Infected with Trojan Host svchost.exe, trying to remove it

JoeLangston · August 1, 2012

Everytime I have been running Malwarebyte Anti-Malware lately, I have been told that my computer is infected with Trojan Host svchost.exe. What do I need to do is order to get rid of this? mbam-log-2012-08-01 (19-16-39).txt

MrCharlie · August 1, 2012

Welcome to the forum, please start at the link below:

http://forums.malwar...?showtopic=9573

Post back the 2 logs here.....DDS.txt and Attach.txt

<====><====><====><====><====><====><====><====>

Next.......

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

JoeLangston · August 2, 2012

Gah, sorry about that there. Here you go.

DDS

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31

Run by Peter at 2:22:45 on 2012-08-02

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8187.4384 [GMT -4:00]

.

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe

C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe

C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe

C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files (x86)\Steam\Steam.exe

C:\Program Files (x86)\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\Ask.com\Updater\Updater.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\DAEMON Tools Lite\DTShellHlp.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files (x86)\Common Files\Steam\SteamService.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe

C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe

-netsvcs

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\mIRC\mirc.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Windows\notepad.exe

C:\Program Files (x86)\AIM\aim.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uURLSearchHooks: SearchHook Class: {bc86e1ab-eda5-4059-938f-ce307b0c6f0a} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll

uURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll

mURLSearchHooks: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll

BHO: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: WinZip Courier BHO: {a8fb70fa-0fdf-4601-9dc4-bfa1b357204f} - C:\PROGRA~2\WINZIP~1\wzwmcie.dll

BHO: Support.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: BHO Class: {dd92de22-ed91-4560-b788-dee2b26612e6} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\IEHelper.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll

TB: Support.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll

TB: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll

uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent

uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

uRun: [sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe /autoRun

uRun: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"

mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe

mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

StartupFolder: C:\Users\Peter\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENVP~1.LNK - C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\uiboot.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

TCP: DhcpNameServer = 192.168.2.1

TCP: Interfaces\{66C4872E-3CE5-4011-A3A3-CF092E40EACE} : DhcpNameServer = 10.0.8.1

TCP: Interfaces\{7A3F43A8-9728-4647-B44D-455D570EFEEB} : DhcpNameServer = 192.168.2.1

TCP: Interfaces\{A4AF4F34-F273-4D77-8F27-73A0954F2480} : DhcpNameServer = 192.168.2.1

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll

BHO-X64: 0x1 - No File

BHO-X64: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll

BHO-X64: uTorrentControl2 - No File

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: WinZip Courier BHO: {A8FB70FA-0FDF-4601-9DC4-BFA1B357204F} - C:\PROGRA~2\WINZIP~1\wzwmcie.dll

BHO-X64: WinZip Courier BHO - No File

BHO-X64: Support.com Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

BHO-X64: Ask Toolbar BHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: BHO Class: {DD92DE22-ED91-4560-B788-DEE2B26612E6} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\IEHelper.dll

BHO-X64: CStat - No File

BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll

TB-X64: Support.com Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll

TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll

TB-X64: uTorrentControl2 Toolbar: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files (x86)\uTorrentControl2\prxtbuTor.dll

mRun-x64: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe

mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\tzsdh8o0.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - uTorrentControl2 Customized Web Search

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=

FF - prefs.js: network.proxy.ftp - falkenstein.tunnelr.com

FF - prefs.js: network.proxy.ftp_port - 53

FF - prefs.js: network.proxy.http - falkenstein.tunnelr.com

FF - prefs.js: network.proxy.http_port - 53

FF - prefs.js: network.proxy.socks - falkenstein.tunnelr.com

FF - prefs.js: network.proxy.socks_port - 53

FF - prefs.js: network.proxy.ssl - falkenstein.tunnelr.com

FF - prefs.js: network.proxy.ssl_port - 53

FF - prefs.js: network.proxy.type - 4

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\Program Files (x86)\WinZip Courier\npwzwmc.dll

FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll

FF - plugin: C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\tzsdh8o0.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\plugins\np-mswmp.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

.

---- FIREFOX POLICIES ----

FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false

.

============= SERVICES / DRIVERS ===============

.

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 BCUService;Browser Configuration Utility Service;C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2011-12-6 212232]

R2 DlinkNdPt60;D-Link NDIS Protocol Driver;C:\Windows\system32\DRIVERS\DlinkNdPt60.sys --> C:\Windows\system32\DRIVERS\DlinkNdPt60.sys [?]

R2 Dokan;Dokan;\??\C:\Windows\system32\drivers\dokan.sys --> C:\Windows\system32\drivers\dokan.sys [?]

R2 DokanMounter;DokanMounter;C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe [2011-1-10 14848]

R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-6-28 8704]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-13 655944]

R2 OpenVPNAccessClient;OpenVPN Access Client;C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe [2010-8-12 24064]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 AN983X64;Infineon AN983B PCI Fast Ethernet Adapter for Windows X64;C:\Windows\system32\DRIVERS\AN983X64.sys --> C:\Windows\system32\DRIVERS\AN983X64.sys [?]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]

R3 DLKRT64;D-Link DGE-530T Gigabit Ethernet Adapter Driver;C:\Windows\system32\DRIVERS\DLKRT64.sys --> C:\Windows\system32\DRIVERS\DLKRT64.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 tapoas;TAP-Win32 Adapter OAS;C:\Windows\system32\DRIVERS\tapoas.sys --> C:\Windows\system32\DRIVERS\tapoas.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-2-17 136176]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-5-3 158856]

S3 DLINKVLANPT;D-Link Vlan Protocol Driver (NDIS 6.0);C:\Windows\system32\DRIVERS\DLINKVlan60.sys --> C:\Windows\system32\DRIVERS\DLINKVlan60.sys [?]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-2-17 136176]

S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\system32\DRIVERS\ivusb.sys --> C:\Windows\system32\DRIVERS\ivusb.sys [?]

S3 mbamchameleon;mbamchameleon;\??\C:\Windows\system32\drivers\mbamchameleon.sys --> C:\Windows\system32\drivers\mbamchameleon.sys [?]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 113120]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-08-02 03:07:57 -------- d-----w- C:\FRST

2012-08-01 22:44:28 20480 ------w- C:\Windows\svchost.exe

2012-08-01 22:37:14 -------- d-sh--w- C:\$RECYCLE.BIN

2012-08-01 21:04:27 98816 ----a-w- C:\Windows\sed.exe

2012-08-01 21:04:27 518144 ----a-w- C:\Windows\SWREG.exe

2012-08-01 21:04:27 256000 ----a-w- C:\Windows\PEV.exe

2012-08-01 21:04:27 208896 ----a-w- C:\Windows\MBR.exe

2012-08-01 21:02:15 -------- d-----w- C:\TDSSKiller_Quarantine

2012-08-01 20:10:41 -------- d-----w- C:\Users\Peter\AppData\Local\{E00CCE63-2786-4896-8F1F-E8D9FF427791}

2012-08-01 20:10:14 -------- d-----w- C:\Users\Peter\AppData\Local\{A42871C1-0583-484D-8551-E43A7AC9A095}

2012-07-31 20:06:37 -------- d-----w- C:\Users\Peter\AppData\Local\Package Cache

2012-07-31 13:43:27 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{AA33ED8E-0AB1-4307-A49B-4CF7BB523678}\mpengine.dll

2012-07-31 08:43:27 -------- d-----w- C:\Users\Peter\AppData\Local\{AF2209FB-AE6A-4382-8912-672377A796AB}

2012-07-31 08:43:11 -------- d-----w- C:\Users\Peter\AppData\Local\{1965026E-320D-443D-93BC-864518410D49}

2012-07-31 08:33:01 5120 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\B9D7.tmp

2012-07-27 23:03:42 -------- d-----w- C:\Users\Peter\AppData\Local\{AC01B674-844E-4AA7-BD22-83AEF05BF72C}

2012-07-27 23:03:31 -------- d-----w- C:\Users\Peter\AppData\Local\{F759E279-A27E-48DD-9C54-3A10FA79EF4C}

2012-07-27 04:05:40 -------- d-----w- C:\Program Files (x86)\Stellar Impact

2012-07-26 15:48:02 -------- d-----w- C:\ProgramData\Steam

2012-07-26 15:48:01 -------- d-----w- C:\ProgramData\PopCap Games

2012-07-26 13:21:21 -------- d-----w- C:\Users\Peter\AppData\Local\{783F2BE8-1ABA-43A7-B619-FC2C994E9BC8}

2012-07-26 13:20:59 -------- d-----w- C:\Users\Peter\AppData\Local\{4DEDE137-4BA3-4397-BC34-5543DE05028D}

2012-07-25 18:16:54 -------- d-----w- C:\Users\Peter\AppData\Local\{B6E43D3B-F451-4C81-9A12-844679920CE8}

2012-07-24 03:04:45 -------- d-----w- C:\Users\Peter\AppData\Local\{142B9F3C-5083-40E4-A64C-26199C641D1F}

2012-07-24 03:04:35 -------- d-----w- C:\Users\Peter\AppData\Local\{BAD4D8DE-160F-4533-A963-21672E95B223}

2012-07-22 06:20:38 -------- d-----w- C:\Users\Peter\AppData\Local\Demiurge Studios

2012-07-21 21:57:34 -------- d-----w- C:\Users\Peter\AppData\Local\{60A9FFD0-C6D2-470B-B52F-1FCB7C75B00C}

