Google Redirects and Strange Popups

lfbprod · May 21, 2012

Hi all,

I've been hit with a virus that will not quit my computer, no matter how hard I try. Superantispyware and Spybot Search and Destroy remove programs, but the problem persists and Malwarebytes always turns up with zero results. Any help in getting rid of this problem is greatly appreciated. Note: I downloaded Hijackthis after seeing someone else use it with success when initially searching for soultions, and then quickly realised that I had no idea what I was doing, so nothing with the program has actually been done. Same with combofix.

Here is the DDS Log:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by Charles at 10:21:38 on 2012-05-21

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4094.1022 [GMT -5:00]

.

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe

C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Windows\SysWOW64\PnkBstrB.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe

C:\Program Files (x86)\Steam\Steam.exe

C:\Users\Charles\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

C:\Program Files (x86)\Google\Google Talk\googletalk.exe

C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\REGSVR32.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2786678

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll

uURLSearchHooks: H - No File

mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

BHO: SteadyVideoBHO Class: {6c680bae-655c-4e3d-8fc4-e6a520c3d928} - c:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll

TB: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File

uRun: [Google Update] "C:\Users\Charles\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent

uRun: [igndlm.exe] C:\Program Files (x86)\Download Manager\DLM.exe /windowsstart /startifwork

uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

mRun: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe /autostart

mRun: [instaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup

mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe

mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

StartupFolder: C:\Users\Charles\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Charles\AppData\Roaming\Dropbox\bin\Dropbox.exe

StartupFolder: C:\Users\Charles\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: DhcpNameServer = 192.168.2.1

TCP: Interfaces\{6926F3FE-B937-4B51-A763-336D8ED7B4AE} : DhcpNameServer = 192.168.2.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll

Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

BHO-X64: Increase performance and video formats for your HTML5 <video> - No File

BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

BHO-X64: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - c:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll

BHO-X64: AMD SteadyVideo BHO - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll

BHO-X64: AIM Toolbar Loader - No File

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll

TB-X64: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File

mRun-x64: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe /autostart

mRun-x64: [instaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup

mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe

mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\dk17kppp.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.startup.homepage - hxxp://forums.somethingawful.com

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=

FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll

FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll

FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll

FF - plugin: C:\Program Files (x86)\Download Manager\npfpdlm.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.0.61118.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Users\Charles\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: C:\Users\Charles\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll

.

============= SERVICES / DRIVERS ===============

.

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]

R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]

R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-4-5 361984]

R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]

R2 MotoHelper;MotoHelper Service;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2010-9-7 202048]

R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-1-22 1153368]

R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-5-20 654408]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-6 257696]

S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Steam\steamapps\common\dragon age origins\bin_ship\daupdatersvc.service.exe [2010-6-21 25832]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]

S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\system32\DRIVERS\MijXfilt.sys --> C:\Windows\system32\DRIVERS\MijXfilt.sys [?]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-26 129976]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-05-21 14:45:40 388096 ----a-r- C:\Users\Charles\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-05-21 14:45:40 -------- d-----w- C:\Program Files (x86)\Trend Micro

2012-05-20 17:02:53 -------- d-----w- C:\Users\Charles\AppData\Roaming\Malwarebytes

2012-05-20 17:02:35 -------- d-----w- C:\ProgramData\Malwarebytes

2012-05-20 17:02:35 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-05-14 22:59:52 -------- d-----w- C:\Program Files (x86)\Diablo III

2012-05-10 03:00:58 902656 ----a-w- C:\Windows\System32\d2d1.dll

2012-05-10 03:00:58 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll

2012-05-10 03:00:58 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll

2012-05-10 03:00:58 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll

2012-05-10 03:00:58 1541120 ----a-w- C:\Windows\System32\DWrite.dll

2012-05-10 03:00:58 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll

2012-05-10 03:00:58 1074176 ----a-w- C:\Windows\SysWow64\DWrite.dll

2012-05-10 03:00:57 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll

2012-05-10 03:00:57 197120 ----a-w- C:\Windows\System32\d3d10_1.dll

2012-05-10 03:00:57 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll

2012-05-10 02:58:30 5504880 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-05-10 02:58:29 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-05-10 02:58:29 3143680 ----a-w- C:\Windows\System32\win32k.sys

2012-05-10 02:58:28 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-05-10 02:58:22 75632 ----a-w- C:\Windows\System32\drivers\partmgr.sys

2012-05-10 02:57:52 1895280 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2012-05-10 02:57:46 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll

2012-05-10 02:57:46 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL

2012-05-10 02:57:46 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll

2012-05-10 02:57:46 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll

2012-05-10 02:57:46 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll

2012-04-30 01:23:29 -------- d-----w- C:\d15553b11f55ce4c283f

2012-04-29 10:58:42 8955792 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Updates\mpengine.dll

2012-04-28 02:00:46 -------- d-----w- C:\Program Files (x86)\AMD AVT

2012-04-28 02:00:31 -------- d-----w- C:\Program Files (x86)\AMD APP

2012-04-28 01:52:45 -------- d-----w- C:\AMD

2012-04-27 04:21:54 -------- d-s---w- C:\ComboFix

2012-04-26 12:48:32 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service

2012-04-26 12:48:25 157352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe

2012-04-26 12:48:25 129976 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe

2012-04-24 14:03:06 -------- d-----w- C:\Program Files\AMD

2012-04-24 13:53:21 7431680 ----a-w- C:\Windows\System32\atiumd64.dll

2012-04-24 13:49:05 4731904 ----a-w- C:\Windows\System32\atiumd6a.dll

2012-04-24 08:48:55 8917360 ------w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2584F2DB-DA7E-4D31-B435-45CB3B597A83}\mpengine.dll

.

==================== Find3M ====================

.

2012-05-05 16:05:13 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-05 16:05:13 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-05-05 16:05:05 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe

2012-04-06 05:22:40 11174400 ----a-w- C:\Windows\System32\drivers\atikmdag.sys

2012-04-06 03:34:26 187392 ----a-w- C:\Windows\System32\clinfo.exe

2012-04-06 03:34:10 74752 ----a-w- C:\Windows\System32\OpenVideo64.dll

2012-04-06 03:34:04 64512 ----a-w- C:\Windows\SysWow64\OpenVideo.dll

2012-04-06 03:33:56 63488 ----a-w- C:\Windows\System32\OVDecode64.dll

2012-04-06 03:33:52 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll

2012-04-06 03:33:44 16457216 ----a-w- C:\Windows\System32\amdocl64.dll

2012-04-06 03:32:56 13007872 ----a-w- C:\Windows\SysWow64\amdocl.dll

2012-04-06 02:22:00 159744 ----a-w- C:\Windows\System32\atiapfxx.exe

2012-04-06 02:21:52 909312 ----a-w- C:\Windows\SysWow64\aticfx32.dll

2012-04-06 02:20:04 1067520 ----a-w- C:\Windows\System32\aticfx64.dll

2012-04-06 02:16:52 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll

2012-04-06 02:16:46 503808 ----a-w- C:\Windows\System32\atieclxx.exe

2012-04-06 02:16:02 236544 ----a-w- C:\Windows\System32\atiesrxx.exe

2012-04-06 02:14:44 120320 ----a-w- C:\Windows\System32\atitmm64.dll

2012-04-06 02:14:30 21504 ----a-w- C:\Windows\System32\atimuixx.dll

2012-04-06 02:14:26 59392 ----a-w- C:\Windows\System32\atiedu64.dll

2012-04-06 02:14:20 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll

2012-04-06 02:13:42 6800896 ----a-w- C:\Windows\SysWow64\atidxx32.dll

2012-04-06 02:10:50 26181632 ----a-w- C:\Windows\System32\atio6axx.dll

2012-04-06 02:00:10 64000 ----a-w- C:\Windows\System32\coinst.dll

2012-04-06 01:54:46 7479296 ----a-w- C:\Windows\System32\atidxx64.dll

2012-04-06 01:50:56 19753984 ----a-w- C:\Windows\SysWow64\atioglxx.dll

2012-04-06 01:35:24 1120768 ----a-w- C:\Windows\System32\atiumd6v.dll

2012-04-06 01:34:50 1831424 ----a-w- C:\Windows\SysWow64\atiumdmv.dll

2012-04-06 01:34:04 6203392 ----a-w- C:\Windows\SysWow64\atiumdag.dll

2012-04-06 01:30:16 51200 ----a-w- C:\Windows\System32\aticalrt64.dll

2012-04-06 01:30:14 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll

2012-04-06 01:30:08 44544 ----a-w- C:\Windows\System32\aticalcl64.dll

2012-04-06 01:30:06 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll

2012-04-06 01:29:54 16090624 ----a-w- C:\Windows\System32\aticaldd64.dll

2012-04-06 01:25:30 13764096 ----a-w- C:\Windows\SysWow64\aticaldd.dll

2012-04-06 01:22:54 4795904 ----a-w- C:\Windows\SysWow64\atiumdva.dll

2012-04-06 01:11:28 514560 ----a-w- C:\Windows\System32\atiadlxx.dll

2012-04-06 01:11:20 360448 ----a-w- C:\Windows\SysWow64\atiadlxy.dll

2012-04-06 01:11:06 17408 ----a-w- C:\Windows\System32\atig6pxx.dll

2012-04-06 01:11:04 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll

2012-04-06 01:11:04 14848 ----a-w- C:\Windows\System32\atiglpxx.dll

2012-04-06 01:11:00 41984 ----a-w- C:\Windows\System32\atig6txx.dll

2012-04-06 01:10:52 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll

2012-04-06 01:10:44 343040 ----a-w- C:\Windows\System32\drivers\atikmpag.sys

2012-04-06 01:09:56 54784 ----a-w- C:\Windows\System32\atiuxp64.dll

2012-04-06 01:09:48 41984 ----a-w- C:\Windows\SysWow64\atiuxpag.dll

2012-04-06 01:09:42 44544 ----a-w- C:\Windows\System32\atiu9p64.dll

2012-04-06 01:09:34 32256 ----a-w- C:\Windows\SysWow64\atiu9pag.dll

2012-04-06 01:09:02 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll

2012-04-06 01:06:08 54784 ----a-w- C:\Windows\System32\atimpc64.dll

2012-04-06 01:06:08 54784 ----a-w- C:\Windows\System32\amdpcom64.dll

2012-04-06 01:06:04 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll

2012-04-06 01:06:04 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll

2012-03-09 19:07:04 29184 ----a-w- C:\Windows\System32\kdbsdk64.dll

2012-03-09 19:06:14 24576 ----a-w- C:\Windows\SysWow64\kdbsdk32.dll

2012-03-01 06:54:38 22896 ----a-w- C:\Windows\System32\drivers\fs_rec.sys

2012-03-01 06:45:41 220672 ----a-w- C:\Windows\System32\wintrust.dll

2012-03-01 06:40:14 80896 ----a-w- C:\Windows\System32\imagehlp.dll

2012-03-01 06:35:16 5120 ----a-w- C:\Windows\System32\wmi.dll

2012-03-01 05:49:05 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll

2012-03-01 05:45:05 158720 ----a-w- C:\Windows\SysWow64\imagehlp.dll

2012-03-01 05:40:44 5120 ----a-w- C:\Windows\SysWow64\wmi.dll

2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll

2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll

2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-02-23 15:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe

2012-02-23 12:32:04 95760 ----a-w- C:\Windows\System32\drivers\AtihdW76.sys

.

