Google search doesn't work. Please help.

[CorkscrewArtist]

When I attempt to search the web via Google I get redirected. Also, my computer has been acting odd recently - occassional blue screen, sound and screen brightness changes are delayed, some links don't work or I am redirected, sometimes my browser doesn't work at all, sometimes my computer won't reboot, sometimes everything seems to work perfectly... my AVG software detects an infection; something like dfcs.sys or something, but it can't fix it. Malwarebytes' anti-malware doesn't detect anything. I've used ccleaner, and that seemed to help after my computer would only run in safe mode, but now I'm struggling with these problems. I've attached a couple of reports. Please help. Thanks!

DDS.txt

Attach.txt

[Maniac]

Hello CorkscrewArtist and ! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

• If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  
• I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  
• Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  
• Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  
• Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  

Step 1

Please uninstall the following applications:

µTorrent

uTorrentControl2 Toolbar

Step 2

• Launch Malwarebytes' Anti-Malware
  
• Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  
• Go to Scanner tab and select Perform Quick Scan, then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy&Paste the entire report in your next reply.
  

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 3

Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

On completion of the scan click save log, save it to your desktop and post in your next reply

In your next reply, post the following log files:

• Malwarebytes' Anti-Malware log
  
• aswMBR log
  
• a new fresh DDS log file

[CorkscrewArtist]

Thanks Maniac!

MBAM log:

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.07.23.08

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 8.0.7601.17514

Meter Reader :: TANGYWAFFLE [administrator]

7/23/2012 8:24:55 AM

mbam-log-2012-07-23 (08-24-55).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 223808

Time elapsed: 6 minute(s),

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

aswMBR log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-07-23 08:33:12

-----------------------------

08:33:12.773 OS Version: Windows 6.1.7601 Service Pack 1

08:33:12.773 Number of processors: 2 586 0x170A

08:33:12.777 ComputerName: TANGYWAFFLE UserName:

08:33:14.449 Initialize success

08:33:35.996 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4

08:33:36.002 Disk 0 Vendor: Hitachi_HTS545016B9SA00 PBBOC64G Size: 152627MB BusType: 11

08:33:36.009 Disk 0 MBR read successfully

08:33:36.016 Disk 0 MBR scan

08:33:36.023 Disk 0 TDL4@MBR code has been found

08:33:36.031 Disk 0 Windows 7 default MBR code found via API

08:33:36.035 Disk 0 MBR hidden

08:33:36.059 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 300 MB offset 2048

08:33:36.077 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 152325 MB offset 616448

08:33:36.083 Disk 0 MBR [TDL4] **ROOTKIT**

08:33:36.089 Disk 0 trace - called modules:

08:33:36.095 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x860e449f]<<

08:33:36.101 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85dd9948]

08:33:36.108 3 CLASSPNP.SYS[837ce59e] -> nt!IofCallDriver -> [0x86121af8]

08:33:36.117 \Driver\atapi[0x86038470] -> IRP_MJ_CREATE -> 0x860e449f

08:33:36.124 Scan finished successfully

08:34:26.995 Disk 0 MBR has been saved successfully to "C:\Users\Meter Reader\Documents\MBR.dat"

08:34:27.002 The log file has been saved successfully to "C:\Users\Meter Reader\Documents\aswMBR.txt"

DDS log:

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_26

Run by Meter Reader at 8:34:43 on 2012-07-23

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.1915.846 [GMT -4:00]

.

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\PROGRA~1\AVG\AVG10\avgchsvx.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Program Files\Panasonic\PNotif\PNotif.exe

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\AEADISRV.EXE

C:\Program Files\AVG\AVG10\avgwdsvc.exe

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

c:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\Program Files\Panasonic\pcinfo\PCInfoPi.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\Panasonic\pcinfo\PCInfoSV.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe

C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\AVG\AVG10\avgnsx.exe

C:\Program Files\AVG\AVG10\avgemcx.exe

C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

C:\Windows\system32\conhost.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Panasonic\WSwitch\WSwitch.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Panasonic\Hotkey Appendix\hkeyapp.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\AVG\AVG10\avgtray.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Mozilla Firefox\firefox.exe

C:\PROGRA~1\AVG\AVG10\avgrsx.exe

C:\Program Files\AVG\AVG10\avgcsrvx.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\notepad.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\AVG\AVG10\avgcmgr.exe

C:\Windows\system32\conhost.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.att.net

uDefault_Page_URL = hxxp://panasonic.net/avc/toughbook/service/global_link.html

uURLSearchHooks: H - No File

uURLSearchHooks: H - No File

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll

BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

TB: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - No File

TB: {687578B9-7132-4A7A-80E4-30EE31099E03} - No File

mRun: [WSwitch] c:\program files\panasonic\wswitch\WSwitch.exe

mRun: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe

mRun: [soundMAX] c:\program files\analog devices\soundmax\soundmax.exe /tray

mRun: [Panasonic Hotkey Manager] c:\program files\panasonic\hotkey appendix\HKEYAPP.EXE

mRun: [PCinfo] c:\program files\panasonic\pcinfo\PcInfoUt.exe

mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [PRunOnce] c:\util\prunonce\PRunOnce.exe

mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe

LSP: mswsock.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {BF985246-09BF-11D2-BE62-006097DF57F6} - hxxp://simcity.ea.com/play/classic/SimCityX.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

TCP: DhcpNameServer = 74.128.19.102 74.128.17.114

TCP: Interfaces\{6C8957D3-7923-43FD-8491-02F511DB5174} : DhcpNameServer = 74.128.19.102 74.128.17.114

TCP: Interfaces\{BA603B43-A417-4981-A828-CFD1B9C8B1EC} : DhcpNameServer = 74.128.19.102 74.128.17.114

TCP: Interfaces\{BA603B43-A417-4981-A828-CFD1B9C8B1EC}\2456C6B696E6E253732423 : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{BA603B43-A417-4981-A828-CFD1B9C8B1EC}\2456C6B696E6E253732423F5537484A7 : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{BA603B43-A417-4981-A828-CFD1B9C8B1EC}\342716A7564602655647562716E6 : DhcpNameServer = 192.168.2.1 74.128.19.102 74.128.17.114

TCP: Interfaces\{BA603B43-A417-4981-A828-CFD1B9C8B1EC}\C43434 : DhcpNameServer = 64.191.128.10 64.191.128.101

TCP: Interfaces\{BA603B43-A417-4981-A828-CFD1B9C8B1EC}\C65687075726C69626E2F62776 : DhcpNameServer = 172.19.1.10 10.1.1.200 10.1.1.201

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll

Notify: igfxcui - igfxdev.dll

Hosts: 94.63.147.16 www.google.com

Hosts: 94.63.147.17 www.bing.com

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\meter reader\appdata\roaming\mozilla\firefox\profiles\b8owkj2c.default\

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=

FF - plugin: c:\program files\common files\motive\npMotive.dll

FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll

FF - plugin: c:\programdata\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

FF - plugin: c:\users\meter reader\appdata\roaming\mozilla\firefox\profiles\b8owkj2c.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\plugins\np-mswmp.dll

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - true

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]

R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]

R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]

R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]

R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-5 297168]

R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]

R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-5-27 134480]

R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]

R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 21968]

R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2009-10-1 122880]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-7-23 40776]

R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2009-10-1 4231680]

R3 NewMisc;Panasonic Misc Driver;c:\windows\system32\drivers\newmisc.sys [2009-10-1 53568]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y6232.sys [2009-10-1 221912]

S3 GemCCID;GemCCID;c:\windows\system32\drivers\GemCCID.sys [2009-10-1 88960]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-27 52224]

S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]

S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920]

.

=============== Created Last 30 ================

.

2012-07-23 12:23:38 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2012-07-15 11:23:54 -------- d-----w- c:\users\meter reader\appdata\local\CRE

2012-07-15 11:23:52 -------- d-----w- c:\program files\Conduit

2012-07-15 11:23:48 -------- d-----w- c:\users\meter reader\appdata\local\Conduit

2012-07-13 19:00:02 -------- d-----w- c:\users\meter reader\appdata\local\Ilivid Player

2012-07-13 18:56:41 -------- d-----w- c:\program files\iLivid

2012-07-12 11:43:26 2345984 ----a-w- c:\windows\system32\win32k.sys

.

==================== Find3M ====================

.

2012-07-03 17:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-18 16:44:34 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-06-18 16:44:34 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-06-06 05:05:52 1390080 ----a-w- c:\windows\system32\msxml6.dll

2012-06-06 05:05:52 1236992 ----a-w- c:\windows\system32\msxml3.dll

2012-06-06 05:03:06 805376 ----a-w- c:\windows\system32\cdosys.dll

2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 19:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 19:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-06-02 04:45:04 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-06-02 04:45:03 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2012-06-02 04:40:59 369336 ----a-w- c:\windows\system32\drivers\cng.sys

2012-06-02 04:40:39 225280 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 04:39:10 219136 ----a-w- c:\windows\system32\ncrypt.dll

2012-05-15 03:03:54 981504 ----a-w- c:\windows\system32\wininet.dll

2012-05-01 04:44:12 164352 ----a-w- c:\windows\system32\profsvc.dll

2012-04-28 03:17:07 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-04-26 04:45:55 58880 ----a-w- c:\windows\system32\rdpwsx.dll

2012-04-26 04:45:54 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-04-26 04:41:16 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-04-26 00:50:19 0 --sha-w- c:\windows\system32\dds_trash_log.cmd

.

============= FINISH: 8:39:03.62 ===============

[CorkscrewArtist]

Also, while running MBAM quick scan AVG popped up a threat notification. It happens everytime I run MBAM. It's always the same system32/drivers/dfsc.sys. My only option is to ignore.

[Maniac]

BACKDOOR WARNING

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

Help: I Got Hacked. Now What Do I Do?

Help: I Got Hacked. Now What Do I Do? Part II

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

Download the latest version of TDSSKiller from here and save it to your Desktop.

1. Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
   
   
2. Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
   
   
3. Click the Start Scan button.
   
   
4. If a suspicious object is detected, the default action will be Skip, click on Continue.
   
   
5. If malicious objects are found, they will show in the Scan results and offer three (3) options.
   
6. Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
   
   
7. Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
   

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

[CorkscrewArtist]

I'd like to proceed with the cleanup procedures. I'm aware of the risks. Thank you so much. Here is the TDSSKiller report:

13:18:59.0261 1800 TDSS rootkit removing tool 2.7.47.0 Jul 20 2012 20:36:30

13:18:59.0651 1800 ============================================================

13:18:59.0651 1800 Current date / time: 2012/07/23 13:18:59.0651

13:18:59.0651 1800 SystemInfo:

13:18:59.0651 1800

13:18:59.0651 1800 OS Version: 6.1.7601 ServicePack: 1.0

13:18:59.0651 1800 Product type: Workstation

13:18:59.0651 1800 ComputerName: TANGYWAFFLE

13:18:59.0651 1800 UserName: Meter Reader

13:18:59.0651 1800 Windows directory: C:\Windows

13:18:59.0651 1800 System windows directory: C:\Windows

13:18:59.0651 1800 Processor architecture: Intel x86

13:18:59.0651 1800 Number of processors: 2

13:18:59.0651 1800 Page size: 0x1000

13:18:59.0651 1800 Boot type: Normal boot

13:18:59.0651 1800 ============================================================

13:19:08.0496 1800 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

13:19:08.0496 1800 ============================================================

13:19:08.0496 1800 \Device\Harddisk0\DR0:

13:19:08.0496 1800 MBR partitions:

13:19:08.0496 1800 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x96800, BlocksNum 0x12982EB0

13:19:08.0496 1800 ============================================================

13:19:08.0543 1800 C: <-> \Device\Harddisk0\DR0\Partition0

13:19:08.0543 1800 ============================================================

13:19:08.0543 1800 Initialize success

13:19:08.0543 1800 ============================================================

13:19:51.0833 2068 ============================================================

13:19:51.0833 2068 Scan started

13:19:51.0833 2068 Mode: Manual; SigCheck; TDLFS;

13:19:51.0833 2068 ============================================================

13:19:53.0642 2068 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys

13:19:53.0830 2068 1394ohci - ok

13:19:53.0861 2068 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys

13:19:53.0876 2068 ACPI - ok

13:19:53.0923 2068 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys

13:19:54.0017 2068 AcpiPmi - ok

13:19:54.0064 2068 ADIHdAudAddService (23f78687cbf3972704650a799420bfa8) C:\Windows\system32\drivers\ADIHdAud.sys

13:19:54.0142 2068 ADIHdAudAddService - ok

13:19:54.0204 2068 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys

13:19:54.0251 2068 adp94xx - ok

13:19:54.0298 2068 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys

13:19:54.0344 2068 adpahci - ok

13:19:54.0360 2068 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys

13:19:54.0376 2068 adpu320 - ok

13:19:54.0422 2068 AEADIFilters (4dc6b0772d1698f04fc79053a21c8260) C:\Windows\system32\AEADISRV.EXE

13:19:54.0500 2068 AEADIFilters - ok

13:19:54.0547 2068 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll

13:19:54.0610 2068 AeLookupSvc - ok

13:19:54.0750 2068 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys

13:19:54.0828 2068 AFD - ok

13:19:54.0875 2068 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys

13:19:54.0906 2068 agp440 - ok

13:19:54.0953 2068 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys

13:19:54.0984 2068 aic78xx - ok

13:19:55.0031 2068 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe

13:19:55.0109 2068 ALG - ok

13:19:55.0156 2068 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys

13:19:55.0202 2068 aliide - ok

13:19:55.0234 2068 AMD External Events Utility (4b01f74396ac5a4eb4888eb9c6558da3) C:\Windows\system32\atiesrxx.exe

13:19:55.0265 2068 AMD External Events Utility - ok

13:19:55.0296 2068 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys

13:19:55.0312 2068 amdagp - ok

13:19:55.0327 2068 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys

13:19:55.0343 2068 amdide - ok

13:19:55.0390 2068 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys

13:19:55.0452 2068 AmdK8 - ok

13:19:55.0468 2068 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys

13:19:55.0546 2068 AmdPPM - ok

13:19:55.0608 2068 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys

13:19:55.0655 2068 amdsata - ok

13:19:55.0702 2068 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys

13:19:55.0733 2068 amdsbs - ok

13:19:55.0764 2068 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys

13:19:55.0780 2068 amdxata - ok

13:19:55.0826 2068 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys

13:19:55.0967 2068 AppID - ok

13:19:56.0014 2068 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll

13:19:56.0107 2068 AppIDSvc - ok

13:19:56.0154 2068 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll

13:19:56.0216 2068 Appinfo - ok

13:19:56.0263 2068 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll

13:19:56.0326 2068 AppMgmt - ok

13:19:56.0372 2068 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys

13:19:56.0404 2068 arc - ok

13:19:56.0419 2068 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys

13:19:56.0450 2068 arcsas - ok

13:19:56.0466 2068 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys

13:19:56.0638 2068 AsyncMac - ok

13:19:56.0716 2068 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys

13:19:56.0762 2068 atapi - ok

13:19:56.0778 2068 atiavaiw - ok

13:19:57.0059 2068 atikmdag (a12b4aa7f1294f065a03fba79de29e5a) C:\Windows\system32\DRIVERS\atikmdag.sys

13:19:57.0277 2068 atikmdag - ok

13:19:57.0464 2068 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll

13:19:57.0574 2068 AudioEndpointBuilder - ok

13:19:57.0574 2068 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll

13:19:57.0605 2068 Audiosrv - ok

13:19:58.0182 2068 AVGIDSAgent (7a0f6a3e0e41425b9ba54616b482668a) C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe

13:19:58.0432 2068 AVGIDSAgent - ok

13:19:58.0697 2068 AVGIDSDriver (b9acb889ba1e0561868c025f95d63e25) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys

13:19:58.0744 2068 AVGIDSDriver - ok

13:19:58.0790 2068 AVGIDSEH (13256fc72fa5b3f6d6e8c5957e579b7c) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys

13:19:58.0806 2068 AVGIDSEH - ok

13:19:58.0868 2068 AVGIDSFilter (fa0685cc51de5cfd804e7deaa6488e0e) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys

13:19:58.0900 2068 AVGIDSFilter - ok

13:19:58.0931 2068 AVGIDSShim (f788b51100d0f40ea176798cce954a1a) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys

13:19:58.0946 2068 AVGIDSShim - ok

13:19:59.0009 2068 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\Windows\system32\DRIVERS\avgldx86.sys

13:19:59.0024 2068 Avgldx86 - ok

13:19:59.0071 2068 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\Windows\system32\DRIVERS\avgmfx86.sys

13:19:59.0102 2068 Avgmfx86 - ok

13:19:59.0149 2068 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\Windows\system32\DRIVERS\avgrkx86.sys

13:19:59.0180 2068 Avgrkx86 - ok

13:19:59.0212 2068 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\Windows\system32\DRIVERS\avgtdix.sys

13:19:59.0212 2068 Avgtdix - ok

13:19:59.0336 2068 avgwd (fc2bc51120a945f7c70376495e4e7737) C:\Program Files\AVG\AVG10\avgwdsvc.exe

13:19:59.0368 2068 avgwd - ok

13:19:59.0414 2068 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll

13:19:59.0461 2068 AxInstSV - ok

13:19:59.0524 2068 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys

13:19:59.0586 2068 b06bdrv - ok

13:19:59.0633 2068 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys

13:19:59.0664 2068 b57nd60x - ok

13:19:59.0695 2068 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll

13:19:59.0758 2068 BDESVC - ok

13:19:59.0789 2068 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys

13:19:59.0836 2068 Beep - ok

13:19:59.0945 2068 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll

13:20:00.0054 2068 BITS - ok

13:20:00.0085 2068 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys

13:20:00.0148 2068 blbdrive - ok

13:20:00.0194 2068 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys

13:20:00.0226 2068 bowser - ok

13:20:00.0241 2068 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys

13:20:00.0304 2068 BrFiltLo - ok

13:20:00.0335 2068 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys

13:20:00.0382 2068 BrFiltUp - ok

13:20:00.0428 2068 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll

13:20:00.0522 2068 Browser - ok

13:20:00.0569 2068 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys

13:20:00.0600 2068 Brserid - ok

13:20:00.0631 2068 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys

13:20:00.0678 2068 BrSerWdm - ok

13:20:00.0694 2068 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys

13:20:00.0740 2068 BrUsbMdm - ok

13:20:00.0772 2068 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys

13:20:00.0818 2068 BrUsbSer - ok

13:20:00.0850 2068 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys

13:20:00.0896 2068 BTHMODEM - ok

13:20:00.0959 2068 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll

13:20:01.0052 2068 bthserv - ok

13:20:01.0099 2068 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys

13:20:01.0146 2068 cdfs - ok

13:20:01.0208 2068 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys

13:20:01.0271 2068 cdrom - ok

13:20:01.0333 2068 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll

13:20:01.0411 2068 CertPropSvc - ok

13:20:01.0442 2068 Cinemsup - ok

13:20:01.0489 2068 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys

13:20:01.0520 2068 circlass - ok

13:20:01.0552 2068 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys

13:20:01.0567 2068 CLFS - ok

13:20:01.0661 2068 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

13:20:01.0692 2068 clr_optimization_v2.0.50727_32 - ok

13:20:01.0786 2068 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

13:20:01.0879 2068 clr_optimization_v4.0.30319_32 - ok

13:20:01.0910 2068 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys

13:20:01.0957 2068 CmBatt - ok

13:20:01.0988 2068 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys

13:20:02.0020 2068 cmdide - ok

13:20:02.0082 2068 CNG (247b4ce2dab1160cd422d532d5241e1f) C:\Windows\system32\Drivers\cng.sys

13:20:02.0129 2068 CNG - ok

13:20:02.0176 2068 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys

13:20:02.0176 2068 Compbatt - ok

13:20:02.0238 2068 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys

13:20:02.0300 2068 CompositeBus - ok

13:20:02.0316 2068 COMSysApp - ok

13:20:02.0332 2068 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys

13:20:02.0347 2068 crcdisk - ok

13:20:02.0394 2068 CryptSvc (06e771aa596b8761107ab57e99f128d7) C:\Windows\system32\cryptsvc.dll

13:20:02.0441 2068 CryptSvc - ok

13:20:02.0488 2068 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys

13:20:02.0566 2068 CSC - ok

13:20:02.0612 2068 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll

13:20:02.0659 2068 CscService - ok

13:20:02.0722 2068 dc3d (90f8539fa0de4aafe4fdbe7f95d6a512) C:\Windows\system32\DRIVERS\dc3d.sys

