Hijacked..

[mikeyluke]

If someone could take a look at these files< I would be very grateful. Thanks.

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.0

Run by owner at 21:03:14 on 2012-06-17

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2807.1224 [GMT -7:00]

.

AV: ESET NOD32 Antivirus 5.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}

SP: ESET NOD32 Antivirus 5.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\System32\alg.exe

C:\Windows\system32\svchost.exe -k apphost

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe

C:\Windows\system32\CISVC.EXE

C:\Program Files (x86)\Launch Manager\dsiwmis.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe

C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe

C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe

C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt

C:\Windows\System32\svchost.exe -k ipripsvc

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Windows\system32\mqsvc.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Program Files (x86)\Secunia\PSI\PSIA.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Windows\System32\tcpsvcs.exe

C:\Windows\System32\snmp.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\system32\UI0Detect.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\svchost.exe -k iissvcs

C:\Windows\system32\svchost.exe -k wcssvc

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

C:\Windows\system32\svchost.exe -k HPService

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\Secunia\PSI\sua.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\dllhost.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Nero\Update\NASvc.exe

C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

C:\Windows\SysWow64\perfhost.exe

C:\Windows\System32\vds.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskhost.exe

C:\Windows\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe

C:\Program Files (x86)\Secunia\PSI\psi_tray.exe

C:\Windows\system32\igfxext.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files (x86)\Launch Manager\LManager.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe

C:\Program Files (x86)\Launch Manager\LMworker.exe

C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Internet Explorer\IELowutil.exe

C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\explorer.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.yahoo.com/

uDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv55c&r=27360111m405l0404z185a47k2j266

mDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv55c&r=27360111m405l0404z185a47k2j266

mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv55c&r=27360111m405l0404z185a47k2j266

uInternet Settings,ProxyOverride = *.local

mWinlogon: Userinit=userinit.exe,

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

mRun: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k

mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

dRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe

uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office10\EXCEL.EXE/3000

IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe"

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

Trusted Zone: adobe.com\helpx

Trusted Zone: adobe.com\kb2

Trusted Zone: adobe.com\www

Trusted Zone: microsoft.com\www.update

DPF: {15B782AF-55D8-11D1-B477-006097098764} - hxxp://download.macromedia.com/pub/shockwave/cabs/authorware/awswaxf.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1325955364499

DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab

DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.3.0.cab

DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} - hxxps://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller64.cab

TCP: DhcpNameServer = 75.75.75.75 75.75.76.76

TCP: Interfaces\{DCE8BE87-BD14-49A1-BD56-78387D20146B} : DhcpNameServer = 75.75.75.75 75.75.76.76

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO-X64: 0x1 - No File

BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO-X64: HP Print Enhancer - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

BHO-X64: HP Smart BHO Class - No File

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File

mRun-x64: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k

mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

IE-X64: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe"

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\r34on5a0.default\

FF - prefs.js: browser.startup.homepage - hxxp://us.yahoo.com

FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z160&form=ZGAADF&install_date=20110913&q=

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Common Files\Motive\npMotive.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll

FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

.

============= SERVICES / DRIVERS ===============

.

R1 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys --> C:\Windows\system32\DRIVERS\eamonm.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]

R2 BingDesktopUpdate;Bing Desktop Update service;C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2012-3-30 151656]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]

R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-7-23 321104]

R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2012-3-7 913144]

R2 epfwwfpr;epfwwfpr;C:\Windows\system32\DRIVERS\epfwwfpr.sys --> C:\Windows\system32\DRIVERS\epfwwfpr.sys [?]

R2 ePowerSvc;Acer ePower Service;C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe [2010-8-23 868896]

R2 GREGService;GREGService;C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe [2010-1-8 23584]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-7-22 13336]

R2 iprip;RIP Listener;C:\Windows\System32\svchost.exe -k ipripsvc [2009-7-13 20992]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-5-13 654408]

R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]

R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2010-5-24 255744]

R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-6-17 1153368]

R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-10-13 994360]

R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2011-10-13 399416]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]

R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-7-22 2320920]

R2 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2010-7-22 243232]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]

R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]

R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 PSI;PSI;C:\Windows\system32\DRIVERS\psi_mf.sys --> C:\Windows\system32\DRIVERS\psi_mf.sys [?]

R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]

R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]

R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]

R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]

S2 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-8 257696]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-1-24 135664]

S2 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-1-24 135664]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-2-29 158856]

S2 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 Revoflt;Revoflt;C:\Windows\system32\DRIVERS\revoflt.sys --> C:\Windows\system32\DRIVERS\revoflt.sys [?]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

S4 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]

S4 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2011-8-11 517632]

S4 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-28 129976]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-06-17 20:18:30 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy

2012-06-17 20:05:11 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{337C8C12-228C-411A-81EC-AB3740A897D7}\offreg.dll

2012-06-15 22:43:36 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{337C8C12-228C-411A-81EC-AB3740A897D7}\mpengine.dll

2012-06-15 06:30:10 0 ----a-w- C:\Windows\SysWow64\REN6B27.tmp

2012-06-15 06:30:10 0 ----a-w- C:\Windows\SysWow64\REN6B26.tmp

2012-06-15 00:20:59 499200 ----a-w- C:\Program Files\Internet Explorer\jsdbgui.dll

2012-06-15 00:20:59 387584 ----a-w- C:\Program Files (x86)\Internet Explorer\jsdbgui.dll

2012-06-15 00:20:55 887296 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll

2012-06-15 00:20:55 678912 ----a-w- C:\Program Files (x86)\Internet Explorer\iedvtool.dll

2012-06-09 00:48:04 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-09 00:47:47 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-09 00:47:28 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-06-09 00:47:28 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-05-28 14:03:54 -------- d-----w- C:\Program Files\ESET

2012-05-26 20:37:15 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll

2012-05-26 20:37:15 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll

2012-05-26 20:37:15 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll

2012-05-26 20:37:15 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll

2012-05-26 20:37:15 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll

2012-05-26 20:37:15 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll

2012-05-26 20:37:15 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll

.

==================== Find3M ====================

.

2012-06-15 06:30:42 772592 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2012-06-15 06:30:42 687600 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-06-15 06:28:17 955840 ----a-w- C:\Windows\System32\npdeployJava1.dll

2012-06-15 06:28:17 839096 ----a-w- C:\Windows\System32\deployJava1.dll

2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll

2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys

2012-05-13 09:28:54 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-05-13 09:28:54 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-05-05 05:35:04 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe

2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll

2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll

2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll

2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll

2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2012-04-19 03:56:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx

2012-04-19 03:56:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts

2012-04-07 12:31:40 3216384 ----a-w- C:\Windows\System32\msi.dll

2012-04-07 11:26:29 2342400 ----a-w- C:\Windows\SysWow64\msi.dll

2012-04-04 22:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys

.

============= FINISH: 21:04:49.09 ===============

[MrCharlie]

Welcome to the forum.

Hijacked <----what exactly do you mean??

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system (don't run any other options, they're not all bad!)

Post back the report.

MrC

[mikeyluke]

Thanks Eperts! I ran an ESET Sysinspecter scan and it found local host infiltrations. (I think) What do you think?

Here is the log you requested.

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD3200BPVT-22ZEST0 +++++

--- User ---

[MBR] 4cffa4007eebce35d682d329f906573f

[bSP] 9c572e3c8ccc05fd142d469b36cad048 : Windows 7 MBR Code

Partition table:

0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 13312 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 27265024 | Size: 100 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 27469824 | Size: 291831 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[4].txt >>

RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt

Thanks again!

Mike Luikens

[MrCharlie]

Finished : << RKreport[4].txt >>

RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt

You ran RK 4 times...Why and can you post the other 3.

MrC

[MrCharlie]

How are we doing??

Do you still need help or can I close this post??

MrC

[mikeyluke]

Please dont close the post...I didnt realize I ran the scan 4 times. Sorry...how embarassing. I will post the other three. Thanks.

