Trojan.Dropper.BCMiner

eschwebach · July 21, 2012

Hello all, I am infected with the Trojan.Dropper.BCMiner virus and multiple attempts to remove it via Malware Bytes as failed. I would appreciate any help in removing the virus. Thank You

Here are the logs for DDS and Attach

DDS

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31

Run by Schwebach at 10:04:01 on 2012-07-21

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8183.5968 [GMT -5:00]

.

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe

C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\http_ss_win_pro.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE

C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE

C:\Program Files (x86)\Fitbit\fitbit.exe

C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe

C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe

C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe

C:\Program Files (x86)\Common Files\Logishrd\LVMVFM\LVPrS64H.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\COMODO\COMODO BackUp\SynchronizationService.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files (x86)\Steam\steam.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files (x86)\Logitech\Vid\Vid.exe

C:\Windows\System32\spool\drivers\x64\3\E_IATIGAA.EXE

C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

C:\Program Files (x86)\Fitbit\fitbit-tray.exe

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManager.exe

C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe

C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe

C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\real\realplayer\Update\realsched.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\Common Files\Steam\SteamService.exe

"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uSearch Page = hxxp://www.google.com

uStart Page = hxxp://www.google.com/

uSearch Bar = hxxp://www.google.com/ie

uDefault_Search_URL = hxxp://www.google.com/ie

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mWinlogon: Userinit=userinit.exe,

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

uRun: [steam] "c:\program files (x86)\steam\steam.exe" -silent

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

uRun: [Logitech Vid HD] "C:\Program Files (x86)\Logitech\Vid\vid.exe" -bootmode

uRun: [EPSON NX620 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGAA.EXE /FU "C:\Windows\TEMP\E_SD5C5.tmp" /EF "HKCU"

uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

uRun: [Fitbit Service Monitor] C:\Program Files (x86)\Fitbit\fitbit-tray.exe

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [<no name="">]

mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"

mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide

mRun: [intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManager.lnk"

mRun: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe

mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

LSP: mswsock.dll

DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://samsclubus.pnimedia.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

TCP: DhcpNameServer = 24.159.193.40 24.205.224.36 68.190.192.35

TCP: Interfaces\{98B4A98E-73B0-4CB6-BF7A-9ACA5083698E} : DhcpNameServer = 24.159.193.40 24.205.224.36 68.190.192.35

TCP: Interfaces\{9B3509C1-E37B-4502-9308-A8675CE5DD61} : DhcpNameServer = 24.159.193.40 24.205.224.36 68.190.192.35

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO-X64: 0x1 - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO-X64: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

mRun-x64: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

mRun-x64: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [(Default)]

mRun-x64: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"

mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun-x64: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide

mRun-x64: [intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManager.lnk"

mRun-x64: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe

mRun-x64: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Schwebach\AppData\Roaming\Mozilla\Firefox\Profiles\4zfmrble.default\

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll

FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll

.

============= SERVICES / DRIVERS ===============

.

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-9 169312]

R2 AllShare;SAMSUNG AllShare Service;C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [2010-7-16 6638080]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2011-9-10 166400]

R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2011-9-10 128512]

R2 Fitbit;Fitbit Data Uploader;C:\Program Files (x86)\Fitbit\fitbit.exe [2012-5-1 788000]

R2 FlipShareServer;FlipShare Server;C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [2011-5-6 1085440]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-7-28 13336]

R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe [2010-5-7 197976]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-14 655944]

R2 SynchronizationService.exe;Comodo BackUp Service;C:\Program Files (x86)\COMODO\COMODO BackUp\SynchronizationService.exe [2010-1-7 1143032]

R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]

R3 AE1000;Linksys AE1000 Driver;C:\Windows\system32\DRIVERS\ae1000w7.sys --> C:\Windows\system32\DRIVERS\ae1000w7.sys [?]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys --> C:\Windows\system32\DRIVERS\LVPr2M64.sys [?]

R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]

R3 LVUVC64;Logitech QuickCam Pro 9000(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 SIUSBXP;SIUSBXP;C:\Windows\system32\drivers\SiUSBXp.sys --> C:\Windows\system32\drivers\SiUSBXp.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-8-19 136176]

S2 RoxLiveShare10;LiveShare P2P Server 10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2009-6-10 309744]

S2 RoxWatch10;Roxio Hard Drive Watcher 10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2009-6-10 166384]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-13 250056]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-8-19 136176]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-7-20 113120]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-6-10 1124848]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TurboBoost;TurboBoost;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-11-2 126352]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]

.

=============== Created Last 30 ================

.

2012-07-21 03:17:40 -------- d-----w- C:\Users\Schwebach\AppData\Local\Macromedia

2012-07-21 03:08:22 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service

2012-07-21 03:07:58 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll

2012-07-21 03:07:58 68576 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll

2012-07-21 03:07:58 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll

2012-07-21 03:07:58 157608 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe

2012-07-21 03:07:57 573920 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll

2012-07-21 03:07:57 2106216 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_43.dll

2012-07-21 03:07:57 1998168 ----a-w- C:\Program Files (x86)\Mozilla Firefox\d3dx9_43.dll

2012-07-21 03:07:57 113120 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe

2012-07-21 01:43:35 115712 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\2BE1.tmp.dat

2012-07-21 01:40:32 115712 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\5F40.tmp.dat

2012-07-20 05:02:47 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%

2012-07-17 10:37:28 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DB64BF19-3848-4F40-AE7C-D3CFA760ADE7}\mpengine.dll

2012-07-15 19:20:40 -------- d-----w- C:\Program Files (x86)\Garmin

2012-07-12 08:04:27 3148800 ----a-w- C:\Windows\System32\win32k.sys

2012-07-11 09:05:01 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll

2012-07-11 09:05:01 2048 ----a-w- C:\Windows\System32\msxml3r.dll

2012-07-11 09:05:01 2004480 ----a-w- C:\Windows\System32\msxml6.dll

2012-07-11 09:05:01 1881600 ----a-w- C:\Windows\System32\msxml3.dll

2012-07-11 09:05:01 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll

2012-07-11 09:05:01 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

2012-06-25 21:04:24 1394248 ----a-w- C:\Windows\SysWow64\msxml4.dll

.

==================== Find3M ====================

.

2012-07-12 14:24:07 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-12 14:24:07 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-07-03 18:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll

2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll

2012-06-04 15:22:12 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll

2012-06-04 15:22:12 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll

2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-02 20:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-06-02 20:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll

2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys

2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll

2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll

2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

2012-05-31 17:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe

2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll

2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys

2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll

2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll

2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe

2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll

2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll

2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll

2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

.

============= FINISH: 10:04:35.34 ===============

ATTACH

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 8/19/2010 2:29:43 PM

System Uptime: 7/21/2012 8:05:18 AM (2 hours ago)

.

Motherboard: MSI | | P55-CD53 (MS-7586)

Processor: Intel® Core i5 CPU 650 @ 3.20GHz | CPU1 | 3201/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 891 GiB total, 719.559 GiB free.

D: is FIXED (NTFS) - 40 GiB total, 35.353 GiB free.

E: is CDROM ()

F: is Removable

G: is Removable

H: is Removable

I: is Removable

J: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP264: 7/10/2012 5:49:55 AM - Windows Update

RP265: 7/12/2012 3:00:13 AM - Windows Update

RP266: 7/17/2012 5:36:48 AM - Windows Update

.

==== Installed Programs ======================

.

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Photoshop Elements 8.0

Adobe Reader 9.5.1

Adobe Shockwave Player 11.6

Amazon MP3 Downloader 1.0.10

Angry Birds

Apple Application Support

Apple Software Update

ATI Catalyst Registration

Call of Duty® 4 - Modern Warfare

Call of Duty: Black Ops

Call of Duty: Black Ops - Multiplayer

Call of Duty: Modern Warfare 2

Call of Duty: Modern Warfare 2 - Multiplayer

CameraHelperMsi

Carbonite

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center Graphics Previews Vista

Catalyst Control Center InstallProxy

ccc-core-static

CCC Help English

COMODO BackUp

Coupon Printer for Windows

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

DirectX 9 Runtime

Epson Event Manager

EPSON Scan

erLT

ExpertGPS 4.34

FirstClass® Client

Fitbit Base Station (Driver Removal)

Fitbit v2.1.0

FlipShare

Garmin BaseCamp

Garmin Communicator Plugin

Garmin Trip and Waypoint Manager v5

Google Earth

Google Toolbar for Internet Explorer

Google Update Helper

InstaCodecs

Intel AppUp(SM) center

Intel® Control Center

Intel® Rapid Storage Technology

Java Auto Updater

Java 6 Update 31

JMicron JMB36X Driver

K-Lite Codec Pack 6.4.0 (Full)

Korean Fonts Support For Adobe Reader 9

Logitech Vid

Logitech Webcam Software

LWS Facebook

LWS Gallery

LWS Help_main

LWS Launcher

LWS Motion Detection

LWS Pictures And Video

LWS Video Mask Maker

LWS Webcam Software

LWS WLM Plugin

LWS YouTube Plugin

Malwarebytes Anti-Malware version 1.62.0.1300

MediaMan

MediaMonkey 3.2

Microsoft .NET Framework 1.1

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Mozilla Firefox 14.0.1 (x86 en-US)

Mozilla Maintenance Service

MSXML 4.0 SP2 (KB973688)

MSXML 4.0 SP3 Parser (KB2721691)

MSXML 4.0 SP3 Parser (KB973685)

My Little Artist

Picasa 3

PunkBuster Services

Quake Live Internet Explorer Plugin

QuickTime

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

Realtek Ethernet Controller Driver For Windows 7

Realtek High Definition Audio Driver

RealUpgrade 1.1

Roxio Activation Module

Roxio BackOnTrack

Roxio Central Audio

Roxio Central Copy

Roxio Central Core

Roxio Central Data

Roxio Central Tools

Roxio Creator XE

Roxio Express Labeler 3

Roxio Update Manager

SAMSUNG PC Share Manager

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2553431) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)

Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition

Skype Toolbars

Skype™ 4.2

Steam

swMSM

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

WinRAR 4.00 (32-bit)

.

==== Event Viewer Messages From Past Week ========

.

7/21/2012 9:29:38 AM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891

7/21/2012 9:29:38 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891

7/21/2012 8:05:35 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

7/21/2012 8:05:35 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

7/21/2012 8:05:32 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

7/14/2012 9:40:46 PM, Error: Schannel [36887] - The following fatal alert was received: 40.

7/14/2012 10:18:32 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk6\DR6.

.

==== End Of File ===========================</no>

Here is the MBAM log:

Malwarebytes Anti-Malware (PRO) 1.62.0.1300

www.malwarebytes.org

Database version: v2012.07.21.02

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Schwebach :: SCHWEBACH-PC [administrator]

Protection: Enabled

7/21/2012 10:18:54 AM

mbam-log-2012-07-21 (10-21-53).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 195861

Time elapsed: 2 minute(s), 12 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Windows\Installer\{f53a5367-4fca-325a-714d-1f5d6955c7e1}\U\00000008.@ (Trojan.Dropper.BCMiner) -> No action taken.

(end)

MrCharlie · July 21, 2012

Welcome to the forum.

Your computer is infected with a nasty rootkit. Please read the following information first.

You're infected with Rootkit.ZeroAccess, a BackDoor Trojan.
BACKDOOR WARNING
------------------------------
One or more of the identified infections is known to use a backdoor.
This allows hackers to remotely control your computer, steal critical system information and download and execute files.
I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.
Though the infection has been identified and because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
http://www.dslreports.com/faq/10451
When Should I Format, How Should I Reinstall
http://www.dslreports.com/faq/10063
I will try my best to clean this machine but I can't guarantee that it will be 100% secure afterwards.
Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

-----------------------------------------

Please make sure system restore is running and create a new restore point before continuing!

