Windows cannot access the specified device and no connection to the internet

[kathfee]

Hello,

This morning I got infected with the Smart HDD virus and as I was using iexplore.exe to stop the infection along with roguekiller and combofix, it somehow stopped. I was able to run Malwarebytes which showed no further infections but I lost my internet connection and also, when I click on a folder or program liek control panel, it tells me 'Windows cannot access the specified device, path or file. You may not have the appropriate permissions to access the item.'

I will post the log files shortly.

[kathfee]

OK, I forgot that I now also have another error saying: Illegal operation attempted on a registry key that has been marked for deletion.

My OS is Win 7 with 64 bits.

[kathfee]

The last error resolved upon re-start. Here are the logs.

Rkill 2.0.3 by Lawrence Abrams (Grinler)

http://www.bleepingcomputer.com/

Copyright 2008-2012 BleepingComputer.com

More Information about Rkill can be found at this link:

http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/04/2012 02:01:12 PM in x64 mode.

Windows Version: Windows 7

Checking for Windows services to stop.

* No malware services found to stop.

Checking for processes to terminate.

* No malware processes found to kill.

Checking Registry for malware related settings.

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

* HKLM\Software\Classes\exefile\shell\open\command\\IsolatedCommand was changed. It was reset to "%1" %*!

* HKLM\Software\Classes\exefile\shell\runas\command\\IsolatedCommand was changed. It was reset to "%1" %*!

Performing miscellaneous checks.

* SMTMP folder detected. Your machine is or has been infected with the Fake.HDD rogue anti-spyware program. Please see this link for more information about this type of rogue: http://www.bleepingcomputer.com/forums/topic405109.html

Restarting Explorer.exe in order to apply changes.

Program finished at: 08/04/2012 02:01:23 PM

Execution time: 0 hours(s), 0 minute(s), and 11 seconds(s)

Rkill 2.0.3 by Lawrence Abrams (Grinler)

http://www.bleepingcomputer.com/

Copyright 2008-2012 BleepingComputer.com

More Information about Rkill can be found at this link:

http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/04/2012 02:38:54 PM in x64 mode.

Windows Version: Windows 7

Checking for Windows services to stop.

* No malware services found to stop.

Checking for processes to terminate.

* No malware processes found to kill.

Checking Registry for malware related settings.

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks.

* SMTMP folder detected. Your machine is or has been infected with the Fake.HDD rogue anti-spyware program. Please see this link for more information about this type of rogue: http://www.bleepingcomputer.com/forums/topic405109.html

Restarting Explorer.exe in order to apply changes.

Program finished at: 08/04/2012 02:39:05 PM

Execution time: 0 hours(s), 0 minute(s), and 11 seconds(s)

*********************************************************************************************************************************************************************

ComboFix 12-08-04.02 - Admin 08/04/2012 16:09:02.2.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8151.6268 [GMT -4:00]

Running from: c:\users\Admin\Desktop\ComboFix.exe

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((( Files Created from 2012-07-04 to 2012-08-04 )))))))))))))))))))))))))))))))

.

.

2012-08-04 20:17 . 2012-08-04 20:17 -------- d-----w- c:\users\Mcx1-FEE-PC\AppData\Local\temp

2012-08-04 20:17 . 2012-08-04 20:17 -------- d-----w- c:\users\Katharina\AppData\Local\temp

2012-08-04 20:17 . 2012-08-04 20:17 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-08-04 20:17 . 2012-08-04 20:17 -------- d-----w- c:\users\Administrator\AppData\Local\temp

2012-08-04 18:25 . 2012-08-04 18:25 -------- d-----w- c:\users\Admin\AppData\Roaming\SUPERAntiSpyware.com

2012-08-04 18:25 . 2012-08-04 18:25 -------- d-----w- c:\program files\SUPERAntiSpyware

2012-08-04 18:25 . 2012-08-04 18:25 -------- d-----w- c:\programdata\SUPERAntiSpyware.com

2012-08-02 01:32 . 2012-08-02 01:32 -------- d-----w- c:\users\Admin\AppData\Local\Deployment

2012-07-29 17:31 . 2012-07-29 17:31 -------- d-----w- c:\program files (x86)\ESET

2012-07-29 17:09 . 2012-07-29 17:09 -------- d-sh--w- c:\windows\system32\%APPDATA%

2012-07-28 11:08 . 2012-07-03 17:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-15 13:15 . 2012-07-15 13:15 -------- d-----w- c:\program files (x86)\Reveal

2012-07-15 13:15 . 2012-07-15 13:15 282756 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll

2012-07-15 13:15 . 2012-07-15 13:15 163972 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll

2012-07-15 13:15 . 2002-12-05 18:12 692224 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll

2012-07-15 13:15 . 2002-12-05 18:10 155648 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll

2012-07-15 13:15 . 2002-12-02 19:22 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe

2012-07-15 13:15 . 2002-12-02 17:33 57344 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll

2012-07-15 13:15 . 2002-12-02 17:33 237568 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll

2012-07-12 23:51 . 2012-07-12 23:51 70344 ---ha-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-12 23:51 . 2012-07-12 23:51 426184 ---ha-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-07-08 23:14 . 2012-07-08 23:14 -------- d-sh--w- c:\programdata\DSS

2012-07-08 23:11 . 2012-07-08 23:11 -------- d-----w- c:\programdata\ATI

2012-07-08 20:46 . 2012-07-08 20:46 -------- d-----w- c:\programdata\AMD

2012-07-08 20:46 . 2012-07-08 20:46 -------- d-----w- c:\program files (x86)\AMD AVT

2012-07-08 20:46 . 2012-07-08 20:46 -------- d-----w- c:\program files (x86)\AMD APP

2012-07-08 20:45 . 2012-07-08 20:45 -------- d-----w- c:\program files (x86)\ATI Technologies

2012-07-08 20:31 . 2012-07-08 20:31 19753984 ---ha-w- c:\windows\SysWow64\atioglxx.dll

2012-07-08 20:31 . 2012-07-08 20:31 6800896 ---ha-w- c:\windows\SysWow64\atidxx32.dll

2012-07-08 20:31 . 2012-07-08 20:31 236544 ----a-w- c:\windows\system32\atiesrxx.exe

2012-07-08 20:31 . 2012-07-08 20:31 33280 ---ha-w- c:\windows\SysWow64\atigktxx.dll

2012-07-08 20:29 . 2012-07-08 20:29 43520 ---ha-w- c:\windows\SysWow64\ati2edxx.dll

2012-07-06 15:54 . 2012-07-08 20:09 -------- d-----w- c:\users\Admin\AppData\Roaming\Vessel

2012-07-06 15:54 . 2010-06-02 08:55 77656 ----a-w- c:\windows\system32\XAPOFX1_5.dll

2012-07-06 15:54 . 2010-06-02 08:55 74072 ---ha-w- c:\windows\SysWow64\XAPOFX1_5.dll

2012-07-06 15:54 . 2010-06-02 08:55 527192 ---ha-w- c:\windows\SysWow64\XAudio2_7.dll

2012-07-06 15:54 . 2010-06-02 08:55 518488 ----a-w- c:\windows\system32\XAudio2_7.dll

2012-07-06 15:53 . 2010-06-02 08:55 239960 ---ha-w- c:\windows\SysWow64\xactengine3_7.dll

2012-07-06 15:53 . 2010-06-02 08:55 176984 ----a-w- c:\windows\system32\xactengine3_7.dll

2012-07-06 15:53 . 2010-05-26 15:41 2526056 ----a-w- c:\windows\system32\D3DCompiler_43.dll

2012-07-06 15:53 . 2010-05-26 15:41 2106216 ---ha-w- c:\windows\SysWow64\D3DCompiler_43.dll

2012-07-06 15:53 . 2010-05-26 15:41 1907552 ----a-w- c:\windows\system32\d3dcsx_43.dll

2012-07-06 15:53 . 2010-05-26 15:41 1868128 ---ha-w- c:\windows\SysWow64\d3dcsx_43.dll

2012-07-06 15:53 . 2010-05-26 15:41 511328 ----a-w- c:\windows\system32\d3dx10_43.dll

2012-07-06 15:53 . 2010-05-26 15:41 470880 ---ha-w- c:\windows\SysWow64\d3dx10_43.dll

2012-07-06 15:53 . 2010-05-26 15:41 276832 ----a-w- c:\windows\system32\d3dx11_43.dll

2012-07-06 15:53 . 2010-05-26 15:41 248672 ---ha-w- c:\windows\SysWow64\d3dx11_43.dll

2012-07-06 15:53 . 2010-05-26 15:41 1998168 ---ha-w- c:\windows\SysWow64\D3DX9_43.dll

2012-07-06 15:53 . 2010-05-26 15:41 2401112 ----a-w- c:\windows\system32\D3DX9_43.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-29 16:11 . 2009-07-13 23:19 328704 ----a-w- c:\windows\system32\services.exe

2012-07-08 20:31 . 2010-08-04 05:54 1067520 ----a-w- c:\windows\system32\aticfx64.dll

2012-07-08 20:31 . 2011-04-20 07:09 909312 ---ha-w- c:\windows\SysWow64\aticfx32.dll

2012-07-08 20:30 . 2010-01-07 02:05 7479296 ----a-w- c:\windows\system32\atidxx64.dll

2012-07-08 20:30 . 2010-08-04 05:15 54784 ----a-w- c:\windows\system32\atiuxp64.dll

2012-07-08 20:30 . 2011-04-20 06:21 32256 ---ha-w- c:\windows\SysWow64\atiu9pag.dll

2012-07-08 20:30 . 2011-04-20 06:38 6203392 ---ha-w- c:\windows\SysWow64\atiumdag.dll

2012-07-08 20:30 . 2010-08-04 05:23 64000 ----a-w- c:\windows\system32\coinst.dll

2012-07-08 20:30 . 2011-04-20 06:30 4795904 ---ha-w- c:\windows\SysWow64\atiumdva.dll

2012-06-11 01:25 . 2010-12-22 19:43 472808 ---ha-w- c:\windows\SysWow64\deployJava1.dll

2012-06-02 22:19 . 2012-06-22 12:57 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-22 12:58 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:19 . 2012-06-22 12:58 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-22 12:58 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-22 12:57 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:15 . 2012-06-22 12:58 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:15 . 2012-06-22 12:57 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 19:19 . 2012-06-22 12:57 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 19:15 . 2012-06-22 12:57 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-05-27 17:52 . 2012-05-27 17:53 447752 ---ha-w- c:\windows\SysWow64\vp6vfw.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-07-09 5661056]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]

"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" [2009-08-12 244480]

"WD Drive Manager"="c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2009-06-26 480768]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux9"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\S.A.D\CyberGhost VPN\CGVPNCliService.exe [2012-04-26 2438696]

R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2010-05-07 30304]

R3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;c:\windows\system32\DRIVERS\netr7364.sys [2011-10-05 729152]

R3 silabenm;CP210x USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\DRIVERS\silabenm.sys [2011-11-11 29576]