============= FINISH: 10:30:21.23 ===============

And this is Attach.txt:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 3/1/2010 9:15:30 PM

System Uptime: 5/21/2012 1:03:24 AM (9 hours ago)

.

Motherboard: Gigabyte Technology Co., Ltd. | | GA-770T-USB3

Processor: AMD Athlon II X3 440 Processor | Socket M2 | 3000/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 931 GiB total, 202.379 GiB free.

D: is CDROM (UDF)

.

==== Disabled Device Manager Items =============

.

Class GUID:

Description: Universal Serial Bus (USB) Controller

Device ID: PCI\VEN_1033&DEV_0194&SUBSYS_50071458&REV_03\4&91A636&0&0048

Manufacturer:

Name: Universal Serial Bus (USB) Controller

PNP Device ID: PCI\VEN_1033&DEV_0194&SUBSYS_50071458&REV_03\4&91A636&0&0048

Service:

.

==== System Restore Points ===================

.

RP450: 5/16/2012 11:49:34 PM - Windows Update

RP451: 5/17/2012 7:47:21 PM - Windows Update

RP452: 5/17/2012 10:05:47 PM - Removed Apple Software Update

RP453: 5/17/2012 10:06:41 PM - Removed Apple Mobile Device Support

RP454: 5/18/2012 2:25:39 PM - Windows Update

RP455: 5/19/2012 9:42:01 AM - Removed Age of Empires III Trial

RP456: 5/19/2012 12:56:24 PM - Windows Update

RP457: 5/20/2012 7:39:39 AM - Windows Update

RP458: 5/21/2012 2:38:27 AM - Windows Update

RP459: 5/21/2012 9:45:02 AM - Installed HiJackThis

.

==== Installed Programs ======================

.

AaAaAA!!! - A Reckless Disregard for Gravity

AC3Filter 1.63b

Adobe Reader 9.5.1

Age of Empires III Trial

AIM 7

AIM Toolbar

Alice: Madness Returns

Alpha Protocol

AMD VISION Engine Control Center

Amnesia: The Dark Descent

Apple Application Support

Apple Software Update

Atom Zombie Smasher

Audiosurf

Bastion

Batman: Arkham City™

Belkin Setup and Router Monitor

BioShock 2

Braid

Broken Sword: Shadow of the Templars - Director's Cut

Bulletstorm

Bully: Scholarship Edition

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

Cave Story+

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Celtx (2.9)

Command and Conquer: Red Alert 3

Cosmic Osmo

Counter-Strike: Source

Crusader Kings II

Cryostasis

Crysis 2 Demo

Cthulhu Saves the World

Cyberduck 4.1.3 (9045)

Darksiders

DarksidersInstaller

Darwinia

Day of Defeat: Source

Dead Island

Dead Space

Dead Space 2

DEFCON

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Deus Ex: Game of the Year Edition

Deus Ex: Human Revolution

Diablo II

Diablo III

DivX Setup

Download Manager 2.3.10

Download Updater (AOL LLC)

Dragon Age: Origins

Dragon Age: Origins Character Creator

Dropbox

Dual-Core Optimizer

Dungeon Defenders

Dungeon Siege III

Dwarfs!?

Fallout 3: Game of the Year Edition

Fallout Mod Manager 0.10.2

Fallout: New Vegas

Far Cry 2

Google Chrome

Google Talk (remove only)

Grand Theft Auto IV

Grand Theft Auto: Episodes from Liberty City

Grand Theft Auto: San Andreas

Gratuitous Space Battles

Greed Corp

Grotesque Tactics: Evil Heroes

Half-Life

Half-Life 2

Half-Life 2: Episode One

Half-Life 2: Episode Two

Half-Life 2: Lost Coast

Half-Life: Blue Shift

Half-Life: Opposing Force

HandBrake 0.9.5

Heroes of Might and Magic V

HiJackThis

Hitman: Blood Money

Jamestown

Just Cause 2

King's Bounty: Armored Princess

King's Bounty: Crossworlds

King's Bounty: The Legend

Lara Croft and the Guardian of Light

Left 4 Dead

Left 4 Dead 2

Left 4 Dead 2 Add-on Support

LIMBO

Machinarium

Magicka

Malwarebytes Anti-Malware version 1.61.0.1400

Manhole

Mass Effect 2

Mass Effect™ 3 Demo

Max Payne

Metro 2033

Microsoft Age of Empires II

Microsoft Age of Empires II: The Conquerors Expansion

Microsoft Games for Windows - LIVE Redistributable

Microsoft Games for Windows Marketplace

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft XNA Framework Redistributable 3.1

Microsoft XNA Framework Redistributable 4.0

Monkey Island 2: Special Edition

Morrowind

MotoHelper 2.0.24 Driver 4.7.1

MotoHelper MergeModules

Mozilla Firefox 12.0 (x86 en-US)

Mozilla Maintenance Service

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Multiwinia

Myst Masterpiece

NecroVisioN

NightSky

NVIDIA PhysX

Oddworld: Abe's Oddysee

OpenAL

Opera 11.64

Origin

Osmos

Overlord

Overlord II

Overlord: Raising Hell

Plants vs. Zombies: Game of the Year

Poker Night at the Inventory

Portal

Portal 2

Project64 1.6

Prototype

Psychonauts

PunkBuster Services

QuickTime

Real Myst

Red Faction

Red Orchestra: Ostfront 41-45

Renegade Ops

Riven

S.T.A.L.K.E.R.: Call of Pripyat

S.T.A.L.K.E.R.: Shadow of Chernobyl

Saints Row: The Third

Sanctum

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)

Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition

Serious Sam HD: The First Encounter

Shank

Sid Meier's Civilization IV

Sid Meier's Civilization IV: Beyond the Sword

Sid Meier's Civilization IV: Colonization

Sid Meier's Civilization IV: Warlords

Sid Meier's Civilization V SDK

Sierra Utilities

Skype Toolbars

Skype™ 5.0

Spelunx

Spybot - Search & Destroy

Star Wars: Knights of the Old Republic

Star Wars: The Old Republic

Star Wars®: Knights of the Old Republic

StarCraft

StarCraft II

Steam

Steel Storm: Burning Retribution

Super Meat Boy

Team Fortress 2

Terraria

TES Construction Set

The Binding Of Isaac

The Elder Scrolls V: Skyrim

The Maw

The Misadventures of P.B. Winterbottom

The Witcher 2

The Witcher: Enhanced Edition

Thief - Deadly Shadows Collective Texture Pack by John P., ver. 1.0.3

Thief: Deadly Shadows

Tom Clancy's Splinter Cell: Conviction

Tomb Raider: Anniversary

Torchlight

Total War: SHOGUN 2

Trine

Ubisoft Game Launcher

Unity Web Player

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553385) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Uplink

Uru CC

VC80CRTRedist - 8.0.50727.6195

VLC media player 1.1.6

VVVVVV

Warcraft II BNE

World of Goo

World of Warcraft

World of Warcraft Beta

Xvid Video Codec

.

==== Event Viewer Messages From Past Week ========

.

5/21/2012 2:39:05 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.127.201.0).

5/21/2012 2:38:55 AM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.

5/21/2012 1:06:22 AM, Error: Service Control Manager [7001] - The MBAMService service depends on the MBAMProtector service which failed to start because of the following error: The system cannot find the file specified.

5/21/2012 1:06:22 AM, Error: Service Control Manager [7000] - The MBAMProtector service failed to start due to the following error: The system cannot find the file specified.

5/21/2012 1:03:54 AM, Error: Service Control Manager [7000] - The AODDriver4.1 service failed to start due to the following error: The system cannot find the file specified.

5/20/2012 10:48:51 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer MAC00254BABB618 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{6926F3FE-B937-4B51-A763-336D8ED7B4AE}. The master browser is stopping or an election is being forced.

5/19/2012 9:38:31 AM, Error: Service Control Manager [7034] - The PnkBstrB service terminated unexpectedly. It has done this 1 time(s).

5/19/2012 9:38:27 AM, Error: Service Control Manager [7034] - The PnkBstrA service terminated unexpectedly. It has done this 1 time(s).

5/19/2012 12:54:29 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.

5/19/2012 12:39:59 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

5/19/2012 10:24:48 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

5/19/2012 10:24:48 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

5/19/2012 10:24:48 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

5/19/2012 10:24:47 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

5/19/2012 10:24:47 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

5/19/2012 10:24:46 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

5/19/2012 10:24:40 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

5/19/2012 10:24:32 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL spldr tdx Wanarpv6 WfpLwf ws2ifsl

5/19/2012 10:24:31 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

5/19/2012 10:24:31 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

5/19/2012 10:24:31 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

5/19/2012 10:24:31 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

5/19/2012 10:24:31 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

5/19/2012 10:24:30 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

5/19/2012 10:24:30 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

5/19/2012 10:24:30 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

5/19/2012 10:24:30 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

5/19/2012 10:24:30 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

5/19/2012 1:58:17 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolume2.

5/17/2012 7:48:34 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.125.1854.0).

5/17/2012 10:16:39 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

5/17/2012 10:16:19 AM, Error: Service Control Manager [7034] - The SBSD Security Center Service service terminated unexpectedly. It has done this 1 time(s).

5/17/2012 10:15:33 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

5/17/2012 10:09:39 AM, Error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).

5/17/2012 10:08:08 AM, Error: Service Control Manager [7031] - The MotoHelper Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.

5/14/2012 8:54:22 PM, Error: Tcpip [4199] - The system detected an address conflict for IP address 0.0.0.0 with the system having network hardware address 00-00-00-00-00-00. Network operations on this system may be disrupted as a result.

5/14/2012 8:43:53 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.125.1635.0).

.

==== End Of File ===========================

D-FRED-BROWN · May 21, 2012

Hello lfbprod and welcome to Malwarebytes! :welcome:

I am D-FRED-BROWN and I will be helping you.

Please print or save this topic: it will make it easier for you to follow the instructions and complete all of the necessary steps.

Please note:

ComboFix is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained.

It is intended by its creator to be used under the guidance and supervision of a Malware Removal Expert, not for private use.

Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

With that said, let's see what we can do to help you .

-------------

Please download to your Desktop:

TDSSKiller.zip from here and extract it (right click on it => "Extract here").

>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.

Click on the Start Scan button and wait for the scan and disinfection process to be over.
If an infected file is detected, the default action will be Cure, click on Continue
If a suspicious file is detected, the default action will be Skip, click on Continue
If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

In your next reply, please include the following (you may need to use two posts to get it all in):

TDSSKiller_log.txt

how the PC is running now?

-------------

Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.

Also, please let me know if any problems still remain.

-------------

Please download Security Check by screen317 from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-------------

In your next reply, please include:

TDSSKiller logfile
C:\ComboFix.txt
Security Check checkup.txt

How is your computer running now?

lfbprod · May 21, 2012

HI!

Thanks for your help with this. I really appreciate what you guys are doing.