2012-07-21 21:57:22 -------- d-----w- C:\Users\Peter\AppData\Local\{0E1020E3-7695-49E7-BD49-9926D7809B82}

2012-07-21 04:20:02 -------- d-----w- C:\ProgramData\Nexon

2012-07-17 19:01:40 -------- d-----w- C:\Users\Peter\AppData\Local\{8521B565-FD9B-42D9-AAEA-0BF9C003AC2B}

2012-07-17 19:01:29 -------- d-----w- C:\Users\Peter\AppData\Local\{4209231D-E2BC-4F17-88B5-9BE081865263}

2012-07-17 03:14:04 -------- d-----w- C:\Users\Peter\AppData\Local\{18C11A2C-4A71-44D9-B63B-840C55CE0AC4}

2012-07-17 03:13:52 -------- d-----w- C:\Users\Peter\AppData\Local\{8FA1A5B8-A5A4-4968-9C4C-D01E0ADD6818}

2012-07-13 22:37:02 -------- d-----w- C:\Users\Peter\AppData\Local\{6C07BBB7-2CAE-40E6-B3A9-CE0F7896B1BE}

2012-07-13 22:36:52 -------- d-----w- C:\Users\Peter\AppData\Local\{5182C70D-9160-47A5-A5BC-58113DA6C5F4}

2012-07-13 03:37:52 -------- d-----w- C:\Users\Peter\AppData\Local\{5E526D76-256F-4366-B67F-7B6E1434429C}

2012-07-12 15:37:31 -------- d-----w- C:\Users\Peter\AppData\Local\{2F5BED05-F013-40FF-937E-39F42F86478C}

2012-07-12 15:37:10 -------- d-----w- C:\Users\Peter\AppData\Local\{ECEB79D3-72E0-440C-A9CB-DD21B6144B99}

2012-07-12 03:36:45 -------- d-----w- C:\Users\Peter\AppData\Local\{A98CD1DA-C525-4323-9E1E-B3F61E87F069}

2012-07-12 03:36:35 -------- d-----w- C:\Users\Peter\AppData\Local\{D0D33F72-06AC-47E2-843F-2EFFB0544E8F}

2012-07-11 07:06:27 3148800 ----a-w- C:\Windows\System32\win32k.sys

2012-07-11 07:03:19 -------- d-----w- C:\Users\Peter\AppData\Local\{61F86160-63C1-4A87-A3C0-283744196D6F}

2012-07-11 07:02:56 -------- d-----w- C:\Users\Peter\AppData\Local\{AD9D592D-3FFE-4220-9843-FCB63C4345F1}

2012-07-11 02:25:24 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll

2012-07-10 19:02:30 -------- d-----w- C:\Users\Peter\AppData\Local\{9B8B1972-962C-46A6-81DB-114D0A33EDB1}

2012-07-10 19:02:20 -------- d-----w- C:\Users\Peter\AppData\Local\{A18FD625-F5CE-4C0F-9308-52DA157199A8}

2012-07-07 16:59:02 -------- d-----w- C:\New folder

2012-07-07 16:58:54 -------- d-----w- C:\Testing

2012-07-07 02:43:57 -------- d-----w- C:\Users\Peter\OilRush

2012-07-04 19:08:28 -------- d-----w- C:\Windows\8A809006C25A4A3A9DAB94659BCDB107.TMP

.

==================== Find3M ====================

.

2012-07-03 17:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-06-09 02:17:29 281288 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr

2012-06-09 02:17:29 281288 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll

2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll

2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll

2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll

2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll

2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll

2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys

2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll

2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll

2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

2012-05-31 16:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe

2012-05-30 04:26:46 281288 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0

2012-05-21 00:28:21 560184 ----a-w- C:\Windows\System32\drivers\sptd.sys

2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe

2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

.

============= FINISH: 2:24:03.34 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 12/6/2011 3:57:00 PM

System Uptime: 8/1/2012 7:15:10 PM (7 hours ago)

.

Motherboard: Gigabyte Technology Co., Ltd. | | P55-UD3R

Processor: Intel® Core i5 CPU 750 @ 2.67GHz | Socket 1156 | 2793/133mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 596 GiB total, 125.989 GiB free.

E: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP168: 7/31/2012 3:20:15 AM - Installed DirectX

RP170: 7/31/2012 5:08:17 AM - Windows Defender Checkpoint

RP171: 7/31/2012 9:42:36 AM - Windows Update

.

==== Installed Programs ======================

.

7-Zip 9.20

Adobe Flash Player 11 ActiveX

Age of Empires III: Complete Collection

AIM 7

Alien Shooter 2 Conscription

All Zombies Must Die!

APB Reloaded

ARMA 2

ARMA 2: British Armed Forces

ARMA 2: Operation Arrowhead

Ask Toolbar

AZMD! Scorepocalypse

Battlefield 2142 Deluxe Edition

Binary Domain

Browser Configuration Utility

Bulletstorm

Burn Zombie Burn

Catalyst Control Center

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Chantelise

City of Heroes

D3DX10

DAEMON Tools Lite

DarkStar One

DC Universe Online

Defense Grid: The Awakening

Deus Ex: Human Revolution

Deus Ex: Human Revolution - The Missing Link

DFOLauncher

DGE-530T Ethernet Controller All-In-One Windows Driver

Diagnostics

Disciples III: Renaissance

Disciples III: Resurrection

Dokan Library 0.6.0

Download Updater (AOL LLC)

Dungeon Defenders

Dungeon Siege

Evochron Mercenary

Face of Mankind

Fortune Summoners: Secret of the Elemental Stone

Fractal

Genesis Rising

Gigabyte Raid Configurer

Google Earth

Google Update Helper

Gratuitous Tank Battles

Hi-Rez Studios Authenticate and Update Service

HydraVision

Java Auto Updater

Java 6 Update 22

Java 6 Update 31

Junk Mail filter update

Killing Floor

League of Legends

Left 4 Dead

Left 4 Dead 2

Legend of Grimrock

Magicka

Malwarebytes Anti-Malware version 1.62.0.1300

Mass Effect

Mass Effect 2

Mass Effect™ 3 Demo

Max and the Magic Marker

MechWarrior Online

Memoir '44 Online

Microsoft Chart Controls for Microsoft .NET Framework 3.5

Microsoft Games for Windows - LIVE Redistributable

Microsoft Games for Windows Marketplace

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft XNA Framework Redistributable 3.1

Microsoft XNA Framework Redistributable 4.0

Mozilla Firefox 14.0.1 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MTA:SA v1.3

Mumble 1.2.3

NCsoft Launcher

Nexon Game Manager

Nuclear Dawn

Nuclear Dawn Authoring Tools Beta

NVIDIA PhysX

Oil Rush

On the Rain-Slick Precipice of Darkness, Episode One

On the Rain-Slick Precipice of Darkness, Episode Two

OpenOffice.org 3.3

OpenVPN Client

Orcs Must Die!

Orcs Must Die! 2

Origin

Pando Media Booster

PAYDAY: The Heist

Penny Arcade's On the Rain-Slick Precipice of Darkness 3

PHANTASY STAR ONLINE 2 ??????????????

Plants vs. Zombies: Game of the Year

Portal 2

PunkBuster Services

Realtek High Definition Audio Driver

Saints Row 2

Saints Row: The Third

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Shoot Many Robots

Skype™ 5.9

SOL: Exodus

Star Trek Online

Star Wolves 3: Civil War

Steam

Stellar Impact

SumatraPDF

Syndicate™

The Ultimate DOOM

Tribes: Ascend

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

uTorrentControl2 Toolbar (huh, I thought I uninstalled Utorrent ages ago. Ooops.)

VLC media player 1.1.11

Wargame: European Escalation

Warhammer 40,000 Space Marine

Warhammer® 40,000®: Dawn of War® II – Retribution™

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Messenger

Windows Live Photo Common

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

WinZip Courier

World in Conflict

World in Conflict: Soviet Assault

World of Tanks v.0.7.1

Wurm Online 3.1.4

Yahoo! Messenger

Yahoo! Software Update

Yahoo! Toolbar

Ys Origin

Ys: The Oath in Felghana

.

==== Event Viewer Messages From Past Week ========

.

8/1/2012 7:21:58 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.

8/1/2012 7:05:23 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD cdrom DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf ws2ifsl

8/1/2012 7:05:21 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

8/1/2012 7:05:21 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

8/1/2012 7:05:21 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

8/1/2012 7:05:21 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

8/1/2012 7:05:21 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

8/1/2012 7:05:21 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

8/1/2012 7:05:21 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

8/1/2012 7:05:21 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

8/1/2012 7:05:21 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

8/1/2012 7:05:21 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

8/1/2012 7:05:21 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

8/1/2012 7:04:43 PM, Error: sptd [4] - Driver detected an internal error in its data structures for .

8/1/2012 6:05:06 PM, Error: Service Control Manager [7034] - The OpenVPN Access Client service terminated unexpectedly. It has done this 1 time(s).

8/1/2012 6:05:06 PM, Error: Service Control Manager [7034] - The DokanMounter service terminated unexpectedly. It has done this 1 time(s).

8/1/2012 6:04:12 PM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.

8/1/2012 6:03:03 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

8/1/2012 6:01:33 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

8/1/2012 5:42:38 PM, Error: Service Control Manager [7000] - The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: A device attached to the system is not functioning.

