14:57:52.0982 3864 [ 1e56388b3fe0d031c44144eb8c4d6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys 14:57:53.0028 3864 AmdPPM - ok 14:57:53.0091 3864 [ d4121ae6d0c0e7e13aa221aa57ef2d49 ] amdsata C:\Windows\system32\drivers\amdsata.sys 14:57:53.0122 3864 amdsata - ok 14:57:53.0138 3864 [ f67f933e79241ed32ff46a4f29b5120b ] amdsbs C:\Windows\system32\drivers\amdsbs.sys 14:57:53.0153 3864 amdsbs - ok 14:57:53.0169 3864 [ 540daf1cea6094886d72126fd7c33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys 14:57:53.0184 3864 amdxata - ok 14:57:53.0200 3864 [ caee7c1afc9f1c9ee8dd11acd18d22e7 ] amd_sata C:\Windows\system32\drivers\amd_sata.sys 14:57:53.0200 3864 amd_sata - ok 14:57:53.0216 3864 [ 23726116b4fbcc84fc45b95157c08f5f ] amd_xata C:\Windows\system32\drivers\amd_xata.sys 14:57:53.0231 3864 amd_xata - ok 14:57:53.0262 3864 AODDriver4.0 - ok 14:57:53.0325 3864 [ 89a69c3f2f319b43379399547526d952 ] AppID C:\Windows\system32\drivers\appid.sys 14:57:53.0418 3864 AppID - ok 14:57:53.0434 3864 [ 0bc381a15355a3982216f7172f545de1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 14:57:53.0465 3864 AppIDSvc - ok 14:57:53.0465 3864 [ 3977d4a871ca0d4f2ed1e7db46829731 ] Appinfo C:\Windows\System32\appinfo.dll 14:57:53.0496 3864 Appinfo - ok 14:57:53.0574 3864 [ 20f6f19fe9e753f2780dc2fa083ad597 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 14:57:53.0606 3864 Apple Mobile Device - ok 14:57:53.0699 3864 [ c484f8ceb1717c540242531db7845c4e ] arc C:\Windows\system32\drivers\arc.sys 14:57:53.0715 3864 arc - ok 14:57:53.0730 3864 [ 019af6924aefe7839f61c830227fe79c ] arcsas C:\Windows\system32\drivers\arcsas.sys 14:57:53.0746 3864 arcsas - ok 14:57:53.0840 3864 [ 9217d874131ae6ff8f642f124f00a555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 14:57:53.0871 3864 aspnet_state - ok 14:57:53.0918 3864 [ 5a68b880c16ad5a6aa20b49a47ffff24 ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys 14:57:53.0949 3864 aswFsBlk - ok 14:57:53.0964 3864 [ 230613be2d3da8053879be5ed2848f2d ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys 14:57:53.0980 3864 aswMonFlt - ok 14:57:54.0011 3864 [ 0dc1996ae4178d7d14744ef6b3082313 ] aswRdr C:\Windows\system32\drivers\aswRdr.sys 14:57:54.0042 3864 aswRdr - ok 14:57:54.0074 3864 [ b6ff911c23775cdfdd49612d92637af4 ] aswSnx C:\Windows\system32\drivers\aswSnx.sys 14:57:54.0089 3864 aswSnx - ok 14:57:54.0120 3864 [ 5a590d8516376aed1829fc07d3bdaa4b ] aswSP C:\Windows\system32\drivers\aswSP.sys 14:57:54.0136 3864 aswSP - ok 14:57:54.0152 3864 [ 3239c0082fb0c1c4ee323730b85690a5 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys 14:57:54.0152 3864 aswTdi - ok 14:57:54.0214 3864 [ 769765ce2cc62867468cea93969b2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 14:57:54.0276 3864 AsyncMac - ok 14:57:54.0323 3864 [ 02062c0b390b7729edc9e69c680a6f3c ] atapi C:\Windows\system32\drivers\atapi.sys 14:57:54.0354 3864 atapi - ok 14:57:54.0417 3864 [ 4bf5bca6e2608cd8a00bc4a6673a9f47 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys 14:57:54.0432 3864 AtiHDAudioService - ok 14:57:54.0479 3864 [ e82e61f46d1336447f4deff8c074f13e ] AtiPcie C:\Windows\system32\drivers\AtiPcie64.sys 14:57:54.0495 3864 AtiPcie - ok 14:57:54.0526 3864 [ f23fef6d569fce88671949894a8becf1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 14:57:54.0557 3864 AudioEndpointBuilder - ok 14:57:54.0573 3864 [ f23fef6d569fce88671949894a8becf1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 14:57:54.0604 3864 AudioSrv - ok 14:57:54.0682 3864 [ c76769f246250edad34a5581419e9d60 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe 14:57:54.0713 3864 avast! Antivirus - ok 14:57:54.0744 3864 [ a6bf31a71b409dfa8cac83159e1e2aff ] AxInstSV C:\Windows\System32\AxInstSV.dll 14:57:54.0776 3864 AxInstSV - ok 14:57:54.0838 3864 [ 3e5b191307609f7514148c6832bb0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys 14:57:54.0900 3864 b06bdrv - ok 14:57:54.0963 3864 [ b5ace6968304a3900eeb1ebfd9622df2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 14:57:55.0010 3864 b57nd60a - ok 14:57:55.0056 3864 [ fde360167101b4e45a96f939f388aeb0 ] BDESVC C:\Windows\System32\bdesvc.dll 14:57:55.0103 3864 BDESVC - ok 14:57:55.0119 3864 [ 16a47ce2decc9b099349a5f840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 14:57:55.0166 3864 Beep - ok 14:57:55.0197 3864 [ 82974d6a2fd19445cc5171fc378668a4 ] BFE C:\Windows\System32\bfe.dll 14:57:55.0228 3864 BFE - ok 14:57:55.0275 3864 [ 61583ee3c3a17003c4acd0475646b4d3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys 14:57:55.0306 3864 blbdrive - ok 14:57:55.0337 3864 [ 1c87705ccb2f60172b0fc86b5d82f00d ] Bonjour Service C:\Program Files (x86)\Bonjour\mDNSResponder.exe 14:57:55.0368 3864 Bonjour Service - ok 14:57:55.0493 3864 [ 6c02a83164f5cc0a262f4199f0871cf5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 14:57:55.0587 3864 bowser - ok 14:57:55.0680 3864 [ f09eee9edc320b5e1501f749fde686c8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys 14:57:55.0712 3864 BrFiltLo - ok 14:57:55.0727 3864 [ b114d3098e9bdb8bea8b053685831be6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys 14:57:55.0758 3864 BrFiltUp - ok 14:57:55.0805 3864 [ 5c2f352a4e961d72518261257aae204b ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys 14:57:55.0836 3864 BridgeMP - ok 14:57:55.0899 3864 [ 8ef0d5c41ec907751b8429162b1239ed ] Browser C:\Windows\System32\browser.dll 14:57:55.0961 3864 Browser - ok 14:57:56.0008 3864 [ 6df544e72ff139e8fbbba6d0e569bea5 ] BrSerIb C:\Windows\system32\DRIVERS\BrSerIb.sys 14:57:56.0070 3864 BrSerIb - ok 14:57:56.0086 3864 [ 43bea8d483bf1870f018e2d02e06a5bd ] Brserid C:\Windows\System32\Drivers\Brserid.sys 14:57:56.0117 3864 Brserid - ok 14:57:56.0148 3864 [ a6eca2151b08a09caceca35c07f05b42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 14:57:56.0164 3864 BrSerWdm - ok 14:57:56.0226 3864 [ b79968002c277e869cf38bd22cd61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 14:57:56.0273 3864 BrUsbMdm - ok 14:57:56.0289 3864 [ a87528880231c54e75ea7a44943b38bf ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 14:57:56.0304 3864 BrUsbSer - ok 14:57:56.0336 3864 [ 80082ad46578f0d3270d2e56d6433082 ] BrUsbSIb C:\Windows\system32\DRIVERS\BrUsbSIb.sys 14:57:56.0367 3864 BrUsbSIb - ok 14:57:56.0429 3864 [ ea7e57f87d6fee5fd6c5f813c04e8cd2 ] BrYNSvc C:\Program Files (x86)\Browny02\BrYNSvc.exe 14:57:56.0445 3864 BrYNSvc ( UnsignedFile.Multi.Generic ) - warning 14:57:56.0445 3864 BrYNSvc - detected UnsignedFile.Multi.Generic (1) 14:57:56.0476 3864 [ 9da669f11d1f894ab4eb69bf546a42e8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 14:57:56.0492 3864 BTHMODEM - ok 14:57:56.0538 3864 [ 95f9c2976059462cbbf227f7aab10de9 ] bthserv C:\Windows\system32\bthserv.dll 14:57:56.0632 3864 bthserv - ok 14:57:56.0663 3864 catchme - ok 14:57:56.0726 3864 [ b8bd2bb284668c84865658c77574381a ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 14:57:56.0772 3864 cdfs - ok 14:57:56.0819 3864 [ f036ce71586e93d94dab220d7bdf4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 14:57:56.0866 3864 cdrom - ok 14:57:56.0913 3864 [ f17d1d393bbc69c5322fbfafaca28c7f ] CertPropSvc C:\Windows\System32\certprop.dll 14:57:56.0960 3864 CertPropSvc - ok 14:57:56.0960 3864 [ d7cd5c4e1b71fa62050515314cfb52cf ] circlass C:\Windows\system32\drivers\circlass.sys 14:57:56.0975 3864 circlass - ok 14:57:57.0006 3864 [ fe1ec06f2253f691fe36217c592a0206 ] CLFS C:\Windows\system32\CLFS.sys 14:57:57.0006 3864 CLFS - ok 14:57:57.0084 3864 [ d88040f816fda31c3b466f0fa0918f29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 14:57:57.0116 3864 clr_optimization_v2.0.50727_32 - ok 14:57:57.0131 3864 [ d1ceea2b47cb998321c579651ce3e4f8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 14:57:57.0147 3864 clr_optimization_v2.0.50727_64 - ok 14:57:57.0240 3864 [ c5a75eb48e2344abdc162bda79e16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 14:57:57.0272 3864 clr_optimization_v4.0.30319_32 - ok 14:57:57.0303 3864 [ c6f9af94dcd58122a4d7e89db6bed29d ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 14:57:57.0318 3864 clr_optimization_v4.0.30319_64 - ok 14:57:57.0350 3864 [ 0840155d0bddf1190f84a663c284bd33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys 14:57:57.0365 3864 CmBatt - ok 14:57:57.0396 3864 [ e19d3f095812725d88f9001985b94edd ] cmdide C:\Windows\system32\drivers\cmdide.sys 14:57:57.0412 3864 cmdide - ok 14:57:57.0490 3864 [ 9ac4f97c2d3e93367e2148ea940cd2cd ] CNG C:\Windows\system32\Drivers\cng.sys 14:57:57.0521 3864 CNG - ok 14:57:57.0552 3864 [ 102de219c3f61415f964c88e9085ad14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys 14:57:57.0568 3864 Compbatt - ok 14:57:57.0615 3864 [ 03edb043586cceba243d689bdda370a8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 14:57:57.0662 3864 CompositeBus - ok 14:57:57.0677 3864 COMSysApp - ok 14:57:57.0693 3864 [ 1c827878a998c18847245fe1f34ee597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 14:57:57.0708 3864 crcdisk - ok 14:57:57.0740 3864 [ 4f5414602e2544a4554d95517948b705 ] CryptSvc C:\Windows\system32\cryptsvc.dll 14:57:57.0755 3864 CryptSvc - ok 14:57:57.0802 3864 [ 5c627d1b1138676c0a7ab2c2c190d123 ] DcomLaunch C:\Windows\system32\rpcss.dll 14:57:57.0849 3864 DcomLaunch - ok 14:57:57.0911 3864 [ 3cec7631a84943677aa8fa8ee5b6b43d ] defragsvc C:\Windows\System32\defragsvc.dll 14:57:57.0974 3864 defragsvc - ok 14:57:57.0989 3864 [ 9bb2ef44eaa163b29c4a4587887a0fe4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 14:57:58.0020 3864 DfsC - ok 14:57:58.0083 3864 [ 43d808f5d9e1a18e5eeb5ebc83969e4e ] Dhcp C:\Windows\system32\dhcpcore.dll 14:57:58.0176 3864 Dhcp - ok 14:57:58.0239 3864 [ 13096b05847ec78f0977f2c0f79e9ab3 ] discache C:\Windows\system32\drivers\discache.sys 14:57:58.0301 3864 discache - ok 14:57:58.0410 3864 [ 9819eee8b5ea3784ec4af3b137a5244c ] Disk C:\Windows\system32\drivers\disk.sys 14:57:58.0473 3864 Disk - ok 14:57:58.0629 3864 [ 16835866aaa693c7d7fceba8fff706e4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 14:57:58.0754 3864 Dnscache - ok 14:57:58.0816 3864 [ b1fb3ddca0fdf408750d5843591afbc6 ] dot3svc C:\Windows\System32\dot3svc.dll 14:57:58.0878 3864 dot3svc - ok 14:57:58.0878 3864 [ b26f4f737e8f9df4f31af6cf31d05820 ] DPS C:\Windows\system32\dps.dll 14:57:58.0910 3864 DPS - ok 14:57:58.0956 3864 [ 9b19f34400d24df84c858a421c205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 14:57:58.0972 3864 drmkaud - ok 14:57:59.0019 3864 [ 1cecd1252261153c7873b5d9eb259d65 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys 14:57:59.0034 3864 dtsoftbus01 - ok 14:57:59.0066 3864 [ f5bee30450e18e6b83a5012c100616fd ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 14:57:59.0081 3864 DXGKrnl - ok 14:57:59.0112 3864 [ e2dda8726da9cb5b2c4000c9018a9633 ] EapHost C:\Windows\System32\eapsvc.dll 14:57:59.0128 3864 EapHost - ok 14:57:59.0190 3864 [ dc5d737f51be844d8c82c695eb17372f ] ebdrv C:\Windows\system32\drivers\evbda.sys 14:57:59.0237 3864 ebdrv - ok 14:57:59.0253 3864 [ c118a82cd78818c29ab228366ebf81c3 ] EFS C:\Windows\System32\lsass.exe 14:57:59.0268 3864 EFS - ok 14:57:59.0315 3864 [ c4002b6b41975f057d98c439030cea07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 14:57:59.0378 3864 ehRecvr - ok 14:57:59.0393 3864 [ 4705e8ef9934482c5bb488ce28afc681 ] ehSched C:\Windows\ehome\ehsched.exe 14:57:59.0409 3864 ehSched - ok 14:57:59.0471 3864 [ 0e5da5369a0fcaea12456dd852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys 14:57:59.0502 3864 elxstor - ok 14:57:59.0534 3864 [ 34a3c54752046e79a126e15c51db409b ] ErrDev C:\Windows\system32\drivers\errdev.sys 14:57:59.0549 3864 ErrDev - ok 14:57:59.0643 3864 esgiguard - ok 14:57:59.0705 3864 [ 4166f82be4d24938977dd1746be9b8a0 ] EventSystem C:\Windows\system32\es.dll 14:57:59.0768 3864 EventSystem - ok 14:57:59.0830 3864 [ a510c654ec00c1e9bdd91eeb3a59823b ] exfat C:\Windows\system32\drivers\exfat.sys 14:57:59.0877 3864 exfat - ok 14:57:59.0892 3864 [ 0adc83218b66a6db380c330836f3e36d ] fastfat C:\Windows\system32\drivers\fastfat.sys 14:57:59.0939 3864 fastfat - ok 14:57:59.0986 3864 [ dbefd454f8318a0ef691fdd2eaab44eb ] Fax C:\Windows\system32\fxssvc.exe 14:58:00.0064 3864 Fax - ok 14:58:00.0080 3864 [ d765d19cd8ef61f650c384f62fac00ab ] fdc C:\Windows\system32\drivers\fdc.sys 14:58:00.0095 3864 fdc - ok 14:58:00.0173 3864 [ 0438cab2e03f4fb61455a7956026fe86 ] fdPHost C:\Windows\system32\fdPHost.dll 14:58:00.0251 3864 fdPHost - ok 14:58:00.0251 3864 [ 802496cb59a30349f9a6dd22d6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 14:58:00.0267 3864 FDResPub - ok 14:58:00.0298 3864 [ 655661be46b5f5f3fd454e2c3095b930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 14:58:00.0329 3864 FileInfo - ok 14:58:00.0345 3864 [ 5f671ab5bc87eea04ec38a6cd5962a47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 14:58:00.0376 3864 Filetrace - ok 14:58:00.0392 3864 [ c172a0f53008eaeb8ea33fe10e177af5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys 14:58:00.0407 3864 flpydisk - ok 14:58:00.0407 3864 [ da6b67270fd9db3697b20fce94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 14:58:00.0423 3864 FltMgr - ok 14:58:00.0454 3864 [ 5c4cb4086fb83115b153e47add961a0c ] FontCache C:\Windows\system32\FntCache.dll 14:58:00.0485 3864 FontCache - ok 14:58:00.0516 3864 [ a8b7f3818ab65695e3a0bb3279f6dce6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 