R3 silabser;CP210x USB to UART Bridge Driver;c:\windows\system32\DRIVERS\silabser.sys [2011-11-11 76680]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2011-05-10 51712]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-10-04 1255736]

R4 ABBYY.Licensing.PDFTransformer.Classic.3.0;ABBYY PDF Transformer 3.0 Licensing Service;c:\program files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe [2009-05-14 759048]

R4 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]

R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-08 236544]

R4 Greg_Service;GRegService;c:\program files (x86)\Gateway\Registration\GregHSRW.exe [2009-08-28 1150496]

R4 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-28 135664]

R4 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-28 135664]

R4 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]

R4 IHA_MessageCenter;IHA_MessageCenter;c:\program files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2010-10-13 98304]

R4 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 13672]

R4 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2010-03-17 517632]

R4 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-08-12 62208]

R4 Partner Service;Partner Service;c:\programdata\Partner\Partner.exe [2009-12-01 332272]

R4 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-08-19 450848]

R4 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]

R4 Updater Service;Updater Service;c:\program files\Gateway\Gateway Updater\UpdaterService.exe [2009-07-04 240160]

S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]

S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]

S2 DragonSvc;Dragon Service;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe [2010-07-29 296808]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]

S2 MSSQL$ACROSS;SQL Server (ACROSS);c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]

S2 NalServ;Nalpeiron Control Service;c:\windows\SysWOW64\nalserv.exe [2012-04-05 135168]

S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\SysWOW64\nlssrv32.exe [2011-11-11 66560]

S2 USBS3S4Detection;USBS3S4Detection;c:\oem\USBDECTION\USBS3S4Detection.exe [2009-12-09 76320]

S2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [2009-06-26 119296]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-07-08 11174400]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-07-08 343040]

S3 dfmirage;dfmirage;c:\windows\system32\DRIVERS\dfmirage.sys [2009-03-28 36432]

S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [2009-09-23 283824]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]

S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2011-08-19 351136]

S3 LVUVC64;Logitech QuickCam Pro 9000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2011-08-19 4869024]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]

.

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-28 17:25]

.

2012-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-09-28 17:25]

.

2012-08-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3580217062-1633249398-2100870281-1023Core.job

- c:\users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-02 01:32]

.

2012-08-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3580217062-1633249398-2100870281-1023UA.job

- c:\users\Admin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-02 01:32]

.

2012-08-04 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task bc5e3fb9-a87f-496c-a971-8b541982c004.job

- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]

.

2012-08-04 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task d07fcbb4-b35c-4df9-bae5-09af516ec17e.job

- c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]

2009-12-01 09:06 750064 ----a-w- c:\programdata\Partner\Partner64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-21 7981088]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = about:blank

mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4831&r=17360910p716p0485v195k45j1r44r

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

Trusted Zone: intuit.com\ttlc

Trusted Zone: trueformsonline.com\*

Trusted Zone: trueformsonline.com\www

TCP: DhcpNameServer = 192.168.1.1

DPF: vzTCPConfig - hxxp://my.verizon.com/micro/speedoptimizer/fios/vzTCPConfig.CAB

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Toolbar-Locked - (no file)

AddRemove-AnyDVD - j:\anydvd neu\AnyDVD\AnyDVD-uninst.exe

AddRemove-Audacity_is1 - j:\audacity\unins000.exe

AddRemove-MP Navigator EX 1.0 - c:\program files (x86)\Canon\MP Navigator EX 1.0\Maint.exe

AddRemove-Origin - j:\origin\OriginUninstall.exe

AddRemove-ShockwaveFlash - c:\windows\system32\Macromed\Flash\UninstFl.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

@Denied: (A 2) (Everyone)

@="IFlashBroker3"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe

.

**************************************************************************

.

Completion time: 2012-08-04 16:25:04 - machine was rebooted

ComboFix-quarantined-files.txt 2012-08-04 20:25

.

Pre-Run: 738,478,428,160 bytes free

Post-Run: 738,028,597,248 bytes free

.

- - End Of File - - 895883F16817A0B350E31863650E6AC1

[kathfee]

When I try to open the Network and Sharing Center, I get an Access is denied error. I am a little worried if this could be the Zero Acess rootkit because when I was trying to install MBAM, I could not at first and got also the 'Access is denied' error.

[kathfee]

Here are the DDS logs.

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_24

Run by Admin at 17:07:33 on 2012-08-04

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8151.6255 [GMT -4:00]

.

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe

c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

C:\Windows\SysWOW64\nalserv.exe

C:\Windows\SysWOW64\nlssrv32.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\OEM\USBDECTION\USBS3S4Detection.exe

C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe

C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\servicing\TrustedInstaller.exe

J:\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4831&r=17360910p716p0485v195k45j1r44r

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre1.6.0_24\bin\jp2ssv.dll

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

mRun: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k

mRun: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe

mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "c:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

Trusted Zone: intuit.com\ttlc

Trusted Zone: trueformsonline.com\*

Trusted Zone: trueformsonline.com\www

DPF: vzTCPConfig - hxxp://my.verizon.com/micro/speedoptimizer/fios/vzTCPConfig.CAB

DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://support.gateway.com/support/profiler/PCPitStop.CAB

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} - hxxp://support.gateway.com/support/serialharvest/gwCID.CAB

DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{26501AF0-4C71-416A-887F-9A6729C728BA} : DhcpNameServer = 192.168.1.1 71.243.0.12

TCP: Interfaces\{27447586-E3F7-4807-B5EB-206B10395362} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{27447586-E3F7-4807-B5EB-206B10395362}\8513330543 : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{470FC3EE-CF69-46D6-A228-7725B5EB87DF} : DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{7B975261-DC5C-4816-A2C1-2EB4910E852E} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{D1BEB319-6D62-40CD-BC89-7B785309BA4E} : DhcpNameServer = 192.168.1.1 71.243.0.12

Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files (x86)\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll

Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.6.0_24\bin\jp2ssv.dll

mRun-x64: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k

mRun-x64: [WD Drive Manager] C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe

mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "c:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

.

============= SERVICES / DRIVERS ===============

.

R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]

R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]

R2 DragonSvc;Dragon Service;C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe [2010-7-29 296808]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-8-4 655944]

R2 MSSQL$ACROSS;SQL Server (ACROSS);C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]

R2 NalServ;Nalpeiron Control Service;C:\Windows\SysWOW64\nalserv.exe [2012-4-5 135168]

R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\nlssrv32.exe [2011-11-11 66560]

R2 USBS3S4Detection;USBS3S4Detection;C:\OEM\USBDECTION\USBS3S4Detection.exe [2009-12-13 76320]

R2 WDBtnMgrSvc.exe;WD Drive Manager Service;C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [2009-6-26 119296]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 dfmirage;dfmirage;C:\Windows\system32\DRIVERS\dfmirage.sys --> C:\Windows\system32\DRIVERS\dfmirage.sys [?]

R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;C:\Windows\system32\DRIVERS\e1k62x64.sys --> C:\Windows\system32\DRIVERS\e1k62x64.sys [?]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]

R3 LVUVC64;Logitech QuickCam Pro 9000(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 CGVPNCliSrvc;CyberGhost VPN Client;C:\Program Files\S.A.D\CyberGhost VPN\CGVPNCliService.exe [2011-3-11 2438696]

S3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys --> C:\Windows\system32\DRIVERS\LVPr2M64.sys [?]

S3 netr7364;RT73 USB Extensible Wireless LAN Card Driver;C:\Windows\system32\DRIVERS\netr7364.sys --> C:\Windows\system32\DRIVERS\netr7364.sys [?]

S3 silabenm;CP210x USB to UART Bridge Serial Port Enumerator Driver;C:\Windows\system32\DRIVERS\silabenm.sys --> C:\Windows\system32\DRIVERS\silabenm.sys [?]

S3 silabser;CP210x USB to UART Bridge Driver;C:\Windows\system32\DRIVERS\silabser.sys --> C:\Windows\system32\DRIVERS\silabser.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 ABBYY.Licensing.PDFTransformer.Classic.3.0;ABBYY PDF Transformer 3.0 Licensing Service;C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe [2009-5-14 759048]

S4 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928]

S4 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

S4 Greg_Service;GRegService;C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe [2009-8-28 1150496]

S4 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-28 135664]

S4 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-9-28 135664]

S4 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-1-6 13336]

S4 IHA_MessageCenter;IHA_MessageCenter;C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2010-10-13 98304]

S4 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672]

S4 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2010-10-31 517632]

S4 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-8-12 62208]

S4 Partner Service;Partner Service;C:\ProgramData\Partner\Partner.exe [2009-12-1 332272]

S4 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [2011-8-19 450848]

S4 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-3-25 2314240]

S4 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2009-12-1 240160]

.

=============== Created Last 30 ================

.

2012-08-04 20:53:43 711240 ----a-w- C:\Windows\isRS-000.tmp

2012-08-04 20:19:44 -------- d-sh--w- C:\$RECYCLE.BIN

2012-08-04 20:05:28 98816 ----a-w- C:\Windows\sed.exe

2012-08-04 20:05:28 518144 ----a-w- C:\Windows\SWREG.exe

2012-08-04 20:05:28 256000 ----a-w- C:\Windows\PEV.exe

2012-08-04 20:05:28 208896 ----a-w- C:\Windows\MBR.exe

2012-08-04 18:25:56 -------- d-----w- C:\Users\Admin\AppData\Roaming\SUPERAntiSpyware.com

2012-08-04 18:25:44 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com

2012-08-04 18:25:44 -------- d-----w- C:\Program Files\SUPERAntiSpyware

2012-08-02 01:32:35 -------- d-----w- C:\Users\Admin\AppData\Local\Deployment

2012-07-29 17:31:21 -------- d-----w- C:\Program Files (x86)\ESET

2012-07-29 17:09:56 -------- d-sh--w- C:\Windows\System32\%APPDATA%

2012-07-28 11:08:27 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-07-15 13:15:32 -------- d-----w- C:\Program Files (x86)\Reveal

2012-07-15 13:15:13 692224 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll

2012-07-15 13:15:13 57344 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll

2012-07-15 13:15:13 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe

2012-07-15 13:15:13 282756 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll

2012-07-15 13:15:13 237568 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll

2012-07-15 13:15:13 163972 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll

2012-07-15 13:15:13 155648 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll

2012-07-12 23:51:04 70344 ---ha-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-12 23:51:04 426184 ---ha-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-07-08 23:14:02 -------- d-sh--w- C:\ProgramData\DSS