13:20:02.0737 2068 dc3d - ok

13:20:02.0800 2068 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll

13:20:02.0862 2068 DcomLaunch - ok

13:20:02.0909 2068 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll

13:20:03.0002 2068 defragsvc - ok

13:20:03.0049 2068 deltafw - ok

13:20:03.0065 2068 Dfs - ok

13:20:03.0112 2068 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll

13:20:03.0205 2068 Dhcp - ok

13:20:03.0236 2068 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys

13:20:03.0283 2068 discache - ok

13:20:03.0330 2068 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys

13:20:03.0361 2068 Disk - ok

13:20:03.0392 2068 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll

13:20:03.0470 2068 Dnscache - ok

13:20:03.0502 2068 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll

13:20:03.0548 2068 dot3svc - ok

13:20:03.0611 2068 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll

13:20:03.0689 2068 DPS - ok

13:20:03.0720 2068 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys

13:20:03.0751 2068 drmkaud - ok

13:20:03.0814 2068 dsunidrv - ok

13:20:03.0923 2068 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys

13:20:03.0970 2068 DXGKrnl - ok

13:20:04.0001 2068 e1yexpress (44a91d98d6719b49bcd649a863225b5c) C:\Windows\system32\DRIVERS\e1y6232.sys

13:20:04.0048 2068 e1yexpress - ok

13:20:04.0079 2068 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll

13:20:04.0126 2068 EapHost - ok

13:20:04.0375 2068 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys

13:20:04.0500 2068 ebdrv - ok

13:20:04.0625 2068 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe

13:20:04.0687 2068 EFS - ok

13:20:04.0781 2068 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe

13:20:04.0859 2068 ehRecvr - ok

13:20:04.0890 2068 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe

13:20:04.0937 2068 ehSched - ok

13:20:04.0968 2068 elotouchscreen - ok

13:20:05.0077 2068 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys

13:20:05.0108 2068 elxstor - ok

13:20:05.0124 2068 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys

13:20:05.0155 2068 ErrDev - ok

13:20:05.0218 2068 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll

13:20:05.0280 2068 EventSystem - ok

13:20:05.0342 2068 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys

13:20:05.0389 2068 exfat - ok

13:20:05.0420 2068 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys

13:20:05.0467 2068 fastfat - ok

13:20:05.0545 2068 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe

13:20:05.0608 2068 Fax - ok

13:20:05.0639 2068 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys

13:20:05.0654 2068 fdc - ok

13:20:05.0686 2068 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll

13:20:05.0717 2068 fdPHost - ok

13:20:05.0717 2068 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll

13:20:05.0764 2068 FDResPub - ok

13:20:05.0795 2068 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys

13:20:05.0810 2068 FileInfo - ok

13:20:05.0826 2068 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys

13:20:05.0842 2068 Filetrace - ok

13:20:05.0873 2068 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys

13:20:05.0904 2068 flpydisk - ok

13:20:05.0951 2068 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys

13:20:05.0966 2068 FltMgr - ok

13:20:06.0044 2068 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll

13:20:06.0107 2068 FontCache - ok

13:20:06.0200 2068 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

13:20:06.0232 2068 FontCache3.0.0.0 - ok

13:20:06.0232 2068 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys

13:20:06.0247 2068 FsDepends - ok

13:20:06.0278 2068 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys

13:20:06.0325 2068 Fs_Rec - ok

13:20:06.0372 2068 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys

13:20:06.0388 2068 fvevol - ok

13:20:06.0419 2068 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys

13:20:06.0434 2068 gagp30kx - ok

13:20:06.0481 2068 GemCCID (a4e767434d315d58f80055d8c9a72470) C:\Windows\system32\Drivers\GemCCID.sys

13:20:06.0528 2068 GemCCID - ok

13:20:06.0575 2068 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll

13:20:06.0622 2068 gpsvc - ok

13:20:06.0653 2068 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys

13:20:06.0700 2068 hcw85cir - ok

13:20:06.0762 2068 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys

13:20:06.0824 2068 HdAudAddService - ok

13:20:06.0856 2068 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys

13:20:06.0887 2068 HDAudBus - ok

13:20:06.0934 2068 HECI (30d57ee84e1e169d41a6e873b549a096) C:\Windows\system32\DRIVERS\HECI.sys

13:20:06.0996 2068 HECI - ok

13:20:07.0043 2068 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys

13:20:07.0105 2068 HidBatt - ok

13:20:07.0121 2068 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys

13:20:07.0168 2068 HidBth - ok

13:20:07.0214 2068 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys

13:20:07.0261 2068 HidIr - ok

13:20:07.0292 2068 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll

13:20:07.0355 2068 hidserv - ok

13:20:07.0448 2068 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys

13:20:07.0464 2068 HidUsb - ok

13:20:07.0682 2068 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll

13:20:07.0870 2068 hkmsvc - ok

13:20:07.0932 2068 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll

13:20:07.0979 2068 HomeGroupListener - ok

13:20:08.0026 2068 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll

13:20:08.0072 2068 HomeGroupProvider - ok

13:20:08.0119 2068 HOTKEY (6b4ab2e6911dcc1fc7813889c1377d77) C:\Windows\system32\DRIVERS\hotkey.sys

13:20:08.0135 2068 HOTKEY - ok

13:20:08.0182 2068 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys

13:20:08.0213 2068 HpSAMD - ok

13:20:08.0291 2068 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys

13:20:08.0353 2068 HTTP - ok

13:20:08.0384 2068 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys

13:20:08.0384 2068 hwpolicy - ok

13:20:08.0462 2068 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys

13:20:08.0509 2068 i8042prt - ok

13:20:08.0790 2068 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys

13:20:08.0852 2068 iaStorV - ok

13:20:09.0679 2068 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

13:20:09.0804 2068 idsvc - ok

13:20:13.0018 2068 igfx (c7fee838fd0216ee0ad3d765ab4f40f4) C:\Windows\system32\DRIVERS\igdkmd32.sys

13:20:13.0345 2068 igfx - ok

13:20:13.0751 2068 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys

13:20:13.0766 2068 iirsp - ok

13:20:13.0844 2068 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll

13:20:13.0922 2068 IKEEXT - ok

13:20:14.0000 2068 IntcHdmiAddService (264632ade8127b7baa2190cf6fad435b) C:\Windows\system32\drivers\IntcHdmi.sys

13:20:14.0078 2068 IntcHdmiAddService - ok

13:20:14.0110 2068 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys

13:20:14.0125 2068 intelide - ok

13:20:14.0156 2068 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys

13:20:14.0203 2068 intelppm - ok

13:20:14.0250 2068 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll

13:20:14.0312 2068 IPBusEnum - ok

13:20:14.0344 2068 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys

13:20:14.0390 2068 IpFilterDriver - ok

13:20:14.0437 2068 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys

13:20:14.0484 2068 IPMIDRV - ok

13:20:14.0515 2068 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys

13:20:14.0578 2068 IPNAT - ok

13:20:14.0609 2068 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys

13:20:14.0687 2068 IRENUM - ok

13:20:14.0734 2068 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys

13:20:14.0749 2068 isapnp - ok

13:20:14.0780 2068 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys

13:20:14.0812 2068 iScsiPrt - ok

13:20:14.0874 2068 IviRegMgr (213822072085b5bbad9af30ab577d817) c:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

13:20:14.0890 2068 IviRegMgr - ok

13:20:14.0921 2068 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys

13:20:14.0936 2068 kbdclass - ok

13:20:14.0968 2068 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys

13:20:15.0014 2068 kbdhid - ok

13:20:15.0092 2068 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe

13:20:15.0124 2068 KeyIso - ok

13:20:15.0155 2068 kpf4 - ok

13:20:15.0186 2068 KSecDD (b7895b4182c0d16f6efadeb8081e8d36) C:\Windows\system32\Drivers\ksecdd.sys

13:20:15.0202 2068 KSecDD - ok

13:20:15.0233 2068 KSecPkg (d30159ac9237519fbc62c6ec247d2d46) C:\Windows\system32\Drivers\ksecpkg.sys

13:20:15.0248 2068 KSecPkg - ok

13:20:15.0295 2068 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll

13:20:15.0358 2068 KtmRm - ok

13:20:15.0389 2068 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll

13:20:15.0451 2068 LanmanServer - ok

13:20:15.0498 2068 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll

13:20:15.0545 2068 LanmanWorkstation - ok

13:20:15.0607 2068 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys

13:20:15.0670 2068 lltdio - ok

13:20:15.0701 2068 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll

13:20:15.0748 2068 lltdsvc - ok

13:20:15.0763 2068 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll

13:20:15.0810 2068 lmhosts - ok

13:20:15.0857 2068 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys

13:20:15.0872 2068 LSI_FC - ok

13:20:15.0904 2068 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys

13:20:15.0919 2068 LSI_SAS - ok

13:20:15.0950 2068 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys

13:20:15.0966 2068 LSI_SAS2 - ok

13:20:15.0997 2068 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys

13:20:16.0013 2068 LSI_SCSI - ok

13:20:16.0028 2068 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys

13:20:16.0091 2068 luafv - ok

13:20:16.0216 2068 McciCMService (e6cb119ef2e148eaa1a247343550756e) C:\Program Files\Common Files\Motive\McciCMService.exe

13:20:16.0262 2068 McciCMService ( UnsignedFile.Multi.Generic ) - warning

13:20:16.0262 2068 McciCMService - detected UnsignedFile.Multi.Generic (1)

13:20:16.0325 2068 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe

13:20:16.0356 2068 McComponentHostService - ok

13:20:16.0387 2068 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll

13:20:16.0403 2068 Mcx2Svc - ok

13:20:16.0450 2068 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys

13:20:16.0512 2068 mdmxsdk - ok

13:20:16.0543 2068 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys

13:20:16.0543 2068 megasas - ok

13:20:16.0590 2068 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys

13:20:16.0606 2068 MegaSR - ok

13:20:16.0637 2068 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll

13:20:16.0699 2068 MMCSS - ok

13:20:16.0715 2068 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys

13:20:16.0777 2068 Modem - ok

13:20:16.0840 2068 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys

13:20:16.0871 2068 monitor - ok

13:20:16.0933 2068 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys

13:20:16.0949 2068 mouclass - ok

13:20:16.0980 2068 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys

13:20:17.0011 2068 mouhid - ok

13:20:17.0074 2068 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys

13:20:17.0105 2068 mountmgr - ok

13:20:17.0198 2068 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

13:20:17.0230 2068 MozillaMaintenance - ok

13:20:17.0261 2068 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys

13:20:17.0308 2068 mpio - ok

13:20:17.0339 2068 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys

13:20:17.0386 2068 mpsdrv - ok

13:20:17.0464 2068 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS

13:20:17.0479 2068 MREMP50 ( UnsignedFile.Multi.Generic ) - warning

13:20:17.0479 2068 MREMP50 - detected UnsignedFile.Multi.Generic (1)