#1RogueKiller V7.5.4 [06/07/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: owner [Admin rights]

Mode: DNSFix -- Date: 06/19/2012 16:33:58

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Registry Entries: 0 ¤¤¤

Finished : << RKreport[1].txt >>

RKreport[1].txt

#2RogueKiller V7.5.4 [06/07/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: owner [Admin rights]

Mode: HOSTSFix -- Date: 06/19/2012 16:34:16

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 www.007guard.com

127.0.0.1 007guard.com

127.0.0.1 008i.com

127.0.0.1 www.008k.com

127.0.0.1 008k.com

127.0.0.1 www.00hq.com

127.0.0.1 00hq.com

127.0.0.1 010402.com

127.0.0.1 www.032439.com

127.0.0.1 032439.com

127.0.0.1 www.0scan.com

127.0.0.1 0scan.com

127.0.0.1 www.1000gratisproben.com

127.0.0.1 1000gratisproben.com

127.0.0.1 1001namen.com

127.0.0.1 www.1001namen.com

127.0.0.1 100888290cs.com

127.0.0.1 www.100888290cs.com

127.0.0.1 www.100sexlinks.com

127.0.0.1 100sexlinks.com

[...]

¤¤¤ Resetted HOSTS: ¤¤¤

127.0.0.1 localhost

Finished : << RKreport[2].txt >>

RKreport[1].txt ; RKreport[2].txt

I'm pretty sure i messed up on #2......I reset the local host...sorry. Dang it, I knew I would mess this up.

RogueKiller V7.5.4 [06/07/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: owner [Admin rights]

Mode: Shortcuts HJfix -- Date: 06/19/2012 16:35:35

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤

Desktop: Success 1 / Fail 0

Quick launch: Success 1 / Fail 0

Programs: Success 13 / Fail 0

Start menu: Success 1 / Fail 0

User folder: Success 191 / Fail 0

My documents: Success 0 / Fail 0

My favorites: Success 0 / Fail 0

My pictures: Success 0 / Fail 0

My music: Success 36 / Fail 0

My videos: Success 0 / Fail 0

Local drives: Success 95 / Fail 0

Backup: [NOT FOUND]

Drives:

[C:] \Device\HarddiskVolume3 -- 0x3 --> Restored

[D:] \Device\CdRom0 -- 0x5 --> Skipped

[Q:] \Device\SftVol -- 0x3 --> Restored

¤¤¤ Infection : ¤¤¤

Finished : << RKreport[3].txt >>

RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

RogueKiller V7.5.4 [06/07/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: owner [Admin rights]

Mode: Scan -- Date: 06/19/2012 16:36:57

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 9 ¤¤¤

[sUSP PATH] {5E02D0CA-BB52-4807-B627-DAB85032A452}.job @ : C:\Users\owner\Desktop\Office xp\Removable Disk\INSTMSI.EXE -> FOUND

[sUSP PATH] Best Buy pc app.lnk @Default : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> FOUND

[sUSP PATH] Best Buy pc app.lnk @Default User : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> FOUND

[sUSP PATH] Best Buy pc app.lnk @DefaultAppPool : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD3200BPVT-22ZEST0 +++++

--- User ---

[MBR] 4cffa4007eebce35d682d329f906573f

[bSP] 9c572e3c8ccc05fd142d469b36cad048 : Windows 7 MBR Code

Partition table:

0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 13312 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 27265024 | Size: 100 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 27469824 | Size: 291831 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[4].txt >>

RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt

RogueKiller V7.5.4 [06/07/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: owner [Admin rights]

Mode: Scan -- Date: 06/19/2012 18:55:48

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 9 ¤¤¤

[sUSP PATH] {5E02D0CA-BB52-4807-B627-DAB85032A452}.job @ : C:\Users\owner\Desktop\Office xp\Removable Disk\INSTMSI.EXE -> FOUND

[sUSP PATH] Best Buy pc app.lnk @Default : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> FOUND

[sUSP PATH] Best Buy pc app.lnk @Default User : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> FOUND

[sUSP PATH] Best Buy pc app.lnk @DefaultAppPool : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD3200BPVT-22ZEST0 +++++

--- User ---

[MBR] 4cffa4007eebce35d682d329f906573f

[bSP] 9c572e3c8ccc05fd142d469b36cad048 : Windows 7 MBR Code

Partition table:

0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 13312 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 27265024 | Size: 100 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 27469824 | Size: 291831 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[5].txt >>

RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt

RogueKiller V7.5.4 [06/07/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: owner [Admin rights]

Mode: Scan -- Date: 06/19/2012 19:09:12

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 9 ¤¤¤

[sUSP PATH] {5E02D0CA-BB52-4807-B627-DAB85032A452}.job @ : C:\Users\owner\Desktop\Office xp\Removable Disk\INSTMSI.EXE -> FOUND

[sUSP PATH] Best Buy pc app.lnk @Default : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> FOUND

[sUSP PATH] Best Buy pc app.lnk @Default User : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> FOUND

[sUSP PATH] Best Buy pc app.lnk @DefaultAppPool : C:\ProgramData\Best Buy pc app\ClickOnceSetup.exe -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD3200BPVT-22ZEST0 +++++

--- User ---

[MBR] 4cffa4007eebce35d682d329f906573f

[bSP] 9c572e3c8ccc05fd142d469b36cad048 : Windows 7 MBR Code

Partition table:

0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 13312 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 27265024 | Size: 100 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 27469824 | Size: 291831 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[6].txt >>

RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ;

RKreport[6].txt

That's all I have.

Mike

[MrCharlie]

Next......

Please make sure system restore is running and create a new restore point before continuing.

XP <===> Vista & W7

XP users > please back up the registry using ERUNT.

-----------------------------------------

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

------------------------

Click the Start Scan button.

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose delete.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

[mikeyluke]

Thank you Mr. C! Here's the files you requested.

17:49:29.0129 2764 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32

17:49:29.0706 2764 ============================================================

17:49:29.0706 2764 Current date / time: 2012/06/22 17:49:29.0706

17:49:29.0706 2764 SystemInfo:

17:49:29.0706 2764

17:49:29.0706 2764 OS Version: 6.1.7601 ServicePack: 1.0

17:49:29.0706 2764 Product type: Workstation

17:49:29.0706 2764 ComputerName: OWNER-PC

17:49:29.0706 2764 UserName: owner

17:49:29.0706 2764 Windows directory: C:\Windows

17:49:29.0706 2764 System windows directory: C:\Windows

17:49:29.0706 2764 Running under WOW64

17:49:29.0706 2764 Processor architecture: Intel x64

17:49:29.0706 2764 Number of processors: 2

17:49:29.0706 2764 Page size: 0x1000

17:49:29.0706 2764 Boot type: Normal boot

17:49:29.0706 2764 ============================================================

17:49:30.0236 2764 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

17:49:30.0252 2764 ============================================================

17:49:30.0252 2764 \Device\Harddisk0\DR0:

17:49:30.0252 2764 MBR partitions:

17:49:30.0252 2764 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1A00800, BlocksNum 0x32000

17:49:30.0252 2764 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A32800, BlocksNum 0x239FB800

17:49:30.0252 2764 ============================================================

17:49:30.0267 2764 C: <-> \Device\Harddisk0\DR0\Partition1

17:49:30.0267 2764 ============================================================

17:49:30.0267 2764 Initialize success

17:49:30.0267 2764 ============================================================

17:54:22.0518 1096 Deinitialize success

18:01:32.0300 1120 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32

18:01:32.0721 1120 ============================================================

18:01:32.0721 1120 Current date / time: 2012/06/22 18:01:32.0721

18:01:32.0721 1120 SystemInfo:

18:01:32.0721 1120

18:01:32.0721 1120 OS Version: 6.1.7601 ServicePack: 1.0

18:01:32.0721 1120 Product type: Workstation

18:01:32.0721 1120 ComputerName: OWNER-PC

18:01:32.0721 1120 UserName: owner

18:01:32.0721 1120 Windows directory: C:\Windows

18:01:32.0721 1120 System windows directory: C:\Windows

18:01:32.0721 1120 Running under WOW64

18:01:32.0721 1120 Processor architecture: Intel x64

18:01:32.0721 1120 Number of processors: 2

18:01:32.0721 1120 Page size: 0x1000

18:01:32.0721 1120 Boot type: Normal boot

18:01:32.0721 1120 ============================================================

18:01:33.0205 1120 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

18:01:33.0205 1120 ============================================================

18:01:33.0205 1120 \Device\Harddisk0\DR0:

18:01:33.0205 1120 MBR partitions:

18:01:33.0205 1120 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1A00800, BlocksNum 0x32000