2012-07-08 20:46:11 -------- d-----w- C:\ProgramData\AMD

2012-07-08 20:46:10 -------- d-----w- C:\Program Files (x86)\AMD AVT

2012-07-08 20:46:07 -------- d-----w- C:\Program Files (x86)\AMD APP

2012-07-08 20:45:55 -------- d-----w- C:\Program Files (x86)\ATI Technologies

2012-07-08 20:31:07 6800896 ---ha-w- C:\Windows\SysWow64\atidxx32.dll

2012-07-08 20:31:07 19753984 ---ha-w- C:\Windows\SysWow64\atioglxx.dll

2012-07-08 20:31:01 236544 ----a-w- C:\Windows\System32\atiesrxx.exe

2012-07-08 20:31:00 33280 ---ha-w- C:\Windows\SysWow64\atigktxx.dll

2012-07-08 20:29:58 7431680 ----a-w- C:\Windows\System32\atiumd64.dll

2012-07-08 20:29:58 43520 ---ha-w- C:\Windows\SysWow64\ati2edxx.dll

2012-07-06 15:54:36 -------- d-----w- C:\Users\Admin\AppData\Roaming\Vessel

2012-07-06 15:54:00 77656 ----a-w- C:\Windows\System32\XAPOFX1_5.dll

2012-07-06 15:54:00 74072 ---ha-w- C:\Windows\SysWow64\XAPOFX1_5.dll

2012-07-06 15:54:00 527192 ---ha-w- C:\Windows\SysWow64\XAudio2_7.dll

2012-07-06 15:54:00 518488 ----a-w- C:\Windows\System32\XAudio2_7.dll

2012-07-06 15:53:59 239960 ---ha-w- C:\Windows\SysWow64\xactengine3_7.dll

2012-07-06 15:53:59 176984 ----a-w- C:\Windows\System32\xactengine3_7.dll

2012-07-06 15:53:58 2526056 ----a-w- C:\Windows\System32\D3DCompiler_43.dll

2012-07-06 15:53:58 2106216 ---ha-w- C:\Windows\SysWow64\D3DCompiler_43.dll

2012-07-06 15:53:58 1907552 ----a-w- C:\Windows\System32\d3dcsx_43.dll

2012-07-06 15:53:58 1868128 ---ha-w- C:\Windows\SysWow64\d3dcsx_43.dll

2012-07-06 15:53:57 511328 ----a-w- C:\Windows\System32\d3dx10_43.dll

2012-07-06 15:53:57 470880 ---ha-w- C:\Windows\SysWow64\d3dx10_43.dll

2012-07-06 15:53:57 276832 ----a-w- C:\Windows\System32\d3dx11_43.dll

2012-07-06 15:53:57 248672 ---ha-w- C:\Windows\SysWow64\d3dx11_43.dll

2012-07-06 15:53:57 2401112 ----a-w- C:\Windows\System32\D3DX9_43.dll

2012-07-06 15:53:57 1998168 ---ha-w- C:\Windows\SysWow64\D3DX9_43.dll

.

==================== Find3M ====================

.

2012-07-29 16:11:54 328704 ----a-w- C:\Windows\System32\services.exe

2012-07-08 20:31:07 1067520 ----a-w- C:\Windows\System32\aticfx64.dll

2012-07-08 20:31:06 909312 ---ha-w- C:\Windows\SysWow64\aticfx32.dll

2012-07-08 20:31:05 13764096 ---ha-w- C:\Windows\SysWow64\aticaldd.dll

2012-06-11 01:25:20 472808 ---ha-w- C:\Windows\SysWow64\deployJava1.dll

2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-05-27 17:52:06 447752 ---ha-w- C:\Windows\SysWow64\vp6vfw.dll

.

============= FINISH: 17:11:50.86 ===============

Attach.txt

Edited August 9, 2012 by Maurice Naggar

[kathfee]

I was able to log in to the internet after using iexplore.exe.

Here is the short MBAM log:

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.04.09

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 8.0.7601.17514

Admin :: FEE-PC [administrator]

8/4/2012 6:19:35 PM

mbam-log-2012-08-04 (18-19-35).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 282419

Time elapsed: 6 minute(s), 41 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

[Maurice Naggar]

Hello kathfee,

You are supposed to stop and wait for a authorized helper to make a 1st reply to you ....after the 1st post by you.

What you had done made your post "appear" to have been under active help.

STOP getting and running tools on your own ! Form here on out, only do what I guide you to.

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

To show all files:

• Go to your Desktop
  
• Double-Click the Computer icon.
  
• From the menu options, Select Tools, then Folder Options.
  
• Next click the View tab.
  
• Locate and uncheck Hide file extensions for known file types.
  
• Locate and uncheck Hide protected operating system files (Recommended).
  
• Locate and click Show hidden files and folders and drives.
  
• Click Apply > OK.
  

Step 3

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Download aswMBR.exe ( 511KB ) to your desktop.

On Windows 7 or Vista, RIGHT click on aswMBR.exe and select Run As Administrator to start.

On Windows XP, double click the exe to start.

change the a-v scan to None.

uncheck trace disk IO calls

Click the "Scan" button to start scan

On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply

Step 4

Please read carefully and follow these steps.

• Delete the prior copies of TDSSKILLER.zip & TDSSKILLER.exe that you may have.
  
• Download TDSSKiller and save it to your Desktop.
  
• If on Windows 7 or Vista, RIGHT-Click on TDSSKiller.exe and select Run As Administrator to run the application.
  If on Windows XP, double-click to start.
  
• Click on "Change parameters" and place a checkmark next to Verify Driver Digital Signature and Detect TDLFS file system, then click OK
  
• Then press Start Scan
  

When the scan is done, it will display a summary screen.

• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  
• If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  

Step 5

• Download & SAVE to your Desktop >> Tigzy's RogueKillerfrom here << or
  >> from here <<
  
• Quit all programs that you may have started.
  
• Please disconnect any USB or external drives from the computer before you run this scan!
  
• For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
  For Windows XP, double-click to start.
  
• Wait until Prescan has finished ...
  
• Then Click on Scan button at upper right of screen.
  
• Wait until the Status box shows "Scan Finished"
  
• Click on Report and copy/paste the content of the Notepad into your next reply.
  
• The log should be found in RKreport[1].txt on your Desktop
  
• Exit/Close RogueKiller
  

Step 6

RE-Enable your antivirus program.

Then copy/paste the following into your post (in order):

• the contents of aswMBR report;
  
• the contents of TDSSKILLER log;
  
• the contents of RKReport log;
  

Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

[kathfee]

Hi Maurice, thanks for your reply. Much appreciated. Before we start, I would like to point out that I had posted about my problems on a different forum and I was told to use Combofix which I did seven days ago, before posting here. It did not help with the problems and may even have caused some. I just wanted to let u know before we start here. Shall I go ahead and run the tools to send u the logs?

[Maurice Naggar]

Using more than one help forum is very ill-advised. That would cause problems and confusion, not to mention wasted efforts.

If you have an open help-forum thread elsewhere, stick with that one and I'll close this.

[kathfee]

There is no other open thread elsewhere. I would like to proceed here. Here are the logs.

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-08-05 17:20:56

-----------------------------

17:20:56.185 OS Version: Windows x64 6.1.7601 Service Pack 1

17:20:56.185 Number of processors: 4 586 0x1E05

17:20:56.185 ComputerName: FEE-PC UserName: Admin

17:20:58.615 Initialize success

17:21:48.969 AVAST engine defs: 12080501

17:21:59.479 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

17:21:59.480 Disk 0 Vendor: WDC_WD10 01.0 Size: 953869MB BusType: 3

17:21:59.500 Disk 0 MBR read successfully

17:21:59.503 Disk 0 MBR scan

17:21:59.508 Disk 0 Windows 7 default MBR code

17:21:59.513 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 17408 MB offset 2048

17:21:59.533 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 35653632

17:21:59.547 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 936359 MB offset 35858432

17:21:59.563 Disk 0 scanning C:\Windows\system32\drivers

17:22:10.896 Service scanning

17:22:37.836 Modules scanning

17:22:37.841 Disk 0 trace - called modules:

17:22:37.867 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll

17:22:38.192 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007de7060]

17:22:38.199 3 CLASSPNP.SYS[fffff88001b6e43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007af5050]

17:22:43.513 AVAST engine scan C:\Windows

17:22:48.457 AVAST engine scan C:\Windows\system32

17:26:35.775 AVAST engine scan C:\Windows\system32\drivers

17:26:49.374 AVAST engine scan C:\Users\Admin

17:31:36.824 AVAST engine scan C:\ProgramData

17:36:37.637 Scan finished successfully

17:39:14.379 Disk 0 MBR has been saved successfully to "C:\Users\Admin\Desktop\MBR.dat"

17:39:14.382 The log file has been saved successfully to "C:\Users\Admin\Desktop\aswMBR.txt"

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-08-12 07:49:20

-----------------------------

07:49:20.770 OS Version: Windows x64 6.1.7601 Service Pack 1

07:49:20.770 Number of processors: 4 586 0x1E05

07:49:20.770 ComputerName: FEE-PC UserName: Admin

07:49:21.987 Initialize success

07:50:39.941 AVAST engine defs: 12081200

07:50:51.422 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

07:50:51.422 Disk 0 Vendor: WDC_WD10 01.0 Size: 953869MB BusType: 3

07:50:51.438 Disk 0 MBR read successfully

07:50:51.438 Disk 0 MBR scan

07:50:51.438 Disk 0 Windows 7 default MBR code

07:50:51.454 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 17408 MB offset 2048

07:50:51.454 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 35653632

07:50:51.469 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 936359 MB offset 35858432

07:50:51.485 Disk 0 scanning C:\Windows\system32\drivers

07:50:59.862 Service scanning

07:51:22.997 Modules scanning

07:51:22.997 Scan finished successfully

07:51:33.277 Disk 0 MBR has been saved successfully to "C:\Users\Admin\Desktop\MBR.dat"

07:51:33.293 The log file has been saved successfully to "C:\Users\Admin\Desktop\aswMBR.txt"

[kathfee]

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-08-12 07:49:20

-----------------------------

07:49:20.770 OS Version: Windows x64 6.1.7601 Service Pack 1

07:49:20.770 Number of processors: 4 586 0x1E05

07:49:20.770 ComputerName: FEE-PC UserName: Admin

07:49:21.987 Initialize success

07:50:39.941 AVAST engine defs: 12081200

07:50:51.422 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

07:50:51.422 Disk 0 Vendor: WDC_WD10 01.0 Size: 953869MB BusType: 3

07:50:51.438 Disk 0 MBR read successfully

07:50:51.438 Disk 0 MBR scan

07:50:51.438 Disk 0 Windows 7 default MBR code

07:50:51.454 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 17408 MB offset 2048

07:50:51.454 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 35653632

07:50:51.469 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 936359 MB offset 35858432

07:50:51.485 Disk 0 scanning C:\Windows\system32\drivers

07:50:59.862 Service scanning

07:51:22.997 Modules scanning

07:51:22.997 Scan finished successfully

07:51:33.277 Disk 0 MBR has been saved successfully to "C:\Users\Admin\Desktop\MBR.dat"

07:51:33.293 The log file has been saved successfully to "C:\Users\Admin\Desktop\aswMBR.txt"

07:53:31.0362 0904 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32

07:53:31.0767 0904 ============================================================

07:53:31.0767 0904 Current date / time: 2012/08/12 07:53:31.0767

07:53:31.0767 0904 SystemInfo:

