mollyk36 Posted August 9, 2012 ID:582586 Share Posted August 9, 2012 .DDS (Ver_2011-08-26.01) - NTFSAMD64Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31Run by Molly K at 23:38:33 on 2012-08-08Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8175.6487 [GMT -5:00].AV: Trend Micro Titanium Maximum Security 2012 *Disabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}SP: Trend Micro Titanium Maximum Security 2012 *Disabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\nvvsvc.exeC:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exeC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Program Files\NVIDIA Corporation\Display\nvxdsync.exeC:\Windows\system32\nvvsvc.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\taskhost.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exeC:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exeC:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exeC:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exeC:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exeC:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXEC:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXEC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exeC:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exeC:\Program Files (x86)\Common Files\Logishrd\LVMVFM\LVPrS64H.exeC:\Program Files (x86)\Common Files\Motive\pcCMService.exeC:\Program Files\Common Files\Motive\pcCMService.exeC:\Program Files (x86)\Common Files\Motive\pcServiceHost.exeC:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exeC:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeC:\Program Files\ATT-SST\pcTrayApp.exeC:\Program Files (x86)\Common Files\Motive\pcContextHookShim.exeC:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exeC:\Program Files (x86)\Kodak\MediaImpression\ArcMonitor.exeC:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exeC:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exeC:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exeC:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exeC:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.acC:\Program Files (x86)\iTunes\iTunesHelper.exeC:\Windows\system32\wbem\unsecapp.exeC:\Windows\sysWOW64\wbem\wmiprvse.exeC:\Program Files\iPod\bin\iPodService.exeC:\Windows\system32\SearchIndexer.exe-netsvcsC:\Windows\system32\conhost.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_270_ActiveX.exeC:\Windows\System32\svchost.exe -k WerSvcGroupC:\Windows\system32\DllHost.exeC:\Windows\system32\DllHost.exeC:\Windows\SysWOW64\cmd.exeC:\Windows\system32\conhost.exeC:\Windows\SysWOW64\cscript.exeC:\Windows\system32\wbem\wmiprvse.exe.============== Pseudo HJT Report ===============.uInternet Settings,ProxyOverride = *.localuURLSearchHooks: Splashtop Connect SearchHook: {0f3dc9e0-c459-4a40-bcf8-747bd9322e10} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\AddressBarSearch.dllBHO: Splashtop Connect VisualBookmark: {0e5680d1-bf44-4929-94af-fd30d784ad1d} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STC.dllBHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1078\TmIEPlg32.dllBHO: TSToolbarBHO: {43c6d902-a1c5-45c9-91f6-fd9e90337e18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dllBHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLLBHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dllBHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllBHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLLBHO: TmBpIeBHO Class: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1102\7.1.1102\TmBpIe32.dllBHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dllTB: Trend Micro Toolbar: {ccac5586-44d7-4c43-b64a-f042461a97d2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dlluRun: [ehTray.exe] C:\Windows\ehome\ehTray.exeuRun: [NVIDIA nTune] "C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe" clearmRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"mRun: [ArcSoft Connection Service] "C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe"mRun: [ArcSoft MediaImpression Monitor] "C:\Program Files (x86)\Kodak\MediaImpression\ArcMonitor.exe"mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServicesmRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hidemRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exemRun: [sTCAgent] "C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe"mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mRun: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exemRun: [ZyngaGamesAgent] "C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe"mRun: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEVENT~1.EXEmRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimemRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttraymPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)mPolicies-system: EnableUIADesktopToggle = 0 (0x0)IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dllIE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dllIE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllTrusted Zone: $talisma_url$Trusted Zone: clonewarsadventures.comTrusted Zone: freerealms.comTrusted Zone: soe.comTrusted Zone: sony.comDPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cabDPF: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_17-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cabDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabTCP: DhcpNameServer = 192.168.1.254TCP: Interfaces\{18E913FB-9919-4288-8DA7-27333B19059B} : DhcpNameServer = 192.168.1.254TCP: Interfaces\{CE42A69D-E8E6-4531-BA8A-53BE196CA14F} : DhcpNameServer = 192.168.1.254Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLLHandler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dllHandler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllHandler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe32.dllHandler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg32.dllHandler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dllHandler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dllHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllSEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLLBHO-X64: Splashtop Connect VisualBookmark: {0E5680D1-BF44-4929-94AF-FD30D784AD1D} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STC.dllBHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO-X64: AcroIEHelperStub - No FileBHO-X64: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1078\TmIEPlg32.dllBHO-X64: Trend Micro NSC BHO - No FileBHO-X64: TSToolbarBHO: {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dllBHO-X64: Trend Micro Toolbar BHO - No FileBHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLLBHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dllBHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllBHO-X64: SkypeIEPluginBHO - No FileBHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLLBHO-X64: URLRedirectionBHO - No FileBHO-X64: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1102\7.1.1102\TmBpIe32.dllBHO-X64: TmBpIeBHO - No FileBHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dllTB-X64: Trend Micro Toolbar: {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dllmRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"mRun-x64: [ArcSoft Connection Service] "C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe"mRun-x64: [ArcSoft MediaImpression Monitor] "C:\Program Files (x86)\Kodak\MediaImpression\ArcMonitor.exe"mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServicesmRun-x64: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hidemRun-x64: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exemRun-x64: [sTCAgent] "C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe"mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"mRun-x64: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exemRun-x64: [ZyngaGamesAgent] "C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe"mRun-x64: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEVENT~1.EXEmRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimemRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttraySEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL.================= FIREFOX ===================.FF - ProfilePath - C:\Users\Molly K\AppData\Roaming\Mozilla\Firefox\Profiles\auikov9m.default\FF - prefs.js: browser.search.selectedEngine - YahooFF - prefs.js: browser.startup.homepage - hxxp://www.google.com/FF - prefs.js: network.proxy.type - 0FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLLFF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLLFF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dllFF - plugin: C:\Program Files (x86)\Common Files\Motive\npMotive.dllFF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dllFF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dllFF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dllFF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dllFF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dllFF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dllFF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dllFF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dllFF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dllFF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dllFF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dllFF - plugin: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dllFF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll.============= SERVICES / DRIVERS ===============.R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);C:\Windows\system32\DRIVERS\tdrpm258.sys --> C:\Windows\system32\DRIVERS\tdrpm258.sys [?]R1 AppleCharger;AppleCharger;C:\Windows\system32\DRIVERS\AppleCharger.sys --> C:\Windows\system32\DRIVERS\AppleCharger.sys [?]R1 tmevtmgr;tmevtmgr;C:\Windows\system32\DRIVERS\tmevtmgr.sys --> C:\Windows\system32\DRIVERS\tmevtmgr.sys [?]R2 afcdpsrv;Acronis Nonstop Backup service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2010-5-19 2480048]R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe [2010-5-7 197976]R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-8-8 655944]R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-3-10 2348352]R2 pcCMService;pcCMService;C:\Program Files (x86)\Common Files\Motive\pcCMService.exe [2012-7-19 361472]R2 pcCMService64;pcCMService64;C:\Program Files\Common Files\Motive\pcCMService.exe [2012-7-19 441344]R2 pcServiceHost;pcServiceHost;C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe [2012-7-19 342016]R2 SCBackService;Splashtop Connect Service;C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe [2010-11-15 477000]R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-2-9 382272]R2 WCUService_STC_FF;Splashtop Connect Firefox Software Updater Service;C:\Program Files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe [2011-3-23 493384]R2 WCUService_STC_IE;Splashtop Connect IE Software Updater Service;C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe [2011-3-22 497480]R3 afcdp;afcdp;C:\Windows\system32\DRIVERS\afcdp.sys --> C:\Windows\system32\DRIVERS\afcdp.sys [?]R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\system32\Drivers\EtronHub3.sys --> C:\Windows\system32\Drivers\EtronHub3.sys [?]R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\system32\Drivers\EtronXHCI.sys --> C:\Windows\system32\Drivers\EtronXHCI.sys [?]R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys --> C:\Windows\system32\DRIVERS\LVPr2M64.sys [?]R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]R3 MEIx64;Intel® Management Engine Interface ;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]R3 tmeevw;tmeevw;C:\Windows\system32\DRIVERS\tmeevw.sys --> C:\Windows\system32\DRIVERS\tmeevw.sys [?]R3 tmnciesc;tmnciesc;C:\Windows\system32\DRIVERS\tmnciesc.sys --> C:\Windows\system32\DRIVERS\tmnciesc.sys [?]S2 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2012-8-8 275912]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-24 136176]S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-9 250056]S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-5-15 79360]S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-24 136176]S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 113120]S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys --> C:\Windows\system32\DRIVERS\ssadbus.sys [?]S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys --> C:\Windows\system32\DRIVERS\ssadmdfl.sys [?]S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys --> C:\Windows\system32\DRIVERS\ssadmdm.sys [?]S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe --> C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [?].