Jump to content

Svchost.Exe Trojan.Agent help


Recommended Posts

Malwarebytes log. Yes this is the only virus I have, that's why I used quick scan to get the log.

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.02.07

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

The Bieb :: THEBIEB-PC [administrator]

8/2/2012 2:51:32 PM

mbam-log-2012-08-02 (15-19-21).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Objects scanned: 226582

Time elapsed: 6 minute(s), 54 second(s)

Memory Processes Detected: 1

C:\Windows\svchost.exe (Trojan.Agent) -> 2856 -> No action taken.

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\Windows\svchost.exe (Trojan.Agent)

(end)

DDS.txt

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1

Run by The Bieb at 15:28:00 on 2012-08-02

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4094.1855 [GMT -4:00]

.

AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

-netsvcs

C:\Windows\system32\conhost.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

E:\Steam\Steam.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Common Files\Steam\SteamService.exe

E:\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

C:\Windows\system32\wuauclt.exe

C:\Users\The Bieb\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\The Bieb\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\The Bieb\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\The Bieb\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\The Bieb\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\The Bieb\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\The Bieb\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Users\The Bieb\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\The Bieb\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\vssvc.exe

C:\Windows\System32\svchost.exe -k swprv

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>

mWinlogon: Userinit=userinit.exe,

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll"

uRun: [steam] "E:\Steam\steam.exe" -silent

uRun: [Google Update] "C:\Users\The Bieb\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [Facebook Update] "C:\Users\The Bieb\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"

mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GAMERS~1.LNK - C:\Program Files (x86)\GamersFirst\LIVE!\Live.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

dPolicies-explorer: HideSCAHealth = 1 (0x1)

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11

TCP: Interfaces\{C1B4E7C0-C862-40D8-AEEF-67BD9BCCA401} : DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll"

mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

mRun-x64: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"

mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\The Bieb\AppData\Roaming\Mozilla\Firefox\Profiles\h9et6b8x.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.wired.com/

FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\The Bieb\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll

FF - plugin: C:\Users\The Bieb\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: C:\Users\The Bieb\AppData\Local\Roblox\Versions\version-16f9ef27cfcc4bad\NPRobloxProxy.dll

FF - plugin: C:\Users\The Bieb\AppData\LocalLow\Sony Online Entertainment\npsoe.dll

FF - plugin: C:\Users\The Bieb\AppData\LocalLow\Sony Online Entertainment\npsoeact.dll

FF - plugin: C:\Users\The Bieb\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll

FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

============= SERVICES / DRIVERS ===============

.

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-7-4 361984]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2010-12-16 136360]

R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2010-12-16 269480]

R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]

R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]

R2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE [2012-2-10 193816]

R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]

R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]

R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]

R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]

R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]

R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]

R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]

S2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-3 160944]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-8 250056]

S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 113120]

S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-08-02 17:58:16 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll

2012-08-02 17:58:16 366592 ----a-w- C:\Windows\System32\qdvd.dll

2012-07-22 19:22:27 -------- d-----w- C:\.soulsplit

2012-07-22 02:56:33 -------- d-----w- C:\Users\The Bieb\AppData\Roaming\Sony Online Entertainment

2012-07-12 01:41:06 3130440 ----a-w- C:\Windows\SysWow64\pbsvc_blr.exe

2012-07-11 07:04:40 3148800 ----a-w- C:\Windows\System32\win32k.sys

2012-07-11 05:20:05 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll

2012-07-11 05:20:05 2048 ----a-w- C:\Windows\System32\msxml3r.dll

2012-07-11 05:20:05 2004480 ----a-w- C:\Windows\System32\msxml6.dll

2012-07-11 05:20:05 1881600 ----a-w- C:\Windows\System32\msxml3.dll

2012-07-11 05:20:05 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll

2012-07-11 05:20:05 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

2012-07-09 08:06:20 -------- d-----w- C:\Users\The Bieb\AppData\Local\Black_Tree_Gaming

2012-07-04 06:59:32 11922944 ----a-w- C:\Windows\System32\drivers\atikmdag.sys

2012-07-04 06:52:04 26016256 ----a-w- C:\Windows\System32\atio6axx.dll

2012-07-04 06:35:46 19586048 ----a-w- C:\Windows\SysWow64\atioglxx.dll

2012-07-04 06:27:18 159744 ----a-w- C:\Windows\System32\atiapfxx.exe

2012-07-04 06:21:40 514048 ----a-w- C:\Windows\System32\atieclxx.exe

2012-07-04 06:20:54 238080 ----a-w- C:\Windows\System32\atiesrxx.exe

2012-07-04 06:19:30 120320 ----a-w- C:\Windows\System32\atitmm64.dll

2012-07-04 06:19:16 21504 ----a-w- C:\Windows\System32\atimuixx.dll

2012-07-04 06:19:12 59392 ----a-w- C:\Windows\System32\atiedu64.dll

2012-07-04 06:19:06 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll

2012-07-04 05:36:34 1053696 ----a-w- C:\Windows\System32\atiumd6v.dll

2012-07-04 05:36:24 69632 ----a-w- C:\Windows\System32\coinst_8.97.100.3.dll

2012-07-04 05:36:14 1960960 ----a-w- C:\Windows\SysWow64\atiumdmv.dll

2012-07-04 05:11:42 56320 ----a-w- C:\Windows\System32\atimpc64.dll

2012-07-04 05:11:42 56320 ----a-w- C:\Windows\System32\amdpcom64.dll

2012-07-04 05:11:38 56832 ----a-w- C:\Windows\SysWow64\atimpc32.dll

2012-07-04 05:11:38 56832 ----a-w- C:\Windows\SysWow64\amdpcom32.dll

2012-07-04 05:11:30 364544 ----a-w- C:\Windows\SysWow64\atiadlxy.dll

2012-07-04 05:11:18 17920 ----a-w- C:\Windows\System32\atig6pxx.dll

2012-07-04 05:11:16 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll

2012-07-04 05:11:16 14848 ----a-w- C:\Windows\System32\atiglpxx.dll

2012-07-04 05:11:12 41984 ----a-w- C:\Windows\System32\atig6txx.dll

2012-07-04 05:11:04 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll

2012-07-04 05:10:56 359936 ----a-w- C:\Windows\System32\drivers\atikmpag.sys

2012-07-04 05:09:10 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll

2012-07-04 05:04:30 51200 ----a-w- C:\Windows\System32\aticalrt64.dll

2012-07-04 05:04:28 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll

2012-07-04 05:04:22 44544 ----a-w- C:\Windows\System32\aticalcl64.dll

2012-07-04 05:04:18 44544 ----a-w- C:\Windows\SysWow64\aticalcl.dll

2012-07-04 05:04:08 15827456 ----a-w- C:\Windows\System32\aticaldd64.dll

2012-07-04 04:59:40 13402112 ----a-w- C:\Windows\SysWow64\aticaldd.dll

.

==================== Find3M ====================

.

2012-07-27 17:53:06 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-27 17:53:06 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-07-22 20:35:18 281288 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr

2012-07-22 20:35:18 281288 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2012-07-21 21:57:24 281288 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0

2012-07-19 20:41:39 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe

2012-07-04 06:27:08 918528 ----a-w- C:\Windows\SysWow64\aticfx32.dll

2012-07-04 06:25:14 1081856 ----a-w- C:\Windows\System32\aticfx64.dll

2012-07-04 06:21:46 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll

2012-07-04 06:18:18 6811648 ----a-w- C:\Windows\SysWow64\atidxx32.dll

2012-07-04 05:57:18 7510528 ----a-w- C:\Windows\System32\atidxx64.dll

2012-07-04 05:35:42 4261376 ----a-w- C:\Windows\System32\atiumd6a.dll

2012-07-04 05:35:14 6245888 ----a-w- C:\Windows\SysWow64\atiumdag.dll

2012-07-04 05:28:52 4749312 ----a-w- C:\Windows\SysWow64\atiumdva.dll

2012-07-04 05:24:02 7477760 ----a-w- C:\Windows\System32\atiumd64.dll

2012-07-04 05:11:40 535552 ----a-w- C:\Windows\System32\atiadlxx.dll

2012-07-04 05:10:04 55296 ----a-w- C:\Windows\System32\atiuxp64.dll

2012-07-04 05:09:56 42496 ----a-w- C:\Windows\SysWow64\atiuxpag.dll

2012-07-04 05:09:50 45056 ----a-w- C:\Windows\System32\atiu9p64.dll

2012-07-04 05:09:42 32768 ----a-w- C:\Windows\SysWow64\atiu9pag.dll

2012-07-03 17:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-06-11 17:50:46 187392 ----a-w- C:\Windows\System32\clinfo.exe

2012-06-11 17:50:30 75264 ----a-w- C:\Windows\System32\OpenVideo64.dll

2012-06-11 17:50:24 65024 ----a-w- C:\Windows\SysWow64\OpenVideo.dll

2012-06-11 17:50:18 63488 ----a-w- C:\Windows\System32\OVDecode64.dll

2012-06-11 17:50:14 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll

2012-06-11 17:50:06 16457728 ----a-w- C:\Windows\System32\amdocl64.dll

2012-06-11 17:49:22 13008896 ----a-w- C:\Windows\SysWow64\amdocl.dll

2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll

2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll

2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll

2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys

2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll

2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll

2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

2012-05-04 23:29:22 772504 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2012-05-04 23:29:16 687504 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2011-05-15 12:36:14 44 ---h--w- C:\Program Files (x86)\d878e4e6.tmp

.