13:20:17.0479 2068 MREMPR5 - ok

13:20:17.0495 2068 MRENDIS5 - ok

13:20:17.0510 2068 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS

13:20:17.0542 2068 MRESP50 ( UnsignedFile.Multi.Generic ) - warning

13:20:17.0542 2068 MRESP50 - detected UnsignedFile.Multi.Generic (1)

13:20:17.0573 2068 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys

13:20:17.0620 2068 MRxDAV - ok

13:20:17.0682 2068 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys

13:20:17.0744 2068 mrxsmb - ok

13:20:17.0791 2068 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys

13:20:17.0807 2068 mrxsmb10 - ok

13:20:17.0822 2068 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys

13:20:17.0854 2068 mrxsmb20 - ok

13:20:17.0885 2068 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys

13:20:17.0900 2068 msahci - ok

13:20:17.0932 2068 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys

13:20:17.0947 2068 msdsm - ok

13:20:17.0978 2068 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe

13:20:18.0025 2068 MSDTC - ok

13:20:18.0056 2068 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys

13:20:18.0088 2068 Msfs - ok

13:20:18.0103 2068 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys

13:20:18.0150 2068 mshidkmdf - ok

13:20:18.0181 2068 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys

13:20:18.0197 2068 msisadrv - ok

13:20:18.0244 2068 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll

13:20:18.0322 2068 MSiSCSI - ok

13:20:18.0322 2068 msiserver - ok

13:20:18.0368 2068 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys

13:20:18.0446 2068 MSKSSRV - ok

13:20:18.0462 2068 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys

13:20:18.0524 2068 MSPCLOCK - ok

13:20:18.0540 2068 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys

13:20:18.0587 2068 MSPQM - ok

13:20:18.0618 2068 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys

13:20:18.0634 2068 MsRPC - ok

13:20:18.0665 2068 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys

13:20:18.0712 2068 mssmbios - ok

13:20:18.0743 2068 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys

13:20:18.0774 2068 MSTEE - ok

13:20:18.0790 2068 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys

13:20:18.0821 2068 MTConfig - ok

13:20:18.0852 2068 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys

13:20:18.0852 2068 Mup - ok

13:20:18.0914 2068 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll

13:20:18.0961 2068 napagent - ok

13:20:19.0024 2068 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys

13:20:19.0086 2068 NativeWifiP - ok

13:20:19.0180 2068 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys

13:20:19.0226 2068 NDIS - ok

13:20:19.0258 2068 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys

13:20:19.0304 2068 NdisCap - ok

13:20:19.0351 2068 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys

13:20:19.0414 2068 NdisTapi - ok

13:20:19.0460 2068 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys

13:20:19.0523 2068 Ndisuio - ok

13:20:19.0570 2068 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys

13:20:19.0616 2068 NdisWan - ok

13:20:19.0632 2068 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys

13:20:19.0663 2068 NDProxy - ok

13:20:19.0710 2068 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys

13:20:19.0772 2068 NetBIOS - ok

13:20:19.0835 2068 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys

13:20:19.0897 2068 NetBT - ok

13:20:19.0928 2068 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe

13:20:19.0960 2068 Netlogon - ok

13:20:20.0022 2068 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll

13:20:20.0084 2068 Netman - ok

13:20:20.0100 2068 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll

13:20:20.0147 2068 netprofm - ok

13:20:20.0240 2068 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

13:20:20.0256 2068 NetTcpPortSharing - ok

13:20:20.0552 2068 netw5v32 (af1ae2e42b03395560b1cde03230205c) C:\Windows\system32\DRIVERS\netw5v32.sys

13:20:20.0662 2068 netw5v32 - ok

13:20:20.0849 2068 NewMisc (65b505200ff982ea8ecf1f6758baa647) C:\Windows\system32\DRIVERS\newmisc.sys

13:20:20.0880 2068 NewMisc - ok

13:20:20.0927 2068 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys

13:20:20.0958 2068 nfrd960 - ok

13:20:21.0005 2068 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll

13:20:21.0083 2068 NlaSvc - ok

13:20:21.0114 2068 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys

13:20:21.0161 2068 Npfs - ok

13:20:21.0223 2068 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll

13:20:21.0270 2068 nsi - ok

13:20:21.0301 2068 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys

13:20:21.0348 2068 nsiproxy - ok

13:20:21.0473 2068 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys

13:20:21.0535 2068 Ntfs - ok

13:20:21.0535 2068 ntrtscan - ok

13:20:21.0566 2068 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys

13:20:21.0613 2068 Null - ok

13:20:21.0676 2068 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys

13:20:21.0722 2068 nvraid - ok

13:20:21.0738 2068 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys

13:20:21.0754 2068 nvstor - ok

13:20:21.0785 2068 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys

13:20:21.0785 2068 nv_agp - ok

13:20:21.0816 2068 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys

13:20:21.0863 2068 ohci1394 - ok

13:20:21.0894 2068 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll

13:20:21.0941 2068 p2pimsvc - ok

13:20:22.0003 2068 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll

13:20:22.0050 2068 p2psvc - ok

13:20:22.0081 2068 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys

13:20:22.0097 2068 Parport - ok

13:20:22.0128 2068 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys

13:20:22.0159 2068 partmgr - ok

13:20:22.0175 2068 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys

13:20:22.0222 2068 Parvdm - ok

13:20:22.0300 2068 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll

13:20:22.0315 2068 PcaSvc - ok

13:20:22.0346 2068 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys

13:20:22.0362 2068 pci - ok

13:20:22.0378 2068 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys

13:20:22.0393 2068 pciide - ok

13:20:22.0502 2068 PcInfoPi (9bba6cddd4378dc74015aa0d5770fdee) C:\Program Files\Panasonic\pcinfo\PCInfoPi.exe

13:20:22.0518 2068 PcInfoPi - ok

13:20:22.0549 2068 PcInfoSV (c857cf6f738cd2480460ea75c1f63605) C:\Program Files\Panasonic\pcinfo\PCInfoSV.exe

13:20:22.0565 2068 PcInfoSV - ok

13:20:22.0596 2068 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys

13:20:22.0612 2068 pcmcia - ok

13:20:22.0643 2068 pcradminserver - ok

13:20:22.0658 2068 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys

13:20:22.0674 2068 pcw - ok

13:20:22.0721 2068 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys

13:20:22.0783 2068 PEAUTH - ok

13:20:22.0877 2068 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll

13:20:22.0939 2068 PeerDistSvc - ok

13:20:23.0080 2068 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll

13:20:23.0173 2068 pla - ok

13:20:23.0345 2068 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll

13:20:23.0392 2068 PlugPlay - ok

13:20:23.0438 2068 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll

13:20:23.0485 2068 PNRPAutoReg - ok

13:20:23.0516 2068 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll

13:20:23.0532 2068 PNRPsvc - ok

13:20:23.0610 2068 Point32 (896d916de06f5502d301e8c4dc442ae8) C:\Windows\system32\DRIVERS\point32.sys

13:20:23.0626 2068 Point32 - ok

13:20:23.0688 2068 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll

13:20:23.0719 2068 PolicyAgent - ok

13:20:23.0782 2068 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll

13:20:23.0828 2068 Power - ok

13:20:23.0875 2068 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys

13:20:23.0969 2068 PptpMiniport - ok

13:20:24.0000 2068 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys

13:20:24.0016 2068 Processor - ok

13:20:24.0062 2068 ProfSvc (cadefac453040e370a1bdff3973be00d) C:\Windows\system32\profsvc.dll

13:20:24.0125 2068 ProfSvc - ok

13:20:24.0156 2068 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe

13:20:24.0172 2068 ProtectedStorage - ok

13:20:24.0203 2068 ps2 - ok

13:20:24.0764 2068 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys

13:20:24.0889 2068 Psched - ok

13:20:25.0014 2068 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys

13:20:25.0076 2068 ql2300 - ok

13:20:25.0232 2068 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys

13:20:25.0264 2068 ql40xx - ok

13:20:25.0295 2068 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll

13:20:25.0342 2068 QWAVE - ok

13:20:25.0373 2068 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys

13:20:25.0388 2068 QWAVEdrv - ok

13:20:25.0404 2068 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys

13:20:25.0451 2068 RasAcd - ok

13:20:25.0498 2068 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys

13:20:25.0544 2068 RasAgileVpn - ok

13:20:25.0560 2068 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll

13:20:25.0591 2068 RasAuto - ok

13:20:25.0607 2068 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys

13:20:25.0654 2068 Rasl2tp - ok

13:20:25.0700 2068 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll

13:20:25.0778 2068 RasMan - ok

13:20:25.0810 2068 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys

13:20:25.0841 2068 RasPppoe - ok

13:20:25.0856 2068 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys

13:20:25.0903 2068 RasSstp - ok

13:20:25.0966 2068 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys

13:20:26.0012 2068 rdbss - ok

13:20:26.0044 2068 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys

13:20:26.0075 2068 rdpbus - ok

13:20:26.0106 2068 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys

13:20:26.0153 2068 RDPCDD - ok

13:20:26.0184 2068 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys

13:20:26.0262 2068 RDPDR - ok

13:20:26.0356 2068 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys

13:20:26.0465 2068 RDPENCDD - ok

13:20:26.0590 2068 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys

13:20:26.0668 2068 RDPREFMP - ok

13:20:26.0761 2068 RDPWD (f031683e6d1fea157abb2ff260b51e61) C:\Windows\system32\drivers\RDPWD.sys