14:58:00.0516 3864 FontCache3.0.0.0 - ok 14:58:00.0532 3864 [ d43703496149971890703b4b1b723eac ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 14:58:00.0548 3864 FsDepends - ok 14:58:00.0594 3864 [ 6bd9295cc032dd3077c671fccf579a7b ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 14:58:00.0626 3864 Fs_Rec - ok 14:58:00.0672 3864 [ 1f7b25b858fa27015169fe95e54108ed ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 14:58:00.0735 3864 fvevol - ok 14:58:00.0782 3864 [ 8c778d335c9d272cfd3298ab02abe3b6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 14:58:00.0797 3864 gagp30kx - ok 14:58:00.0844 3864 [ c403c5db49a0f9aaf4f2128edc0106d8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe 14:58:00.0875 3864 GamesAppService - ok 14:58:00.0922 3864 [ e403aacf8c7bb11375122d2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 14:58:00.0953 3864 GEARAspiWDM - ok 14:58:01.0000 3864 [ 277bbc7e1aa1ee957f573a10eca7ef3a ] gpsvc C:\Windows\System32\gpsvc.dll 14:58:01.0047 3864 gpsvc - ok 14:58:01.0156 3864 [ c1b577b2169900f4cf7190c39f085794 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe 14:58:01.0187 3864 gusvc - ok 14:58:01.0203 3864 [ f2523ef6460fc42405b12248338ab2f0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 14:58:01.0234 3864 hcw85cir - ok 14:58:01.0265 3864 [ 975761c778e33cd22498059b91e7373a ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 14:58:01.0296 3864 HdAudAddService - ok 14:58:01.0312 3864 [ 97bfed39b6b79eb12cddbfeed51f56bb ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 14:58:01.0328 3864 HDAudBus - ok 14:58:01.0359 3864 [ 78e86380454a7b10a5eb255dc44a355f ] HidBatt C:\Windows\system32\drivers\HidBatt.sys 14:58:01.0390 3864 HidBatt - ok 14:58:01.0406 3864 [ 7fd2a313f7afe5c4dab14798c48dd104 ] HidBth C:\Windows\system32\drivers\hidbth.sys 14:58:01.0437 3864 HidBth - ok 14:58:01.0437 3864 [ 0a77d29f311b88cfae3b13f9c1a73825 ] HidIr C:\Windows\system32\drivers\hidir.sys 14:58:01.0452 3864 HidIr - ok 14:58:01.0484 3864 [ bd9eb3958f213f96b97b1d897dee006d ] hidserv C:\Windows\System32\hidserv.dll 14:58:01.0515 3864 hidserv - ok 14:58:01.0593 3864 [ 9592090a7e2b61cd582b612b6df70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 14:58:01.0624 3864 HidUsb - ok 14:58:01.0671 3864 [ 387e72e739e15e3d37907a86d9ff98e2 ] hkmsvc C:\Windows\system32\kmsvc.dll 14:58:01.0749 3864 hkmsvc - ok 14:58:01.0764 3864 [ efdfb3dd38a4376f93e7985173813abd ] HomeGroupListener C:\Windows\system32\ListSvc.dll 14:58:01.0796 3864 HomeGroupListener - ok 14:58:01.0811 3864 [ 908acb1f594274965a53926b10c81e89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 14:58:01.0842 3864 HomeGroupProvider - ok 14:58:01.0936 3864 [ 170233b8d743efe35f462a5d516b93e3 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe 14:58:01.0952 3864 HP Support Assistant Service - ok 14:58:01.0998 3864 [ 6a181452d4e240b8ecc7614b9a19bde9 ] HPClientSvc C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe 14:58:02.0030 3864 HPClientSvc - ok 14:58:02.0092 3864 [ bcc4a8b2e2e902f52e7f2e7d8e125765 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe 14:58:02.0123 3864 HPDrvMntSvc.exe - ok 14:58:02.0170 3864 [ ec9739a46f1f83c6e52a7a4697f44a65 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe 14:58:02.0186 3864 hpqwmiex - ok 14:58:02.0232 3864 [ 39d2abcd392f3d8a6dce7b60ae7b8efc ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 14:58:02.0264 3864 HpSAMD - ok 14:58:02.0295 3864 [ 0ea7de1acb728dd5a369fd742d6eee28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 14:58:02.0342 3864 HTTP - ok 14:58:02.0388 3864 [ a5462bd6884960c9dc85ed49d34ff392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 14:58:02.0420 3864 hwpolicy - ok 14:58:02.0466 3864 [ fa55c73d4affa7ee23ac4be53b4592d3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys 14:58:02.0482 3864 i8042prt - ok 14:58:02.0544 3864 [ aaaf44db3bd0b9d1fb6969b23ecc8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 14:58:02.0576 3864 iaStorV - ok 14:58:02.0669 3864 [ 1cf03c69b49acb70c722df92755c0c8c ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe 14:58:02.0685 3864 IDriverT ( UnsignedFile.Multi.Generic ) - warning 14:58:02.0685 3864 IDriverT - detected UnsignedFile.Multi.Generic (1) 14:58:02.0747 3864 [ 5988fc40f8db5b0739cd1e3a5d0d78bd ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 14:58:02.0778 3864 idsvc - ok 14:58:02.0903 3864 [ a87261ef1546325b559374f5689cf5bc ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys 14:58:03.0012 3864 igfx - ok 14:58:03.0075 3864 [ 5c18831c61933628f5bb0ea2675b9d21 ] iirsp C:\Windows\system32\drivers\iirsp.sys 14:58:03.0106 3864 iirsp - ok 14:58:03.0184 3864 [ fcd84c381e0140af901e58d48882d26b ] IKEEXT C:\Windows\System32\ikeext.dll 14:58:03.0278 3864 IKEEXT - ok 14:58:03.0387 3864 [ 589b94a9b73a0e819ff873743a480834 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys 14:58:03.0480 3864 IntcAzAudAddService - ok 14:58:03.0496 3864 [ f00f20e70c6ec3aa366910083a0518aa ] intelide C:\Windows\system32\drivers\intelide.sys 14:58:03.0512 3864 intelide - ok 14:58:03.0558 3864 [ ada036632c664caa754079041cf1f8c1 ] intelppm C:\Windows\system32\drivers\intelppm.sys 14:58:03.0605 3864 intelppm - ok 14:58:03.0652 3864 [ 098a91c54546a3b878dad6a7e90a455b ] IPBusEnum C:\Windows\system32\ipbusenum.dll 14:58:03.0730 3864 IPBusEnum - ok 14:58:03.0746 3864 [ c9f0e1bd74365a8771590e9008d22ab6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 14:58:03.0808 3864 IpFilterDriver - ok 14:58:03.0808 3864 [ a34a587fffd45fa649fba6d03784d257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 14:58:03.0839 3864 iphlpsvc - ok 14:58:03.0870 3864 [ 0fc1aea580957aa8817b8f305d18ca3a ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 14:58:03.0886 3864 IPMIDRV - ok 14:58:03.0902 3864 [ af9b39a7e7b6caa203b3862582e9f2d0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 14:58:03.0933 3864 IPNAT - ok 14:58:03.0995 3864 [ b7cb0b121962cd89f98c0dd89331b0c0 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 14:58:04.0026 3864 iPod Service - ok 14:58:04.0026 3864 [ 3abf5e7213eb28966d55d58b515d5ce9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 14:58:04.0042 3864 IRENUM - ok 14:58:04.0058 3864 [ 2f7b28dc3e1183e5eb418df55c204f38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 14:58:04.0058 3864 isapnp - ok 14:58:04.0073 3864 [ d931d7309deb2317035b07c9f9e6b0bd ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 14:58:04.0089 3864 iScsiPrt - ok 14:58:04.0104 3864 [ bc02336f1cba7dcc7d1213bb588a68a5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 14:58:04.0120 3864 kbdclass - ok 14:58:04.0136 3864 [ 0705eff5b42a9db58548eec3b26bb484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 14:58:04.0167 3864 kbdhid - ok 14:58:04.0214 3864 [ c118a82cd78818c29ab228366ebf81c3 ] KeyIso C:\Windows\system32\lsass.exe 14:58:04.0245 3864 KeyIso - ok 14:58:04.0276 3864 [ 97a7070aea4c058b6418519e869a63b4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 14:58:04.0292 3864 KSecDD - ok 14:58:04.0292 3864 [ 26c43a7c2862447ec59deda188d1da07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 14:58:04.0307 3864 KSecPkg - ok 14:58:04.0338 3864 [ 6869281e78cb31a43e969f06b57347c4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 14:58:04.0416 3864 ksthunk - ok 14:58:04.0448 3864 [ 6ab66e16aa859232f64deb66887a8c9c ] KtmRm C:\Windows\system32\msdtckrm.dll 14:58:04.0494 3864 KtmRm - ok 14:58:04.0557 3864 [ d9f42719019740baa6d1c6d536cbdaa6 ] LanmanServer C:\Windows\System32\srvsvc.dll 14:58:04.0619 3864 LanmanServer - ok 14:58:04.0697 3864 [ 851a1382eed3e3a7476db004f4ee3e1a ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 14:58:04.0760 3864 LanmanWorkstation - ok 14:58:04.0806 3864 [ 1538831cf8ad2979a04c423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 14:58:04.0869 3864 lltdio - ok 14:58:04.0916 3864 [ c1185803384ab3feed115f79f109427f ] lltdsvc C:\Windows\System32\lltdsvc.dll 14:58:05.0009 3864 lltdsvc - ok 14:58:05.0009 3864 [ f993a32249b66c9d622ea5592a8b76b8 ] lmhosts C:\Windows\System32\lmhsvc.dll 14:58:05.0040 3864 lmhosts - ok 14:58:05.0087 3864 [ 1a93e54eb0ece102495a51266dcdb6a6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 14:58:05.0118 3864 LSI_FC - ok 14:58:05.0134 3864 [ 1047184a9fdc8bdbff857175875ee810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 14:58:05.0150 3864 LSI_SAS - ok 14:58:05.0165 3864 [ 30f5c0de1ee8b5bc9306c1f0e4a75f93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys 14:58:05.0181 3864 LSI_SAS2 - ok 14:58:05.0212 3864 [ 0504eacaff0d3c8aed161c4b0d369d4a ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 14:58:05.0212 3864 LSI_SCSI - ok 14:58:05.0274 3864 [ 43d0f98e1d56ccddb0d5254cff7b356e ] luafv C:\Windows\system32\drivers\luafv.sys 14:58:05.0321 3864 luafv - ok 14:58:05.0384 3864 [ 2757f2e17c452e24682eb0ccea74997d ] mcdbus C:\Windows\system32\DRIVERS\mcdbus.sys 14:58:05.0415 3864 mcdbus - ok 14:58:05.0446 3864 [ 0be09cd858abf9df6ed259d57a1a1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 14:58:05.0462 3864 Mcx2Svc - ok 14:58:05.0477 3864 [ a55805f747c6edb6a9080d7c633bd0f4 ] megasas C:\Windows\system32\drivers\megasas.sys 14:58:05.0493 3864 megasas - ok 14:58:05.0540 3864 [ baf74ce0072480c3b6b7c13b2a94d6b3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys 14:58:05.0571 3864 MegaSR - ok 14:58:05.0649 3864 [ fafe367d032ed82e9332b4c741a20216 ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe 14:58:05.0680 3864 Microsoft Office Groove Audit Service - ok 14:58:05.0727 3864 [ e40e80d0304a73e8d269f7141d77250b ] MMCSS C:\Windows\system32\mmcss.dll 14:58:05.0852 3864 MMCSS - ok 14:58:05.0914 3864 [ 800ba92f7010378b09f9ed9270f07137 ] Modem C:\Windows\system32\drivers\modem.sys 14:58:06.0039 3864 Modem - ok 14:58:06.0086 3864 [ b03d591dc7da45ece20b3b467e6aadaa ] monitor C:\Windows\system32\DRIVERS\monitor.sys 14:58:06.0132 3864 monitor - ok 14:58:06.0164 3864 [ 7d27ea49f3c1f687d357e77a470aea99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 14:58:06.0179 3864 mouclass - ok 14:58:06.0242 3864 [ d3bf052c40b0c4166d9fd86a4288c1e6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 14:58:06.0288 3864 mouhid - ok 14:58:06.0288 3864 [ 32e7a3d591d671a6df2db515a5cbe0fa ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 14:58:06.0304 3864 mountmgr - ok 14:58:06.0382 3864 [ 46297fa8e30a6007f14118fc2b942fbc ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 14:58:06.0413 3864 MozillaMaintenance - ok 14:58:06.0429 3864 [ a44b420d30bd56e145d6a2bc8768ec58 ] mpio C:\Windows\system32\drivers\mpio.sys 14:58:06.0444 3864 mpio - ok 14:58:06.0460 3864 [ 6c38c9e45ae0ea2fa5e551f2ed5e978f ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 14:58:06.0491 3864 mpsdrv - ok 14:58:06.0569 3864 [ 54ffc9c8898113ace189d4aa7199d2c1 ] MpsSvc C:\Windows\system32\mpssvc.dll 14:58:06.0632 3864 MpsSvc - ok 14:58:06.0647 3864 [ dc722758b8261e1abafd31a3c0a66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 14:58:06.0663 3864 MRxDAV - ok 14:58:06.0694 3864 [ a5d9106a73dc88564c825d317cac68ac ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 14:58:06.0725 3864 mrxsmb - ok 14:58:06.0741 3864 [ d711b3c1d5f42c0c2415687be09fc163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 14:58:06.0756 3864 mrxsmb10 - ok 14:58:06.0772 3864 [ 9423e9d355c8d303e76b8cfbd8a5c30c ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 14:58:06.0788 3864 mrxsmb20 - ok 14:58:06.0803 3864 [ c25f0bafa182cbca2dd3c851c2e75796 ] msahci C:\Windows\system32\drivers\msahci.sys 14:58:06.0803 3864 msahci - ok 14:58:06.0819 3864 [ db801a638d011b9633829eb6f663c900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 14:58:06.0834 3864 msdsm - ok 14:58:06.0866 3864 [ de0ece52236cfa3ed2dbfc03f28253a8 ] MSDTC C:\Windows\System32\msdtc.exe 14:58:06.0881 3864 MSDTC - ok 14:58:06.0897 3864 [ aa3fb40e17ce1388fa1bedab50ea8f96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 14:58:06.0928 3864 Msfs - ok 14:58:06.0944 3864 [ f9d215a46a8b9753f61767fa72a20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 14:58:07.0022 3864 mshidkmdf - ok 14:58:07.0037 3864 [ d916874bbd4f8b07bfb7fa9b3ccae29d ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 14:58:07.0037 3864 msisadrv - ok 14:58:07.0068 3864 [ 808e98ff49b155c522e6400953177b08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 14:58:07.0100 3864 MSiSCSI - ok 14:58:07.0100 3864 msiserver - ok 14:58:07.0115 3864 [ 49ccf2c4fea34ffad8b1b59d49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 14:58:07.0146 3864 MSKSSRV - ok 14:58:07.0146 3864 [ bdd71ace35a232104ddd349ee70e1ab3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 14:58:07.0193 3864 MSPCLOCK - ok 14:58:07.0193 3864 [ 4ed981241db27c3383d72092b618a1d0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 14:58:07.0224 3864 MSPQM - ok 14:58:07.0256 3864 [ 759a9eeb0fa9ed79da1fb7d4ef78866d ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 14:58:07.0271 3864 MsRPC - ok 14:58:07.0287 3864 [ 0eed230e37515a0eaee3c2e1bc97b288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 14:58:07.0302 3864 mssmbios - ok 14:58:07.0302 3864 [ 2e66f9ecb30b4221a318c92ac2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 14:58:07.0334 3864 MSTEE - ok 14:58:07.0349 3864 [ 7ea404308934e675bffde8edf0757bcd ] MTConfig C:\Windows\system32\drivers\MTConfig.sys 