18:01:33.0205 1120 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A32800, BlocksNum 0x239FB800

18:01:33.0205 1120 ============================================================

18:01:33.0237 1120 C: <-> \Device\Harddisk0\DR0\Partition1

18:01:33.0237 1120 ============================================================

18:01:33.0237 1120 Initialize success

18:01:33.0237 1120 ============================================================

18:01:57.0033 4808 ============================================================

18:01:57.0033 4808 Scan started

18:01:57.0033 4808 Mode: Manual; SigCheck; TDLFS;

18:01:57.0033 4808 ============================================================

18:01:59.0389 4808 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

18:01:59.0591 4808 1394ohci - ok

18:01:59.0669 4808 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

18:01:59.0732 4808 ACPI - ok

18:01:59.0763 4808 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

18:01:59.0872 4808 AcpiPmi - ok

18:02:00.0013 4808 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

18:02:00.0044 4808 AdobeARMservice - ok

18:02:00.0262 4808 AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

18:02:00.0278 4808 AdobeFlashPlayerUpdateSvc - ok

18:02:00.0387 4808 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

18:02:00.0434 4808 adp94xx - ok

18:02:00.0496 4808 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

18:02:00.0543 4808 adpahci - ok

18:02:00.0590 4808 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

18:02:00.0605 4808 adpu320 - ok

18:02:00.0637 4808 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

18:02:00.0917 4808 AeLookupSvc - ok

18:02:00.0995 4808 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

18:02:01.0120 4808 AFD - ok

18:02:01.0183 4808 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

18:02:01.0198 4808 agp440 - ok

18:02:01.0229 4808 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

18:02:01.0323 4808 ALG - ok

18:02:01.0370 4808 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

18:02:01.0385 4808 aliide - ok

18:02:01.0401 4808 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

18:02:01.0417 4808 amdide - ok

18:02:01.0495 4808 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

18:02:01.0573 4808 AmdK8 - ok

18:02:01.0619 4808 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

18:02:01.0666 4808 AmdPPM - ok

18:02:01.0744 4808 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

18:02:01.0775 4808 amdsata - ok

18:02:01.0822 4808 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

18:02:01.0853 4808 amdsbs - ok

18:02:01.0869 4808 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

18:02:01.0885 4808 amdxata - ok

18:02:01.0963 4808 Antispy - ok

18:02:02.0103 4808 AppHostSvc (59d01fa91962c9c1e9b4022b2d3b46db) C:\Windows\system32\inetsrv\apphostsvc.dll

18:02:02.0243 4808 AppHostSvc - ok

18:02:02.0306 4808 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

18:02:02.0509 4808 AppID - ok

18:02:02.0540 4808 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

18:02:02.0633 4808 AppIDSvc - ok

18:02:02.0680 4808 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

18:02:02.0743 4808 Appinfo - ok

18:02:02.0977 4808 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

18:02:03.0008 4808 Apple Mobile Device - ok

18:02:03.0055 4808 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

18:02:03.0086 4808 arc - ok

18:02:03.0148 4808 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

18:02:03.0179 4808 arcsas - ok

18:02:03.0304 4808 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

18:02:03.0367 4808 aspnet_state - ok

18:02:03.0429 4808 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

18:02:03.0523 4808 AsyncMac - ok

18:02:03.0585 4808 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

18:02:03.0601 4808 atapi - ok

18:02:03.0944 4808 athr (e642491f64e58cd5bc8fb8b347dcf65f) C:\Windows\system32\DRIVERS\athrx.sys

18:02:04.0006 4808 athr - ok

18:02:04.0303 4808 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

18:02:04.0443 4808 AudioEndpointBuilder - ok

18:02:04.0443 4808 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

18:02:04.0490 4808 AudioSrv - ok

18:02:04.0599 4808 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

18:02:04.0786 4808 AxInstSV - ok

18:02:05.0020 4808 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

18:02:05.0129 4808 b06bdrv - ok

18:02:05.0207 4808 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

18:02:05.0332 4808 b57nd60a - ok

18:02:05.0379 4808 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

18:02:05.0457 4808 BDESVC - ok

18:02:05.0473 4808 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

18:02:05.0566 4808 Beep - ok

18:02:05.0675 4808 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll

18:02:05.0816 4808 BFE - ok

18:02:06.0003 4808 BingDesktopUpdate (1b63f2b7ca6b5290cc124cdd07520bc9) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe

18:02:06.0019 4808 BingDesktopUpdate - ok

18:02:06.0112 4808 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll

18:02:06.0221 4808 BITS - ok

18:02:06.0299 4808 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

18:02:06.0362 4808 blbdrive - ok

18:02:06.0580 4808 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe

18:02:06.0627 4808 Bonjour Service - ok

18:02:06.0658 4808 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

18:02:06.0705 4808 bowser - ok

18:02:06.0736 4808 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

18:02:06.0830 4808 BrFiltLo - ok

18:02:06.0892 4808 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

18:02:06.0955 4808 BrFiltUp - ok

18:02:07.0001 4808 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

18:02:07.0079 4808 Browser - ok

18:02:07.0126 4808 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

18:02:07.0157 4808 Brserid - ok

18:02:07.0189 4808 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

18:02:07.0204 4808 BrSerWdm - ok

18:02:07.0220 4808 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

18:02:07.0235 4808 BrUsbMdm - ok

18:02:07.0251 4808 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

18:02:07.0282 4808 BrUsbSer - ok

18:02:07.0313 4808 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

18:02:07.0345 4808 BTHMODEM - ok

18:02:07.0376 4808 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

18:02:07.0454 4808 bthserv - ok

18:02:07.0485 4808 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

18:02:07.0594 4808 cdfs - ok

18:02:07.0672 4808 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

18:02:07.0688 4808 cdrom - ok

18:02:07.0719 4808 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

18:02:07.0781 4808 CertPropSvc - ok

18:02:07.0813 4808 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

18:02:07.0828 4808 circlass - ok

18:02:07.0875 4808 CISVC (ff60401f1c659ca2ed4bae85d3fd14da) C:\Windows\system32\CISVC.EXE

18:02:07.0922 4808 CISVC - ok

18:02:07.0969 4808 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

18:02:08.0000 4808 CLFS - ok

18:02:08.0125 4808 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

18:02:08.0140 4808 clr_optimization_v2.0.50727_32 - ok

18:02:08.0265 4808 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

18:02:08.0281 4808 clr_optimization_v2.0.50727_64 - ok

18:02:08.0390 4808 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

18:02:08.0515 4808 clr_optimization_v4.0.30319_32 - ok

18:02:08.0577 4808 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

18:02:08.0639 4808 clr_optimization_v4.0.30319_64 - ok

18:02:08.0671 4808 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

18:02:08.0686 4808 CmBatt - ok

18:02:08.0764 4808 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

18:02:08.0795 4808 cmdide - ok

18:02:08.0889 4808 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

18:02:08.0936 4808 CNG - ok

18:02:08.0983 4808 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

18:02:08.0998 4808 Compbatt - ok

18:02:09.0029 4808 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

18:02:09.0076 4808 CompositeBus - ok

18:02:09.0107 4808 COMSysApp - ok

18:02:09.0217 4808 cpudrv64 (3ca734ce373e5675fbc15ca2c45228e5) C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys

18:02:09.0248 4808 cpudrv64 - ok

18:02:09.0279 4808 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

18:02:09.0295 4808 crcdisk - ok

18:02:09.0341 4808 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll

18:02:09.0466 4808 CryptSvc - ok

18:02:09.0685 4808 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

18:02:09.0841 4808 cvhsvc - ok

18:02:09.0965 4808 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

18:02:10.0059 4808 DcomLaunch - ok

18:02:10.0153 4808 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

18:02:10.0231 4808 defragsvc - ok

18:02:10.0340 4808 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

18:02:10.0418 4808 DfsC - ok

18:02:10.0480 4808 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

18:02:10.0589 4808 Dhcp - ok

18:02:10.0621 4808 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

18:02:10.0699 4808 discache - ok

18:02:10.0730 4808 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

18:02:10.0745 4808 Disk - ok

18:02:10.0839 4808 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

18:02:10.0901 4808 Dnscache - ok

18:02:10.0979 4808 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

18:02:11.0057 4808 dot3svc - ok

18:02:11.0135 4808 Dot4 (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys

18:02:11.0151 4808 Dot4 - ok

18:02:11.0167 4808 Dot4Print (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\DRIVERS\Dot4Prt.sys