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

How to tell > 32 or 64 bit

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

- Startup Repair
  System Restore
  Windows Complete PC Restore
  Windows Memory Diagnostic Tool
  Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:
services.exe
[*]Now press the Search button
[*]When the search is complete, search.txt will also be written to your USB
[*]Type exit and reboot the computer normally
[*]Please copy and paste both logs in your reply.(FRST.txt and Search.txt)

MrC

eschwebach · July 21, 2012

Thank you Mr C. I would like to try and remove it first. Here are the requested logs:

FRST.exe

Scan result of Farbar Recovery Scan Tool Version: 20-07-2012 01

Ran by SYSTEM at 21-07-2012 11:06:20

Running from K:\

Windows 7 Home Premium (X64) OS Language: English(US)

The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11057768 2010-07-06] (Realtek Semiconductor)

HKLM-x32\...\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)

HKLM-x32\...\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe [36864 2007-03-20] ()

HKLM-x32\...\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-05-27] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [] [x]

HKLM-x32\...\Run: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [244208 2009-06-10] (Sonic Solutions)

HKLM-x32\...\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)

HKLM-x32\...\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide [165208 2010-05-07] (Logitech Inc.)

HKLM-x32\...\Run: [intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManager.lnk" [1309 2011-03-09] ()

HKLM-x32\...\Run: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [948880 2011-03-03] (Carbonite, Inc.)

HKLM-x32\...\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" [976320 2009-12-03] (SEIKO EPSON CORPORATION)

HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation)

HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2012-03-27] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2011-10-24] (Apple Inc.)

HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-11-01] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421736 2011-12-07] (Apple Inc.)

HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)

HKLM-x32\...\Run: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot [296056 2012-06-04] (RealNetworks, Inc.)

HKU\Schwebach\...\Run: [steam] "c:\program files (x86)\steam\steam.exe" -silent [1242448 2011-08-02] (Valve Corporation)

HKU\Schwebach\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-08-19] (Google Inc.)

HKU\Schwebach\...\Run: [Logitech Vid HD] "C:\Program Files (x86)\Logitech\Vid\vid.exe" -bootmode [6061400 2010-05-11] (Logitech Inc.)

HKU\Schwebach\...\Run: [EPSON NX620 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGAA.EXE /FU "C:\Windows\TEMP\E_SD5C5.tmp" /EF "HKCU" [224768 2010-01-12] (SEIKO EPSON CORPORATION)

HKU\Schwebach\...\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59240 2011-11-11] (Apple Inc.)

HKU\Schwebach\...\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59240 2011-11-11] (Apple Inc.)

HKU\Schwebach\...\Run: [Fitbit Service Monitor] C:\Program Files (x86)\Fitbit\fitbit-tray.exe [2164256 2011-10-26] (Fitbit, Inc.)

Tcpip\Parameters: [DhcpNameServer] 24.159.193.40 24.205.224.36 68.190.192.35

==================== Services (Whitelisted) ======

2 AdobeActiveFileMonitor8.0; C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [169312 2009-10-09] (Adobe Systems Incorporated)

2 AllShare; C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [6638080 2010-07-16] ()

2 CarboniteService; "C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe" [6315664 2011-03-03] (Carbonite, Inc. (www.carbonite.com))

2 FlipShare Service; "C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe" [460144 2011-05-06] ()

2 FlipShareServer; "C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe" [1085440 2011-05-06] ()

2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)

2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75064 2010-10-19] ()

3 stllssvr; "C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe" [74392 2009-04-30] (MicroVision Development, Inc.)

2 SynchronizationService.exe; "C:\Program Files (x86)\COMODO\COMODO BackUp\SynchronizationService.exe" [1143032 2010-01-07] ()

3 aspnet_state; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [x]

========================== Drivers (Whitelisted) =============

3 AE1000; C:\Windows\System32\DRIVERS\ae1000w7.sys [1101600 2010-02-12] (Ralink Technology Corp.)

0 bdisk; C:\Windows\SysWow64\Drivers\bdisk.sys [74328 2010-01-07] ()

0 CBUfs; C:\Windows\SysWow64\Drivers\CBUfs.sys [140760 2010-01-07] (COMODO Security Solutions Inc.)

3 LVPr2M64; C:\Windows\System32\Drivers\LVPr2M64.sys [30304 2010-05-07] ()

3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()

3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation)

2 TurboB; C:\Windows\System32\Drivers\TurboB.sys [13784 2009-11-02] ()

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-07-21 11:06 - 2012-07-21 11:06 - 00000000 ____D C:\FRST

2012-07-21 07:05 - 2012-07-21 07:05 - 00008863 ____A C:\Users\Schwebach\Desktop\Attach.txt

2012-07-21 07:04 - 2012-07-21 07:04 - 00025877 ____A C:\Users\Schwebach\Desktop\DDS.txt

2012-07-21 07:03 - 2012-07-21 07:03 - 00607260 ____R (Swearware) C:\Users\Schwebach\Desktop\dds.com

2012-07-21 06:49 - 2012-07-21 06:49 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\Schwebach\Desktop\tdsskiller.exe

2012-07-21 06:48 - 2012-07-21 06:48 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\Schwebach\Downloads\tdsskiller.exe

2012-07-20 19:17 - 2012-07-20 19:17 - 00000000 ____D C:\Users\Schwebach\AppData\Local\Macromedia

2012-07-20 19:08 - 2012-07-20 19:08 - 00001137 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk

2012-07-20 19:08 - 2012-07-20 19:08 - 00000000 ____D C:\Users\All Users\Mozilla

2012-07-20 19:08 - 2012-07-20 19:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

2012-07-20 19:06 - 2012-07-20 19:06 - 16801656 ____A (Mozilla) C:\Users\Schwebach\Downloads\Firefox Setup 14.0.1.exe

2012-07-19 21:02 - 2012-07-19 21:02 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%

2012-07-15 11:20 - 2012-07-15 11:20 - 00000000 ____D C:\Program Files (x86)\Garmin

2012-07-12 00:04 - 2012-07-12 00:04 - 00264764 ____A C:\Windows\msxml4-KB2721691-enu.LOG

2012-07-12 00:04 - 2012-06-11 19:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2012-07-12 00:01 - 2012-06-02 04:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-07-12 00:01 - 2012-06-02 04:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-07-12 00:01 - 2012-06-02 04:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-07-12 00:01 - 2012-06-02 04:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-07-12 00:01 - 2012-06-02 04:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-07-12 00:01 - 2012-06-02 04:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-07-12 00:01 - 2012-06-02 04:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-07-12 00:01 - 2012-06-02 04:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-07-12 00:01 - 2012-06-02 04:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2012-07-12 00:01 - 2012-06-02 04:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-07-12 00:01 - 2012-06-02 03:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-07-12 00:01 - 2012-06-02 03:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-07-12 00:01 - 2012-06-02 03:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-07-12 00:01 - 2012-06-02 03:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-07-12 00:01 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2012-07-12 00:01 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2012-07-12 00:01 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2012-07-12 00:01 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2012-07-12 00:01 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2012-07-12 00:01 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2012-07-12 00:01 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2012-07-12 00:01 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2012-07-12 00:01 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2012-07-12 00:01 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2012-07-12 00:01 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2012-07-12 00:01 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2012-07-12 00:01 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2012-07-12 00:01 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2012-07-11 01:05 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll

2012-07-11 01:05 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll

2012-07-11 01:05 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll

2012-07-11 01:05 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

2012-07-11 01:05 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll

2012-07-11 01:05 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll

2012-07-11 01:04 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll

2012-07-11 01:04 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2012-07-11 01:04 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll

2012-07-11 01:04 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll

2012-07-11 01:04 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys

2012-07-11 01:04 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys

2012-07-11 01:04 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys

2012-07-11 01:04 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll

2012-07-11 01:04 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll

2012-07-11 01:04 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2012-07-11 01:04 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2012-07-11 01:04 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2012-07-11 01:04 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2012-06-25 13:04 - 2012-06-25 13:04 - 01394248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml4.dll

2012-06-21 06:24 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll

2012-06-21 06:24 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll

2012-06-21 06:24 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe

2012-06-21 06:24 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll

2012-06-21 06:24 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll

2012-06-21 06:24 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll

2012-06-21 06:24 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll

2012-06-21 06:24 - 2012-06-02 12:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll

2012-06-21 06:24 - 2012-06-02 12:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe

============ 3 Months Modified Files ========================

2012-07-21 08:02 - 2010-07-28 09:55 - 01705043 ____A C:\Windows\WindowsUpdate.log

2012-07-21 08:02 - 2009-07-13 21:13 - 00739918 ____A C:\Windows\System32\PerfStringBackup.INI

2012-07-21 07:50 - 2010-08-19 16:00 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2012-07-21 07:24 - 2012-05-13 07:13 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2012-07-21 07:05 - 2012-07-21 07:05 - 00008863 ____A C:\Users\Schwebach\Desktop\Attach.txt

2012-07-21 07:04 - 2012-07-21 07:04 - 00025877 ____A C:\Users\Schwebach\Desktop\DDS.txt

2012-07-21 07:03 - 2012-07-21 07:03 - 00607260 ____R (Swearware) C:\Users\Schwebach\Desktop\dds.com

2012-07-21 06:49 - 2012-07-21 06:49 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\Schwebach\Desktop\tdsskiller.exe

2012-07-21 06:48 - 2012-07-21 06:48 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\Schwebach\Downloads\tdsskiller.exe

2012-07-21 06:26 - 2010-08-19 16:00 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2012-07-21 05:12 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2012-07-21 05:12 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2012-07-21 05:05 - 2010-08-20 16:14 - 20554329 ____A C:\Windows\SysWOW64\http_ss.log

2012-07-21 05:05 - 2010-08-20 16:14 - 00000074 ____A C:\Windows\SysWOW64\log.log

2012-07-21 05:05 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2012-07-21 05:05 - 2009-07-13 20:51 - 00063485 ____A C:\Windows\setupact.log

2012-07-21 04:42 - 2010-08-19 19:51 - 00096592 ____A C:\Windows\PFRO.log

2012-07-20 19:08 - 2012-07-20 19:08 - 00001137 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk

2012-07-20 19:06 - 2012-07-20 19:06 - 16801656 ____A (Mozilla) C:\Users\Schwebach\Downloads\Firefox Setup 14.0.1.exe

2012-07-12 06:24 - 2012-05-13 07:13 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2012-07-12 06:24 - 2011-08-07 15:40 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2012-07-12 00:21 - 2009-07-13 20:45 - 00460256 ____A C:\Windows\System32\FNTCACHE.DAT

2012-07-12 00:04 - 2012-07-12 00:04 - 00264764 ____A C:\Windows\msxml4-KB2721691-enu.LOG

2012-07-12 00:02 - 2010-08-19 19:57 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2012-07-03 10:46 - 2010-08-19 18:18 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-06-25 13:04 - 2012-06-25 13:04 - 01394248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml4.dll

2012-06-11 19:08 - 2012-07-12 00:04 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2012-06-08 21:43 - 2012-07-11 01:04 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll

2012-06-08 20:41 - 2012-07-11 01:04 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2012-06-05 22:06 - 2012-07-11 01:05 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll

2012-06-05 22:06 - 2012-07-11 01:05 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll

2012-06-05 22:02 - 2012-07-11 01:04 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll

2012-06-05 21:05 - 2012-07-11 01:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll

2012-06-05 21:05 - 2012-07-11 01:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

2012-06-05 21:03 - 2012-07-11 01:04 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll

2012-06-04 07:23 - 2012-06-04 07:23 - 00198832 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll

2012-06-04 07:23 - 2012-06-04 07:23 - 00001042 ____A C:\Users\Public\Desktop\RealPlayer.lnk

2012-06-04 07:22 - 2012-06-04 07:22 - 00499712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll

2012-06-04 07:22 - 2012-06-04 07:22 - 00348160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll

2012-06-04 07:22 - 2012-06-04 07:22 - 00272896 ____A (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll

2012-06-04 07:22 - 2012-06-04 07:22 - 00006656 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5016.dll

2012-06-04 07:22 - 2012-06-04 07:22 - 00005632 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5032.dll

2012-06-02 14:19 - 2012-06-21 06:24 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll

2012-06-02 14:19 - 2012-06-21 06:24 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll

2012-06-02 14:19 - 2012-06-21 06:24 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe

2012-06-02 14:19 - 2012-06-21 06:24 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll

2012-06-02 14:19 - 2012-06-21 06:24 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll

2012-06-02 14:15 - 2012-06-21 06:24 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll

2012-06-02 14:15 - 2012-06-21 06:24 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll

2012-06-02 12:19 - 2012-06-21 06:24 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll

2012-06-02 12:15 - 2012-06-21 06:24 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe

2012-06-02 04:49 - 2012-07-12 00:01 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-06-02 04:17 - 2012-07-12 00:01 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-06-02 04:12 - 2012-07-12 00:01 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-06-02 04:05 - 2012-07-12 00:01 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-06-02 04:05 - 2012-07-12 00:01 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-06-02 04:04 - 2012-07-12 00:01 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-06-02 04:04 - 2012-07-12 00:01 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-06-02 04:03 - 2012-07-12 00:01 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-06-02 04:01 - 2012-07-12 00:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2012-06-02 04:00 - 2012-07-12 00:01 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-06-02 03:59 - 2012-07-12 00:01 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-06-02 03:57 - 2012-07-12 00:01 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-06-02 03:57 - 2012-07-12 00:01 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-06-02 03:54 - 2012-07-12 00:01 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-06-02 01:07 - 2012-07-12 00:01 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2012-06-02 00:43 - 2012-07-12 00:01 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2012-06-02 00:33 - 2012-07-12 00:01 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2012-06-02 00:26 - 2012-07-12 00:01 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2012-06-02 00:25 - 2012-07-12 00:01 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2012-06-02 00:25 - 2012-07-12 00:01 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2012-06-02 00:23 - 2012-07-12 00:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2012-06-02 00:21 - 2012-07-12 00:01 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2012-06-02 00:20 - 2012-07-12 00:01 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2012-06-02 00:19 - 2012-07-12 00:01 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2012-06-02 00:19 - 2012-07-12 00:01 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2012-06-02 00:17 - 2012-07-12 00:01 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2012-06-02 00:16 - 2012-07-12 00:01 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2012-06-02 00:14 - 2012-07-12 00:01 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2012-06-01 21:50 - 2012-07-11 01:04 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys

2012-06-01 21:48 - 2012-07-11 01:04 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys

2012-06-01 21:48 - 2012-07-11 01:04 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys

2012-06-01 21:45 - 2012-07-11 01:04 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll

2012-06-01 21:44 - 2012-07-11 01:04 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll

2012-06-01 20:40 - 2012-07-11 01:04 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2012-06-01 20:40 - 2012-07-11 01:04 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2012-06-01 20:39 - 2012-07-11 01:04 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2012-06-01 20:34 - 2012-07-11 01:04 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2012-05-31 09:25 - 2010-08-19 14:51 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe

2012-05-13 07:14 - 2012-05-13 07:14 - 00002021 ____A C:\Users\Public\Desktop\Adobe Reader 9.lnk

2012-05-10 09:47 - 2012-05-10 09:47 - 00353357 ____A C:\Users\Schwebach\Documents\021457069 - House FINAL PLANS - 2005.11.04.tif

2012-05-04 03:06 - 2012-06-13 10:50 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe

2012-05-04 02:03 - 2012-06-13 10:50 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2012-05-04 02:03 - 2012-06-13 10:50 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2012-05-01 07:39 - 2012-05-01 07:39 - 01927240 ____A (Fitbit, Inc. ) C:\Users\Schwebach\Downloads\Fitbit-Uploader-For-Windows-2.1.0.exe

2012-04-30 21:40 - 2012-06-13 10:50 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll

2012-04-30 18:53 - 2012-04-30 18:53 - 00013560 ____A C:\Users\Schwebach\Desktop\Copy of 1st Grade deposit.xlsx

2012-04-27 19:55 - 2012-06-13 10:50 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys

2012-04-25 21:41 - 2012-06-13 10:50 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll

2012-04-25 21:41 - 2012-06-13 10:50 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll

2012-04-25 21:34 - 2012-06-13 10:50 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe

2012-04-24 20:13 - 2010-10-11 08:51 - 00076288 ____A C:\Users\Schwebach\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2012-04-23 21:37 - 2012-06-13 10:50 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll

2012-04-23 21:37 - 2012-06-13 10:50 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll

2012-04-23 21:37 - 2012-06-13 10:50 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll

2012-04-23 20:36 - 2012-06-13 10:50 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll

2012-04-23 20:36 - 2012-06-13 10:50 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll

2012-04-23 20:36 - 2012-06-13 10:50 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll

ZeroAccess:

C:\Windows\Installer\{f53a5367-4fca-325a-714d-1f5d6955c7e1}

C:\Windows\Installer\{f53a5367-4fca-325a-714d-1f5d6955c7e1}\@

C:\Windows\Installer\{f53a5367-4fca-325a-714d-1f5d6955c7e1}\L

C:\Windows\Installer\{f53a5367-4fca-325a-714d-1f5d6955c7e1}\U

C:\Windows\Installer\{f53a5367-4fca-325a-714d-1f5d6955c7e1}\L\00000004.@

C:\Windows\Installer\{f53a5367-4fca-325a-714d-1f5d6955c7e1}\L\1afb2d56

C:\Windows\Installer\{f53a5367-4fca-325a-714d-1f5d6955c7e1}\L\201d3dde

C:\Windows\Installer\{f53a5367-4fca-325a-714d-1f5d6955c7e1}\U\00000004.@

C:\Windows\Installer\{f53a5367-4fca-325a-714d-1f5d6955c7e1}\U\00000008.@

C:\Windows\Installer\{f53a5367-4fca-325a-714d-1f5d6955c7e1}\U\000000cb.@

C:\Windows\Installer\{f53a5367-4fca-325a-714d-1f5d6955c7e1}\U\80000000.@

C:\Windows\Installer\{f53a5367-4fca-325a-714d-1f5d6955c7e1}\U\80000032.@

C:\Windows\Installer\{f53a5367-4fca-325a-714d-1f5d6955c7e1}\U\80000064.@

ZeroAccess:

C:\Users\Schwebach\AppData\Local\{f53a5367-4fca-325a-714d-1f5d6955c7e1}

C:\Users\Schwebach\AppData\Local\{f53a5367-4fca-325a-714d-1f5d6955c7e1}\@

C:\Users\Schwebach\AppData\Local\{f53a5367-4fca-325a-714d-1f5d6955c7e1}\L

C:\Users\Schwebach\AppData\Local\{f53a5367-4fca-325a-714d-1f5d6955c7e1}\n

C:\Users\Schwebach\AppData\Local\{f53a5367-4fca-325a-714d-1f5d6955c7e1}\U

ZeroAccess:

C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:

C:\Windows\assembly\GAC_64\Desktop.ini

========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 9%

Total physical RAM: 8183.08 MB

Available physical RAM: 7375.64 MB

Total Pagefile: 8181.23 MB

Available Pagefile: 7363.41 MB

Total Virtual: 8192 MB

Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (WINDOWS) (Fixed) (Total:891.02 GB) (Free:719.52 GB) NTFS

2 Drive d: (ImageBackup) (Fixed) (Total:40 GB) (Free:35.35 GB) NTFS

8 Drive k: () (Removable) (Total:7.45 GB) (Free:7.14 GB) FAT32

10 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

11 Drive y: (SYSTEM) (Fixed) (Total:0.49 GB) (Free:0.44 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 931 GB 1024 KB

Disk 1 No Media 0 B 0 B

Disk 2 No Media 0 B 0 B

Disk 3 No Media 0 B 0 B

Disk 4 No Media 0 B 0 B

Disk 5 Online 7640 MB 0 B

Disk 6 No Media 0 B 0 B

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 500 MB 1024 KB

Partition 0 Extended 40 GB 501 MB

Partition 3 Logical 39 GB 502 MB

Partition 2 Primary 891 GB 40 GB

==================================================================================

Disk: 0

Partition 1

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 Y SYSTEM NTFS Partition 500 MB Healthy

==================================================================================

Disk: 0

Partition 3

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 D ImageBackup NTFS Partition 39 GB Healthy

==================================================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 C WINDOWS NTFS Partition 891 GB Healthy

==================================================================================

Partitions of Disk 5:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

* Partition 1 Primary 7640 MB 0 B

==================================================================================

Disk: 5

There is no partition selected.

Please select a partition and try again.

==================================================================================

==========================================================

Last Boot: 2012-07-17 21:59

======================= End Of Log ==========================

Search.txt

Farbar Recovery Scan Tool Version: 20-07-2012 01

Ran by SYSTEM at 2012-07-21 11:08:56

Running from K:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe

[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

====== End Of Search ======

MrCharlie · July 21, 2012

OK, here you go......Please carefully carry out this procedure!!!!!!

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flashdrive as fixlist.txt


C:\Windows\Installer\{f53a5367-4fca-325a-714d-1f5d6955c7e1}
C:\Users\Schwebach\AppData\Local\{f53a5367-4fca-325a-714d-1f5d6955c7e1}
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini
Replace: C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe C:\Windows\System32\services.exe

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST64 or FRST (which ever one you're using) and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

MrC

eschwebach · July 21, 2012

Done, here is the log:

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 20-07-2012 01

Ran by SYSTEM at 2012-07-21 17:26:27 Run:1

Running from K:\

==============================================

C:\Windows\Installer\{f53a5367-4fca-325a-714d-1f5d6955c7e1} moved successfully.

C:\Users\Schwebach\AppData\Local\{f53a5367-4fca-325a-714d-1f5d6955c7e1} moved successfully.

C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.

C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.

C:\Windows\System32\services.exe moved successfully.

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

==== End of Fixlog ====

MrCharlie · July 22, 2012

Well Done, we have a couple of more scans to run......

Please make sure system restore is running and create a new restore point before continuing.

XP <===> Vista & W7

XP users > please back up the registry using ERUNT.

-----------------------------------------

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

------------------------

Click the Start Scan button.