14:58:07.0365 3864 MTConfig - ok 14:58:07.0365 3864 [ f9a18612fd3526fe473c1bda678d61c8 ] Mup C:\Windows\system32\Drivers\mup.sys 14:58:07.0365 3864 Mup - ok 14:58:07.0396 3864 [ 582ac6d9873e31dfa28a4547270862dd ] napagent C:\Windows\system32\qagentRT.dll 14:58:07.0443 3864 napagent - ok 14:58:07.0490 3864 [ 1ea3749c4114db3e3161156ffffa6b33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 14:58:07.0536 3864 NativeWifiP - ok 14:58:07.0599 3864 [ 79b47fd40d9a817e932f9d26fac0a81c ] NDIS C:\Windows\system32\drivers\ndis.sys 14:58:07.0630 3864 NDIS - ok 14:58:07.0646 3864 [ 9f9a1f53aad7da4d6fef5bb73ab811ac ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 14:58:07.0661 3864 NdisCap - ok 14:58:07.0708 3864 [ 30639c932d9fef22b31268fe25a1b6e5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 14:58:07.0770 3864 NdisTapi - ok 14:58:07.0770 3864 [ 136185f9fb2cc61e573e676aa5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 14:58:07.0802 3864 Ndisuio - ok 14:58:07.0802 3864 [ 53f7305169863f0a2bddc49e116c2e11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 14:58:07.0833 3864 NdisWan - ok 14:58:07.0848 3864 [ 015c0d8e0e0421b4cfd48cffe2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 14:58:07.0864 3864 NDProxy - ok 14:58:07.0895 3864 [ 86743d9f5d2b1048062b14b1d84501c4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 14:58:07.0926 3864 NetBIOS - ok 14:58:07.0942 3864 [ 09594d1089c523423b32a4229263f068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 14:58:07.0958 3864 NetBT - ok 14:58:07.0973 3864 [ c118a82cd78818c29ab228366ebf81c3 ] Netlogon C:\Windows\system32\lsass.exe 14:58:07.0989 3864 Netlogon - ok 14:58:08.0051 3864 [ 847d3ae376c0817161a14a82c8922a9e ] Netman C:\Windows\System32\netman.dll 14:58:08.0145 3864 Netman - ok 14:58:08.0176 3864 [ d22cd77d4f0d63d1169bb35911bff12d ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 14:58:08.0192 3864 NetMsmqActivator - ok 14:58:08.0192 3864 [ d22cd77d4f0d63d1169bb35911bff12d ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 14:58:08.0207 3864 NetPipeActivator - ok 14:58:08.0207 3864 [ 5f28111c648f1e24f7dbc87cdeb091b8 ] netprofm C:\Windows\System32\netprofm.dll 14:58:08.0254 3864 netprofm - ok 14:58:08.0332 3864 [ 24cf1304d899124336f67f88f3c15e21 ] netr28x C:\Windows\system32\DRIVERS\netr28x.sys 14:58:08.0394 3864 netr28x - ok 14:58:08.0394 3864 [ d22cd77d4f0d63d1169bb35911bff12d ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 14:58:08.0426 3864 NetTcpActivator - ok 14:58:08.0426 3864 [ d22cd77d4f0d63d1169bb35911bff12d ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 14:58:08.0441 3864 NetTcpPortSharing - ok 14:58:08.0472 3864 [ 77889813be4d166cdab78ddba990da92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 14:58:08.0488 3864 nfrd960 - ok 14:58:08.0550 3864 [ 1ee99a89cc788ada662441d1e9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll 14:58:08.0644 3864 NlaSvc - ok 14:58:08.0660 3864 [ 1e4c4ab5c9b8dd13179bbdc75a2a01f7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 14:58:08.0675 3864 Npfs - ok 14:58:08.0691 3864 [ d54bfdf3e0c953f823b3d0bfe4732528 ] nsi C:\Windows\system32\nsisvc.dll 14:58:08.0722 3864 nsi - ok 14:58:08.0722 3864 [ e7f5ae18af4168178a642a9247c63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 14:58:08.0738 3864 nsiproxy - ok 14:58:08.0800 3864 [ a2f74975097f52a00745f9637451fdd8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 14:58:08.0831 3864 Ntfs - ok 14:58:08.0847 3864 [ 9899284589f75fa8724ff3d16aed75c1 ] Null C:\Windows\system32\drivers\Null.sys 14:58:08.0862 3864 Null - ok 14:58:08.0909 3864 [ 0a92cb65770442ed0dc44834632f66ad ] nvraid C:\Windows\system32\drivers\nvraid.sys 14:58:08.0956 3864 nvraid - ok 14:58:08.0972 3864 [ dab0e87525c10052bf65f06152f37e4a ] nvstor C:\Windows\system32\drivers\nvstor.sys 14:58:08.0987 3864 nvstor - ok 14:58:08.0987 3864 [ 270d7cd42d6e3979f6dd0146650f0e05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 14:58:09.0003 3864 nv_agp - ok 14:58:09.0065 3864 [ 84de1dd996b48b05ace31ad015fa108a ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 14:58:09.0096 3864 odserv - ok 14:58:09.0112 3864 [ 3589478e4b22ce21b41fa1bfc0b8b8a0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 14:58:09.0128 3864 ohci1394 - ok 14:58:09.0190 3864 [ 5a432a042dae460abe7199b758e8606c ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 14:58:09.0221 3864 ose - ok 14:58:09.0252 3864 [ 3eac4455472cc2c97107b5291e0dcafe ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 14:58:09.0284 3864 p2pimsvc - ok 14:58:09.0299 3864 [ 927463ecb02179f88e4b9a17568c63c3 ] p2psvc C:\Windows\system32\p2psvc.dll 14:58:09.0315 3864 p2psvc - ok 14:58:09.0377 3864 [ 0086431c29c35be1dbc43f52cc273887 ] Parport C:\Windows\system32\drivers\parport.sys 14:58:09.0408 3864 Parport - ok 14:58:09.0424 3864 [ e9766131eeade40a27dc27d2d68fba9c ] partmgr C:\Windows\system32\drivers\partmgr.sys 14:58:09.0440 3864 partmgr - ok 14:58:09.0455 3864 [ 3aeaa8b561e63452c655dc0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 14:58:09.0471 3864 PcaSvc - ok 14:58:09.0486 3864 [ 94575c0571d1462a0f70bde6bd6ee6b3 ] pci C:\Windows\system32\drivers\pci.sys 14:58:09.0502 3864 pci - ok 14:58:09.0518 3864 [ b5b8b5ef2e5cb34df8dcf8831e3534fa ] pciide C:\Windows\system32\drivers\pciide.sys 14:58:09.0518 3864 pciide - ok 14:58:09.0549 3864 [ b2e81d4e87ce48589f98cb8c05b01f2f ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 14:58:09.0564 3864 pcmcia - ok 14:58:09.0580 3864 [ d6b9c2e1a11a3a4b26a182ffef18f603 ] pcw C:\Windows\system32\drivers\pcw.sys 14:58:09.0596 3864 pcw - ok 14:58:09.0642 3864 pdfcDispatcher - ok 14:58:09.0674 3864 [ 68769c3356b3be5d1c732c97b9a80d6e ] PEAUTH C:\Windows\system32\drivers\peauth.sys 14:58:09.0736 3864 PEAUTH - ok 14:58:09.0845 3864 [ e495e408c93141e8fc72dc0c6046ddfa ] PerfHost C:\Windows\SysWow64\perfhost.exe 14:58:09.0892 3864 PerfHost - ok 14:58:09.0939 3864 [ c7cf6a6e137463219e1259e3f0f0dd6c ] pla C:\Windows\system32\pla.dll 14:58:09.0986 3864 pla - ok 14:58:10.0064 3864 [ 25fbdef06c4d92815b353f6e792c8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 14:58:10.0126 3864 PlugPlay - ok 14:58:10.0157 3864 PnkBstrA - ok 14:58:10.0188 3864 [ 7195581cec9bb7d12abe54036acc2e38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 14:58:10.0235 3864 PNRPAutoReg - ok 14:58:10.0251 3864 [ 3eac4455472cc2c97107b5291e0dcafe ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 14:58:10.0266 3864 PNRPsvc - ok 14:58:10.0298 3864 [ 4f15d75adf6156bf56eced6d4a55c389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 14:58:10.0344 3864 PolicyAgent - ok 14:58:10.0360 3864 [ 6ba9d927dded70bd1a9caded45f8b184 ] Power C:\Windows\system32\umpo.dll 14:58:10.0407 3864 Power - ok 14:58:10.0469 3864 [ f92a2c41117a11a00be01ca01a7fcde9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 14:58:10.0532 3864 PptpMiniport - ok 14:58:10.0547 3864 [ 0d922e23c041efb1c3fac2a6f943c9bf ] Processor C:\Windows\system32\drivers\processr.sys 14:58:10.0563 3864 Processor - ok 14:58:10.0594 3864 [ 5c78838b4d166d1a27db3a8a820c799a ] ProfSvc C:\Windows\system32\profsvc.dll 14:58:10.0625 3864 ProfSvc - ok 14:58:10.0641 3864 [ c118a82cd78818c29ab228366ebf81c3 ] ProtectedStorage C:\Windows\system32\lsass.exe 14:58:10.0641 3864 ProtectedStorage - ok 14:58:10.0688 3864 [ 0557cf5a2556bd58e26384169d72438d ] Psched C:\Windows\system32\DRIVERS\pacer.sys 14:58:10.0703 3864 Psched - ok 14:58:10.0781 3864 [ a53a15a11ebfd21077463ee2c7afeef0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys 14:58:10.0844 3864 ql2300 - ok 14:58:10.0859 3864 [ 4f6d12b51de1aaeff7dc58c4d75423c8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 14:58:10.0859 3864 ql40xx - ok 14:58:10.0875 3864 [ 906191634e99aea92c4816150bda3732 ] QWAVE C:\Windows\system32\qwave.dll 14:58:10.0890 3864 QWAVE - ok 14:58:10.0922 3864 [ 76707bb36430888d9ce9d705398adb6c ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 14:58:10.0937 3864 QWAVEdrv - ok 14:58:10.0937 3864 [ 5a0da8ad5762fa2d91678a8a01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 14:58:10.0968 3864 RasAcd - ok 14:58:11.0015 3864 [ 7ecff9b22276b73f43a99a15a6094e90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 14:58:11.0031 3864 RasAgileVpn - ok 14:58:11.0062 3864 [ 8f26510c5383b8dbe976de1cd00fc8c7 ] RasAuto C:\Windows\System32\rasauto.dll 14:58:11.0140 3864 RasAuto - ok 14:58:11.0218 3864 [ 471815800ae33e6f1c32fb1b97c490ca ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 14:58:11.0280 3864 Rasl2tp - ok 14:58:11.0327 3864 [ ee867a0870fc9e4972ba9eaad35651e2 ] RasMan C:\Windows\System32\rasmans.dll 14:58:11.0390 3864 RasMan - ok 14:58:11.0390 3864 [ 855c9b1cd4756c5e9a2aa58a15f58c25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 14:58:11.0421 3864 RasPppoe - ok 14:58:11.0436 3864 [ e8b1e447b008d07ff47d016c2b0eeecb ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 14:58:11.0452 3864 RasSstp - ok 14:58:11.0468 3864 [ 77f665941019a1594d887a74f301fa2f ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 14:58:11.0499 3864 rdbss - ok 14:58:11.0499 3864 [ 302da2a0539f2cf54d7c6cc30c1f2d8d ] rdpbus C:\Windows\system32\drivers\rdpbus.sys 14:58:11.0514 3864 rdpbus - ok 14:58:11.0514 3864 [ cea6cc257fc9b7715f1c2b4849286d24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 14:58:11.0546 3864 RDPCDD - ok 14:58:11.0577 3864 [ bb5971a4f00659529a5c44831af22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 14:58:11.0592 3864 RDPENCDD - ok 14:58:11.0608 3864 [ 216f3fa57533d98e1f74ded70113177a ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 14:58:11.0639 3864 RDPREFMP - ok 14:58:11.0670 3864 [ e61608aa35e98999af9aaeeea6114b0a ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 14:58:11.0717 3864 RDPWD - ok 14:58:11.0717 3864 [ 34ed295fa0121c241bfef24764fc4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 14:58:11.0733 3864 rdyboost - ok 14:58:11.0780 3864 [ 254fb7a22d74e5511c73a3f6d802f192 ] RemoteAccess C:\Windows\System32\mprdim.dll 14:58:11.0858 3864 RemoteAccess - ok 14:58:11.0873 3864 [ e4d94f24081440b5fc5aa556c7c62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 14:58:11.0904 3864 RemoteRegistry - ok 14:58:11.0951 3864 [ 085d18c71ab2611a3d61528132b6501e ] RoxioNow Service C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe 14:58:11.0998 3864 RoxioNow Service - ok 14:58:12.0014 3864 [ e4dc58cf7b3ea515ae917ff0d402a7bb ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 14:58:12.0045 3864 RpcEptMapper - ok 14:58:12.0060 3864 [ d5ba242d4cf8e384db90e6a8ed850b8c ] RpcLocator C:\Windows\system32\locator.exe 14:58:12.0060 3864 RpcLocator - ok 14:58:12.0092 3864 [ 5c627d1b1138676c0a7ab2c2c190d123 ] RpcSs C:\Windows\System32\rpcss.dll 14:58:12.0107 3864 RpcSs - ok 14:58:12.0170 3864 [ ddc86e4f8e7456261e637e3552e804ff ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 14:58:12.0216 3864 rspndr - ok 14:58:12.0279 3864 [ afc12dfa4c7b089673ad67402ca19edb ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys 14:58:12.0326 3864 RTL8167 - ok 14:58:12.0341 3864 [ c118a82cd78818c29ab228366ebf81c3 ] SamSs C:\Windows\system32\lsass.exe 14:58:12.0341 3864 SamSs - ok 14:58:12.0357 3864 [ ac03af3329579fffb455aa2daabbe22b ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 14:58:12.0372 3864 sbp2port - ok 14:58:12.0404 3864 [ 9b7395789e3791a3b6d000fe6f8b131e ] SCardSvr C:\Windows\System32\SCardSvr.dll 14:58:12.0435 3864 SCardSvr - ok 14:58:12.0466 3864 [ 253f38d0d7074c02ff8deb9836c97d2b ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 14:58:12.0497 3864 scfilter - ok 14:58:12.0513 3864 [ 262f6592c3299c005fd6bec90fc4463a ] Schedule C:\Windows\system32\schedsvc.dll 14:58:12.0544 3864 Schedule - ok 14:58:12.0575 3864 [ f17d1d393bbc69c5322fbfafaca28c7f ] SCPolicySvc C:\Windows\System32\certprop.dll 14:58:12.0606 3864 SCPolicySvc - ok 14:58:12.0606 3864 [ 6ea4234dc55346e0709560fe7c2c1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 14:58:12.0638 3864 SDRSVC - ok 14:58:12.0653 3864 [ 3ea8a16169c26afbeb544e0e48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 14:58:12.0731 3864 secdrv - ok 14:58:12.0747 3864 [ bc617a4e1b4fa8df523a061739a0bd87 ] seclogon C:\Windows\system32\seclogon.dll 14:58:12.0762 3864 seclogon - ok 14:58:12.0825 3864 [ c32ab8fa018ef34c0f113bd501436d21 ] SENS C:\Windows\system32\sens.dll 14:58:12.0872 3864 SENS - ok 14:58:12.0887 3864 [ 0336cffafaab87a11541f1cf1594b2b2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 14:58:12.0903 3864 SensrSvc - ok 14:58:12.0965 3864 [ cb624c0035412af0debec78c41f5ca1b ] Serenum C:\Windows\system32\drivers\serenum.sys 14:58:13.0012 3864 Serenum - ok 14:58:13.0059 3864 [ c1d8e28b2c2adfaec4ba89e9fda69bd6 ] Serial C:\Windows\system32\drivers\serial.sys 14:58:13.0090 3864 Serial - ok 14:58:13.0137 3864 [ 1c545a7d0691cc4a027396535691c3e3 ] sermouse C:\Windows\system32\drivers\sermouse.sys 14:58:13.0184 3864 sermouse - ok 14:58:13.0215 3864 [ 0b6231bf38174a1628c4ac812cc75804 ] SessionEnv C:\Windows\system32\sessenv.dll 14:58:13.0277 3864 SessionEnv - ok 14:58:13.0277 3864 [ a554811bcd09279536440c964ae35bbf ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 14:58:13.0293 3864 sffdisk - ok 14:58:13.0308 3864 [ ff414f0baefeba59bc6c04b3db0b87bf ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 14:58:13.0308 3864 sffp_mmc - ok 14:58:13.0324 