13:20:26.0839 2068 RDPWD - ok

13:20:26.0902 2068 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys

13:20:26.0933 2068 rdyboost - ok

13:20:26.0980 2068 regi (001b4278407f4303efc902a2b16f2453) C:\Windows\system32\drivers\regi.sys

13:20:26.0995 2068 regi - ok

13:20:27.0026 2068 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll

13:20:27.0089 2068 RemoteAccess - ok

13:20:27.0136 2068 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll

13:20:27.0198 2068 RemoteRegistry - ok

13:20:27.0260 2068 RimUsb (0f6756ef8bda6dfa7be50465c83132bb) C:\Windows\system32\Drivers\RimUsb.sys

13:20:27.0307 2068 RimUsb - ok

13:20:27.0323 2068 rootmodem - ok

13:20:27.0354 2068 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll

13:20:27.0385 2068 RpcEptMapper - ok

13:20:27.0416 2068 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe

13:20:27.0463 2068 RpcLocator - ok

13:20:27.0510 2068 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll

13:20:27.0572 2068 RpcSs - ok

13:20:27.0619 2068 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys

13:20:27.0666 2068 rspndr - ok

13:20:27.0697 2068 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys

13:20:27.0744 2068 s3cap - ok

13:20:27.0775 2068 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe

13:20:27.0791 2068 SamSs - ok

13:20:27.0822 2068 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys

13:20:27.0838 2068 sbp2port - ok

13:20:27.0884 2068 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll

13:20:27.0916 2068 SCardSvr - ok

13:20:27.0947 2068 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys

13:20:28.0009 2068 scfilter - ok

13:20:28.0118 2068 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll

13:20:28.0196 2068 Schedule - ok

13:20:28.0243 2068 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll

13:20:28.0274 2068 SCPolicySvc - ok

13:20:28.0555 2068 sdbus (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\drivers\sdbus.sys

13:20:28.0742 2068 sdbus - ok

13:20:28.0898 2068 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll

13:20:29.0008 2068 SDRSVC - ok

13:20:29.0054 2068 SE26mdm - ok

13:20:29.0086 2068 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

13:20:29.0132 2068 secdrv - ok

13:20:29.0164 2068 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll

13:20:29.0210 2068 seclogon - ok

13:20:29.0242 2068 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll

13:20:29.0304 2068 SENS - ok

13:20:29.0335 2068 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll

13:20:29.0382 2068 SensrSvc - ok

13:20:29.0413 2068 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys

13:20:29.0429 2068 Serenum - ok

13:20:29.0429 2068 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys

13:20:29.0444 2068 Serial - ok

13:20:29.0507 2068 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys

13:20:29.0554 2068 sermouse - ok

13:20:29.0616 2068 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll

13:20:29.0678 2068 SessionEnv - ok

13:20:29.0725 2068 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys

13:20:29.0756 2068 sffdisk - ok

13:20:29.0788 2068 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys

13:20:29.0803 2068 sffp_mmc - ok

13:20:29.0819 2068 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys

13:20:29.0834 2068 sffp_sd - ok

13:20:29.0866 2068 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys

13:20:29.0912 2068 sfloppy - ok

13:20:29.0944 2068 sfvfs02 - ok

13:20:29.0990 2068 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll

13:20:30.0068 2068 SharedAccess - ok

13:20:30.0115 2068 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll

13:20:30.0178 2068 ShellHWDetection - ok

13:20:30.0240 2068 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys

13:20:30.0302 2068 sisagp - ok

13:20:30.0380 2068 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys

13:20:30.0443 2068 SiSRaid2 - ok

13:20:30.0583 2068 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys

13:20:30.0599 2068 SiSRaid4 - ok

13:20:30.0739 2068 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys

13:20:30.0786 2068 Smb - ok

13:20:30.0848 2068 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe

13:20:30.0895 2068 SNMPTRAP - ok

13:20:30.0926 2068 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys

13:20:30.0942 2068 spldr - ok

13:20:31.0004 2068 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe

13:20:31.0067 2068 Spooler - ok

13:20:31.0238 2068 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe

13:20:31.0348 2068 sppsvc - ok

13:20:31.0472 2068 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll

13:20:31.0535 2068 sppuinotify - ok

13:20:31.0628 2068 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys

13:20:31.0691 2068 srv - ok

13:20:31.0722 2068 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys

13:20:31.0738 2068 srv2 - ok

13:20:31.0753 2068 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys

13:20:31.0784 2068 srvnet - ok

13:20:31.0831 2068 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll

13:20:31.0878 2068 SSDPSRV - ok

13:20:31.0878 2068 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll

13:20:31.0925 2068 SstpSvc - ok

13:20:31.0972 2068 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys

13:20:32.0003 2068 stexstor - ok

13:20:32.0050 2068 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll

13:20:32.0096 2068 StiSvc - ok

13:20:32.0128 2068 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys

13:20:32.0143 2068 storflt - ok

13:20:32.0174 2068 StorSvc (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll

13:20:32.0190 2068 StorSvc - ok

13:20:32.0206 2068 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys

13:20:32.0221 2068 storvsc - ok

13:20:32.0252 2068 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys

13:20:32.0268 2068 swenum - ok

13:20:32.0346 2068 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll

13:20:32.0455 2068 swprv - ok

13:20:32.0502 2068 SynTP (8bd10dc8809dc69a1c5a795cb10add76) C:\Windows\system32\DRIVERS\SynTP.sys

13:20:32.0518 2068 SynTP - ok

13:20:32.0720 2068 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll

13:20:32.0752 2068 SysMain - ok

13:20:32.0830 2068 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll

13:20:32.0876 2068 TabletInputService - ok

13:20:32.0908 2068 tapeware - ok

13:20:32.0986 2068 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll

13:20:33.0048 2068 TapiSrv - ok

13:20:33.0095 2068 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll

13:20:33.0173 2068 TBS - ok

13:20:33.0344 2068 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys

13:20:33.0407 2068 Tcpip - ok

13:20:33.0438 2068 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys

13:20:33.0469 2068 TCPIP6 - ok

13:20:33.0516 2068 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys

13:20:33.0563 2068 tcpipreg - ok

13:20:33.0641 2068 TcUsb (51d4e3f5d221539c0a4a186a27c09ad7) C:\Windows\system32\Drivers\tcusb.sys

13:20:33.0656 2068 TcUsb - ok

13:20:33.0703 2068 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys

13:20:33.0766 2068 TDPIPE - ok

13:20:33.0797 2068 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys

13:20:33.0844 2068 TDTCP - ok

13:20:33.0906 2068 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys

13:20:33.0968 2068 tdx - ok

13:20:34.0000 2068 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys

13:20:34.0031 2068 TermDD - ok

13:20:34.0093 2068 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll

13:20:34.0156 2068 TermService - ok

13:20:34.0202 2068 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll

13:20:34.0265 2068 Themes - ok

13:20:34.0312 2068 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll

13:20:34.0358 2068 THREADORDER - ok

13:20:34.0358 2068 tmmbd - ok

13:20:34.0390 2068 TPM (5ad05191dc8b444a7ba4d79b76c42a30) C:\Windows\system32\drivers\tpm.sys

13:20:34.0421 2068 TPM - ok

13:20:34.0452 2068 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll

13:20:34.0514 2068 TrkWks - ok

13:20:34.0592 2068 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe

13:20:34.0670 2068 TrustedInstaller - ok

13:20:34.0702 2068 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys

13:20:34.0764 2068 tssecsrv - ok

13:20:34.0811 2068 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys

13:20:34.0858 2068 TsUsbFlt - ok

13:20:34.0920 2068 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys

13:20:34.0998 2068 tunnel - ok

13:20:35.0029 2068 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys

13:20:35.0045 2068 uagp35 - ok

13:20:35.0092 2068 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys

13:20:35.0170 2068 udfs - ok

13:20:35.0216 2068 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe

13:20:35.0248 2068 UI0Detect - ok

13:20:35.0310 2068 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys

13:20:35.0341 2068 uliagpkx - ok

13:20:35.0388 2068 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys

13:20:35.0435 2068 umbus - ok

13:20:35.0482 2068 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys

13:20:35.0544 2068 UmPass - ok

13:20:35.0591 2068 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll

13:20:35.0622 2068 UmRdpService - ok

13:20:35.0653 2068 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll

13:20:35.0684 2068 upnphost - ok

13:20:35.0731 2068 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys

13:20:35.0762 2068 usbccgp - ok

13:20:35.0825 2068 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys

13:20:35.0856 2068 usbcir - ok

13:20:35.0872 2068 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys

13:20:35.0887 2068 usbehci - ok

13:20:35.0918 2068 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys

13:20:35.0934 2068 usbhub - ok

13:20:35.0950 2068 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys

13:20:35.0981 2068 usbohci - ok

13:20:36.0028 2068 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys

13:20:36.0043 2068 usbprint - ok

13:20:36.0074 2068 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys

13:20:36.0121 2068 usbscan - ok

13:20:36.0137 2068 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS

13:20:36.0184 2068 USBSTOR - ok

13:20:36.0215 2068 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys

13:20:36.0230 2068 usbuhci - ok

13:20:36.0262 2068 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll

13:20:36.0293 2068 UxSms - ok

13:20:36.0324 2068 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe

13:20:36.0340 2068 VaultSvc - ok

13:20:36.0371 2068 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys

13:20:36.0386 2068 vdrvroot - ok

13:20:36.0433 2068 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe

13:20:36.0464 2068 vds - ok

13:20:36.0511 2068 vet-rec - ok

13:20:36.0542 2068 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys

13:20:36.0589 2068 vga - ok

13:20:36.0605 2068 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys

13:20:36.0636 2068 VgaSave - ok

13:20:36.0667 2068 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys

13:20:36.0683 2068 vhdmp - ok

13:20:36.0730 2068 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys

13:20:36.0745 2068 viaagp - ok

13:20:36.0761 2068 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys

13:20:36.0792 2068 ViaC7 - ok

13:20:36.0823 2068 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys

13:20:36.0854 2068 viaide - ok

13:20:36.0870 2068 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys

13:20:36.0886 2068 vmbus - ok

13:20:36.0917 2068 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys

13:20:36.0948 2068 VMBusHID - ok

13:20:36.0964 2068 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys

13:20:36.0979 2068 volmgr - ok

13:20:37.0026 2068 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys

13:20:37.0042 2068 volmgrx - ok

13:20:37.0088 2068 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys

13:20:37.0104 2068 volsnap - ok

13:20:37.0135 2068 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys

13:20:37.0151 2068 vsmraid - ok

13:20:37.0260 2068 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe

13:20:37.0338 2068 VSS - ok

13:20:37.0369 2068 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys

13:20:37.0400 2068 vwifibus - ok

13:20:37.0416 2068 w300mdfl - ok

13:20:37.0463 2068 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll

13:20:37.0541 2068 W32Time - ok

13:20:37.0588 2068 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys

13:20:37.0619 2068 WacomPen - ok

13:20:37.0697 2068 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys

13:20:37.0759 2068 WANARP - ok

13:20:37.0759 2068 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys

13:20:37.0790 2068 Wanarpv6 - ok

13:20:37.0915 2068 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe

13:20:37.0962 2068 WatAdminSvc - ok

13:20:38.0071 2068 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe

13:20:38.0149 2068 wbengine - ok

13:20:38.0196 2068 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll

13:20:38.0274 2068 WbioSrvc - ok

13:20:38.0352 2068 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll

13:20:38.0399 2068 wcncsvc - ok

13:20:38.0430 2068 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll

13:20:38.0461 2068 WcsPlugInService - ok

13:20:38.0539 2068 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys

13:20:38.0555 2068 Wd - ok

13:20:38.0617 2068 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\Windows\system32\DRIVERS\wdcsam.sys