07:53:31.0767 0904

07:53:31.0767 0904 OS Version: 6.1.7601 ServicePack: 1.0

07:53:31.0767 0904 Product type: Workstation

07:53:31.0767 0904 ComputerName: FEE-PC

07:53:31.0767 0904 UserName: Admin

07:53:31.0767 0904 Windows directory: C:\Windows

07:53:31.0767 0904 System windows directory: C:\Windows

07:53:31.0767 0904 Running under WOW64

07:53:31.0767 0904 Processor architecture: Intel x64

07:53:31.0767 0904 Number of processors: 4

07:53:31.0767 0904 Page size: 0x1000

07:53:31.0767 0904 Boot type: Normal boot

07:53:31.0767 0904 ============================================================

07:53:32.0064 0904 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

07:53:32.0095 0904 ============================================================

07:53:32.0095 0904 \Device\Harddisk0\DR0:

07:53:32.0095 0904 MBR partitions:

07:53:32.0095 0904 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2200800, BlocksNum 0x32000

07:53:32.0095 0904 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2232800, BlocksNum 0x724D3800

07:53:32.0095 0904 ============================================================

07:53:32.0126 0904 C: <-> \Device\Harddisk0\DR0\Partition1

07:53:32.0126 0904 ============================================================

07:53:32.0126 0904 Initialize success

07:53:32.0126 0904 ============================================================

07:53:38.0897 2216 ============================================================

07:53:38.0897 2216 Scan started

07:53:38.0897 2216 Mode: Manual; SigCheck;

07:53:38.0897 2216 ============================================================

07:53:39.0380 2216 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

07:53:39.0427 2216 1394ohci - ok

07:53:39.0583 2216 ABBYY.Licensing.PDFTransformer.Classic.3.0 (b33cf4de909a5b30f526d82053a63c8e) C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe

07:53:39.0614 2216 ABBYY.Licensing.PDFTransformer.Classic.3.0 - ok

07:53:39.0661 2216 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

07:53:39.0677 2216 ACPI - ok

07:53:39.0724 2216 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

07:53:39.0739 2216 AcpiPmi - ok

07:53:39.0848 2216 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

07:53:39.0864 2216 AdobeARMservice - ok

07:53:39.0911 2216 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

07:53:39.0942 2216 adp94xx - ok

07:53:39.0973 2216 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

07:53:39.0989 2216 adpahci - ok

07:53:40.0020 2216 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

07:53:40.0020 2216 adpu320 - ok

07:53:40.0114 2216 ADVService (7233688fc422ef657e082309e6180142) C:\Program Files (x86)\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe

07:53:40.0129 2216 ADVService ( UnsignedFile.Multi.Generic ) - warning

07:53:40.0129 2216 ADVService - detected UnsignedFile.Multi.Generic (1)

07:53:40.0160 2216 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

07:53:40.0207 2216 AeLookupSvc - ok

07:53:40.0332 2216 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

07:53:40.0348 2216 AFD - ok

07:53:40.0394 2216 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

07:53:40.0410 2216 agp440 - ok

07:53:40.0426 2216 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

07:53:40.0441 2216 ALG - ok

07:53:40.0441 2216 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

07:53:40.0441 2216 aliide - ok

07:53:40.0488 2216 AMD External Events Utility (20c8a3e435a47f0408a1ea674afa6194) C:\Windows\system32\atiesrxx.exe

07:53:40.0504 2216 AMD External Events Utility - ok

07:53:40.0519 2216 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

07:53:40.0535 2216 amdide - ok

07:53:40.0550 2216 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

07:53:40.0550 2216 AmdK8 - ok

07:53:40.0909 2216 amdkmdag (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys

07:53:41.0003 2216 amdkmdag - ok

07:53:41.0096 2216 amdkmdap (0e57258e5cc4cc7a9a9a877afdf0cec6) C:\Windows\system32\DRIVERS\atikmpag.sys

07:53:41.0128 2216 amdkmdap - ok

07:53:41.0128 2216 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

07:53:41.0143 2216 AmdPPM - ok

07:53:41.0174 2216 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys

07:53:41.0174 2216 amdsata - ok

07:53:41.0206 2216 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

07:53:41.0206 2216 amdsbs - ok

07:53:41.0221 2216 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys

07:53:41.0221 2216 amdxata - ok

07:53:41.0362 2216 AnyDVD (aa10a90af32ba0682820a51fbc4ace90) C:\Windows\system32\Drivers\AnyDVD.sys

07:53:41.0377 2216 AnyDVD - ok

07:53:41.0424 2216 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

07:53:41.0455 2216 AppID - ok

07:53:41.0486 2216 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

07:53:41.0518 2216 AppIDSvc - ok

07:53:41.0533 2216 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

07:53:41.0580 2216 Appinfo - ok

07:53:41.0658 2216 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

07:53:41.0674 2216 Apple Mobile Device - ok

07:53:41.0720 2216 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

07:53:41.0736 2216 arc - ok

07:53:41.0752 2216 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

07:53:41.0767 2216 arcsas - ok

07:53:41.0861 2216 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

07:53:41.0861 2216 aspnet_state - ok

07:53:41.0892 2216 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

07:53:41.0939 2216 AsyncMac - ok

07:53:41.0970 2216 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

07:53:41.0986 2216 atapi - ok

07:53:42.0032 2216 AtiHdmiService (fb7602c5c508be281368aae0b61b51c6) C:\Windows\system32\drivers\AtiHdmi.sys

07:53:42.0032 2216 AtiHdmiService - ok

07:53:42.0407 2216 atikmdag (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys

07:53:42.0485 2216 atikmdag - ok

07:53:42.0625 2216 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

07:53:42.0656 2216 AudioEndpointBuilder - ok

07:53:42.0672 2216 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

07:53:42.0703 2216 AudioSrv - ok

07:53:42.0734 2216 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

07:53:42.0766 2216 AxInstSV - ok

07:53:42.0797 2216 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

07:53:42.0812 2216 b06bdrv - ok

07:53:42.0828 2216 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

07:53:42.0844 2216 b57nd60a - ok

07:53:42.0859 2216 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

07:53:42.0875 2216 BDESVC - ok

07:53:42.0890 2216 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

07:53:42.0922 2216 Beep - ok

07:53:43.0000 2216 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll

07:53:43.0031 2216 BFE - ok

07:53:43.0046 2216 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

07:53:43.0046 2216 blbdrive - ok

07:53:43.0109 2216 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe

07:53:43.0124 2216 Bonjour Service - ok

07:53:43.0156 2216 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

07:53:43.0171 2216 bowser - ok

07:53:43.0187 2216 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

07:53:43.0202 2216 BrFiltLo - ok

07:53:43.0202 2216 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

07:53:43.0218 2216 BrFiltUp - ok

07:53:43.0218 2216 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys

07:53:43.0249 2216 BridgeMP - ok

07:53:43.0280 2216 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

07:53:43.0296 2216 Browser - ok

07:53:43.0327 2216 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

07:53:43.0343 2216 Brserid - ok

07:53:43.0358 2216 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

07:53:43.0358 2216 BrSerWdm - ok

07:53:43.0358 2216 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

07:53:43.0374 2216 BrUsbMdm - ok

07:53:43.0374 2216 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

07:53:43.0390 2216 BrUsbSer - ok

07:53:43.0421 2216 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

07:53:43.0421 2216 BTHMODEM - ok

07:53:43.0452 2216 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

07:53:43.0483 2216 bthserv - ok

07:53:43.0499 2216 catchme - ok

07:53:43.0514 2216 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

07:53:43.0530 2216 cdfs - ok

07:53:43.0577 2216 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys

07:53:43.0592 2216 cdrom - ok

07:53:43.0639 2216 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

07:53:43.0655 2216 CertPropSvc - ok

07:53:43.0826 2216 CGVPNCliSrvc (213b6ec3de19e35373a1906397588429) C:\Program Files\S.A.D\CyberGhost VPN\CGVPNCliService.exe

07:53:43.0873 2216 CGVPNCliSrvc - ok

07:53:43.0951 2216 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

07:53:43.0967 2216 circlass - ok

07:53:43.0998 2216 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

07:53:44.0014 2216 CLFS - ok

07:53:44.0060 2216 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

07:53:44.0060 2216 clr_optimization_v2.0.50727_32 - ok

07:53:44.0107 2216 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

07:53:44.0123 2216 clr_optimization_v2.0.50727_64 - ok

07:53:44.0216 2216 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

07:53:44.0216 2216 clr_optimization_v4.0.30319_32 - ok

07:53:44.0248 2216 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

07:53:44.0263 2216 clr_optimization_v4.0.30319_64 - ok

07:53:44.0279 2216 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

07:53:44.0294 2216 CmBatt - ok

07:53:44.0326 2216 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

07:53:44.0341 2216 cmdide - ok

07:53:44.0388 2216 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

07:53:44.0419 2216 CNG - ok

07:53:44.0435 2216 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

07:53:44.0435 2216 Compbatt - ok

07:53:44.0482 2216 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

07:53:44.0497 2216 CompositeBus - ok

07:53:44.0513 2216 COMSysApp - ok

07:53:44.0591 2216 CrashPlanService (2ccc97e81ffb6263a038709d3d28dd48) C:\Program Files\CrashPlan\CrashPlanService.exe

07:53:44.0606 2216 CrashPlanService ( UnsignedFile.Multi.Generic ) - warning

07:53:44.0606 2216 CrashPlanService - detected UnsignedFile.Multi.Generic (1)

07:53:44.0606 2216 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

07:53:44.0622 2216 crcdisk - ok

07:53:44.0669 2216 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll

07:53:44.0700 2216 CryptSvc - ok

07:53:44.0762 2216 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

07:53:44.0809 2216 DcomLaunch - ok

07:53:44.0872 2216 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

07:53:44.0918 2216 defragsvc - ok

07:53:44.0981 2216 dfmirage (178a6e9a0dce42959fc5ad129f60cba9) C:\Windows\system32\DRIVERS\dfmirage.sys

07:53:44.0996 2216 dfmirage - ok

07:53:45.0028 2216 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

07:53:45.0059 2216 DfsC - ok

07:53:45.0106 2216 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

07:53:45.0137 2216 Dhcp - ok

07:53:45.0152 2216 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

07:53:45.0168 2216 discache - ok

07:53:45.0184 2216 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

07:53:45.0199 2216 Disk - ok

07:53:45.0262 2216 dKeySync (caf3719e7ebb5cac650f72330d9c5bbe) C:\dKEYUSBCradle\SyncService.exe

07:53:45.0262 2216 dKeySync ( UnsignedFile.Multi.Generic ) - warning

07:53:45.0262 2216 dKeySync - detected UnsignedFile.Multi.Generic (1)

07:53:45.0308 2216 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

07:53:45.0324 2216 Dnscache - ok

07:53:45.0371 2216 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

07:53:45.0418 2216 dot3svc - ok

07:53:45.0449 2216 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

07:53:45.0496 2216 DPS - ok

07:53:45.0636 2216 DragonSvc (d6a3c0bb5d4a42da68b02cf6f240e010) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe

07:53:45.0636 2216 DragonSvc - ok

07:53:45.0667 2216 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

07:53:45.0667 2216 drmkaud - ok

07:53:45.0745 2216 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

07:53:45.0761 2216 DXGKrnl - ok

07:53:45.0823 2216 e1kexpress (52a482dc61f24b498c8268866b90bb44) C:\Windows\system32\DRIVERS\e1k62x64.sys