18:02:11.0213 4808 Dot4Print - ok

18:02:11.0245 4808 dot4usb (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys

18:02:11.0307 4808 dot4usb - ok

18:02:11.0354 4808 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

18:02:11.0432 4808 DPS - ok

18:02:11.0479 4808 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

18:02:11.0510 4808 drmkaud - ok

18:02:11.0697 4808 DsiWMIService (1fca854cedfc2ccd0c22e46ea4ea18f1) C:\Program Files (x86)\Launch Manager\dsiwmis.exe

18:02:11.0713 4808 DsiWMIService - ok

18:02:11.0915 4808 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

18:02:11.0962 4808 DXGKrnl - ok

18:02:12.0040 4808 eamonm (d00eae9c735a7dee8049e50d73d25434) C:\Windows\system32\DRIVERS\eamonm.sys

18:02:12.0071 4808 eamonm - ok

18:02:12.0134 4808 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

18:02:12.0181 4808 EapHost - ok

18:02:12.0633 4808 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

18:02:12.0758 4808 ebdrv - ok

18:02:12.0914 4808 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

18:02:13.0007 4808 EFS - ok

18:02:13.0226 4808 ehdrv (e5edde3c8158dd0cbc5812f201dcded0) C:\Windows\system32\DRIVERS\ehdrv.sys

18:02:13.0241 4808 ehdrv - ok

18:02:13.0444 4808 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

18:02:13.0569 4808 ehRecvr - ok

18:02:13.0631 4808 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

18:02:13.0772 4808 ehSched - ok

18:02:14.0115 4808 ekrn (ad4faade819e0da9933bea7c01d2c763) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe

18:02:14.0146 4808 ekrn - ok

18:02:14.0599 4808 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

18:02:14.0645 4808 elxstor - ok

18:02:14.0708 4808 epfwwfpr (3ebb7fd3c605262b942868a1d840f4f1) C:\Windows\system32\DRIVERS\epfwwfpr.sys

18:02:14.0723 4808 epfwwfpr - ok

18:02:14.0911 4808 ePowerSvc (3ea2c4f68a782839d97b3c83595575b6) C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe

18:02:15.0004 4808 ePowerSvc - ok

18:02:15.0051 4808 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

18:02:15.0098 4808 ErrDev - ok

18:02:15.0285 4808 esihdrv - ok

18:02:15.0379 4808 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

18:02:15.0457 4808 EventSystem - ok

18:02:15.0519 4808 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

18:02:15.0597 4808 exfat - ok

18:02:15.0628 4808 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

18:02:15.0737 4808 fastfat - ok

18:02:15.0971 4808 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

18:02:16.0112 4808 Fax - ok

18:02:16.0159 4808 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

18:02:16.0190 4808 fdc - ok

18:02:16.0237 4808 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

18:02:16.0315 4808 fdPHost - ok

18:02:16.0346 4808 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

18:02:16.0393 4808 FDResPub - ok

18:02:16.0408 4808 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

18:02:16.0424 4808 FileInfo - ok

18:02:16.0439 4808 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

18:02:16.0517 4808 Filetrace - ok

18:02:16.0549 4808 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

18:02:16.0580 4808 flpydisk - ok

18:02:16.0642 4808 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

18:02:16.0689 4808 FltMgr - ok

18:02:16.0845 4808 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

18:02:16.0970 4808 FontCache - ok

18:02:17.0079 4808 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

18:02:17.0095 4808 FontCache3.0.0.0 - ok

18:02:17.0204 4808 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

18:02:17.0219 4808 FsDepends - ok

18:02:17.0251 4808 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys

18:02:17.0251 4808 fssfltr - ok

18:02:17.0921 4808 fsssvc (40cdfad174b3d5e80f95dda003c0b97f) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe

18:02:17.0984 4808 fsssvc - ok

18:02:18.0530 4808 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys

18:02:18.0561 4808 Fs_Rec - ok

18:02:18.0623 4808 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

18:02:18.0639 4808 fvevol - ok

18:02:18.0670 4808 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

18:02:18.0686 4808 gagp30kx - ok

18:02:18.0717 4808 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

18:02:18.0748 4808 GEARAspiWDM - ok

18:02:18.0920 4808 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

18:02:19.0060 4808 gpsvc - ok

18:02:19.0185 4808 GREGService (0191dee9b9eb7902af2cf4f67301095d) C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe

18:02:19.0185 4808 GREGService - ok

18:02:19.0325 4808 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

18:02:19.0357 4808 gupdate - ok

18:02:19.0388 4808 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

18:02:19.0388 4808 gupdatem - ok

18:02:19.0435 4808 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

18:02:19.0450 4808 gusvc - ok

18:02:19.0528 4808 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

18:02:19.0606 4808 hcw85cir - ok

18:02:19.0669 4808 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

18:02:19.0762 4808 HdAudAddService - ok

18:02:19.0825 4808 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

18:02:19.0871 4808 HDAudBus - ok

18:02:19.0949 4808 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys

18:02:19.0996 4808 HECIx64 - ok

18:02:19.0996 4808 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

18:02:20.0059 4808 HidBatt - ok

18:02:20.0090 4808 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

18:02:20.0137 4808 HidBth - ok

18:02:20.0168 4808 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

18:02:20.0199 4808 HidIr - ok

18:02:20.0246 4808 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll

18:02:20.0324 4808 hidserv - ok

18:02:20.0339 4808 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys

18:02:20.0355 4808 HidUsb - ok

18:02:20.0417 4808 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

18:02:20.0480 4808 hkmsvc - ok

18:02:20.0573 4808 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

18:02:20.0667 4808 HomeGroupListener - ok

18:02:20.0729 4808 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

18:02:20.0807 4808 HomeGroupProvider - ok

18:02:21.0057 4808 hpqcxs08 (0a3c6aa4a9fc38c20ba4eac2c3351c05) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll

18:02:21.0088 4808 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning

18:02:21.0088 4808 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)

18:02:21.0135 4808 hpqddsvc (75cc8c5146a3fb76221a7606628778d5) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll

18:02:21.0166 4808 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning

18:02:21.0166 4808 hpqddsvc - detected UnsignedFile.Multi.Generic (1)

18:02:21.0213 4808 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

18:02:21.0244 4808 HpSAMD - ok

18:02:21.0400 4808 HPSLPSVC (2adf33f93991c4e24e86ffa5f906417b) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL

18:02:21.0478 4808 HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning

18:02:21.0478 4808 HPSLPSVC - detected UnsignedFile.Multi.Generic (1)

18:02:21.0587 4808 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

18:02:21.0697 4808 HTTP - ok

18:02:21.0743 4808 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

18:02:21.0759 4808 hwpolicy - ok

18:02:21.0821 4808 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys

18:02:21.0853 4808 i8042prt - ok

18:02:22.0009 4808 iaStor (1384872112e8e7fd5786eceb8bddf4c9) C:\Windows\system32\DRIVERS\iaStor.sys

18:02:22.0024 4808 iaStor - ok

18:02:22.0243 4808 IAStorDataMgrSvc (6b24d1c3096de796d15571079ea5e98c) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

18:02:22.0258 4808 IAStorDataMgrSvc - ok

18:02:22.0352 4808 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

18:02:22.0399 4808 iaStorV - ok

18:02:22.0555 4808 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

18:02:22.0617 4808 idsvc - ok

18:02:23.0834 4808 igfx (f4f91789c7c7a159ce8215c1f69f2a85) C:\Windows\system32\DRIVERS\igdkmd64.sys

18:02:24.0224 4808 igfx - ok

18:02:24.0567 4808 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

18:02:24.0598 4808 iirsp - ok

18:02:24.0676 4808 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

18:02:24.0832 4808 IKEEXT - ok

18:02:24.0910 4808 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys

18:02:24.0988 4808 Impcd - ok

18:02:25.0316 4808 IntcAzAudAddService (235362d403d9d677514649d88db31914) C:\Windows\system32\drivers\RTKVHD64.sys