8/1/2012 5:40:16 PM, Error: Service Control Manager [7001] - The IKE and AuthIP IPsec Keying Modules service depends on the BFE service which failed to start because of the following error: Access is denied.

8/1/2012 5:40:14 PM, Error: Service Control Manager [7001] - The Windows Firewall service depends on the BFE service which failed to start because of the following error: Access is denied.

8/1/2012 5:40:14 PM, Error: Service Control Manager [7000] - The BFE service failed to start due to the following error: Access is denied.

8/1/2012 5:35:29 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

8/1/2012 5:35:28 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

8/1/2012 5:35:28 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

8/1/2012 5:35:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

8/1/2012 5:35:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

8/1/2012 5:35:23 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

8/1/2012 5:35:15 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

8/1/2012 4:56:07 PM, Error: Service Control Manager [7034] - The Browser Configuration Utility Service service terminated unexpectedly. It has done this 1 time(s).

8/1/2012 4:36:31 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD cdrom DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf

8/1/2012 4:34:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

8/1/2012 4:34:00 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

8/1/2012 4:34:00 PM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

8/1/2012 4:10:18 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.

8/1/2012 4:10:18 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

7/31/2012 4:34:11 AM, Error: Service Control Manager [7023] - The Windows Time service terminated with the following error: A system shutdown is in progress.

.

==== End Of File ===========================

Ok and here is the Roguekiller one.

RogueKiller V7.6.4 [07/17/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: Peter [Admin rights]

Mode: Scan -- Date: 08/01/2012 19:00:53

¤¤¤ Bad processes: 1 ¤¤¤

[sVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 3 ¤¤¤

[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD6401AALS-00L3B2 ATA Device +++++

--- User ---

[MBR] f20732921f567ea9cef1c60d5130ef25

[bSP] 759941890520dfa37ef32a58ee304908 : Windows 7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 610378 Mo

User = LL1 ... OK!

User != LL2 ... KO!

--- LL2 ---

[MBR] 1cebe28478b2de6db2f2bf64c8ee0f96

[bSP] 759941890520dfa37ef32a58ee304908 : Windows 7 MBR Code

Partition table:

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 610378 Mo

+++++ PhysicalDrive1: USB Flash Memory USB Device +++++

--- User ---

[MBR] aa77f86568632ecebf56a67ad3cafe0b

[bSP] 4c9e7e8f6ad85054e2a36efc37abe227 : MBR Code unknown

Partition table:

0 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 63 | Size: 1910 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

Finished : << RKreport[2].txt >>

RKreport[1].txt ; RKreport[2].txt

Thank you for the assistance that you are providing to me.

MrCharlie · August 2, 2012

Please make sure system restore is running and create a new restore point before continuing.

XP <===> Vista & W7

XP users > please back up the registry using ERUNT.

-----------------------------------------

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

------------------------

Click the Start Scan button.

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

JoeLangston · August 2, 2012

Alright, just ran TDSSKiller here.

11:32:58.0702 6920 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32

11:32:58.0927 6920 ============================================================

11:32:58.0927 6920 Current date / time: 2012/08/02 11:32:58.0927

11:32:58.0927 6920 SystemInfo:

11:32:58.0927 6920

11:32:58.0927 6920 OS Version: 6.1.7601 ServicePack: 1.0

11:32:58.0927 6920 Product type: Workstation

11:32:58.0927 6920 ComputerName: PETER-PC

11:32:58.0927 6920 UserName: Peter

11:32:58.0927 6920 Windows directory: C:\Windows

11:32:58.0927 6920 System windows directory: C:\Windows

11:32:58.0927 6920 Running under WOW64

11:32:58.0927 6920 Processor architecture: Intel x64

11:32:58.0927 6920 Number of processors: 4

11:32:58.0927 6920 Page size: 0x1000

11:32:58.0927 6920 Boot type: Normal boot

11:32:58.0927 6920 ============================================================

11:32:59.0874 6920 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x14301, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040

11:32:59.0877 6920 ============================================================

11:32:59.0877 6920 \Device\Harddisk0\DR0:

11:32:59.0877 6920 MBR partitions:

11:32:59.0877 6920 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x4A825000

11:32:59.0877 6920 ============================================================

11:32:59.0898 6920 C: <-> \Device\Harddisk0\DR0\Partition0

11:32:59.0898 6920 ============================================================

11:32:59.0898 6920 Initialize success

11:32:59.0898 6920 ============================================================

11:33:11.0426 4208 ============================================================

11:33:11.0426 4208 Scan started

11:33:11.0426 4208 Mode: Manual; SigCheck; TDLFS;

11:33:11.0426 4208 ============================================================

11:33:13.0725 4208 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

11:33:13.0816 4208 1394ohci - ok

11:33:13.0880 4208 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

11:33:13.0893 4208 ACPI - ok

11:33:13.0934 4208 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

11:33:13.0998 4208 AcpiPmi - ok

11:33:14.0085 4208 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

11:33:14.0143 4208 adp94xx - ok

11:33:14.0184 4208 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

11:33:14.0197 4208 adpahci - ok

11:33:14.0215 4208 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

11:33:14.0225 4208 adpu320 - ok

11:33:14.0262 4208 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

11:33:14.0405 4208 AeLookupSvc - ok

11:33:14.0485 4208 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

11:33:14.0532 4208 AFD - ok

11:33:14.0570 4208 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

11:33:14.0580 4208 agp440 - ok

11:33:14.0597 4208 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

11:33:14.0643 4208 ALG - ok

11:33:14.0683 4208 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

11:33:14.0693 4208 aliide - ok

11:33:14.0758 4208 AMD External Events Utility (20c8a3e435a47f0408a1ea674afa6194) C:\Windows\system32\atiesrxx.exe

11:33:14.0787 4208 AMD External Events Utility - ok

11:33:14.0790 4208 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

11:33:14.0798 4208 amdide - ok

11:33:14.0832 4208 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

11:33:14.0868 4208 AmdK8 - ok

11:33:15.0577 4208 amdkmdag (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys

11:33:15.0818 4208 amdkmdag - ok

11:33:16.0023 4208 amdkmdap (0e57258e5cc4cc7a9a9a877afdf0cec6) C:\Windows\system32\DRIVERS\atikmpag.sys

11:33:16.0075 4208 amdkmdap - ok

11:33:16.0113 4208 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

11:33:16.0147 4208 AmdPPM - ok

11:33:16.0210 4208 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

11:33:16.0225 4208 amdsata - ok

11:33:16.0258 4208 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

11:33:16.0274 4208 amdsbs - ok

11:33:16.0291 4208 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

11:33:16.0299 4208 amdxata - ok

11:33:16.0350 4208 AN983X64 (8b538d3e36efb49fa8a37f9f023862a4) C:\Windows\system32\DRIVERS\AN983X64.sys

11:33:16.0380 4208 AN983X64 - ok

11:33:16.0422 4208 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

11:33:16.0599 4208 AppID - ok

11:33:16.0645 4208 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

11:33:16.0701 4208 AppIDSvc - ok

11:33:16.0759 4208 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

11:33:16.0824 4208 Appinfo - ok

11:33:16.0873 4208 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll

11:33:16.0886 4208 AppMgmt - ok

11:33:16.0905 4208 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

11:33:16.0914 4208 arc - ok

11:33:16.0937 4208 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

11:33:16.0947 4208 arcsas - ok

11:33:17.0107 4208 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

11:33:17.0121 4208 aspnet_state - ok

11:33:17.0146 4208 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

11:33:17.0195 4208 AsyncMac - ok

11:33:17.0228 4208 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

11:33:17.0239 4208 atapi - ok

11:33:17.0315 4208 AtiHDAudioService (24464b908e143d2561e9e452fee97309) C:\Windows\system32\drivers\AtihdW76.sys

11:33:17.0334 4208 AtiHDAudioService - ok

11:33:17.0375 4208 AtiHdmiService (9ddb366b23210f1d62b7abcf205cd6f3) C:\Windows\system32\drivers\AtiHdmi.sys

11:33:17.0385 4208 AtiHdmiService - ok

11:33:18.0115 4208 atikmdag (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys

11:33:18.0206 4208 atikmdag - ok

11:33:18.0409 4208 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

11:33:18.0479 4208 AudioEndpointBuilder - ok

11:33:18.0486 4208 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

11:33:18.0515 4208 AudioSrv - ok

11:33:18.0574 4208 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

11:33:18.0656 4208 AxInstSV - ok

11:33:18.0759 4208 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

11:33:18.0816 4208 b06bdrv - ok

11:33:18.0878 4208 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

11:33:18.0931 4208 b57nd60a - ok

11:33:19.0036 4208 BCUService (936209b6f93d0e11659cb2d229fe6583) C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe

11:33:19.0053 4208 BCUService - ok

11:33:19.0096 4208 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

11:33:19.0137 4208 BDESVC - ok

11:33:19.0159 4208 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

11:33:19.0205 4208 Beep - ok

11:33:19.0303 4208 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll

11:33:19.0355 4208 BFE - ok

11:33:19.0440 4208 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll

11:33:19.0507 4208 BITS - ok

11:33:19.0555 4208 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

11:33:19.0581 4208 blbdrive - ok

11:33:19.0621 4208 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

11:33:19.0643 4208 bowser - ok

11:33:19.0674 4208 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

11:33:19.0727 4208 BrFiltLo - ok

11:33:19.0737 4208 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

11:33:19.0753 4208 BrFiltUp - ok

11:33:19.0788 4208 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys

11:33:19.0835 4208 BridgeMP - ok

11:33:19.0907 4208 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

11:33:19.0969 4208 Browser - ok

11:33:20.0000 4208 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

11:33:20.0030 4208 Brserid - ok

11:33:20.0043 4208 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

11:33:20.0074 4208 BrSerWdm - ok

11:33:20.0089 4208 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

11:33:20.0113 4208 BrUsbMdm - ok

11:33:20.0131 4208 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

11:33:20.0155 4208 BrUsbSer - ok

11:33:20.0185 4208 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

11:33:20.0210 4208 BTHMODEM - ok

11:33:20.0252 4208 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

11:33:20.0294 4208 bthserv - ok

11:33:20.0311 4208 catchme - ok

11:33:20.0337 4208 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

11:33:20.0383 4208 cdfs - ok

11:33:20.0450 4208 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

11:33:20.0463 4208 cdrom - ok

11:33:20.0517 4208 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

11:33:20.0575 4208 CertPropSvc - ok

11:33:20.0593 4208 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

11:33:20.0606 4208 circlass - ok

11:33:20.0645 4208 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

11:33:20.0672 4208 CLFS - ok

11:33:20.0765 4208 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

11:33:20.0780 4208 clr_optimization_v2.0.50727_32 - ok

11:33:20.0860 4208 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

11:33:20.0874 4208 clr_optimization_v2.0.50727_64 - ok

11:33:20.0976 4208 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

11:33:20.0990 4208 clr_optimization_v4.0.30319_32 - ok

11:33:21.0236 4208 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

11:33:21.0253 4208 clr_optimization_v4.0.30319_64 - ok

11:33:21.0280 4208 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

11:33:21.0332 4208 CmBatt - ok

11:33:21.0363 4208 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

11:33:21.0372 4208 cmdide - ok

11:33:21.0432 4208 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys

11:33:21.0490 4208 CNG - ok

11:33:21.0502 4208 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

11:33:21.0514 4208 Compbatt - ok

11:33:21.0572 4208 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

11:33:21.0606 4208 CompositeBus - ok

11:33:21.0624 4208 COMSysApp - ok

11:33:21.0639 4208 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

11:33:21.0655 4208 crcdisk - ok

11:33:21.0716 4208 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll

11:33:21.0781 4208 CryptSvc - ok

11:33:21.0862 4208 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys

11:33:21.0921 4208 CSC - ok

11:33:22.0008 4208 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll

11:33:22.0049 4208 CscService - ok

11:33:22.0149 4208 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

11:33:22.0213 4208 DcomLaunch - ok

11:33:22.0259 4208 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

11:33:22.0292 4208 defragsvc - ok

11:33:22.0367 4208 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

11:33:22.0408 4208 DfsC - ok

11:33:22.0468 4208 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

11:33:22.0528 4208 Dhcp - ok

11:33:22.0572 4208 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

11:33:22.0625 4208 discache - ok

11:33:22.0662 4208 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

11:33:22.0672 4208 Disk - ok

11:33:22.0714 4208 DlinkNdPt60 (88c04fea41440605ac427d014f79cc02) C:\Windows\system32\DRIVERS\DlinkNdPt60.sys

11:33:22.0733 4208 DlinkNdPt60 - ok

11:33:22.0746 4208 DLINKVLANPT (18070add278c80fb56339794333c3cc2) C:\Windows\system32\DRIVERS\DLINKVlan60.sys

11:33:22.0764 4208 DLINKVLANPT - ok

11:33:22.0837 4208 DLKRT64 (ad4cd76e09cbb42fd3cd21d49451a5b9) C:\Windows\system32\DRIVERS\DLKRT64.sys

11:33:22.0899 4208 DLKRT64 - ok

11:33:22.0947 4208 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

11:33:22.0996 4208 Dnscache - ok

11:33:23.0041 4208 Dokan (fa122bc1451b1b35b7814fbe1acf1924) C:\Windows\system32\drivers\dokan.sys

11:33:23.0065 4208 Dokan - ok

11:33:23.0178 4208 DokanMounter (8c856e531a1170f53ac6844e89cd0b5f) C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe

11:33:23.0194 4208 DokanMounter ( UnsignedFile.Multi.Generic ) - warning

11:33:23.0194 4208 DokanMounter - detected UnsignedFile.Multi.Generic (1)

11:33:23.0245 4208 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

11:33:23.0296 4208 dot3svc - ok

11:33:23.0338 4208 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

11:33:23.0394 4208 DPS - ok

11:33:23.0439 4208 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

11:33:23.0470 4208 drmkaud - ok

11:33:23.0573 4208 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

11:33:23.0606 4208 DXGKrnl - ok

11:33:23.0618 4208 EagleX64 - ok

11:33:23.0661 4208 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

11:33:23.0731 4208 EapHost - ok

11:33:23.0996 4208 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

11:33:24.0080 4208 ebdrv - ok

11:33:24.0234 4208 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

11:33:24.0274 4208 EFS - ok

11:33:24.0363 4208 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

11:33:24.0417 4208 ehRecvr - ok

11:33:24.0456 4208 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

11:33:24.0500 4208 ehSched - ok

11:33:24.0616 4208 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

11:33:24.0644 4208 elxstor - ok

11:33:24.0684 4208 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

11:33:24.0711 4208 ErrDev - ok

11:33:24.0786 4208 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

11:33:24.0854 4208 EventSystem - ok

11:33:24.0897 4208 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

11:33:24.0938 4208 exfat - ok

11:33:24.0965 4208 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

11:33:25.0008 4208 fastfat - ok

11:33:25.0096 4208 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

11:33:25.0158 4208 Fax - ok

11:33:25.0170 4208 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

11:33:25.0197 4208 fdc - ok

11:33:25.0217 4208 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

11:33:25.0259 4208 fdPHost - ok

11:33:25.0273 4208 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

11:33:25.0323 4208 FDResPub - ok

11:33:25.0348 4208 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

11:33:25.0359 4208 FileInfo - ok

11:33:25.0374 4208 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

11:33:25.0409 4208 Filetrace - ok

11:33:25.0419 4208 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

11:33:25.0432 4208 flpydisk - ok

11:33:25.0497 4208 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

11:33:25.0513 4208 FltMgr - ok

11:33:25.0622 4208 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

11:33:25.0685 4208 FontCache - ok

11:33:25.0817 4208 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

11:33:25.0826 4208 FontCache3.0.0.0 - ok

11:33:25.0851 4208 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

11:33:25.0863 4208 FsDepends - ok

11:33:25.0890 4208 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys

11:33:25.0901 4208 Fs_Rec - ok

11:33:25.0965 4208 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

11:33:25.0994 4208 fvevol - ok

11:33:26.0022 4208 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

11:33:26.0038 4208 gagp30kx - ok

11:33:26.0041 4208 gdrv - ok

11:33:26.0120 4208 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

11:33:26.0182 4208 gpsvc - ok

11:33:26.0353 4208 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

11:33:26.0363 4208 gupdate - ok

11:33:26.0366 4208 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

11:33:26.0375 4208 gupdatem - ok

11:33:26.0388 4208 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

11:33:26.0422 4208 hcw85cir - ok

11:33:26.0484 4208 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

11:33:26.0505 4208 HdAudAddService - ok

11:33:26.0554 4208 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

11:33:26.0584 4208 HDAudBus - ok

11:33:26.0604 4208 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

11:33:26.0617 4208 HidBatt - ok

11:33:26.0638 4208 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

11:33:26.0663 4208 HidBth - ok

11:33:26.0688 4208 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

11:33:26.0700 4208 HidIr - ok

11:33:26.0740 4208 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll

11:33:26.0803 4208 hidserv - ok

11:33:26.0824 4208 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

11:33:26.0838 4208 HidUsb - ok

11:33:26.0935 4208 HiPatchService (8d1f00f4254c3ef428b715484940427c) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe

11:33:26.0957 4208 HiPatchService ( UnsignedFile.Multi.Generic ) - warning

11:33:26.0957 4208 HiPatchService - detected UnsignedFile.Multi.Generic (1)

11:33:26.0992 4208 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

11:33:27.0057 4208 hkmsvc - ok

11:33:27.0101 4208 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

11:33:27.0149 4208 HomeGroupListener - ok

11:33:27.0203 4208 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

11:33:27.0236 4208 HomeGroupProvider - ok

11:33:27.0290 4208 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

11:33:27.0306 4208 HpSAMD - ok

11:33:27.0397 4208 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

11:33:27.0452 4208 HTTP - ok

11:33:27.0485 4208 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

11:33:27.0492 4208 hwpolicy - ok

11:33:27.0537 4208 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

11:33:27.0547 4208 i8042prt - ok

11:33:27.0637 4208 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

11:33:27.0654 4208 iaStorV - ok

11:33:27.0824 4208 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

11:33:27.0859 4208 idsvc - ok

11:33:27.0907 4208 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

11:33:27.0918 4208 iirsp - ok

11:33:27.0989 4208 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

11:33:28.0055 4208 IKEEXT - ok

11:33:28.0227 4208 IntcAzAudAddService (135856ac71116ccff05ed8481745241b) C:\Windows\system32\drivers\RTKVHD64.sys