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

eschwebach · July 22, 2012

Here is the report:

07:59:21.0996 6960 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11

07:59:22.0294 6960 ============================================================

07:59:22.0294 6960 Current date / time: 2012/07/22 07:59:22.0294

07:59:22.0294 6960 SystemInfo:

07:59:22.0294 6960

07:59:22.0294 6960 OS Version: 6.1.7601 ServicePack: 1.0

07:59:22.0294 6960 Product type: Workstation

07:59:22.0294 6960 ComputerName: SCHWEBACH-PC

07:59:22.0294 6960 UserName: Schwebach

07:59:22.0294 6960 Windows directory: C:\Windows

07:59:22.0295 6960 System windows directory: C:\Windows

07:59:22.0295 6960 Running under WOW64

07:59:22.0295 6960 Processor architecture: Intel x64

07:59:22.0295 6960 Number of processors: 4

07:59:22.0295 6960 Page size: 0x1000

07:59:22.0295 6960 Boot type: Normal boot

07:59:22.0295 6960 ============================================================

07:59:22.0611 6960 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

07:59:22.0626 6960 Drive \Device\Harddisk5\DR5 - Size: 0x1DD800000 (7.46 Gb), SectorSize: 0x200, Cylinders: 0x3CD, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

07:59:22.0638 6960 ============================================================

07:59:22.0638 6960 \Device\Harddisk0\DR0:

07:59:22.0639 6960 MBR partitions:

07:59:22.0639 6960 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xFA000

07:59:22.0646 6960 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xFB000, BlocksNum 0x4FFF800

07:59:22.0646 6960 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x50FA800, BlocksNum 0x6F60B800

07:59:22.0646 6960 \Device\Harddisk5\DR5:

07:59:22.0646 6960 MBR partitions:

07:59:22.0646 6960 ============================================================

07:59:22.0668 6960 C: <-> \Device\Harddisk0\DR0\Partition2

07:59:22.0695 6960 D: <-> \Device\Harddisk0\DR0\Partition1

07:59:22.0695 6960 ============================================================

07:59:22.0695 6960 Initialize success

07:59:22.0695 6960 ============================================================

07:59:59.0746 0588 ============================================================

07:59:59.0746 0588 Scan started

07:59:59.0746 0588 Mode: Manual;

07:59:59.0746 0588 ============================================================

08:00:00.0689 0588 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

08:00:00.0694 0588 1394ohci - ok

08:00:00.0757 0588 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

08:00:00.0761 0588 ACPI - ok

08:00:00.0811 0588 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

08:00:00.0813 0588 AcpiPmi - ok

08:00:00.0923 0588 AdobeActiveFileMonitor8.0 (34400005de52842c4d6d4ee978b4d7ce) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe

08:00:00.0925 0588 AdobeActiveFileMonitor8.0 - ok

08:00:01.0049 0588 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

08:00:01.0051 0588 AdobeFlashPlayerUpdateSvc - ok

08:00:01.0102 0588 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

08:00:01.0107 0588 adp94xx - ok

08:00:01.0127 0588 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

08:00:01.0131 0588 adpahci - ok

08:00:01.0149 0588 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

08:00:01.0152 0588 adpu320 - ok

08:00:01.0227 0588 AE1000 (e005682ae8f8ec4eb05f2a70a16ea1c5) C:\Windows\system32\DRIVERS\ae1000w7.sys

08:00:01.0237 0588 AE1000 - ok

08:00:01.0261 0588 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

08:00:01.0262 0588 AeLookupSvc - ok

08:00:01.0313 0588 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

08:00:01.0318 0588 AFD - ok

08:00:01.0353 0588 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

08:00:01.0356 0588 agp440 - ok

08:00:01.0369 0588 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

08:00:01.0371 0588 ALG - ok

08:00:01.0403 0588 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

08:00:01.0403 0588 aliide - ok

08:00:01.0735 0588 AllShare (aaa1f9d4cf4c976c21bca8afa2bae6a4) C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe

08:00:01.0761 0588 AllShare - ok

08:00:01.0836 0588 AMD External Events Utility (f687d4976eff550fb0be45a5cb19f18f) C:\Windows\system32\atiesrxx.exe

08:00:01.0837 0588 AMD External Events Utility - ok

08:00:01.0866 0588 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

08:00:01.0866 0588 amdide - ok

08:00:01.0886 0588 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

08:00:01.0888 0588 AmdK8 - ok

08:00:02.0154 0588 amdkmdag (74687c33c4ad25a975bbb1ea1e8b3884) C:\Windows\system32\DRIVERS\atikmdag.sys

08:00:02.0207 0588 amdkmdag - ok

08:00:02.0297 0588 amdkmdap (c7f56ed86327a78e7f8a5cc503a98bd6) C:\Windows\system32\DRIVERS\atikmpag.sys

08:00:02.0300 0588 amdkmdap - ok

08:00:02.0320 0588 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

08:00:02.0322 0588 AmdPPM - ok

08:00:02.0359 0588 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

08:00:02.0362 0588 amdsata - ok

08:00:02.0386 0588 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

08:00:02.0400 0588 amdsbs - ok

08:00:02.0415 0588 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

08:00:02.0416 0588 amdxata - ok

08:00:02.0467 0588 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

08:00:02.0470 0588 AppID - ok

08:00:02.0488 0588 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

08:00:02.0490 0588 AppIDSvc - ok

08:00:02.0525 0588 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

08:00:02.0526 0588 Appinfo - ok

08:00:02.0635 0588 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

08:00:02.0636 0588 Apple Mobile Device - ok

08:00:02.0649 0588 Scan interrupted by user!

08:00:02.0650 0588 Scan interrupted by user!

08:00:02.0650 0588 ============================================================

08:00:02.0650 0588 Scan finished

08:00:02.0650 0588 ============================================================

08:00:02.0656 3284 Detected object count: 0

08:00:02.0656 3284 Actual detected object count: 0

08:00:06.0882 0728 ============================================================

08:00:06.0882 0728 Scan started

08:00:06.0882 0728 Mode: Manual; SigCheck; TDLFS;

08:00:06.0882 0728 ============================================================

08:00:07.0121 0728 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

08:00:07.0193 0728 1394ohci - ok

08:00:07.0229 0728 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

08:00:07.0242 0728 ACPI - ok

08:00:07.0270 0728 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

08:00:07.0298 0728 AcpiPmi - ok

08:00:07.0364 0728 AdobeActiveFileMonitor8.0 (34400005de52842c4d6d4ee978b4d7ce) C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe

08:00:07.0380 0728 AdobeActiveFileMonitor8.0 - ok

08:00:07.0448 0728 AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

08:00:07.0464 0728 AdobeFlashPlayerUpdateSvc - ok

08:00:07.0501 0728 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

08:00:07.0523 0728 adp94xx - ok

08:00:07.0538 0728 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

08:00:07.0552 0728 adpahci - ok

08:00:07.0562 0728 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

08:00:07.0574 0728 adpu320 - ok

08:00:07.0644 0728 AE1000 (e005682ae8f8ec4eb05f2a70a16ea1c5) C:\Windows\system32\DRIVERS\ae1000w7.sys

08:00:07.0666 0728 AE1000 - ok

08:00:07.0685 0728 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

08:00:07.0737 0728 AeLookupSvc - ok

08:00:07.0777 0728 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

08:00:07.0812 0728 AFD - ok

08:00:07.0837 0728 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

08:00:07.0849 0728 agp440 - ok

08:00:07.0860 0728 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

08:00:07.0897 0728 ALG - ok

08:00:07.0919 0728 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

08:00:07.0930 0728 aliide - ok

08:00:08.0258 0728 AllShare (aaa1f9d4cf4c976c21bca8afa2bae6a4) C:\Program Files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe

08:00:08.0338 0728 AllShare ( UnsignedFile.Multi.Generic ) - warning

08:00:08.0338 0728 AllShare - detected UnsignedFile.Multi.Generic (1)

08:00:08.0411 0728 AMD External Events Utility (f687d4976eff550fb0be45a5cb19f18f) C:\Windows\system32\atiesrxx.exe

08:00:08.0449 0728 AMD External Events Utility - ok

08:00:08.0473 0728 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

08:00:08.0485 0728 amdide - ok

08:00:08.0509 0728 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

08:00:08.0540 0728 AmdK8 - ok

08:00:08.0813 0728 amdkmdag (74687c33c4ad25a975bbb1ea1e8b3884) C:\Windows\system32\DRIVERS\atikmdag.sys

08:00:08.0888 0728 amdkmdag - ok

08:00:08.0976 0728 amdkmdap (c7f56ed86327a78e7f8a5cc503a98bd6) C:\Windows\system32\DRIVERS\atikmpag.sys

08:00:09.0016 0728 amdkmdap - ok

08:00:09.0035 0728 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

08:00:09.0072 0728 AmdPPM - ok

08:00:09.0097 0728 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

08:00:09.0109 0728 amdsata - ok

08:00:09.0119 0728 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

08:00:09.0134 0728 amdsbs - ok

08:00:09.0146 0728 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

08:00:09.0163 0728 amdxata - ok

08:00:09.0189 0728 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

08:00:09.0232 0728 AppID - ok

08:00:09.0244 0728 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

08:00:09.0294 0728 AppIDSvc - ok

08:00:09.0322 0728 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

08:00:09.0370 0728 Appinfo - ok

08:00:09.0468 0728 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

08:00:09.0494 0728 Apple Mobile Device - ok

08:00:09.0521 0728 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

08:00:09.0537 0728 arc - ok

08:00:09.0545 0728 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

08:00:09.0560 0728 arcsas - ok

08:00:09.0596 0728 aspnet_state - ok

08:00:09.0613 0728 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

08:00:09.0652 0728 AsyncMac - ok

08:00:09.0697 0728 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

08:00:09.0711 0728 atapi - ok

08:00:09.0759 0728 AtiHdmiService (2d648572ba9a610952fcafba1e119c2d) C:\Windows\system32\drivers\AtiHdmi.sys

08:00:09.0779 0728 AtiHdmiService - ok

08:00:10.0036 0728 atikmdag (74687c33c4ad25a975bbb1ea1e8b3884) C:\Windows\system32\DRIVERS\atikmdag.sys

08:00:10.0107 0728 atikmdag - ok

08:00:10.0213 0728 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

08:00:10.0285 0728 AudioEndpointBuilder - ok

08:00:10.0291 0728 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

08:00:10.0334 0728 AudioSrv - ok

08:00:10.0377 0728 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

08:00:10.0405 0728 AxInstSV - ok

08:00:10.0454 0728 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

08:00:10.0493 0728 b06bdrv - ok

08:00:10.0526 0728 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

08:00:10.0573 0728 b57nd60a - ok

08:00:10.0620 0728 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

08:00:10.0662 0728 BDESVC - ok

08:00:10.0748 0728 bdisk (bec0d79b5c2a8ebdd9d50998d8b47de7) C:\Windows\syswow64\drivers\bdisk.sys

08:00:10.0759 0728 bdisk - ok

08:00:10.0783 0728 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

08:00:10.0822 0728 Beep - ok

08:00:10.0864 0728 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll

08:00:10.0908 0728 BFE - ok

08:00:10.0974 0728 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll

08:00:11.0031 0728 BITS - ok

08:00:11.0081 0728 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

08:00:11.0108 0728 blbdrive - ok

08:00:11.0184 0728 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe

08:00:11.0204 0728 Bonjour Service - ok

08:00:11.0236 0728 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

08:00:11.0252 0728 bowser - ok

08:00:11.0270 0728 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

08:00:11.0322 0728 BrFiltLo - ok

08:00:11.0324 0728 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

08:00:11.0347 0728 BrFiltUp - ok

08:00:11.0377 0728 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys

08:00:11.0416 0728 BridgeMP - ok

08:00:11.0441 0728 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

08:00:11.0504 0728 Browser - ok

08:00:11.0520 0728 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

08:00:11.0543 0728 Brserid - ok

08:00:11.0556 0728 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

08:00:11.0586 0728 BrSerWdm - ok

08:00:11.0589 0728 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

08:00:11.0631 0728 BrUsbMdm - ok

08:00:11.0635 0728 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

08:00:11.0671 0728 BrUsbSer - ok

08:00:11.0677 0728 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

08:00:11.0713 0728 BTHMODEM - ok

08:00:11.0743 0728 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

08:00:11.0795 0728 bthserv - ok

08:00:12.0077 0728 CarboniteService (33e43a31ac6ac6ba95d4772d8cca076f) C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe

08:00:12.0161 0728 CarboniteService - ok

08:00:12.0186 0728 catchme - ok

08:00:12.0273 0728 CBUfs (f64a6f55e3154db0082a15acb7f4214e) C:\Windows\syswow64\DRIVERS\CBUFS.sys