=============== Created Last 30 ================.2012-08-09 04:25:38 20480 ----a-w- C:\Windows\svchost.exe2012-08-09 04:10:57 -------- d-sh--w- C:\$RECYCLE.BIN2012-08-09 04:01:35 -------- d-----w- C:\ComboFix2012-08-09 02:00:11 98816 ----a-w- C:\Windows\sed.exe2012-08-09 02:00:11 518144 ----a-w- C:\Windows\SWREG.exe2012-08-09 02:00:11 256000 ----a-w- C:\Windows\PEV.exe2012-08-09 02:00:11 208896 ----a-w- C:\Windows\MBR.exe2012-08-09 01:49:25 21520 ----a-w- C:\Windows\DCEBoot64.exe2012-08-09 01:07:38 134672 ----a-w- C:\Windows\RegBootClean64.exe2012-08-08 21:39:35 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys2012-08-08 20:15:28 67344 ----a-w- C:\Windows\System32\drivers\tmeevw.sys2012-08-08 20:15:28 210704 ----a-w- C:\Windows\System32\drivers\tmnciesc.sys2012-08-08 20:15:26 105744 ----a-w- C:\Windows\System32\drivers\tmtdi.sys2012-08-08 20:15:22 91920 ----a-w- C:\Windows\System32\drivers\tmactmon.sys2012-08-08 20:15:22 70928 ----a-w- C:\Windows\System32\drivers\tmevtmgr.sys2012-08-08 20:15:22 167696 ----a-w- C:\Windows\System32\drivers\tmcomm.sys2012-08-08 20:14:29 -------- d-----w- C:\Program Files\Trend Micro2012-08-08 15:54:31 -------- d-----w- C:\Program Files (x86)\Trend Micro2012-08-08 15:41:00 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll2012-08-08 15:41:00 366592 ----a-w- C:\Windows\System32\qdvd.dll2012-08-08 14:06:47 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8599059B-106A-4D1D-8374-A62C2960CB64}\mpengine.dll2012-07-19 15:17:13 -------- d-----w- C:\Program Files\ATT-SST2012-07-19 15:17:08 -------- d-----w- C:\Program Files (x86)\ATT-SST2012-07-19 15:14:54 -------- d-----w- C:\Program Files (x86)\Common Files\Motive2012-07-19 15:14:48 -------- d-----w- C:\Program Files\Common Files\Motive2012-07-11 03:06:43 3148800 ----a-w- C:\Windows\System32\win32k.sys.==================== Find3M ====================.2012-08-08 20:14:45 56 ----a-w- C:\Windows\System32\SupportTool.exe.bat2012-08-03 13:43:07 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2012-08-03 13:43:07 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll2012-06-05 07:37:22 256904 ----a-w- C:\Windows\SysWow64\drivers\tmcomm.sys2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll2012-06-02 20:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll2012-06-02 20:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll2012-05-31 17:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe.============= FINISH: 23:38:58.69 ===============.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2011-08-26.01).Microsoft Windows 7 Home PremiumBoot Device: \Device\HarddiskVolume1Install Date: 3/22/2012 8:42:25 PMSystem Uptime: 8/8/2012 11:24:12 PM (0 hours ago).Motherboard: Gigabyte Technology Co., Ltd. | | Z68AP-D3Processor: Intel® Core™ i5-2500K CPU @ 3.30GHz | Socket 1155 | 3601/100mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 466 GiB total, 236.726 GiB free.D: is CDROM ().==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP12: 4/12/2012 12:23:12 AM - Windows UpdateRP13: 4/19/2012 8:19:36 PM - Scheduled CheckpointRP14: 4/28/2012 6:01:48 AM - Removed H&R Block Deluxe + Efile + State 2010.RP15: 4/28/2012 6:33:10 AM - Removed H&R Block Missouri 2010.RP16: 5/5/2012 8:25:05 AM - Scheduled CheckpointRP17: 5/10/2012 12:27:06 AM - Windows UpdateRP18: 5/17/2012 10:43:10 AM - Scheduled CheckpointRP19: 5/24/2012 10:50:06 AM - Scheduled CheckpointRP20: 5/31/2012 7:33:15 PM - Scheduled CheckpointRP21: 6/4/2012 11:34:13 AM - Windows UpdateRP22: 6/11/2012 6:04:16 PM - Scheduled CheckpointRP23: 6/13/2012 9:41:46 PM - Windows UpdateRP24: 6/21/2012 8:19:02 AM - Windows UpdateRP25: 6/28/2012 10:32:46 AM - Scheduled CheckpointRP26: 7/5/2012 7:25:29 PM - Scheduled CheckpointRP27: 7/10/2012 10:03:02 PM - Windows UpdateRP28: 7/18/2012 10:43:08 AM - Scheduled CheckpointRP29: 7/25/2012 11:05:32 AM - Scheduled CheckpointRP30: 8/2/2012 11:31:10 AM - Scheduled CheckpointRP31: 8/8/2012 9:06:16 AM - Windows UpdateRP32: 8/8/2012 10:41:26 AM - Windows UpdateRP34: 8/8/2012 4:02:59 PM - TITANUIMRES5[0x01001101].==== Installed Programs ======================.Acrobat.comAcronis True Image HomeAdobe AIRAdobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginAdobe Reader 9.5.1Apple Application SupportApple Software UpdateAT&T Troubleshoot & Resolve ToolBelarc Advisor 8.1BlackBerry Desktop Software 6.0.2BlackBerry Desktop Software 6.1CameraHelperMsiD3DX10Definition Update for Microsoft Office 2010 (KB982726) 32-Bit EditionEA Download ManagerEPSON ScanEpsonNet PrintEpsonNet SetupEQ2MAP Updater 1.2.4erLTEtron USB3.0 Host ControllerEverQuest IIGoogle EarthGoogle Update HelperIntel® Control CenterIntel® Management Engine ComponentsJ2SE Runtime Environment 5.0 Update 17Java Auto UpdaterJava™ 6 Update 31Junk Mail filter updateLegends of NorrathLogitech Webcam SoftwareLWS FacebookLWS GalleryLWS Help_mainLWS LauncherLWS Motion DetectionLWS Pictures And VideoLWS TwitterLWS Video Mask MakerLWS Webcam SoftwareLWS WLM PluginLWS YouTube PluginMalwarebytes Anti-Malware version 1.62.0.1300Microsoft .NET Framework 1.1Microsoft Office 2010 Service Pack 1 (SP1)Microsoft Office Access MUI (English) 2010Microsoft Office Access Setup Metadata MUI (English) 2010Microsoft Office Excel MUI (English) 2010Microsoft Office Groove MUI (English) 2010Microsoft Office InfoPath MUI (English) 2010Microsoft Office OneNote MUI (English) 2010Microsoft Office Outlook MUI (English) 2010Microsoft Office PowerPoint MUI (English) 2010Microsoft Office Professional Plus 2010Microsoft Office Proof (English) 2010Microsoft Office Proof (French) 2010Microsoft Office Proof (Spanish) 2010Microsoft Office Proofing (English) 2010Microsoft Office Publisher MUI (English) 2010Microsoft Office Shared MUI (English) 2010Microsoft Office Shared Setup Metadata MUI (English) 2010Microsoft Office Word MUI (English) 2010Microsoft SilverlightMicrosoft SQL Server 2005 Compact Edition [ENU]Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319Microsoft WSE 3.0 RuntimeMozilla Firefox 14.0.1 (x86 en-US)Mozilla Maintenance ServiceMozilla Thunderbird 14.0 (x86 en-US)MSVCRTMSVCRT_amd64NVIDIA nTuneNVIDIA PhysXNVIDIA Stereoscopic 3D DriverOmron Health Management SoftwareOpenALPando Media BoosterQuickTimeRealtek Ethernet Controller DriverRealtek High Definition Audio DriverSecurity Update for CAPICOM (KB931906)Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Extended (KB2416472)Security Update for Microsoft .NET Framework 4 Extended (KB2487367)Security Update for Microsoft .NET Framework 4 Extended (KB2656351)Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit EditionSecurity Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit EditionSecurity Update for Microsoft InfoPath 2010 (KB2553431) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2553091)Security Update for Microsoft Office 2010 (KB2553096)Security Update for Microsoft Office 2010 (KB2553371) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2553447) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2589320) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2598039) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2598243) 32-Bit EditionSecurity Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit EditionSecurity Update for Microsoft SharePoint Workspace 2010 (KB2566445)Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit EditionSegoe UISkype Click to CallSkype™ 5.5Splashtop Connect for FirefoxSplashtop Connect IEStar Wars: The Old RepublicSystem Requirements LabSystem Requirements Lab for IntelThe Sims MedievalThe Sims™ 3The Sims™ 3 AmbitionsThe Sims™ 3 GenerationsThe Sims™ 3 Late NightThe Sims™ 3 Town Life StuffThe Sims™ 3 World AdventuresTrillianUpdate for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2473228)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft .NET Framework 4 Extended (KB2468871)Update for Microsoft .NET Framework 4 Extended (KB2533523)Update for Microsoft .NET Framework 4 Extended (KB2600217)Update for Microsoft Office 2010 (KB2494150)Update for Microsoft Office 2010 (KB2553065)Update for Microsoft Office 2010 (KB2553092)Update for Microsoft Office 2010 (KB2553181) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553267) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553270) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553310) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2566458)Update for Microsoft Office 2010 (KB2596964) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2597091) 32-Bit EditionUpdate for Microsoft OneNote 2010 (KB2553290) 32-Bit EditionUpdate for Microsoft OneNote 2010 (KB2589345) 32-Bit EditionUpdate for Microsoft Outlook 2010 (KB2553248) 32-Bit EditionUpdate for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit EditionVisual C++ 2008 x86 Runtime - (v9.0.30729)Visual C++ 2008 x86 Runtime - v9.0.30729.01Windows 7 Upgrade AdvisorWindows Live Communications PlatformWindows Live EssentialsWindows Live InstallerWindows Live MailWindows Live Movie MakerWindows Live Photo CommonWindows Live Photo GalleryWindows Live PIMT PlatformWindows Live SOXEWindows Live SOXE DefinitionsWindows Live SyncWindows Live UX PlatformWindows Live UX Platform Language PackWindows Live WriterWindows Live Writer ResourcesWorld of WarcraftXnView 1.97.8Yahoo! Detect.