Here is the TDSkiller log:

15:20:28.0858 5044 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16

15:20:29.0200 5044 ============================================================

15:20:29.0200 5044 Current date / time: 2012/05/21 15:20:29.0200

15:20:29.0200 5044 SystemInfo:

15:20:29.0200 5044

15:20:29.0200 5044 OS Version: 6.1.7600 ServicePack: 0.0

15:20:29.0200 5044 Product type: Workstation

15:20:29.0200 5044 ComputerName: JUPITER

15:20:29.0200 5044 UserName: Charles

15:20:29.0200 5044 Windows directory: C:\Windows

15:20:29.0201 5044 System windows directory: C:\Windows

15:20:29.0201 5044 Running under WOW64

15:20:29.0201 5044 Processor architecture: Intel x64

15:20:29.0201 5044 Number of processors: 3

15:20:29.0201 5044 Page size: 0x1000

15:20:29.0201 5044 Boot type: Normal boot

15:20:29.0201 5044 ============================================================

15:20:30.0723 5044 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1F8B1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040

15:20:30.0732 5044 ============================================================

15:20:30.0732 5044 \Device\Harddisk0\DR0:

15:20:30.0732 5044 MBR partitions:

15:20:30.0733 5044 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

15:20:30.0733 5044 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800

15:20:30.0733 5044 ============================================================

15:20:30.0758 5044 C: <-> \Device\Harddisk0\DR0\Partition1

15:20:30.0758 5044 ============================================================

15:20:30.0758 5044 Initialize success

15:20:30.0758 5044 ============================================================

15:20:45.0722 3976 ============================================================

15:20:45.0722 3976 Scan started

15:20:45.0722 3976 Mode: Manual;

15:20:45.0722 3976 ============================================================

15:20:46.0616 3976 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

15:20:46.0620 3976 !SASCORE - ok

15:20:46.0788 3976 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys

15:20:46.0792 3976 1394ohci - ok

15:20:46.0815 3976 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys

15:20:46.0820 3976 ACPI - ok

15:20:46.0835 3976 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys

15:20:46.0835 3976 AcpiPmi - ok

15:20:46.0980 3976 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

15:20:46.0982 3976 AdobeFlashPlayerUpdateSvc - ok

15:20:47.0021 3976 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

15:20:47.0031 3976 adp94xx - ok

15:20:47.0046 3976 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

15:20:47.0049 3976 adpahci - ok

15:20:47.0081 3976 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

15:20:47.0083 3976 adpu320 - ok

15:20:47.0111 3976 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

15:20:47.0112 3976 AeLookupSvc - ok

15:20:47.0207 3976 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys

15:20:47.0219 3976 AFD - ok

15:20:47.0388 3976 AffinegyService (7e077309910ce334c3b2b7b8665a55c4) C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe

15:20:47.0407 3976 AffinegyService - ok

15:20:47.0421 3976 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys

15:20:47.0423 3976 agp440 - ok

15:20:47.0437 3976 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

15:20:47.0439 3976 ALG - ok

15:20:47.0454 3976 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys

15:20:47.0454 3976 aliide - ok

15:20:47.0506 3976 AMD External Events Utility (20c8a3e435a47f0408a1ea674afa6194) C:\Windows\system32\atiesrxx.exe

15:20:47.0509 3976 AMD External Events Utility - ok

15:20:47.0548 3976 AMD FUEL Service - ok

15:20:47.0554 3976 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys

15:20:47.0556 3976 amdide - ok

15:20:47.0575 3976 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys

15:20:47.0577 3976 amdiox64 - ok

15:20:47.0613 3976 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

15:20:47.0616 3976 AmdK8 - ok

15:20:48.0182 3976 amdkmdag (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys

15:20:48.0370 3976 amdkmdag - ok

15:20:48.0536 3976 amdkmdap (0e57258e5cc4cc7a9a9a877afdf0cec6) C:\Windows\system32\DRIVERS\atikmpag.sys

15:20:48.0542 3976 amdkmdap - ok

15:20:48.0587 3976 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

15:20:48.0589 3976 AmdPPM - ok

15:20:48.0635 3976 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys

15:20:48.0638 3976 amdsata - ok

15:20:48.0664 3976 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

15:20:48.0669 3976 amdsbs - ok

15:20:48.0677 3976 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys

15:20:48.0679 3976 amdxata - ok

15:20:48.0704 3976 AODDriver4.01 (5b25d1a753cc3a3edb909bb759ac1098) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys

15:20:48.0707 3976 AODDriver4.01 - ok

15:20:48.0727 3976 AODDriver4.1 (5b25d1a753cc3a3edb909bb759ac1098) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys

15:20:48.0729 3976 AODDriver4.1 - ok

15:20:48.0757 3976 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys

15:20:48.0759 3976 AppID - ok

15:20:48.0776 3976 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

15:20:48.0777 3976 AppIDSvc - ok

15:20:48.0805 3976 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll

15:20:48.0806 3976 Appinfo - ok

15:20:48.0924 3976 Apple Mobile Device (70d7be78061126dd0c3accdb7e129017) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

15:20:48.0930 3976 Apple Mobile Device - ok

15:20:48.0964 3976 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

15:20:48.0966 3976 arc - ok

15:20:48.0980 3976 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

15:20:48.0982 3976 arcsas - ok

15:20:49.0122 3976 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

15:20:49.0124 3976 aspnet_state - ok

15:20:49.0145 3976 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

15:20:49.0147 3976 AsyncMac - ok

15:20:49.0165 3976 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys

15:20:49.0166 3976 atapi - ok

15:20:49.0197 3976 AtiHDAudioService (24464b908e143d2561e9e452fee97309) C:\Windows\system32\drivers\AtihdW76.sys

15:20:49.0198 3976 AtiHDAudioService - ok

15:20:49.0226 3976 AtiHdmiService (2d648572ba9a610952fcafba1e119c2d) C:\Windows\system32\drivers\AtiHdmi.sys

15:20:49.0228 3976 AtiHdmiService - ok

15:20:49.0663 3976 atikmdag (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys

15:20:49.0714 3976 atikmdag - ok

15:20:49.0768 3976 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll

15:20:49.0774 3976 AudioEndpointBuilder - ok

15:20:49.0780 3976 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll

15:20:49.0783 3976 AudioSrv - ok

15:20:49.0815 3976 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll

15:20:49.0816 3976 AxInstSV - ok

15:20:49.0850 3976 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

15:20:49.0862 3976 b06bdrv - ok

15:20:49.0896 3976 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

15:20:49.0899 3976 b57nd60a - ok

15:20:49.0927 3976 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

15:20:49.0930 3976 BDESVC - ok

15:20:49.0940 3976 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

15:20:49.0941 3976 Beep - ok

15:20:50.0007 3976 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll

15:20:50.0024 3976 BFE - ok

15:20:50.0090 3976 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll

15:20:50.0118 3976 BITS - ok

15:20:50.0134 3976 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

15:20:50.0136 3976 blbdrive - ok

15:20:50.0256 3976 Bonjour Service (673cf4f6bb1fbe09331b526802fbb892) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

15:20:50.0269 3976 Bonjour Service - ok

15:20:50.0325 3976 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys

15:20:50.0328 3976 bowser - ok

15:20:50.0341 3976 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

15:20:50.0342 3976 BrFiltLo - ok

15:20:50.0388 3976 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

15:20:50.0389 3976 BrFiltUp - ok

15:20:50.0420 3976 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys

15:20:50.0424 3976 BridgeMP - ok

15:20:50.0443 3976 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll

15:20:50.0448 3976 Browser - ok

15:20:50.0472 3976 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

15:20:50.0479 3976 Brserid - ok

15:20:50.0529 3976 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

15:20:50.0531 3976 BrSerWdm - ok

15:20:50.0545 3976 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

15:20:50.0547 3976 BrUsbMdm - ok

15:20:50.0554 3976 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

15:20:50.0556 3976 BrUsbSer - ok

15:20:50.0582 3976 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

15:20:50.0583 3976 BTHMODEM - ok

15:20:50.0607 3976 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

15:20:50.0609 3976 bthserv - ok

15:20:50.0778 3976 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

15:20:50.0809 3976 cdfs - ok

15:20:50.0846 3976 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys

15:20:50.0850 3976 cdrom - ok

15:20:50.0875 3976 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll

15:20:50.0877 3976 CertPropSvc - ok

15:20:50.0901 3976 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

15:20:50.0903 3976 circlass - ok

15:20:50.0943 3976 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

15:20:50.0951 3976 CLFS - ok

15:20:50.0998 3976 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

15:20:51.0001 3976 clr_optimization_v2.0.50727_32 - ok

15:20:51.0064 3976 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

15:20:51.0067 3976 clr_optimization_v2.0.50727_64 - ok

15:20:51.0184 3976 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

15:20:51.0188 3976 clr_optimization_v4.0.30319_32 - ok

15:20:51.0259 3976 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

15:20:51.0262 3976 clr_optimization_v4.0.30319_64 - ok

15:20:51.0279 3976 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

15:20:51.0280 3976 CmBatt - ok

15:20:51.0292 3976 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys

15:20:51.0293 3976 cmdide - ok

15:20:51.0350 3976 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys

15:20:51.0357 3976 CNG - ok

15:20:51.0381 3976 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

15:20:51.0382 3976 Compbatt - ok

15:20:51.0405 3976 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys

15:20:51.0406 3976 CompositeBus - ok

15:20:51.0410 3976 COMSysApp - ok

15:20:51.0421 3976 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

15:20:51.0422 3976 crcdisk - ok

15:20:51.0446 3976 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll

15:20:51.0449 3976 CryptSvc - ok

15:20:51.0625 3976 DAUpdaterSvc (914a7156b0c0f10be645a02e13f576b2) c:\program files (x86)\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe

15:20:51.0627 3976 DAUpdaterSvc - ok

15:20:51.0644 3976 dc3d (db0459afd124ce5ccb649e33f95d715f) C:\Windows\system32\DRIVERS\dc3d.sys

15:20:51.0646 3976 dc3d - ok

15:20:51.0704 3976 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll

15:20:51.0738 3976 DcomLaunch - ok

15:20:51.0778 3976 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

15:20:51.0792 3976 defragsvc - ok

15:20:51.0842 3976 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys

15:20:51.0845 3976 DfsC - ok

15:20:51.0882 3976 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll

15:20:51.0896 3976 Dhcp - ok

15:20:51.0913 3976 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

15:20:51.0914 3976 discache - ok

15:20:51.0961 3976 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

15:20:51.0963 3976 Disk - ok

15:20:52.0017 3976 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll

15:20:52.0023 3976 Dnscache - ok

15:20:52.0055 3976 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll

15:20:52.0061 3976 dot3svc - ok

15:20:52.0082 3976 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll

15:20:52.0087 3976 DPS - ok

15:20:52.0112 3976 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

15:20:52.0113 3976 drmkaud - ok

15:20:52.0213 3976 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys

15:20:52.0239 3976 DXGKrnl - ok

15:20:52.0261 3976 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

15:20:52.0263 3976 EapHost - ok

15:20:52.0468 3976 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

15:20:52.0550 3976 ebdrv - ok

15:20:52.0625 3976 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe

15:20:52.0628 3976 EFS - ok

15:20:52.0735 3976 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe

15:20:52.0753 3976 ehRecvr - ok

15:20:52.0791 3976 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

15:20:52.0795 3976 ehSched - ok

15:20:52.0869 3976 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

15:20:52.0883 3976 elxstor - ok

15:20:52.0906 3976 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys

15:20:52.0907 3976 ErrDev - ok

15:20:52.0965 3976 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

15:20:52.0984 3976 EventSystem - ok

15:20:53.0014 3976 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

15:20:53.0019 3976 exfat - ok

15:20:53.0049 3976 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

15:20:53.0054 3976 fastfat - ok

15:20:53.0108 3976 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe

15:20:53.0126 3976 Fax - ok

15:20:53.0163 3976 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

15:20:53.0166 3976 fdc - ok

15:20:53.0187 3976 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

15:20:53.0190 3976 fdPHost - ok

15:20:53.0198 3976 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

15:20:53.0201 3976 FDResPub - ok

15:20:53.0222 3976 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

15:20:53.0225 3976 FileInfo - ok

15:20:53.0240 3976 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

15:20:53.0241 3976 Filetrace - ok

15:20:53.0267 3976 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

15:20:53.0268 3976 flpydisk - ok

15:20:53.0305 3976 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys

15:20:53.0311 3976 FltMgr - ok

15:20:53.0415 3976 FontCache (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll

15:20:53.0436 3976 FontCache - ok

15:20:53.0492 3976 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

15:20:53.0494 3976 FontCache3.0.0.0 - ok

15:20:53.0523 3976 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

15:20:53.0525 3976 FsDepends - ok

15:20:53.0549 3976 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys

15:20:53.0550 3976 Fs_Rec - ok

15:20:53.0602 3976 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys

15:20:53.0607 3976 fvevol - ok

15:20:53.0640 3976 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

15:20:53.0642 3976 gagp30kx - ok

15:20:53.0695 3976 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

15:20:53.0697 3976 GEARAspiWDM - ok

15:20:53.0746 3976 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll

15:20:53.0757 3976 gpsvc - ok

15:20:53.0770 3976 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

15:20:53.0771 3976 hcw85cir - ok

15:20:53.0866 3976 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys

15:20:53.0878 3976 HdAudAddService - ok

15:20:53.0907 3976 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys

15:20:53.0911 3976 HDAudBus - ok

15:20:53.0922 3976 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

15:20:53.0924 3976 HidBatt - ok

15:20:53.0940 3976 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

15:20:53.0943 3976 HidBth - ok

15:20:53.0953 3976 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

15:20:53.0955 3976 HidIr - ok

15:20:53.0963 3976 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll

15:20:53.0964 3976 hidserv - ok

15:20:53.0989 3976 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys

15:20:53.0990 3976 HidUsb - ok

15:20:54.0000 3976 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll

15:20:54.0003 3976 hkmsvc - ok

15:20:54.0016 3976 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll

15:20:54.0020 3976 HomeGroupListener - ok

15:20:54.0050 3976 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll

15:20:54.0054 3976 HomeGroupProvider - ok

15:20:54.0079 3976 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys

15:20:54.0081 3976 HpSAMD - ok

15:20:54.0136 3976 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys

15:20:54.0145 3976 HTTP - ok

15:20:54.0153 3976 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys

15:20:54.0153 3976 hwpolicy - ok

15:20:54.0165 3976 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

15:20:54.0167 3976 i8042prt - ok

15:20:54.0248 3976 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys

15:20:54.0258 3976 iaStorV - ok

15:20:54.0431 3976 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

15:20:54.0433 3976 IDriverT - ok

15:20:54.0505 3976 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

15:20:54.0538 3976 idsvc - ok

15:20:54.0675 3976 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

15:20:54.0677 3976 iirsp - ok

15:20:54.0740 3976 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll

15:20:54.0754 3976 IKEEXT - ok

15:20:54.0769 3976 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys

15:20:54.0770 3976 intelide - ok

15:20:54.0806 3976 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

15:20:54.0807 3976 intelppm - ok

15:20:54.0827 3976 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

15:20:54.0829 3976 IPBusEnum - ok

15:20:54.0836 3976 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys

15:20:54.0837 3976 IpFilterDriver - ok

15:20:54.0868 3976 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll

15:20:54.0875 3976 iphlpsvc - ok

15:20:54.0894 3976 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys

15:20:54.0896 3976 IPMIDRV - ok

15:20:54.0915 3976 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

15:20:54.0917 3976 IPNAT - ok

15:20:55.0039 3976 iPod Service (f0eac938ecc1b2764d04ce16f8627e56) C:\Program Files\iPod\bin\iPodService.exe

15:20:55.0064 3976 iPod Service - ok

15:20:55.0077 3976 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

15:20:55.0079 3976 IRENUM - ok

15:20:55.0098 3976 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys

15:20:55.0100 3976 isapnp - ok

15:20:55.0129 3976 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys

15:20:55.0134 3976 iScsiPrt - ok

15:20:55.0158 3976 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

15:20:55.0161 3976 kbdclass - ok

15:20:55.0177 3976 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys

15:20:55.0179 3976 kbdhid - ok

15:20:55.0217 3976 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe

15:20:55.0220 3976 KeyIso - ok

15:20:55.0243 3976 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys

15:20:55.0246 3976 KSecDD - ok

15:20:55.0266 3976 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys

15:20:55.0270 3976 KSecPkg - ok

15:20:55.0284 3976 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

15:20:55.0285 3976 ksthunk - ok

15:20:55.0324 3976 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

15:20:55.0339 3976 KtmRm - ok

15:20:55.0423 3976 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\System32\srvsvc.dll

15:20:55.0440 3976 LanmanServer - ok

15:20:55.0476 3976 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll

15:20:55.0482 3976 LanmanWorkstation - ok

15:20:55.0503 3976 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

15:20:55.0505 3976 lltdio - ok

15:20:55.0538 3976 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

15:20:55.0543 3976 lltdsvc - ok

15:20:55.0557 3976 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

15:20:55.0559 3976 lmhosts - ok

15:20:55.0588 3976 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

15:20:55.0590 3976 LSI_FC - ok

15:20:55.0598 3976 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

15:20:55.0600 3976 LSI_SAS - ok

15:20:55.0618 3976 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

15:20:55.0620 3976 LSI_SAS2 - ok

15:20:55.0642 3976 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

15:20:55.0644 3976 LSI_SCSI - ok

15:20:55.0667 3976 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

15:20:55.0669 3976 luafv - ok

15:20:55.0697 3976 MBAMProtector - ok

15:20:55.0838 3976 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

15:20:55.0862 3976 MBAMService - ok

15:20:55.0900 3976 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll

15:20:55.0904 3976 Mcx2Svc - ok

15:20:55.0918 3976 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

15:20:55.0920 3976 megasas - ok

15:20:55.0959 3976 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

15:20:55.0965 3976 MegaSR - ok

15:20:56.0063 3976 Microsoft SharePoint Workspace Audit Service - ok

15:20:56.0107 3976 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

15:20:56.0110 3976 MMCSS - ok

15:20:56.0126 3976 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

15:20:56.0128 3976 Modem - ok

15:20:56.0141 3976 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

15:20:56.0143 3976 monitor - ok

15:20:56.0216 3976 MotioninJoyXFilter (16f9f464da6e02a020bce626c56a1797) C:\Windows\system32\DRIVERS\MijXfilt.sys

15:20:56.0220 3976 MotioninJoyXFilter - ok

15:20:56.0314 3976 MotoHelper (36ac4deceae4226a5b5dd038c49658e1) C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe

15:20:56.0319 3976 MotoHelper - ok

15:20:56.0344 3976 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

15:20:56.0346 3976 mouclass - ok

15:20:56.0365 3976 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

15:20:56.0367 3976 mouhid - ok

15:20:56.0384 3976 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys

15:20:56.0387 3976 mountmgr - ok

15:20:56.0471 3976 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

15:20:56.0475 3976 MozillaMaintenance - ok

15:20:56.0512 3976 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys

15:20:56.0517 3976 mpio - ok

15:20:56.0551 3976 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

15:20:56.0554 3976 mpsdrv - ok

15:20:56.0635 3976 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll

15:20:56.0695 3976 MpsSvc - ok

15:20:56.0712 3976 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys

15:20:56.0716 3976 MRxDAV - ok

15:20:56.0753 3976 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys

15:20:56.0756 3976 mrxsmb - ok

15:20:56.0831 3976 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys

15:20:56.0846 3976 mrxsmb10 - ok

15:20:56.0899 3976 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys

15:20:56.0903 3976 mrxsmb20 - ok

15:20:56.0932 3976 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys

15:20:56.0934 3976 msahci - ok

15:20:56.0949 3976 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys

15:20:56.0953 3976 msdsm - ok

15:20:56.0999 3976 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

15:20:57.0005 3976 MSDTC - ok

15:20:57.0033 3976 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

15:20:57.0035 3976 Msfs - ok

15:20:57.0044 3976 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

15:20:57.0046 3976 mshidkmdf - ok

15:20:57.0061 3976 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys

15:20:57.0063 3976 msisadrv - ok

15:20:57.0113 3976 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

15:20:57.0119 3976 MSiSCSI - ok

15:20:57.0125 3976 msiserver - ok

15:20:57.0162 3976 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

15:20:57.0164 3976 MSKSSRV - ok

15:20:57.0179 3976 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

15:20:57.0180 3976 MSPCLOCK - ok

15:20:57.0196 3976 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

15:20:57.0198 3976 MSPQM - ok

15:20:57.0237 3976 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys

15:20:57.0252 3976 MsRPC - ok

15:20:57.0271 3976 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys

15:20:57.0273 3976 mssmbios - ok

15:20:57.0280 3976 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

15:20:57.0282 3976 MSTEE - ok

15:20:57.0306 3976 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

15:20:57.0307 3976 MTConfig - ok

15:20:57.0335 3976 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

15:20:57.0336 3976 Mup - ok

15:20:57.0373 3976 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll

15:20:57.0381 3976 napagent - ok

15:20:57.0424 3976 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

15:20:57.0428 3976 NativeWifiP - ok

15:20:57.0483 3976 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys

15:20:57.0494 3976 NDIS - ok

15:20:57.0516 3976 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

15:20:57.0517 3976 NdisCap - ok

15:20:57.0521 3976 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

15:20:57.0522 3976 NdisTapi - ok

15:20:57.0541 3976 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys

15:20:57.0542 3976 Ndisuio - ok

15:20:57.0559 3976 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys

15:20:57.0561 3976 NdisWan - ok

15:20:57.0576 3976 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys

15:20:57.0577 3976 NDProxy - ok

15:20:57.0585 3976 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

15:20:57.0586 3976 NetBIOS - ok

15:20:57.0608 3976 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys

15:20:57.0611 3976 NetBT - ok

15:20:57.0622 3976 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe

15:20:57.0623 3976 Netlogon - ok

15:20:57.0667 3976 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

15:20:57.0672 3976 Netman - ok

15:20:57.0759 3976 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

15:20:57.0763 3976 NetMsmqActivator - ok

15:20:57.0771 3976 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

15:20:57.0774 3976 NetPipeActivator - ok

15:20:57.0826 3976 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

15:20:57.0839 3976 netprofm - ok

15:20:57.0847 3976 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

15:20:57.0850 3976 NetTcpActivator - ok

15:20:57.0860 3976 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

15:20:57.0862 3976 NetTcpPortSharing - ok

15:20:57.0885 3976 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

15:20:57.0886 3976 nfrd960 - ok

15:20:57.0916 3976 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll

15:20:57.0921 3976 NlaSvc - ok

15:20:57.0935 3976 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

15:20:57.0936 3976 Npfs - ok

15:20:57.0945 3976 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

15:20:57.0946 3976 nsi - ok

15:20:57.0952 3976 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

15:20:57.0953 3976 nsiproxy - ok

15:20:58.0083 3976 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys

15:20:58.0109 3976 Ntfs - ok

15:20:58.0178 3976 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

15:20:58.0179 3976 Null - ok

15:20:58.0240 3976 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys

15:20:58.0244 3976 nvraid - ok

15:20:58.0290 3976 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys

15:20:58.0295 3976 nvstor - ok

15:20:58.0331 3976 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys

15:20:58.0335 3976 nv_agp - ok

15:20:58.0374 3976 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys

15:20:58.0377 3976 ohci1394 - ok

15:20:58.0472 3976 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

15:20:58.0477 3976 ose - ok

15:20:58.0826 3976 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

15:20:58.0901 3976 osppsvc - ok

15:20:58.0957 3976 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

15:20:58.0961 3976 p2pimsvc - ok

15:20:58.0988 3976 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

15:20:58.0999 3976 p2psvc - ok

15:20:59.0015 3976 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

15:20:59.0016 3976 Parport - ok

15:20:59.0058 3976 partmgr (90061b1acfe8ccaa5345750ffe08d8b8) C:\Windows\system32\drivers\partmgr.sys