13:20:38.0664 2068 WDC_SAM - ok

13:20:38.0836 2068 WDDMService (7d1e301e2eeaf6d3730887de933413e6) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe

13:20:38.0851 2068 WDDMService ( UnsignedFile.Multi.Generic ) - warning

13:20:38.0851 2068 WDDMService - detected UnsignedFile.Multi.Generic (1)

13:20:38.0882 2068 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

13:20:38.0914 2068 Wdf01000 - ok

13:20:38.0914 2068 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll

13:20:38.0960 2068 WdiServiceHost - ok

13:20:38.0960 2068 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll

13:20:38.0976 2068 WdiSystemHost - ok

13:20:39.0101 2068 WDSmartWareBackgroundService (138ab06adbbf300aa804d7974a5aec82) C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe

13:20:39.0132 2068 WDSmartWareBackgroundService ( UnsignedFile.Multi.Generic ) - warning

13:20:39.0132 2068 WDSmartWareBackgroundService - detected UnsignedFile.Multi.Generic (1)

13:20:39.0179 2068 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll

13:20:39.0210 2068 WebClient - ok

13:20:39.0241 2068 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll

13:20:39.0272 2068 Wecsvc - ok

13:20:39.0288 2068 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll

13:20:39.0319 2068 wercplsupport - ok

13:20:39.0350 2068 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll

13:20:39.0382 2068 WerSvc - ok

13:20:39.0413 2068 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys

13:20:39.0460 2068 WfpLwf - ok

13:20:39.0491 2068 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys

13:20:39.0491 2068 WIMMount - ok

13:20:39.0506 2068 WinHttpAutoProxySvc - ok

13:20:39.0584 2068 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll

13:20:39.0647 2068 Winmgmt - ok

13:20:39.0772 2068 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll

13:20:39.0850 2068 WinRM - ok

13:20:39.0943 2068 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll

13:20:39.0990 2068 Wlansvc - ok

13:20:40.0177 2068 wlidsvc (0a70f4022ec2e14c159efc4f69aa2477) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

13:20:40.0255 2068 wlidsvc - ok

13:20:40.0411 2068 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys

13:20:40.0442 2068 WmiAcpi - ok

13:20:40.0505 2068 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe

13:20:40.0552 2068 wmiApSrv - ok

13:20:40.0723 2068 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe

13:20:40.0770 2068 WMPNetworkSvc - ok

13:20:40.0801 2068 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll

13:20:40.0832 2068 WPCSvc - ok

13:20:40.0879 2068 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll

13:20:40.0910 2068 WPDBusEnum - ok

13:20:40.0988 2068 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys

13:20:41.0051 2068 ws2ifsl - ok

13:20:41.0129 2068 WSDPrintDevice (553f6ccd7c58eb98d4a8fbdaf283d7a9) C:\Windows\system32\DRIVERS\WSDPrint.sys

13:20:41.0160 2068 WSDPrintDevice - ok

13:20:41.0160 2068 WSearch - ok

13:20:41.0285 2068 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll

13:20:41.0347 2068 wuauserv - ok

13:20:41.0503 2068 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys

13:20:41.0566 2068 WudfPf - ok

13:20:41.0597 2068 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys

13:20:41.0628 2068 WUDFRd - ok

13:20:41.0675 2068 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll

13:20:41.0737 2068 wudfsvc - ok

13:20:41.0784 2068 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll

13:20:41.0846 2068 WwanSvc - ok

13:20:41.0878 2068 {6080a529-897e-4629-a488-aba0c29b635e} - ok

13:20:41.0893 2068 MBR (0x1B8) (0f84f2562620c40d8a3e1908c8075675) \Device\Harddisk0\DR0

13:20:41.0940 2068 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected

13:20:41.0940 2068 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)

13:20:42.0002 2068 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

13:20:42.0002 2068 \Device\Harddisk0\DR0 - detected TDSS File System (1)

13:20:42.0034 2068 Boot (0x1200) (1544e4f728148a87c50c8ff85465c9e7) \Device\Harddisk0\DR0\Partition0

13:20:42.0049 2068 \Device\Harddisk0\DR0\Partition0 - ok

13:20:42.0049 2068 ============================================================

13:20:42.0049 2068 Scan finished

13:20:42.0049 2068 ============================================================

13:20:42.0080 2848 Detected object count: 7

13:20:42.0080 2848 Actual detected object count: 7

13:21:36.0072 2848 McciCMService ( UnsignedFile.Multi.Generic ) - skipped by user

13:21:36.0072 2848 McciCMService ( UnsignedFile.Multi.Generic ) - User select action: Skip

13:21:36.0088 2848 MREMP50 ( UnsignedFile.Multi.Generic ) - skipped by user

13:21:36.0088 2848 MREMP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip

13:21:36.0088 2848 MRESP50 ( UnsignedFile.Multi.Generic ) - skipped by user

13:21:36.0088 2848 MRESP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip

13:21:36.0088 2848 WDDMService ( UnsignedFile.Multi.Generic ) - skipped by user

13:21:36.0088 2848 WDDMService ( UnsignedFile.Multi.Generic ) - User select action: Skip

13:21:36.0088 2848 WDSmartWareBackgroundService ( UnsignedFile.Multi.Generic ) - skipped by user

13:21:36.0088 2848 WDSmartWareBackgroundService ( UnsignedFile.Multi.Generic ) - User select action: Skip

13:21:37.0819 2848 \Device\Harddisk0\DR0\# - copied to quarantine

13:21:37.0819 2848 \Device\Harddisk0\DR0 - copied to quarantine

13:21:37.0851 2848 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine

13:21:37.0866 2848 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine

13:21:37.0866 2848 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine

13:21:37.0866 2848 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine

13:21:37.0882 2848 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine

13:21:37.0882 2848 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine

13:21:37.0897 2848 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine

13:21:37.0897 2848 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine

13:21:37.0897 2848 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine

13:21:37.0897 2848 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine

13:21:37.0897 2848 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine

13:21:37.0897 2848 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine

13:21:37.0929 2848 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot

13:21:37.0929 2848 \Device\Harddisk0\DR0 - ok

13:21:38.0693 2848 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure

13:21:38.0693 2848 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

13:21:38.0693 2848 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

13:22:20.0017 3440 Deinitialize success

[Maniac]

Step 1

Please re-run TDSSKiller and use Delete option for this entry:

13:21:38.0693 2848 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

13:21:38.0693 2848 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

Step 2

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

[CorkscrewArtist]

When attempting to disable AVG 2011 I get a message that says "An error occurred when saving the configuration. Specified file was not found." What should I do?

[Maniac]

Please re-install your AVG:

http://www.avg.com/ww-en/faq.num-4421

Next try again.

[CorkscrewArtist]

I uninstalled AVG2011, and downloaded and installed AVG2012. I was able to disable it before starting ComboFix, but my PC rebooted a couple of times, and AVG restarted. I didn't want to interfer with ComboFix, so I didn't touch anything. Here's the report:

ComboFix 12-07-25.04 - Meter Reader 07/24/2012 9:27.1.2 - x86

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.1915.1238 [GMT -4:00]

Running from: c:\users\Meter Reader\Downloads\ComboFix.exe

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\ReGBe.Bin

c:\users\Meter Reader\AppData\Roaming\Local

c:\users\Meter Reader\AppData\Roaming\Local\Temp\DDM\Settings\.ddr

c:\users\Meter Reader\AppData\Roaming\Local\Temp\DDM\Settings\0.ddi

c:\users\Meter Reader\AppData\Roaming\Local\Temp\DDM\Settings\1.ddi

c:\users\Meter Reader\AppData\Roaming\Local\Temp\DDM\Settings\Post_Install_RB_HiQ_en.divx.ddr

c:\users\Meter Reader\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi

c:\users\Meter Reader\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\.ddp

c:\users\Meter Reader\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_en.divx

c:\users\Meter Reader\AppData\Roaming\Microsoft\Windows\Recent\Thumbs.db

c:\windows\$NtUninstallKB37214$

c:\windows\$NtUninstallKB37214$\1207031471\@

c:\windows\$NtUninstallKB37214$\1207031471\cfg.ini

c:\windows\$NtUninstallKB37214$\1207031471\Desktop.ini

c:\windows\$NtUninstallKB37214$\1207031471\L\xadqgnnk

c:\windows\$NtUninstallKB37214$\1207031471\oemid

c:\windows\$NtUninstallKB37214$\1207031471\U\00000001.@

c:\windows\$NtUninstallKB37214$\1207031471\U\00000002.@

c:\windows\$NtUninstallKB37214$\1207031471\U\00000004.@

c:\windows\$NtUninstallKB37214$\1207031471\U\80000000.@

c:\windows\$NtUninstallKB37214$\1207031471\U\80000004.@

c:\windows\$NtUninstallKB37214$\1207031471\U\80000032.@

c:\windows\$NtUninstallKB37214$\1207031471\version

c:\windows\$NtUninstallKB37214$\1726334838

c:\windows\system32\dds_trash_log.cmd

.