11:33:28.0286 4208 IntcAzAudAddService - ok

11:33:28.0471 4208 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

11:33:28.0484 4208 intelide - ok

11:33:28.0532 4208 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

11:33:28.0561 4208 intelppm - ok

11:33:28.0595 4208 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

11:33:28.0646 4208 IPBusEnum - ok

11:33:28.0680 4208 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

11:33:28.0723 4208 IpFilterDriver - ok

11:33:28.0807 4208 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll

11:33:28.0851 4208 iphlpsvc - ok

11:33:28.0883 4208 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

11:33:28.0894 4208 IPMIDRV - ok

11:33:28.0932 4208 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

11:33:28.0969 4208 IPNAT - ok

11:33:28.0996 4208 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

11:33:29.0049 4208 IRENUM - ok

11:33:29.0092 4208 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

11:33:29.0101 4208 isapnp - ok

11:33:29.0150 4208 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

11:33:29.0163 4208 iScsiPrt - ok

11:33:29.0227 4208 ivusb (bd5bf20ec242e003a2f570b8754a56d1) C:\Windows\system32\DRIVERS\ivusb.sys

11:33:29.0235 4208 ivusb - ok

11:33:29.0286 4208 JRAID (23ce9aae4e88b95484f616cc572391ac) C:\Windows\system32\DRIVERS\jraid.sys

11:33:29.0336 4208 JRAID ( UnsignedFile.Multi.Generic ) - warning

11:33:29.0336 4208 JRAID - detected UnsignedFile.Multi.Generic (1)

11:33:29.0382 4208 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

11:33:29.0392 4208 kbdclass - ok

11:33:29.0438 4208 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys

11:33:29.0459 4208 kbdhid - ok

11:33:29.0493 4208 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

11:33:29.0502 4208 KeyIso - ok

11:33:29.0543 4208 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys

11:33:29.0553 4208 KSecDD - ok

11:33:29.0573 4208 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys

11:33:29.0583 4208 KSecPkg - ok

11:33:29.0596 4208 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

11:33:29.0639 4208 ksthunk - ok

11:33:29.0701 4208 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

11:33:29.0767 4208 KtmRm - ok

11:33:29.0834 4208 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll

11:33:29.0902 4208 LanmanServer - ok

11:33:29.0945 4208 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

11:33:29.0990 4208 LanmanWorkstation - ok

11:33:30.0020 4208 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

11:33:30.0058 4208 lltdio - ok

11:33:30.0115 4208 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

11:33:30.0160 4208 lltdsvc - ok

11:33:30.0184 4208 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

11:33:30.0210 4208 lmhosts - ok

11:33:30.0235 4208 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

11:33:30.0244 4208 LSI_FC - ok

11:33:30.0267 4208 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

11:33:30.0276 4208 LSI_SAS - ok

11:33:30.0294 4208 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

11:33:30.0303 4208 LSI_SAS2 - ok

11:33:30.0324 4208 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

11:33:30.0333 4208 LSI_SCSI - ok

11:33:30.0356 4208 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

11:33:30.0400 4208 luafv - ok

11:33:30.0468 4208 mbamchameleon (08aa34bc5f95f4fdd58dd7528a9c63cc) C:\Windows\system32\drivers\mbamchameleon.sys

11:33:30.0484 4208 mbamchameleon - ok

11:33:30.0541 4208 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys

11:33:30.0553 4208 MBAMProtector - ok

11:33:30.0697 4208 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

11:33:30.0715 4208 MBAMService - ok

11:33:30.0755 4208 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

11:33:30.0778 4208 Mcx2Svc - ok

11:33:30.0798 4208 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

11:33:30.0807 4208 megasas - ok

11:33:30.0838 4208 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

11:33:30.0851 4208 MegaSR - ok

11:33:30.0992 4208 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

11:33:31.0028 4208 MMCSS - ok

11:33:31.0043 4208 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

11:33:31.0069 4208 Modem - ok

11:33:31.0088 4208 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

11:33:31.0118 4208 monitor - ok

11:33:31.0167 4208 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

11:33:31.0176 4208 mouclass - ok

11:33:31.0192 4208 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

11:33:31.0217 4208 mouhid - ok

11:33:31.0250 4208 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

11:33:31.0259 4208 mountmgr - ok

11:33:31.0333 4208 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

11:33:31.0342 4208 MozillaMaintenance - ok

11:33:31.0385 4208 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

11:33:31.0396 4208 mpio - ok

11:33:31.0415 4208 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

11:33:31.0441 4208 mpsdrv - ok

11:33:31.0526 4208 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll

11:33:31.0568 4208 MpsSvc - ok

11:33:31.0618 4208 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

11:33:31.0662 4208 MRxDAV - ok

11:33:31.0720 4208 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

11:33:31.0760 4208 mrxsmb - ok

11:33:31.0787 4208 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

11:33:31.0816 4208 mrxsmb10 - ok

11:33:31.0852 4208 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

11:33:31.0873 4208 mrxsmb20 - ok

11:33:31.0906 4208 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

11:33:31.0915 4208 msahci - ok

11:33:31.0956 4208 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

11:33:31.0984 4208 msdsm - ok

11:33:32.0020 4208 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

11:33:32.0050 4208 MSDTC - ok

11:33:32.0078 4208 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

11:33:32.0106 4208 Msfs - ok

11:33:32.0116 4208 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

11:33:32.0142 4208 mshidkmdf - ok

11:33:32.0183 4208 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

11:33:32.0203 4208 msisadrv - ok

11:33:32.0252 4208 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

11:33:32.0304 4208 MSiSCSI - ok

11:33:32.0306 4208 msiserver - ok

11:33:32.0334 4208 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

11:33:32.0360 4208 MSKSSRV - ok

11:33:32.0381 4208 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

11:33:32.0423 4208 MSPCLOCK - ok

11:33:32.0437 4208 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

11:33:32.0476 4208 MSPQM - ok

11:33:32.0518 4208 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

11:33:32.0531 4208 MsRPC - ok

11:33:32.0547 4208 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

11:33:32.0556 4208 mssmbios - ok

11:33:32.0559 4208 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

11:33:32.0599 4208 MSTEE - ok

11:33:32.0616 4208 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

11:33:32.0624 4208 MTConfig - ok

11:33:32.0639 4208 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

11:33:32.0647 4208 Mup - ok

11:33:32.0732 4208 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

11:33:32.0784 4208 napagent - ok

11:33:32.0825 4208 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

11:33:32.0864 4208 NativeWifiP - ok

11:33:32.0955 4208 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

11:33:32.0982 4208 NDIS - ok

11:33:33.0005 4208 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

11:33:33.0030 4208 NdisCap - ok

11:33:33.0060 4208 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

11:33:33.0099 4208 NdisTapi - ok

11:33:33.0132 4208 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

11:33:33.0175 4208 Ndisuio - ok

11:33:33.0218 4208 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

11:33:33.0265 4208 NdisWan - ok

11:33:33.0296 4208 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

11:33:33.0325 4208 NDProxy - ok

11:33:33.0336 4208 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

11:33:33.0371 4208 NetBIOS - ok

11:33:33.0420 4208 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

11:33:33.0465 4208 NetBT - ok

11:33:33.0502 4208 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

11:33:33.0510 4208 Netlogon - ok

11:33:33.0582 4208 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

11:33:33.0640 4208 Netman - ok

11:33:33.0809 4208 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

11:33:33.0824 4208 NetMsmqActivator - ok

11:33:33.0846 4208 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

11:33:33.0860 4208 NetPipeActivator - ok

11:33:33.0900 4208 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

11:33:33.0977 4208 netprofm - ok

11:33:33.0980 4208 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

11:33:33.0987 4208 NetTcpActivator - ok

11:33:33.0990 4208 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

11:33:33.0997 4208 NetTcpPortSharing - ok

11:33:34.0066 4208 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

11:33:34.0084 4208 nfrd960 - ok

11:33:34.0140 4208 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

11:33:34.0187 4208 NlaSvc - ok

11:33:34.0227 4208 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

11:33:34.0252 4208 Npfs - ok

11:33:34.0293 4208 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

11:33:34.0334 4208 nsi - ok

11:33:34.0348 4208 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

11:33:34.0385 4208 nsiproxy - ok

11:33:34.0519 4208 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

11:33:34.0561 4208 Ntfs - ok

11:33:34.0691 4208 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

11:33:34.0733 4208 Null - ok

11:33:34.0785 4208 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

11:33:34.0795 4208 nvraid - ok

11:33:34.0834 4208 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

11:33:34.0844 4208 nvstor - ok

11:33:34.0887 4208 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

11:33:34.0896 4208 nv_agp - ok

11:33:34.0935 4208 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

11:33:34.0963 4208 ohci1394 - ok

11:33:35.0069 4208 OpenVPNAccessClient (8c02b0cc65bee71124a565062ba77b39) C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe

11:33:35.0090 4208 OpenVPNAccessClient ( UnsignedFile.Multi.Generic ) - warning

11:33:35.0090 4208 OpenVPNAccessClient - detected UnsignedFile.Multi.Generic (1)