08:00:12.0287 0728 CBUfs - ok

08:00:12.0352 0728 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

08:00:12.0402 0728 cdfs - ok

08:00:12.0443 0728 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys

08:00:12.0475 0728 cdrom - ok

08:00:12.0517 0728 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

08:00:12.0566 0728 CertPropSvc - ok

08:00:12.0595 0728 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

08:00:12.0616 0728 circlass - ok

08:00:12.0645 0728 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

08:00:12.0661 0728 CLFS - ok

08:00:12.0700 0728 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

08:00:12.0712 0728 clr_optimization_v2.0.50727_32 - ok

08:00:12.0752 0728 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

08:00:12.0763 0728 clr_optimization_v2.0.50727_64 - ok

08:00:12.0823 0728 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

08:00:12.0837 0728 clr_optimization_v4.0.30319_32 - ok

08:00:12.0875 0728 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

08:00:12.0885 0728 clr_optimization_v4.0.30319_64 - ok

08:00:12.0904 0728 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

08:00:12.0944 0728 CmBatt - ok

08:00:12.0973 0728 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

08:00:12.0985 0728 cmdide - ok

08:00:13.0027 0728 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys

08:00:13.0051 0728 CNG - ok

08:00:13.0063 0728 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

08:00:13.0074 0728 Compbatt - ok

08:00:13.0143 0728 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

08:00:13.0193 0728 CompositeBus - ok

08:00:13.0211 0728 COMSysApp - ok

08:00:13.0221 0728 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

08:00:13.0234 0728 crcdisk - ok

08:00:13.0264 0728 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll

08:00:13.0297 0728 CryptSvc - ok

08:00:13.0343 0728 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

08:00:13.0389 0728 DcomLaunch - ok

08:00:13.0420 0728 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

08:00:13.0477 0728 defragsvc - ok

08:00:13.0519 0728 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

08:00:13.0566 0728 DfsC - ok

08:00:13.0628 0728 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

08:00:13.0670 0728 Dhcp - ok

08:00:13.0690 0728 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

08:00:13.0730 0728 discache - ok

08:00:13.0752 0728 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

08:00:13.0765 0728 Disk - ok

08:00:13.0803 0728 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

08:00:13.0828 0728 Dnscache - ok

08:00:13.0867 0728 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

08:00:13.0924 0728 dot3svc - ok

08:00:13.0938 0728 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

08:00:13.0986 0728 DPS - ok

08:00:14.0012 0728 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

08:00:14.0031 0728 drmkaud - ok

08:00:14.0087 0728 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

08:00:14.0116 0728 DXGKrnl - ok

08:00:14.0140 0728 e1express (416a2007878ed1d6fc5dddb9e1f6db3e) C:\Windows\system32\DRIVERS\e1e6032e.sys

08:00:14.0187 0728 e1express - ok

08:00:14.0213 0728 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

08:00:14.0260 0728 EapHost - ok

08:00:14.0400 0728 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

08:00:14.0469 0728 ebdrv - ok

08:00:14.0557 0728 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

08:00:14.0593 0728 EFS - ok

08:00:14.0664 0728 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

08:00:14.0703 0728 ehRecvr - ok

08:00:14.0732 0728 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

08:00:14.0759 0728 ehSched - ok

08:00:14.0815 0728 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

08:00:14.0850 0728 elxstor - ok

08:00:14.0904 0728 EPSON_EB_RPCV4_04 (7db097f4f6786307168c0dddec43a565) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE

08:00:14.0927 0728 EPSON_EB_RPCV4_04 - ok

08:00:14.0953 0728 EPSON_PM_RPCV4_04 (258aa65a0862e19b7de6981fda3758ad) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE

08:00:14.0982 0728 EPSON_PM_RPCV4_04 - ok

08:00:15.0005 0728 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

08:00:15.0034 0728 ErrDev - ok

08:00:15.0071 0728 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

08:00:15.0117 0728 EventSystem - ok

08:00:15.0143 0728 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

08:00:15.0194 0728 exfat - ok

08:00:15.0209 0728 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

08:00:15.0271 0728 fastfat - ok

08:00:15.0339 0728 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

08:00:15.0366 0728 Fax - ok

08:00:15.0371 0728 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

08:00:15.0404 0728 fdc - ok

08:00:15.0427 0728 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

08:00:15.0475 0728 fdPHost - ok

08:00:15.0485 0728 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

08:00:15.0535 0728 FDResPub - ok

08:00:15.0547 0728 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

08:00:15.0561 0728 FileInfo - ok

08:00:15.0579 0728 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

08:00:15.0624 0728 Filetrace - ok

08:00:15.0717 0728 Fitbit (d4c0e5c287aad7ff3176731a310ab2af) C:\Program Files (x86)\Fitbit\fitbit.exe

08:00:15.0742 0728 Fitbit - ok

08:00:15.0804 0728 FLEXnet Licensing Service (abedfd48ac042c6aaad32452e77217a1) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

08:00:15.0831 0728 FLEXnet Licensing Service - ok

08:00:15.0914 0728 FlipShare Service (b8602c90d3c427d8a86ce60437615cf5) C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe

08:00:15.0933 0728 FlipShare Service - ok

08:00:15.0995 0728 FlipShareServer (ac5fb7094f31534594cae48306972cbd) C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe

08:00:16.0036 0728 FlipShareServer ( UnsignedFile.Multi.Generic ) - warning

08:00:16.0037 0728 FlipShareServer - detected UnsignedFile.Multi.Generic (1)

08:00:16.0112 0728 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

08:00:16.0136 0728 flpydisk - ok

08:00:16.0175 0728 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

08:00:16.0195 0728 FltMgr - ok

08:00:16.0265 0728 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

08:00:16.0312 0728 FontCache - ok

08:00:16.0382 0728 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

08:00:16.0400 0728 FontCache3.0.0.0 - ok

08:00:16.0437 0728 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

08:00:16.0451 0728 FsDepends - ok

08:00:16.0471 0728 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys

08:00:16.0486 0728 Fs_Rec - ok

08:00:16.0523 0728 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

08:00:16.0542 0728 fvevol - ok

08:00:16.0553 0728 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

08:00:16.0569 0728 gagp30kx - ok

08:00:16.0603 0728 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

08:00:16.0612 0728 GEARAspiWDM - ok

08:00:16.0661 0728 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

08:00:16.0725 0728 gpsvc - ok

08:00:16.0766 0728 grmnusb (b9893a68032a6d9addb5b98287c630f7) C:\Windows\system32\drivers\grmnusb.sys

08:00:16.0777 0728 grmnusb - ok

08:00:16.0842 0728 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

08:00:16.0853 0728 gupdate - ok

08:00:16.0867 0728 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

08:00:16.0878 0728 gupdatem - ok

08:00:16.0918 0728 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

08:00:16.0930 0728 gusvc - ok

08:00:16.0943 0728 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

08:00:16.0982 0728 hcw85cir - ok

08:00:17.0031 0728 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

08:00:17.0060 0728 HdAudAddService - ok

08:00:17.0107 0728 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

08:00:17.0149 0728 HDAudBus - ok

08:00:17.0185 0728 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

08:00:17.0216 0728 HidBatt - ok

08:00:17.0222 0728 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

08:00:17.0242 0728 HidBth - ok

08:00:17.0245 0728 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

08:00:17.0269 0728 HidIr - ok

08:00:17.0296 0728 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll

08:00:17.0342 0728 hidserv - ok

08:00:17.0386 0728 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys

08:00:17.0406 0728 HidUsb - ok

08:00:17.0436 0728 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

08:00:17.0509 0728 hkmsvc - ok

08:00:17.0538 0728 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

08:00:17.0574 0728 HomeGroupListener - ok

08:00:17.0608 0728 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

08:00:17.0637 0728 HomeGroupProvider - ok

08:00:17.0675 0728 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

08:00:17.0689 0728 HpSAMD - ok

08:00:17.0745 0728 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

08:00:17.0797 0728 HTTP - ok

08:00:17.0809 0728 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

08:00:17.0822 0728 hwpolicy - ok

08:00:17.0853 0728 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

08:00:17.0872 0728 i8042prt - ok

08:00:17.0912 0728 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys

08:00:17.0928 0728 iaStor - ok

08:00:17.0979 0728 IAStorDataMgrSvc (31a0e93cdf29007d6c6fffb632f375ed) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

08:00:17.0991 0728 IAStorDataMgrSvc - ok

08:00:18.0037 0728 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

08:00:18.0056 0728 iaStorV - ok

08:00:18.0139 0728 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

08:00:18.0161 0728 idsvc - ok

08:00:18.0192 0728 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

08:00:18.0205 0728 iirsp - ok

08:00:18.0264 0728 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

08:00:18.0323 0728 IKEEXT - ok

08:00:18.0446 0728 IntcAzAudAddService (f5872a11eb4f6db170d636cd4e53ca9f) C:\Windows\system32\drivers\RTKVHD64.sys

08:00:18.0503 0728 IntcAzAudAddService - ok

08:00:18.0577 0728 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

08:00:18.0590 0728 intelide - ok

08:00:18.0618 0728 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

08:00:18.0647 0728 intelppm - ok

08:00:18.0665 0728 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

08:00:18.0709 0728 IPBusEnum - ok

08:00:18.0734 0728 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

08:00:18.0789 0728 IpFilterDriver - ok

08:00:18.0853 0728 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll

08:00:18.0903 0728 iphlpsvc - ok

08:00:18.0928 0728 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

08:00:18.0961 0728 IPMIDRV - ok

08:00:18.0998 0728 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

08:00:19.0041 0728 IPNAT - ok

08:00:19.0156 0728 iPod Service (46d249f9db7844cc01050a9345f0f61b) C:\Program Files\iPod\bin\iPodService.exe

08:00:19.0180 0728 iPod Service - ok

08:00:19.0205 0728 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

08:00:19.0237 0728 IRENUM - ok

08:00:19.0259 0728 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

08:00:19.0270 0728 isapnp - ok

08:00:19.0302 0728 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

08:00:19.0320 0728 iScsiPrt - ok

08:00:19.0336 0728 JRAID (75ddb94a2a24f9f7037d10a2dda06d36) C:\Windows\system32\DRIVERS\jraid.sys

08:00:19.0348 0728 JRAID - ok

08:00:19.0379 0728 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys

08:00:19.0393 0728 kbdclass - ok

08:00:19.0429 0728 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys

08:00:19.0459 0728 kbdhid - ok

08:00:19.0490 0728 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

08:00:19.0508 0728 KeyIso - ok

08:00:19.0537 0728 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys

08:00:19.0549 0728 KSecDD - ok

08:00:19.0577 0728 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys

08:00:19.0591 0728 KSecPkg - ok

08:00:19.0612 0728 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

08:00:19.0658 0728 ksthunk - ok

08:00:19.0695 0728 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

08:00:19.0754 0728 KtmRm - ok

08:00:19.0805 0728 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll

08:00:19.0865 0728 LanmanServer - ok

08:00:19.0894 0728 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

08:00:19.0941 0728 LanmanWorkstation - ok

08:00:19.0955 0728 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

08:00:19.0992 0728 lltdio - ok

08:00:20.0027 0728 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

08:00:20.0082 0728 lltdsvc - ok

08:00:20.0099 0728 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

08:00:20.0134 0728 lmhosts - ok

08:00:20.0156 0728 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

08:00:20.0169 0728 LSI_FC - ok

08:00:20.0175 0728 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

08:00:20.0188 0728 LSI_SAS - ok

08:00:20.0194 0728 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

08:00:20.0208 0728 LSI_SAS2 - ok

08:00:20.0215 0728 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

08:00:20.0229 0728 LSI_SCSI - ok

08:00:20.0246 0728 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

08:00:20.0291 0728 luafv - ok

08:00:20.0320 0728 LVPr2M64 (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys

08:00:20.0330 0728 LVPr2M64 - ok

08:00:20.0337 0728 LVPr2Mon (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys

08:00:20.0349 0728 LVPr2Mon - ok

08:00:20.0411 0728 LVPrcS64 (9cd0dc863be5d40a762f7d84f11a8471) C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe

08:00:20.0430 0728 LVPrcS64 - ok

08:00:20.0452 0728 LVRS64 (8f0dd6ef66ef33e3d58ff8fbc7b6a1a6) C:\Windows\system32\DRIVERS\lvrs64.sys

08:00:20.0471 0728 LVRS64 - ok

08:00:20.0773 0728 LVUVC64 (f012f568c99a45f4ecd0b939c621b1a4) C:\Windows\system32\DRIVERS\lvuvc64.sys

08:00:20.0950 0728 LVUVC64 - ok

08:00:21.0045 0728 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys

08:00:21.0060 0728 MBAMProtector - ok

08:00:21.0169 0728 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

08:00:21.0198 0728 MBAMService - ok

08:00:21.0236 0728 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

08:00:21.0260 0728 Mcx2Svc - ok

08:00:21.0279 0728 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

08:00:21.0294 0728 megasas - ok

08:00:21.0310 0728 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

08:00:21.0326 0728 MegaSR - ok

08:00:21.0374 0728 Microsoft SharePoint Workspace Audit Service - ok

08:00:21.0404 0728 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

08:00:21.0469 0728 MMCSS - ok

08:00:21.0473 0728 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

08:00:21.0521 0728 Modem - ok

08:00:21.0547 0728 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

08:00:21.0577 0728 monitor - ok

08:00:21.0606 0728 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys

08:00:21.0619 0728 mouclass - ok

08:00:21.0635 0728 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

08:00:21.0653 0728 mouhid - ok

08:00:21.0687 0728 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

08:00:21.0701 0728 mountmgr - ok

08:00:21.0740 0728 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

08:00:21.0751 0728 MozillaMaintenance - ok

08:00:21.0775 0728 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

08:00:21.0794 0728 mpio - ok

08:00:21.0810 0728 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

08:00:21.0855 0728 mpsdrv - ok

08:00:21.0917 0728 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll

08:00:21.0976 0728 MpsSvc - ok

08:00:22.0008 0728 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

08:00:22.0046 0728 MRxDAV - ok

08:00:22.0085 0728 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

08:00:22.0110 0728 mrxsmb - ok

08:00:22.0145 0728 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

08:00:22.0182 0728 mrxsmb10 - ok

08:00:22.0204 0728 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

08:00:22.0227 0728 mrxsmb20 - ok

08:00:22.0247 0728 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

08:00:22.0259 0728 msahci - ok

08:00:22.0285 0728 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

08:00:22.0299 0728 msdsm - ok

08:00:22.0322 0728 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

08:00:22.0358 0728 MSDTC - ok

08:00:22.0395 0728 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

08:00:22.0434 0728 Msfs - ok

08:00:22.0447 0728 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

08:00:22.0505 0728 mshidkmdf - ok

08:00:22.0522 0728 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

08:00:22.0535 0728 msisadrv - ok

08:00:22.0573 0728 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

08:00:22.0614 0728 MSiSCSI - ok

08:00:22.0617 0728 msiserver - ok

08:00:22.0641 0728 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

08:00:22.0684 0728 MSKSSRV - ok

08:00:22.0690 0728 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

08:00:22.0729 0728 MSPCLOCK - ok

08:00:22.0746 0728 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

08:00:22.0786 0728 MSPQM - ok

08:00:22.0819 0728 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

08:00:22.0836 0728 MsRPC - ok

08:00:22.0869 0728 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

08:00:22.0881 0728 mssmbios - ok

08:00:22.0899 0728 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

08:00:22.0942 0728 MSTEE - ok

08:00:22.0945 0728 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

08:00:22.0966 0728 MTConfig - ok

08:00:22.0990 0728 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

08:00:23.0004 0728 Mup - ok

08:00:23.0043 0728 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

08:00:23.0092 0728 napagent - ok

08:00:23.0120 0728 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

08:00:23.0150 0728 NativeWifiP - ok

08:00:23.0195 0728 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

08:00:23.0222 0728 NDIS - ok

08:00:23.0241 0728 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

08:00:23.0279 0728 NdisCap - ok

08:00:23.0291 0728 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

08:00:23.0328 0728 NdisTapi - ok

08:00:23.0368 0728 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

08:00:23.0417 0728 Ndisuio - ok

08:00:23.0444 0728 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

08:00:23.0491 0728 NdisWan - ok

08:00:23.0525 0728 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

08:00:23.0559 0728 NDProxy - ok

08:00:23.0581 0728 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

08:00:23.0631 0728 NetBIOS - ok

08:00:23.0668 0728 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

08:00:23.0708 0728 NetBT - ok

08:00:23.0731 0728 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

08:00:23.0747 0728 Netlogon - ok

08:00:23.0783 0728 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

08:00:23.0830 0728 Netman - ok

08:00:23.0856 0728 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

08:00:23.0909 0728 netprofm - ok

08:00:23.0958 0728 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

08:00:23.0969 0728 NetTcpPortSharing - ok

08:00:23.0987 0728 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

08:00:23.0999 0728 nfrd960 - ok

08:00:24.0044 0728 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

08:00:24.0092 0728 NlaSvc - ok

08:00:24.0123 0728 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

08:00:24.0162 0728 Npfs - ok

08:00:24.0176 0728 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

08:00:24.0230 0728 nsi - ok

08:00:24.0251 0728 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

08:00:24.0303 0728 nsiproxy - ok

08:00:24.0381 0728 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

08:00:24.0422 0728 Ntfs - ok

08:00:24.0487 0728 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

08:00:24.0526 0728 Null - ok

08:00:24.0564 0728 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

08:00:24.0578 0728 nvraid - ok

08:00:24.0592 0728 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

08:00:24.0609 0728 nvstor - ok

08:00:24.0641 0728 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

08:00:24.0654 0728 nv_agp - ok

08:00:24.0682 0728 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

08:00:24.0708 0728 ohci1394 - ok

08:00:24.0757 0728 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

08:00:24.0768 0728 ose - ok

08:00:25.0005 0728 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

08:00:25.0082 0728 osppsvc - ok

08:00:25.0170 0728 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

08:00:25.0190 0728 p2pimsvc - ok

08:00:25.0216 0728 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

08:00:25.0239 0728 p2psvc - ok

08:00:25.0275 0728 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

08:00:25.0293 0728 Parport - ok

08:00:25.0321 0728 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys

08:00:25.0338 0728 partmgr - ok

08:00:25.0354 0728 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

08:00:25.0381 0728 PcaSvc - ok

08:00:25.0411 0728 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

08:00:25.0425 0728 pci - ok

08:00:25.0447 0728 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

08:00:25.0457 0728 pciide - ok

08:00:25.0474 0728 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

08:00:25.0488 0728 pcmcia - ok

08:00:25.0501 0728 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

08:00:25.0514 0728 pcw - ok

08:00:25.0538 0728 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

08:00:25.0598 0728 PEAUTH - ok

08:00:25.0644 0728 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

08:00:25.0670 0728 PerfHost - ok

08:00:25.0749 0728 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

08:00:25.0814 0728 pla - ok

08:00:25.0859 0728 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

08:00:25.0896 0728 PlugPlay - ok

08:00:25.0919 0728 PnkBstrA - ok

08:00:25.0941 0728 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

08:00:25.0974 0728 PNRPAutoReg - ok

08:00:26.0005 0728 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

08:00:26.0024 0728 PNRPsvc - ok

08:00:26.0067 0728 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

08:00:26.0118 0728 PolicyAgent - ok

08:00:26.0141 0728 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

08:00:26.0188 0728 Power - ok

08:00:26.0235 0728 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

08:00:26.0273 0728 PptpMiniport - ok

08:00:26.0292 0728 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

08:00:26.0317 0728 Processor - ok

08:00:26.0359 0728 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll

08:00:26.0398 0728 ProfSvc - ok

08:00:26.0423 0728 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

08:00:26.0444 0728 ProtectedStorage - ok

08:00:26.0477 0728 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

08:00:26.0522 0728 Psched - ok

08:00:26.0544 0728 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys

08:00:26.0556 0728 PxHlpa64 - ok

08:00:26.0628 0728 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

08:00:26.0665 0728 ql2300 - ok

08:00:26.0728 0728 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

08:00:26.0744 0728 ql40xx - ok

08:00:26.0772 0728 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

08:00:26.0801 0728 QWAVE - ok

08:00:26.0812 0728 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

08:00:26.0838 0728 QWAVEdrv - ok

08:00:26.0842 0728 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

08:00:26.0884 0728 RasAcd - ok

08:00:26.0900 0728 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

08:00:26.0946 0728 RasAgileVpn - ok

08:00:26.0962 0728 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

08:00:27.0003 0728 RasAuto - ok

08:00:27.0029 0728 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

08:00:27.0075 0728 Rasl2tp - ok

08:00:27.0095 0728 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

08:00:27.0134 0728 RasMan - ok

08:00:27.0158 0728 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

08:00:27.0206 0728 RasPppoe - ok

08:00:27.0223 0728 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

08:00:27.0268 0728 RasSstp - ok

08:00:27.0309 0728 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

08:00:27.0359 0728 rdbss - ok

08:00:27.0368 0728 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

08:00:27.0397 0728 rdpbus - ok

08:00:27.0404 0728 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

08:00:27.0447 0728 RDPCDD - ok

08:00:27.0461 0728 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

08:00:27.0513 0728 RDPENCDD - ok

08:00:27.0539 0728 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

08:00:27.0574 0728 RDPREFMP - ok

08:00:27.0605 0728 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys

08:00:27.0624 0728 RDPWD - ok

08:00:27.0656 0728 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

08:00:27.0671 0728 rdyboost - ok

08:00:27.0690 0728 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

08:00:27.0743 0728 RemoteAccess - ok

08:00:27.0778 0728 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

08:00:27.0816 0728 RemoteRegistry - ok

08:00:27.0906 0728 RoxLiveShare10 (d6e5c42cc027b2648cca5baceabaab03) C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe

08:00:27.0920 0728 RoxLiveShare10 - ok

08:00:27.0970 0728 RoxMediaDB10 (9896ba507d905c41820db90225049b57) C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe

08:00:27.0993 0728 RoxMediaDB10 - ok

08:00:28.0022 0728 RoxWatch10 (4dca97c64975fd0a3a17090a1a78f688) C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe

08:00:28.0034 0728 RoxWatch10 - ok

08:00:28.0100 0728 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

08:00:28.0151 0728 RpcEptMapper - ok

08:00:28.0173 0728 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

08:00:28.0204 0728 RpcLocator - ok

08:00:28.0251 0728 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

08:00:28.0293 0728 RpcSs - ok

08:00:28.0313 0728 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

08:00:28.0374 0728 rspndr - ok

08:00:28.0408 0728 RTL8167 (7ea8d2eb9bbfd2ab8a3117a1e96d3b3a) C:\Windows\system32\DRIVERS\Rt64win7.sys