18:02:25.0409 4808 IntcAzAudAddService - ok

18:02:25.0799 4808 IntcDAud (ae594cc17c33ac146739494615e14851) C:\Windows\system32\DRIVERS\IntcDAud.sys

18:02:25.0862 4808 IntcDAud - ok

18:02:25.0877 4808 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

18:02:25.0893 4808 intelide - ok

18:02:25.0940 4808 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

18:02:26.0002 4808 intelppm - ok

18:02:26.0096 4808 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

18:02:26.0299 4808 IPBusEnum - ok

18:02:26.0767 4808 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

18:02:26.0860 4808 IpFilterDriver - ok

18:02:27.0016 4808 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll

18:02:27.0203 4808 iphlpsvc - ok

18:02:27.0281 4808 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

18:02:27.0297 4808 IPMIDRV - ok

18:02:27.0359 4808 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

18:02:27.0469 4808 IPNAT - ok

18:02:27.0640 4808 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe

18:02:27.0671 4808 iPod Service - ok

18:02:27.0749 4808 iprip (11fe7637a49b67d9b1f895b2ad4d982f) C:\Windows\System32\iprip.dll

18:02:27.0827 4808 iprip - ok

18:02:27.0859 4808 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

18:02:27.0952 4808 IRENUM - ok

18:02:27.0999 4808 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

18:02:28.0015 4808 isapnp - ok

18:02:28.0155 4808 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\DRIVERS\msiscsi.sys

18:02:28.0186 4808 iScsiPrt - ok

18:02:28.0280 4808 k57nd60a (37e053a2cf8f0082b689ed74106e0cec) C:\Windows\system32\DRIVERS\k57nd60a.sys

18:02:28.0311 4808 k57nd60a - ok

18:02:28.0373 4808 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys

18:02:28.0405 4808 kbdclass - ok

18:02:28.0467 4808 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

18:02:28.0514 4808 kbdhid - ok

18:02:28.0592 4808 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

18:02:28.0607 4808 KeyIso - ok

18:02:28.0717 4808 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

18:02:28.0779 4808 KSecDD - ok

18:02:28.0919 4808 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

18:02:28.0951 4808 KSecPkg - ok

18:02:28.0966 4808 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

18:02:29.0029 4808 ksthunk - ok

18:02:29.0107 4808 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

18:02:29.0263 4808 KtmRm - ok

18:02:29.0372 4808 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll

18:02:29.0450 4808 LanmanServer - ok

18:02:29.0497 4808 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

18:02:29.0590 4808 LanmanWorkstation - ok

18:02:29.0653 4808 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

18:02:29.0746 4808 lltdio - ok

18:02:29.0840 4808 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

18:02:29.0949 4808 lltdsvc - ok

18:02:29.0965 4808 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

18:02:30.0027 4808 lmhosts - ok

18:02:30.0136 4808 LMS (dbc1136a62bd4decc3632df650284c2e) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

18:02:30.0167 4808 LMS - ok

18:02:30.0261 4808 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

18:02:30.0292 4808 LSI_FC - ok

18:02:30.0370 4808 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

18:02:30.0401 4808 LSI_SAS - ok

18:02:30.0433 4808 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

18:02:30.0448 4808 LSI_SAS2 - ok

18:02:30.0542 4808 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

18:02:30.0589 4808 LSI_SCSI - ok

18:02:30.0620 4808 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

18:02:30.0713 4808 luafv - ok

18:02:30.0823 4808 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys

18:02:30.0854 4808 MBAMProtector - ok

18:02:30.0994 4808 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

18:02:31.0010 4808 MBAMService - ok

18:02:31.0213 4808 McciCMService (e6cb119ef2e148eaa1a247343550756e) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe

18:02:31.0244 4808 McciCMService ( UnsignedFile.Multi.Generic ) - warning

18:02:31.0244 4808 McciCMService - detected UnsignedFile.Multi.Generic (1)

18:02:31.0400 4808 McciCMService64 (be3d584d7c021eb7d89166eecb83c341) C:\Program Files\Common Files\Motive\McciCMService.exe

18:02:31.0462 4808 McciCMService64 ( UnsignedFile.Multi.Generic ) - warning

18:02:31.0462 4808 McciCMService64 - detected UnsignedFile.Multi.Generic (1)

18:02:31.0821 4808 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

18:02:31.0930 4808 Mcx2Svc - ok

18:02:32.0055 4808 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7Debug\mdm.exe

18:02:32.0086 4808 MDM - ok

18:02:32.0211 4808 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

18:02:32.0258 4808 megasas - ok

18:02:32.0305 4808 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

18:02:32.0336 4808 MegaSR - ok

18:02:32.0398 4808 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

18:02:32.0492 4808 MMCSS - ok

18:02:32.0523 4808 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

18:02:32.0617 4808 Modem - ok

18:02:32.0664 4808 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

18:02:32.0710 4808 monitor - ok

18:02:32.0788 4808 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

18:02:32.0820 4808 mouclass - ok

18:02:32.0898 4808 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

18:02:32.0944 4808 mouhid - ok

18:02:32.0991 4808 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

18:02:33.0007 4808 mountmgr - ok

18:02:33.0178 4808 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

18:02:33.0210 4808 MozillaMaintenance - ok

18:02:33.0256 4808 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

18:02:33.0272 4808 mpio - ok

18:02:33.0303 4808 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

18:02:33.0381 4808 mpsdrv - ok

18:02:33.0568 4808 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll

18:02:33.0678 4808 MpsSvc - ok

18:02:33.0787 4808 MQAC (cd22d2563039dda6793f7624719363a7) C:\Windows\system32\drivers\mqac.sys

18:02:33.0880 4808 MQAC - ok

18:02:34.0036 4808 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS

18:02:34.0052 4808 MREMP50 ( UnsignedFile.Multi.Generic ) - warning

18:02:34.0052 4808 MREMP50 - detected UnsignedFile.Multi.Generic (1)

18:02:34.0099 4808 MREMP50a64 - ok

18:02:34.0099 4808 MREMPR5 - ok

18:02:34.0114 4808 MRENDIS5 - ok

18:02:34.0161 4808 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS

18:02:34.0192 4808 MRESP50 ( UnsignedFile.Multi.Generic ) - warning

18:02:34.0192 4808 MRESP50 - detected UnsignedFile.Multi.Generic (1)

18:02:34.0192 4808 MRESP50a64 - ok

18:02:34.0255 4808 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

18:02:34.0317 4808 MRxDAV - ok

18:02:34.0364 4808 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

18:02:34.0426 4808 mrxsmb - ok

18:02:34.0489 4808 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

18:02:34.0520 4808 mrxsmb10 - ok

18:02:34.0567 4808 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

18:02:34.0598 4808 mrxsmb20 - ok

18:02:34.0692 4808 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

18:02:34.0723 4808 msahci - ok

18:02:34.0832 4808 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

18:02:34.0863 4808 msdsm - ok

18:02:34.0910 4808 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

18:02:34.0972 4808 MSDTC - ok

18:02:35.0082 4808 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

18:02:35.0206 4808 Msfs - ok

18:02:35.0300 4808 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

18:02:35.0378 4808 mshidkmdf - ok

18:02:35.0472 4808 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

18:02:35.0503 4808 msisadrv - ok

18:02:35.0581 4808 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

18:02:35.0659 4808 MSiSCSI - ok

18:02:35.0659 4808 MSIServer - ok

18:02:35.0706 4808 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

18:02:35.0768 4808 MSKSSRV - ok

18:02:35.0862 4808 MSMQ (faaeaef99e53561beee58f946ca56f0d) C:\Windows\system32\mqsvc.exe

18:02:35.0924 4808 MSMQ - ok

18:02:35.0955 4808 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

18:02:36.0018 4808 MSPCLOCK - ok

18:02:36.0064 4808 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

18:02:36.0142 4808 MSPQM - ok

18:02:36.0267 4808 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

18:02:36.0298 4808 MsRPC - ok

18:02:36.0361 4808 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

18:02:36.0376 4808 mssmbios - ok

18:02:36.0423 4808 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

18:02:36.0517 4808 MSTEE - ok

18:02:36.0532 4808 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

18:02:36.0548 4808 MTConfig - ok

18:02:36.0595 4808 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

18:02:36.0626 4808 Mup - ok

18:02:36.0688 4808 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

18:02:36.0751 4808 napagent - ok

18:02:36.0813 4808 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

18:02:36.0876 4808 NativeWifiP - ok

18:02:37.0110 4808 NAUpdate (934bb0d23a25c8c136570800a5a149b6) C:\Program Files (x86)\Nero\Update\NASvc.exe