3864 [ dd85b78243a19b59f0637dcf284da63c ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 14:58:13.0340 3864 sffp_sd - ok 14:58:13.0355 3864 [ a9d601643a1647211a1ee2ec4e433ff4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 14:58:13.0371 3864 sfloppy - ok 14:58:13.0449 3864 [ b95f6501a2f8b2e78c697fec401970ce ] SharedAccess C:\Windows\System32\ipnathlp.dll 14:58:13.0511 3864 SharedAccess - ok 14:58:13.0527 3864 [ aaf932b4011d14052955d4b212a4da8d ] ShellHWDetection C:\Windows\System32\shsvcs.dll 14:58:13.0558 3864 ShellHWDetection - ok 14:58:13.0589 3864 [ 843caf1e5fde1ffd5ff768f23a51e2e1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys 14:58:13.0636 3864 SiSRaid2 - ok 14:58:13.0652 3864 [ 6a6c106d42e9ffff8b9fcb4f754f6da4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 14:58:13.0667 3864 SiSRaid4 - ok 14:58:13.0745 3864 [ 6128e98eaaed364ed1a32708d2fd22cb ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe 14:58:13.0776 3864 SkypeUpdate - ok 14:58:13.0808 3864 [ 548260a7b8654e024dc30bf8a7c5baa4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 14:58:13.0870 3864 Smb - ok 14:58:13.0964 3864 [ 6313f223e817cc09aa41811daa7f541d ] SNMPTRAP C:\Windows\System32\snmptrap.exe 14:58:14.0010 3864 SNMPTRAP - ok 14:58:14.0026 3864 [ b9e31e5cacdfe584f34f730a677803f9 ] spldr C:\Windows\system32\drivers\spldr.sys 14:58:14.0026 3864 spldr - ok 14:58:14.0057 3864 [ b96c17b5dc1424d56eea3a99e97428cd ] Spooler C:\Windows\System32\spoolsv.exe 14:58:14.0073 3864 Spooler - ok 14:58:14.0151 3864 [ e17e0188bb90fae42d83e98707efa59c ] sppsvc C:\Windows\system32\sppsvc.exe 14:58:14.0260 3864 sppsvc - ok 14:58:14.0260 3864 [ 93d7d61317f3d4bc4f4e9f8a96a7de45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 14:58:14.0291 3864 sppuinotify - ok 14:58:14.0322 3864 [ 441fba48bff01fdb9d5969ebc1838f0b ] srv C:\Windows\system32\DRIVERS\srv.sys 14:58:14.0354 3864 srv - ok 14:58:14.0369 3864 [ b4adebbf5e3677cce9651e0f01f7cc28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 14:58:14.0385 3864 srv2 - ok 14:58:14.0400 3864 [ 27e461f0be5bff5fc737328f749538c3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 14:58:14.0416 3864 srvnet - ok 14:58:14.0463 3864 [ 51b52fbd583cde8aa9ba62b8b4298f33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 14:58:14.0525 3864 SSDPSRV - ok 14:58:14.0525 3864 [ ab7aebf58dad8daab7a6c45e6a8885cb ] SstpSvc C:\Windows\system32\sstpsvc.dll 14:58:14.0556 3864 SstpSvc - ok 14:58:14.0572 3864 [ f3817967ed533d08327dc73bc4d5542a ] stexstor C:\Windows\system32\drivers\stexstor.sys 14:58:14.0588 3864 stexstor - ok 14:58:14.0634 3864 [ 8dd52e8e6128f4b2da92ce27402871c1 ] stisvc C:\Windows\System32\wiaservc.dll 14:58:14.0666 3864 stisvc - ok 14:58:14.0681 3864 [ d01ec09b6711a5f8e7e6564a4d0fbc90 ] swenum C:\Windows\system32\drivers\swenum.sys 14:58:14.0697 3864 swenum - ok 14:58:14.0712 3864 [ e08e46fdd841b7184194011ca1955a0b ] swprv C:\Windows\System32\swprv.dll 14:58:14.0744 3864 swprv - ok 14:58:14.0775 3864 [ bf9ccc0bf39b418c8d0ae8b05cf95b7d ] SysMain C:\Windows\system32\sysmain.dll 14:58:14.0822 3864 SysMain - ok 14:58:14.0837 3864 [ e3c61fd7b7c2557e1f1b0b4cec713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 14:58:14.0853 3864 TabletInputService - ok 14:58:14.0868 3864 [ 40f0849f65d13ee87b9a9ae3c1dd6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 14:58:14.0884 3864 TapiSrv - ok 14:58:14.0900 3864 [ 1be03ac720f4d302ea01d40f588162f6 ] TBS C:\Windows\System32\tbssvc.dll 14:58:14.0915 3864 TBS - ok 14:58:15.0024 3864 [ acb82bda8f46c84f465c1afa517dc4b9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 14:58:15.0056 3864 Tcpip - ok 14:58:15.0102 3864 [ acb82bda8f46c84f465c1afa517dc4b9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 14:58:15.0118 3864 TCPIP6 - ok 14:58:15.0165 3864 [ df687e3d8836bfb04fcc0615bf15a519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 14:58:15.0243 3864 tcpipreg - ok 14:58:15.0243 3864 [ 3371d21011695b16333a3934340c4e7c ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 14:58:15.0274 3864 TDPIPE - ok 14:58:15.0321 3864 [ 51c5eceb1cdee2468a1748be550cfbc8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 14:58:15.0383 3864 TDTCP - ok 14:58:15.0383 3864 [ ddad5a7ab24d8b65f8d724f5c20fd806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 14:58:15.0430 3864 tdx - ok 14:58:15.0446 3864 [ 561e7e1f06895d78de991e01dd0fb6e5 ] TermDD C:\Windows\system32\drivers\termdd.sys 14:58:15.0461 3864 TermDD - ok 14:58:15.0492 3864 [ 2e648163254233755035b46dd7b89123 ] TermService C:\Windows\System32\termsrv.dll 14:58:15.0524 3864 TermService - ok 14:58:15.0524 3864 [ f0344071948d1a1fa732231785a0664c ] Themes C:\Windows\system32\themeservice.dll 14:58:15.0539 3864 Themes - ok 14:58:15.0555 3864 [ e40e80d0304a73e8d269f7141d77250b ] THREADORDER C:\Windows\system32\mmcss.dll 14:58:15.0586 3864 THREADORDER - ok 14:58:15.0586 3864 [ 7e7afd841694f6ac397e99d75cead49d ] TrkWks C:\Windows\System32\trkwks.dll 14:58:15.0617 3864 TrkWks - ok 14:58:15.0648 3864 [ 773212b2aaa24c1e31f10246b15b276c ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 14:58:15.0680 3864 TrustedInstaller - ok 14:58:15.0695 3864 [ ce18b2cdfc837c99e5fae9ca6cba5d30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 14:58:15.0726 3864 tssecsrv - ok 14:58:15.0773 3864 [ d11c783e3ef9a3c52c0ebe83cc5000e9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 14:58:15.0804 3864 TsUsbFlt - ok 14:58:15.0820 3864 [ 9cc2ccae8a84820eaecb886d477cbcb8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys 14:58:15.0836 3864 TsUsbGD - ok 14:58:15.0836 3864 [ 3566a8daafa27af944f5d705eaa64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 14:58:15.0867 3864 tunnel - ok 14:58:15.0882 3864 [ b4dd609bd7e282bfc683cec7eaaaad67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys 14:58:15.0898 3864 uagp35 - ok 14:58:15.0914 3864 [ ff4232a1a64012baa1fd97c7b67df593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 14:58:15.0945 3864 udfs - ok 14:58:15.0960 3864 [ 3cbdec8d06b9968aba702eba076364a1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 14:58:15.0992 3864 UI0Detect - ok 14:58:16.0007 3864 [ 4bfe1bc28391222894cbf1e7d0e42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 14:58:16.0023 3864 uliagpkx - ok 14:58:16.0054 3864 [ dc54a574663a895c8763af0fa1ff7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 14:58:16.0101 3864 umbus - ok 14:58:16.0132 3864 [ b2e8e8cb557b156da5493bbddcc1474d ] UmPass C:\Windows\system32\drivers\umpass.sys 14:58:16.0163 3864 UmPass - ok 14:58:16.0179 3864 [ d47ec6a8e81633dd18d2436b19baf6de ] upnphost C:\Windows\System32\upnphost.dll 14:58:16.0226 3864 upnphost - ok 14:58:16.0319 3864 [ 82e8f44688e6fac57b5b7c6fc7adbc2a ] usbaudio C:\Windows\system32\drivers\usbaudio.sys 14:58:16.0366 3864 usbaudio - ok 14:58:16.0382 3864 [ 6f1a3157a1c89435352ceb543cdb359c ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 14:58:16.0413 3864 usbccgp - ok 14:58:16.0475 3864 [ af0892a803fdda7492f595368e3b68e7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 14:58:16.0506 3864 usbcir - ok 14:58:16.0522 3864 [ c025055fe7b87701eb042095df1a2d7b ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 14:58:16.0538 3864 usbehci - ok 14:58:16.0553 3864 [ 2c780746dc44a28fe67004dc58173f05 ] usbfilter C:\Windows\system32\drivers\usbfilter.sys 14:58:16.0553 3864 usbfilter - ok 14:58:16.0600 3864 [ 287c6c9410b111b68b52ca298f7b8c24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 14:58:16.0616 3864 usbhub - ok 14:58:16.0616 3864 [ 9840fc418b4cbd632d3d0a667a725c31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys 14:58:16.0647 3864 usbohci - ok 14:58:16.0678 3864 [ 73188f58fb384e75c4063d29413cee3d ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 14:58:16.0756 3864 usbprint - ok 14:58:16.0803 3864 [ aaa2513c8aed8b54b189fd0c6b1634c0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 14:58:16.0850 3864 usbscan - ok 14:58:16.0881 3864 [ fed648b01349a3c8395a5169db5fb7d6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 14:58:16.0912 3864 USBSTOR - ok 14:58:16.0928 3864 [ 62069a34518bcf9c1fd9e74b3f6db7cd ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 14:58:16.0928 3864 usbuhci - ok 14:58:17.0006 3864 [ 454800c2bc7f3927ce030141ee4f4c50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys 14:58:17.0052 3864 usbvideo - ok 14:58:17.0068 3864 [ edbb23cbcf2cdf727d64ff9b51a6070e ] UxSms C:\Windows\System32\uxsms.dll 14:58:17.0115 3864 UxSms - ok 14:58:17.0130 3864 [ c118a82cd78818c29ab228366ebf81c3 ] VaultSvc C:\Windows\system32\lsass.exe 14:58:17.0130 3864 VaultSvc - ok 14:58:17.0177 3864 [ c5c876ccfc083ff3b128f933823e87bd ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 14:58:17.0208 3864 vdrvroot - ok 14:58:17.0240 3864 [ 8d6b481601d01a456e75c3210f1830be ] vds C:\Windows\System32\vds.exe 14:58:17.0318 3864 vds - ok 14:58:17.0364 3864 [ da4da3f5e02943c2dc8c6ed875de68dd ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 14:58:17.0411 3864 vga - ok 14:58:17.0411 3864 [ 53e92a310193cb3c03bea963de7d9cfc ] VgaSave C:\Windows\System32\drivers\vga.sys 14:58:17.0458 3864 VgaSave - ok 14:58:17.0474 3864 [ 2ce2df28c83aeaf30084e1b1eb253cbb ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 14:58:17.0489 3864 vhdmp - ok 14:58:17.0505 3864 [ e5689d93ffe4e5d66c0178761240dd54 ] viaide C:\Windows\system32\drivers\viaide.sys 14:58:17.0505 3864 viaide - ok 14:58:17.0520 3864 [ d2aafd421940f640b407aefaaebd91b0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 14:58:17.0536 3864 volmgr - ok 14:58:17.0536 3864 [ a255814907c89be58b79ef2f189b843b ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 14:58:17.0552 3864 volmgrx - ok 14:58:17.0567 3864 [ 0d08d2f3b3ff84e433346669b5e0f639 ] volsnap C:\Windows\system32\drivers\volsnap.sys 14:58:17.0583 3864 volsnap - ok 14:58:17.0645 3864 [ 5e2016ea6ebaca03c04feac5f330d997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 14:58:17.0676 3864 vsmraid - ok 14:58:17.0739 3864 [ b60ba0bc31b0cb414593e169f6f21cc2 ] VSS C:\Windows\system32\vssvc.exe 14:58:17.0801 3864 VSS - ok 14:58:17.0817 3864 [ 36d4720b72b5c5d9cb2b9c29e9df67a1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys 14:58:17.0832 3864 vwifibus - ok 14:58:17.0832 3864 [ 6a3d66263414ff0d6fa754c646612f3f ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 14:58:17.0864 3864 vwififlt - ok 14:58:17.0879 3864 [ 6a638fc4bfddc4d9b186c28c91bd1a01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys 14:58:17.0895 3864 vwifimp - ok 14:58:17.0926 3864 [ 1c9d80cc3849b3788048078c26486e1a ] W32Time C:\Windows\system32\w32time.dll 14:58:17.0942 3864 W32Time - ok 14:58:17.0957 3864 [ 4e9440f4f152a7b944cb1663d3935a3e ] WacomPen C:\Windows\system32\drivers\wacompen.sys 14:58:17.0973 3864 WacomPen - ok 14:58:18.0004 3864 [ 356afd78a6ed4457169241ac3965230c ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 14:58:18.0051 3864 WANARP - ok 14:58:18.0051 3864 [ 356afd78a6ed4457169241ac3965230c ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 14:58:18.0082 3864 Wanarpv6 - ok 14:58:18.0160 3864 [ 3cec96de223e49eaae3651fcf8faea6c ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe 14:58:18.0207 3864 WatAdminSvc - ok 14:58:18.0269 3864 [ 78f4e7f5c56cb9716238eb57da4b6a75 ] wbengine C:\Windows\system32\wbengine.exe 14:58:18.0316 3864 wbengine - ok 14:58:18.0332 3864 [ 3aa101e8edab2db4131333f4325c76a3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 14:58:18.0363 3864 WbioSrvc - ok 14:58:18.0363 3864 [ 7368a2afd46e5a4481d1de9d14848edd ] wcncsvc C:\Windows\System32\wcncsvc.dll 14:58:18.0394 3864 wcncsvc - ok 14:58:18.0394 3864 [ 20f7441334b18cee52027661df4a6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 14:58:18.0425 3864 WcsPlugInService - ok 14:58:18.0441 3864 [ 72889e16ff12ba0f235467d6091b17dc ] Wd C:\Windows\system32\drivers\wd.sys 14:58:18.0456 3864 Wd - ok 14:58:18.0488 3864 [ 441bd2d7b4f98134c3a4f9fa570fd250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 14:58:18.0503 3864 Wdf01000 - ok 14:58:18.0519 3864 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiServiceHost C:\Windows\system32\wdi.dll 14:58:18.0566 3864 WdiServiceHost - ok 14:58:18.0566 3864 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiSystemHost C:\Windows\system32\wdi.dll 14:58:18.0581 3864 WdiSystemHost - ok 14:58:18.0612 3864 [ 3db6d04e1c64272f8b14eb8bc4616280 ] WebClient C:\Windows\System32\webclnt.dll 14:58:18.0628 3864 WebClient - ok 14:58:18.0644 3864 [ c749025a679c5103e575e3b48e092c43 ] Wecsvc C:\Windows\system32\wecsvc.dll 14:58:18.0675 3864 Wecsvc - ok 14:58:18.0690 3864 [ 7e591867422dc788b9e5bd337a669a08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 14:58:18.0706 3864 wercplsupport - ok 14:58:18.0737 3864 [ 6d137963730144698cbd10f202e9f251 ] WerSvc C:\Windows\System32\WerSvc.dll 14:58:18.0753 3864 WerSvc - ok 14:58:18.0784 3864 [ 611b23304bf067451a9fdee01fbdd725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 14:58:18.0846 3864 WfpLwf - ok 14:58:18.0846 3864 [ 05ecaec3e4529a7153b3136ceb49f0ec ] WIMMount C:\Windows\system32\drivers\wimmount.sys 14:58:18.0862 3864 WIMMount - ok 14:58:18.0909 3864 WinDefend - ok 14:58:18.0909 3864 WinHttpAutoProxySvc - ok 14:58:18.0956 3864 [ 19b07e7e8915d701225da41cb3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 14:58:18.0971 3864 Winmgmt - ok 14:58:19.0018 3864 [ bcb1310604aa415c4508708975b3931e ] WinRM C:\Windows\system32\WsmSvc.dll 14:58:19.0080 3864 WinRM - ok 14:58:19.0143 3864 [ fe88b288356e7b47b74b13372add906d ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 14:58:19.0143 3864 WinUsb - ok 14:58:19.0158 3864 [ 4fada86e62f18a1b2f42ba18ae24e6aa ] Wlansvc C:\Windows\System32\wlansvc.dll 14:58:19.0205 3864 Wlansvc - ok 14:58:19.0236 3864 [ 06c8fa1cf39de6a735b54d906ba791c6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe 14:58:19.0268 3864 wlcrasvc - ok 14:58:19.0361 3864 [ 7e47c328fc4768cb8beafbcfafa70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 14:58:19.0408 3864 wlidsvc - ok 14:58:19.0455 3864 [ f6ff8944478594d0e414d3f048f0d778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 14:58:19.0517 3864 WmiAcpi - ok 14:58:19.0533 3864 [ 38b84c94c5a8af291adfea478ae54f93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 14:58:19.0564 3864 wmiApSrv - ok 14:58:19.0564 3864 WMPNetworkSvc - ok 14:58:19.0595 3864 [ 96c6e7100d724c69fcf9e7bf590d1dca ] WPCSvc C:\Windows\System32\wpcsvc.dll 14:58:19.0626 3864 WPCSvc - ok 14:58:19.0626 3864 [ 93221146d4ebbf314c29b23cd6cc391d ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 14:58:19.0642 3864 WPDBusEnum - ok 14:58:19.0673 3864 [ 6bcc1d7d2fd2453957c5479a32364e52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 14:58:19.0689 3864 ws2ifsl - ok 14:58:19.0767 3864 [ e8b1fe6669397d1772d8196df0e57a9e ] wscsvc C:\Windows\system32\wscsvc.dll 14:58:19.0829 3864 wscsvc - ok 14:58:19.0845 3864 WSearch - ok 14:58:19.0892 3864 [ d9ef901dca379cfe914e9fa13b73b4c4 ] wuauserv C:\Windows\system32\wuaueng.dll 14:58:19.0954 3864 wuauserv - ok 14:58:19.0954 3864 [ d3381dc54c34d79b22cee0d65ba91b7c ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 14:58:19.0985 3864 WudfPf - ok 14:58:20.0032 3864 [ cf8d590be3373029d57af80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 14:58:20.0110 3864 WUDFRd - ok 14:58:20.0126 3864 [ 7a95c95b6c4cf292d689106bcae49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 14:58:20.0157 3864 wudfsvc - ok 14:58:20.0157 3864 [ 9a3452b3c2a46c073166c5cf49fad1ae ] WwanSvc C:\Windows\System32\wwansvc.dll 14:58:20.0188 3864 WwanSvc - ok 14:58:20.0219 3864 ================ Scan global =============================== 14:58:20.0250 3864 (ba0cd8c393e8c9f83354106093832c7b) C:\Windows\system32\basesrv.dll 14:58:20.0266 3864 (eb6a48cc998e1090e44e8e7f1009a640) C:\Windows\system32\winsrv.dll 14:58:20.0297 3864 (eb6a48cc998e1090e44e8e7f1009a640) C:\Windows\system32\winsrv.dll 14:58:20.0313 3864 (d6160f9d869ba3af0b787f971db56368) C:\Windows\system32\sxssrv.dll 14:58:20.0328 3864 (24acb7e5be595468e3b9aa488b9b4fcb) C:\Windows\system32\services.exe 14:58:20.0344 3864 [Global] - ok 14:58:20.0344 3864 ================ Scan MBR ================================== 14:58:20.0344 3864 MBR (0x1B8) (ef4cc5431b415cbc9823d00f44dc8304) \Device\Harddisk0\DR0 14:58:20.0344 3864 Suspicious mbr (Forged): \Device\Harddisk0\DR0 14:58:20.0406 3864 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected 14:58:20.0406 3864 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0) 14:58:20.0469 3864 \Device\Harddisk0\DR0 ( TDSS File System ) - warning 14:58:20.0469 3864 \Device\Harddisk0\DR0 - detected TDSS File System (1) 14:58:20.0469 3864 ================ Scan VBR ================================== 14:58:20.0469 3864 Boot (0x1200) (5d4c211e225dbafe7a1f9a3864cf1f75) \Device\Harddisk0\DR0\Partition1 14:58:20.0469 3864 \Device\Harddisk0\DR0\Partition1 - ok 14:58:20.0516 3864 Boot (0x1200) (cd17b5bf115d7c8127248151775a5ec9) \Device\Harddisk0\DR0\Partition2 14:58:20.0516 3864 \Device\Harddisk0\DR0\Partition2 - ok 14:58:20.0547 3864 Boot (0x1200) (3599d8080490f4da2a307d5378d6efda) \Device\Harddisk0\DR0\Partition3 14:58:20.0547 3864 \Device\Harddisk0\DR0\Partition3 - ok 14:58:20.0547 3864 ============================================================ 14:58:20.0547 3864 Scan finished 14:58:20.0547 3864 ============================================================ 14:58:20.0578 3396 Detected object count: 4 14:58:20.0578 3396 Actual detected object count: 4 14:58:50.0327 3396 BrYNSvc ( UnsignedFile.Multi.Generic ) - skipped by user 14:58:50.0327 3396 BrYNSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:58:50.0327 3396 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user 14:58:50.0327 3396 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 14:58:50.0936 3396 \Device\Harddisk0\DR0\# - copied to quarantine 14:58:50.0951 3396 \Device\Harddisk0\DR0 - copied to quarantine 14:58:51.0014 3396 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine 14:58:51.0014 3396 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine 14:58:51.0014 3396 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine 14:58:51.0014 3396 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine 14:58:51.0045 3396 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine 14:58:51.0045 3396 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine 14:58:51.0045 3396 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine 14:58:51.0045 3396 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine 14:58:51.0045 3396 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine 14:58:51.0060 3396 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine 14:58:51.0060 3396 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine 14:58:51.0060 3396 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine 14:58:51.0060 3396 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine 14:58:51.0060 3396 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine 14:58:51.0123 3396 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot 14:58:51.0154 3396 \Device\Harddisk0\DR0 - ok 14:58:51.0482 3396 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure 14:58:51.0482 3396 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user 14:58:51.0482 3396 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip 14:58:56.0864 4860 Deinitialize success
  5. Below is the ComboFix log. Thanks ComboFix 12-08-18.03 - Tice 08/18/2012 21:00:20.1.2 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5887.4883 [GMT -7:00] Running from: c:\users\Tice\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Tice\AUTORUN.INF c:\windows\security\Database\tmp.edb c:\windows\svchost.exe . . ((((((((((((((((((((((((( Files Created from 2012-07-19 to 2012-08-19 ))))))))))))))))))))))))))))))) . . 2012-08-19 04:08 . 2009-07-14 01:14 20480 ----a-w- c:\windows\svchost.exe 2012-08-19 04:05 . 2012-08-19 04:05 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-08-18 17:07 . 2012-08-18 17:07 -------- d-----w- C:\FRST 2012-08-17 18:47 . 2012-08-19 04:07 -------- d-----r- c:\users\Tice\Dropbox 2012-08-17 18:43 . 2012-08-19 04:09 -------- d-----w- c:\users\Tice\AppData\Roaming\Dropbox 2012-08-17 00:14 . 2012-08-17 00:14 -------- d-----w- c:\program files\Enigma Software Group 2012-08-17 00:13 . 2012-08-17 00:54 -------- d-----w- c:\windows\F896D02690164122B9BD957FF092FFE9.TMP 2012-08-17 00:13 . 2012-08-17 00:13 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard 2012-08-14 18:23 . 2012-08-14 18:23 -------- d-----w- c:\programdata\HotSync 2012-08-14 04:35 . 2012-08-14 04:35 -------- d-----w- c:\users\Tice\AppData\Roaming\HotSync 2012-08-14 03:06 . 2012-08-14 03:06 -------- d-----w- c:\program files (x86)\Oracle 2012-08-14 03:04 . 2012-08-14 03:04 -------- d-----w- c:\programdata\McAfee 2012-08-14 01:12 . 2012-08-14 01:17 -------- d-----w- c:\users\Tice\AppData\Roaming\BSW 2012-08-03 02:49 . 2012-08-03 02:49 -------- d-----w- c:\programdata\PopCap Games 2012-08-03 02:49 . 2012-08-03 02:49 -------- d-----w- c:\program files (x86)\PopCap Games 2012-07-29 14:29 . 2012-07-29 14:29 -------- d-sh--w- c:\windows\SysWow64\%APPDATA% 2012-07-28 19:38 . 2012-07-16 09:40 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BFDF6384-9617-4C31-A52B-C6968F98FF9D}\mpengine.dll 2012-07-28 17:31 . 2012-07-28 17:40 -------- d-----w- c:\program files (x86)\Google . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-15 02:47 . 2012-05-05 18:28 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-08-15 02:47 . 2011-09-16 01:08 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-16 01:21 . 2012-04-15 05:03 268952 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr 2012-07-16 01:21 . 2012-04-14 16:10 268952 ----a-w- c:\windows\SysWow64\PnkBstrB.exe 2012-07-15 02:20 . 2012-04-14 16:10 268952 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0 2012-07-12 06:13 . 2011-10-15 04:28 59701280 ----a-w- c:\windows\system32\MRT.exe 2012-07-06 05:06 . 2012-05-27 06:05 772544 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-07-06 05:06 . 2012-05-27 06:05 687544 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-06-12 03:08 . 2012-07-12 06:15 3148800 ----a-w- c:\windows\system32\win32k.sys 2012-06-09 05:43 . 2012-07-11 14:21 14172672 ----a-w- c:\windows\system32\shell32.dll 2012-06-06 06:06 . 2012-07-11 14:21 2004480 ----a-w- c:\windows\system32\msxml6.dll 2012-06-06 06:06 . 2012-07-11 14:21 1881600 ----a-w- c:\windows\system32\msxml3.dll 2012-06-06 06:02 . 2012-07-11 14:20 1133568 ----a-w- c:\windows\system32\cdosys.dll 2012-06-06 05:05 . 2012-07-11 14:21 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll 2012-06-06 05:05 . 2012-07-11 14:21 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll 2012-06-06 05:03 . 2012-07-11 14:20 805376 ----a-w- c:\windows\SysWow64\cdosys.dll 2012-06-02 22:19 . 2012-06-21 14:53 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-02 22:19 . 2012-06-21 14:53 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 22:19 . 2012-06-21 14:53 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 22:19 . 2012-06-21 14:53 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 22:19 . 2012-06-21 14:52 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 22:19 . 2012-06-21 14:53 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 22:15 . 2012-06-21 14:53 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:15 . 2012-06-21 14:52 36864 ----a-w- c:\windows\system32\wuapp.exe 2012-06-02 22:15 . 2012-06-21 14:53 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 05:50 . 2012-07-11 14:21 458704 ----a-w- c:\windows\system32\drivers\cng.sys 2012-06-02 05:48 . 2012-07-11 14:21 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-06-02 05:48 . 2012-07-11 14:21 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2012-06-02 05:45 . 2012-07-11 14:21 340992 ----a-w- c:\windows\system32\schannel.dll 2012-06-02 05:44 . 2012-07-11 14:21 307200 ----a-w- c:\windows\system32\ncrypt.dll 2012-06-02 04:40 . 2012-07-11 14:21 22016 ----a-w- c:\windows\SysWow64\secur32.dll 2012-06-02 04:40 . 2012-07-11 14:21 225280 ----a-w- c:\windows\SysWow64\schannel.dll 2012-06-02 04:39 . 2012-07-11 14:21 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll 2012-06-02 04:34 . 2012-07-11 14:21 96768 ----a-w- c:\windows\SysWow64\sspicli.dll 2012-05-31 19:25 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 94208 ----a-w- c:\users\Tice\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 94208 ----a-w- c:\users\Tice\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 94208 ----a-w- c:\users\Tice\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 94208 ----a-w- c:\users\Tice\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Pro Agent"="c:\program files (x86)\DAEMON Tools Pro\DTAgent.exe" [2011-03-17 842048] "Jing"="c:\program files (x86)\TechSmith\Jing\Jing.exe" [2012-02-01 2918224] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296] . c:\users\Tice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Tice\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-7-24 26909544] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-29 158856] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 250056] R3 AODDriver4.0;AODDriver4.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x] R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe [2010-01-25 245760] R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-18 113120] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-17 1255736] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys [2010-11-04 75904] S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys [2010-11-04 38016] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-12-01 272448] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-05-11 203264] S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-03-10 365568] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-09-06 65368] S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-29 94264] S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2011-02-01 1127448] S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344] S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-05-11 6790656] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-05-11 221184] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-09-17 115216] S3 BrSerIb;Brother Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [2009-11-03 87552] S3 BrUsbSIb;Brother Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [2009-11-03 14592] S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2010-11-05 1041760] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-12-28 412776] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys [2009-12-22 38456] S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . Contents of the 'Scheduled Tasks' folder . 