15:20:59.0059 3976 partmgr - ok

15:20:59.0078 3976 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

15:20:59.0085 3976 PcaSvc - ok

15:20:59.0104 3976 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys

15:20:59.0107 3976 pci - ok

15:20:59.0117 3976 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys

15:20:59.0118 3976 pciide - ok

15:20:59.0130 3976 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

15:20:59.0133 3976 pcmcia - ok

15:20:59.0147 3976 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

15:20:59.0148 3976 pcw - ok

15:20:59.0186 3976 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

15:20:59.0201 3976 PEAUTH - ok

15:20:59.0274 3976 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

15:20:59.0277 3976 PerfHost - ok

15:20:59.0379 3976 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll

15:20:59.0411 3976 pla - ok

15:20:59.0482 3976 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll

15:20:59.0494 3976 PlugPlay - ok

15:20:59.0516 3976 PnkBstrA - ok

15:20:59.0527 3976 PnkBstrB - ok

15:20:59.0543 3976 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

15:20:59.0545 3976 PNRPAutoReg - ok

15:20:59.0563 3976 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

15:20:59.0567 3976 PNRPsvc - ok

15:20:59.0594 3976 Point64 (a6d06378f37bdba0c0019294c2aabbd0) C:\Windows\system32\DRIVERS\point64k.sys

15:20:59.0596 3976 Point64 - ok

15:20:59.0639 3976 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll

15:20:59.0648 3976 PolicyAgent - ok

15:20:59.0686 3976 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

15:20:59.0690 3976 Power - ok

15:20:59.0708 3976 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys

15:20:59.0710 3976 PptpMiniport - ok

15:20:59.0730 3976 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

15:20:59.0732 3976 Processor - ok

15:20:59.0765 3976 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll

15:20:59.0769 3976 ProfSvc - ok

15:20:59.0791 3976 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe

15:20:59.0793 3976 ProtectedStorage - ok

15:20:59.0825 3976 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys

15:20:59.0827 3976 Psched - ok

15:20:59.0902 3976 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

15:20:59.0926 3976 ql2300 - ok

15:20:59.0967 3976 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

15:20:59.0969 3976 ql40xx - ok

15:21:00.0003 3976 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

15:21:00.0007 3976 QWAVE - ok

15:21:00.0018 3976 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

15:21:00.0019 3976 QWAVEdrv - ok

15:21:00.0030 3976 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

15:21:00.0031 3976 RasAcd - ok

15:21:00.0052 3976 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

15:21:00.0053 3976 RasAgileVpn - ok

15:21:00.0067 3976 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

15:21:00.0070 3976 RasAuto - ok

15:21:00.0084 3976 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys

15:21:00.0086 3976 Rasl2tp - ok

15:21:00.0132 3976 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll

15:21:00.0137 3976 RasMan - ok

15:21:00.0152 3976 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

15:21:00.0154 3976 RasPppoe - ok

15:21:00.0176 3976 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

15:21:00.0178 3976 RasSstp - ok

15:21:00.0204 3976 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys

15:21:00.0208 3976 rdbss - ok

15:21:00.0218 3976 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

15:21:00.0219 3976 rdpbus - ok

15:21:00.0229 3976 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

15:21:00.0230 3976 RDPCDD - ok

15:21:00.0246 3976 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

15:21:00.0247 3976 RDPENCDD - ok

15:21:00.0260 3976 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

15:21:00.0261 3976 RDPREFMP - ok

15:21:00.0305 3976 RDPWD (074ac702d8b8b660b0e1371555995386) C:\Windows\system32\drivers\RDPWD.sys

15:21:00.0308 3976 RDPWD - ok

15:21:00.0333 3976 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys

15:21:00.0337 3976 rdyboost - ok

15:21:00.0362 3976 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

15:21:00.0364 3976 RemoteAccess - ok

15:21:00.0380 3976 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

15:21:00.0384 3976 RemoteRegistry - ok

15:21:00.0395 3976 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

15:21:00.0397 3976 RpcEptMapper - ok

15:21:00.0409 3976 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

15:21:00.0411 3976 RpcLocator - ok

15:21:00.0440 3976 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll

15:21:00.0445 3976 RpcSs - ok

15:21:00.0485 3976 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

15:21:00.0487 3976 rspndr - ok

15:21:00.0517 3976 RTL8167 (baefee35d27a5440d35092ce10267bec) C:\Windows\system32\DRIVERS\Rt64win7.sys

15:21:00.0520 3976 RTL8167 - ok

15:21:00.0525 3976 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe

15:21:00.0527 3976 SamSs - ok

15:21:00.0590 3976 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS

15:21:00.0592 3976 SASDIFSV - ok

15:21:00.0620 3976 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS

15:21:00.0622 3976 SASKUTIL - ok

15:21:00.0634 3976 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys

15:21:00.0638 3976 sbp2port - ok

15:21:00.0778 3976 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

15:21:00.0804 3976 SBSDWSCService - ok

15:21:00.0827 3976 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

15:21:00.0833 3976 SCardSvr - ok

15:21:00.0864 3976 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys

15:21:00.0865 3976 scfilter - ok

15:21:00.0980 3976 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll

15:21:01.0000 3976 Schedule - ok

15:21:01.0031 3976 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll

15:21:01.0032 3976 SCPolicySvc - ok

15:21:01.0046 3976 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll

15:21:01.0050 3976 SDRSVC - ok

15:21:01.0065 3976 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

15:21:01.0066 3976 secdrv - ok

15:21:01.0081 3976 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll

15:21:01.0083 3976 seclogon - ok

15:21:01.0092 3976 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll

15:21:01.0095 3976 SENS - ok

15:21:01.0103 3976 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

15:21:01.0105 3976 SensrSvc - ok

15:21:01.0130 3976 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

15:21:01.0131 3976 Serenum - ok

15:21:01.0147 3976 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

15:21:01.0149 3976 Serial - ok

15:21:01.0166 3976 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

15:21:01.0168 3976 sermouse - ok

15:21:01.0196 3976 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll

15:21:01.0199 3976 SessionEnv - ok

15:21:01.0217 3976 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys

15:21:01.0218 3976 sffdisk - ok

15:21:01.0232 3976 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys

15:21:01.0233 3976 sffp_mmc - ok

15:21:01.0237 3976 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys

15:21:01.0238 3976 sffp_sd - ok

15:21:01.0249 3976 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

15:21:01.0250 3976 sfloppy - ok

15:21:01.0287 3976 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

15:21:01.0292 3976 SharedAccess - ok

15:21:01.0321 3976 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll

15:21:01.0334 3976 ShellHWDetection - ok

15:21:01.0347 3976 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

15:21:01.0348 3976 SiSRaid2 - ok

15:21:01.0363 3976 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

15:21:01.0365 3976 SiSRaid4 - ok

15:21:01.0383 3976 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

15:21:01.0385 3976 Smb - ok

15:21:01.0394 3976 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

15:21:01.0396 3976 SNMPTRAP - ok

15:21:01.0401 3976 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

15:21:01.0402 3976 spldr - ok

15:21:01.0474 3976 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe

15:21:01.0499 3976 Spooler - ok

15:21:01.0706 3976 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe

15:21:01.0796 3976 sppsvc - ok

15:21:01.0873 3976 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

15:21:01.0878 3976 sppuinotify - ok

15:21:01.0952 3976 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys

15:21:01.0985 3976 srv - ok

15:21:02.0023 3976 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys

15:21:02.0041 3976 srv2 - ok

15:21:02.0093 3976 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys

15:21:02.0098 3976 srvnet - ok

15:21:02.0131 3976 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

15:21:02.0139 3976 SSDPSRV - ok

15:21:02.0153 3976 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

15:21:02.0158 3976 SstpSvc - ok

15:21:02.0206 3976 Steam Client Service - ok

15:21:02.0229 3976 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

15:21:02.0231 3976 stexstor - ok

15:21:02.0304 3976 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll

15:21:02.0319 3976 stisvc - ok

15:21:02.0327 3976 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys

15:21:02.0328 3976 swenum - ok

15:21:02.0377 3976 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

15:21:02.0404 3976 swprv - ok

15:21:02.0486 3976 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll

15:21:02.0512 3976 SysMain - ok

15:21:02.0555 3976 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll

15:21:02.0558 3976 TabletInputService - ok

15:21:02.0574 3976 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll

15:21:02.0580 3976 TapiSrv - ok

15:21:02.0595 3976 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

15:21:02.0597 3976 TBS - ok

15:21:02.0741 3976 Tcpip (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\drivers\tcpip.sys

15:21:02.0765 3976 Tcpip - ok

15:21:02.0875 3976 TCPIP6 (624c5b3aa4c99b3184bb922d9ece3ff0) C:\Windows\system32\DRIVERS\tcpip.sys

15:21:02.0888 3976 TCPIP6 - ok

15:21:02.0921 3976 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys

15:21:02.0922 3976 tcpipreg - ok

15:21:02.0939 3976 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

15:21:02.0940 3976 TDPIPE - ok

15:21:02.0997 3976 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys

15:21:02.0999 3976 TDTCP - ok

15:21:03.0038 3976 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys

15:21:03.0041 3976 tdx - ok

15:21:03.0055 3976 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys

15:21:03.0057 3976 TermDD - ok

15:21:03.0110 3976 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll

15:21:03.0129 3976 TermService - ok

15:21:03.0138 3976 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

15:21:03.0141 3976 Themes - ok

15:21:03.0155 3976 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

15:21:03.0157 3976 THREADORDER - ok

15:21:03.0170 3976 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

15:21:03.0173 3976 TrkWks - ok

15:21:03.0208 3976 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe

15:21:03.0211 3976 TrustedInstaller - ok

15:21:03.0223 3976 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys

15:21:03.0224 3976 tssecsrv - ok

15:21:03.0247 3976 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys

15:21:03.0250 3976 tunnel - ok

15:21:03.0272 3976 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

15:21:03.0273 3976 uagp35 - ok

15:21:03.0302 3976 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys

15:21:03.0306 3976 udfs - ok

15:21:03.0317 3976 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

15:21:03.0319 3976 UI0Detect - ok

15:21:03.0336 3976 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys

15:21:03.0338 3976 uliagpkx - ok

15:21:03.0364 3976 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys

15:21:03.0365 3976 umbus - ok

15:21:03.0389 3976 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

15:21:03.0390 3976 UmPass - ok

15:21:03.0442 3976 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

15:21:03.0462 3976 upnphost - ok

15:21:03.0518 3976 USBAAPL64 (cd03479f2da26500b203ed075c146a7a) C:\Windows\system32\Drivers\usbaapl64.sys