07:53:45.0839 2216 e1kexpress - ok

07:53:45.0870 2216 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

07:53:45.0901 2216 EapHost - ok

07:53:46.0042 2216 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

07:53:46.0073 2216 ebdrv - ok

07:53:46.0166 2216 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

07:53:46.0182 2216 EFS - ok

07:53:46.0244 2216 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

07:53:46.0276 2216 ehRecvr - ok

07:53:46.0291 2216 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

07:53:46.0307 2216 ehSched - ok

07:53:46.0385 2216 ElbyCDIO (65e0ec00c209d4f2618f8ff0dd4ea444) C:\Windows\system32\Drivers\ElbyCDIO.sys

07:53:46.0400 2216 ElbyCDIO - ok

07:53:46.0432 2216 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

07:53:46.0447 2216 elxstor - ok

07:53:46.0478 2216 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

07:53:46.0478 2216 ErrDev - ok

07:53:46.0541 2216 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

07:53:46.0572 2216 EventSystem - ok

07:53:46.0588 2216 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

07:53:46.0619 2216 exfat - ok

07:53:46.0634 2216 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

07:53:46.0666 2216 fastfat - ok

07:53:46.0728 2216 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

07:53:46.0744 2216 Fax - ok

07:53:46.0759 2216 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

07:53:46.0775 2216 fdc - ok

07:53:46.0775 2216 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

07:53:46.0806 2216 fdPHost - ok

07:53:46.0806 2216 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

07:53:46.0837 2216 FDResPub - ok

07:53:46.0853 2216 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

07:53:46.0853 2216 FileInfo - ok

07:53:46.0868 2216 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

07:53:46.0884 2216 Filetrace - ok

07:53:46.0978 2216 FLEXnet Licensing Service (3d9b36631032fde0ffea0dc0260e4e35) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

07:53:46.0993 2216 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning

07:53:46.0993 2216 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)

07:53:46.0993 2216 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

07:53:47.0009 2216 flpydisk - ok

07:53:47.0040 2216 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

07:53:47.0056 2216 FltMgr - ok

07:53:47.0134 2216 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

07:53:47.0165 2216 FontCache - ok

07:53:47.0243 2216 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

07:53:47.0243 2216 FontCache3.0.0.0 - ok

07:53:47.0258 2216 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

07:53:47.0274 2216 FsDepends - ok

07:53:47.0290 2216 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys

07:53:47.0305 2216 Fs_Rec - ok

07:53:47.0352 2216 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

07:53:47.0368 2216 fvevol - ok

07:53:47.0368 2216 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

07:53:47.0383 2216 gagp30kx - ok

07:53:47.0508 2216 GameConsoleService (c44d560e441f091ea3b72f778ec60de2) C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe

07:53:47.0524 2216 GameConsoleService - ok

07:53:47.0555 2216 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

07:53:47.0570 2216 GEARAspiWDM - ok

07:53:47.0680 2216 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

07:53:47.0711 2216 gpsvc - ok

07:53:47.0804 2216 Greg_Service (816fd5a6f3c2f3d600900096632fc60e) C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe

07:53:47.0836 2216 Greg_Service - ok

07:53:47.0898 2216 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

07:53:47.0898 2216 gupdate - ok

07:53:47.0929 2216 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

07:53:47.0929 2216 gupdatem - ok

07:53:48.0023 2216 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

07:53:48.0038 2216 hcw85cir - ok

07:53:48.0085 2216 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

07:53:48.0116 2216 HdAudAddService - ok

07:53:48.0148 2216 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

07:53:48.0163 2216 HDAudBus - ok

07:53:48.0210 2216 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys

07:53:48.0210 2216 HECIx64 - ok

07:53:48.0226 2216 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

07:53:48.0241 2216 HidBatt - ok

07:53:48.0257 2216 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

07:53:48.0272 2216 HidBth - ok

07:53:48.0288 2216 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

07:53:48.0288 2216 HidIr - ok

07:53:48.0319 2216 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll

07:53:48.0335 2216 hidserv - ok

07:53:48.0366 2216 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

07:53:48.0382 2216 HidUsb - ok

07:53:48.0413 2216 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

07:53:48.0428 2216 hkmsvc - ok

07:53:48.0475 2216 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

07:53:48.0491 2216 HomeGroupListener - ok

07:53:48.0538 2216 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

07:53:48.0553 2216 HomeGroupProvider - ok

07:53:48.0569 2216 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

07:53:48.0584 2216 HpSAMD - ok

07:53:48.0647 2216 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

07:53:48.0678 2216 HTTP - ok

07:53:48.0694 2216 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

07:53:48.0709 2216 hwpolicy - ok

07:53:48.0725 2216 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

07:53:48.0740 2216 i8042prt - ok

07:53:48.0772 2216 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys

07:53:48.0803 2216 iaStor - ok

07:53:48.0865 2216 IAStorDataMgrSvc (31a0e93cdf29007d6c6fffb632f375ed) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

07:53:48.0865 2216 IAStorDataMgrSvc - ok

07:53:48.0912 2216 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys

07:53:48.0928 2216 iaStorV - ok

07:53:49.0006 2216 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

07:53:49.0006 2216 IDriverT ( UnsignedFile.Multi.Generic ) - warning

07:53:49.0006 2216 IDriverT - detected UnsignedFile.Multi.Generic (1)

07:53:49.0099 2216 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

07:53:49.0130 2216 idsvc - ok

07:53:49.0224 2216 IHA_MessageCenter (53c8ce55214b38fba65a3adfa44e1d90) C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe

07:53:49.0224 2216 IHA_MessageCenter ( UnsignedFile.Multi.Generic ) - warning

07:53:49.0224 2216 IHA_MessageCenter - detected UnsignedFile.Multi.Generic (1)

07:53:49.0271 2216 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

07:53:49.0286 2216 iirsp - ok

07:53:49.0364 2216 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

07:53:49.0411 2216 IKEEXT - ok

07:53:49.0505 2216 IntcAzAudAddService (bc64b75e8e0a0b8982ab773483164e72) C:\Windows\system32\drivers\RTKVHD64.sys

07:53:49.0536 2216 IntcAzAudAddService - ok

07:53:49.0598 2216 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

07:53:49.0614 2216 intelide - ok

07:53:49.0630 2216 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

07:53:49.0645 2216 intelppm - ok

07:53:49.0817 2216 IntuitUpdateServiceV4 (1663a135865f0ba6e853353e98e67f2a) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe

07:53:49.0832 2216 IntuitUpdateServiceV4 - ok

07:53:49.0848 2216 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

07:53:49.0895 2216 IPBusEnum - ok

07:53:49.0957 2216 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

07:53:50.0004 2216 IpFilterDriver - ok

07:53:50.0066 2216 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll

07:53:50.0113 2216 iphlpsvc - ok

07:53:50.0144 2216 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

07:53:50.0144 2216 IPMIDRV - ok

07:53:50.0191 2216 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

07:53:50.0222 2216 IPNAT - ok

07:53:50.0332 2216 iPod Service (ee4c2a137c7088911a8919effc9812e7) C:\Program Files\iPod\bin\iPodService.exe

07:53:50.0363 2216 iPod Service - ok

07:53:50.0378 2216 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

07:53:50.0394 2216 IRENUM - ok

07:53:50.0410 2216 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

07:53:50.0410 2216 isapnp - ok

07:53:50.0456 2216 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

07:53:50.0472 2216 iScsiPrt - ok

07:53:50.0519 2216 JRAID (75ddb94a2a24f9f7037d10a2dda06d36) C:\Windows\system32\DRIVERS\jraid.sys

07:53:50.0519 2216 JRAID - ok

07:53:50.0534 2216 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

07:53:50.0550 2216 kbdclass - ok

07:53:50.0566 2216 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys

07:53:50.0597 2216 kbdhid - ok

07:53:50.0612 2216 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

07:53:50.0628 2216 KeyIso - ok

07:53:50.0644 2216 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

07:53:50.0659 2216 KSecDD - ok

07:53:50.0675 2216 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

07:53:50.0690 2216 KSecPkg - ok

07:53:50.0690 2216 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

07:53:50.0722 2216 ksthunk - ok

07:53:50.0800 2216 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

07:53:50.0831 2216 KtmRm - ok

07:53:50.0862 2216 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll

07:53:50.0893 2216 LanmanServer - ok

07:53:50.0924 2216 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

07:53:50.0971 2216 LanmanWorkstation - ok

07:53:51.0002 2216 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

07:53:51.0018 2216 lltdio - ok

07:53:51.0049 2216 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

07:53:51.0080 2216 lltdsvc - ok

07:53:51.0080 2216 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

07:53:51.0112 2216 lmhosts - ok

07:53:51.0205 2216 LMS (a1c148801b4af64847aeb9f3ad9594ef) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

07:53:51.0205 2216 LMS ( UnsignedFile.Multi.Generic ) - warning

07:53:51.0205 2216 LMS - detected UnsignedFile.Multi.Generic (1)

07:53:51.0252 2216 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

07:53:51.0268 2216 LSI_FC - ok

07:53:51.0299 2216 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

07:53:51.0314 2216 LSI_SAS - ok

07:53:51.0330 2216 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

07:53:51.0346 2216 LSI_SAS2 - ok

07:53:51.0346 2216 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

07:53:51.0361 2216 LSI_SCSI - ok

07:53:51.0377 2216 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

07:53:51.0408 2216 luafv - ok

07:53:51.0455 2216 LVPr2M64 (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys

07:53:51.0455 2216 LVPr2M64 - ok

07:53:51.0455 2216 LVPr2Mon (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys

07:53:51.0470 2216 LVPr2Mon - ok

07:53:51.0502 2216 LVRS64 (ef2be2f45d4f06410a3bd2a3467325b0) C:\Windows\system32\DRIVERS\lvrs64.sys

07:53:51.0517 2216 LVRS64 - ok

07:53:51.0720 2216 LVUVC64 (ac22f92c6078640fe8a70d662a2f3ad5) C:\Windows\system32\DRIVERS\lvuvc64.sys

07:53:51.0782 2216 LVUVC64 - ok

07:53:51.0970 2216 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys

07:53:51.0985 2216 MBAMProtector - ok

07:53:52.0094 2216 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

07:53:52.0110 2216 MBAMService - ok

07:53:52.0204 2216 McciCMService (f8b823414a22dbf3bec10dcaa5f93cd8) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe

07:53:52.0219 2216 McciCMService ( UnsignedFile.Multi.Generic ) - warning

07:53:52.0219 2216 McciCMService - detected UnsignedFile.Multi.Generic (1)

07:53:52.0328 2216 McciCMService64 (859e5a32485178daeca06b52e2bb44b2) C:\Program Files\Common Files\Motive\McciCMService.exe

07:53:52.0344 2216 McciCMService64 ( UnsignedFile.Multi.Generic ) - warning

07:53:52.0344 2216 McciCMService64 - detected UnsignedFile.Multi.Generic (1)