==== Event Viewer Messages From Past Week ========.8/8/2012 9:24:32 AM, Error: Service Control Manager [7034] - The Trend Micro Solution Platform service terminated unexpectedly. It has done this 2 time(s).8/8/2012 9:18:31 AM, Error: Service Control Manager [7034] - The Trend Micro Solution Platform service terminated unexpectedly. It has done this 1 time(s).8/8/2012 9:07:29 PM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.8/8/2012 8:53:51 PM, Error: Service Control Manager [7023] - The Security Center service terminated with the following error: The system cannot find the file specified.8/8/2012 8:51:34 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.8/8/2012 8:51:29 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-21470248918/8/2012 8:47:11 AM, Error: Service Control Manager [7034] - The Trend Micro Solution Platform service terminated unexpectedly. It has done this 4 time(s).8/8/2012 8:41:45 AM, Error: Service Control Manager [7034] - The Trend Micro Solution Platform service terminated unexpectedly. It has done this 3 time(s).8/8/2012 8:32:20 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}8/8/2012 8:32:20 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}8/8/2012 8:32:10 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}8/8/2012 8:32:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}8/8/2012 8:31:55 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AppleCharger discache spldr tmactmon tmcomm tmevtmgr tmtdi Wanarpv68/8/2012 8:28:15 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.8/8/2012 8:24:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}8/8/2012 8:24:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}8/8/2012 8:23:48 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800035bf6ea, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 080812-37502-01.8/8/2012 8:23:43 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AppleCharger DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx tmactmon tmcomm tmevtmgr tmtdi Wanarpv6 WfpLwf8/8/2012 8:23:43 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.8/8/2012 8:23:43 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.8/8/2012 8:23:43 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.8/8/2012 8:23:43 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.8/8/2012 8:23:42 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.8/8/2012 8:23:42 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.8/8/2012 8:23:42 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.8/8/2012 8:23:42 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.8/8/2012 8:23:42 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.8/8/2012 8:21:07 PM, Error: Service Control Manager [7000] - The Security Center service failed to start due to the following error: The account specified for this service is different from the account specified for other services running in the same process.8/8/2012 8:20:52 PM, Error: Service Control Manager [7000] - The tmeevw service failed to start due to the following error: There are no more endpoints available from the endpoint mapper.8/8/2012 7:54:36 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.8/8/2012 11:07:24 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.8/8/2012 11:07:03 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.8/8/2012 11:04:24 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.8/8/2012 10:52:56 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800032667ef, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 080812-26738-01.8/8/2012 10:50:16 AM, Error: Service Control Manager [7001] - The tmevtmgr service depends on the tmcomm service which failed to start because of the following error: An instance of the service is already running.8/8/2012 10:49:46 AM, Error: Service Control Manager [7001] - The tmactmon service depends on the tmevtmgr service which failed to start because of the following error: The dependency service or group failed to start.8/8/2012 10:30:58 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: tmactmon tmcomm tmevtmgr8/7/2012 6:41:20 PM, Error: Service Control Manager [7034] - The Trend Micro Solution Platform service terminated unexpectedly. It has done this 11 time(s).8/7/2012 6:35:54 PM, Error: Service Control Manager [7034] - The Trend Micro Solution Platform service terminated unexpectedly. It has done this 10 time(s).8/7/2012 6:30:29 PM, Error: Service Control Manager [7034] - The Trend Micro Solution Platform service terminated unexpectedly. It has done this 9 time(s).8/7/2012 6:25:03 PM, Error: Service Control Manager [7034] - The Trend Micro Solution Platform service terminated unexpectedly. It has done this 8 time(s).8/7/2012 6:19:38 PM, Error: Service Control Manager [7034] - The Trend Micro Solution Platform service terminated unexpectedly. It has done this 7 time(s).8/7/2012 6:14:12 PM, Error: Service Control Manager [7034] - The Trend Micro Solution Platform service terminated unexpectedly. It has done this 6 time(s).8/7/2012 6:08:45 PM, Error: Service Control Manager [7034] - The Trend Micro Solution Platform service terminated unexpectedly. It has done this 5 time(s).8/6/2012 8:33:35 PM, Error: Service Control Manager [7034] - The Trend Micro Solution Platform service terminated unexpectedly. It has done this 12 time(s).8/1/2012 9:36:22 AM, Error: Service Control Manager [7034] - The Trend Micro Solution Platform service terminated unexpectedly. It has done this 13 time(s)..==== End Of File =========================== Link to post Share on other sites More sharing options...
MrCharlie Posted August 9, 2012 ID:582646 Share Posted August 9, 2012 Welcome to the forum.Please remove any usb or external drives from the computer before you run this scan!Please download and run RogueKiller to your desktop.For Windows XP, double-click to start.For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.Click Scan to scan the system. When the scan completes > Close out the program > Don't Fix anything!Don't run any other options, they're not all bad!!!!!!!Post back the report which should be located on your desktop.MrC Link to post Share on other sites More sharing options...
mollyk36 Posted August 9, 2012 Author ID:582697 Share Posted August 9, 2012 RogueKiller V7.6.5 [08/03/2012] by Tigzymail: tigzyRK<at>gmail<dot>comFeedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/Blog: http://tigzyrk.blogspot.comOperating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser: Molly K [Admin rights]Mode: Scan -- Date: 08/09/2012 07:47:24¤¤¤ Bad processes: 2 ¤¤¤[HJ NAME] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc][RESIDUE] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc]¤¤¤ Registry Entries: 4 ¤¤¤[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND[HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND¤¤¤ Particular Files / Folders: ¤¤¤[ZeroAccess][FOLDER] U : c:\windows\installer\{c0bbd9c8-dc52-6eac-0619-123afb8c61ab}\U --> FOUND[ZeroAccess][FOLDER] L : c:\windows\installer\{c0bbd9c8-dc52-6eac-0619-123afb8c61ab}\L --> FOUND¤¤¤ Driver: [NOT LOADED] ¤¤¤¤¤¤ Infection : ZeroAccess|Root.MBR ¤¤¤¤¤¤ HOSTS File: ¤¤¤127.0.0.1 localhost¤¤¤ MBR Check: ¤¤¤+++++ PhysicalDrive0: WDC WD5000AACS-00ZUB0 ATA Device +++++--- User ---[MBR] 1ccfabf4b4a924bec3fbbd6bd2de7354[bSP] a04dc3e56052820b06bf7586ce024c78 : Windows 7 MBR CodePartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476936 MoUser = LL1 ... OK!User != LL2 ... KO!--- LL2 ---[MBR] 6b32e36dd24d21acb5dcb46043b0a35a[bSP] a04dc3e56052820b06bf7586ce024c78 : Windows 7 MBR CodePartition table:1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476936 MoFinished : << RKreport[1].txt >>RKreport[1].txt Link to post Share on other sites More sharing options...
MrCharlie Posted August 9, 2012 ID:582709 Share Posted August 9, 2012 ¤¤¤ Infection : ZeroAccess|Root.MBR ¤¤¤Here you go......Your computer is infected with a nasty rootkit. Please read the following information first.You're infected with Rootkit.ZeroAccess, a BackDoor Trojan.BACKDOOR WARNING------------------------------One or more of the identified infections is known to use a backdoor.This allows hackers to remotely control your computer, steal critical system information and download and execute files.I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.Though the infection has been identified and because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?http://www.dslreports.com/faq/10451When Should I Format, How Should I Reinstallhttp://www.dslreports.com/faq/10063I will try my best to clean this machine but I can't guarantee that it will be 100% secure afterwards.Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.-----------------------------------------Please make sure system restore is running and create a new restore point before continuing!For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.How to tell > 32 or 64 bitPlug the flashdrive into the infected PC.Enter System Recovery Options.To enter System Recovery Options from the Advanced Boot Options:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.Use the arrow keys to select the Repair your computer menu item.Select US as the keyboard language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account an click Next.To enter System Recovery Options by using Windows installation disc:Insert the installation disc.Restart your computer.If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.Click Repair your computer.Select US as the keyboard language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account and click Next.On the System Recovery Options menu you will get the following options:Startup RepairSystem RestoreWindows Complete PC RestoreWindows Memory Diagnostic ToolCommand Prompt[*]Select Command Prompt[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select "Computer" and find your flash drive letter and close the notepad.[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press EnterNote: Replace letter e with the drive letter of your flash drive.[*]The tool will start to run.[*]When the tool opens click Yes to disclaimer.[*]Press Scan button.[*]FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:services.exe[*]Now press the Search button[*]When the search is complete, search.txt will also be written to your USB[*]Type exit and reboot the computer normally[*]Please copy and paste both logs in your reply.(FRST.txt and Search.txt)MrC Link to post Share on other sites More sharing options...
mollyk36 Posted August 9, 2012 Author ID:582741 Share Posted August 9, 2012 Is there any safe way to back up any photos, music or documents before reformatting with this virus?I am trusting that the little-used laptop I am using atm is clean but now I don't trust anything. Link to post Share on other sites More sharing options...
MrCharlie Posted August 9, 2012 ID:582742 Share Posted August 9, 2012 You can copy them to a usb flash drive or burn them to a cd or dvd.MrC Link to post Share on other sites More sharing options...
mollyk36 Posted August 9, 2012 Author ID:582769 Share Posted August 9, 2012 ok, what I *think* I would like to do then, if you think it's safe, is to do a clean-up, backup my stuff and then reformat.I am worried about accidently backing up the virus. Link to post Share on other sites More sharing options...
MrCharlie Posted August 9, 2012 ID:582771 Share Posted August 9, 2012 OK...then run FRST64 and post the log, MrC Link to post Share on other sites More sharing options...
mollyk36 Posted August 9, 2012 Author ID:582790 Share Posted August 9, 2012 stupid question, do I remove the usb and post from the clean computer or do I plug infected one back in? Link to post Share on other sites More sharing options...