2012-08-19 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 02:47] . 2012-08-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-934525634-3787459049-2266934747-1000Core.job - c:\users\Tice\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-06 01:56] . 2012-08-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-934525634-3787459049-2266934747-1000UA.job - c:\users\Tice\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-06 01:56] . 2012-08-17 c:\windows\Tasks\HPCeeScheduleForTice.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-09-06 20:45 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 97792 ----a-w- c:\users\Tice\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 97792 ----a-w- c:\users\Tice\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 97792 ----a-w- c:\users\Tice\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2012-06-30 04:19 97792 ----a-w- c:\users\Tice\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 FF - ProfilePath - c:\users\Tice\AppData\Roaming\Mozilla\Firefox\Profiles\q7tdqoys.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2559647&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.com FF - user.js: general.useragent.extra.brc - FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(extentions.y2layers.installId, 317b2d27-9148-407d-a26b-0be16b388313 FF - user.js: extentions.y2layers.defaultEnableAppsList - twittube,ezLooker,pagerage,buzzdock,toprelatedtopics FF - user.js: extensions.autoDisableScopes - 14 . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{37153479-1976-43c3-a1ee-557513977b64} - (no file) URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file) WebBrowser-{37153479-1976-43C3-A1EE-557513977B64} - (no file) AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe AddRemove-{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226} - c:\program files (x86)\InstallShield Installation Information\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}\setup.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher] "ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Bonjour\mDNSResponder.exe c:\program files (x86)\DAEMON Tools Pro\DTShellHlp.exe c:\windows\SysWOW64\PnkBstrA.exe . ************************************************************************** . Completion time: 2012-08-18 21:13:50 - machine was rebooted ComboFix-quarantined-files.txt 2012-08-19 04:13 . Pre-Run: 877,619,359,744 bytes free Post-Run: 878,831,841,280 bytes free . - - End Of File - - 545DA4721D78AB1D3A60A79141EE359E
  6. Here is the Fixlog txt: Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 18-08-2012 Ran by SYSTEM at 2012-08-18 10:04:56 Run:1 Running from D:\ ============================================== C:\Windows\Installer\{3db77a79-4b53-4a99-6c24-56f9b9e2f007} moved successfully. C:\Windows\assembly\GAC_32\Desktop.ini moved successfully. C:\Windows\assembly\GAC_64\Desktop.ini moved successfully. The operation completed successfully. The operation completed successfully. ==== End of Fixlog ====
  7. Here is the FRST and Search Txt: Scan result of Farbar Recovery Scan Tool Version: 18-08-2012 Ran by SYSTEM at 18-08-2012 09:07:13 Running from H:\ Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) The current controlset is ControlSet001 ========================== Registry (Whitelisted) ============= HKLM-x32\...\Run: [] [x] HKLM-x32\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [3722416 2011-09-06] (AVAST Software) HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.) HKU\Default\...\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe [1475584 2010-11-20] (Microsoft Corporation) HKU\Default User\...\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe [1475584 2010-11-20] (Microsoft Corporation) HKU\Tice\...\Run: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun [842048 2011-03-17] (DT Soft Ltd) HKU\Tice\...\Run: [Jing] C:\Program Files (x86)\TechSmith\Jing\Jing.exe [2918224 2012-02-01] (TechSmith Corporation) Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 Startup: C:\Users\Tice\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> (No File) ==================== Services (Whitelisted) ====== 2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [44768 2011-09-06] (AVAST Software) 2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75136 2012-04-14] () ========================== Drivers (Whitelisted) ============= 2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [24408 2011-09-06] (AVAST Software) 2 aswMonFlt; C:\Windows\System32\Drivers\aswMonFlt.sys [65368 2011-09-06] (AVAST Software) 1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [42328 2011-09-06] (AVAST Software) 1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [601944 2011-09-06] (AVAST Software) 1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [301912 2011-09-06] (AVAST Software) 1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [58200 2011-09-06] (AVAST Software) 1 dtsoftbus01; C:\Windows\System32\Drivers\dtsoftbus01.sys [272448 2011-11-30] (DT Soft Ltd) 3 AODDriver4.0; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x] 3 BFE; . [x] 3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x] ========================== NetSvcs (Whitelisted) =========== ============ One Month Created Files and Folders ============== 2012-08-18 09:07 - 2012-08-18 09:07 - 00000000 ____D C:\FRST 2012-08-17 16:39 - 2012-08-17 16:39 - 00002812 ____A C:\Users\Tice\Desktop\RKreport[1].txt 2012-08-17 16:38 - 2012-08-17 16:39 - 00000000 ____D C:\Users\Tice\Desktop\RK_Quarantine 2012-08-17 16:38 - 2012-08-17 16:38 - 01558528 ____A C:\Users\Tice\Desktop\RogueKiller.exe 2012-08-17 13:28 - 2012-08-17 13:28 - 00017089 ____A C:\Users\Tice\Desktop\DDS.txt 2012-08-17 13:28 - 2012-08-17 13:28 - 00013642 ____A C:\Users\Tice\Desktop\Attach.txt 2012-08-17 13:23 - 2012-08-17 13:23 - 00607260 ____R (Swearware) C:\Users\Tice\Desktop\dds.scr 2012-08-17 13:11 - 2009-07-13 17:14 - 00020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe 2012-08-17 10:47 - 2012-08-17 13:14 - 00000000 ___RD C:\Users\Tice\Dropbox 2012-08-17 10:47 - 2012-08-17 10:47 - 00001041 ____A C:\Users\Tice\Desktop\Dropbox.lnk 2012-08-17 10:43 - 2012-08-17 21:30 - 00000000 ____D C:\Users\Tice\AppData\Roaming\Dropbox 2012-08-17 10:42 - 2012-08-17 10:43 - 17798272 ____A (Dropbox, Inc.) C:\Users\Tice\Desktop\Dropbox 1.4.12.exe 2012-08-16 16:14 - 2012-08-16 16:14 - 00000000 ____D C:\Program Files\Enigma Software Group 2012-08-16 16:13 - 2012-08-16 16:54 - 00000000 ____D C:\Windows\F896D02690164122B9BD957FF092FFE9.TMP 2012-08-14 10:23 - 2012-08-14 10:23 - 00000000 ____D C:\Users\All Users\HotSync 2012-08-13 20:35 - 2012-08-13 20:35 - 00000000 ____D C:\Users\Tice\AppData\Roaming\HotSync 2012-08-13 20:03 - 2012-08-13 20:14 - 00000000 ___SD C:\32788R22FWJFW 2012-08-13 20:03 - 2012-08-13 20:03 - 00000000 ____D C:\Windows\erdnt 2012-08-13 19:06 - 2012-08-13 19:06 - 00000000 ____D C:\Program Files (x86)\Oracle 2012-08-13 19:06 - 2012-07-05 21:06 - 00227760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2012-08-13 19:05 - 2012-06-27 00:43 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2012-08-13 19:05 - 2012-06-27 00:43 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2012-08-13 19:04 - 2012-08-13 19:05 - 00002954 ____A C:\Windows\SysWOW64\jupdate-1.7.0_05-b06.log 2012-08-13 19:04 - 2012-08-13 19:04 - 00000000 ____D C:\Users\All Users\McAfee 2012-08-13 17:12 - 2012-08-13 17:17 - 00000000 ____D C:\Users\Tice\AppData\Roaming\BSW 2012-08-13 17:11 - 2012-08-13 17:12 - 03182633 ____A (BrettspielWelt GmbH) C:\Users\Tice\Downloads\BrettspielWelt_en.exe 2012-08-04 16:19 - 2012-08-04 16:19 - 00001076 ____A C:\Users\Public\Desktop\Angry Birds.lnk 2012-08-02 18:49 - 2012-08-02 18:49 - 42715656 ____A C:\Users\Tice\Downloads\PlantsVsZombies_20120801.exe 2012-08-02 18:49 - 2012-08-02 18:49 - 00001315 ____A C:\Users\Public\Desktop\Plants vs. Zombies.lnk 2012-08-02 18:49 - 2012-08-02 18:49 - 00000000 ____D C:\Users\All Users\PopCap Games 2012-08-02 18:49 - 2012-08-02 18:49 - 00000000 ____D C:\Program Files (x86)\PopCap Games 2012-07-29 06:29 - 2012-07-29 06:29 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA% 2012-07-28 11:33 - 2012-08-14 10:22 - 00000000 ____D C:\Windows\Minidump 2012-07-28 09:31 - 2012-07-28 09:40 - 00000000 ____D C:\Program Files (x86)\Google ============ 3 Months Modified Files ======================== 2012-08-17 22:06 - 2012-06-05 17:56 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-934525634-3787459049-2266934747-1000UA.job 2012-08-17 21:47 - 2012-06-24 18:56 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2012-08-17 18:06 - 2012-06-05 17:56 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-934525634-3787459049-2266934747-1000Core.job 2012-08-17 16:39 - 2012-08-17 16:39 - 00002812 ____A C:\Users\Tice\Desktop\RKreport[1].txt 2012-08-17 16:38 - 2012-08-17 16:38 - 01558528 ____A C:\Users\Tice\Desktop\RogueKiller.exe 2012-08-17 13:28 - 2012-08-17 13:28 - 00017089 ____A C:\Users\Tice\Desktop\DDS.txt 2012-08-17 13:28 - 2012-08-17 13:28 - 00013642 ____A C:\Users\Tice\Desktop\Attach.txt 2012-08-17 13:23 - 2012-08-17 13:23 - 00607260 ____R (Swearware) C:\Users\Tice\Desktop\dds.scr 2012-08-17 13:21 - 2009-07-13 20:45 - 00024608 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2012-08-17 13:21 - 2009-07-13 20:45 - 00024608 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2012-08-17 13:14 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-08-17 13:13 - 2009-07-13 20:51 - 00067948 ____A C:\Windows\setupact.log 2012-08-17 13:09 - 2010-11-20 19:47 - 01116452 ____A C:\Windows\PFRO.log 2012-08-17 10:47 - 2012-08-17 10:47 - 00001041 ____A C:\Users\Tice\Desktop\Dropbox.lnk 2012-08-17 10:43 - 2012-08-17 10:42 - 17798272 ____A (Dropbox, Inc.) C:\Users\Tice\Desktop\Dropbox 1.4.12.exe 2012-08-17 10:38 - 2011-09-16 17:47 - 00000328 ____A C:\Windows\Tasks\HPCeeScheduleForTice.job 2012-08-17 06:47 - 2011-09-16 17:25 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log 2012-08-16 20:28 - 2009-07-13 21:13 - 00778660 ____A C:\Windows\System32\PerfStringBackup.INI 2012-08-15 18:12 - 2011-09-15 14:38 - 01737389 ____A C:\Windows\WindowsUpdate.log 2012-08-14 18:47 - 2012-05-05 10:28 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2012-08-14 18:47 - 2011-09-15 17:08 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2012-08-14 10:22 - 2011-05-26 02:01 - 00285266 ____N C:\Windows\Minidump\081412-28204-01.dmp 2012-08-13 20:15 - 2011-05-26 02:01 - 00285202 ____N C:\Windows\Minidump\081312-25615-01.dmp 2012-08-13 20:08 - 2011-05-26 02:01 - 00285202 ____N C:\Windows\Minidump\081312-22120-01.dmp 2012-08-13 20:04 - 2011-05-26 02:01 - 00285202 ____N C:\Windows\Minidump\081312-25942-01.dmp 2012-08-13 19:05 - 2012-08-13 19:04 - 00002954 ____A C:\Windows\SysWOW64\jupdate-1.7.0_05-b06.log 2012-08-13 17:12 - 2012-08-13 17:11 - 03182633 ____A (BrettspielWelt GmbH) C:\Users\Tice\Downloads\BrettspielWelt_en.exe 2012-08-04 16:19 - 2012-08-04 16:19 - 00001076 ____A C:\Users\Public\Desktop\Angry Birds.lnk 2012-08-02 18:49 - 2012-08-02 18:49 - 42715656 ____A C:\Users\Tice\Downloads\PlantsVsZombies_20120801.exe 2012-08-02 18:49 - 2012-08-02 18:49 - 00001315 ____A C:\Users\Public\Desktop\Plants vs. Zombies.lnk 2012-08-02 09:17 - 2011-05-26 02:01 - 00285266 ____N C:\Windows\Minidump\080212-28688-01.dmp 2012-07-29 17:36 - 2011-05-26 02:01 - 00285202 ____N C:\Windows\Minidump\072912-21668-01.dmp 2012-07-28 11:46 - 2011-10-28 06:33 - 00000000 ____A C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt 2012-07-28 11:33 - 2011-05-26 02:01 - 00285394 ____N C:\Windows\Minidump\072812-29998-01.dmp 2012-07-16 18:01 - 2012-07-16 18:01 - 00001908 ____A C:\Users\Tice\Desktop\Might & Magic Heroes VI - Shortcut.lnk 2012-07-16 17:42 - 2011-05-26 01:45 - 00093663 ____A C:\Windows\DirectX.log 2012-07-15 17:21 - 2012-04-14 21:03 - 00268952 ____A C:\Windows\SysWOW64\PnkBstrB.xtr 2012-07-15 17:21 - 2012-04-14 08:10 - 00268952 ____A C:\Windows\SysWOW64\PnkBstrB.exe 2012-07-14 18:20 - 2012-04-14 08:10 - 00268952 ____A C:\Windows\SysWOW64\PnkBstrB.ex0 2012-07-14 06:21 - 2009-07-13 21:08 - 00032542 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2012-07-12 05:53 - 2011-09-15 14:41 - 00110912 ____A C:\Users\Tice\AppData\Local\GDIPFONTCACHEV1.DAT 2012-07-12 05:48 - 2009-07-13 20:45 - 00418608 ____A C:\Windows\System32\FNTCACHE.DAT 2012-07-11 22:13 - 2011-10-14 20:28 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2012-07-11 20:10 - 2012-07-11 20:10 - 00014840 ____A C:\Users\Tice\Downloads\peabestowsdoodles.zip 2012-07-11 20:09 - 2012-07-11 20:09 - 00015018 ____A C:\Users\Tice\Downloads\peanjhwhimsy.zip 2012-07-11 20:08 - 2012-07-11 20:08 - 00009211 ____A C:\Users\Tice\Downloads\peaannie.zip 2012-07-05 21:06 - 2012-08-13 19:06 - 00227760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2012-07-05 21:06 - 2012-05-26 22:05 - 00772544 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll 2012-07-05 21:06 - 2012-05-26 22:05 - 00687544 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll 2012-06-27 13:52 - 2012-06-27 13:50 - 17060081 ____A C:\Users\Tice\Downloads\bom-without-images.zip 2012-06-27 00:43 - 