============= FINISH: 15:28:31.05 ===============

Attach.txt

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 12/16/2010 10:54:17 AM

System Uptime: 8/2/2012 2:18:17 PM (1 hours ago)

.

Motherboard: Gigabyte Technology Co., Ltd. | | GA-870A-UD3

Processor: AMD Athlon II X4 640 Processor | Socket M2 | 3000/200mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 98 GiB total, 19.362 GiB free.

D: is FIXED (NTFS) - 244 GiB total, 170.676 GiB free.

E: is FIXED (NTFS) - 254 GiB total, 112.104 GiB free.

F: is CDROM (CDFS)

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP396: 8/2/2012 3:00:16 AM - Windows Update

RP397: 8/2/2012 1:54:56 PM - Windows Update

RP398: 8/2/2012 1:56:17 PM - Windows Update

RP399: 8/2/2012 1:58:17 PM - Windows Update

RP400: 8/2/2012 2:03:59 PM - Windows Update

.

==== Installed Programs ======================

.

µTorrent

Adobe Flash Media Live Encoder 3.1

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Shockwave Player 11.5

Age of Empires Online

AMD VISION Engine Control Center

Amnesia - The Dark Descent

APB Reloaded

ATI Catalyst Registration

Avira AntiVir Personal - Free Antivirus

Battlefield Heroes

Battlefield Play4Free

Battlefield: Bad Company 2

BOSS

Camtasia Studio 7

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Company of Heroes

D3DX10

Dota 2

eSupport UndeletePlus 3.0.2.1214

Facebook Video Calling 1.2.0.159

Fallen Earth

Fraps (remove only)

GamersFirst LIVE!

Google Chrome

HP Button Manager

HP Webcam User's Guide

Java 3D 1.5.1

Java Auto Updater

Java 7 Update 5

JavaFX 2.1.1

Junk Mail filter update

League of Legends

Malwarebytes Anti-Malware version 1.62.0.1300

Mesh Runtime

Messenger Companion

Microsoft Games for Windows - LIVE Redistributable

Microsoft Games for Windows Marketplace

Microsoft Office Click-to-Run 2010

Microsoft Office Home and Business 2010 - English

Microsoft Office Outlook Connector

Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Mozilla Firefox 14.0.1 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSVCRT_amd64

NVIDIA PhysX

PFPortChecker 1.0.39

PingPlotter Standard 3.30.4s

Pirates of the Burning Sea

Pirates of the Burning Sea (English)

PowerISO

PunkBuster Services

Renesas Electronics USB 3.0 Host Controller Driver

ROBLOX Player for The Bieb

ROBLOX Studio for The Bieb

Rome - Total War - Gold Edition

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Skype Click to Call

Skype™ 5.10

Steam

Super Monday Night Combat

Team Fortress 2

Unity Web Player

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Warcraft III

Warcraft III: All Products

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Messenger Companion Core

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

WinRAR 4.00 beta 3 (32-bit)

WinUtilities Undelete 3.1

Wisdom-soft AutoScreenRecorder 3.1 Pro

World of Tanks v.0.7.4

World of Tanks v.0.7.4_CT

World of Warcraft

.

==== Event Viewer Messages From Past Week ========

.

8/2/2012 2:20:50 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

8/2/2012 2:19:11 PM, Error: Service Control Manager [7000] - The AODDriver4.1 service failed to start due to the following error: The system cannot find the file specified.

8/2/2012 2:18:49 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002cc4f6b, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 080212-28688-01.

8/2/2012 2:04:17 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Windows 7 for x64-based Systems (KB2679255).

8/2/2012 2:04:17 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB2709715).

8/2/2012 2:04:17 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB2676562).

7/31/2012 3:15:34 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002cc1f6b, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 073112-21777-01.

7/31/2012 3:12:47 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002c70f6b, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 073112-19890-01.

7/29/2012 12:39:47 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002ca6f6b, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 072912-20982-01.

7/29/2012 12:36:47 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002c5ef6b, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 072912-22526-01.

7/29/2012 1:15:58 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002f7fa9a, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 072912-17518-01.

7/27/2012 3:38:02 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002f82a9a, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 072712-20950-01.

7/26/2012 6:19:05 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002cb4f6b, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 072612-23868-01.

7/26/2012 4:51:00 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002cb3f6b, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 072612-20404-01.

7/26/2012 4:29:31 AM, Error: Service Control Manager [7034] - The BingBar Service service terminated unexpectedly. It has done this 1 time(s).

7/26/2012 3:44:50 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002c66f6b, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 072612-27502-01.

7/26/2012 3:31:20 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002cb0f6b, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 072612-18782-01.

7/26/2012 10:51:26 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002c67f6b, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 072612-18127-01.

7/26/2012 10:49:08 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002c63f6b, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 072612-18189-01.

7/26/2012 10:46:31 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002cbdf6b, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 072612-21606-01.

7/26/2012 10:42:38 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002caef6b, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 072612-23758-01.

7/26/2012 10:37:56 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff80002c68f6b, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 072612-20155-01.

.

==== End Of File ===========================

Link to post
Share on other sites

Welcome to the forum.

Before we proceed further, please uninstall or disable uTorrent and any other peer-to-peer filesharing app.

Continued use of filesharing or ill-advised downloads will surely re-infect your system.

Risks of File-Sharing Technology.

P2P file sharing: Know the risks

It's also against the forums policy:

http://forums.malwar...showtopic=97700

----------------------------------------

Then........

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

Link to post
Share on other sites

Was not even aware I had uTorrent, sorry.

RogueKiller V7.6.4 [07/17/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: The Bieb [Admin rights]

Mode: Scan -- Date: 08/02/2012 15:50:12

¤¤¤ Bad processes: 1 ¤¤¤

[sVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 3 ¤¤¤

[sUSP PATH] winupd.job @ : C:\Users\THEBIE~1\AppData\Local\Temp:winupd.exe -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD6400AAKS-65Z7B0 ATA Device +++++

--- User ---

[MBR] fdee1503f8904b42aee7ce5990b22354

[bSP] 982ac85ab51f079fd3bccd7101628d2e : Windows 7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 99899 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 204800000 | Size: 250000 Mo

3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 716800000 | Size: 260479 Mo

User = LL1 ... OK!

User != LL2 ... KO!

--- LL2 ---

[MBR] 1397fbe3ca2db2151e1f1efb05ed6e55

[bSP] 1381e8595a5d10c1376c609414dbf450 : PiHar MBR Code!

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 99899 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 204800000 | Size: 250000 Mo

3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 716800000 | Size: 260479 Mo

Finished : << RKreport[1].txt >>

RKreport[1].txt

Link to post
Share on other sites

Please make sure system restore is running and create a new restore point before continuing.

XP <===> Vista & W7

XP users > please back up the registry using ERUNT.

-----------------------------------------

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

tdss_1.jpg

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

tdss_2.jpg

------------------------

Click the Start Scan button.

tdss_3.jpg

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

tdss_4.jpg

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

tdss_5.jpg

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

Link to post
Share on other sites

TDSS log.

16:13:04.0622 2128 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32

16:13:04.0861 2128 ============================================================

16:13:04.0861 2128 Current date / time: 2012/08/02 16:13:04.0861

16:13:04.0861 2128 SystemInfo:

16:13:04.0861 2128

16:13:04.0861 2128 OS Version: 6.1.7601 ServicePack: 1.0

16:13:04.0861 2128 Product type: Workstation

16:13:04.0861 2128 ComputerName: THEBIEB-PC

16:13:04.0862 2128 UserName: The Bieb

16:13:04.0862 2128 Windows directory: C:\Windows

16:13:04.0862 2128 System windows directory: C:\Windows

16:13:04.0862 2128 Running under WOW64

16:13:04.0862 2128 Processor architecture: Intel x64

16:13:04.0862 2128 Number of processors: 4

16:13:04.0862 2128 Page size: 0x1000

16:13:04.0862 2128 Boot type: Normal boot

16:13:04.0862 2128 ============================================================

16:13:06.0102 2128 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x14301, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040

16:13:06.0105 2128 ============================================================

16:13:06.0105 2128 \Device\Harddisk0\DR0:

16:13:06.0109 2128 MBR partitions:

16:13:06.0109 2128 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

16:13:06.0109 2128 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xC31D800

16:13:06.0109 2128 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xC350000, BlocksNum 0x1E848000

16:13:06.0109 2128 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x2AB98000, BlocksNum 0x1FCBF800