07:53:52.0406 2216 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

07:53:52.0422 2216 Mcx2Svc - ok

07:53:52.0453 2216 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

07:53:52.0453 2216 megasas - ok

07:53:52.0484 2216 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

07:53:52.0500 2216 MegaSR - ok

07:53:52.0531 2216 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

07:53:52.0562 2216 MMCSS - ok

07:53:52.0578 2216 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

07:53:52.0609 2216 Modem - ok

07:53:52.0640 2216 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

07:53:52.0640 2216 monitor - ok

07:53:52.0687 2216 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

07:53:52.0703 2216 mouclass - ok

07:53:52.0734 2216 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

07:53:52.0734 2216 mouhid - ok

07:53:52.0765 2216 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

07:53:52.0781 2216 mountmgr - ok

07:53:52.0859 2216 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

07:53:52.0874 2216 MozillaMaintenance - ok

07:53:52.0906 2216 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

07:53:52.0906 2216 mpio - ok

07:53:52.0921 2216 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

07:53:52.0952 2216 mpsdrv - ok

07:53:53.0030 2216 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll

07:53:53.0062 2216 MpsSvc - ok

07:53:53.0124 2216 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS

07:53:53.0124 2216 MREMP50 ( UnsignedFile.Multi.Generic ) - warning

07:53:53.0124 2216 MREMP50 - detected UnsignedFile.Multi.Generic (1)

07:53:53.0186 2216 MREMP50a64 - ok

07:53:53.0186 2216 MREMPR5 - ok

07:53:53.0186 2216 MRENDIS5 - ok

07:53:53.0202 2216 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS

07:53:53.0202 2216 MRESP50 ( UnsignedFile.Multi.Generic ) - warning

07:53:53.0202 2216 MRESP50 - detected UnsignedFile.Multi.Generic (1)

07:53:53.0202 2216 MRESP50a64 - ok

07:53:53.0249 2216 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

07:53:53.0264 2216 MRxDAV - ok

07:53:53.0311 2216 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

07:53:53.0327 2216 mrxsmb - ok

07:53:53.0374 2216 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

07:53:53.0389 2216 mrxsmb10 - ok

07:53:53.0405 2216 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

07:53:53.0420 2216 mrxsmb20 - ok

07:53:53.0436 2216 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

07:53:53.0452 2216 msahci - ok

07:53:53.0467 2216 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

07:53:53.0483 2216 msdsm - ok

07:53:53.0498 2216 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

07:53:53.0514 2216 MSDTC - ok

07:53:53.0561 2216 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

07:53:53.0608 2216 Msfs - ok

07:53:53.0608 2216 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

07:53:53.0639 2216 mshidkmdf - ok

07:53:53.0639 2216 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

07:53:53.0639 2216 msisadrv - ok

07:53:53.0670 2216 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

07:53:53.0701 2216 MSiSCSI - ok

07:53:53.0701 2216 msiserver - ok

07:53:53.0717 2216 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

07:53:53.0732 2216 MSKSSRV - ok

07:53:53.0748 2216 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

07:53:53.0764 2216 MSPCLOCK - ok

07:53:53.0764 2216 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

07:53:53.0795 2216 MSPQM - ok

07:53:53.0857 2216 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

07:53:53.0873 2216 MsRPC - ok

07:53:53.0888 2216 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

07:53:53.0888 2216 mssmbios - ok

07:53:54.0091 2216 MSSQL$ACROSS - ok

07:53:54.0185 2216 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe

07:53:54.0185 2216 MSSQLServerADHelper - ok

07:53:54.0200 2216 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

07:53:54.0232 2216 MSTEE - ok

07:53:54.0263 2216 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

07:53:54.0278 2216 MTConfig - ok

07:53:54.0310 2216 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

07:53:54.0325 2216 Mup - ok

07:53:54.0419 2216 NalServ (086da58f38ab4c690d594d223f6c4bc4) C:\Windows\SysWOW64\nalserv.exe

07:53:54.0434 2216 NalServ ( UnsignedFile.Multi.Generic ) - warning

07:53:54.0434 2216 NalServ - detected UnsignedFile.Multi.Generic (1)

07:53:54.0481 2216 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

07:53:54.0512 2216 napagent - ok

07:53:54.0575 2216 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

07:53:54.0606 2216 NativeWifiP - ok

07:53:54.0684 2216 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

07:53:54.0715 2216 NDIS - ok

07:53:54.0746 2216 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

07:53:54.0762 2216 NdisCap - ok

07:53:54.0793 2216 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

07:53:54.0809 2216 NdisTapi - ok

07:53:54.0856 2216 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

07:53:54.0871 2216 Ndisuio - ok

07:53:54.0902 2216 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

07:53:54.0934 2216 NdisWan - ok

07:53:54.0965 2216 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

07:53:54.0980 2216 NDProxy - ok

07:53:55.0105 2216 Nero BackItUp Scheduler 4.0 (7d2633295eb6ff2b938185874884059d) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

07:53:55.0121 2216 Nero BackItUp Scheduler 4.0 - ok

07:53:55.0136 2216 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

07:53:55.0168 2216 NetBIOS - ok

07:53:55.0214 2216 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

07:53:55.0230 2216 NetBT - ok

07:53:55.0261 2216 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

07:53:55.0261 2216 Netlogon - ok

07:53:55.0308 2216 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

07:53:55.0324 2216 Netman - ok

07:53:55.0417 2216 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

07:53:55.0433 2216 NetMsmqActivator - ok

07:53:55.0448 2216 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

07:53:55.0464 2216 NetPipeActivator - ok

07:53:55.0495 2216 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

07:53:55.0542 2216 netprofm - ok

07:53:55.0620 2216 netr7364 (f3a1d8b7317939813568992d1bfdde37) C:\Windows\system32\DRIVERS\netr7364.sys

07:53:55.0636 2216 netr7364 - ok

07:53:55.0667 2216 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

07:53:55.0667 2216 NetTcpActivator - ok

07:53:55.0667 2216 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

07:53:55.0682 2216 NetTcpPortSharing - ok

[kathfee]

07:53:55.0698 2216 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

07:53:55.0698 2216 nfrd960 - ok

07:53:55.0745 2216 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

07:53:55.0792 2216 NlaSvc - ok

07:53:55.0870 2216 nlsX86cc (b1ef4686961986dffb7fe8f18e6fcb5b) C:\Windows\SysWOW64\nlssrv32.exe

07:53:55.0870 2216 nlsX86cc - ok

07:53:55.0885 2216 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

07:53:55.0901 2216 Npfs - ok

07:53:55.0916 2216 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

07:53:55.0932 2216 nsi - ok

07:53:55.0948 2216 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

07:53:55.0963 2216 nsiproxy - ok

07:53:56.0119 2216 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys

07:53:56.0135 2216 Ntfs - ok

07:53:56.0228 2216 NTI IScheduleSvc (bd691091ac7d9713d8f0b07c6b099e6c) C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe

07:53:56.0228 2216 NTI IScheduleSvc - ok

07:53:56.0306 2216 NTIDrvr (64ddd0dee976302f4bd93e5efcc2f013) C:\Windows\system32\drivers\NTIDrvr.sys

07:53:56.0322 2216 NTIDrvr - ok

07:53:56.0322 2216 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

07:53:56.0369 2216 Null - ok

07:53:56.0400 2216 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys

07:53:56.0416 2216 nvraid - ok

07:53:56.0431 2216 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys

07:53:56.0431 2216 nvstor - ok

07:53:56.0478 2216 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

07:53:56.0478 2216 nv_agp - ok

07:53:56.0540 2216 odserv (1f0e05dff4f5a833168e49be1256f002) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

07:53:56.0556 2216 odserv - ok

07:53:56.0587 2216 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

07:53:56.0587 2216 ohci1394 - ok

07:53:56.0634 2216 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

07:53:56.0650 2216 ose - ok

07:53:56.0681 2216 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

07:53:56.0696 2216 p2pimsvc - ok

07:53:56.0728 2216 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

07:53:56.0743 2216 p2psvc - ok

07:53:56.0759 2216 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

07:53:56.0759 2216 Parport - ok

07:53:56.0806 2216 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

07:53:56.0806 2216 partmgr - ok

07:53:56.0884 2216 Partner Service (9665402b7fa59302d520ad845ddfc026) C:\ProgramData\Partner\Partner.exe

07:53:56.0884 2216 Partner Service - ok

07:53:56.0899 2216 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

07:53:56.0915 2216 PcaSvc - ok

07:53:56.0930 2216 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

07:53:56.0946 2216 pci - ok

07:53:56.0962 2216 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

07:53:56.0962 2216 pciide - ok

07:53:56.0977 2216 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

07:53:56.0993 2216 pcmcia - ok

07:53:56.0993 2216 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

07:53:57.0008 2216 pcw - ok

07:53:57.0040 2216 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

07:53:57.0086 2216 PEAUTH - ok

07:53:57.0149 2216 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

07:53:57.0149 2216 PerfHost - ok

07:53:57.0305 2216 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

07:53:57.0352 2216 pla - ok

07:53:57.0398 2216 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

07:53:57.0430 2216 PlugPlay - ok

07:53:57.0445 2216 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

07:53:57.0461 2216 PNRPAutoReg - ok

07:53:57.0476 2216 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

07:53:57.0492 2216 PNRPsvc - ok

07:53:57.0523 2216 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

07:53:57.0554 2216 PolicyAgent - ok

07:53:57.0586 2216 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

07:53:57.0601 2216 Power - ok

07:53:57.0648 2216 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

07:53:57.0695 2216 PptpMiniport - ok

07:53:57.0726 2216 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

07:53:57.0726 2216 Processor - ok

07:53:57.0757 2216 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll

07:53:57.0773 2216 ProfSvc - ok

07:53:57.0804 2216 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

07:53:57.0804 2216 ProtectedStorage - ok

07:53:57.0851 2216 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

07:53:57.0898 2216 Psched - ok

07:53:57.0991 2216 QBCFMonitorService (f6ea2dce39f1accb2c6c38d61fc79075) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

07:53:58.0007 2216 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - warning

07:53:58.0007 2216 QBCFMonitorService - detected UnsignedFile.Multi.Generic (1)

07:53:58.0054 2216 QBFCService (bab30d2799754f6ea22f0b9076311793) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe

07:53:58.0054 2216 QBFCService ( UnsignedFile.Multi.Generic ) - warning

07:53:58.0054 2216 QBFCService - detected UnsignedFile.Multi.Generic (1)