2012-08-13 19:05 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2012-06-27 00:43 - 2012-08-13 19:05 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2012-06-23 16:07 - 2012-06-23 16:06 - 132894602 ____A C:\Users\Tice\Downloads\triplea_1_5_2_1_windows_installer_with_java.exe 2012-06-23 11:51 - 2012-06-23 11:51 - 26141741 ____A (NickOnline ) C:\Users\Tice\Downloads\setup.exe 2012-06-14 08:16 - 2011-12-05 15:04 - 00188200 ___AH C:\Windows\SysWOW64\mlfcache.dat 2012-06-11 19:08 - 2012-07-11 22:15 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-06-10 16:20 - 2011-09-25 15:07 - 00002515 ____A C:\Users\Public\Desktop\Skype.lnk 2012-06-09 15:38 - 2012-06-09 15:37 - 82271334 ____A (Telltale Games) C:\Users\Tice\Downloads\8BitIsEnough_setup.exe 2012-06-08 21:43 - 2012-07-11 06:21 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll 2012-06-08 20:41 - 2012-07-11 06:21 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2012-06-06 22:38 - 2012-06-06 22:38 - 00020882 ____A C:\Users\Tice\Downloads\[kat.ph]sierra.adventure.games.pack.collection.torrent 2012-06-06 18:19 - 2012-06-06 18:19 - 00466314 ____A C:\Users\Tice\Downloads\[kat.ph]sierra.games.collection.and.more.torrent 2012-06-06 18:11 - 2012-06-06 18:11 - 00001132 ____A C:\Users\Public\Desktop\Firefox.lnk 2012-06-06 18:10 - 2012-06-06 18:10 - 16574016 ____A (Mozilla) C:\Users\Tice\Downloads\Firefox Setup 13.0.exe 2012-06-06 15:13 - 2012-06-06 15:13 - 00475801 ____A C:\Users\Tice\Downloads\hashcalc.zip 2012-06-06 14:27 - 2012-06-06 14:27 - 04733064 ____A (WebMinds, Inc. ) C:\Users\Tice\Downloads\regacesetup.exe 2012-06-06 14:17 - 2012-06-06 14:17 - 01058280 ____A C:\Users\Tice\Downloads\mstask.zip_downloader.exe 2012-06-06 14:02 - 2012-06-06 14:02 - 00008835 ____A C:\Users\Tice\Downloads\icfgnt1.zip 2012-06-05 22:06 - 2012-07-11 06:21 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll 2012-06-05 22:06 - 2012-07-11 06:21 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll 2012-06-05 22:02 - 2012-07-11 06:20 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll 2012-06-05 21:05 - 2012-07-11 06:21 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2012-06-05 21:05 - 2012-07-11 06:21 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2012-06-05 21:03 - 2012-07-11 06:20 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll 2012-06-05 17:56 - 2012-06-05 17:56 - 00739832 ____A (Google Inc.) C:\Users\Tice\Downloads\GoogleVoiceAndVideoSetup.exe 2012-06-03 19:55 - 2011-09-15 22:01 - 00000945 ____A C:\Users\Public\Desktop\µTorrent.lnk 2012-06-02 14:19 - 2012-06-21 06:53 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll 2012-06-02 14:19 - 2012-06-21 06:53 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll 2012-06-02 14:19 - 2012-06-21 06:53 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe 2012-06-02 14:19 - 2012-06-21 06:53 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll 2012-06-02 14:19 - 2012-06-21 06:53 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll 2012-06-02 14:19 - 2012-06-21 06:52 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll 2012-06-02 14:15 - 2012-06-21 06:53 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll 2012-06-02 14:15 - 2012-06-21 06:53 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll 2012-06-02 14:15 - 2012-06-21 06:52 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe 2012-06-02 10:29 - 2012-06-02 10:29 - 00002061 ____A C:\Users\Tice\Desktop\Domination.lnk 2012-06-02 10:28 - 2012-06-02 10:28 - 07112192 ____A C:\Users\Tice\Downloads\Domination_install_1.1.0.8.exe 2012-06-01 21:50 - 2012-07-11 06:21 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys 2012-06-01 21:48 - 2012-07-11 06:21 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys 2012-06-01 21:48 - 2012-07-11 06:21 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys 2012-06-01 21:45 - 2012-07-11 06:21 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll 2012-06-01 21:44 - 2012-07-11 06:21 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll 2012-06-01 20:40 - 2012-07-11 06:21 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2012-06-01 20:40 - 2012-07-11 06:21 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2012-06-01 20:39 - 2012-07-11 06:21 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2012-06-01 20:34 - 2012-07-11 06:21 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2012-05-31 11:25 - 2010-11-20 19:27 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe 2012-05-26 22:04 - 2012-05-26 22:04 - 00892360 ____A (Oracle Corporation) C:\Users\Tice\Downloads\jre-7u4-windows-i586-iftw.exe 2012-05-26 21:58 - 2012-05-26 21:58 - 00000820 ____A C:\Users\Tice\Desktop\Colossus.jnlp 2012-05-26 21:42 - 2012-05-26 21:42 - 00000841 ____A C:\Users\Tice\Downloads\Colossus-public-testing.jnlp ZeroAccess: C:\Windows\Installer\{3db77a79-4b53-4a99-6c24-56f9b9e2f007} C:\Windows\Installer\{3db77a79-4b53-4a99-6c24-56f9b9e2f007}\@ C:\Windows\Installer\{3db77a79-4b53-4a99-6c24-56f9b9e2f007}\L C:\Windows\Installer\{3db77a79-4b53-4a99-6c24-56f9b9e2f007}\U C:\Windows\Installer\{3db77a79-4b53-4a99-6c24-56f9b9e2f007}\L\00000004.@ C:\Windows\Installer\{3db77a79-4b53-4a99-6c24-56f9b9e2f007}\L\201d3dde C:\Windows\Installer\{3db77a79-4b53-4a99-6c24-56f9b9e2f007}\U\00000004.@ C:\Windows\Installer\{3db77a79-4b53-4a99-6c24-56f9b9e2f007}\U\00000008.@ C:\Windows\Installer\{3db77a79-4b53-4a99-6c24-56f9b9e2f007}\U\000000cb.@ C:\Windows\Installer\{3db77a79-4b53-4a99-6c24-56f9b9e2f007}\U\80000000.@ C:\Windows\Installer\{3db77a79-4b53-4a99-6c24-56f9b9e2f007}\U\80000032.@ C:\Windows\Installer\{3db77a79-4b53-4a99-6c24-56f9b9e2f007}\U\80000064.@ ZeroAccess: C:\Windows\assembly\GAC_32\Desktop.ini ZeroAccess: C:\Windows\assembly\GAC_64\Desktop.ini Type 00 partition infection: C:\Windows\svchost.exe ========================= Known DLLs (Whitelisted) ============ ========================= Bamital & volsnap Check ============ C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit TDL4: custom:26000022 <===== ATTENTION! ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ========================= Memory info ====================== Percentage of memory in use: 15% Total physical RAM: 5887.29 MB Available physical RAM: 4995.86 MB Total Pagefile: 5885.48 MB Available Pagefile: 4966.9 MB Total Virtual: 8192 MB Available Virtual: 8191.9 MB ======================= Partitions ========================= 1 Drive c: (OS) (Fixed) (Total:920.27 GB) (Free:816.26 GB) NTFS 2 Drive e: (HP_RECOVERY) (Fixed) (Total:11.15 GB) (Free:1.36 GB) NTFS ==>[system with boot components (obtained from reading drive)] 3 Drive f: (Disk1) (CDROM) (Total:0.61 GB) (Free:0 GB) CDFS 4 Drive g: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS 5 Drive h: () (Removable) (Total:0.95 GB) (Free:0.27 GB) FAT 11 Drive x: (Boot) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS 12 Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)] Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 931 GB 0 B Disk 1 Online 973 MB 0 B Disk 2 No Media 0 B 0 B Disk 3 No Media 0 B 0 B Disk 4 No Media 0 B 0 B Disk 5 No Media 0 B 0 B Disk 6 No Media 0 B 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 100 MB 1024 KB Partition 2 Primary 920 GB 101 MB Partition 3 Primary 11 GB 920 GB ================================================================================== Disk: 0 Partition 1 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 Y SYSTEM NTFS Partition 100 MB Healthy ================================================================================== Disk: 0 Partition 2 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 C OS NTFS Partition 920 GB Healthy ================================================================================== Disk: 0 Partition 3 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 4 E HP_RECOVERY NTFS Partition 11 GB Healthy ================================================================================== Partitions of Disk 1: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 973 MB 123 KB ================================================================================== Disk: 1 Partition 1 Type : 06 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 5 H FAT Removable 973 MB Healthy ================================================================================== Last Boot: 2012-08-17 07:30 ======================= End Of Log ========================== Farbar Recovery Scan Tool Version: 18-08-2012 Ran by SYSTEM at 2012-08-18 09:09:21 Running from H:\ ================== Search: "services.exe" =================== C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB C:\Windows\System32\services.exe [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB ====== End Of Search ======
  8. Here is the report from RogueKiller. Thanks RogueKiller V7.6.6 [08/10/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User: Tice [Admin rights] Mode: Scan -- Date: 08/17/2012 17:39:53 ¤¤¤ Bad processes: 1 ¤¤¤ [sVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc] ¤¤¤ Registry Entries: 4 ¤¤¤ [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ [ZeroAccess][FILE] @ : c:\windows\installer\{3db77a79-4b53-4a99-6c24-56f9b9e2f007}\@ --> FOUND [ZeroAccess][FOLDER] U : c:\windows\installer\{3db77a79-4b53-4a99-6c24-56f9b9e2f007}\U --> FOUND [ZeroAccess][FOLDER] L : c:\windows\installer\{3db77a79-4b53-4a99-6c24-56f9b9e2f007}\L --> FOUND [ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_32\desktop.ini --> FOUND [ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_64\desktop.ini --> FOUND [susp.ASLR][ASLR WIPED-OFF] services.exe : c:\windows\system32\services.exe --> FOUND ¤¤¤ Driver: [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ZeroAccess|Root.MBR ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: Hitachi HDS721010CLA332 SATA Disk Device +++++ --- User --- [MBR] e5b8e230b36494830f956d29c0f87ccc [bSP] fe7250244a6987badde9a87e2ff5cd48 : Windows Vista/7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 942352 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1930143744 | Size: 11415 Mo User = LL1 ... OK! User != LL2 ... KO! --- LL2 --- [MBR] 5446a21687269152910ccad135e89947 [bSP] 3e994ff66c0e7c7bdcf881de13609d25 : Windows 7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 217933824 | Size: 300 Mo +++++ PhysicalDrive1: Generic- SD/MMC USB Device +++++ Error reading User MBR! User = LL1 ... OK! Error reading LL2 MBR! +++++ PhysicalDrive2: Generic- Compact Flash USB Device +++++ Error reading User MBR! User = LL1 ... OK! Error reading LL2 MBR! +++++ PhysicalDrive3: Generic- SM/xD-Picture USB Device +++++ Error reading User MBR! User = LL1 ... OK! Error reading LL2 MBR! +++++ PhysicalDrive4: Generic- MS/MS-Pro USB Device +++++ Error reading User MBR! User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[1].txt >> RKreport[1].txt
  9. MBAM hasn't been able to remove a TrojanDropper.BCMiner and Rootkit. I can scan again right after the restart and all 5 infected files coe up again. I have also attached the MBAM log. It looks like you have resolved this with other users, so I'm hoping you can help me as well. Thanks It's not letting me attach any files, so I have copied any pasted the text (DDS, Attach, and mbam log). . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 10.5.1 Run by Tice at 14:26:48 on 2012-08-17 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5887.4701 [GMT -7:00] . AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\atieclxx.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe C:\Program Files (x86)\TechSmith\Jing\Jing.exe C:\Users\Tice\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskhost.exe C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\Bonjour\mDNSResponder.exe C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe C:\Program Files (x86)\PDF Complete\pdfsvc.exe C:\Windows\SysWOW64\PnkBstrA.exe C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe -netsvcs C:\Windows\system32\conhost.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe "C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = *.local uURLSearchHooks: H - No File uURLSearchHooks: H - No File mWinlogon: Userinit=userinit.exe, BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll BHO: Yontoo: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll TB: {37153479-1976-43C3-A1EE-557513977B64} - No File uRun: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun uRun: [Jing] C:\Program Files (x86)\TechSmith\Jing\Jing.exe mRun: [<NO NAME>] mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" StartupFolder: C:\Users\Tice\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Tice\AppData\Roaming\Dropbox\bin\Dropbox.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL LSP: mswsock.dll TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 TCP: Interfaces\{0847DC48-9B03-413B-9F08-4A6D9A31BB75} : DhcpNameServer = 75.75.75.75 75.75.76.76 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll BHO-X64: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll BHO-X64: Yontoo Layers - No File TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll TB-X64: {37153479-1976-43C3-A1EE-557513977B64} - No File mRun-x64: [(Default)] mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Tice\AppData\Roaming\Mozilla\Firefox\Profiles\q7tdqoys.