15:21:03.0520 3976 USBAAPL64 - ok

15:21:03.0591 3976 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys

15:21:03.0594 3976 usbaudio - ok

15:21:03.0638 3976 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys

15:21:03.0642 3976 usbccgp - ok

15:21:03.0687 3976 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys

15:21:03.0690 3976 usbcir - ok

15:21:03.0740 3976 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys

15:21:03.0743 3976 usbehci - ok

15:21:03.0774 3976 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys

15:21:03.0781 3976 usbhub - ok

15:21:03.0797 3976 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\DRIVERS\usbohci.sys

15:21:03.0799 3976 usbohci - ok

15:21:03.0811 3976 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

15:21:03.0812 3976 usbprint - ok

15:21:03.0878 3976 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

15:21:03.0880 3976 usbscan - ok

15:21:03.0933 3976 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS

15:21:03.0935 3976 USBSTOR - ok

15:21:03.0949 3976 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys

15:21:03.0950 3976 usbuhci - ok

15:21:03.0972 3976 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

15:21:03.0974 3976 UxSms - ok

15:21:04.0000 3976 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe

15:21:04.0001 3976 VaultSvc - ok

15:21:04.0015 3976 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys

15:21:04.0017 3976 vdrvroot - ok

15:21:04.0060 3976 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe

15:21:04.0070 3976 vds - ok

15:21:04.0079 3976 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

15:21:04.0080 3976 vga - ok

15:21:04.0094 3976 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

15:21:04.0095 3976 VgaSave - ok

15:21:04.0118 3976 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys

15:21:04.0122 3976 vhdmp - ok

15:21:04.0133 3976 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys

15:21:04.0134 3976 viaide - ok

15:21:04.0150 3976 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys

15:21:04.0152 3976 volmgr - ok

15:21:04.0177 3976 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys

15:21:04.0181 3976 volmgrx - ok

15:21:04.0209 3976 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys

15:21:04.0213 3976 volsnap - ok

15:21:04.0234 3976 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

15:21:04.0237 3976 vsmraid - ok

15:21:04.0313 3976 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe

15:21:04.0343 3976 VSS - ok

15:21:04.0437 3976 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys

15:21:04.0439 3976 vwifibus - ok

15:21:04.0474 3976 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

15:21:04.0486 3976 W32Time - ok

15:21:04.0497 3976 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

15:21:04.0498 3976 WacomPen - ok

15:21:04.0526 3976 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

15:21:04.0528 3976 WANARP - ok

15:21:04.0532 3976 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys

15:21:04.0533 3976 Wanarpv6 - ok

15:21:04.0642 3976 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

15:21:04.0675 3976 WatAdminSvc - ok

15:21:04.0790 3976 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe

15:21:04.0828 3976 wbengine - ok

15:21:04.0889 3976 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

15:21:04.0898 3976 WbioSrvc - ok

15:21:04.0963 3976 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll

15:21:04.0973 3976 wcncsvc - ok

15:21:04.0992 3976 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

15:21:04.0997 3976 WcsPlugInService - ok

15:21:05.0024 3976 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

15:21:05.0026 3976 Wd - ok

15:21:05.0091 3976 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

15:21:05.0105 3976 Wdf01000 - ok

15:21:05.0117 3976 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

15:21:05.0121 3976 WdiServiceHost - ok

15:21:05.0125 3976 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

15:21:05.0127 3976 WdiSystemHost - ok

15:21:05.0201 3976 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll

15:21:05.0218 3976 WebClient - ok

15:21:05.0247 3976 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

15:21:05.0263 3976 Wecsvc - ok

15:21:05.0284 3976 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

15:21:05.0290 3976 wercplsupport - ok

15:21:05.0313 3976 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

15:21:05.0318 3976 WerSvc - ok

15:21:05.0335 3976 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

15:21:05.0336 3976 WfpLwf - ok

15:21:05.0356 3976 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

15:21:05.0358 3976 WIMMount - ok

15:21:05.0386 3976 WinDefend - ok

15:21:05.0396 3976 WinHttpAutoProxySvc - ok

15:21:05.0454 3976 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

15:21:05.0460 3976 Winmgmt - ok

15:21:05.0600 3976 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll

15:21:05.0648 3976 WinRM - ok

15:21:05.0743 3976 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys

15:21:05.0745 3976 WinUsb - ok

15:21:05.0809 3976 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

15:21:05.0824 3976 Wlansvc - ok

15:21:06.0048 3976 wlidsvc (98f138897ef4246381d197cb81846d62) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

15:21:06.0079 3976 wlidsvc - ok

15:21:06.0124 3976 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys

15:21:06.0125 3976 WmiAcpi - ok

15:21:06.0152 3976 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

15:21:06.0155 3976 wmiApSrv - ok

15:21:06.0167 3976 WMPNetworkSvc - ok

15:21:06.0178 3976 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

15:21:06.0180 3976 WPCSvc - ok

15:21:06.0198 3976 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll

15:21:06.0201 3976 WPDBusEnum - ok

15:21:06.0214 3976 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

15:21:06.0215 3976 ws2ifsl - ok

15:21:06.0255 3976 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\system32\wscsvc.dll

15:21:06.0259 3976 wscsvc - ok

15:21:06.0262 3976 WSearch - ok

15:21:06.0376 3976 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll

15:21:06.0444 3976 wuauserv - ok

15:21:06.0486 3976 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys

15:21:06.0488 3976 WudfPf - ok

15:21:06.0513 3976 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys

15:21:06.0516 3976 WUDFRd - ok

15:21:06.0533 3976 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll

15:21:06.0535 3976 wudfsvc - ok

15:21:06.0554 3976 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

15:21:06.0559 3976 WwanSvc - ok

15:21:06.0585 3976 xusb21 (2c6bc21b2d5b58d8b1d638c1704cb494) C:\Windows\system32\DRIVERS\xusb21.sys

15:21:06.0586 3976 xusb21 - ok

15:21:06.0631 3976 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

15:21:06.0661 3976 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - infected

15:21:06.0661 3976 \Device\Harddisk0\DR0 - detected Rootkit.Boot.SST.b (0)

15:21:06.0688 3976 Boot (0x1200) (e3b5fe408a227d5c112d3f41414e0f28) \Device\Harddisk0\DR0\Partition0

15:21:06.0690 3976 \Device\Harddisk0\DR0\Partition0 - ok

15:21:06.0704 3976 Boot (0x1200) (f0f125b89bdd584e682ebc2362a88431) \Device\Harddisk0\DR0\Partition1

15:21:06.0706 3976 \Device\Harddisk0\DR0\Partition1 - ok

15:21:06.0707 3976 ============================================================

15:21:06.0707 3976 Scan finished

15:21:06.0707 3976 ============================================================

15:21:06.0732 3288 Detected object count: 1

15:21:06.0732 3288 Actual detected object count: 1

15:21:18.0246 3288 \Device\Harddisk0\DR0\# - copied to quarantine

15:21:18.0246 3288 \Device\Harddisk0\DR0 - copied to quarantine

15:21:18.0266 3288 \Device\Harddisk0\DR0\TDLFS\mbr - copied to quarantine

15:21:18.0266 3288 \Device\Harddisk0\DR0\TDLFS\vbr - copied to quarantine

15:21:18.0267 3288 \Device\Harddisk0\DR0\TDLFS\bid - copied to quarantine

15:21:18.0268 3288 \Device\Harddisk0\DR0\TDLFS\affid - copied to quarantine

15:21:18.0268 3288 \Device\Harddisk0\DR0\TDLFS\boot - copied to quarantine

15:21:18.0270 3288 \Device\Harddisk0\DR0\TDLFS\cmd32 - copied to quarantine

15:21:18.0271 3288 \Device\Harddisk0\DR0\TDLFS\cmd64 - copied to quarantine

15:21:18.0273 3288 \Device\Harddisk0\DR0\TDLFS\dbg32 - copied to quarantine

15:21:18.0274 3288 \Device\Harddisk0\DR0\TDLFS\dbg64 - copied to quarantine

15:21:18.0276 3288 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine

15:21:18.0277 3288 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine

15:21:18.0278 3288 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine

15:21:18.0279 3288 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine

15:21:18.0280 3288 \Device\Harddisk0\DR0\TDLFS\subid - copied to quarantine

15:21:18.0281 3288 \Device\Harddisk0\DR0\TDLFS\info - copied to quarantine

15:21:18.0281 3288 \Device\Harddisk0\DR0\TDLFS\mainfb.script - copied to quarantine

15:21:18.0287 3288 \Device\Harddisk0\DR0\TDLFS\com64 - copied to quarantine

15:21:18.0576 3288 \Device\Harddisk0\DR0\TDLFS\sant64 - copied to quarantine

15:21:18.0618 3288 \Device\Harddisk0\DR0\TDLFS\serf_conf - copied to quarantine

15:21:18.0619 3288 \Device\Harddisk0\DR0\TDLFS\time.txt - copied to quarantine

15:21:18.0628 3288 \Device\Harddisk0\DR0\TDLFS\serf332 - copied to quarantine

15:21:18.0698 3288 \Device\Harddisk0\DR0\TDLFS\serf364 - copied to quarantine

15:21:18.0706 3288 \Device\Harddisk0\DR0\TDLFS\bbr232 - copied to quarantine

15:21:18.0715 3288 \Device\Harddisk0\DR0\TDLFS\bbr264 - copied to quarantine

15:21:18.0718 3288 \Device\Harddisk0\DR0\TDLFS\main - copied to quarantine

15:21:18.0944 3288 \Device\Harddisk0\DR0\TDLFS\bbr_conf - copied to quarantine

15:21:18.0947 3288 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - will be cured on reboot

15:21:18.0947 3288 \Device\Harddisk0\DR0 - ok

15:21:19.0049 3288 \Device\Harddisk0\DR0 ( Rootkit.Boot.SST.b ) - User select action: Cure

15:21:26.0131 2924 Deinitialize success

I'll post the other two logs in the next reply

lfbprod · May 21, 2012

Combofix Log:

ComboFix 12-05-21.05 - Charles 05/21/2012 15:28:47.1.3 - x64

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4094.2619 [GMT -5:00]

Running from: c:\users\Charles\Desktop\ComboFix.exe

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\users\Charles\AppData\Local\Temp\1.tmp\F_IN_BOX.dll

c:\users\Charles\AppData\Roaming\Love

c:\users\Charles\AppData\Roaming\Love\mari0\options.txt

c:\windows\system32\drivers\etc\lmhosts

.

((((((((((((((((((((((((( Files Created from 2012-04-21 to 2012-05-21 )))))))))))))))))))))))))))))))

.