18:02:37.0141 4808 NAUpdate - ok

18:02:37.0312 4808 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

18:02:37.0359 4808 NDIS - ok

18:02:37.0375 4808 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

18:02:37.0437 4808 NdisCap - ok

18:02:37.0468 4808 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

18:02:37.0546 4808 NdisTapi - ok

18:02:37.0624 4808 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

18:02:37.0734 4808 Ndisuio - ok

18:02:37.0765 4808 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

18:02:37.0874 4808 NdisWan - ok

18:02:37.0968 4808 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

18:02:38.0061 4808 NDProxy - ok

18:02:38.0233 4808 Nero BackItUp Scheduler 4.0 (7d2633295eb6ff2b938185874884059d) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

18:02:38.0311 4808 Nero BackItUp Scheduler 4.0 - ok

18:02:38.0373 4808 Net Driver HPZ12 (d5ac41ae382738483faffbd7e373d49a) C:\Windows\system32\HPZinw12.dll

18:02:38.0404 4808 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning

18:02:38.0404 4808 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)

18:02:38.0498 4808 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

18:02:38.0607 4808 NetBIOS - ok

18:02:38.0670 4808 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

18:02:38.0748 4808 NetBT - ok

18:02:38.0779 4808 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

18:02:38.0794 4808 Netlogon - ok

18:02:38.0872 4808 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

18:02:38.0982 4808 Netman - ok

18:02:39.0153 4808 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

18:02:39.0169 4808 NetMsmqActivator - ok

18:02:39.0200 4808 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

18:02:39.0231 4808 NetPipeActivator - ok

18:02:39.0309 4808 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

18:02:39.0434 4808 netprofm - ok

18:02:39.0450 4808 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

18:02:39.0465 4808 NetTcpActivator - ok

18:02:39.0481 4808 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

18:02:39.0481 4808 NetTcpPortSharing - ok

18:02:39.0574 4808 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

18:02:39.0606 4808 nfrd960 - ok

18:02:39.0684 4808 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

18:02:39.0746 4808 NlaSvc - ok

18:02:39.0762 4808 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

18:02:39.0808 4808 Npfs - ok

18:02:39.0840 4808 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

18:02:39.0886 4808 nsi - ok

18:02:39.0902 4808 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

18:02:39.0980 4808 nsiproxy - ok

18:02:40.0214 4808 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

18:02:40.0276 4808 Ntfs - ok

18:02:40.0386 4808 NTI IScheduleSvc (6fd534ede2905d3c3257cfdd881f9705) C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe

18:02:40.0417 4808 NTI IScheduleSvc - ok

18:02:40.0682 4808 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys

18:02:40.0713 4808 NTIDrvr - ok

18:02:40.0760 4808 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

18:02:40.0854 4808 Null - ok

18:02:40.0932 4808 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

18:02:40.0963 4808 nvraid - ok

18:02:40.0994 4808 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

18:02:41.0010 4808 nvstor - ok

18:02:41.0041 4808 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

18:02:41.0056 4808 nv_agp - ok

18:02:41.0088 4808 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

18:02:41.0103 4808 ohci1394 - ok

18:02:41.0212 4808 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

18:02:41.0244 4808 ose - ok

18:02:41.0852 4808 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

18:02:42.0008 4808 osppsvc - ok

18:02:42.0351 4808 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

18:02:42.0476 4808 p2pimsvc - ok

18:02:42.0523 4808 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

18:02:42.0601 4808 p2psvc - ok

18:02:42.0679 4808 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

18:02:42.0726 4808 Parport - ok

18:02:42.0772 4808 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys

18:02:42.0804 4808 partmgr - ok

18:02:42.0835 4808 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

18:02:42.0882 4808 PcaSvc - ok

18:02:43.0006 4808 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

18:02:43.0038 4808 pci - ok

18:02:43.0053 4808 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

18:02:43.0069 4808 pciide - ok

18:02:43.0100 4808 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

18:02:43.0116 4808 pcmcia - ok

18:02:43.0131 4808 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

18:02:43.0147 4808 pcw - ok

18:02:43.0209 4808 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

18:02:43.0303 4808 PEAUTH - ok

18:02:43.0474 4808 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

18:02:43.0537 4808 PerfHost - ok

18:02:43.0755 4808 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

18:02:43.0833 4808 pla - ok

18:02:43.0927 4808 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

18:02:43.0989 4808 PlugPlay - ok

18:02:44.0052 4808 Pml Driver HPZ12 (37f6046cdc630442d7dc087501ff6fc6) C:\Windows\system32\HPZipm12.dll

18:02:44.0052 4808 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning

18:02:44.0052 4808 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)

18:02:44.0067 4808 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

18:02:44.0114 4808 PNRPAutoReg - ok

18:02:44.0161 4808 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

18:02:44.0192 4808 PNRPsvc - ok

18:02:44.0332 4808 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

18:02:44.0473 4808 PolicyAgent - ok

18:02:44.0520 4808 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

18:02:44.0566 4808 Power - ok

18:02:44.0644 4808 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

18:02:44.0722 4808 PptpMiniport - ok

18:02:44.0769 4808 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

18:02:44.0800 4808 Processor - ok

18:02:44.0941 4808 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll

18:02:45.0019 4808 ProfSvc - ok

18:02:45.0050 4808 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

18:02:45.0066 4808 ProtectedStorage - ok

18:02:45.0128 4808 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

18:02:45.0206 4808 Psched - ok

18:02:45.0253 4808 PSI (fb46e9a827a8799ebd7bfa9128c91f37) C:\Windows\system32\DRIVERS\psi_mf.sys

18:02:45.0268 4808 PSI - ok

18:02:45.0440 4808 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

18:02:45.0502 4808 ql2300 - ok

18:02:45.0768 4808 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

18:02:45.0783 4808 ql40xx - ok

18:02:45.0861 4808 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

18:02:45.0908 4808 QWAVE - ok

18:02:45.0939 4808 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

18:02:45.0970 4808 QWAVEdrv - ok

18:02:46.0002 4808 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

18:02:46.0080 4808 RasAcd - ok

18:02:46.0126 4808 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

18:02:46.0204 4808 RasAgileVpn - ok

18:02:46.0236 4808 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

18:02:46.0314 4808 RasAuto - ok

18:02:46.0360 4808 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

18:02:46.0423 4808 Rasl2tp - ok

18:02:46.0485 4808 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

18:02:46.0563 4808 RasMan - ok

18:02:46.0594 4808 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

18:02:46.0657 4808 RasPppoe - ok

18:02:46.0704 4808 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

18:02:46.0750 4808 RasSstp - ok

18:02:46.0813 4808 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

18:02:46.0922 4808 rdbss - ok

18:02:46.0953 4808 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

18:02:47.0000 4808 rdpbus - ok

18:02:47.0016 4808 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

18:02:47.0109 4808 RDPCDD - ok

18:02:47.0140 4808 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

18:02:47.0187 4808 RDPENCDD - ok

18:02:47.0187 4808 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

18:02:47.0234 4808 RDPREFMP - ok

18:02:47.0265 4808 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys

18:02:47.0359 4808 RDPWD - ok

18:02:47.0406 4808 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

18:02:47.0421 4808 rdyboost - ok

18:02:47.0468 4808 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

18:02:47.0515 4808 RemoteAccess - ok

18:02:47.0562 4808 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

18:02:47.0624 4808 RemoteRegistry - ok

18:02:47.0718 4808 Revoflt (9c3ac71a9934b884fac567a8807e9c4d) C:\Windows\system32\DRIVERS\revoflt.sys

18:02:47.0733 4808 Revoflt - ok

18:02:47.0780 4808 RMCAST (caf88d6573d21cd2aa27001ddbfdc74d) C:\Windows\system32\DRIVERS\RMCAST.sys