16:13:06.0109 2128 ============================================================

16:13:06.0139 2128 C: <-> \Device\Harddisk0\DR0\Partition1

16:13:06.0176 2128 D: <-> \Device\Harddisk0\DR0\Partition2

16:13:06.0235 2128 E: <-> \Device\Harddisk0\DR0\Partition3

16:13:06.0235 2128 ============================================================

16:13:06.0235 2128 Initialize success

16:13:06.0235 2128 ============================================================

16:13:34.0140 3896 ============================================================

16:13:34.0140 3896 Scan started

16:13:34.0140 3896 Mode: Manual; SigCheck; TDLFS;

16:13:34.0140 3896 ============================================================

16:13:35.0260 3896 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

16:13:35.0353 3896 1394ohci - ok

16:13:35.0404 3896 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

16:13:35.0426 3896 ACPI - ok

16:13:35.0451 3896 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

16:13:35.0515 3896 AcpiPmi - ok

16:13:35.0647 3896 AdobeFlashPlayerUpdateSvc (6c40d5ed8951ab7b90d08af655224ee4) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

16:13:35.0657 3896 AdobeFlashPlayerUpdateSvc - ok

16:13:35.0709 3896 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

16:13:35.0730 3896 adp94xx - ok

16:13:35.0768 3896 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

16:13:35.0785 3896 adpahci - ok

16:13:35.0803 3896 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

16:13:35.0818 3896 adpu320 - ok

16:13:35.0856 3896 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

16:13:35.0956 3896 AeLookupSvc - ok

16:13:36.0050 3896 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

16:13:36.0100 3896 AFD - ok

16:13:36.0205 3896 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

16:13:36.0218 3896 agp440 - ok

16:13:36.0341 3896 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

16:13:36.0367 3896 ALG - ok

16:13:36.0380 3896 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

16:13:36.0391 3896 aliide - ok

16:13:36.0429 3896 AMD External Events Utility (e20dddfbd0dbe7d8ead4d7a51d654367) C:\Windows\system32\atiesrxx.exe

16:13:36.0477 3896 AMD External Events Utility - ok

16:13:36.0542 3896 AMD FUEL Service - ok

16:13:36.0553 3896 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

16:13:36.0564 3896 amdide - ok

16:13:36.0592 3896 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys

16:13:36.0603 3896 amdiox64 - ok

16:13:36.0649 3896 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

16:13:36.0693 3896 AmdK8 - ok

16:13:37.0406 3896 amdkmdag (4284fb1240537a33e6ec417efd87d40f) C:\Windows\system32\DRIVERS\atikmdag.sys

16:13:37.0624 3896 amdkmdag - ok

16:13:37.0792 3896 amdkmdap (6c25c497e05efd0cb6033a0444fc9b51) C:\Windows\system32\DRIVERS\atikmpag.sys

16:13:37.0831 3896 amdkmdap - ok

16:13:37.0864 3896 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

16:13:37.0892 3896 AmdPPM - ok

16:13:37.0940 3896 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

16:13:37.0953 3896 amdsata - ok

16:13:38.0006 3896 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

16:13:38.0021 3896 amdsbs - ok

16:13:38.0032 3896 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

16:13:38.0044 3896 amdxata - ok

16:13:38.0126 3896 AntiVirSchedulerService (b4837fe56d76b2e9ea90e5365cf6a2be) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

16:13:38.0148 3896 AntiVirSchedulerService - ok

16:13:38.0176 3896 AntiVirService (df5a3016052755c910a206058b4a1729) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

16:13:38.0185 3896 AntiVirService - ok

16:13:38.0257 3896 AODDriver4.01 (5b25d1a753cc3a3edb909bb759ac1098) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys

16:13:38.0265 3896 AODDriver4.01 - ok

16:13:38.0280 3896 AODDriver4.1 (5b25d1a753cc3a3edb909bb759ac1098) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys

16:13:38.0287 3896 AODDriver4.1 - ok

16:13:38.0324 3896 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

16:13:38.0371 3896 AppID - ok

16:13:38.0387 3896 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

16:13:38.0427 3896 AppIDSvc - ok

16:13:38.0471 3896 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

16:13:38.0526 3896 Appinfo - ok

16:13:38.0570 3896 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

16:13:38.0584 3896 arc - ok

16:13:38.0600 3896 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

16:13:38.0609 3896 arcsas - ok

16:13:38.0712 3896 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

16:13:38.0725 3896 aspnet_state - ok

16:13:38.0743 3896 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

16:13:38.0780 3896 AsyncMac - ok

16:13:38.0809 3896 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

16:13:38.0821 3896 atapi - ok

16:13:38.0872 3896 AtiHDAudioService (24464b908e143d2561e9e452fee97309) C:\Windows\system32\drivers\AtihdW76.sys

16:13:38.0884 3896 AtiHDAudioService - ok

16:13:39.0597 3896 atikmdag (4284fb1240537a33e6ec417efd87d40f) C:\Windows\system32\DRIVERS\atikmdag.sys

16:13:39.0701 3896 atikmdag - ok

16:13:39.0870 3896 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

16:13:39.0924 3896 AudioEndpointBuilder - ok

16:13:39.0929 3896 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

16:13:39.0960 3896 AudioSrv - ok

16:13:40.0005 3896 avgntflt (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys

16:13:40.0018 3896 avgntflt - ok

16:13:40.0049 3896 avipbb (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys

16:13:40.0062 3896 avipbb - ok

16:13:40.0110 3896 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

16:13:40.0187 3896 AxInstSV - ok

16:13:40.0254 3896 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

16:13:40.0295 3896 b06bdrv - ok

16:13:40.0344 3896 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

16:13:40.0367 3896 b57nd60a - ok

16:13:40.0482 3896 BBSvc (a2494901e7226b356b8c1005c45f1c5f) C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe

16:13:40.0493 3896 BBSvc - ok

16:13:40.0530 3896 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

16:13:40.0572 3896 BDESVC - ok

16:13:40.0580 3896 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

16:13:40.0628 3896 Beep - ok

16:13:40.0745 3896 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll

16:13:40.0794 3896 BFE - ok

16:13:40.0877 3896 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll

16:13:40.0943 3896 BITS - ok

16:13:40.0982 3896 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

16:13:41.0002 3896 blbdrive - ok

16:13:41.0047 3896 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

16:13:41.0078 3896 bowser - ok

16:13:41.0101 3896 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

16:13:41.0140 3896 BrFiltLo - ok

16:13:41.0154 3896 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

16:13:41.0182 3896 BrFiltUp - ok

16:13:41.0220 3896 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

16:13:41.0263 3896 Browser - ok

16:13:41.0293 3896 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

16:13:41.0352 3896 Brserid - ok

16:13:41.0420 3896 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

16:13:41.0455 3896 BrSerWdm - ok

16:13:41.0513 3896 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

16:13:41.0588 3896 BrUsbMdm - ok

16:13:41.0615 3896 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

16:13:41.0637 3896 BrUsbSer - ok

16:13:41.0656 3896 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

16:13:41.0678 3896 BTHMODEM - ok

16:13:41.0732 3896 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

16:13:41.0771 3896 bthserv - ok

16:13:41.0803 3896 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

16:13:41.0843 3896 cdfs - ok

16:13:41.0894 3896 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys

16:13:41.0909 3896 cdrom - ok

16:13:41.0946 3896 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

16:13:41.0983 3896 CertPropSvc - ok

16:13:41.0998 3896 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

16:13:42.0028 3896 circlass - ok

16:13:42.0065 3896 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

16:13:42.0084 3896 CLFS - ok

16:13:42.0146 3896 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

16:13:42.0160 3896 clr_optimization_v2.0.50727_32 - ok

16:13:42.0196 3896 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

16:13:42.0212 3896 clr_optimization_v2.0.50727_64 - ok

16:13:42.0273 3896 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

16:13:42.0290 3896 clr_optimization_v4.0.30319_32 - ok

16:13:42.0318 3896 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

16:13:42.0336 3896 clr_optimization_v4.0.30319_64 - ok

16:13:42.0373 3896 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

16:13:42.0391 3896 CmBatt - ok

16:13:42.0414 3896 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

16:13:42.0425 3896 cmdide - ok

16:13:42.0474 3896 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys

16:13:42.0504 3896 CNG - ok

16:13:42.0560 3896 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

16:13:42.0572 3896 Compbatt - ok

16:13:42.0616 3896 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

16:13:42.0640 3896 CompositeBus - ok

16:13:42.0649 3896 COMSysApp - ok

16:13:42.0662 3896 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

16:13:42.0671 3896 crcdisk - ok

16:13:42.0714 3896 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll

16:13:42.0767 3896 CryptSvc - ok

16:13:42.0912 3896 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

16:13:42.0929 3896 cvhsvc - ok

16:13:42.0985 3896 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

16:13:43.0027 3896 DcomLaunch - ok

16:13:43.0076 3896 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

16:13:43.0110 3896 defragsvc - ok

16:13:43.0172 3896 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

16:13:43.0221 3896 DfsC - ok

16:13:43.0277 3896 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

16:13:43.0337 3896 Dhcp - ok

16:13:43.0360 3896 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

16:13:43.0405 3896 discache - ok

16:13:43.0440 3896 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

16:13:43.0449 3896 Disk - ok

16:13:43.0482 3896 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

16:13:43.0530 3896 Dnscache - ok

16:13:43.0568 3896 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

16:13:43.0613 3896 dot3svc - ok

16:13:43.0641 3896 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

16:13:43.0682 3896 DPS - ok

16:13:43.0712 3896 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

16:13:43.0742 3896 drmkaud - ok

16:13:43.0834 3896 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

16:13:43.0865 3896 DXGKrnl - ok

16:13:43.0890 3896 EagleX64 - ok

16:13:43.0924 3896 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

16:13:43.0975 3896 EapHost - ok

16:13:44.0189 3896 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

16:13:44.0261 3896 ebdrv - ok

16:13:44.0387 3896 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

16:13:44.0428 3896 EFS - ok

16:13:44.0517 3896 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

16:13:44.0565 3896 ehRecvr - ok

16:13:44.0591 3896 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

16:13:44.0641 3896 ehSched - ok

16:13:44.0711 3896 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

16:13:44.0732 3896 elxstor - ok

16:13:44.0755 3896 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

16:13:44.0779 3896 ErrDev - ok

16:13:44.0836 3896 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

16:13:44.0878 3896 EventSystem - ok

16:13:44.0907 3896 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

16:13:44.0954 3896 exfat - ok

16:13:44.0983 3896 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

16:13:45.0027 3896 fastfat - ok

16:13:45.0099 3896 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

16:13:45.0154 3896 Fax - ok

16:13:45.0166 3896 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

16:13:45.0178 3896 fdc - ok

16:13:45.0185 3896 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

16:13:45.0231 3896 fdPHost - ok

16:13:45.0247 3896 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

16:13:45.0290 3896 FDResPub - ok

16:13:45.0307 3896 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

16:13:45.0316 3896 FileInfo - ok

16:13:45.0328 3896 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

16:13:45.0357 3896 Filetrace - ok

16:13:45.0368 3896 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

16:13:45.0391 3896 flpydisk - ok

16:13:45.0433 3896 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

16:13:45.0451 3896 FltMgr - ok

16:13:45.0545 3896 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

16:13:45.0605 3896 FontCache - ok

16:13:45.0662 3896 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

16:13:45.0670 3896 FontCache3.0.0.0 - ok

16:13:45.0704 3896 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

16:13:45.0716 3896 FsDepends - ok

16:13:45.0765 3896 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys

16:13:45.0776 3896 fssfltr - ok

16:13:45.0971 3896 fsssvc (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe

16:13:46.0050 3896 fsssvc - ok

16:13:46.0167 3896 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys

16:13:46.0179 3896 Fs_Rec - ok

16:13:46.0230 3896 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

16:13:46.0250 3896 fvevol - ok

16:13:46.0276 3896 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

16:13:46.0289 3896 gagp30kx - ok

16:13:46.0363 3896 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

16:13:46.0427 3896 gpsvc - ok

16:13:46.0473 3896 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys

16:13:46.0484 3896 hamachi - ok

16:13:46.0496 3896 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

16:13:46.0533 3896 hcw85cir - ok

16:13:46.0592 3896 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

16:13:46.0617 3896 HdAudAddService - ok

16:13:46.0703 3896 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

16:13:46.0731 3896 HDAudBus - ok

16:13:46.0748 3896 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

16:13:46.0773 3896 HidBatt - ok

16:13:46.0792 3896 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

16:13:46.0816 3896 HidBth - ok

16:13:46.0833 3896 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

16:13:46.0860 3896 HidIr - ok

16:13:46.0891 3896 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll

16:13:46.0935 3896 hidserv - ok

16:13:46.0957 3896 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

16:13:46.0984 3896 HidUsb - ok

16:13:47.0014 3896 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

16:13:47.0059 3896 hkmsvc - ok

16:13:47.0102 3896 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

16:13:47.0146 3896 HomeGroupListener - ok

16:13:47.0189 3896 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

16:13:47.0226 3896 HomeGroupProvider - ok

16:13:47.0264 3896 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

16:13:47.0273 3896 HpSAMD - ok

16:13:47.0353 3896 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

16:13:47.0407 3896 HTTP - ok

16:13:47.0433 3896 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

16:13:47.0444 3896 hwpolicy - ok

16:13:47.0478 3896 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

16:13:47.0493 3896 i8042prt - ok

16:13:47.0556 3896 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

16:13:47.0575 3896 iaStorV - ok

16:13:47.0686 3896 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

16:13:47.0728 3896 idsvc - ok

16:13:47.0839 3896 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

16:13:47.0851 3896 iirsp - ok

16:13:47.0938 3896 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

16:13:47.0999 3896 IKEEXT - ok

16:13:48.0024 3896 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

16:13:48.0035 3896 intelide - ok

16:13:48.0061 3896 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

16:13:48.0090 3896 intelppm - ok

16:13:48.0111 3896 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

16:13:48.0145 3896 IPBusEnum - ok

16:13:48.0181 3896 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

16:13:48.0219 3896 IpFilterDriver - ok

16:13:48.0253 3896 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

16:13:48.0281 3896 IPMIDRV - ok

16:13:48.0301 3896 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

16:13:48.0341 3896 IPNAT - ok

16:13:48.0361 3896 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

16:13:48.0421 3896 IRENUM - ok

16:13:48.0446 3896 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

16:13:48.0457 3896 isapnp - ok

16:13:48.0498 3896 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

16:13:48.0516 3896 iScsiPrt - ok

16:13:48.0542 3896 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

16:13:48.0555 3896 kbdclass - ok

16:13:48.0584 3896 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys

16:13:48.0609 3896 kbdhid - ok

16:13:48.0628 3896 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

16:13:48.0638 3896 KeyIso - ok

16:13:48.0666 3896 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys

16:13:48.0680 3896 KSecDD - ok

16:13:48.0721 3896 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys

16:13:48.0736 3896 KSecPkg - ok

16:13:48.0750 3896 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

16:13:48.0789 3896 ksthunk - ok

16:13:48.0840 3896 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

16:13:48.0883 3896 KtmRm - ok

16:13:48.0919 3896 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll

16:13:48.0963 3896 LanmanServer - ok

16:13:49.0009 3896 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

16:13:49.0041 3896 LanmanWorkstation - ok

16:13:49.0093 3896 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

16:13:49.0136 3896 lltdio - ok

16:13:49.0175 3896 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

16:13:49.0217 3896 lltdsvc - ok

16:13:49.0231 3896 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

16:13:49.0269 3896 lmhosts - ok

16:13:49.0302 3896 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

16:13:49.0315 3896 LSI_FC - ok

16:13:49.0331 3896 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

16:13:49.0345 3896 LSI_SAS - ok

16:13:49.0359 3896 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

16:13:49.0372 3896 LSI_SAS2 - ok

16:13:49.0386 3896 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

16:13:49.0400 3896 LSI_SCSI - ok

16:13:49.0415 3896 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

16:13:49.0453 3896 luafv - ok

16:13:49.0496 3896 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

16:13:49.0513 3896 Mcx2Svc - ok

16:13:49.0526 3896 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

16:13:49.0538 3896 megasas - ok

16:13:49.0566 3896 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

16:13:49.0583 3896 MegaSR - ok

16:13:49.0599 3896 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

16:13:49.0640 3896 MMCSS - ok

16:13:49.0644 3896 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

16:13:49.0676 3896 Modem - ok

16:13:49.0690 3896 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

16:13:49.0717 3896 monitor - ok

16:13:49.0741 3896 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

16:13:49.0754 3896 mouclass - ok

16:13:49.0761 3896 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

16:13:49.0781 3896 mouhid - ok

16:13:49.0818 3896 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

16:13:49.0831 3896 mountmgr - ok

16:13:49.0930 3896 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

16:13:49.0954 3896 MozillaMaintenance - ok

16:13:49.0988 3896 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

16:13:49.0998 3896 mpio - ok

16:13:50.0019 3896 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

16:13:50.0063 3896 mpsdrv - ok

16:13:50.0139 3896 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll

16:13:50.0190 3896 MpsSvc - ok

16:13:50.0227 3896 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

16:13:50.0245 3896 MRxDAV - ok

16:13:50.0279 3896 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

16:13:50.0303 3896 mrxsmb - ok

16:13:50.0347 3896 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

16:13:50.0377 3896 mrxsmb10 - ok

16:13:50.0395 3896 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

16:13:50.0422 3896 mrxsmb20 - ok

16:13:50.0448 3896 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

16:13:50.0460 3896 msahci - ok

16:13:50.0492 3896 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

16:13:50.0507 3896 msdsm - ok

16:13:50.0540 3896 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

16:13:50.0572 3896 MSDTC - ok

16:13:50.0598 3896 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

16:13:50.0635 3896 Msfs - ok

16:13:50.0661 3896 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

16:13:50.0702 3896 mshidkmdf - ok

16:13:50.0729 3896 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

16:13:50.0741 3896 msisadrv - ok

16:13:50.0773 3896 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

16:13:50.0825 3896 MSiSCSI - ok

16:13:50.0828 3896 msiserver - ok

16:13:50.0855 3896 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

16:13:50.0883 3896 MSKSSRV - ok

16:13:50.0888 3896 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

16:13:50.0922 3896 MSPCLOCK - ok

16:13:50.0937 3896 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

16:13:50.0977 3896 MSPQM - ok

16:13:51.0021 3896 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

16:13:51.0039 3896 MsRPC - ok

16:13:51.0054 3896 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

16:13:51.0063 3896 mssmbios - ok

16:13:51.0066 3896 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

16:13:51.0105 3896 MSTEE - ok

16:13:51.0109 3896 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

16:13:51.0126 3896 MTConfig - ok

16:13:51.0146 3896 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

16:13:51.0159 3896 Mup - ok

16:13:51.0211 3896 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

16:13:51.0242 3896 napagent - ok

16:13:51.0286 3896 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

16:13:51.0314 3896 NativeWifiP - ok

16:13:51.0412 3896 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

16:13:51.0445 3896 NDIS - ok

16:13:51.0459 3896 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

16:13:51.0495 3896 NdisCap - ok

16:13:51.0519 3896 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

16:13:51.0561 3896 NdisTapi - ok

16:13:51.0602 3896 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

16:13:51.0643 3896 Ndisuio - ok

16:13:51.0674 3896 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

16:13:51.0718 3896 NdisWan - ok

16:13:51.0750 3896 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

16:13:51.0778 3896 NDProxy - ok

16:13:51.0791 3896 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

16:13:51.0820 3896 NetBIOS - ok

16:13:51.0859 3896 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

16:13:51.0910 3896 NetBT - ok

16:13:51.0928 3896 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

16:13:51.0937 3896 Netlogon - ok

16:13:51.0981 3896 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

16:13:52.0034 3896 Netman - ok

16:13:52.0113 3896 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

16:13:52.0136 3896 NetMsmqActivator - ok

16:13:52.0145 3896 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

16:13:52.0154 3896 NetPipeActivator - ok

16:13:52.0186 3896 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

16:13:52.0238 3896 netprofm - ok

16:13:52.0242 3896 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

16:13:52.0250 3896 NetTcpActivator - ok

16:13:52.0253 3896 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

16:13:52.0261 3896 NetTcpPortSharing - ok

16:13:52.0305 3896 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

16:13:52.0318 3896 nfrd960 - ok

16:13:52.0372 3896 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

16:13:52.0422 3896 NlaSvc - ok

16:13:52.0437 3896 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

16:13:52.0477 3896 Npfs - ok

16:13:52.0492 3896 npggsvc - ok

16:13:52.0510 3896 NPPTNT2 - ok

16:13:52.0520 3896 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

16:13:52.0563 3896 nsi - ok

16:13:52.0578 3896 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

16:13:52.0620 3896 nsiproxy - ok

16:13:52.0749 3896 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

16:13:52.0788 3896 Ntfs - ok

16:13:52.0900 3896 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

16:13:52.0943 3896 Null - ok

16:13:52.0972 3896 nusb3hub (a7127e86f9ffe2a53e271b56b2c4cedf) C:\Windows\system32\DRIVERS\nusb3hub.sys

16:13:53.0005 3896 nusb3hub - ok

16:13:53.0035 3896 nusb3xhc (49bbec6f48d5f9284b03abf3a959b19b) C:\Windows\system32\DRIVERS\nusb3xhc.sys

16:13:53.0062 3896 nusb3xhc - ok

16:13:53.0104 3896 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

16:13:53.0118 3896 nvraid - ok

16:13:53.0135 3896 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

16:13:53.0149 3896 nvstor - ok

16:13:53.0179 3896 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

16:13:53.0193 3896 nv_agp - ok

16:13:53.0227 3896 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

16:13:53.0246 3896 ohci1394 - ok

16:13:53.0307 3896 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

16:13:53.0329 3896 ose - ok

16:13:53.0651 3896 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

16:13:53.0769 3896 osppsvc - ok

16:13:53.0916 3896 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

16:13:53.0949 3896 p2pimsvc - ok

16:13:53.0987 3896 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

16:13:54.0028 3896 p2psvc - ok

16:13:54.0066 3896 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

16:13:54.0094 3896 Parport - ok

16:13:54.0125 3896 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys

16:13:54.0138 3896 partmgr - ok

16:13:54.0157 3896 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

16:13:54.0197 3896 PcaSvc - ok

16:13:54.0229 3896 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

16:13:54.0247 3896 pci - ok

16:13:54.0259 3896 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

16:13:54.0271 3896 pciide - ok

16:13:54.0293 3896 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

16:13:54.0309 3896 pcmcia - ok

16:13:54.0318 3896 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

16:13:54.0330 3896 pcw - ok

16:13:54.0371 3896 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

16:13:54.0422 3896 PEAUTH - ok

16:13:54.0500 3896 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

16:13:54.0520 3896 PerfHost - ok

16:13:54.0689 3896 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

16:13:54.0758 3896 pla - ok

16:13:54.0889 3896 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

16:13:54.0914 3896 PlugPlay - ok

16:13:54.0941 3896 PnkBstrA - ok

16:13:54.0966 3896 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

16:13:54.0992 3896 PNRPAutoReg - ok

16:13:55.0024 3896 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

16:13:55.0036 3896 PNRPsvc - ok

16:13:55.0076 3896 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

16:13:55.0132 3896 PolicyAgent - ok

16:13:55.0178 3896 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

16:13:55.0207 3896 Power - ok

16:13:55.0263 3896 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

16:13:55.0302 3896 PptpMiniport - ok

16:13:55.0324 3896 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

16:13:55.0350 3896 Processor - ok

16:13:55.0387 3896 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll

16:13:55.0415 3896 ProfSvc - ok

16:13:55.0437 3896 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

16:13:55.0446 3896 ProtectedStorage - ok

16:13:55.0488 3896 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

16:13:55.0524 3896 Psched - ok

16:13:55.0630 3896 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

16:13:55.0677 3896 ql2300 - ok

16:13:55.0776 3896 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

16:13:55.0791 3896 ql40xx - ok

16:13:55.0824 3896 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

16:13:55.0849 3896 QWAVE - ok

16:13:55.0863 3896 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

16:13:55.0921 3896 QWAVEdrv - ok

16:13:55.0942 3896 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

16:13:55.0996 3896 RasAcd - ok

16:13:56.0071 3896 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

16:13:56.0111 3896 RasAgileVpn - ok

16:13:56.0195 3896 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

16:13:56.0228 3896 RasAuto - ok

16:13:56.0256 3896 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

16:13:56.0286 3896 Rasl2tp - ok

16:13:56.0342 3896 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

16:13:56.0395 3896 RasMan - ok

16:13:56.0418 3896 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

16:13:56.0460 3896 RasPppoe - ok

16:13:56.0477 3896 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

16:13:56.0514 3896 RasSstp - ok

16:13:56.0556 3896 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

16:13:56.0600 3896 rdbss - ok

16:13:56.0618 3896 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

16:13:56.0640 3896 rdpbus - ok

16:13:56.0652 3896 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

16:13:56.0690 3896 RDPCDD - ok

16:13:56.0713 3896 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

16:13:56.0741 3896 RDPENCDD - ok

16:13:56.0751 3896 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

16:13:56.0793 3896 RDPREFMP - ok

16:13:56.0828 3896 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys

16:13:56.0867 3896 RDPWD - ok

16:13:56.0916 3896 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

16:13:56.0933 3896 rdyboost - ok

16:13:56.0964 3896 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

16:13:57.0009 3896 RemoteAccess - ok

16:13:57.0042 3896 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

16:13:57.0093 3896 RemoteRegistry - ok

16:13:57.0139 3896 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

16:13:57.0181 3896 RpcEptMapper - ok

16:13:57.0206 3896 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

16:13:57.0231 3896 RpcLocator - ok

16:13:57.0286 3896 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

16:13:57.0316 3896 RpcSs - ok

16:13:57.0333 3896 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

16:13:57.0371 3896 rspndr - ok

16:13:57.0409 3896 RTL8167 (abcb5a38a0d85bdf69b7877e1ad1eed5) C:\Windows\system32\DRIVERS\Rt64win7.sys

16:13:57.0445 3896 RTL8167 - ok

16:13:57.0470 3896 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

16:13:57.0480 3896 SamSs - ok

16:13:57.0514 3896 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

16:13:57.0524 3896 sbp2port - ok

16:13:57.0581 3896 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

16:13:57.0626 3896 SCardSvr - ok

16:13:57.0668 3896 SCDEmu (6ce6f98ea3d07a9c2ce3cd0a5a86352d) C:\Windows\system32\drivers\SCDEmu.sys