.

((((((((((((((((((((((((( Files Created from 2012-06-24 to 2012-07-24 )))))))))))))))))))))))))))))))

.

.

2012-07-24 13:36 . 2012-07-24 13:44 -------- d-----w- c:\users\Meter Reader\AppData\Local\temp

2012-07-24 13:36 . 2012-07-24 13:36 -------- d-----w- c:\users\Mcx1-TANGYWAFFLE\AppData\Local\temp

2012-07-24 13:36 . 2012-07-24 13:36 -------- d-----w- c:\users\Guest\AppData\Local\temp

2012-07-24 13:36 . 2012-07-24 13:36 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-07-24 12:58 . 2012-07-24 12:58 -------- d-----w- c:\users\Meter Reader\AppData\Roaming\AVG2012

2012-07-24 12:57 . 2012-07-24 12:57 -------- d-----w- C:\$AVG

2012-07-24 12:57 . 2012-07-24 13:21 -------- d-----w- c:\programdata\AVG2012

2012-07-23 17:21 . 2012-07-24 11:23 -------- d-----w- C:\TDSSKiller_Quarantine

2012-07-22 20:14 . 2012-07-22 20:14 -------- d-----w- c:\program files\Mozilla Maintenance Service

2012-07-15 11:23 . 2012-07-15 11:23 -------- d-----w- c:\users\Meter Reader\AppData\Local\CRE

2012-07-15 11:23 . 2012-07-15 11:23 -------- d-----w- c:\program files\Conduit

2012-07-15 11:23 . 2012-07-22 21:13 -------- d-----w- c:\users\Meter Reader\AppData\Local\Conduit

2012-07-13 19:00 . 2012-07-13 19:00 -------- d-----w- c:\users\Meter Reader\AppData\Local\Ilivid Player

2012-07-13 18:56 . 2012-07-14 19:31 -------- d-----w- c:\program files\iLivid

2012-07-12 11:43 . 2012-06-12 02:40 2345984 ----a-w- c:\windows\system32\win32k.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-03 17:46 . 2010-06-08 00:16 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-18 16:44 . 2012-06-18 16:44 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-06-18 16:44 . 2011-05-14 16:04 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-06-02 22:19 . 2012-06-23 03:49 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-23 03:49 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-23 03:49 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-23 03:49 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:19 . 2012-06-23 03:49 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:12 . 2012-06-23 03:49 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:12 . 2012-06-23 03:49 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 19:19 . 2012-06-23 03:48 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 19:12 . 2012-06-23 03:48 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-05-15 03:03 . 2012-06-14 11:05 981504 ----a-w- c:\windows\system32\wininet.dll

2012-05-01 04:44 . 2012-06-14 11:04 164352 ----a-w- c:\windows\system32\profsvc.dll

2012-04-28 03:17 . 2012-06-14 11:05 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-04-26 04:45 . 2012-06-14 11:04 58880 ----a-w- c:\windows\system32\rdpwsx.dll

2012-04-26 04:45 . 2012-06-14 11:04 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-04-26 04:41 . 2012-06-14 11:04 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-07-14 00:17 . 2012-07-22 20:14 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WSwitch"="c:\program files\Panasonic\WSwitch\WSwitch.exe" [2009-08-25 992064]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-20 1545512]

"Panasonic Hotkey Manager"="c:\program files\Panasonic\Hotkey Appendix\HKEYAPP.EXE" [2009-08-10 1064768]

"PCinfo"="c:\program files\Panasonic\pcinfo\PcInfoUt.exe" [2009-07-03 99136]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-08-12 1310720]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-24 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-24 174104]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-24 151064]

"PRunOnce"="c:\util\prunonce\PRunOnce.exe" [2009-07-16 161088]

"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKLM\~\startupfolder\C:^Users^Meter Reader^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]

path=c:\users\Meter Reader\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk

backup=c:\windows\pss\OpenOffice.org 3.3.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2011-03-30 01:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-08-31 01:57 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivX Download Manager]

2010-12-08 21:15 63360 ----a-w- c:\program files\DivX\DivX Plus Web Player\DDMService.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]

2011-03-21 21:10 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]

2011-08-01 19:56 1821576 ----a-w- c:\program files\Microsoft IntelliPoint\ipoint.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2011-04-08 16:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2011-10-29 18:37 273528 ----a-w- c:\program files\real\realplayer\Update\realsched.exe

.

R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]

R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6232.sys [x]

R3 GemCCID;GemCCID;c:\windows\system32\Drivers\GemCCID.sys [x]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [x]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [x]

S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [x]

S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]

S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x]

S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [x]

S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [x]

S2 PcInfoPi;Panasonic PC Information Viewer Service 2;c:\program files\Panasonic\pcinfo\PCInfoPi.exe [x]

S2 PcInfoSV;Panasonic PC Information Viewer;c:\program files\Panasonic\pcinfo\PCInfoSV.exe [x]

S2 regi;regi;c:\windows\system32\drivers\regi.sys [x]

S2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [x]

S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [x]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [x]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfilterx.sys [x]

S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [x]

S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]

S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]

S3 NewMisc;Panasonic Misc Driver;c:\windows\system32\DRIVERS\newmisc.sys [x]

S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]

.

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

tmmbd

deltafw

kpf4

dsunidrv

pcradminserver

Cinemsup

ps2

elotouchscreen

atiavaiw

w300mdfl

rootmodem

ntrtscan

tapeware

SE26mdm

{6080a529-897e-4629-a488-aba0c29b635e}

vet-rec

.

Contents of the 'Scheduled Tasks' folder

.

2012-04-09 c:\windows\Tasks\User_Feed_Synchronization-{F34AB467-A127-42A8-81EE-CBF6798984AF}.job

- c:\windows\system32\msfeedssync.exe [2011-06-27 12:17]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.att.net

TCP: DhcpNameServer = 74.128.19.102 74.128.17.114

FF - ProfilePath - c:\users\Meter Reader\AppData\Roaming\Mozilla\Firefox\Profiles\b8owkj2c.default\

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=

FF - user.js: yahoo.homepage.dontask - true

.

- - - - ORPHANS REMOVED - - - -

.

URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)

URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)

Toolbar-Locked - (no file)

Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)

WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-2299845394-319895174-1185144609-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-2299845394-319895174-1185144609-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\progra~1\AVG\AVG2012\avgrsx.exe

c:\program files\AVG\AVG2012\avgcsrvx.exe

c:\program files\Panasonic\PNotif\PNotif.exe

c:\windows\system32\atieclxx.exe

c:\windows\system32\AEADISRV.EXE

c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

c:\program files\Common Files\Motive\McciCMService.exe

c:\program files\AVG\AVG2012\avgnsx.exe

c:\program files\AVG\AVG2012\avgemcx.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\windows\system32\WUDFHost.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\windows\system32\taskhost.exe

c:\windows\system32\conhost.exe

c:\windows\system32\igfxsrvc.exe

c:\program files\Synaptics\SynTP\SynTPHelper.exe

.

**************************************************************************

.

Completion time: 2012-07-24 09:49:26 - machine was rebooted

ComboFix-quarantined-files.txt 2012-07-24 13:49

.

Pre-Run: 31,400,112,128 bytes free

Post-Run: 31,336,398,848 bytes free

.

- - End Of File - - 72AA3ACC32BC7604563173E21B4DAF7A

[CorkscrewArtist]

Hey, google works now!

[Maniac]

Sounds very good.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Folder::
c:\users\Meter Reader\AppData\Local\CRE
c:\program files\Conduit
c:\users\Meter Reader\AppData\Local\Conduit

NetSvc::
tmmbd
kpf4
ntrtscan

FireFox::
FF - ProfilePath - c:\users\Meter Reader\AppData\Roaming\Mozilla\Firefox\Profiles\b8owkj2c.default\
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=

JavaClearCache::

Save this as CFScript.txt, in the same location as ComboFix.exe

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

[CorkscrewArtist]

I had to uninstall and reinstall AVG2012 because I received the same error message when attempting to disable AVG. I wonder what that's all about. Anyway, here's the ComboFix log:

ComboFix 12-07-25.04 - Meter Reader 07/24/2012 11:32:36.2.2 - x86

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.1915.1076 [GMT -4:00]

Running from: c:\users\Meter Reader\Downloads\ComboFix.exe

Command switches used :: c:\users\Meter Reader\Downloads\CFScript.txt

AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files\Conduit

c:\program files\Conduit\Community Alerts\Alert.dll

c:\users\Meter Reader\AppData\Local\Conduit

c:\users\Meter Reader\AppData\Local\CRE

c:\users\Meter Reader\AppData\Local\CRE\pacgpkgadgmibnhpdidcnfafllnmeomc.crx

c:\users\Public\Desktop\Internet Security.lnk

.

.

((((((((((((((((((((((((( Files Created from 2012-06-24 to 2012-07-24 )))))))))))))))))))))))))))))))

.

.