11:33:35.0149 4208 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

11:33:35.0168 4208 p2pimsvc - ok

11:33:35.0240 4208 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

11:33:35.0266 4208 p2psvc - ok

11:33:35.0286 4208 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

11:33:35.0303 4208 Parport - ok

11:33:35.0342 4208 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys

11:33:35.0355 4208 partmgr - ok

11:33:35.0374 4208 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

11:33:35.0411 4208 PcaSvc - ok

11:33:35.0462 4208 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

11:33:35.0477 4208 pci - ok

11:33:35.0519 4208 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

11:33:35.0531 4208 pciide - ok

11:33:35.0559 4208 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

11:33:35.0574 4208 pcmcia - ok

11:33:35.0588 4208 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

11:33:35.0599 4208 pcw - ok

11:33:35.0644 4208 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

11:33:35.0702 4208 PEAUTH - ok

11:33:35.0846 4208 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll

11:33:35.0912 4208 PeerDistSvc - ok

11:33:36.0004 4208 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

11:33:36.0039 4208 PerfHost - ok

11:33:36.0261 4208 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

11:33:36.0367 4208 pla - ok

11:33:36.0424 4208 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

11:33:36.0472 4208 PlugPlay - ok

11:33:36.0489 4208 PnkBstrA - ok

11:33:36.0530 4208 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

11:33:36.0561 4208 PNRPAutoReg - ok

11:33:36.0602 4208 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

11:33:36.0621 4208 PNRPsvc - ok

11:33:36.0688 4208 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

11:33:36.0725 4208 PolicyAgent - ok

11:33:36.0773 4208 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

11:33:36.0834 4208 Power - ok

11:33:36.0919 4208 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

11:33:36.0954 4208 PptpMiniport - ok

11:33:36.0990 4208 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

11:33:37.0009 4208 Processor - ok

11:33:37.0078 4208 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll

11:33:37.0127 4208 ProfSvc - ok

11:33:37.0159 4208 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

11:33:37.0173 4208 ProtectedStorage - ok

11:33:37.0223 4208 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

11:33:37.0271 4208 Psched - ok

11:33:37.0391 4208 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

11:33:37.0445 4208 ql2300 - ok

11:33:37.0560 4208 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

11:33:37.0570 4208 ql40xx - ok

11:33:37.0616 4208 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

11:33:37.0653 4208 QWAVE - ok

11:33:37.0670 4208 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

11:33:37.0707 4208 QWAVEdrv - ok

11:33:37.0723 4208 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

11:33:37.0780 4208 RasAcd - ok

11:33:37.0813 4208 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

11:33:37.0843 4208 RasAgileVpn - ok

11:33:37.0864 4208 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

11:33:37.0914 4208 RasAuto - ok

11:33:37.0955 4208 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

11:33:37.0985 4208 Rasl2tp - ok

11:33:38.0043 4208 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

11:33:38.0101 4208 RasMan - ok

11:33:38.0121 4208 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

11:33:38.0166 4208 RasPppoe - ok

11:33:38.0186 4208 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

11:33:38.0235 4208 RasSstp - ok

11:33:38.0287 4208 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

11:33:38.0331 4208 rdbss - ok

11:33:38.0345 4208 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

11:33:38.0372 4208 rdpbus - ok

11:33:38.0386 4208 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

11:33:38.0422 4208 RDPCDD - ok

11:33:38.0492 4208 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys

11:33:38.0512 4208 RDPDR - ok

11:33:38.0527 4208 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

11:33:38.0578 4208 RDPENCDD - ok

11:33:38.0638 4208 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

11:33:38.0676 4208 RDPREFMP - ok

11:33:38.0720 4208 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys

11:33:38.0761 4208 RDPWD - ok

11:33:38.0818 4208 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

11:33:38.0832 4208 rdyboost - ok

11:33:38.0882 4208 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

11:33:38.0946 4208 RemoteAccess - ok

11:33:39.0186 4208 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

11:33:39.0214 4208 RemoteRegistry - ok

11:33:39.0240 4208 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

11:33:39.0267 4208 RpcEptMapper - ok

11:33:39.0284 4208 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

11:33:39.0310 4208 RpcLocator - ok

11:33:39.0377 4208 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

11:33:39.0405 4208 RpcSs - ok

11:33:39.0441 4208 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

11:33:39.0471 4208 rspndr - ok

11:33:39.0527 4208 RTL8167 (e843fdfa8bdd37d271fcdb764c72d054) C:\Windows\system32\DRIVERS\Rt64win7.sys

11:33:39.0564 4208 RTL8167 - ok

11:33:39.0601 4208 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

11:33:39.0612 4208 SamSs - ok

11:33:39.0651 4208 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

11:33:39.0662 4208 sbp2port - ok

11:33:39.0689 4208 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

11:33:39.0740 4208 SCardSvr - ok

11:33:39.0772 4208 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

11:33:39.0814 4208 scfilter - ok

11:33:39.0908 4208 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

11:33:39.0972 4208 Schedule - ok

11:33:40.0011 4208 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

11:33:40.0036 4208 SCPolicySvc - ok

11:33:40.0116 4208 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

11:33:40.0179 4208 SDRSVC - ok

11:33:40.0253 4208 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

11:33:40.0279 4208 secdrv - ok

11:33:40.0326 4208 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

11:33:40.0352 4208 seclogon - ok

11:33:40.0381 4208 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll

11:33:40.0408 4208 SENS - ok

11:33:40.0451 4208 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

11:33:40.0465 4208 SensrSvc - ok

11:33:40.0480 4208 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

11:33:40.0507 4208 Serenum - ok

11:33:40.0537 4208 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

11:33:40.0550 4208 Serial - ok

11:33:40.0601 4208 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

11:33:40.0629 4208 sermouse - ok

11:33:40.0675 4208 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

11:33:40.0738 4208 SessionEnv - ok

11:33:40.0773 4208 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

11:33:40.0799 4208 sffdisk - ok

11:33:40.0811 4208 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

11:33:40.0846 4208 sffp_mmc - ok

11:33:40.0864 4208 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

11:33:40.0890 4208 sffp_sd - ok

11:33:40.0905 4208 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

11:33:40.0930 4208 sfloppy - ok

11:33:41.0002 4208 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

11:33:41.0080 4208 SharedAccess - ok

11:33:41.0138 4208 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

11:33:41.0238 4208 ShellHWDetection - ok

11:33:41.0282 4208 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

11:33:41.0291 4208 SiSRaid2 - ok

11:33:41.0305 4208 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

11:33:41.0314 4208 SiSRaid4 - ok

11:33:41.0421 4208 SkypeUpdate (579ba0a911ff5ea70cb604cd3b744b0a) C:\Program Files (x86)\Skype\Updater\Updater.exe

11:33:41.0436 4208 SkypeUpdate - ok

11:33:41.0483 4208 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

11:33:41.0545 4208 Smb - ok

11:33:41.0612 4208 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

11:33:41.0635 4208 SNMPTRAP - ok

11:33:41.0652 4208 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

11:33:41.0662 4208 spldr - ok

11:33:41.0737 4208 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

11:33:41.0783 4208 Spooler - ok

11:33:42.0057 4208 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

11:33:42.0140 4208 sppsvc - ok

11:33:42.0258 4208 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

11:33:42.0319 4208 sppuinotify - ok

11:33:42.0443 4208 sptd (a15860e920b02c9a7ce8f3a6c2ff1e3a) C:\Windows\System32\Drivers\sptd.sys

11:33:42.0470 4208 sptd - ok

11:33:42.0524 4208 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

11:33:42.0567 4208 srv - ok

11:33:42.0657 4208 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

11:33:42.0681 4208 srv2 - ok

11:33:42.0731 4208 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

11:33:42.0760 4208 srvnet - ok

11:33:42.0803 4208 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

11:33:42.0860 4208 SSDPSRV - ok

11:33:42.0878 4208 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

11:33:42.0904 4208 SstpSvc - ok

11:33:42.0963 4208 Steam Client Service - ok

11:33:42.0991 4208 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

11:33:42.0999 4208 stexstor - ok

11:33:43.0078 4208 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

11:33:43.0119 4208 stisvc - ok

11:33:43.0177 4208 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll

11:33:43.0220 4208 StorSvc - ok

11:33:43.0259 4208 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

11:33:43.0273 4208 swenum - ok

11:33:43.0319 4208 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

11:33:43.0388 4208 swprv - ok

11:33:43.0531 4208 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

11:33:43.0606 4208 SysMain - ok

11:33:43.0745 4208 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

11:33:43.0771 4208 TabletInputService - ok

11:33:43.0823 4208 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

11:33:43.0886 4208 TapiSrv - ok

11:33:43.0973 4208 tapoas (927d0cdb3f96efc1e98fb1a2c9fb67ad) C:\Windows\system32\DRIVERS\tapoas.sys