16:13:57.0681 3896 SCDEmu - ok

16:13:57.0730 3896 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

16:13:57.0765 3896 scfilter - ok

16:13:57.0997 3896 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

16:13:58.0051 3896 Schedule - ok

16:13:58.0088 3896 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

16:13:58.0113 3896 SCPolicySvc - ok

16:13:58.0169 3896 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

16:13:58.0236 3896 SDRSVC - ok

16:13:58.0289 3896 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

16:13:58.0326 3896 secdrv - ok

16:13:58.0364 3896 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

16:13:58.0403 3896 seclogon - ok

16:13:58.0430 3896 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll

16:13:58.0484 3896 SENS - ok

16:13:58.0511 3896 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

16:13:58.0554 3896 SensrSvc - ok

16:13:58.0564 3896 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

16:13:58.0575 3896 Serenum - ok

16:13:58.0604 3896 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

16:13:58.0629 3896 Serial - ok

16:13:58.0655 3896 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

16:13:58.0667 3896 sermouse - ok

16:13:58.0700 3896 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

16:13:58.0754 3896 SessionEnv - ok

16:13:58.0777 3896 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

16:13:58.0801 3896 sffdisk - ok

16:13:58.0805 3896 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

16:13:58.0823 3896 sffp_mmc - ok

16:13:58.0827 3896 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

16:13:58.0840 3896 sffp_sd - ok

16:13:58.0856 3896 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

16:13:58.0867 3896 sfloppy - ok

16:13:58.0950 3896 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys

16:13:58.0974 3896 Sftfs - ok

16:13:59.0083 3896 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe

16:13:59.0096 3896 sftlist - ok

16:13:59.0197 3896 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys

16:13:59.0212 3896 Sftplay - ok

16:13:59.0223 3896 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys

16:13:59.0232 3896 Sftredir - ok

16:13:59.0243 3896 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys

16:13:59.0253 3896 Sftvol - ok

16:13:59.0273 3896 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe

16:13:59.0288 3896 sftvsa - ok

16:13:59.0338 3896 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

16:13:59.0388 3896 SharedAccess - ok

16:13:59.0430 3896 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

16:13:59.0478 3896 ShellHWDetection - ok

16:13:59.0499 3896 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

16:13:59.0512 3896 SiSRaid2 - ok

16:13:59.0524 3896 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

16:13:59.0537 3896 SiSRaid4 - ok

16:13:59.0626 3896 SkypeUpdate (ea396139541706b4b433641d62ea53ce) C:\Program Files (x86)\Skype\Updater\Updater.exe