MrCharlie Posted August 9, 2012 ID:582796 Share Posted August 9, 2012 Either one will work for me, MrC Link to post Share on other sites More sharing options...
mollyk36 Posted August 9, 2012 Author ID:582800 Share Posted August 9, 2012 Scan result of Farbar Recovery Scan Tool Version: 08-08-2012 02Ran by SYSTEM at 09-08-2012 10:18:50Running from E:\Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)The current controlset is ControlSet001========================== Registry (Whitelisted) =============HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [12632168 2011-07-21] (Realtek Semiconductor)HKLM\...\Run: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [361632 2009-11-12] (Acronis)HKLM\...\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL [x]HKLM\...\Run: [ATT-SST_McciTrayApp] "C:\Program Files\ATT-SST\pcTrayApp.exe" [2727936 2012-06-07] (Alcatel-Lucent)HKLM\...\Run: [Trend Micro Titanium] "C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" -set Silent "1" SplashURL "" [1304824 2012-07-05] (Trend Micro Inc.)HKLM\...\Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [213824 2012-02-27] (Trend Micro Inc.)HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2012-03-27] (Adobe Systems Incorporated)HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)HKLM-x32\...\Run: [ArcSoft Connection Service] "C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [207424 2010-10-27] (ArcSoft Inc.)HKLM-x32\...\Run: [ArcSoft MediaImpression Monitor] "C:\Program Files (x86)\Kodak\MediaImpression\ArcMonitor.exe" [80448 2010-12-15] (ArcSoft, Inc.)HKLM-x32\...\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)HKLM-x32\...\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide [165208 2010-05-07] (Logitech Inc.)HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [79192 2011-02-18] (Research In Motion Limited)HKLM-x32\...\Run: [sTCAgent] "C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe" [776064 2011-03-04] (Splashtop Inc.)HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)HKLM-x32\...\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5106904 2009-11-12] (Acronis)HKLM-x32\...\Run: [ZyngaGamesAgent] "C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe" [841544 2010-11-15] (Splashtop Inc.)HKLM-x32\...\Run: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEVENT~1.EXE [673616 2009-04-07] (SEIKO EPSON CORPORATION)HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation)HKU\Molly K\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [163328 2010-11-20] (Microsoft Corporation)HKU\Molly K\...\Run: [NVIDIA nTune] "C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe" clear [98304 2007-07-03] (NVIDIA)HKU\Molly K\...\Policies\system: [LogonHoursAction] 2HKU\Molly K\...\Policies\system: [DontDisplayLogonHoursWarnings] 1HKU\UpdatusUser\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [163328 2010-11-20] (Microsoft Corporation)HKU\UpdatusUser\...\Run: [EPSON NX510 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFIA.EXE /FU "C:\Windows\TEMP\E_S8028.tmp" /EF "HKCU" [223232 2008-11-20] (SEIKO EPSON CORPORATION)HKU\UpdatusUser\...\Run: [NVIDIA nTune] "C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe" clear [98304 2007-07-03] (NVIDIA)HKU\UpdatusUser\...\Run: [Epson Stylus NX510(Network)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFIA.EXE /FU "C:\Users\MOLLYK~1\AppData\Local\Temp\E_S5908.tmp" /EF "HKCU" [223232 2008-11-20] (SEIKO EPSON CORPORATION)HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1085000 2012-07-03] (Malwarebytes Corporation)Tcpip\Parameters: [DhcpNameServer] 192.168.1.254==================== Services (Whitelisted) ======2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)2 AcrSch2Svc; "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe" [894136 2009-11-12] (Acronis)2 afcdpsrv; C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2480048 2010-05-19] (Acronis)3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)2 nTuneService; C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe /StartService [179712 2007-07-03] (NVIDIA)2 pcCMService64; "C:\Program Files\Common Files\Motive\pcCMService.exe" [441344 2012-07-06] (Alcatel-Lucent)2 SCBackService; C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe [477000 2010-11-15] (Splashtop Inc.)2 WCUService_STC_FF; C:\Program Files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe [493384 2011-03-23] (Splashtop Inc.)2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad [x]3 WPFFontCache_v0400; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [x]========================== Drivers (Whitelisted) =============3 afcdp; C:\Windows\System32\Drivers\afcdp.sys [251488 2010-05-19] (Acronis)1 AppleCharger; C:\Windows\System32\Drivers\AppleCharger.sys [21104 2011-01-10] ()3 LVPr2M64; C:\Windows\System32\Drivers\LVPr2M64.sys [30304 2010-05-07] ()3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation)3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [43008 2012-06-14] (Printing Communications Assoc., Inc. (PCAUSA))3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [40960 2012-06-14] (Printing Communications Assoc., Inc. (PCAUSA))3 NVR0Dev; \??\C:\Windows\nvoclk64.sys [17952 2007-07-03] (NVidia Corp.)0 snapman; C:\Windows\System32\Drivers\snapman.sys [257120 2010-05-19] (Acronis)0 tdrpman258; C:\Windows\System32\DRIVERS\tdrpm258.sys [1477728 2010-05-19] (Acronis)1 tmactmon; C:\Windows\System32\Drivers\tmactmon.sys [91920 2012-08-08] (Trend Micro Inc.)1 tmcomm; C:\Windows\System32\Drivers\tmcomm.sys [167696 2012-08-08] (Trend Micro Inc.)1 tmcomm; C:\Windows\SysWow64\Drivers\tmcomm.sys [256904 2012-06-04] (Trend Micro Inc.)3 tmeevw; C:\Windows\System32\Drivers\tmeevw.sys [67344 2012-08-08] (Trend Micro Inc.)1 tmevtmgr; C:\Windows\System32\Drivers\tmevtmgr.sys [70928 2012-08-08] (Trend Micro Inc.)3 tmnciesc; C:\Windows\System32\Drivers\tmnciesc.sys [210704 2012-08-08] (Trend Micro Inc.)1 tmtdi; C:\Windows\System32\Drivers\tmtdi.sys [105744 2012-08-08] (Trend Micro Inc.)3 catchme; \??\C:\ComboFix\catchme.sys [x]3 gdrv; \??\C:\Windows\gdrv.sys [x]3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x]3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x]2 TMAgent; [x]========================== NetSvcs (Whitelisted) ======================= One Month Created Files and Folders ==============2012-08-09 04:47 - 2012-08-09 04:47 - 00001934 ____A C:\Users\Molly K\Desktop\RKreport[1].txt2012-08-09 04:46 - 2012-08-09 04:47 - 00000000 ____D C:\Users\Molly K\Desktop\RK_Quarantine2012-08-09 04:45 - 2012-08-09 04:45 - 01552896 ____A C:\Users\Molly K\Desktop\RogueKiller.exe2012-08-09 04:41 - 2009-07-13 17:14 - 00020480 ____N (Microsoft Corporation) C:\Windows\svchost.exe2012-08-08 20:40 - 2012-08-08 20:40 - 00026701 ____A C:\Users\Molly K\Desktop\DDS.txt2012-08-08 20:40 - 2012-08-08 20:40 - 00018589 ____A C:\Users\Molly K\Desktop\Attach.txt2012-08-08 20:35 - 2012-08-08 20:35 - 00607260 ____R (Swearware) C:\Users\Molly K\Desktop\dds.scr2012-08-08 20:08 - 2012-08-08 20:08 - 00025372 ____A C:\ComboFix.txt2012-08-08 20:01 - 2012-08-08 20:08 - 00000000 ____D C:\ComboFix2012-08-08 19:52 - 2012-08-08 19:52 - 00283832 ____A C:\Windows\Minidump\080812-26738-01.dmp2012-08-08 18:47 - 2012-08-08 18:47 - 08656400 ____A (Trend Micro Inc.) C:\Users\Molly K\Downloads\RootkitBuster_v5_1061.exe2012-08-08 18:47 - 2012-08-08 18:47 - 00000000 ____D C:\Users\Molly K\Downloads\TMRBLog2012-08-08 18:00 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe2012-08-08 18:00 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe2012-08-08 18:00 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe2012-08-08 18:00 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe2012-08-08 18:00 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe2012-08-08 18:00 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe2012-08-08 18:00 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe2012-08-08 18:00 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe2012-08-08 17:51 - 2012-08-08 17:51 - 00000000 ____A C:\Windows\DCEBOOT.LOG2012-08-08 17:49 - 2012-08-08 17:49 - 00021520 ____A C:\Windows\DCEBoot64.exe2012-08-08 17:37 - 2012-08-08 20:01 - 04727758 ____R (Swearware) C:\Users\Molly K\Desktop\ComboFix.exe2012-08-08 17:23 - 2012-08-08 19:52 - 00000000 ____D C:\Windows\Minidump2012-08-08 17:23 - 2012-08-08 17:23 - 00285112 ____A C:\Windows\Minidump\080812-37502-01.dmp2012-08-08 17:21 - 2012-08-08 20:08 - 00000000 ____D C:\Qoobox2012-08-08 17:21 - 2012-08-08 18:12 - 00000000 ____D C:\Windows\erdnt2012-08-08 17:15 - 2012-08-08 17:15 - 04727110 ____A (Swearware) C:\Users\Molly K\Downloads\ComboFix.exe2012-08-08 17:07 - 2012-08-08 17:14 - 00134672 ____A C:\Windows\RegBootClean64.exe2012-08-08 13:39 - 2012-08-08 13:39 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2012-08-08 13:39 - 2012-07-03 10:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys2012-08-08 13:38 - 2012-08-08 13:38 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Molly K\Downloads\mbam-setup-1.62.0.1300(1).exe2012-08-08 12:29 - 2012-08-08 12:29 - 00000632 _RASH C:\Users\Molly K\ntuser.pol2012-08-08 12:25 - 2012-08-08 12:25 - 15562880 ____A (Trend Micro Inc. ) C:\Users\Molly K\Downloads\Trend_Micro_SafeSync_5.1.0.1173.exe2012-08-08 12:16 - 2012-08-08 12:16 - 00001441 ____A C:\Users\Molly K\Desktop\Trend Micro Titanium Maximum Security 2012.lnk2012-08-08 12:15 - 2012-08-08 12:13 - 00210704 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmnciesc.sys2012-08-08 12:15 - 2012-08-08 12:13 - 00167696 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmcomm.sys2012-08-08 12:15 - 2012-08-08 12:13 - 00105744 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmtdi.sys2012-08-08 12:15 - 2012-08-08 12:13 - 00091920 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmactmon.sys2012-08-08 12:15 - 2012-08-08 12:13 - 00070928 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmevtmgr.sys2012-08-08 12:15 - 2012-08-08 12:13 - 00067344 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmeevw.sys2012-08-08 12:14 - 2012-08-08 12:14 - 00000000 ____D C:\Program Files\Trend Micro2012-08-08 11:31 - 2012-08-08 11:34 - 117896248 ____A (Trend Micro Inc.) C:\Users\Molly K\Desktop\TTi_5.0_HE_Full.exe2012-08-08 07:54 - 2012-08-08 12:19 - 00000000 ____D C:\Program Files (x86)\Trend