11:33:44.0016 4208 tapoas - ok

11:33:44.0066 4208 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

11:33:44.0113 4208 TBS - ok

11:33:44.0337 4208 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys

11:33:44.0395 4208 Tcpip - ok

11:33:44.0537 4208 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys

11:33:44.0563 4208 TCPIP6 - ok

11:33:44.0639 4208 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

11:33:44.0665 4208 tcpipreg - ok

11:33:44.0703 4208 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

11:33:44.0740 4208 TDPIPE - ok

11:33:44.0774 4208 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

11:33:44.0798 4208 TDTCP - ok

11:33:44.0861 4208 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

11:33:44.0894 4208 tdx - ok

11:33:44.0936 4208 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

11:33:44.0946 4208 TermDD - ok

11:33:45.0024 4208 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

11:33:45.0082 4208 TermService - ok

11:33:45.0098 4208 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

11:33:45.0122 4208 Themes - ok

11:33:45.0155 4208 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

11:33:45.0183 4208 THREADORDER - ok

11:33:45.0194 4208 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

11:33:45.0230 4208 TrkWks - ok

11:33:45.0279 4208 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

11:33:45.0316 4208 TrustedInstaller - ok

11:33:45.0345 4208 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

11:33:45.0384 4208 tssecsrv - ok

11:33:45.0448 4208 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

11:33:45.0493 4208 TsUsbFlt - ok

11:33:45.0544 4208 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

11:33:45.0595 4208 tunnel - ok

11:33:45.0626 4208 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

11:33:45.0635 4208 uagp35 - ok

11:33:45.0687 4208 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

11:33:45.0716 4208 udfs - ok

11:33:45.0758 4208 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

11:33:45.0770 4208 UI0Detect - ok

11:33:45.0813 4208 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

11:33:45.0822 4208 uliagpkx - ok

11:33:45.0865 4208 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys

11:33:45.0902 4208 umbus - ok

11:33:45.0949 4208 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

11:33:46.0074 4208 UmPass - ok

11:33:46.0156 4208 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll

11:33:46.0182 4208 UmRdpService - ok

11:33:46.0243 4208 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

11:33:46.0345 4208 upnphost - ok

11:33:46.0405 4208 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys

11:33:46.0431 4208 usbaudio - ok

11:33:46.0455 4208 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

11:33:46.0475 4208 usbccgp - ok

11:33:46.0508 4208 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

11:33:46.0523 4208 usbcir - ok

11:33:46.0569 4208 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys

11:33:46.0595 4208 usbehci - ok

11:33:46.0639 4208 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

11:33:46.0668 4208 usbhub - ok

11:33:46.0685 4208 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

11:33:46.0698 4208 usbohci - ok

11:33:46.0711 4208 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

11:33:46.0741 4208 usbprint - ok

11:33:46.0762 4208 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

11:33:46.0783 4208 USBSTOR - ok

11:33:46.0791 4208 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

11:33:46.0822 4208 usbuhci - ok

11:33:46.0855 4208 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

11:33:46.0906 4208 UxSms - ok

11:33:46.0951 4208 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

11:33:46.0969 4208 VaultSvc - ok

11:33:46.0992 4208 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

11:33:47.0007 4208 vdrvroot - ok

11:33:47.0077 4208 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

11:33:47.0128 4208 vds - ok

11:33:47.0140 4208 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

11:33:47.0151 4208 vga - ok

11:33:47.0168 4208 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

11:33:47.0207 4208 VgaSave - ok

11:33:47.0255 4208 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

11:33:47.0278 4208 vhdmp - ok

11:33:47.0312 4208 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

11:33:47.0327 4208 viaide - ok

11:33:47.0358 4208 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

11:33:47.0374 4208 volmgr - ok

11:33:47.0437 4208 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

11:33:47.0458 4208 volmgrx - ok

11:33:47.0516 4208 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

11:33:47.0535 4208 volsnap - ok

11:33:47.0570 4208 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

11:33:47.0580 4208 vsmraid - ok

11:33:47.0713 4208 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

11:33:47.0809 4208 VSS - ok

11:33:47.0961 4208 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys

11:33:47.0996 4208 vwifibus - ok

11:33:48.0054 4208 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

11:33:48.0108 4208 W32Time - ok

11:33:48.0125 4208 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

11:33:48.0136 4208 WacomPen - ok

11:33:48.0162 4208 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

11:33:48.0202 4208 WANARP - ok

11:33:48.0216 4208 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

11:33:48.0239 4208 Wanarpv6 - ok

11:33:48.0360 4208 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

11:33:48.0403 4208 WatAdminSvc - ok

11:33:48.0532 4208 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

11:33:48.0610 4208 wbengine - ok

11:33:48.0730 4208 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

11:33:48.0760 4208 WbioSrvc - ok

11:33:48.0827 4208 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

11:33:48.0862 4208 wcncsvc - ok

11:33:48.0876 4208 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

11:33:48.0895 4208 WcsPlugInService - ok

11:33:48.0978 4208 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

11:33:48.0995 4208 Wd - ok

11:33:49.0054 4208 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

11:33:49.0083 4208 Wdf01000 - ok

11:33:49.0099 4208 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

11:33:49.0161 4208 WdiServiceHost - ok

11:33:49.0164 4208 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

11:33:49.0181 4208 WdiSystemHost - ok

11:33:49.0419 4208 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

11:33:49.0461 4208 WebClient - ok

11:33:49.0493 4208 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

11:33:49.0531 4208 Wecsvc - ok

11:33:49.0549 4208 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

11:33:49.0594 4208 wercplsupport - ok

11:33:49.0622 4208 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

11:33:49.0649 4208 WerSvc - ok

11:33:49.0678 4208 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

11:33:49.0703 4208 WfpLwf - ok

11:33:49.0716 4208 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

11:33:49.0725 4208 WIMMount - ok

11:33:49.0780 4208 WinDefend - ok

11:33:49.0804 4208 WinHttpAutoProxySvc - ok

11:33:49.0902 4208 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

11:33:49.0939 4208 Winmgmt - ok

11:33:50.0108 4208 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

11:33:50.0187 4208 WinRM - ok

11:33:50.0442 4208 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

11:33:50.0497 4208 Wlansvc - ok

11:33:50.0786 4208 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

11:33:50.0847 4208 wlidsvc - ok

11:33:50.0956 4208 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

11:33:50.0989 4208 WmiAcpi - ok

11:33:51.0082 4208 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

11:33:51.0120 4208 wmiApSrv - ok

11:33:51.0186 4208 WMPNetworkSvc - ok

11:33:51.0230 4208 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

11:33:51.0257 4208 WPCSvc - ok

11:33:51.0298 4208 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

11:33:51.0332 4208 WPDBusEnum - ok

11:33:51.0364 4208 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

11:33:51.0416 4208 ws2ifsl - ok

11:33:51.0437 4208 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll

11:33:51.0468 4208 wscsvc - ok

11:33:51.0470 4208 WSearch - ok

11:33:51.0667 4208 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll

11:33:51.0727 4208 wuauserv - ok

11:33:51.0910 4208 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

11:33:51.0972 4208 WudfPf - ok

11:33:52.0014 4208 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

11:33:52.0049 4208 WUDFRd - ok

11:33:52.0081 4208 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

11:33:52.0107 4208 wudfsvc - ok

11:33:52.0128 4208 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

11:33:52.0159 4208 WwanSvc - ok

11:33:52.0318 4208 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

11:33:52.0345 4208 YahooAUService - ok

11:33:52.0364 4208 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

11:33:52.0413 4208 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected

11:33:52.0413 4208 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)

11:33:52.0469 4208 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

11:33:52.0469 4208 \Device\Harddisk0\DR0 - detected TDSS File System (1)

11:33:52.0473 4208 Boot (0x1200) (6198039ee81b761d1bac1fb5ba278087) \Device\Harddisk0\DR0\Partition0

11:33:52.0475 4208 \Device\Harddisk0\DR0\Partition0 - ok

11:33:52.0476 4208 ============================================================

11:33:52.0476 4208 Scan finished

11:33:52.0476 4208 ============================================================

11:33:52.0488 0648 Detected object count: 6

11:33:52.0488 0648 Actual detected object count: 6

11:34:26.0779 0648 DokanMounter ( UnsignedFile.Multi.Generic ) - skipped by user

11:34:26.0779 0648 DokanMounter ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:34:26.0779 0648 HiPatchService ( UnsignedFile.Multi.Generic ) - skipped by user

11:34:26.0779 0648 HiPatchService ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:34:26.0781 0648 JRAID ( UnsignedFile.Multi.Generic ) - skipped by user

11:34:26.0781 0648 JRAID ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:34:26.0782 0648 OpenVPNAccessClient ( UnsignedFile.Multi.Generic ) - skipped by user

11:34:26.0782 0648 OpenVPNAccessClient ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:34:27.0440 0648 \Device\Harddisk0\DR0\# - copied to quarantine

11:34:27.0440 0648 \Device\Harddisk0\DR0 - copied to quarantine

11:34:27.0474 0648 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine

11:34:27.0476 0648 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine

11:34:27.0501 0648 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine

11:34:27.0507 0648 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine

11:34:27.0519 0648 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine

11:34:27.0526 0648 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine

11:34:27.0527 0648 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine

11:34:27.0528 0648 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine

11:34:27.0530 0648 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine

11:34:27.0531 0648 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine

11:34:27.0533 0648 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine

11:34:27.0536 0648 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine

11:34:27.0537 0648 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine

11:34:27.0538 0648 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine

11:34:27.0541 0648 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot

11:34:27.0542 0648 \Device\Harddisk0\DR0 - ok

11:34:33.0126 0648 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure

11:34:33.0128 0648 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

11:34:33.0128 0648 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

11:35:25.0075 5456 Deinitialize success

MrCharlie · August 2, 2012

Run TDSSKiller again and just Delete this one Only!

11:34:33.0128 0648 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user
11:34:33.0128 0648 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

---------------------------------------

Then.........

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

JoeLangston · August 2, 2012

Here we go.

ComboFix 12-07-31.03 - Peter 08/02/2012 12:29:17.3.4 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8187.5983 [GMT -4:00]

Running from: c:\users\Peter\Desktop\ComboFix.exe

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

((((((((((((((((((((((((( Files Created from 2012-07-02 to 2012-08-02 )))))))))))))))))))))))))))))))

.