2012-07-24 15:41 . 2012-07-24 15:41 -------- d-----w- c:\users\Mcx1-TANGYWAFFLE\AppData\Local\temp

2012-07-24 15:41 . 2012-07-24 15:41 -------- d-----w- c:\users\Guest\AppData\Local\temp

2012-07-24 15:41 . 2012-07-24 15:41 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-07-24 15:26 . 2012-07-24 15:26 -------- d-----w- c:\users\Meter Reader\AppData\Roaming\AVG2012

2012-07-24 15:24 . 2012-07-24 15:28 -------- d-----w- c:\programdata\AVG2012

2012-07-24 15:24 . 2012-07-24 15:24 -------- d-----w- C:\$AVG

2012-07-24 13:36 . 2012-07-24 15:42 -------- d-----w- c:\users\Meter Reader\AppData\Local\temp

2012-07-23 17:21 . 2012-07-24 11:23 -------- d-----w- C:\TDSSKiller_Quarantine

2012-07-22 20:14 . 2012-07-22 20:14 -------- d-----w- c:\program files\Mozilla Maintenance Service

2012-07-13 19:00 . 2012-07-13 19:00 -------- d-----w- c:\users\Meter Reader\AppData\Local\Ilivid Player

2012-07-13 18:56 . 2012-07-14 19:31 -------- d-----w- c:\program files\iLivid

2012-07-12 11:43 . 2012-06-12 02:40 2345984 ----a-w- c:\windows\system32\win32k.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-03 17:46 . 2010-06-08 00:16 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-18 16:44 . 2012-06-18 16:44 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-06-18 16:44 . 2011-05-14 16:04 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-06-02 22:19 . 2012-06-23 03:49 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-23 03:49 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-23 03:49 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-23 03:49 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:19 . 2012-06-23 03:49 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:12 . 2012-06-23 03:49 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:12 . 2012-06-23 03:49 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 19:19 . 2012-06-23 03:48 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 19:12 . 2012-06-23 03:48 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-05-15 03:03 . 2012-06-14 11:05 981504 ----a-w- c:\windows\system32\wininet.dll

2012-05-01 04:44 . 2012-06-14 11:04 164352 ----a-w- c:\windows\system32\profsvc.dll

2012-04-28 03:17 . 2012-06-14 11:05 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-04-26 04:45 . 2012-06-14 11:04 58880 ----a-w- c:\windows\system32\rdpwsx.dll

2012-04-26 04:45 . 2012-06-14 11:04 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll

2012-04-26 04:41 . 2012-06-14 11:04 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe

2012-07-14 00:17 . 2012-07-22 20:14 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"WSwitch"="c:\program files\Panasonic\WSwitch\WSwitch.exe" [2009-08-25 992064]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-20 1545512]

"Panasonic Hotkey Manager"="c:\program files\Panasonic\Hotkey Appendix\HKEYAPP.EXE" [2009-08-10 1064768]

"PCinfo"="c:\program files\Panasonic\pcinfo\PcInfoUt.exe" [2009-07-03 99136]

"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-08-12 1310720]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-24 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-24 174104]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-24 151064]

"PRunOnce"="c:\util\prunonce\PRunOnce.exe" [2009-07-16 161088]

"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKLM\~\startupfolder\C:^Users^Meter Reader^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]

path=c:\users\Meter Reader\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk

backup=c:\windows\pss\OpenOffice.org 3.3.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2011-03-30 01:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2011-08-31 01:57 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivX Download Manager]

2010-12-08 21:15 63360 ----a-w- c:\program files\DivX\DivX Plus Web Player\DDMService.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]

2011-03-21 21:10 1230704 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]

2011-08-01 19:56 1821576 ----a-w- c:\program files\Microsoft IntelliPoint\ipoint.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2011-04-08 16:59 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]

2011-10-29 18:37 273528 ----a-w- c:\program files\real\realplayer\Update\realsched.exe

.

R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\DRIVERS\avgidshx.sys [x]

R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]

R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y6232.sys [x]

R3 GemCCID;GemCCID;c:\windows\system32\Drivers\GemCCID.sys [x]

R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [x]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [x]

S0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx86.sys [x]

S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx86.sys [x]

S1 Avgtdix;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdix.sys [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [x]

S2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [x]

S2 PcInfoPi;Panasonic PC Information Viewer Service 2;c:\program files\Panasonic\pcinfo\PCInfoPi.exe [x]

S2 PcInfoSV;Panasonic PC Information Viewer;c:\program files\Panasonic\pcinfo\PCInfoSV.exe [x]

S2 regi;regi;c:\windows\system32\drivers\regi.sys [x]

S2 WDDMService;WD SmartWare Drive Manager;c:\program files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [x]

S2 WDSmartWareBackgroundService;WD SmartWare Background Service;c:\program files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe [x]

S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdriverx.sys [x]

S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\DRIVERS\avgidsfilterx.sys [x]

S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\DRIVERS\avgidsshimx.sys [x]

S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]

S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]

S3 NewMisc;Panasonic Misc Driver;c:\windows\system32\DRIVERS\newmisc.sys [x]

S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - AVGLDX86

*NewlyCreated* - AVGMFX86

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

deltafw

dsunidrv

pcradminserver

Cinemsup

ps2

elotouchscreen

atiavaiw

w300mdfl

rootmodem

tapeware

SE26mdm

{6080a529-897e-4629-a488-aba0c29b635e}

vet-rec

.

Contents of the 'Scheduled Tasks' folder

.

2012-04-09 c:\windows\Tasks\User_Feed_Synchronization-{F34AB467-A127-42A8-81EE-CBF6798984AF}.job

- c:\windows\system32\msfeedssync.exe [2011-06-27 12:17]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.att.net

TCP: DhcpNameServer = 74.128.19.102 74.128.17.114

FF - ProfilePath - c:\users\Meter Reader\AppData\Roaming\Mozilla\Firefox\Profiles\b8owkj2c.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com

FF - user.js: yahoo.homepage.dontask - true

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-2299845394-319895174-1185144609-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-2299845394-319895174-1185144609-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-07-24 11:48:21

ComboFix-quarantined-files.txt 2012-07-24 15:48

ComboFix2.txt 2012-07-24 13:49

.

Pre-Run: 31,998,599,168 bytes free

Post-Run: 31,815,000,064 bytes free

.

- - End Of File - - 694BD1EEA08D270D4818D8A71EAAD519

[Maniac]

In this case, don't forget to install it after all.

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

• Tick the box next to YES, I accept the Terms of Use
  
• Click Start
  
• When asked, allow the ActiveX control to install
  
• Click Start
  
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  
• Click Scan (This scan can take several hours, so please be patient)
  
• Once the scan is completed, you may close the window
  
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  
• Copy and paste that log as a reply to this topic
  

[CorkscrewArtist]

It is requesting that I install onlinescanner.cab. Is this something I need?

[Maniac]

For now - yes.

[CorkscrewArtist]

Never mind. I figured it out.

[CorkscrewArtist]

ESET Online Scanner Log:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=ad864473e9103043a53accccf9d7628a

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-07-24 08:31:25

# local_time=2012-07-24 04:31:25 (-0500, Eastern Daylight Time)

# country="United States"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=1024 16777215 100 0 0 0 0 0

# compatibility_mode=5893 16776574 100 94 22682455 94700997 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=155018

# found=23

# cleaned=22

# scan_time=5679

C:\TDSSKiller_Quarantine\23.07.2012_13.18.59\mbr0000\tdlfs0000\tsk0002.dta Win64/Olmarik.AD trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\TDSSKiller_Quarantine\23.07.2012_13.18.59\mbr0000\tdlfs0000\tsk0003.dta Win32/Olmarik.AYH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\TDSSKiller_Quarantine\23.07.2012_13.18.59\mbr0000\tdlfs0000\tsk0004.dta Win64/Olmarik.AG trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\TDSSKiller_Quarantine\23.07.2012_13.18.59\mbr0000\tdlfs0000\tsk0005.dta a variant of Win32/Rootkit.Kryptik.KB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\TDSSKiller_Quarantine\23.07.2012_13.18.59\mbr0000\tdlfs0000\tsk0006.dta Win64/Olmarik.AF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\TDSSKiller_Quarantine\23.07.2012_13.18.59\mbr0000\tdlfs0000\tsk0010.dta Win32/Olmarik.AWO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\TDSSKiller_Quarantine\23.07.2012_13.18.59\mbr0000\tdlfs0000\tsk0011.dta Win64/Olmarik.X trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\TDSSKiller_Quarantine\24.07.2012_07.21.53\tdlfs0000\tsk0002.dta Win64/Olmarik.AD trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\TDSSKiller_Quarantine\24.07.2012_07.21.53\tdlfs0000\tsk0003.dta Win32/Olmarik.AYH trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\TDSSKiller_Quarantine\24.07.2012_07.21.53\tdlfs0000\tsk0004.dta Win64/Olmarik.AG trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\TDSSKiller_Quarantine\24.07.2012_07.21.53\tdlfs0000\tsk0005.dta a variant of Win32/Rootkit.Kryptik.KB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\TDSSKiller_Quarantine\24.07.2012_07.21.53\tdlfs0000\tsk0006.dta Win64/Olmarik.AF trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\TDSSKiller_Quarantine\24.07.2012_07.21.53\tdlfs0000\tsk0010.dta Win32/Olmarik.AWO trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\TDSSKiller_Quarantine\24.07.2012_07.21.53\tdlfs0000\tsk0011.dta Win64/Olmarik.X trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\vqulcnqq.default\extensions\fcwewfopxk@fcwewfopxk.org.xpi JS/Redirector.NBX trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Users\Meter Reader\AppData\Roaming\Mozilla\Firefox\Profiles\b8owkj2c.default\extensions\fcwewfopxk@fcwewfopxk.org.xpi JS/Redirector.NBX trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ET0D1H9Z\2395ccc009752c4a[1].htm JS/Fraud.NAP trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GQKPUNCP\bestbuyportablepc_org[1].htm HTML/Iframe.B.Gen virus (deleted - quarantined) 00000000000000000000000000000000 C

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GQKPUNCP\index[1].htm JS/Iframe.CV trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NJBE8A98\index[1].htm JS/Iframe.CV trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\4f0a9fe0-318fc132 Java/Exploit.CVE-2012-0507.B trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\4932e8e8-14290bf2 Java/Agent.EI trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Windows\System32\drivers\dfsc.sys Win32/Sirefef.DA trojan (unable to clean) 00000000000000000000000000000000 I

[CorkscrewArtist]

Should I unistall the application, delete quarantined files and/or click finish?

[Maniac]

You could uninstall it.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older versions of Java components and upgrade the application.

Upgrading Java :

Please download JavaRa to your desktop and unzip it to its own folder

• Run JavaRa.exe, then click Remove JRE.
  
• Run the built-in uninstallers for all copies of java listed
  
• Click the Next button
  
• Click the Next button again
  
• Click the Java Manual Download link
  
• A browser window will open with the Java download page
  
• Click the Windows Offline (32-bit) or Windows Offline (64-bit) link to download Java (based on your system's version)
  
• Run the installer
  
• Close JavaRa

[CorkscrewArtist]

Okay, I uninstalled JavaRa, and then downloaded the newest Java version.

[CorkscrewArtist]

I mean I uninstalled Java using JavaRa, and then downloaded and installed the newest version of Java.

[Maniac]

Okay

How is your PC now?

[CorkscrewArtist]

Everything seems normal! Do I need to do anything else?

[Maniac]

Glad I could help!

Please uninstall ComboFix:

www.bleepingcomputer.com/combofix/how-to-use-combofix#uninstall

Next, uninstall ESET Online Scanner and then manually delete DDS, aswMBR, JavaRa and TDSSKiller.

Some malware prevention tips:

http://forums.malwarebytes.org/index.php?showtopic=104379

Safe surfing!