07:53:58.0116 2216 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

07:53:58.0147 2216 ql2300 - ok

07:53:58.0225 2216 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

07:53:58.0241 2216 ql40xx - ok

07:53:58.0272 2216 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

07:53:58.0288 2216 QWAVE - ok

07:53:58.0288 2216 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

07:53:58.0303 2216 QWAVEdrv - ok

07:53:58.0319 2216 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

07:53:58.0334 2216 RasAcd - ok

07:53:58.0366 2216 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

07:53:58.0412 2216 RasAgileVpn - ok

07:53:58.0428 2216 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

07:53:58.0444 2216 RasAuto - ok

07:53:58.0475 2216 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

07:53:58.0506 2216 Rasl2tp - ok

07:53:58.0553 2216 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

07:53:58.0600 2216 RasMan - ok

07:53:58.0600 2216 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

07:53:58.0631 2216 RasPppoe - ok

07:53:58.0646 2216 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

07:53:58.0662 2216 RasSstp - ok

07:53:58.0709 2216 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

07:53:58.0756 2216 rdbss - ok

07:53:58.0756 2216 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

07:53:58.0771 2216 rdpbus - ok

07:53:58.0771 2216 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

07:53:58.0802 2216 RDPCDD - ok

07:53:58.0818 2216 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

07:53:58.0849 2216 RDPENCDD - ok

07:53:58.0849 2216 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

07:53:58.0865 2216 RDPREFMP - ok

07:53:58.0912 2216 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys

07:53:58.0958 2216 RDPWD - ok

07:53:59.0005 2216 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

07:53:59.0021 2216 rdyboost - ok

07:53:59.0052 2216 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

07:53:59.0083 2216 RemoteAccess - ok

07:53:59.0114 2216 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

07:53:59.0146 2216 RemoteRegistry - ok

07:53:59.0161 2216 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

07:53:59.0192 2216 RpcEptMapper - ok

07:53:59.0208 2216 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

07:53:59.0224 2216 RpcLocator - ok

07:53:59.0270 2216 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\System32\rpcss.dll

07:53:59.0302 2216 RpcSs - ok

07:53:59.0317 2216 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

07:53:59.0333 2216 rspndr - ok

07:53:59.0364 2216 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

07:53:59.0380 2216 SamSs - ok

07:53:59.0411 2216 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

07:53:59.0426 2216 sbp2port - ok

07:53:59.0442 2216 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

07:53:59.0458 2216 SCardSvr - ok

07:53:59.0489 2216 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

07:53:59.0520 2216 scfilter - ok

07:53:59.0582 2216 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

07:53:59.0629 2216 Schedule - ok

07:53:59.0660 2216 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

07:53:59.0692 2216 SCPolicySvc - ok

07:53:59.0723 2216 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

07:53:59.0723 2216 SDRSVC - ok

07:53:59.0770 2216 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

07:53:59.0816 2216 secdrv - ok

07:53:59.0832 2216 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

07:53:59.0863 2216 seclogon - ok

07:53:59.0863 2216 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll

07:53:59.0894 2216 SENS - ok

07:53:59.0910 2216 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

07:53:59.0910 2216 SensrSvc - ok

07:53:59.0926 2216 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

07:53:59.0941 2216 Serenum - ok

07:53:59.0957 2216 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

07:53:59.0957 2216 Serial - ok

07:53:59.0972 2216 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

07:53:59.0988 2216 sermouse - ok

07:54:00.0019 2216 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

07:54:00.0050 2216 SessionEnv - ok

07:54:00.0082 2216 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

07:54:00.0082 2216 sffdisk - ok

07:54:00.0097 2216 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

07:54:00.0097 2216 sffp_mmc - ok

07:54:00.0113 2216 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

07:54:00.0128 2216 sffp_sd - ok

07:54:00.0128 2216 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

07:54:00.0144 2216 sfloppy - ok

07:54:00.0222 2216 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

07:54:00.0253 2216 SharedAccess - ok

07:54:00.0284 2216 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

07:54:00.0316 2216 ShellHWDetection - ok

07:54:00.0362 2216 silabenm (693c0c1a4f89bed4cea1fa291638c02b) C:\Windows\system32\DRIVERS\silabenm.sys

07:54:00.0362 2216 silabenm - ok

07:54:00.0378 2216 silabser (cd54dda4898439adb7a2e26eb9133028) C:\Windows\system32\DRIVERS\silabser.sys

07:54:00.0394 2216 silabser - ok

07:54:00.0394 2216 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

07:54:00.0409 2216 SiSRaid2 - ok

07:54:00.0409 2216 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

07:54:00.0425 2216 SiSRaid4 - ok

07:54:00.0440 2216 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

07:54:00.0472 2216 Smb - ok

07:54:00.0503 2216 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

07:54:00.0503 2216 SNMPTRAP - ok

07:54:00.0518 2216 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

07:54:00.0518 2216 spldr - ok

07:54:00.0581 2216 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

07:54:00.0628 2216 Spooler - ok

07:54:00.0784 2216 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

07:54:00.0830 2216 sppsvc - ok

07:54:00.0908 2216 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

07:54:00.0940 2216 sppuinotify - ok

07:54:01.0033 2216 SQLBrowser (86ebd8b1f23e743aad21f4d5b4d40985) c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe

07:54:01.0049 2216 SQLBrowser - ok

07:54:01.0111 2216 SQLWriter (3c432a96363097870995e2a3c8b66abd) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

07:54:01.0127 2216 SQLWriter - ok

07:54:01.0189 2216 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

07:54:01.0205 2216 srv - ok

07:54:01.0236 2216 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

07:54:01.0252 2216 srv2 - ok

07:54:01.0283 2216 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

07:54:01.0283 2216 srvnet - ok

07:54:01.0376 2216 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

07:54:01.0408 2216 SSDPSRV - ok

07:54:01.0423 2216 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

07:54:01.0439 2216 SstpSvc - ok

07:54:01.0501 2216 Steam Client Service - ok

07:54:01.0532 2216 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

07:54:01.0548 2216 stexstor - ok

07:54:01.0610 2216 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

07:54:01.0642 2216 stisvc - ok

07:54:01.0673 2216 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

07:54:01.0673 2216 swenum - ok

07:54:01.0704 2216 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

07:54:01.0751 2216 swprv - ok

07:54:01.0844 2216 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

07:54:01.0891 2216 SysMain - ok

07:54:01.0985 2216 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

07:54:02.0016 2216 TabletInputService - ok

07:54:02.0047 2216 tap0901 (f9be29d5e097f03f81d3cd12b794cb66) C:\Windows\system32\DRIVERS\tap0901.sys

07:54:02.0063 2216 tap0901 - ok

07:54:02.0110 2216 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

07:54:02.0156 2216 TapiSrv - ok

07:54:02.0156 2216 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

07:54:02.0188 2216 TBS - ok

07:54:02.0297 2216 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys

07:54:02.0328 2216 Tcpip - ok

07:54:02.0422 2216 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys

07:54:02.0453 2216 TCPIP6 - ok

07:54:02.0515 2216 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

07:54:02.0546 2216 tcpipreg - ok

07:54:02.0562 2216 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

07:54:02.0593 2216 TDPIPE - ok

07:54:02.0593 2216 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys

07:54:02.0624 2216 TDTCP - ok

07:54:02.0640 2216 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

07:54:02.0671 2216 tdx - ok

07:54:02.0702 2216 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

07:54:02.0702 2216 TermDD - ok

07:54:02.0765 2216 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

07:54:02.0812 2216 TermService - ok

07:54:02.0827 2216 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

07:54:02.0843 2216 Themes - ok

07:54:02.0874 2216 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

07:54:02.0905 2216 THREADORDER - ok

07:54:02.0936 2216 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

07:54:02.0952 2216 TrkWks - ok

07:54:02.0999 2216 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

07:54:03.0046 2216 TrustedInstaller - ok

07:54:03.0061 2216 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

07:54:03.0092 2216 tssecsrv - ok

07:54:03.0139 2216 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

07:54:03.0155 2216 TsUsbFlt - ok

07:54:03.0311 2216 TuneUp.UtilitiesSvc (811a229718c85356bc81eb20f35eb7f6) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe

07:54:03.0358 2216 TuneUp.UtilitiesSvc - ok

07:54:03.0389 2216 TuneUpUtilitiesDrv (dcc94c51d27c7ec0dadeca8f64c94fcf) C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys

07:54:03.0389 2216 TuneUpUtilitiesDrv - ok

07:54:03.0529 2216 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

07:54:03.0576 2216 tunnel - ok

07:54:03.0607 2216 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

07:54:03.0607 2216 uagp35 - ok

07:54:03.0623 2216 UBHelper (2e22c1fd397a5a9ffef55e9d1fc96c00) C:\Windows\system32\drivers\UBHelper.sys

07:54:03.0623 2216 UBHelper - ok

07:54:03.0670 2216 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

07:54:03.0716 2216 udfs - ok

07:54:03.0748 2216 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

07:54:03.0748 2216 UI0Detect - ok

07:54:03.0810 2216 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

07:54:03.0826 2216 uliagpkx - ok

07:54:03.0872 2216 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys

07:54:03.0888 2216 umbus - ok

07:54:03.0919 2216 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

07:54:03.0935 2216 UmPass - ok

07:54:04.0060 2216 UMVPFSrv (927754abf077aeb5504be4e0f2c60c1b) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

07:54:04.0075 2216 UMVPFSrv - ok

07:54:04.0247 2216 UNS (41118d920b2b268c0adc36421248cdcf) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

07:54:04.0278 2216 UNS ( UnsignedFile.Multi.Generic ) - warning

07:54:04.0278 2216 UNS - detected UnsignedFile.Multi.Generic (1)

07:54:04.0309 2216 Updater Service (70dde3a86dbeb1d6c3c30ad687b1877a) C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe

07:54:04.0325 2216 Updater Service - ok

07:54:04.0418 2216 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

07:54:04.0450 2216 upnphost - ok

07:54:04.0481 2216 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys

07:54:04.0481 2216 USBAAPL64 - ok

07:54:04.0528 2216 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys

07:54:04.0528 2216 usbaudio - ok

07:54:04.0543 2216 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\DRIVERS\usbccgp.sys

07:54:04.0543 2216 usbccgp - ok

07:54:04.0590 2216 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

07:54:04.0606 2216 usbcir - ok

07:54:04.0621 2216 usbehci (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\drivers\usbehci.sys

07:54:04.0621 2216 usbehci - ok

07:54:04.0652 2216 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\drivers\usbhub.sys

07:54:04.0668 2216 usbhub - ok

07:54:04.0684 2216 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys

07:54:04.0699 2216 usbohci - ok

07:54:04.0699 2216 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

07:54:04.0699 2216 usbprint - ok

07:54:04.0762 2216 USBS3S4Detection (b5e6c4f280ebf0b16f74a5b415f2e0df) C:\OEM\USBDECTION\USBS3S4Detection.exe