16:13:59.0679 3896 SkypeUpdate - ok

16:13:59.0702 3896 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

16:13:59.0743 3896 Smb - ok

16:13:59.0775 3896 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

16:13:59.0800 3896 SNMPTRAP - ok

16:13:59.0818 3896 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

16:13:59.0830 3896 spldr - ok

16:13:59.0871 3896 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

16:13:59.0913 3896 Spooler - ok

16:14:00.0234 3896 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

16:14:00.0328 3896 sppsvc - ok

16:14:00.0735 3896 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

16:14:00.0776 3896 sppuinotify - ok

16:14:00.0879 3896 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

16:14:00.0914 3896 srv - ok

16:14:00.0947 3896 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

16:14:00.0978 3896 srv2 - ok

16:14:00.0999 3896 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

16:14:01.0014 3896 srvnet - ok

16:14:01.0046 3896 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

16:14:01.0142 3896 SSDPSRV - ok

16:14:01.0160 3896 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

16:14:01.0202 3896 SstpSvc - ok

16:14:01.0261 3896 Steam Client Service - ok

16:14:01.0285 3896 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

16:14:01.0297 3896 stexstor - ok

16:14:01.0598 3896 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

16:14:01.0625 3896 stisvc - ok

16:14:01.0648 3896 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

16:14:01.0656 3896 swenum - ok

16:14:01.0710 3896 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

16:14:01.0748 3896 swprv - ok

16:14:01.0874 3896 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

16:14:01.0936 3896 SysMain - ok

16:14:02.0058 3896 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

16:14:02.0090 3896 TabletInputService - ok

16:14:02.0131 3896 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

16:14:02.0189 3896 TapiSrv - ok

16:14:02.0202 3896 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

16:14:02.0230 3896 TBS - ok

16:14:02.0377 3896 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys

16:14:02.0420 3896 Tcpip - ok

16:14:02.0573 3896 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys

16:14:02.0603 3896 TCPIP6 - ok

16:14:02.0679 3896 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

16:14:02.0715 3896 tcpipreg - ok

16:14:02.0743 3896 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

16:14:02.0766 3896 TDPIPE - ok

16:14:02.0796 3896 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

16:14:02.0820 3896 TDTCP - ok

16:14:02.0855 3896 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

16:14:02.0899 3896 tdx - ok

16:14:02.0923 3896 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

16:14:02.0935 3896 TermDD - ok

16:14:03.0064 3896 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

16:14:03.0201 3896 TermService - ok

16:14:03.0225 3896 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

16:14:03.0252 3896 Themes - ok

16:14:03.0275 3896 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

16:14:03.0302 3896 THREADORDER - ok

16:14:03.0321 3896 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

16:14:03.0362 3896 TrkWks - ok

16:14:03.0410 3896 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

16:14:03.0451 3896 TrustedInstaller - ok

16:14:03.0476 3896 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

16:14:03.0501 3896 tssecsrv - ok

16:14:03.0536 3896 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

16:14:03.0573 3896 TsUsbFlt - ok

16:14:03.0605 3896 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

16:14:03.0644 3896 tunnel - ok

16:14:03.0660 3896 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

16:14:03.0673 3896 uagp35 - ok

16:14:03.0723 3896 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

16:14:03.0764 3896 udfs - ok

16:14:03.0773 3896 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

16:14:03.0794 3896 UI0Detect - ok

16:14:03.0826 3896 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

16:14:03.0839 3896 uliagpkx - ok

16:14:03.0870 3896 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys

16:14:03.0883 3896 umbus - ok

16:14:03.0893 3896 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

16:14:03.0918 3896 UmPass - ok

16:14:03.0951 3896 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

16:14:03.0986 3896 upnphost - ok

16:14:04.0029 3896 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys

16:14:04.0046 3896 usbaudio - ok

16:14:04.0059 3896 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

16:14:04.0098 3896 usbccgp - ok

16:14:04.0135 3896 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

16:14:04.0164 3896 usbcir - ok

16:14:04.0169 3896 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys

16:14:04.0184 3896 usbehci - ok

16:14:04.0217 3896 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

16:14:04.0228 3896 usbhub - ok

16:14:04.0241 3896 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys

16:14:04.0252 3896 usbohci - ok

16:14:04.0260 3896 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

16:14:04.0287 3896 usbprint - ok

16:14:04.0303 3896 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS

16:14:04.0338 3896 USBSTOR - ok

16:14:04.0344 3896 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

16:14:04.0356 3896 usbuhci - ok

16:14:04.0398 3896 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys

16:14:04.0428 3896 usbvideo - ok

16:14:04.0441 3896 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

16:14:04.0473 3896 UxSms - ok

16:14:04.0496 3896 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

16:14:04.0505 3896 VaultSvc - ok

16:14:04.0540 3896 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

16:14:04.0549 3896 vdrvroot - ok

16:14:04.0607 3896 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

16:14:04.0663 3896 vds - ok

16:14:04.0681 3896 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

16:14:04.0694 3896 vga - ok

16:14:04.0698 3896 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

16:14:04.0732 3896 VgaSave - ok

16:14:04.0770 3896 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

16:14:04.0787 3896 vhdmp - ok

16:14:04.0800 3896 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

16:14:04.0811 3896 viaide - ok

16:14:04.0843 3896 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

16:14:04.0856 3896 volmgr - ok

16:14:04.0904 3896 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

16:14:04.0923 3896 volmgrx - ok

16:14:04.0948 3896 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

16:14:04.0965 3896 volsnap - ok

16:14:04.0995 3896 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

16:14:05.0005 3896 vsmraid - ok

16:14:05.0125 3896 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

16:14:05.0190 3896 VSS - ok

16:14:05.0293 3896 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys

16:14:05.0306 3896 vwifibus - ok

16:14:05.0352 3896 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

16:14:05.0405 3896 W32Time - ok

16:14:05.0422 3896 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

16:14:05.0448 3896 WacomPen - ok

16:14:05.0494 3896 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

16:14:05.0538 3896 WANARP - ok

16:14:05.0550 3896 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

16:14:05.0575 3896 Wanarpv6 - ok

16:14:05.0673 3896 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

16:14:05.0735 3896 WatAdminSvc - ok

16:14:05.0856 3896 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

16:14:05.0937 3896 wbengine - ok

16:14:06.0087 3896 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

16:14:06.0111 3896 WbioSrvc - ok

16:14:06.0163 3896 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

16:14:06.0200 3896 wcncsvc - ok

16:14:06.0218 3896 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

16:14:06.0257 3896 WcsPlugInService - ok

16:14:06.0288 3896 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

16:14:06.0300 3896 Wd - ok

16:14:06.0345 3896 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

16:14:06.0369 3896 Wdf01000 - ok

16:14:06.0381 3896 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

16:14:06.0455 3896 WdiServiceHost - ok

16:14:06.0457 3896 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

16:14:06.0471 3896 WdiSystemHost - ok

16:14:06.0509 3896 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

16:14:06.0539 3896 WebClient - ok

16:14:06.0563 3896 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

16:14:06.0619 3896 Wecsvc - ok

16:14:06.0636 3896 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

16:14:06.0677 3896 wercplsupport - ok

16:14:06.0704 3896 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

16:14:06.0748 3896 WerSvc - ok

16:14:06.0769 3896 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

16:14:06.0809 3896 WfpLwf - ok

16:14:06.0822 3896 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

16:14:06.0833 3896 WIMMount - ok

16:14:06.0840 3896 WinHttpAutoProxySvc - ok

16:14:06.0902 3896 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

16:14:06.0948 3896 Winmgmt - ok

16:14:07.0099 3896 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

16:14:07.0182 3896 WinRM - ok

16:14:07.0350 3896 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

16:14:07.0395 3896 Wlansvc - ok

16:14:07.0476 3896 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

16:14:07.0488 3896 wlcrasvc - ok

16:14:08.0059 3896 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

16:14:08.0113 3896 wlidsvc - ok

16:14:08.0258 3896 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

16:14:08.0280 3896 WmiAcpi - ok

16:14:08.0328 3896 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

16:14:08.0357 3896 wmiApSrv - ok

16:14:08.0388 3896 WMPNetworkSvc - ok

16:14:08.0412 3896 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

16:14:08.0430 3896 WPCSvc - ok

16:14:08.0463 3896 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

16:14:08.0499 3896 WPDBusEnum - ok

16:14:08.0521 3896 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

16:14:08.0559 3896 ws2ifsl - ok

16:14:08.0586 3896 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll

16:14:08.0606 3896 wscsvc - ok

16:14:08.0608 3896 WSearch - ok

16:14:08.0774 3896 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll

16:14:08.0834 3896 wuauserv - ok

16:14:08.0953 3896 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

16:14:08.0991 3896 WudfPf - ok

16:14:09.0030 3896 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

16:14:09.0072 3896 WUDFRd - ok

16:14:09.0106 3896 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

16:14:09.0138 3896 wudfsvc - ok

16:14:09.0162 3896 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

16:14:09.0201 3896 WwanSvc - ok

16:14:09.0218 3896 MBR (0x1B8) (c0dcf0ac171db02db8b0014c5d767cf1) \Device\Harddisk0\DR0

16:14:09.0288 3896 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected

16:14:09.0288 3896 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)

16:14:09.0360 3896 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

16:14:09.0360 3896 \Device\Harddisk0\DR0 - detected TDSS File System (1)

16:14:09.0363 3896 Boot (0x1200) (fd7740d6c0df7930f090682a1b7b6712) \Device\Harddisk0\DR0\Partition0

16:14:09.0364 3896 \Device\Harddisk0\DR0\Partition0 - ok

16:14:09.0392 3896 Boot (0x1200) (b196c310b7ebb6e1075404ea9b79285e) \Device\Harddisk0\DR0\Partition1

16:14:09.0393 3896 \Device\Harddisk0\DR0\Partition1 - ok

16:14:09.0407 3896 Boot (0x1200) (ce1a1fa5105b8131c9b42a3abb9e2ad6) \Device\Harddisk0\DR0\Partition2

16:14:09.0408 3896 \Device\Harddisk0\DR0\Partition2 - ok

16:14:09.0432 3896 Boot (0x1200) (ce702bbcabee67e13d0e2cd19d9ac757) \Device\Harddisk0\DR0\Partition3

16:14:09.0434 3896 \Device\Harddisk0\DR0\Partition3 - ok

16:14:09.0434 3896 ============================================================

16:14:09.0434 3896 Scan finished

16:14:09.0434 3896 ============================================================

16:14:09.0444 4648 Detected object count: 2

16:14:09.0444 4648 Actual detected object count: 2

16:15:42.0452 4648 \Device\Harddisk0\DR0\# - copied to quarantine

16:15:42.0452 4648 \Device\Harddisk0\DR0 - copied to quarantine

16:15:42.0482 4648 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine

16:15:42.0483 4648 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine

16:15:42.0497 4648 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine

16:15:42.0499 4648 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine

16:15:42.0502 4648 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine

16:15:42.0514 4648 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine

16:15:42.0522 4648 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine

16:15:42.0532 4648 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine

16:15:42.0535 4648 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine

16:15:42.0538 4648 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine

16:15:42.0571 4648 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot

16:15:42.0572 4648 \Device\Harddisk0\DR0 - ok

16:15:48.0119 4648 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure

16:15:48.0120 4648 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

16:15:48.0120 4648 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

16:15:55.0189 4660 Deinitialize success

Link to post
Share on other sites

OK, run TDSSKiller again and just Delete this one Only:

16:15:48.0120 4648 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

16:15:48.0120 4648 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

--------------------------

Then............

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

ComboFix 12-07-31.03 - The Bieb 08/02/2012 16:39:24.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4094.2806 [GMT -4:00]

Running from: c:\users\The Bieb\Desktop\ComboFix.exe

AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}

SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\8310131b

c:\users\The Bieb\AppData\Roaming\Dyyno

c:\users\The Bieb\AppData\Roaming\Dyyno\dyyno.xml

c:\users\The Bieb\AppData\Roaming\Roaming

c:\windows\svchost.exe

c:\windows\SysWow64\SET909E.tmp

c:\windows\SysWow64\SET943C.tmp

c:\windows\SysWow64\SET94AB.tmp

c:\windows\SysWow64\SET98D7.tmp

.

.

((((((((((((((((((((((((( Files Created from 2012-07-02 to 2012-08-02 )))))))))))))))))))))))))))))))

.

.

2012-08-02 20:15 . 2012-08-02 20:33 -------- d-----w- C:\TDSSKiller_Quarantine

2012-08-02 17:58 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll

2012-08-02 17:58 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll

2012-07-22 19:22 . 2012-07-22 19:22 -------- d-----w- C:\.soulsplit

2012-07-22 03:04 . 2012-07-22 03:04 -------- d-----w- c:\users\Public\Sony Online Entertainment

2012-07-22 02:56 . 2012-07-22 02:56 -------- d-----w- c:\users\The Bieb\AppData\Roaming\Sony Online Entertainment

2012-07-12 19:16 . 2012-07-12 19:16 -------- d-----w- c:\programdata\ATI

2012-07-12 01:41 . 2012-07-12 01:38 3130440 ----a-w- c:\windows\SysWow64\pbsvc_blr.exe

2012-07-11 07:04 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys

2012-07-11 05:20 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll

2012-07-11 05:20 . 2012-06-06 06:06 1881600 ----a-w- c:\windows\system32\msxml3.dll

2012-07-11 05:20 . 2012-06-06 05:05 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll

2012-07-11 05:20 . 2012-06-06 05:05 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll

2012-07-11 05:20 . 2010-06-26 03:55 2048 ----a-w- c:\windows\system32\msxml3r.dll

2012-07-11 05:20 . 2010-06-26 03:24 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll

2012-07-11 05:20 . 2012-06-09 05:43 14172672 ----a-w- c:\windows\system32\shell32.dll

2012-07-09 08:06 . 2012-07-09 08:06 -------- d-----w- c:\users\The Bieb\AppData\Local\Black_Tree_Gaming

2012-07-04 06:59 . 2012-07-04 06:59 11922944 ----a-w- c:\windows\system32\drivers\atikmdag.sys

2012-07-04 06:52 . 2012-07-04 06:52 26016256 ----a-w- c:\windows\system32\atio6axx.dll

2012-07-04 06:35 . 2012-07-04 06:35 19586048 ----a-w- c:\windows\SysWow64\atioglxx.dll

2012-07-04 06:27 . 2012-07-04 06:27 159744 ----a-w- c:\windows\system32\atiapfxx.exe

2012-07-04 06:21 . 2012-07-04 06:21 514048 ----a-w- c:\windows\system32\atieclxx.exe

2012-07-04 06:20 . 2012-07-04 06:20 238080 ----a-w- c:\windows\system32\atiesrxx.exe

2012-07-04 06:19 . 2012-07-04 06:19 120320 ----a-w- c:\windows\system32\atitmm64.dll

2012-07-04 06:19 . 2012-07-04 06:19 21504 ----a-w- c:\windows\system32\atimuixx.dll

2012-07-04 06:19 . 2012-07-04 06:19 59392 ----a-w- c:\windows\system32\atiedu64.dll

2012-07-04 06:19 . 2012-07-04 06:19 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll

2012-07-04 05:36 . 2012-07-04 05:36 1053696 ----a-w- c:\windows\system32\atiumd6v.dll

2012-07-04 05:36 . 2012-07-04 05:36 69632 ----a-w- c:\windows\system32\coinst_8.97.100.3.dll

2012-07-04 05:36 . 2012-07-04 05:36 1960960 ----a-w- c:\windows\SysWow64\atiumdmv.dll

2012-07-04 05:11 . 2012-07-04 05:11 56320 ----a-w- c:\windows\system32\atimpc64.dll

2012-07-04 05:11 . 2012-07-04 05:11 56320 ----a-w- c:\windows\system32\amdpcom64.dll

2012-07-04 05:11 . 2012-07-04 05:11 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll

2012-07-04 05:11 . 2012-07-04 05:11 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll

2012-07-04 05:11 . 2012-07-04 05:11 364544 ----a-w- c:\windows\SysWow64\atiadlxy.dll

2012-07-04 05:11 . 2012-07-04 05:11 17920 ----a-w- c:\windows\system32\atig6pxx.dll

2012-07-04 05:11 . 2012-07-04 05:11 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll

2012-07-04 05:11 . 2012-07-04 05:11 14848 ----a-w- c:\windows\system32\atiglpxx.dll

2012-07-04 05:11 . 2012-07-04 05:11 41984 ----a-w- c:\windows\system32\atig6txx.dll

2012-07-04 05:11 . 2012-07-04 05:11 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll

2012-07-04 05:10 . 2012-07-04 05:10 359936 ----a-w- c:\windows\system32\drivers\atikmpag.sys

2012-07-04 05:09 . 2012-07-04 05:09 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll

2012-07-04 05:04 . 2012-07-04 05:04 51200 ----a-w- c:\windows\system32\aticalrt64.dll

2012-07-04 05:04 . 2012-07-04 05:04 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll

2012-07-04 05:04 . 2012-07-04 05:04 44544 ----a-w- c:\windows\system32\aticalcl64.dll

2012-07-04 05:04 . 2012-07-04 05:04 44544 ----a-w- c:\windows\SysWow64\aticalcl.dll

2012-07-04 05:04 . 2012-07-04 05:04 15827456 ----a-w- c:\windows\system32\aticaldd64.dll

2012-07-04 04:59 . 2012-07-04 04:59 13402112 ----a-w- c:\windows\SysWow64\aticaldd.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-27 17:53 . 2012-05-08 11:19 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-07-27 17:53 . 2011-06-09 01:15 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-22 20:35 . 2011-04-01 01:02 281288 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

2012-07-22 20:35 . 2011-03-31 22:32 281288 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2012-07-21 21:57 . 2011-03-31 22:32 281288 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0

2012-07-19 20:41 . 2011-03-31 22:32 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe

2012-07-11 07:01 . 2010-12-16 16:09 59701280 ----a-w- c:\windows\system32\MRT.exe

2012-07-04 06:27 . 2011-11-10 03:16 918528 ----a-w- c:\windows\SysWow64\aticfx32.dll

2012-07-04 06:25 . 2010-11-26 02:57 1081856 ----a-w- c:\windows\system32\aticfx64.dll

2012-07-04 06:21 . 2012-04-06 02:16 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll

2012-07-04 06:18 . 2011-11-10 03:06 6811648 ----a-w- c:\windows\SysWow64\atidxx32.dll

2012-07-04 05:57 . 2009-07-13 21:59 7510528 ----a-w- c:\windows\system32\atidxx64.dll

2012-07-04 05:35 . 2012-04-06 01:34 4261376 ----a-w- c:\windows\system32\atiumd6a.dll

2012-07-04 05:35 . 2012-04-06 01:34 6245888 ----a-w- c:\windows\SysWow64\atiumdag.dll

2012-07-04 05:28 . 2012-04-06 01:22 4749312 ----a-w- c:\windows\SysWow64\atiumdva.dll

2012-07-04 05:24 . 2012-04-06 01:23 7477760 ----a-w- c:\windows\system32\atiumd64.dll

2012-07-04 05:11 . 2012-04-06 01:11 535552 ----a-w- c:\windows\system32\atiadlxx.dll

2012-07-04 05:10 . 2010-11-26 02:16 55296 ----a-w- c:\windows\system32\atiuxp64.dll

2012-07-04 05:09 . 2011-11-10 02:11 42496 ----a-w- c:\windows\SysWow64\atiuxpag.dll

2012-07-04 05:09 . 2012-04-06 01:09 45056 ----a-w- c:\windows\system32\atiu9p64.dll

2012-07-04 05:09 . 2012-02-15 02:12 32768 ----a-w- c:\windows\SysWow64\atiu9pag.dll

2012-07-03 17:46 . 2012-01-01 09:11 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-11 17:50 . 2012-06-11 17:50 187392 ----a-w- c:\windows\system32\clinfo.exe

2012-06-11 17:50 . 2012-06-11 17:50 75264 ----a-w- c:\windows\system32\OpenVideo64.dll

2012-06-11 17:50 . 2012-06-11 17:50 65024 ----a-w- c:\windows\SysWow64\OpenVideo.dll

2012-06-11 17:50 . 2012-06-11 17:50 63488 ----a-w- c:\windows\system32\OVDecode64.dll

2012-06-11 17:50 . 2012-06-11 17:50 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll

2012-06-11 17:50 . 2012-06-11 17:50 16457728 ----a-w- c:\windows\system32\amdocl64.dll

2012-06-11 17:49 . 2012-06-11 17:49 13008896 ----a-w- c:\windows\SysWow64\amdocl.dll

2012-06-02 22:19 . 2012-06-24 20:43 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-24 20:43 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:19 . 2012-06-24 20:43 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-24 20:43 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-24 20:43 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:15 . 2012-06-24 20:43 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:15 . 2012-06-24 20:43 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 19:19 . 2012-06-24 20:43 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 19:15 . 2012-06-24 20:43 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-05-04 23:29 . 2012-06-19 16:22 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2012-05-04 23:29 . 2010-12-30 01:40 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll

2011-05-15 12:36 . 2011-05-17 00:36 44 ---h--w- c:\program files (x86)\d878e4e6.tmp

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="e:\steam\steam.exe" [2011-08-05 1242448]

"Facebook Update"="c:\users\The Bieb\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-11-30 281768]

"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-04 641704]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

GamersFirst LIVE!.lnk - c:\program files (x86)\GamersFirst\LIVE!\Live.exe [2012-6-22 2720408]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"HideSCAHealth"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-27 250056]

R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-27 113120]

R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-16 1255736]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-04 238080]

S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-07-04 361984]

S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-27 136360]

S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]

S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 193816]

S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-07-04 11922944]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-07-04 359936]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-11-19 80384]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-11-19 181248]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-02 187392]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]

S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-02 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-08 17:53]

.

2012-08-01 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1319617310-229737684-3782556919-1000Core.job

- c:\users\The Bieb\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-10 22:44]

.

2012-08-02 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1319617310-229737684-3782556919-1000UA.job

- c:\users\The Bieb\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-10 22:44]

.

2012-08-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1319617310-229737684-3782556919-1000Core.job

- c:\users\The Bieb\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-17 23:44]

.

2012-08-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1319617310-229737684-3782556919-1000UA.job

- c:\users\The Bieb\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-17 23:44]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = 127.0.0.1:9421;<local>

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11

FF - ProfilePath - c:\users\The Bieb\AppData\Roaming\Mozilla\Firefox\Profiles\h9et6b8x.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.wired.com/

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

.

- - - - ORPHANS REMOVED - - - -

.

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-1319617310-229737684-3782556919-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:ba,ea,67,50,ca,3d,a9,74,54,35,c9,4d,b7,2a,1c,79,68,d0,86,70,8f,15,ad,

01,b5,ab,76,83,f3,a9,b7,4b,9b,bb,53,d2,77,fb,f3,65,2d,0b,61,c7,b6,04,00,9b,\

"??"=hex:a9,ee,09,65,25,15,0a,dc,f1,d7,28,f7,5f,6c,61,9a

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\windows\SysWOW64\PnkBstrA.exe

.

**************************************************************************

.

Completion time: 2012-08-02 16:53:19 - machine was rebooted

ComboFix-quarantined-files.txt 2012-08-02 20:53

.

Pre-Run: 20,576,583,680 bytes free

Post-Run: 20,758,573,056 bytes free

.

- - End Of File - - 43599248AEB613505A882B93054FA276

Link to post
Share on other sites

Looks like it's gone. Thanks, I've been putting up with it for a few weeks and couldn't get rid of it.

Internet Explorer 9.0.8112.16421

The Bieb :: THEBIEB-PC [administrator]

8/2/2012 5:11:14 PM

mbam-log-2012-08-02 (17-11-14).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 214872

Time elapsed: 2 minute(s), 46 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)


Link to post
Share on other sites

Great thumbsup.gif

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall)

---------------------------------

Please download OTL from one of the links below: (you may already have OTL on the system)

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, etc....

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.