Micro2012-08-08 07:48 - 2012-08-08 07:51 - 117896248 ____A (Trend Micro Inc.) C:\Users\Molly K\Downloads\TTi_5.0_HE_Full(1).exe2012-08-08 07:41 - 2012-05-04 03:00 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll2012-08-08 07:41 - 2012-05-04 01:59 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll2012-08-08 06:25 - 2012-08-08 06:25 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Molly K\Downloads\mbam-setup-1.62.0.1300.exe2012-08-08 05:58 - 2012-08-08 05:58 - 00000000 ____D C:\Windows\Sun2012-08-08 05:56 - 2012-08-08 05:56 - 02406064 ____A (Trend Micro Inc.) C:\Users\Molly K\Downloads\HousecallLauncher64(4).exe2012-07-30 14:37 - 2012-07-30 14:37 - 00000045 ____A C:\Users\Molly K\Desktop\7-30-12.txt2012-07-19 07:17 - 2012-07-19 07:17 - 00002163 ____A C:\Users\Public\Desktop\AT&T Troubleshoot & Resolve Tool.lnk2012-07-19 07:17 - 2012-07-19 07:17 - 00000000 ____D C:\Users\Molly K\AppData\Roaming\Motive2012-07-19 07:17 - 2012-07-19 07:17 - 00000000 ____D C:\Program Files\ATT-SST2012-07-19 07:17 - 2012-07-19 07:17 - 00000000 ____D C:\Program Files (x86)\ATT-SST2012-07-19 07:14 - 2012-08-02 07:55 - 00000000 ____D C:\Users\All Users\Motive2012-07-19 07:14 - 2012-07-19 07:17 - 00000000 ____D C:\Program Files\Common Files\Motive2012-07-19 07:14 - 2012-07-19 07:14 - 00385904 ____A C:\Users\Molly K\Downloads\ATT_SST.exe2012-07-16 14:41 - 2012-07-26 08:48 - 00000620 ____A C:\Users\Molly K\Desktop\7-16-12.txt2012-07-10 19:06 - 2012-06-11 19:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys2012-07-10 19:04 - 2012-06-02 04:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll2012-07-10 19:04 - 2012-06-02 04:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll2012-07-10 19:04 - 2012-06-02 04:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll2012-07-10 19:04 - 2012-06-02 04:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl2012-07-10 19:04 - 2012-06-02 04:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll2012-07-10 19:04 - 2012-06-02 04:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll2012-07-10 19:04 - 2012-06-02 04:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe2012-07-10 19:04 - 2012-06-02 04:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll2012-07-10 19:04 - 2012-06-02 03:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll2012-07-10 19:04 - 2012-06-02 03:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb2012-07-10 19:04 - 2012-06-02 03:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll2012-07-10 19:04 - 2012-06-02 03:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll2012-07-10 19:04 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2012-07-10 19:04 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2012-07-10 19:04 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2012-07-10 19:04 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2012-07-10 19:04 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll2012-07-10 19:04 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2012-07-10 19:04 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2012-07-10 19:04 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2012-07-10 19:04 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll2012-07-10 19:04 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2012-07-10 19:04 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2012-07-10 19:04 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2012-07-10 19:03 - 2012-06-02 04:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll2012-07-10 19:03 - 2012-06-02 04:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll2012-07-10 19:03 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2012-07-10 19:03 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2012-07-10 16:25 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll2012-07-10 16:25 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll2012-07-10 16:25 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll2012-07-10 16:25 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll2012-07-10 16:25 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll2012-07-10 16:25 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll2012-07-10 16:25 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll2012-07-10 16:25 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll2012-07-10 16:25 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys2012-07-10 16:25 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys2012-07-10 16:25 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys2012-07-10 16:25 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll2012-07-10 16:25 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll2012-07-10 16:25 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll2012-07-10 16:25 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll2012-07-10 16:25 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll2012-07-10 16:25 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll2012-07-10 16:25 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll2012-07-10 16:25 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll============ 3 Months Modified Files ========================2012-08-09 07:11 - 2012-03-22 16:46 - 01066245 ____A C:\Windows\WindowsUpdate.log2012-08-09 06:44 - 2010-11-24 19:58 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2012-08-09 06:43 - 2012-04-09 04:29 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job2012-08-09 05:44 - 2010-11-24 19:58 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2012-08-09 05:03 - 2009-07-13 20:51 - 06902999 ____A C:\Windows\setupact.log2012-08-09 04:49 - 2012-03-23 04:54 - 00011104 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02012-08-09 04:49 - 2012-03-23 04:54 - 00011104 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02012-08-09 04:47 - 2012-08-09 04:47 - 00001934 ____A C:\Users\Molly K\Desktop\RKreport[1].txt2012-08-09 04:45 - 2012-08-09 04:45 - 01552896 ____A C:\Users\Molly K\Desktop\RogueKiller.exe2012-08-09 04:40 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT2012-08-08 20:40 - 2012-08-08 20:40 - 00026701 ____A C:\Users\Molly K\Desktop\DDS.txt2012-08-08 20:40 - 2012-08-08 20:40 - 00018589 ____A C:\Users\Molly K\Desktop\Attach.txt2012-08-08 20:35 - 2012-08-08 20:35 - 00607260 ____R (Swearware) C:\Users\Molly K\Desktop\dds.scr2012-08-08 20:10 - 2010-11-20 19:47 - 00026894 ____A C:\Windows\PFRO.log2012-08-08 20:08 - 2012-08-08 20:08 - 00025372 ____A C:\ComboFix.txt2012-08-08 20:07 - 2009-07-13 18:34 - 00000215 ____N C:\Windows\system.ini2012-08-08 20:01 - 2012-08-08 17:37 - 04727758 ____R (Swearware) C:\Users\Molly K\Desktop\ComboFix.exe2012-08-08 19:52 - 2012-08-08 19:52 - 00283832 ____A C:\Windows\Minidump\080812-26738-01.dmp2012-08-08 19:52 - 2010-05-15 11:58 - 612182324 ____A C:\Windows\MEMORY.DMP2012-08-08 18:47 - 2012-08-08 18:47 - 08656400 ____A (Trend Micro Inc.) C:\Users\Molly K\Downloads\RootkitBuster_v5_1061.exe2012-08-08 18:07 - 2012-03-22 17:42 - 00000258 _RASH C:\Users\All Users\ntuser.pol2012-08-08 17:51 - 2012-08-08 17:51 - 00000000 ____A C:\Windows\DCEBOOT.LOG2012-08-08 17:49 - 2012-08-08 17:49 - 00021520 ____A C:\Windows\DCEBoot64.exe2012-08-08 17:23 - 2012-08-08 17:23 - 00285112 ____A C:\Windows\Minidump\080812-37502-01.dmp2012-08-08 17:15 - 2012-08-08 17:15 - 04727110 ____A (Swearware) C:\Users\Molly K\Downloads\ComboFix.exe2012-08-08 17:14 - 2012-08-08 17:07 - 00134672 ____A C:\Windows\RegBootClean64.exe2012-08-08 17:02 - 2012-04-04 05:38 - 01058403 ____A C:\Users\Molly K\AppData\Local\census.cache2012-08-08 17:01 - 2012-04-04 05:38 - 00119565 ____A C:\Users\Molly K\AppData\Local\ars.cache2012-08-08 16:58 - 2012-04-04 05:33 - 00000036 ____A C:\Users\Molly K\AppData\Local\housecall.guid.cache2012-08-08 13:39 - 2012-08-08 13:39 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2012-08-08 13:38 - 2012-08-08 13:38 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Molly K\Downloads\mbam-setup-1.62.0.1300(1).exe2012-08-08 12:29 - 2012-08-08 12:29 - 00000632 _RASH C:\Users\Molly K\ntuser.pol2012-08-08 12:25 - 2012-08-08 12:25 - 15562880 ____A (Trend Micro Inc. ) C:\Users\Molly K\Downloads\Trend_Micro_SafeSync_5.1.0.1173.exe2012-08-08 12:16 - 2012-08-08 12:16 - 00001441 ____A C:\Users\Molly K\Desktop\Trend Micro Titanium Maximum Security 2012.lnk2012-08-08 12:15 - 2009-07-13 21:13 - 00808656 ____A C:\Windows\System32\PerfStringBackup.INI2012-08-08 12:14 - 2012-02-29 07:06 - 00000056 ____A C:\Windows\System32\SupportTool.exe.bat2012-08-08 12:13 - 2012-08-08 12:15 - 00210704 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmnciesc.sys2012-08-08 12:13 - 2012-08-08 12:15 - 00167696 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmcomm.sys2012-08-08 12:13 - 2012-08-08 12:15 - 00105744 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmtdi.sys2012-08-08 12:13 - 2012-08-08 12:15 - 00091920 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmactmon.sys2012-08-08 12:13 - 2012-08-08 12:15 - 00070928 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmevtmgr.sys2012-08-08 12:13 - 2012-08-08 12:15 - 00067344 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmeevw.sys2012-08-08 11:34 - 2012-08-08 11:31 - 117896248 ____A (Trend Micro Inc.) C:\Users\Molly K\Desktop\TTi_5.0_HE_Full.exe2012-08-08 07:51 - 2012-08-08 07:48 - 117896248 ____A (Trend Micro Inc.) C:\Users\Molly K\Downloads\TTi_5.0_HE_Full(1).exe2012-08-08 06:25 - 2012-08-08 06:25 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Molly K\Downloads\mbam-setup-1.62.0.1300.exe2012-08-08 05:56 - 2012-08-08 05:56 - 02406064 ____A (Trend Micro Inc.) C:\Users\Molly K\Downloads\HousecallLauncher64(4).exe2012-08-03 05:43 - 2012-04-09 04:29 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2012-08-03 05:43 - 2011-06-21 16:17 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2012-07-30 14:37 - 2012-07-30 14:37 - 00000045 ____A C:\Users\Molly K\Desktop\7-30-12.txt2012-07-26 08:48 - 2012-07-16 14:41 - 00000620 ____A C:\Users\Molly K\Desktop\7-16-12.txt2012-07-19 07:17 - 2012-07-19 07:17 - 00002163 ____A C:\Users\Public\Desktop\AT&T Troubleshoot & Resolve Tool.lnk2012-07-19 07:14 - 2012-07-19 07:14 - 00385904 ____A C:\Users\Molly K\Downloads\ATT_SST.exe2012-07-16 06:02 - 2012-07-05 08:32 - 00000299 ____A C:\Users\Molly K\Desktop\7-6-12.txt2012-07-11 