2012-05-21 20:40 . 2012-05-21 20:40 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-05-21 20:40 . 2012-05-21 20:40 -------- d-----w- c:\users\Meghan\AppData\Local\temp

2012-05-21 20:21 . 2012-05-21 20:21 -------- d-----w- C:\TDSSKiller_Quarantine

2012-05-21 14:45 . 2012-05-21 14:45 388096 ----a-r- c:\users\Charles\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2012-05-21 14:45 . 2012-05-21 14:45 -------- d-----w- c:\program files (x86)\Trend Micro

2012-05-20 17:02 . 2012-05-20 17:02 -------- d-----w- c:\users\Charles\AppData\Roaming\Malwarebytes

2012-05-20 17:02 . 2012-05-20 17:04 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-05-20 17:02 . 2012-05-20 17:02 -------- d-----w- c:\programdata\Malwarebytes

2012-05-14 22:59 . 2012-05-14 23:41 -------- d-----w- c:\program files (x86)\Diablo III

2012-05-10 03:00 . 2012-03-03 06:29 1541120 ----a-w- c:\windows\system32\DWrite.dll

2012-05-10 03:00 . 2012-03-03 06:29 320512 ----a-w- c:\windows\system32\d3d10_1core.dll

2012-05-10 03:00 . 2012-03-03 06:29 1837568 ----a-w- c:\windows\system32\d3d10warp.dll

2012-05-10 03:00 . 2012-03-03 06:29 902656 ----a-w- c:\windows\system32\d2d1.dll

2012-05-10 03:00 . 2012-03-03 05:40 1074176 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-05-10 03:00 . 2012-03-03 05:40 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll

2012-05-10 03:00 . 2012-03-03 05:40 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll

2012-05-10 03:00 . 2012-03-03 06:29 197120 ----a-w- c:\windows\system32\d3d10_1.dll

2012-05-10 03:00 . 2012-03-03 05:40 739840 ----a-w- c:\windows\SysWow64\d2d1.dll

2012-05-10 03:00 . 2012-03-03 05:40 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll

2012-05-10 02:58 . 2012-04-02 05:34 5504880 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-10 02:58 . 2012-04-02 04:46 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-05-10 02:58 . 2012-04-02 03:01 3143680 ----a-w- c:\windows\system32\win32k.sys

2012-05-10 02:58 . 2012-04-02 04:46 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-05-10 02:58 . 2012-03-17 07:55 75632 ----a-w- c:\windows\system32\drivers\partmgr.sys

2012-05-10 02:57 . 2012-03-30 11:09 1895280 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-05-10 02:57 . 2012-04-02 05:26 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL

2012-05-10 02:57 . 2012-04-02 05:24 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll

2012-05-10 02:57 . 2012-04-02 05:24 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll

2012-05-10 02:57 . 2012-04-02 05:24 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll

2012-05-10 02:57 . 2012-04-02 04:40 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll

2012-04-30 01:23 . 2012-05-02 11:52 -------- d-----w- C:\d15553b11f55ce4c283f

2012-04-28 02:01 . 2012-04-28 02:01 -------- d-----w- c:\programdata\ATI

2012-04-28 02:00 . 2012-04-28 02:00 -------- d-----w- c:\program files (x86)\AMD AVT

2012-04-28 02:00 . 2012-04-28 02:00 -------- d-----w- c:\program files (x86)\AMD APP

2012-04-28 01:52 . 2012-04-28 01:52 -------- d-----w- C:\AMD

2012-04-26 12:48 . 2012-04-26 12:48 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service

2012-04-26 12:48 . 2012-04-26 12:48 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe

2012-04-26 12:48 . 2012-04-26 12:48 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe

2012-04-24 14:03 . 2012-04-24 14:03 -------- d-----w- c:\program files\AMD

2012-04-24 13:53 . 2012-04-06 01:23 7431680 ----a-w- c:\windows\system32\atiumd64.dll

2012-04-24 13:49 . 2012-04-06 01:34 4731904 ----a-w- c:\windows\system32\atiumd6a.dll

2012-04-24 08:48 . 2012-04-13 08:46 8917360 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2584F2DB-DA7E-4D31-B435-45CB3B597A83}\mpengine.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-05 16:05 . 2012-04-06 15:54 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-05-05 16:05 . 2011-06-02 14:09 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-05 16:05 . 2012-04-06 16:05 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe

2012-04-06 05:22 . 2012-04-06 05:22 11174400 ----a-w- c:\windows\system32\drivers\atikmdag.sys

2012-04-06 03:34 . 2012-04-06 03:34 187392 ----a-w- c:\windows\system32\clinfo.exe

2012-04-06 03:34 . 2012-04-06 03:34 74752 ----a-w- c:\windows\system32\OpenVideo64.dll

2012-04-06 03:34 . 2012-04-06 03:34 64512 ----a-w- c:\windows\SysWow64\OpenVideo.dll

2012-04-06 03:33 . 2012-04-06 03:33 63488 ----a-w- c:\windows\system32\OVDecode64.dll

2012-04-06 03:33 . 2012-04-06 03:33 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll

2012-04-06 03:33 . 2012-04-06 03:33 16457216 ----a-w- c:\windows\system32\amdocl64.dll

2012-04-06 03:32 . 2012-04-06 03:32 13007872 ----a-w- c:\windows\SysWow64\amdocl.dll

2012-04-06 02:22 . 2012-04-06 02:22 159744 ----a-w- c:\windows\system32\atiapfxx.exe

2012-04-06 02:21 . 2011-04-20 02:09 909312 ----a-w- c:\windows\SysWow64\aticfx32.dll

2012-04-06 02:20 . 2010-05-27 17:02 1067520 ----a-w- c:\windows\system32\aticfx64.dll

2012-04-06 02:16 . 2012-04-06 02:16 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll

2012-04-06 02:16 . 2012-04-06 02:16 503808 ----a-w- c:\windows\system32\atieclxx.exe

2012-04-06 02:16 . 2012-04-06 02:16 236544 ----a-w- c:\windows\system32\atiesrxx.exe

2012-04-06 02:14 . 2012-04-06 02:14 120320 ----a-w- c:\windows\system32\atitmm64.dll

2012-04-06 02:14 . 2012-04-06 02:14 21504 ----a-w- c:\windows\system32\atimuixx.dll

2012-04-06 02:14 . 2012-04-06 02:14 59392 ----a-w- c:\windows\system32\atiedu64.dll

2012-04-06 02:14 . 2012-04-06 02:14 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll

2012-04-06 02:13 . 2011-04-20 01:59 6800896 ----a-w- c:\windows\SysWow64\atidxx32.dll

2012-04-06 02:10 . 2012-04-06 02:10 26181632 ----a-w- c:\windows\system32\atio6axx.dll

2012-04-06 02:00 . 2010-02-03 03:23 64000 ----a-w- c:\windows\system32\coinst.dll

2012-04-06 01:54 . 2010-05-27 16:46 7479296 ----a-w- c:\windows\system32\atidxx64.dll

2012-04-06 01:50 . 2012-04-06 01:50 19753984 ----a-w- c:\windows\SysWow64\atioglxx.dll

2012-04-06 01:35 . 2012-04-06 01:35 1120768 ----a-w- c:\windows\system32\atiumd6v.dll

2012-04-06 01:34 . 2012-04-06 01:34 1831424 ----a-w- c:\windows\SysWow64\atiumdmv.dll

2012-04-06 01:34 . 2012-04-06 01:34 6203392 ----a-w- c:\windows\SysWow64\atiumdag.dll

2012-04-06 01:30 . 2012-04-06 01:30 51200 ----a-w- c:\windows\system32\aticalrt64.dll

2012-04-06 01:30 . 2012-04-06 01:30 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll

2012-04-06 01:30 . 2012-04-06 01:30 44544 ----a-w- c:\windows\system32\aticalcl64.dll

2012-04-06 01:30 . 2012-04-06 01:30 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll

2012-04-06 01:29 . 2012-04-06 01:29 16090624 ----a-w- c:\windows\system32\aticaldd64.dll

2012-04-06 01:25 . 2012-04-06 01:25 13764096 ----a-w- c:\windows\SysWow64\aticaldd.dll

2012-04-06 01:22 . 2012-04-06 01:22 4795904 ----a-w- c:\windows\SysWow64\atiumdva.dll

2012-04-06 01:11 . 2012-04-06 01:11 514560 ----a-w- c:\windows\system32\atiadlxx.dll

2012-04-06 01:11 . 2012-04-06 01:11 360448 ----a-w- c:\windows\SysWow64\atiadlxy.dll

2012-04-06 01:11 . 2012-04-06 01:11 17408 ----a-w- c:\windows\system32\atig6pxx.dll

2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll

2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\system32\atiglpxx.dll

2012-04-06 01:11 . 2012-04-06 01:11 41984 ----a-w- c:\windows\system32\atig6txx.dll

2012-04-06 01:10 . 2012-04-06 01:10 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll

2012-04-06 01:10 . 2012-04-06 01:10 343040 ----a-w- c:\windows\system32\drivers\atikmpag.sys

2012-04-06 01:09 . 2011-04-20 01:21 54784 ----a-w- c:\windows\system32\atiuxp64.dll

2012-04-06 01:09 . 2011-04-20 01:21 41984 ----a-w- c:\windows\SysWow64\atiuxpag.dll

2012-04-06 01:09 . 2011-11-10 02:11 44544 ----a-w- c:\windows\system32\atiu9p64.dll

2012-04-06 01:09 . 2011-11-10 02:11 32256 ----a-w- c:\windows\SysWow64\atiu9pag.dll

2012-04-06 01:09 . 2012-04-06 01:09 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll

2012-04-06 01:06 . 2012-04-06 01:06 54784 ----a-w- c:\windows\system32\atimpc64.dll

2012-04-06 01:06 . 2012-04-06 01:06 54784 ----a-w- c:\windows\system32\amdpcom64.dll

2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll

2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll

2012-03-09 19:07 . 2012-03-09 19:07 29184 ----a-w- c:\windows\system32\kdbsdk64.dll

2012-03-09 19:06 . 2012-03-09 19:06 24576 ----a-w- c:\windows\SysWow64\kdbsdk32.dll

2012-03-01 06:54 . 2012-04-12 08:02 22896 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-03-01 06:45 . 2012-04-12 08:02 220672 ----a-w- c:\windows\system32\wintrust.dll

2012-03-01 06:40 . 2012-04-12 08:02 80896 ----a-w- c:\windows\system32\imagehlp.dll

2012-03-01 06:35 . 2012-04-12 08:02 5120 ----a-w- c:\windows\system32\wmi.dll

2012-03-01 05:49 . 2012-04-12 08:02 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-03-01 05:45 . 2012-04-12 08:02 158720 ----a-w- c:\windows\SysWow64\imagehlp.dll

2012-03-01 05:40 . 2012-04-12 08:02 5120 ----a-w- c:\windows\SysWow64\wmi.dll

2012-02-28 06:56 . 2012-04-12 08:05 2311168 ----a-w- c:\windows\system32\jscript9.dll

2012-02-28 06:49 . 2012-04-12 08:05 1390080 ----a-w- c:\windows\system32\wininet.dll

2012-02-28 06:48 . 2012-04-12 08:05 1493504 ----a-w- c:\windows\system32\inetcpl.cpl

2012-02-28 06:42 . 2012-04-12 08:05 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-02-28 01:18 . 2012-04-12 08:05 1799168 ----a-w- c:\windows\SysWow64\jscript9.dll

2012-02-28 01:11 . 2012-04-12 08:05 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2012-02-28 01:11 . 2012-04-12 08:05 1127424 ----a-w- c:\windows\SysWow64\wininet.dll

2012-02-28 01:03 . 2012-04-12 08:05 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2012-02-23 15:18 . 2010-03-02 03:28 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-02-23 12:32 . 2012-02-23 12:32 95760 ----a-w- c:\windows\system32\drivers\AtihdW76.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-12-05 19:17 94208 ----a-w- c:\users\Charles\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-12-05 19:17 94208 ----a-w- c:\users\Charles\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-12-05 19:17 94208 ----a-w- c:\users\Charles\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-12-05 19:17 94208 ----a-w- c:\users\Charles\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-09-03 1242448]

"igndlm.exe"="c:\program files (x86)\Download Manager\DLM.exe" [2009-10-27 1103216]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-05-05 4786048]

"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]

"googletalk"="c:\program files (x86)\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]

"InstaLAN"="c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2010-07-28 1485208]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-09-08 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-09-24 421160]

"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]

"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 641664]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]

.

c:\users\Charles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Charles\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-14 24246216]

OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]

R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\steam\steamapps\common\dragon age origins\bin_ship\DAUpdaterSvc.Service.exe [2010-06-21 25832]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]

R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [x]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-26 129976]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-04-06 361984]

S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]

S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2010-09-07 202048]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]

S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]

S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64k.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

.