08:00:28.0427 0728 RTL8167 - ok

08:00:28.0456 0728 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

08:00:28.0472 0728 SamSs - ok

08:00:28.0497 0728 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

08:00:28.0511 0728 sbp2port - ok

08:00:28.0531 0728 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

08:00:28.0583 0728 SCardSvr - ok

08:00:28.0604 0728 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

08:00:28.0649 0728 scfilter - ok

08:00:28.0705 0728 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

08:00:28.0767 0728 Schedule - ok

08:00:28.0798 0728 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

08:00:28.0837 0728 SCPolicySvc - ok

08:00:28.0865 0728 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

08:00:28.0885 0728 SDRSVC - ok

08:00:28.0941 0728 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

08:00:28.0989 0728 secdrv - ok

08:00:29.0007 0728 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

08:00:29.0041 0728 seclogon - ok

08:00:29.0060 0728 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll

08:00:29.0110 0728 SENS - ok

08:00:29.0152 0728 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

08:00:29.0170 0728 SensrSvc - ok

08:00:29.0231 0728 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

08:00:29.0269 0728 Serenum - ok

08:00:29.0292 0728 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

08:00:29.0313 0728 Serial - ok

08:00:29.0337 0728 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

08:00:29.0355 0728 sermouse - ok

08:00:29.0381 0728 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

08:00:29.0428 0728 SessionEnv - ok

08:00:29.0452 0728 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

08:00:29.0476 0728 sffdisk - ok

08:00:29.0482 0728 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

08:00:29.0513 0728 sffp_mmc - ok

08:00:29.0516 0728 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

08:00:29.0541 0728 sffp_sd - ok

08:00:29.0547 0728 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

08:00:29.0575 0728 sfloppy - ok

08:00:29.0630 0728 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

08:00:29.0682 0728 SharedAccess - ok

08:00:29.0718 0728 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

08:00:29.0762 0728 ShellHWDetection - ok

08:00:29.0771 0728 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

08:00:29.0785 0728 SiSRaid2 - ok

08:00:29.0799 0728 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

08:00:29.0814 0728 SiSRaid4 - ok

08:00:29.0851 0728 SIUSBXP (4c9f8e72f87f50a6125aaa31b63b2d18) C:\Windows\system32\drivers\SiUSBXp.sys

08:00:29.0861 0728 SIUSBXP - ok

08:00:29.0873 0728 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

08:00:29.0923 0728 Smb - ok

08:00:29.0950 0728 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

08:00:29.0974 0728 SNMPTRAP - ok

08:00:29.0985 0728 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

08:00:29.0999 0728 spldr - ok

08:00:30.0043 0728 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

08:00:30.0085 0728 Spooler - ok

08:00:30.0224 0728 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

08:00:30.0310 0728 sppsvc - ok

08:00:30.0372 0728 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

08:00:30.0414 0728 sppuinotify - ok

08:00:30.0465 0728 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

08:00:30.0497 0728 srv - ok

08:00:30.0524 0728 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

08:00:30.0548 0728 srv2 - ok

08:00:30.0565 0728 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

08:00:30.0596 0728 srvnet - ok

08:00:30.0639 0728 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

08:00:30.0695 0728 SSDPSRV - ok

08:00:30.0716 0728 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

08:00:30.0752 0728 SstpSvc - ok

08:00:30.0783 0728 Steam Client Service - ok

08:00:30.0800 0728 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

08:00:30.0811 0728 stexstor - ok

08:00:30.0863 0728 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

08:00:30.0911 0728 stisvc - ok

08:00:30.0950 0728 stllssvr (ff5eb78af7dfb68c2fb363537aaf753e) C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe

08:00:30.0961 0728 stllssvr - ok

08:00:30.0984 0728 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

08:00:30.0996 0728 swenum - ok

08:00:31.0032 0728 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

08:00:31.0083 0728 swprv - ok

08:00:31.0171 0728 SynchronizationService.exe (08c793f3e5d4124b0826e822e9cae633) C:\Program Files (x86)\COMODO\COMODO BackUp\SynchronizationService.exe

08:00:31.0205 0728 SynchronizationService.exe - ok

08:00:31.0343 0728 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

08:00:31.0402 0728 SysMain - ok

08:00:31.0448 0728 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

08:00:31.0473 0728 TabletInputService - ok

08:00:31.0499 0728 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

08:00:31.0547 0728 TapiSrv - ok

08:00:31.0564 0728 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

08:00:31.0609 0728 TBS - ok

08:00:31.0719 0728 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys

08:00:31.0763 0728 Tcpip - ok

08:00:31.0851 0728 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys

08:00:31.0887 0728 TCPIP6 - ok

08:00:31.0933 0728 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

08:00:31.0984 0728 tcpipreg - ok

08:00:32.0014 0728 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

08:00:32.0037 0728 TDPIPE - ok

08:00:32.0061 0728 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

08:00:32.0088 0728 TDTCP - ok

08:00:32.0118 0728 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

08:00:32.0154 0728 tdx - ok

08:00:32.0180 0728 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

08:00:32.0192 0728 TermDD - ok

08:00:32.0223 0728 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

08:00:32.0263 0728 TermService - ok

08:00:32.0288 0728 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

08:00:32.0317 0728 Themes - ok

08:00:32.0335 0728 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

08:00:32.0373 0728 THREADORDER - ok

08:00:32.0382 0728 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

08:00:32.0434 0728 TrkWks - ok

08:00:32.0488 0728 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

08:00:32.0542 0728 TrustedInstaller - ok

08:00:32.0568 0728 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

08:00:32.0611 0728 tssecsrv - ok

08:00:32.0647 0728 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

08:00:32.0673 0728 TsUsbFlt - ok

08:00:32.0706 0728 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

08:00:32.0750 0728 tunnel - ok

08:00:32.0765 0728 TurboB (825e7a1f48fb8bcfba27c178aab4e275) C:\Windows\system32\DRIVERS\TurboB.sys

08:00:32.0776 0728 TurboB - ok

08:00:32.0828 0728 TurboBoost (b206be1174d5964d49a56bb6c4e0524a) C:\Program Files\Intel\TurboBoost\TurboBoost.exe

08:00:32.0839 0728 TurboBoost - ok

08:00:32.0856 0728 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

08:00:32.0869 0728 uagp35 - ok

08:00:32.0908 0728 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

08:00:32.0954 0728 udfs - ok

08:00:32.0974 0728 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

08:00:32.0991 0728 UI0Detect - ok

08:00:33.0018 0728 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

08:00:33.0030 0728 uliagpkx - ok

08:00:33.0060 0728 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys

08:00:33.0081 0728 umbus - ok

08:00:33.0096 0728 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

08:00:33.0119 0728 UmPass - ok

08:00:33.0148 0728 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

08:00:33.0202 0728 upnphost - ok

08:00:33.0247 0728 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys

08:00:33.0271 0728 USBAAPL64 - ok

08:00:33.0300 0728 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys

08:00:33.0322 0728 usbaudio - ok

08:00:33.0345 0728 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

08:00:33.0369 0728 usbccgp - ok

08:00:33.0405 0728 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

08:00:33.0423 0728 usbcir - ok

08:00:33.0444 0728 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys

08:00:33.0461 0728 usbehci - ok

08:00:33.0503 0728 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

08:00:33.0547 0728 usbhub - ok

08:00:33.0568 0728 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

08:00:33.0607 0728 usbohci - ok

08:00:33.0634 0728 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

08:00:33.0666 0728 usbprint - ok

08:00:33.0696 0728 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

08:00:33.0730 0728 usbscan - ok

08:00:33.0756 0728 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

08:00:33.0787 0728 USBSTOR - ok

08:00:33.0822 0728 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

08:00:33.0845 0728 usbuhci - ok

08:00:33.0860 0728 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

08:00:33.0913 0728 UxSms - ok

08:00:33.0938 0728 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

08:00:33.0957 0728 VaultSvc - ok

08:00:33.0992 0728 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

08:00:34.0005 0728 vdrvroot - ok

08:00:34.0044 0728 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

08:00:34.0086 0728 vds - ok

08:00:34.0111 0728 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

08:00:34.0130 0728 vga - ok

08:00:34.0138 0728 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

08:00:34.0182 0728 VgaSave - ok

08:00:34.0207 0728 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

08:00:34.0223 0728 vhdmp - ok

08:00:34.0251 0728 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

08:00:34.0263 0728 viaide - ok

08:00:34.0299 0728 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

08:00:34.0317 0728 volmgr - ok

08:00:34.0357 0728 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

08:00:34.0378 0728 volmgrx - ok

08:00:34.0401 0728 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

08:00:34.0417 0728 volsnap - ok

08:00:34.0438 0728 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

08:00:34.0454 0728 vsmraid - ok

08:00:34.0529 0728 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

08:00:34.0590 0728 VSS - ok

08:00:34.0664 0728 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

08:00:34.0691 0728 vwifibus - ok

08:00:34.0704 0728 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

08:00:34.0739 0728 vwififlt - ok

08:00:34.0776 0728 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

08:00:34.0818 0728 W32Time - ok

08:00:34.0829 0728 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

08:00:34.0861 0728 WacomPen - ok

08:00:34.0905 0728 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

08:00:34.0946 0728 WANARP - ok

08:00:34.0949 0728 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

08:00:34.0989 0728 Wanarpv6 - ok

08:00:35.0063 0728 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

08:00:35.0096 0728 WatAdminSvc - ok

08:00:35.0190 0728 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

08:00:35.0226 0728 wbengine - ok

08:00:35.0298 0728 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

08:00:35.0322 0728 WbioSrvc - ok

08:00:35.0357 0728 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

08:00:35.0400 0728 wcncsvc - ok

08:00:35.0417 0728 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

08:00:35.0449 0728 WcsPlugInService - ok

08:00:35.0472 0728 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

08:00:35.0486 0728 Wd - ok

08:00:35.0524 0728 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys

08:00:35.0538 0728 WDC_SAM - ok

08:00:35.0569 0728 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

08:00:35.0591 0728 Wdf01000 - ok

08:00:35.0614 0728 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

08:00:35.0644 0728 WdiServiceHost - ok

08:00:35.0647 0728 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

08:00:35.0668 0728 WdiSystemHost - ok

08:00:35.0697 0728 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

08:00:35.0728 0728 WebClient - ok

08:00:35.0746 0728 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

08:00:35.0796 0728 Wecsvc - ok

08:00:35.0815 0728 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

08:00:35.0869 0728 wercplsupport - ok

08:00:35.0911 0728 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

08:00:35.0959 0728 WerSvc - ok

08:00:35.0997 0728 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

08:00:36.0036 0728 WfpLwf - ok

08:00:36.0046 0728 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

08:00:36.0063 0728 WIMMount - ok

08:00:36.0078 0728 WinDefend - ok

08:00:36.0082 0728 WinHttpAutoProxySvc - ok

08:00:36.0129 0728 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

08:00:36.0167 0728 Winmgmt - ok

08:00:36.0262 0728 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

08:00:36.0338 0728 WinRM - ok

08:00:36.0450 0728 winusb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys

08:00:36.0487 0728 winusb - ok

08:00:36.0539 0728 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

08:00:36.0592 0728 Wlansvc - ok

08:00:36.0633 0728 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

08:00:36.0652 0728 WmiAcpi - ok

08:00:36.0705 0728 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

08:00:36.0733 0728 wmiApSrv - ok

08:00:36.0764 0728 WMPNetworkSvc - ok

08:00:36.0775 0728 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

08:00:36.0796 0728 WPCSvc - ok

08:00:36.0819 0728 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

08:00:36.0840 0728 WPDBusEnum - ok

08:00:36.0858 0728 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

08:00:36.0895 0728 ws2ifsl - ok

08:00:36.0916 0728 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll

08:00:36.0940 0728 wscsvc - ok

08:00:36.0943 0728 WSearch - ok

08:00:37.0060 0728 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll

08:00:37.0118 0728 wuauserv - ok

08:00:37.0215 0728 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

08:00:37.0264 0728 WudfPf - ok

08:00:37.0287 0728 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

08:00:37.0342 0728 WUDFRd - ok

08:00:37.0374 0728 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

08:00:37.0410 0728 wudfsvc - ok

08:00:37.0435 0728 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

08:00:37.0472 0728 WwanSvc - ok

08:00:37.0497 0728 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0

08:00:37.0871 0728 \Device\Harddisk0\DR0 - ok

08:00:37.0877 0728 MBR (0x1B8) (5ea978854b06a98f85feac56e59420ca) \Device\Harddisk5\DR5

08:00:39.0617 0728 \Device\Harddisk5\DR5 - ok

08:00:39.0620 0728 Boot (0x1200) (fba2ceef3919a85712bd4b69cd0dc609) \Device\Harddisk0\DR0\Partition0

08:00:39.0621 0728 \Device\Harddisk0\DR0\Partition0 - ok

08:00:39.0632 0728 Boot (0x1200) (d6d83660d2d45b4309b3ad28c9f12fb2) \Device\Harddisk0\DR0\Partition1

08:00:39.0634 0728 \Device\Harddisk0\DR0\Partition1 - ok

08:00:39.0644 0728 Boot (0x1200) (68d8b7efc919489596e88fe4dc923f30) \Device\Harddisk0\DR0\Partition2

08:00:39.0646 0728 \Device\Harddisk0\DR0\Partition2 - ok

08:00:39.0647 0728 ============================================================

08:00:39.0647 0728 Scan finished

08:00:39.0647 0728 ============================================================

08:00:39.0655 2116 Detected object count: 2

08:00:39.0655 2116 Actual detected object count: 2

08:06:50.0557 2116 AllShare ( UnsignedFile.Multi.Generic ) - skipped by user

08:06:50.0557 2116 AllShare ( UnsignedFile.Multi.Generic ) - User select action: Skip

08:06:50.0559 2116 FlipShareServer ( UnsignedFile.Multi.Generic ) - skipped by user

08:06:50.0559 2116 FlipShareServer ( UnsignedFile.Multi.Generic ) - User select action: Skip

MrCharlie · July 22, 2012

That scan was clean, one more big one to run.....