18:02:47.0858 4808 RMCAST - ok

18:02:47.0889 4808 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

18:02:47.0936 4808 RpcEptMapper - ok

18:02:47.0967 4808 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

18:02:47.0983 4808 RpcLocator - ok

18:02:48.0061 4808 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

18:02:48.0123 4808 RpcSs - ok

18:02:48.0170 4808 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

18:02:48.0264 4808 rspndr - ok

18:02:48.0326 4808 RSUSBSTOR (44ed82612403021e36998e1ecb1198f1) C:\Windows\system32\Drivers\RtsUStor.sys

18:02:48.0357 4808 RSUSBSTOR - ok

18:02:48.0388 4808 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

18:02:48.0404 4808 SamSs - ok

18:02:48.0435 4808 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

18:02:48.0451 4808 sbp2port - ok

18:02:48.0622 4808 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

18:02:48.0654 4808 SBSDWSCService - ok

18:02:48.0700 4808 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

18:02:48.0763 4808 SCardSvr - ok

18:02:48.0825 4808 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

18:02:48.0888 4808 scfilter - ok

18:02:48.0981 4808 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

18:02:49.0059 4808 Schedule - ok

18:02:49.0106 4808 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

18:02:49.0184 4808 SCPolicySvc - ok

18:02:49.0200 4808 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

18:02:49.0246 4808 SDRSVC - ok

18:02:49.0278 4808 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

18:02:49.0340 4808 secdrv - ok

18:02:49.0387 4808 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

18:02:49.0465 4808 seclogon - ok

18:02:49.0574 4808 Secunia PSI Agent (5b66db4877bbac9f7493aa8d84421e49) C:\Program Files (x86)\Secunia\PSI\PSIA.exe

18:02:49.0621 4808 Secunia PSI Agent - ok

18:02:49.0668 4808 Secunia Update Agent (0e88fdf474f2cdd370a4a6ce77d018f0) C:\Program Files (x86)\Secunia\PSI\sua.exe

18:02:49.0699 4808 Secunia Update Agent - ok

18:02:49.0824 4808 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll

18:02:49.0917 4808 SENS - ok

18:02:49.0964 4808 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

18:02:50.0026 4808 SensrSvc - ok

18:02:50.0058 4808 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

18:02:50.0073 4808 Serenum - ok

18:02:50.0104 4808 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

18:02:50.0136 4808 Serial - ok

18:02:50.0182 4808 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

18:02:50.0229 4808 sermouse - ok

18:02:50.0292 4808 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

18:02:50.0338 4808 SessionEnv - ok

18:02:50.0370 4808 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

18:02:50.0432 4808 sffdisk - ok

18:02:50.0448 4808 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

18:02:50.0479 4808 sffp_mmc - ok

18:02:50.0494 4808 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

18:02:50.0572 4808 sffp_sd - ok

18:02:50.0588 4808 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

18:02:50.0635 4808 sfloppy - ok

18:02:50.0744 4808 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys

18:02:50.0791 4808 Sftfs - ok

18:02:50.0947 4808 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

18:02:51.0009 4808 sftlist - ok

18:02:51.0056 4808 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys

18:02:51.0087 4808 Sftplay - ok

18:02:51.0087 4808 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys

18:02:51.0103 4808 Sftredir - ok

18:02:51.0103 4808 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys

18:02:51.0118 4808 Sftvol - ok

18:02:51.0134 4808 sftvsa - ok

18:02:51.0196 4808 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

18:02:51.0259 4808 SharedAccess - ok

18:02:51.0321 4808 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

18:02:51.0399 4808 ShellHWDetection - ok

18:02:51.0446 4808 simptcp (e9e830d540ededed650f906628468548) C:\Windows\System32\tcpsvcs.exe

18:02:51.0462 4808 simptcp - ok

18:02:51.0477 4808 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

18:02:51.0493 4808 SiSRaid2 - ok

18:02:51.0508 4808 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

18:02:51.0540 4808 SiSRaid4 - ok

18:02:51.0586 4808 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe

18:02:51.0602 4808 SkypeUpdate - ok

18:02:51.0664 4808 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

18:02:51.0758 4808 Smb - ok

18:02:51.0789 4808 SNMP (ca62ae004e98374bf7f082cd765eea02) C:\Windows\System32\snmp.exe

18:02:51.0820 4808 SNMP - ok

18:02:51.0883 4808 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

18:02:51.0930 4808 SNMPTRAP - ok

18:02:51.0945 4808 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

18:02:51.0961 4808 spldr - ok

18:02:52.0023 4808 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

18:02:52.0101 4808 Spooler - ok

18:02:52.0382 4808 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

18:02:52.0569 4808 sppsvc - ok

18:02:52.0678 4808 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

18:02:52.0834 4808 sppuinotify - ok

18:02:52.0959 4808 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

18:02:53.0053 4808 srv - ok

18:02:53.0115 4808 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

18:02:53.0178 4808 srv2 - ok

18:02:53.0224 4808 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

18:02:53.0256 4808 srvnet - ok

18:02:53.0302 4808 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

18:02:53.0396 4808 SSDPSRV - ok

18:02:53.0427 4808 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

18:02:53.0490 4808 SstpSvc - ok

18:02:53.0536 4808 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

18:02:53.0552 4808 stexstor - ok

18:02:53.0630 4808 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

18:02:53.0692 4808 stisvc - ok

18:02:53.0770 4808 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

18:02:53.0786 4808 swenum - ok

18:02:53.0848 4808 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

18:02:53.0926 4808 swprv - ok

18:02:53.0989 4808 SynTP (064a2530a4a7c7cec1be6a1945645be4) C:\Windows\system32\DRIVERS\SynTP.sys

18:02:54.0020 4808 SynTP - ok

18:02:54.0207 4808 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

18:02:54.0285 4808 SysMain - ok

18:02:54.0410 4808 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

18:02:54.0472 4808 TabletInputService - ok

18:02:54.0535 4808 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

18:02:54.0628 4808 TapiSrv - ok

18:02:54.0660 4808 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

18:02:54.0722 4808 TBS - ok

18:02:55.0050 4808 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys

18:02:55.0143 4808 Tcpip - ok

18:02:55.0393 4808 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys

18:02:55.0440 4808 TCPIP6 - ok

18:02:55.0518 4808 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

18:02:55.0596 4808 tcpipreg - ok

18:02:55.0627 4808 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

18:02:55.0736 4808 TDPIPE - ok

18:02:55.0752 4808 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

18:02:55.0783 4808 TDTCP - ok

18:02:55.0830 4808 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

18:02:55.0892 4808 tdx - ok

18:02:55.0923 4808 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

18:02:55.0939 4808 TermDD - ok

18:02:56.0001 4808 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

18:02:56.0110 4808 TermService - ok

18:02:56.0142 4808 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

18:02:56.0188 4808 Themes - ok

18:02:56.0235 4808 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

18:02:56.0282 4808 THREADORDER - ok

18:02:56.0313 4808 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

18:02:56.0391 4808 TrkWks - ok

18:02:56.0469 4808 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

18:02:56.0563 4808 TrustedInstaller - ok

18:02:56.0594 4808 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

18:02:56.0672 4808 tssecsrv - ok

18:02:56.0719 4808 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

18:02:56.0750 4808 TsUsbFlt - ok

18:02:56.0797 4808 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

18:02:56.0859 4808 tunnel - ok

18:02:56.0890 4808 TurboB - ok

18:02:56.0922 4808 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

18:02:56.0937 4808 uagp35 - ok

18:02:56.0953 4808 UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys

18:02:56.0968 4808 UBHelper - ok

18:02:57.0015 4808 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

18:02:57.0109 4808 udfs - ok

18:02:57.0140 4808 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

18:02:57.0156 4808 UI0Detect - ok

18:02:57.0187 4808 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

18:02:57.0187 4808 uliagpkx - ok

18:02:57.0234 4808 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys

18:02:57.0249 4808 umbus - ok

18:02:57.0265 4808 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

18:02:57.0312 4808 UmPass - ok

18:02:57.0592 4808 UNS (7466809e6da561d60c2f1ce8ede3c73f) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

18:02:57.0686 4808 UNS - ok

18:02:57.0811 4808 Updater Service (f9ec9acd504d823d9b9ca98a4f8d3ca2) C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe

18:02:57.0889 4808 Updater Service - ok

18:02:58.0045 4808 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

18:02:58.0154 4808 upnphost - ok

18:02:58.0310 4808 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys

18:02:58.0341 4808 USBAAPL64 - ok

18:02:58.0388 4808 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

18:02:58.0450 4808 usbccgp - ok

18:02:58.0497 4808 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

18:02:58.0575 4808 usbcir - ok

18:02:58.0606 4808 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys

18:02:58.0653 4808 usbehci - ok

18:02:58.0716 4808 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

18:02:58.0747 4808 usbhub - ok

18:02:58.0778 4808 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

18:02:58.0809 4808 usbohci - ok

18:02:58.0856 4808 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

18:02:58.0918 4808 usbprint - ok

18:02:58.0950 4808 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

18:02:58.0981 4808 usbscan - ok

18:02:59.0012 4808 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

18:02:59.0090 4808 USBSTOR - ok

18:02:59.0121 4808 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

18:02:59.0137 4808 usbuhci - ok

18:02:59.0199 4808 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys

18:02:59.0246 4808 usbvideo - ok

18:02:59.0277 4808 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

18:02:59.0355 4808 UxSms - ok

18:02:59.0386 4808 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

18:02:59.0402 4808 VaultSvc - ok

18:02:59.0418 4808 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

18:02:59.0433 4808 vdrvroot - ok

18:02:59.0511 4808 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

18:02:59.0620 4808 vds - ok

18:02:59.0714 4808 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

18:02:59.0776 4808 vga - ok

18:02:59.0792 4808 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

18:02:59.0870 4808 VgaSave - ok

18:02:59.0917 4808 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

18:02:59.0964 4808 vhdmp - ok

18:02:59.0979 4808 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

18:02:59.0995 4808 viaide - ok

18:03:00.0010 4808 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

18:03:00.0026 4808 volmgr - ok

18:03:00.0088 4808 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

18:03:00.0120 4808 volmgrx - ok

18:03:00.0166 4808 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

18:03:00.0198 4808 volsnap - ok

18:03:00.0244 4808 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

18:03:00.0276 4808 vsmraid - ok

18:03:00.0463 4808 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

18:03:00.0588 4808 VSS - ok

18:03:00.0806 4808 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

18:03:00.0868 4808 vwifibus - ok

18:03:00.0946 4808 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

18:03:01.0009 4808 vwififlt - ok

18:03:01.0040 4808 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys

18:03:01.0087 4808 vwifimp - ok

18:03:01.0149 4808 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

18:03:01.0227 4808 W32Time - ok

18:03:01.0383 4808 W3SVC (b32009db1972e7f2c227499289c4384a) C:\Windows\system32\inetsrv\iisw3adm.dll

18:03:01.0430 4808 W3SVC - ok

18:03:01.0477 4808 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

18:03:01.0539 4808 WacomPen - ok

18:03:01.0586 4808 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

18:03:01.0648 4808 WANARP - ok

18:03:01.0664 4808 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

18:03:01.0711 4808 Wanarpv6 - ok

18:03:01.0742 4808 WAS (b32009db1972e7f2c227499289c4384a) C:\Windows\system32\inetsrv\iisw3adm.dll

18:03:01.0758 4808 WAS - ok

18:03:01.0882 4808 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

18:03:01.0929 4808 WatAdminSvc - ok

18:03:02.0070 4808 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

18:03:02.0226 4808 wbengine - ok

18:03:02.0350 4808 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

18:03:02.0413 4808 WbioSrvc - ok

18:03:02.0491 4808 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

18:03:02.0553 4808 wcncsvc - ok

18:03:02.0569 4808 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

18:03:02.0600 4808 WcsPlugInService - ok

18:03:02.0740 4808 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

18:03:02.0772 4808 Wd - ok

18:03:02.0850 4808 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

18:03:02.0896 4808 Wdf01000 - ok

18:03:02.0912 4808 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

18:03:03.0021 4808 WdiServiceHost - ok

18:03:03.0037 4808 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

18:03:03.0052 4808 WdiSystemHost - ok

18:03:03.0099 4808 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

18:03:03.0177 4808 WebClient - ok

18:03:03.0224 4808 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

18:03:03.0318 4808 Wecsvc - ok

18:03:03.0364 4808 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

18:03:03.0427 4808 wercplsupport - ok

18:03:03.0474 4808 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

18:03:03.0536 4808 WerSvc - ok

18:03:03.0598 4808 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

18:03:03.0676 4808 WfpLwf - ok

18:03:03.0708 4808 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

18:03:03.0723 4808 WIMMount - ok

18:03:03.0801 4808 WinDefend - ok

18:03:03.0817 4808 WinHttpAutoProxySvc - ok

18:03:03.0879 4808 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

18:03:03.0942 4808 Winmgmt - ok

18:03:04.0129 4808 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

18:03:04.0254 4808 WinRM - ok

18:03:04.0394 4808 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

18:03:04.0410 4808 WinUsb - ok

18:03:04.0519 4808 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

18:03:04.0612 4808 Wlansvc - ok

18:03:04.0706 4808 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

18:03:04.0737 4808 wlcrasvc - ok

18:03:04.0971 4808 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

18:03:05.0080 4808 wlidsvc - ok

18:03:05.0174 4808 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

18:03:05.0221 4808 WmiAcpi - ok

18:03:05.0314 4808 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

18:03:05.0377 4808 wmiApSrv - ok

18:03:05.0439 4808 WMPNetworkSvc - ok

18:03:05.0470 4808 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

18:03:05.0502 4808 WPCSvc - ok

18:03:05.0548 4808 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

18:03:05.0595 4808 WPDBusEnum - ok

18:03:05.0611 4808 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

18:03:05.0673 4808 ws2ifsl - ok

18:03:05.0736 4808 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll

18:03:05.0782 4808 wscsvc - ok

18:03:05.0782 4808 WSearch - ok

18:03:06.0063 4808 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll

18:03:06.0141 4808 wuauserv - ok

18:03:06.0375 4808 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

18:03:06.0438 4808 WudfPf - ok

18:03:06.0484 4808 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

18:03:06.0594 4808 WUDFRd - ok

18:03:06.0640 4808 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

18:03:06.0687 4808 wudfsvc - ok

18:03:06.0718 4808 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

18:03:06.0843 4808 WwanSvc - ok

18:03:06.0968 4808 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

18:03:06.0984 4808 YahooAUService - ok

18:03:07.0015 4808 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

18:03:07.0452 4808 \Device\Harddisk0\DR0 - ok

18:03:07.0452 4808 Boot (0x1200) (ae9f1e5aa9deabb87e4b50ad15699b41) \Device\Harddisk0\DR0\Partition0

18:03:07.0452 4808 \Device\Harddisk0\DR0\Partition0 - ok

18:03:07.0483 4808 Boot (0x1200) (82c35759af5f712d7d5c4482558f053e) \Device\Harddisk0\DR0\Partition1

18:03:07.0483 4808 \Device\Harddisk0\DR0\Partition1 - ok

18:03:07.0483 4808 ============================================================

18:03:07.0483 4808 Scan finished

18:03:07.0483 4808 ============================================================

18:03:07.0498 3392 Detected object count: 9

18:03:07.0498 3392 Actual detected object count: 9

18:05:23.0671 3392 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user

18:05:23.0671 3392 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:05:23.0671 3392 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user

18:05:23.0671 3392 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:05:23.0687 3392 HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user

18:05:23.0687 3392 HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:05:23.0687 3392 McciCMService ( UnsignedFile.Multi.Generic ) - skipped by user

18:05:23.0687 3392 McciCMService ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:05:23.0687 3392 McciCMService64 ( UnsignedFile.Multi.Generic ) - skipped by user

18:05:23.0687 3392 McciCMService64 ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:05:23.0687 3392 MREMP50 ( UnsignedFile.Multi.Generic ) - skipped by user

18:05:23.0687 3392 MREMP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:05:23.0702 3392 MRESP50 ( UnsignedFile.Multi.Generic ) - skipped by user

18:05:23.0702 3392 MRESP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:05:23.0702 3392 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user

18:05:23.0702 3392 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:05:23.0702 3392 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user

18:05:23.0702 3392 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip

18:06:59.0096 2164 Deinitialize success

Sorry Mr. C. I know that post was huge but I'm still learning how to zip-copy-paste.

Mike

[MrCharlie]

That's alright...you can post the logs.

Next......

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

[MrCharlie]

How are we doing??

Do you still need help or can I close this post??

MrC

[Maurice Naggar]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!