07:54:04.0762 2216 USBS3S4Detection - ok

07:54:04.0777 2216 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

07:54:04.0808 2216 usbscan - ok

07:54:04.0824 2216 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS

07:54:04.0824 2216 USBSTOR - ok

07:54:04.0824 2216 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys

07:54:04.0840 2216 usbuhci - ok

07:54:04.0855 2216 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys

07:54:04.0855 2216 usbvideo - ok

07:54:04.0871 2216 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

07:54:04.0902 2216 UxSms - ok

07:54:04.0933 2216 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

07:54:04.0933 2216 VaultSvc - ok

07:54:04.0964 2216 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

07:54:04.0964 2216 vdrvroot - ok

07:54:05.0027 2216 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

07:54:05.0058 2216 vds - ok

07:54:05.0058 2216 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

07:54:05.0074 2216 vga - ok

07:54:05.0074 2216 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

07:54:05.0105 2216 VgaSave - ok

07:54:05.0105 2216 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

07:54:05.0120 2216 vhdmp - ok

07:54:05.0152 2216 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

07:54:05.0152 2216 viaide - ok

07:54:05.0167 2216 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

07:54:05.0183 2216 volmgr - ok

07:54:05.0230 2216 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

07:54:05.0245 2216 volmgrx - ok

07:54:05.0261 2216 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

07:54:05.0276 2216 volsnap - ok

07:54:05.0308 2216 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

07:54:05.0308 2216 vsmraid - ok

07:54:05.0401 2216 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

07:54:05.0448 2216 VSS - ok

07:54:05.0542 2216 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

07:54:05.0557 2216 vwifibus - ok

07:54:05.0651 2216 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

07:54:05.0651 2216 vwififlt - ok

07:54:05.0666 2216 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys

07:54:05.0666 2216 vwifimp - ok

07:54:05.0713 2216 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

07:54:05.0729 2216 W32Time - ok

07:54:05.0744 2216 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

07:54:05.0760 2216 WacomPen - ok

07:54:05.0776 2216 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

07:54:05.0807 2216 WANARP - ok

07:54:05.0807 2216 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

07:54:05.0838 2216 Wanarpv6 - ok

07:54:05.0932 2216 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

07:54:05.0963 2216 WatAdminSvc - ok

07:54:06.0056 2216 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

07:54:06.0088 2216 wbengine - ok

07:54:06.0134 2216 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

07:54:06.0150 2216 WbioSrvc - ok

07:54:06.0181 2216 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

07:54:06.0212 2216 wcncsvc - ok

07:54:06.0228 2216 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

07:54:06.0228 2216 WcsPlugInService - ok

07:54:06.0228 2216 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

07:54:06.0244 2216 Wd - ok

07:54:06.0337 2216 WDBtnMgrSvc.exe (7b8cdbdeb84da1a0c8897728beba80b8) C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe

07:54:06.0353 2216 WDBtnMgrSvc.exe ( UnsignedFile.Multi.Generic ) - warning

07:54:06.0353 2216 WDBtnMgrSvc.exe - detected UnsignedFile.Multi.Generic (1)

07:54:06.0384 2216 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

07:54:06.0415 2216 Wdf01000 - ok

07:54:06.0431 2216 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

07:54:06.0446 2216 WdiServiceHost - ok

07:54:06.0446 2216 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

07:54:06.0462 2216 WdiSystemHost - ok

07:54:06.0493 2216 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

07:54:06.0509 2216 WebClient - ok

07:54:06.0524 2216 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

07:54:06.0556 2216 Wecsvc - ok

07:54:06.0571 2216 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

07:54:06.0602 2216 wercplsupport - ok

07:54:06.0618 2216 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

07:54:06.0634 2216 WerSvc - ok

07:54:06.0712 2216 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

07:54:06.0743 2216 WfpLwf - ok

07:54:06.0758 2216 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

07:54:06.0758 2216 WIMMount - ok

07:54:06.0836 2216 WinDefend - ok

07:54:06.0852 2216 WinHttpAutoProxySvc - ok

07:54:06.0899 2216 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

07:54:06.0930 2216 Winmgmt - ok

07:54:07.0039 2216 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

07:54:07.0086 2216 WinRM - ok

07:54:07.0211 2216 winusb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

07:54:07.0226 2216 winusb - ok

07:54:07.0273 2216 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

07:54:07.0320 2216 Wlansvc - ok

07:54:07.0336 2216 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

07:54:07.0336 2216 WmiAcpi - ok

07:54:07.0367 2216 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

07:54:07.0367 2216 wmiApSrv - ok

07:54:07.0382 2216 WMPNetworkSvc - ok

07:54:07.0382 2216 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

07:54:07.0398 2216 WPCSvc - ok

07:54:07.0445 2216 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

07:54:07.0460 2216 WPDBusEnum - ok

07:54:07.0476 2216 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

07:54:07.0507 2216 ws2ifsl - ok

07:54:07.0538 2216 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll

07:54:07.0570 2216 wscsvc - ok

07:54:07.0570 2216 WSearch - ok

07:54:07.0694 2216 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll

07:54:07.0741 2216 wuauserv - ok

07:54:07.0835 2216 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

07:54:07.0866 2216 WudfPf - ok

07:54:07.0882 2216 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

07:54:07.0913 2216 WUDFRd - ok

07:54:07.0944 2216 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

07:54:07.0975 2216 wudfsvc - ok

07:54:08.0006 2216 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

07:54:08.0006 2216 WwanSvc - ok

07:54:08.0038 2216 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

07:54:08.0209 2216 \Device\Harddisk0\DR0 - ok

07:54:08.0209 2216 Boot (0x1200) (6643ee4a797ee771cb047d8816b4c8df) \Device\Harddisk0\DR0\Partition0

07:54:08.0209 2216 \Device\Harddisk0\DR0\Partition0 - ok

07:54:08.0209 2216 Boot (0x1200) (e183e4c17a033cbe19f2c7a953934ff2) \Device\Harddisk0\DR0\Partition1

07:54:08.0209 2216 \Device\Harddisk0\DR0\Partition1 - ok

07:54:08.0209 2216 ============================================================

07:54:08.0209 2216 Scan finished

07:54:08.0209 2216 ============================================================

07:54:08.0225 4356 Detected object count: 16

07:54:08.0225 4356 Actual detected object count: 16

07:54:17.0179 4356 ADVService ( UnsignedFile.Multi.Generic ) - skipped by user

07:54:17.0179 4356 ADVService ( UnsignedFile.Multi.Generic ) - User select action: Skip

07:54:17.0179 4356 CrashPlanService ( UnsignedFile.Multi.Generic ) - skipped by user

07:54:17.0179 4356 CrashPlanService ( UnsignedFile.Multi.Generic ) - User select action: Skip

07:54:17.0179 4356 dKeySync ( UnsignedFile.Multi.Generic ) - skipped by user

07:54:17.0179 4356 dKeySync ( UnsignedFile.Multi.Generic ) - User select action: Skip

07:54:17.0179 4356 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user

07:54:17.0179 4356 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

07:54:17.0179 4356 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user

07:54:17.0179 4356 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip

07:54:17.0195 4356 IHA_MessageCenter ( UnsignedFile.Multi.Generic ) - skipped by user

07:54:17.0195 4356 IHA_MessageCenter ( UnsignedFile.Multi.Generic ) - User select action: Skip

07:54:17.0195 4356 LMS ( UnsignedFile.Multi.Generic ) - skipped by user

07:54:17.0195 4356 LMS ( UnsignedFile.Multi.Generic ) - User select action: Skip

07:54:17.0195 4356 McciCMService ( UnsignedFile.Multi.Generic ) - skipped by user

07:54:17.0195 4356 McciCMService ( UnsignedFile.Multi.Generic ) - User select action: Skip

07:54:17.0195 4356 McciCMService64 ( UnsignedFile.Multi.Generic ) - skipped by user

07:54:17.0195 4356 McciCMService64 ( UnsignedFile.Multi.Generic ) - User select action: Skip

07:54:17.0195 4356 MREMP50 ( UnsignedFile.Multi.Generic ) - skipped by user

07:54:17.0195 4356 MREMP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip

07:54:17.0195 4356 MRESP50 ( UnsignedFile.Multi.Generic ) - skipped by user

07:54:17.0195 4356 MRESP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip

07:54:17.0195 4356 NalServ ( UnsignedFile.Multi.Generic ) - skipped by user

07:54:17.0195 4356 NalServ ( UnsignedFile.Multi.Generic ) - User select action: Skip

07:54:17.0195 4356 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - skipped by user

07:54:17.0195 4356 QBCFMonitorService ( UnsignedFile.Multi.Generic ) - User select action: Skip

07:54:17.0195 4356 QBFCService ( UnsignedFile.Multi.Generic ) - skipped by user

07:54:17.0195 4356 QBFCService ( UnsignedFile.Multi.Generic ) - User select action: Skip

07:54:17.0195 4356 UNS ( UnsignedFile.Multi.Generic ) - skipped by user

07:54:17.0195 4356 UNS ( UnsignedFile.Multi.Generic ) - User select action: Skip

07:54:17.0195 4356 WDBtnMgrSvc.exe ( UnsignedFile.Multi.Generic ) - skipped by user

07:54:17.0195 4356 WDBtnMgrSvc.exe ( UnsignedFile.Multi.Generic ) - User select action: Skip

RogueKiller V7.6.6 [08/10/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: Admin [Admin rights]

Mode: Scan -- Date: 08/12/2012 07:56:38

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD10EADS-22M2B0 +++++

--- User ---

[MBR] 9995ddb352e527be465eaab30757755e

[bSP] 2a09ecea5a16ef41de0851dd983242b2 : Windows 7 MBR Code

Partition table:

0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 17408 Mo

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 35653632 | Size: 100 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 35858432 | Size: 936359 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[2].txt >>

RKreport[1].txt ; RKreport[2].txt

[Maurice Naggar]

You're system is infected with Smart HDD, a BackDoor Trojan. And in addition, there is NO antivirus program on it.

That is an extremely serious condition. Not having a current/up-todate antivirus that is active means your system cannot be trusted.

Your best and safest option is to wipe/reformat/ and install Windows & your applications from scratch.

If you have a full backup (mirro-image backup) on offline media (CD/DVD/external drive) from before the infection, you can use that to restore the system.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

http://www.dslreports.com/faq/10451

When Should I Format, How Should I Reinstall

http://www.dslreports.com/faq/10063

[kathfee]

OK, how can I rescue my Outlook file and my passwords? Or should I not save those?

[kathfee]

What about backup files for Quicken?

[Maurice Naggar]

You are strongly advised to do the following immediately.

1. Contact your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and ask them to put a watch on your accounts or change all your account numbers.

2. From a clean computer, change ALL your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups.

3. Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.These trojans leave a backdoor open on the system that can allow a hacker total and complete access to your computer. (Remote access trojan) Hackers can operate your computer just as if they were sitting in front of it. Hackers can watch everything you are doing on the computer, play tricks, do screenshots, log passwords, start and stop programs.

* Take any other steps you think appropriate for an attempted identity theft.

Yes, with a clean install of Windows you will loose all personal data, files, documents, etc that were on the system.

Unless you had a recent backup, you'd need to save them to offline media before doing the install.

And with the system not having had an antivirus, I would be hesitant to use the files.

If you did, you would have to first do 2 full scans before using them in future (1 full scan with antivirus & 1 full scan with MBAM).

OK, how can I rescue my Outlook file and my passwords? Or should I not save those?

Don't know what version of Outlook you have. Check with the MS Outlook forum http://answers.micro...e/forum/outlook

about where Outlook data is stored. You must tell them your version of Outlook and Windows as well.

What about backup files for Quicken?

You'll have to check with Quicken support.

Backups are your best computer friend.

[Maurice Naggar]

Since there's been no response after four days, I am closing this thread, as resolved.