2012-08-02 16:40 . 2012-08-02 16:40 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-08-02 03:07 . 2012-08-02 03:08 -------- d-----w- C:\FRST

2012-08-01 21:02 . 2012-08-02 16:26 -------- d-----w- C:\TDSSKiller_Quarantine

2012-07-31 20:06 . 2012-07-31 20:06 -------- d-----w- c:\users\Peter\AppData\Local\Package Cache

2012-07-31 13:43 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AA33ED8E-0AB1-4307-A49B-4CF7BB523678}\mpengine.dll

2012-07-31 08:33 . 2012-07-31 08:33 5120 ----a-w- c:\programdata\Microsoft\Windows\DRM\B9D7.tmp

2012-07-27 04:05 . 2012-07-27 04:16 -------- d-----w- c:\program files (x86)\Stellar Impact

2012-07-26 15:48 . 2012-07-26 15:48 -------- d-----w- c:\programdata\Steam

2012-07-26 15:48 . 2012-07-26 16:53 -------- d-----w- c:\programdata\PopCap Games

2012-07-22 06:20 . 2012-07-22 06:20 -------- d-----w- c:\users\Peter\AppData\Local\Demiurge Studios

2012-07-21 04:20 . 2012-07-21 04:20 -------- d-----w- c:\programdata\Nexon

2012-07-11 07:06 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys

2012-07-11 02:25 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll

2012-07-07 16:59 . 2012-07-07 17:01 -------- d-----w- C:\New folder

2012-07-07 16:58 . 2012-07-07 16:58 -------- d-----w- C:\Testing

2012-07-07 02:43 . 2012-07-07 09:02 -------- d-----w- c:\users\Peter\OilRush

2012-07-04 19:08 . 2012-07-04 19:08 -------- d-----w- c:\windows\8A809006C25A4A3A9DAB94659BCDB107.TMP

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-11 07:02 . 2011-12-15 18:55 59701280 ----a-w- c:\windows\system32\MRT.exe

2012-07-03 17:46 . 2011-12-07 02:59 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-09 02:17 . 2011-12-18 20:14 281288 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

2012-06-09 02:17 . 2011-12-18 20:02 281288 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2012-06-02 22:19 . 2012-06-21 22:26 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-21 22:26 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:19 . 2012-06-21 22:26 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-21 22:26 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-21 22:26 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:15 . 2012-06-21 22:26 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:15 . 2012-06-21 22:26 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 19:19 . 2012-06-21 22:25 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 19:15 . 2012-06-21 22:25 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-05-31 16:25 . 2011-12-07 02:42 279656 ------w- c:\windows\system32\MpSigStub.exe

2012-05-31 16:08 . 2012-05-31 16:08 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin

2012-05-30 04:26 . 2011-12-18 20:02 281288 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0

2012-05-21 00:28 . 2011-12-23 05:34 560184 ----a-w- c:\windows\system32\drivers\sptd.sys

.

((((((((((((((((((((((((((((( SnapShot@2012-08-01_22.05.26 )))))))))))))))))))))))))))))))))))))))))

.

+ 2012-07-31 09:02 . 2012-08-01 23:17 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat

- 2012-07-31 09:02 . 2012-08-01 18:08 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat

+ 2012-07-31 08:43 . 2012-08-01 23:17 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat

- 2012-07-31 08:43 . 2012-08-01 18:08 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat

+ 2011-12-06 21:09 . 2012-08-02 16:43 26024 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-08-02 16:43 25522 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

- 2011-12-06 20:54 . 2012-07-31 06:14 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-12-06 20:54 . 2012-08-01 23:40 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-12-06 20:54 . 2012-08-01 23:40 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2011-12-06 20:54 . 2012-07-31 06:14 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-07-31 06:14 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2012-08-01 23:40 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-12-09 08:20 . 2012-08-01 22:35 3032 c:\windows\system32\wdi\ERCQueuedResolutions.dat

+ 2011-12-06 21:09 . 2012-08-02 16:43 9990 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1726822986-547998923-3148758179-1000_UserData.bin

- 2012-08-01 22:04 . 2012-08-01 22:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-08-02 16:41 . 2012-08-02 16:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-08-02 16:41 . 2012-08-02 16:41 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-08-01 22:04 . 2012-08-01 22:04 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-07-31 08:42 . 2012-08-01 23:17 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

- 2012-07-31 08:42 . 2012-08-01 18:08 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

+ 2009-07-14 04:54 . 2012-08-02 15:35 114688 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-12-09 08:20 . 2012-08-02 16:41 907784 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

- 2011-12-09 08:20 . 2012-08-01 20:28 907784 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2009-07-14 05:01 . 2012-08-02 16:41 276452 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 05:01 . 2012-08-01 22:03 276452 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2012-08-01 20:28 . 2012-08-01 22:03 398724 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat

+ 2012-08-01 20:28 . 2012-08-02 15:35 398724 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat

+ 2009-07-14 04:54 . 2012-08-02 15:35 3063808 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-08-01 22:05 3063808 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2012-08-02 15:35 6193152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-12-07 17:06 . 2012-08-02 16:41 18989772 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1726822986-547998923-3148758179-1000-8192.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{687578b9-7132-4a7a-80e4-30ee31099e03}]

2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\uTorrentControl2\prxtbuTor.dll

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]

2011-07-27 02:23 1493160 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-07-27 1493160]

"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files (x86)\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]

[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]

[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

.

[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="c:\program files (x86)\Steam\steam.exe" [2011-12-07 1242448]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]

"Sidebar"="c:\program files (x86)\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]

"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]

"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2011-07-27 397992]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-06 641664]

.

c:\users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

OpenVPN Client.lnk - c:\program files (x86)\OpenVPN Technologies\OpenVPN Client\core\uiboot.exe [2010-8-12 19968]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-17 136176]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-05-03 158856]

R3 DLINKVLANPT;D-Link Vlan Protocol Driver (NDIS 6.0);c:\windows\system32\DRIVERS\DLINKVlan60.sys [2010-11-24 24064]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-17 136176]

R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [2010-07-29 29720]

R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2012-04-13 33096]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-31 113120]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-12-07 1255736]

S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544]

S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-06-23 212232]

S2 DlinkNdPt60;D-Link NDIS Protocol Driver;c:\windows\system32\DRIVERS\DlinkNdPt60.sys [2010-11-24 27648]

S2 Dokan;Dokan;c:\windows\system32\drivers\dokan.sys [2011-01-10 120408]

S2 DokanMounter;DokanMounter;c:\program files (x86)\Dokan\DokanLibrary\mounter.exe [2011-01-10 14848]

S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-07-12 8704]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]

S2 OpenVPNAccessClient;OpenVPN Access Client;c:\program files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe [2010-08-12 24064]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-04-06 343040]

S3 AN983X64;Infineon AN983B PCI Fast Ethernet Adapter for Windows X64;c:\windows\system32\DRIVERS\AN983X64.sys [2005-05-19 48128]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]

S3 DLKRT64;D-Link DGE-530T Gigabit Ethernet Adapter Driver;c:\windows\system32\DRIVERS\DLKRT64.sys [2010-11-24 346144]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-07-10 233472]

S3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys [2010-08-03 30720]

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-17 21:09]

.

2012-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-17 21:09]

.

--------- X64 Entries -----------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-06-25 7883296]

"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-06-25 1833504]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\tzsdh8o0.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.search.selectedEngine - uTorrentControl2 Customized Web Search

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=

FF - prefs.js: network.proxy.ftp - falkenstein.tunnelr.com

FF - prefs.js: network.proxy.ftp_port - 53

FF - prefs.js: network.proxy.http - falkenstein.tunnelr.com

FF - prefs.js: network.proxy.http_port - 53

FF - prefs.js: network.proxy.socks - falkenstein.tunnelr.com

FF - prefs.js: network.proxy.socks_port - 53

FF - prefs.js: network.proxy.ssl - falkenstein.tunnelr.com

FF - prefs.js: network.proxy.ssl_port - 53

FF - prefs.js: network.proxy.type - 4

FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false

.

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-1726822986-547998923-3148758179-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-1726822986-547998923-3148758179-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\windows\SysWOW64\PnkBstrA.exe

c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

.

**************************************************************************

.

Completion time: 2012-08-02 12:48:00 - machine was rebooted

ComboFix-quarantined-files.txt 2012-08-02 16:48

ComboFix2.txt 2012-08-01 22:15

.

Pre-Run: 135,521,001,472 bytes free

Post-Run: 136,572,518,400 bytes free

.

- - End Of File - - 5F1622C19296EF10D97D96E39B897547

MrCharlie · August 2, 2012

Looks Good.....

Please Update and run a Quick Scan with MBAM, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

JoeLangston · August 2, 2012

I am not getting that message that my computer is being infected by that Trojan Horse now. Thank you for the assistance you have provided.

Malwarebytes Anti-Malware (PRO) 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.02.08

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Peter :: PETER-PC [administrator]

Protection: Enabled

8/2/2012 5:08:06 PM

mbam-log-2012-08-02 (17-08-06).txt

Scan type: Quick scan

Scan options disabled: P2P

Objects scanned: 195217

Time elapsed: 28 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

MrCharlie · August 2, 2012

Great

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall)

---------------------------------

Please download OTL from one of the links below: (you may already have OTL on the system)

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, etc....

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Maurice Naggar · August 3, 2012

Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you.

Infected with Trojan Host svchost.exe, trying to remove it

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information