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

eschwebach · July 22, 2012

Thanks:

ComboFix 12-07-21.01 - Schwebach 07/21/2012 20:39:26.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8183.6000 [GMT -5:00]

Running from: c:\users\Schwebach\Desktop\ComboFix.exe

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\users\Schwebach\WINDOWS

D:\Autorun.inf

.

((((((((((((((((((((((((( Files Created from 2012-06-22 to 2012-07-22 )))))))))))))))))))))))))))))))

.

2012-07-21 19:06 . 2012-07-21 19:06 -------- d-----w- C:\FRST

2012-07-21 03:17 . 2012-07-21 03:17 -------- d-----w- c:\users\Schwebach\AppData\Local\Macromedia

2012-07-21 03:08 . 2012-07-21 03:08 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service

2012-07-21 03:07 . 2012-07-14 00:17 68576 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll

2012-07-21 03:07 . 2012-07-14 00:17 157608 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe

2012-07-21 03:07 . 2012-07-14 00:16 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll

2012-07-21 03:07 . 2012-07-14 00:16 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll

2012-07-21 03:07 . 2012-07-14 00:17 573920 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll

2012-07-21 03:07 . 2012-07-14 00:17 113120 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe

2012-07-21 03:07 . 2012-07-14 00:16 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll

2012-07-21 03:07 . 2012-07-14 00:16 1998168 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_43.dll

2012-07-21 01:43 . 2012-07-21 01:43 115712 ----a-w- c:\programdata\Microsoft\Windows\DRM\2BE1.tmp.dat

2012-07-21 01:40 . 2012-07-21 01:40 115712 ----a-w- c:\programdata\Microsoft\Windows\DRM\5F40.tmp.dat

2012-07-20 05:02 . 2012-07-20 05:02 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%

2012-07-17 10:37 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DB64BF19-3848-4F40-AE7C-D3CFA760ADE7}\mpengine.dll

2012-07-15 19:20 . 2012-07-15 19:20 -------- d-----w- c:\program files (x86)\Garmin

2012-07-12 08:04 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys

2012-07-11 09:05 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll

2012-07-11 09:05 . 2012-06-06 06:06 1881600 ----a-w- c:\windows\system32\msxml3.dll

2012-07-11 09:05 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll

2012-07-11 09:05 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll

2012-07-11 09:05 . 2010-06-26 03:55 2048 ----a-w- c:\windows\system32\msxml3r.dll

2012-07-11 09:05 . 2010-06-26 03:24 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll

2012-06-25 21:04 . 2012-06-25 21:04 1394248 ----a-w- c:\windows\SysWow64\msxml4.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-12 14:24 . 2012-05-13 15:13 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-07-12 14:24 . 2011-08-07 23:40 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-12 08:02 . 2010-08-20 03:57 59701280 ----a-w- c:\windows\system32\MRT.exe

2012-07-03 18:46 . 2010-08-20 02:18 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-04 15:22 . 2012-06-04 15:22 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll

2012-06-04 15:22 . 2012-06-04 15:22 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll

2012-06-02 22:19 . 2012-06-21 14:24 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-21 14:24 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:19 . 2012-06-21 14:24 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-21 14:24 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-21 14:24 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:15 . 2012-06-21 14:24 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:15 . 2012-06-21 14:24 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 20:19 . 2012-06-21 14:24 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 20:15 . 2012-06-21 14:24 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-05-31 17:25 . 2010-08-19 22:51 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-05-04 11:06 . 2012-06-13 18:50 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-04 10:03 . 2012-06-13 18:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-05-04 10:03 . 2012-06-13 18:50 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-05-01 05:40 . 2012-06-13 18:50 209920 ----a-w- c:\windows\system32\profsvc.dll

2012-04-28 03:55 . 2012-06-13 18:50 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-04-26 05:41 . 2012-06-13 18:50 77312 ----a-w- c:\windows\system32\rdpwsx.dll

2012-04-26 05:41 . 2012-06-13 18:50 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-04-26 05:34 . 2012-06-13 18:50 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-04-24 05:37 . 2012-06-13 18:50 184320 ----a-w- c:\windows\system32\cryptsvc.dll

2012-04-24 05:37 . 2012-06-13 18:50 140288 ----a-w- c:\windows\system32\cryptnet.dll

2012-04-24 05:37 . 2012-06-13 18:50 1462272 ----a-w- c:\windows\system32\crypt32.dll

2012-04-24 04:36 . 2012-06-13 18:50 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll

2012-04-24 04:36 . 2012-06-13 18:50 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll

2012-04-24 04:36 . 2012-06-13 18:50 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]

@="{95A27763-F62A-4114-9072-E81D87DE3B68}"

[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]

2011-03-04 01:52 762000 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]

@="{E300CD91-100F-4E67-9AF3-1384A6124015}"

[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]

2011-03-04 01:52 762000 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]

@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"

[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]

2011-03-04 01:52 762000 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="c:\program files (x86)\steam\steam.exe" [2011-08-02 1242448]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-08-20 39408]

"Logitech Vid HD"="c:\program files (x86)\Logitech\Vid\vid.exe" [2010-05-11 6061400]

"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2011-11-12 59240]

"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2011-11-12 59240]

"Fitbit Service Monitor"="c:\program files (x86)\Fitbit\fitbit-tray.exe" [2011-10-26 2164256]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]

"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-27 98304]

"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe" [2009-06-10 244208]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208]

"Intel AppUp(SM) center"="c:\program files (x86)\Intel\IntelAppStore\bin\serviceManager.lnk" [2011-03-09 1309]

"Carbonite Backup"="c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe" [2011-03-04 948880]

"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2012-06-04 296056]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux2"=wdmaud.drv

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-20 136176]

R2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [2009-06-10 309744]

R2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [2009-06-10 166384]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-20 136176]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-14 113120]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-10 1124848]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-11-02 126352]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-08-02 51712]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-08-20 1255736]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]

S0 bdisk;C.O.M.O.D.O. Disk Raw Access Filter;c:\windows\SysWOW64\drivers\bdisk.sys [2010-01-08 74328]

S0 CBUfs;CBUfs;c:\windows\sysWOW64\DRIVERS\CBUFS.sys [2010-01-08 140760]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312]

S2 AllShare;SAMSUNG AllShare Service;c:\program files (x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [2010-07-16 6638080]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-05-27 203264]

S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2009-09-14 166400]

S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2009-09-14 128512]

S2 Fitbit;Fitbit Data Uploader;c:\program files (x86)\Fitbit\fitbit.exe [2011-10-26 788000]

S2 FlipShareServer;FlipShare Server;c:\program files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [2011-05-06 1085440]

S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]

S2 LVPrcS64;Process Monitor;c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe [2010-05-07 197976]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]

S2 SynchronizationService.exe;Comodo BackUp Service;c:\program files (x86)\COMODO\COMODO BackUp\SynchronizationService.exe [2010-01-08 1143032]

S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-11-02 13784]

S3 AE1000;Linksys AE1000 Driver;c:\windows\system32\DRIVERS\ae1000w7.sys [2010-02-12 1101600]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-05-27 6856192]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-05-27 264192]

S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2010-05-07 30304]

S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2010-07-07 339040]

S3 LVUVC64;Logitech QuickCam Pro 9000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2010-07-07 6465632]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-05 346144]

S3 SIUSBXP;SIUSBXP;c:\windows\system32\drivers\SiUSBXp.sys [2011-12-01 26856]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-07-22 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-13 14:24]

.

2012-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-20 00:00]

.

2012-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-08-20 00:00]

.

--------- X64 Entries -----------

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]

@="{95A27763-F62A-4114-9072-E81D87DE3B68}"

[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]

2011-03-04 01:36 1174672 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]

@="{E300CD91-100F-4E67-9AF3-1384A6124015}"

[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]

2011-03-04 01:36 1174672 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]

@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"

[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]

2011-03-04 01:36 1174672 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-06 11057768]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com/

uDefault_Search_URL = hxxp://www.google.com/ie

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 24.159.193.40 24.205.224.36 68.190.192.35

FF - ProfilePath - c:\users\Schwebach\AppData\Roaming\Mozilla\Firefox\Profiles\4zfmrble.default\

.

- - - - ORPHANS REMOVED - - - -

.

AddRemove-FITBIT&10C4&84C4 - c:\program files (x86)\Fitbit\Base Station\DriverUninstaller.exe USBXpress\FITBIT&10C4&84C4

AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Samsung\SAMSUNG PC Share Manager\http_ss_win_pro.exe

c:\program files (x86)\Flip Video\FlipShare\FlipShareService.exe

c:\windows\SysWOW64\PnkBstrA.exe

.

**************************************************************************

.

Completion time: 2012-07-21 21:15:36 - machine was rebooted

ComboFix-quarantined-files.txt 2012-07-22 02:15

.

Pre-Run: 771,823,271,936 bytes free

Post-Run: 773,185,654,784 bytes free

.

- - End Of File - - 5F675511173B90250A98EFBCA4733F87

MrCharlie · July 22, 2012

Looks Good.............

Please Update and run a Quick Scan with MBAM, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

eschwebach · July 22, 2012

Malwarebytes Anti-Malware (PRO) 1.62.0.1300

www.malwarebytes.org

Database version: v2012.07.21.02

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Schwebach :: SCHWEBACH-PC [administrator]

Protection: Enabled

7/22/2012 8:31:29 AM

mbam-log-2012-07-22 (08-31-29).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 197903

Time elapsed: 1 minute(s), 19 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

MrCharlie · July 22, 2012

How is it running????? MrC

eschwebach · July 22, 2012

Seems to be running just fine. Thank you very much. Donation is on it's way.

MrCharlie · July 22, 2012

Great

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

---------------------------------

Please download OTL from one of the links below: (you may already have OTL on the system)

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, etc....

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Maurice Naggar · July 23, 2012

Glad we could help. This has been resolved, and now this topic is closed.

The fixes in this Topic are for this system only! Do not apply the fix-instructions from this topic to any other system!

Trojan.Dropper.BCMiner

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information