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2559647&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.com FF - plugin: C:\PROGRA~2\Palm\PACKAG~1\NPInstal.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\nphdplg.dll FF - plugin: C:\Users\Tice\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: C:\Users\Tice\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll FF - plugin: C:\Users\Tice\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll FF - plugin: C:\Users\Tice\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll . ---- FIREFOX POLICIES ---- FF - user.js: general.useragent.extra.brc - FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(extentions.y2layers.installId, 317b2d27-9148-407d-a26b-0be16b388313 FF - user.js: extentions.y2layers.defaultEnableAppsList - twittube,ezLooker,pagerage,buzzdock,toprelatedtopics . FF - user.js: extensions.autoDisableScopes - 14 . ============= SERVICES / DRIVERS =============== . R0 amd_sata;amd_sata;C:\Windows\system32\drivers\amd_sata.sys --> C:\Windows\system32\drivers\amd_sata.sys [?] R0 amd_xata;amd_xata;C:\Windows\system32\drivers\amd_xata.sys --> C:\Windows\system32\drivers\amd_xata.sys [?] R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?] R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-3-9 365568] R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?] R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?] R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560] R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168] R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264] R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2011-5-26 1127448] R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344] R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?] R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?] R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?] R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?] R3 BrSerIb;Brother Serial Interface Driver(WDM);C:\Windows\system32\DRIVERS\BrSerIb.sys --> C:\Windows\system32\DRIVERS\BrSerIb.sys [?] R3 BrUsbSIb;Brother Serial USB Driver(WDM);C:\Windows\system32\DRIVERS\BrUsbSIb.sys --> C:\Windows\system32\DRIVERS\BrUsbSIb.sys [?] R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\drivers\usbfilter.sys --> C:\Windows\system32\drivers\usbfilter.sys [?] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?] S2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-7-28 44768] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-5 250056] S3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2011-9-15 245760] S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-6-6 113120] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2012-08-17 21:11:05 20480 ----a-w- C:\Windows\svchost.exe 2012-08-17 18:47:07 -------- d-----r- C:\Users\Tice\Dropbox 2012-08-17 18:43:29 -------- d-----w- C:\Users\Tice\AppData\Roaming\Dropbox 2012-08-17 00:14:17 -------- d-----w- C:\Program Files\Enigma Software Group 2012-08-17 00:13:27 -------- d-----w- C:\Windows\F896D02690164122B9BD957FF092FFE9.TMP 2012-08-17 00:13:26 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard 2012-08-14 03:06:46 -------- d-----w- C:\Program Files (x86)\Oracle 2012-08-14 01:12:18 -------- d-----w- C:\Users\Tice\AppData\Roaming\BSW 2012-08-03 02:49:41 -------- d-----w- C:\ProgramData\PopCap Games 2012-08-03 02:49:41 -------- d-----w- C:\Program Files (x86)\PopCap Games 2012-07-29 14:29:08 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA% 2012-07-28 19:38:59 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BFDF6384-9617-4C31-A52B-C6968F98FF9D}\mpengine.dll . ==================== Find3M ==================== . 2012-08-15 02:47:06 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-08-15 02:47:06 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-07-16 01:21:55 268952 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr 2012-07-16 01:21:55 268952 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe 2012-07-15 02:20:35 268952 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0 2012-07-06 05:06:30 772544 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2012-07-06 05:06:20 687544 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-06-12 03:08:36 3148800 ----a-w- C:\Windows\System32\win32k.sys 2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll 2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll 2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll 2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll 2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll 2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll 2012-06-02 22:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll 2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2012-06-02 22:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe 2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll 2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys 2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll 2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll 2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll 2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll 2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll 2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll 2012-05-31 19:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe . ============= FINISH: 14:27:53.76 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 9/15/2011 3:38:56 PM System Uptime: 8/17/2012 2:13:25 PM (0 hours ago) . Motherboard: FOXCONN | | 2AB1 Processor: AMD Phenom II X2 521 Processor | CPU 1 | 3500/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 920 GiB total, 819.292 GiB free. D: is FIXED (NTFS) - 11 GiB total, 1.361 GiB free. E: is CDROM () F: is CDROM () G: is Removable H: is Removable I: is Removable J: is CDROM () L: is CDROM () M: is Removable N: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP111: 7/17/2012 6:33:17 AM - Windows Update RP112: 7/24/2012 6:31:34 PM - Windows Update RP113: 7/28/2012 12:38:39 PM - Windows Update RP114: 8/5/2012 2:27:48 PM - Scheduled Checkpoint RP115: 8/6/2012 11:20:06 PM - HPSF Restore Point RP116: 8/7/2012 12:07:33 AM - HPSF Restore Point RP117: 8/13/2012 8:04:35 PM - Installed Java 7 Update 5 RP118: 8/13/2012 8:05:43 PM - Removed JavaFX 2.1.0 RP119: 8/13/2012 8:06:19 PM - Installed JavaFX 2.1.1 RP120: 8/13/2012 9:33:26 PM - Removed Zinio Reader 4 RP121: 8/13/2012 9:34:45 PM - Removed Palm Desktop by ACCESS RP122: 8/16/2012 5:13:32 PM - Installed SpyHunter RP123: 8/16/2012 5:53:36 PM - Removed SpyHunter . ==== Installed Programs ====================== . µTorrent Adobe AIR Adobe Digital Editions Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Shockwave Player 11.6 Agatha Christie - Peril at End House AMD VISION Engine Control Center Angry Birds Angry Birds Rio Angry Birds Seasons Angry Birds Space Apple Application Support Apple Software Update avast! Free Antivirus Bejeweled 2 Deluxe Bejeweled 3 Blackhawk Striker 2 Blasterball 3 Blio Bounce Symphony Brother MFL-Pro Suite MFC-J615W Build-a-lot 2 Cake Mania Call of Duty - United Offensive Catalyst Control Center - Branding Catalyst Control Center InstallProxy Catalyst Control Center Localization All CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish Chuzzle Deluxe D3DX10 DAEMON Tools Pro Diner Dash 2 Restaurant Rescue Dora's World Adventure Dropbox FamilySearch Indexing 3.13.1 Farm Frenzy FATE - The Traitor Soul Google Talk Plugin Heroes of Might and Magic V Hewlett-Packard ACLM.NET v1.1.1.0 HP Customer Experience Enhancements HP Games HP LinkUp HP MediaSmart/TouchSmart Netflix HP MovieStore HP Odometer HP Setup HP Setup Manager HP Support Assistant HP Support Information HP Update Hulu Desktop HydraVision Java Auto Updater Java 7 Update 5 JavaFX 2.1.1 Jing Junk Mail filter update LabelPrint Magic ISO Maker v5.5 (build 0273) Magic ISO Maker v5.5 (build 0281) MagicDisc 2.7.105 Mah Jong Medley Malwarebytes Anti-Malware version 1.61.0.1400 Mesh Runtime Microsoft Office 2010 Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft WSE 3.0 Runtime Might & Magic Heroes VI Mozilla Firefox 14.0.1 (x86 en-US) Mozilla Maintenance Service MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Mystery P.I. - Stolen in San Francisco Namco All-Stars PAC-MAN Palm Desktop by ACCESS PDF Complete Special Edition Penguins! Pet Vet 3D Animal Hospital Pet Vet 3D Down Under Pet Vet 3D Wild Animal Hospital Plants vs. Zombies Plants vs. Zombies - Game of the Year PlayReady PC Runtime x86 Poker Superstars III Polar Bowler Polar Golfer Power2Go PressReader PunkBuster Services QuickTime Realtek High Definition Audio Driver Recovery Manager Remote Graphics Receiver RoxioNow Player ScanSoft PaperPort 11 Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Extended (KB2416472) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Skype™ 5.8 Slingo Supreme swMSM TripleA Version 1_5_2_1 Ubisoft Game Launcher Unity Web Player Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update Installer for WildTangent Games App Virtual Villagers 4 - The Tree of Life VLC media player 1.1.11 Wheel of Fortune 2 WildTangent Games App (HP Games) Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Wolfenstein - Enemy Territory Zuma Deluxe . ==== Event Viewer Messages From Past Week ======== . 8/17/2012 2:25:53 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891 8/17/2012 2:25:53 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891 8/17/2012 2:14:43 PM, Error: Service Control Manager [7000] - The AODDriver4.0 service failed to start due to the following error: The system cannot find the path specified. 8/17/2012 2:14:33 PM, Error: Service Control Manager [7001] - The IPsec Policy Agent service depends on the BFE service which failed to start because of the following error: Access is denied. 8/17/2012 2:14:30 PM, Error: Service Control Manager [7001] - The IKE and AuthIP IPsec Keying Modules service depends on the BFE service which failed to start because of the following error: Access is denied. 8/17/2012 2:14:29 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service. 8/17/2012 2:14:28 PM, Error: Service Control Manager [7000] - The BFE service failed to start due to the following error: Access is denied. 8/16/2012 11:42:55 AM, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system. 8/14/2012 11:22:54 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000003b (0x00000000c0000005, 0xfffff8800108b2cb, 0xfffff8800292ea50, 0x0000000000000000). A dump was saved in: C:\Windows\Minidump\081412-28204-01.dmp. Report Id: 081412-28204-01. 8/13/2012 9:15:22 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002cb47ef, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\Windows\Minidump\081312-25615-01.dmp. Report Id: 081312-25615-01. 8/13/2012 9:12:05 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed. 8/13/2012 9:12:03 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed. 8/13/2012 9:08:28 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswRdr aswSnx aswSP aswTdi DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf 8/13/2012 9:08:27 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 8/13/2012 9:08:27 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 8/13/2012 9:08:27 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 8/13/2012 9:08:27 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 8/13/2012 9:08:27 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 8/13/2012 9:08:27 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning. 8/13/2012 9:08:27 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 8/13/2012 9:08:27 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 8/13/2012 9:08:27 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 8/13/2012 9:08:27 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 8/13/2012 9:08:26 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002cb67ef, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\Windows\Minidump\081312-22120-01.dmp. Report Id: 081312-22120-01. 8/13/2012 9:05:00 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002cbc7ef, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\Windows\Minidump\081312-25942-01.dmp. Report Id: 081312-25942-01. 8/11/2012 7:59:57 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service. . ==== End Of File =========================== Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Database version: v2012.08.13.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Tice :: TICE-HP [administrator] 8/17/2012 2:03:10 PM mbam-log-2012-08-17 (14-03-10).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 203953 Time elapsed: 3 minute(s), 56 second(s) Memory Processes Detected: 1 C:\Windows\svchost.exe (Trojan.Agent) -> 2696 -> Delete on reboot. Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 4 C:\Windows\Installer\{3db77a79-4b53-4a99-6c24-56f9b9e2f007}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully. C:\Windows\Installer\{3db77a79-4b53-4a99-6c24-56f9b9e2f007}\U\000000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully. C:\Windows\Installer\{3db77a79-4b53-4a99-6c24-56f9b9e2f007}\U\80000032.@ (Rootkit.0Access) -> Quarantined and deleted successfully. C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot. (end)