05:02 - 2009-07-13 20:45 - 00412880 ____A C:\Windows\System32\FNTCACHE.DAT2012-07-10 19:04 - 2012-03-22 18:07 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe2012-07-03 10:46 - 2012-08-08 13:39 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys2012-07-02 16:20 - 2012-06-08 21:18 - 00000332 ____A C:\Users\Molly K\Desktop\6-8-12 billage.txt2012-06-13 16:15 - 2012-06-13 16:15 - 02002320 ____A (Trend Micro Inc.) C:\Users\Molly K\Downloads\HousecallLauncher(3).exe2012-06-13 06:57 - 2012-06-13 06:57 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk2012-06-11 19:08 - 2012-07-10 19:06 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys2012-06-08 21:43 - 2012-07-10 16:25 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll2012-06-08 20:41 - 2012-07-10 16:25 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll2012-06-07 08:43 - 2012-06-07 08:43 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf2012-06-05 22:06 - 2012-07-10 16:25 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll2012-06-05 22:06 - 2012-07-10 16:25 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll2012-06-05 22:02 - 2012-07-10 16:25 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll2012-06-05 21:05 - 2012-07-10 16:25 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll2012-06-05 21:05 - 2012-07-10 16:25 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll2012-06-05 21:03 - 2012-07-10 16:25 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll2012-06-04 23:37 - 2012-04-04 05:33 - 00256904 ____A (Trend Micro Inc.) C:\Windows\SysWOW64\Drivers\tmcomm.sys2012-06-04 09:30 - 2012-06-04 09:30 - 02405568 ____A (Trend Micro Inc.) C:\Users\Molly K\Downloads\HousecallLauncher64(3).exe2012-06-02 14:19 - 2012-06-21 05:20 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll2012-06-02 14:19 - 2012-06-21 05:20 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe2012-06-02 14:19 - 2012-06-21 05:20 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll2012-06-02 14:19 - 2012-06-21 05:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll2012-06-02 14:19 - 2012-06-21 05:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll2012-06-02 14:15 - 2012-06-21 05:20 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll2012-06-02 14:15 - 2012-06-21 05:19 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll2012-06-02 12:19 - 2012-06-21 05:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll2012-06-02 12:15 - 2012-06-21 05:19 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe2012-06-02 04:49 - 2012-07-10 19:03 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll2012-06-02 04:17 - 2012-07-10 19:03 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll2012-06-02 04:12 - 2012-07-10 19:04 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll2012-06-02 04:05 - 2012-07-10 19:04 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll2012-06-02 04:05 - 2012-07-10 19:04 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll2012-06-02 04:04 - 2012-07-10 19:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl2012-06-02 04:04 - 2012-07-10 19:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll2012-06-02 04:03 - 2012-07-10 19:04 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll2012-06-02 04:01 - 2012-07-10 19:04 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe2012-06-02 04:00 - 2012-07-10 19:04 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll2012-06-02 03:59 - 2012-07-10 19:04 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll2012-06-02 03:57 - 2012-07-10 19:04 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb2012-06-02 03:57 - 2012-07-10 19:04 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll2012-06-02 03:54 - 2012-07-10 19:04 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll2012-06-02 01:07 - 2012-07-10 19:03 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2012-06-02 00:43 - 2012-07-10 19:03 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2012-06-02 00:33 - 2012-07-10 19:04 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2012-06-02 00:26 - 2012-07-10 19:04 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2012-06-02 00:25 - 2012-07-10 19:04 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2012-06-02 00:25 - 2012-07-10 19:04 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2012-06-02 00:23 - 2012-07-10 19:04 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll2012-06-02 00:21 - 2012-07-10 19:04 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2012-06-02 00:20 - 2012-07-10 19:04 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2012-06-02 00:19 - 2012-07-10 19:04 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2012-06-02 00:19 - 2012-07-10 19:04 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll2012-06-02 00:17 - 2012-07-10 19:04 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2012-06-02 00:16 - 2012-07-10 19:04 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2012-06-02 00:14 - 2012-07-10 19:04 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2012-06-01 21:50 - 2012-07-10 16:25 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys2012-06-01 21:48 - 2012-07-10 16:25 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys2012-06-01 21:48 - 2012-07-10 16:25 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys2012-06-01 21:45 - 2012-07-10 16:25 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll2012-06-01 21:44 - 2012-07-10 16:25 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll2012-06-01 20:40 - 2012-07-10 16:25 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll2012-06-01 20:40 - 2012-07-10 16:25 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll2012-06-01 20:39 - 2012-07-10 16:25 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll2012-06-01 20:34 - 2012-07-10 16:25 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll2012-05-31 09:25 - 2010-11-20 19:27 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe2012-05-31 08:50 - 2009-07-13 21:08 - 00032590 ____A C:\Windows\Tasks\SCHEDLGU.TXT2012-05-31 06:01 - 2010-12-20 06:44 - 00000304 ____A C:\Users\Molly K\Desktop\address.txt2012-05-27 17:02 - 2012-02-26 01:19 - 00000633 ____A C:\Users\Molly K\Desktop\Ellen Ahearn Rigney.txt2012-05-14 02:41 - 2012-05-14 02:41 - 02405568 ____A (Trend Micro Inc.) C:\Users\Molly K\Downloads\HousecallLauncher64(2).exeZeroAccess:C:\Windows\Installer\{c0bbd9c8-dc52-6eac-0619-123afb8c61ab}C:\Windows\Installer\{c0bbd9c8-dc52-6eac-0619-123afb8c61ab}\LC:\Windows\Installer\{c0bbd9c8-dc52-6eac-0619-123afb8c61ab}\UType 00 partition infection:C:\Windows\svchost.exe========================= Known DLLs (Whitelisted) ===================================== Bamital & volsnap Check ============C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit==================== EXE ASSOCIATION =====================HKLM\...\.exe: exefile => OKHKLM\...\exefile\DefaultIcon: %1 => OKHKLM\...\exefile\open\command: "%1" %* => OK========================= Memory info ======================Percentage of memory in use: 9%Total physical RAM: 8175.12 MBAvailable physical RAM: 7401.65 MBTotal Pagefile: 8173.32 MBAvailable Pagefile: 7400.3 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.9 MB======================= Partitions =========================1 Drive c: () (Fixed) (Total:465.76 GB) (Free:246.65 GB) NTFS ==>[Drive with boot components (obtained from BCD)]3 Drive e: (NEW VOLUME) (Removable) (Total:29.67 GB) (Free:29.67 GB) FAT324 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 465 GB 0 B Disk 1 Online 29 GB 0 B Partitions of Disk 0:=============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 465 GB 1024 KB==================================================================================Disk: 0Partition 1Type : 07Hidden: NoActive: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- --------* Volume 1 C NTFS Partition 465 GB Healthy ==================================================================================Partitions of Disk 1:=============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 29 GB 16 KB==================================================================================Disk: 1Partition 1Type : 0CHidden: NoActive: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- --------* Volume 2 E NEW VOLUME FAT32 Removable 29 GB Healthy ============================================================================================================================================Last Boot: 2012-08-07 05:31======================= End Of Log ========================== Link to post Share on other sites More sharing options...
mollyk36 Posted August 9, 2012 Author ID:582801 Share Posted August 9, 2012 Farbar Recovery Scan Tool Version: 08-08-2012 02Ran by SYSTEM at 2012-08-09 10:20:56Running from E:\================== Search: "services.exe" ===================C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCBC:\Windows\System32\Services.exe[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCBC:\Windows\erdnt\cache64\Services.exe[2012-08-08 18:12] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB====== End Of Search ====== Link to post Share on other sites More sharing options...
MrCharlie Posted August 9, 2012 ID:582803 Share Posted August 9, 2012 OK, here you go......Please carefully carry out this procedure!!!!!!Please download the attached fixlist.txt and copy it to your flashdrive.NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating systemOn Vista or Windows 7: Now please enter System Recovery Options. (as you did before)Run FRST64 or FRST (which ever one you're using) and press the Fix button just once and wait.The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.MrCMBR also!! Link to post Share on other sites More sharing options...
mollyk36 Posted August 9, 2012 Author ID:582807 Share Posted August 9, 2012 Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 08-08-2012 02Ran by SYSTEM at 2012-08-09 11:13:39 Run:1Running from E:\==============================================C:\Windows\Installer\{c0bbd9c8-dc52-6eac-0619-123afb8c61ab} moved successfully.C:\Windows\Installer\{c0bbd9c8-dc52-6eac-0619-123afb8c61ab}\L not found.C:\Windows\Installer\{c0bbd9c8-dc52-6eac-0619-123afb8c61ab}\U not found.==== End of Fixlog ==== Link to post Share on other sites More sharing options...