Contents of the 'Scheduled Tasks' folder

.

2012-05-21 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 16:05]

.

2012-05-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2623427359-248344115-2681283407-1001Core.job

- c:\users\Charles\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-02 03:20]

.

2012-05-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2623427359-248344115-2681283407-1001UA.job

- c:\users\Charles\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-02 03:20]

.

--------- x86-64 -----------

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-12-05 19:17 97792 ----a-w- c:\users\Charles\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-12-05 19:17 97792 ----a-w- c:\users\Charles\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-12-05 19:17 97792 ----a-w- c:\users\Charles\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-12-05 19:17 97792 ----a-w- c:\users\Charles\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-05-21 2342800]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-05-26 2314120]

"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2786678

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\users\Charles\AppData\Roaming\Mozilla\Firefox\Profiles\dk17kppp.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.startup.homepage - hxxp://forums.somethingawful.com

FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)

WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)

AddRemove-Collective Thief: DS Texture Pack by John P. 1.03 - c:\program files (x86)\Thief - Deadly Shadows\Collective Texture Pack Uninstaller.exe

AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe

AddRemove-{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB} - c:\program files (x86)\Common Files\BioWare\Uninstall Mass Effect 2.exe

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-2623427359-248344115-2681283407-1001\Software\SecuROM\License information*]

"datasecu"=hex:bf,0a,10,0d,35,a1,12,59,4c,0d,01,64,4a,2d,77,65,4a,28,fb,47,64,

e0,f0,55,dc,c0,a7,51,11,9c,38,a8,e8,80,47,7e,b3,b8,d2,1c,ef,58,47,66,82,93,\

"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Bonjour\mDNSResponder.exe

c:\windows\SysWOW64\PnkBstrA.exe

c:\windows\SysWOW64\PnkBstrB.exe

c:\program files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe

.

**************************************************************************

.

Completion time: 2012-05-21 15:50:51 - machine was rebooted

ComboFix-quarantined-files.txt 2012-05-21 20:50

.

Pre-Run: 217,024,122,880 bytes free

Post-Run: 217,511,137,280 bytes free

.

- - End Of File - - 56CB9B5957F673BF2A9D22B02E1D6403

Here is the Security Check Log:

Results of screen317's Security Check version 0.99.33

Windows 7 x64 (UAC is disabled!)

Internet Explorer 9

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Enabled!

King's Bounty: Armored Princess

WMI entry may not exist for antivirus; attempting automatic update.

```````````````````````````````

Anti-malware/Other Utilities Check:

Spybot - Search & Destroy

Adobe Reader 9 Adobe Reader out of date!

Mozilla Firefox (12.0)

````````````````````````````````

Process Check:

objlist.exe by Laurent

Spybot Teatimer.exe is disabled!

``````````End of Log````````````

lfbprod · May 21, 2012

Finally, Google is running very smooth and is no longer redirecting. I have yet to see a popup with a message but I will let you know if one does. Thanks so much!

D-FRED-BROWN · May 21, 2012

Glad to hear things are running smoothly now. Your logs are looking much better .

Before we move on to the next step, let's take care of two things first:

1) You don't appear to be running an antivirus program. It's crucial that you always have one installed and running, as this is your best defense from getting infected.

Some excellent free antivirus programs include:

Avast: http://www.avast.com/en-us/index

Avira: http://www.avira.com...-free-antivirus

AVG: http://free.avg.com/us-en/homepage

I suggest you choose one of those (my personal favorite is Avast, if that has any bearing on your decision) and install it. Let me know if you need any assistance .

2) Let's run an online scan to verify that there's no traces left that we may have missed:

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the ActiveX control to install
Click Start
Make sure that the options Remove found threats is Unchecked and the option Scan unwanted applications is checked
Click Scan
Wait for the scan to finish
Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
Copy and paste that log as a reply to this topic

Please post that log in your next reply, and let me know how things go .

lfbprod · May 21, 2012

Quick Question regarding ESET Online Scanner: It's asking me to download something called OnlineScanner.cab

(After Step 2). Is this OK to do?

D-FRED-BROWN · May 21, 2012

Yep, it's safe .

lfbprod · May 22, 2012

Whew, sorry that took so long.

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=69e97c0b3cbcda4697bd420d70fc7c29

# end=finished

# remove_checked=false

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=false

# utc_time=2012-05-22 01:13:11

# local_time=2012-05-21 08:13:11 (-0600, Central Daylight Time)

# country="United States"

# lang=1033

# osver=6.1.7600 NT

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=5893 16776574 100 94 0 89182719 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=483157

# found=9

# cleaned=0

# scan_time=9922

C:\TDSSKiller_Quarantine\21.05.2012_15.20.29\mbr0000\tdlfs0000\tsk0005.dta a variant of Win32/Kryptik.XEZ trojan 0005F4641BB05DFC66EA45A2F841553F I

C:\TDSSKiller_Quarantine\21.05.2012_15.20.29\mbr0000\tdlfs0000\tsk0007.dta Win32/Olmasco.O trojan 5853EAE94A492C3940D1365C785402F9 I

C:\TDSSKiller_Quarantine\21.05.2012_15.20.29\mbr0000\tdlfs0000\tsk0008.dta Win64/Olmasco.X trojan 5DC84262B6E9B20A26401F7906193F3F I

C:\TDSSKiller_Quarantine\21.05.2012_15.20.29\mbr0000\tdlfs0000\tsk0009.dta Win32/Olmasco.O trojan 701CC8BA6E86B22CCFA80DFBA2FA6F47 I

C:\TDSSKiller_Quarantine\21.05.2012_15.20.29\mbr0000\tdlfs0000\tsk0010.dta Win64/Olmasco.R trojan 480D6ACF6100F0E124487E33CE6A75D3 I

C:\TDSSKiller_Quarantine\21.05.2012_15.20.29\mbr0000\tdlfs0000\tsk0011.dta a variant of Win32/Olmasco.Q trojan D3D9020847DB2024626897DF3C85484F I

C:\TDSSKiller_Quarantine\21.05.2012_15.20.29\mbr0000\tdlfs0000\tsk0012.dta Win64/Olmasco.X trojan 128945935556F19FEB3DA54ADDFD1AEE I

C:\TDSSKiller_Quarantine\21.05.2012_15.20.29\mbr0000\tdlfs0000\tsk0020.dta a variant of Win32/Kryptik.XEZ trojan 7A88B213EFCDBBE2A6565F6AA10B4FDF I

C:\Users\Charles\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\58630b2b-55928428 Java/TrojanDownloader.OpenStream.NCM trojan B128448CE2DEC747EC806A47800F7100 I

D-FRED-BROWN · May 22, 2012

Looking good! ESET just flagged the files TDSSKiller previously quarantined. There was one other file, but it got taken care of .

Before we move on, let's update some of your programs.

Program updates are a crucial step in preventing malware, as outdated applications are often used by the cybercriminals to gain a foothold on your system.

First,

I see you have User Accounts Control (UAC) disabled.

This is an important security feature which helps prevent malware and other unwanted software from being installed on your computer.

I strongly suggest you keep it enabled. See this link for instructions on how to enable it: http://windows.microsoft.com/en-US/windows-vista/Turn-User-Account-Control-on-or-off

-----------

You're using an old version of Adobe Acrobat Reader, this can leave your PC open to vulnerabilities, you can update it here (uninstall version 7.0 first):

Adobe Reader X

Note: I suggest you uncheck an optional, third-party download (eg. McAfee Security Scan Plus).

After successfully installing Adobe Reader X, see this article on how to make this program more secure: Adobe Reader X secures itself by playing in the sandbox.

-----------

Also, make sure you've installed an antivirus program!

Let me know how the program updates go, as failed updates may be a sign of additional malware.

lfbprod · May 22, 2012

OK, the UAC is now enabled, Adobe Reader X is installed and I have downloaded and installed Avast.

As for the extra file that was flagged by ESET, can I ask how it was taken care of? I know I kept the box to remove unwanted files unchecked as per your instructions, but was it then quarantined by the program?

Thanks again!

D-FRED-BROWN · May 22, 2012

OK, the UAC is now enabled, Adobe Reader X is installed and I have downloaded and installed Avast.

Glad to hear that!

As for the extra file that was flagged by ESET, can I ask how it was taken care of? I know I kept the box to remove unwanted files unchecked as per your instructions, but was it then quarantined by the program?

Since ESET quarantined it, it's essentially taken care of. You can re-run ESET again and have it remove/delete the file, but I honestly wouldn't worry about it .

Unless there are any further issues, I will now provide you with some suggestions for security software.

First, let's remove ComboFix:

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

-------------

Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future.

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

It is really dangerous to go online without an antivirus. Without one, you are extremely likely to get infected and the consequences could be even worse next time. All of the following are excellent free antiviruses. Be sure to only install one.

avast!.

AntiVir

AVG

Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:

Spybot-Search & Destroy

A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features if you don't have the resident part of another anti-spyware program running.

SpywareBlaster

A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

SpywareGuard

A tutorial on using SpywareGuard for real-time protection against spyware and hijackers may be found here.

Please, consider maintaining a firewall with HIPS (Host Intrusion Prevention Systems). Firewalls are extremely important and are the first part of your computer's defense. HIPS stops malware by monitoring its behavior and it's very important, too.

A firewall is a software program or piece of hardware that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet.

If you are using the Windows Firewall please note that it doesn't monitor or block outbound traffic and is therefore less effective than other free alternatives.

These firewalls are good and do have free versions available

A tutorial on understanding and using firewalls may be found here.

If you use Internet Explorer, it is a good idea to use IE-Spyad for ZonedOut which provides protections against malicious websites. (Requires 2 downloads)

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster and IE-Spyad can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:

http://www.spywarewarrior.com/rogue_anti-spyware.htm

A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

Please consider using an alternate browser. Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScripts, can make it even more secure. Opera is another good option.

If you are interested, Firefox may be downloaded from here

Opera is available here: http://www.opera.com/download/

For much more useful information, please also read Tony Klein's excellent article: How did I get infected in the first place

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help.

lfbprod · May 22, 2012

HI,

I've uninstalled Combofix and reran ESET just to get rid of the one flagged file. It looks like things are back to normal, so thanks very much for your help. I'll take your advice to help protect this computer better. Things are running a whole lot better than they were, so I imagine what was causing all the problems is gone now.

D-FRED-BROWN · May 22, 2012

Glad to hear things are well! If you have any other questions or concerns, don't hesitate to ask.

Otherwise, I will have this thread closed. You can still reach me by private message here on the site if you need anything.

Kind regards,

-DFB

Maurice Naggar · June 11, 2012

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Google Redirects and Strange Popups

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information