MrCharlie Posted August 9, 2012 ID:582810 Share Posted August 9, 2012 Well Done....a couple of more scans to run >>>>Please make sure system restore is running and create a new restore point before continuing.XP <===> Vista & W7XP users > please back up the registry using ERUNT.-----------------------------------------Please download and run TDSSKiller to your desktop as outlined below:Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.For Windows XP, double-click to start.For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.-------------------------Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.------------------------Click the Start Scan button.-----------------------If a suspicious object is detected, the default action will be Skip, click on ContinueIf you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please chooseSkip and click on Continue----------------------If malicious objects are found, they will show in the Scan results and offer three (3) options.Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.--------------------A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.-------------------Here's a summary of what to do if you would like to print it out:If a suspicious object is detected, the default action will be Skip, click on ContinueIf you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please chooseSkip and click on ContinueIf malicious objects are found, they will show in the Scan results and offer three (3) options.Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.MrC Link to post Share on other sites More sharing options...
mollyk36 Posted August 9, 2012 Author ID:582820 Share Posted August 9, 2012 11:34:29.0715 1688 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:3211:34:29.0731 1688 ============================================================11:34:29.0731 1688 Current date / time: 2012/08/09 11:34:29.073111:34:29.0731 1688 SystemInfo:11:34:29.0731 1688 11:34:29.0731 1688 OS Version: 6.1.7601 ServicePack: 1.011:34:29.0731 1688 Product type: Workstation11:34:29.0731 1688 ComputerName: MOLLYK-PC11:34:29.0731 1688 UserName: Molly K11:34:29.0731 1688 Windows directory: C:\Windows11:34:29.0731 1688 System windows directory: C:\Windows11:34:29.0731 1688 Running under WOW6411:34:29.0731 1688 Processor architecture: Intel x6411:34:29.0731 1688 Number of processors: 411:34:29.0731 1688 Page size: 0x100011:34:29.0731 1688 Boot type: Normal boot11:34:29.0731 1688 ============================================================11:34:31.0322 1688 Drive \Device\Harddisk0\DR0 - Size: 0x7470AFDE00 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x0000004011:34:31.0322 1688 ============================================================11:34:31.0322 1688 \Device\Harddisk0\DR0:11:34:31.0322 1688 MBR partitions:11:34:31.0322 1688 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A38400011:34:31.0322 1688 ============================================================11:34:31.0416 1688 C: <-> \Device\Harddisk0\DR0\Partition011:34:31.0416 1688 ============================================================11:34:31.0416 1688 Initialize success11:34:31.0416 1688 ============================================================11:35:40.0415 5896 ============================================================11:35:40.0415 5896 Scan started11:35:40.0415 5896 Mode: Manual; SigCheck; TDLFS;11:35:40.0415 5896 ============================================================11:35:42.0053 5896 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys11:35:42.0193 5896 1394ohci - ok11:35:42.0302 5896 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe11:35:42.0333 5896 ACDaemon - ok11:35:42.0365 5896 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys11:35:42.0396 5896 ACPI - ok11:35:42.0411 5896 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys11:35:42.0474 5896 AcpiPmi - ok11:35:43.0238 5896 AcrSch2Svc (00bfc7a51046cbd77e2a71f237ed2838) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe11:35:43.0269 5896 AcrSch2Svc - ok11:35:43.0379 5896 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe11:35:43.0410 5896 AdobeFlashPlayerUpdateSvc - ok11:35:43.0893 5896 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys11:35:43.0940 5896 adp94xx - ok11:35:44.0003 5896 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys11:35:44.0034 5896 adpahci - ok11:35:44.0065 5896 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys11:35:44.0096 5896 adpu320 - ok11:35:44.0127 5896 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll11:35:44.0315 5896 AeLookupSvc - ok11:35:44.0346 5896 afcdp (3f5fdc12ffa4794fc3a178a26d48e7cf) C:\Windows\system32\DRIVERS\afcdp.sys11:35:44.0361 5896 afcdp - ok11:35:45.0843 5896 afcdpsrv (b8c03e224e49e0f9726cddef872237eb) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe11:35:45.0890 5896 afcdpsrv - ok11:35:46.0452 5896 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys11:35:46.0577 5896 AFD - ok11:35:46.0701 5896 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys11:35:46.0733 5896 agp440 - ok11:35:46.0779 5896 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe11:35:46.0857 5896 ALG - ok11:35:46.0889 5896 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys11:35:46.0904 5896 aliide - ok11:35:46.0920 5896 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys11:35:46.0935 5896 amdide - ok11:35:46.0951 5896 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys11:35:46.0998 5896 AmdK8 - ok11:35:47.0013 5896 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys11:35:47.0060 5896 AmdPPM - ok11:35:47.0107 5896 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys11:35:47.0138 5896 amdsata - ok11:35:47.0185 5896 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys11:35:47.0232 5896 amdsbs - ok11:35:47.0263 5896 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys11:35:47.0294 5896 amdxata - ok11:35:47.0419 5896 Amsp (1b7d1f0a0dfadbc797c16364792a7aa5) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe11:35:47.0435 5896 Amsp - ok11:35:47.0481 5896 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys11:35:47.0575 5896 AppID - ok11:35:47.0591 5896 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll11:35:47.0622 5896 AppIDSvc - ok11:35:47.0653 5896 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll11:35:47.0715 5896 Appinfo - ok11:35:47.0887 5896 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe11:35:47.0903 5896 Apple Mobile Device - ok11:35:47.0934 5896 AppleCharger (6be11ad81d4527d299f0cb5f3731aabc) C:\Windows\system32\DRIVERS\AppleCharger.sys11:35:47.0949 5896 AppleCharger - ok11:35:48.0027 5896 AppleChargerSrv (95ef7247c50c7241fdae39a9b3aff4ae) C:\Windows\system32\AppleChargerSrv.exe11:35:48.0059 5896 AppleChargerSrv - ok11:35:48.0074 5896 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys11:35:48.0105 5896 arc - ok11:35:48.0121 5896 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys11:35:48.0137 5896 arcsas - ok11:35:48.0246 5896 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe11:35:48.0261 5896 aspnet_state - ok11:35:48.0308 5896 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys11:35:48.0371 5896 AsyncMac - ok11:35:48.0402 5896 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys11:35:48.0417 5896 atapi - ok11:35:48.0511 5896 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll11:35:48.0573 5896 AudioEndpointBuilder - ok11:35:48.0573 5896 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll11:35:48.0605 5896 AudioSrv - ok11:35:48.0636 5896 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll11:35:48.0714 5896 AxInstSV - ok11:35:48.0776 5896 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys11:35:48.0854 5896 b06bdrv - ok11:35:48.0901 5896 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys11:35:48.0948 5896 b57nd60a - ok11:35:48.0995 5896 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll11:35:49.0057 5896 BDESVC - ok11:35:49.0073 5896 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys11:35:49.0151 5896 Beep - ok11:35:49.0244 5896 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll11:35:49.0322 5896 BFE - ok11:35:49.0369 5896 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys11:35:49.0416 5896 blbdrive - ok11:35:49.0494 5896 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe11:35:49.0525 5896 Bonjour Service - ok11:35:49.0587 5896 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys11:35:49.0665 5896 bowser - ok11:35:49.0681 5896 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys11:35:49.0728 5896 BrFiltLo - ok11:35:49.0743 5896 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys11:35:49.0775 5896 BrFiltUp - ok11:35:49.0790 5896 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys11:35:49.0821 5896 BridgeMP - ok11:35:49.0868 5896 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll11:35:49.0946 5896 Browser - ok11:35:49.0977 5896 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys11:35:50.0024 5896 Brserid - ok11:35:50.0055 5896 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys11:35:50.0118 5896 BrSerWdm - ok11:35:50.0133 5896 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys11:35:50.0165 5896 BrUsbMdm - ok11:35:50.0180 5896 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys11:35:50.0227 5896 BrUsbSer - ok11:35:50.0258 5896 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys11:35:50.0289 5896 BTHMODEM - ok11:35:50.0321 5896 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll11:35:50.0383 5896 bthserv - ok11:35:50.0414 5896 catchme - ok11:35:50.0445 5896 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys11:35:50.0523 5896 cdfs - ok11:35:50.0555 5896 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys11:35:50.0617 5896 cdrom - ok11:35:50.0648 5896 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll11:35:50.0695 5896 CertPropSvc - ok11:35:50.0711 5896 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys11:35:50.0742 5896 circlass - ok11:35:50.0789 5896 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys11:35:50.0835 5896 CLFS - ok11:35:50.0929 5896 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe11:35:50.0945 5896 clr_optimization_v2.0.50727_32 - ok11:35:51.0116 5896 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe11:35:51.0132 5896 clr_optimization_v2.0.50727_64 - ok11:35:51.0303 5896 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe11:35:51.0319 5896 clr_optimization_v4.0.30319_32 - ok11:35:51.0381 5896 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe11:35:51.0397 5896 clr_optimization_v4.0.30319_64 - ok11:35:51.0491 5896 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys11:35:51.0522 5896 CmBatt - ok11:35:51.0553 5896 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys11:35:51.0569 5896 cmdide - ok11:35:51.0615 5896 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys11:35:51.0662 5896 CNG - ok11:35:51.0709 5896 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys11:35:51.0725 5896 Compbatt - ok11:35:51.0756 5896 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys11:35:51.0803 5896 CompositeBus - ok11:35:51.0818 5896 COMSysApp - ok11:35:51.0849 5896 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys11:35:51.0881 5896 crcdisk - ok11:35:51.0943 5896 Creative ALchemy AL6 Licensing Service (c8bd651e13895b93ed9ec5b4f1df42bc) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe11:35:51.0990 5896 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - warning11:35:51.0990 5896 Creative ALchemy AL6 Licensing Service - detected UnsignedFile.Multi.Generic (1)11:35:52.0037 5896 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll11:35:52.0115 5896 CryptSvc - ok11:35:52.0161 5896 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll11:35:52.0224 5896 DcomLaunch - ok11:35:52.0442 5896 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll11:35:52.0551 5896 defragsvc - ok11:35:52.0598 5896 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys11:35:52.0661 5896 DfsC - ok11:35:52.0707 5896 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll11:35:52.0801 5896 Dhcp - ok11:35:52.0817 5896 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys11:35:52.0895 5896 discache - ok11:35:52.0957 5896 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys11:35:52.0973 5896 Disk - ok11:35:53.0004 5896 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll11:35:53.0051 5896 Dnscache - ok11:35:53.0097 5896 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll11:35:53.0207 5896 dot3svc - ok11:35:53.0222 5896 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll11:35:53.0285 5896 DPS - ok11:35:53.0363 5896 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys11:35:53.0409 5896 drmkaud - ok11:35:53.0472 5896 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys11:35:53.0519 5896 DXGKrnl - ok11:35:53.0612 5896 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll11:35:53.0706 5896 EapHost - ok11:35:54.0751 5896 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys11:35:55.0047 5896 ebdrv - ok11:35:55.0562 5896 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe11:35:55.0593 5896 EFS - ok11:35:55.0718 5896 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe11:35:55.0765 5896 ehRecvr - ok11:35:55.0796 5896 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe11:35:55.0812 5896 ehSched - ok11:35:56.0093 5896 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys11:35:56.0139 5896 elxstor - ok11:35:56.0295 5896 EpsonBidirectionalService (abdd5ad016affd34ad40e944ce94bf59) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe11:35:56.0311 5896 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - warning11:35:56.0311 5896 EpsonBidirectionalService - detected UnsignedFile.Multi.Generic (1)11:35:56.0498 5896 EPSON_EB_RPCV4_01 (b5581646636759d0dafa8b008881c079) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE11:35:56.0529 5896 EPSON_EB_RPCV4_01 - ok11:35:56.0561 5896 EPSON_PM_RPCV4_01 (1e345f2a2d95da3190596e691cde9342) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE11:35:56.0592 5896 EPSON_PM_RPCV4_01 - ok11:35:56.0654 5896 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys11:35:56.0748 5896 ErrDev - ok11:35:56.0826 5896 EtronHub3 (db6aec32faf5bd002d9ed6c38692d42b) C:\Windows\system32\Drivers\EtronHub3.sys11:35:56.0888 5896 EtronHub3 - ok11:35:56.0919 5896 EtronXHCI (9cc2f24274741e12f9df92125ea6d6d8) C:\Windows\system32\Drivers\EtronXHCI.sys11:35:56.0951 5896 EtronXHCI - ok11:35:56.0997 5896 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll11:35:57.0044 5896 EventSystem - ok11:35:57.0107 5896 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys11:35:57.0185 5896 exfat - ok11:35:57.0216 5896 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys11:35:57.0294 5896 fastfat - ok11:35:57.0387 5896 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe11:35:57.0450 5896 Fax - ok11:35:57.0465 5896 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys11:35:57.0512 5896 fdc - ok11:35:57.0528 5896 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll11:35:57.0559 5896 fdPHost - ok11:35:57.0621 5896 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll11:35:57.0668 5896 FDResPub - ok11:35:57.0715 5896 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys11:35:57.0746 5896 FileInfo - ok11:35:57.0793 5896 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys11:35:57.0887 5896 Filetrace - ok11:35:57.0918 5896 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys11:35:57.0933 5896 flpydisk - ok11:35:57.0949 5896 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys11:35:57.0980 5896 FltMgr - ok11:35:58.0573 5896 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll11:35:58.0698 5896 FontCache - ok11:35:58.0869 5896 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe11:35:58.0885 5896 FontCache3.0.0.0 - ok11:35:59.0010 5896 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys11:35:59.0041 5896 FsDepends - ok11:35:59.0119 5896 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys11:35:59.0150 5896 Fs_Rec - ok11:35:59.0197 5896 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys11:35:59.0244 5896 fvevol - ok11:35:59.0306 5896 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys11:35:59.0322 5896 gagp30kx - ok11:35:59.0353 5896 gdrv - ok11:35:59.0384 5896 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys11:35:59.0400 5896 GEARAspiWDM - ok11:35:59.0478 5896 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll11:35:59.0525 5896 gpsvc - ok11:35:59.0727 5896 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe11:35:59.0743 5896 gupdate - ok11:35:59.0743 5896 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe11:35:59.0759 5896 gupdatem - ok11:35:59.0805 5896 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys11:35:59.0883 5896 hcw85cir - ok11:35:59.0961 5896 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys11:35:59.0993 5896 HDAudBus - ok11:36:00.0024 5896 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys11:36:00.0071 5896 HidBatt - ok11:36:00.0102 5896 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys11:36:00.0133 5896 HidBth - ok11:36:00.0164 5896 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys11:36:00.0211 5896 HidIr - ok11:36:00.0258 5896 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll11:36:00.0336 5896 hidserv - ok11:36:00.0383 5896 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys11:36:00.0414 5896 HidUsb - ok11:36:00.0523 5896 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll11:36:00.0648 5896 hkmsvc - ok11:36:00.0773 5896 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll11:36:00.0851 5896 HomeGroupListener - ok11:36:00.0897 5896 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll11:36:00.0944 5896 HomeGroupProvider - ok11:36:00.0960 5896 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys11:36:00.0991 5896 HpSAMD - ok11:36:01.0038 5896 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys11:36:01.0116 5896 HTTP - ok11:36:01.0147 5896 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys11:36:01.0163 5896 hwpolicy - ok11:36:01.0178 5896 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys11:36:01.0225 5896 i8042prt - ok11:36:01.0272 5896 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys11:36:01.0319 5896 iaStorV - ok11:36:01.0599 5896 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe11:36:01.0631 5896 idsvc - ok11:36:01.0662 5896 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys11:36:01.0677 5896 iirsp - ok11:36:01.0833 5896 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll11:36:01.0911 5896 IKEEXT - ok11:36:02.0598 5896 IntcAzAudAddService (98f4e841ea43ed5a442f0dc60cab4326) C:\Windows\system32\drivers\RTKVHD64.sys11:36:02.0660 5896 IntcAzAudAddService - ok11:36:03.0300 5896 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys11:36:03.0331 5896 intelide - ok11:36:03.0440 5896 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys11:36:03.0518 5896 intelppm - ok11:36:03.0581 5896 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll11:36:03.0674 5896 IPBusEnum - ok11:36:03.0705 5896 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys11:36:03.0752 5896 IpFilterDriver - ok11:36:03.0783 5896 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll11:36:03.0846 5896 iphlpsvc - ok11:36:03.0877 5896 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys11:36:03.0908 5896 IPMIDRV - ok11:36:03.0955 5896 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys11:36:04.0033 5896 IPNAT - ok11:36:04.0158 5896 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe11:36:04.0173 5896 iPod Service - ok11:36:04.0236 5896 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys11:36:04.0267 5896 IRENUM - ok11:36:04.0283 5896 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys11:36:04.0298 5896 isapnp - ok11:36:04.0361 5896 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys11:36:04.0439 5896 iScsiPrt - ok11:36:04.0470 5896 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys11:36:04.0485 5896 kbdclass - ok11:36:04.0517 5896 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys11:36:04.0532 5896 kbdhid - ok11:36:04.0579 5896 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe11:36:04.0579 5896 KeyIso - ok11:36:04.0595 5896 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys11:36:04.0610 5896 KSecDD - ok11:36:04.0844 5896 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys11:36:04.0875 5896 KSecPkg - ok11:36:04.0891 5896 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys11:36:04.0953 5896 ksthunk - ok11:36:05.0016 5896 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll11:36:05.0125 5896 KtmRm - ok11:36:05.0156 5896 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll11:36:05.0203 5896 LanmanServer - ok11:36:05.0234 5896 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll11:36:05.0343 5896 LanmanWorkstation - ok11:36:05.0375 5896 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys11:36:05.0453 5896 lltdio - ok11:36:05.0484 5896 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll11:36:05.0546 5896 lltdsvc - ok11:36:05.0546 5896 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll11:36:05.0577 5896 lmhosts - ok11:36:05.0624 5896 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys11:36:05.0640 5896 LSI_FC - ok11:36:05.0671 5896 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys11:36:05.0687 5896 LSI_SAS - ok11:36:05.0702 5896 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys11:36:05.0718 5896 LSI_SAS2 - ok11:36:05.0733 5896 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys11:36:05.0749 5896 LSI_SCSI - ok11:36:05.0765 5896 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys11:36:05.0811 5896 luafv - ok11:36:05.0874 5896 LVPr2M64 (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys11:36:05.0889 5896 LVPr2M64 - ok11:36:05.0889 5896 LVPr2Mon (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys11:36:05.0905 5896 LVPr2Mon - ok11:36:06.0123 5896 LVPrcS64 (9cd0dc863be5d40a762f7d84f11a8471) C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe11:36:06.0139 5896 LVPrcS64 - ok11:36:06.0170 5896 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys11:36:06.0186 5896 MBAMProtector - ok11:36:06.0576 5896 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe11:36:06.0591 5896 MBAMService - ok11:36:06.0654 5896 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll11:36:06.0685 5896 Mcx2Svc - ok11:36:06.0763 5896 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys11:36:06.0810 5896 megasas - ok11:36:06.0903 5896 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys11:36:06.0935 5896 MegaSR - ok11:36:06.0997 5896 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys11:36:07.0028 5896 MEIx64 - ok11:36:07.0059 5896 Microsoft SharePoint Workspace Audit Service - ok11:36:07.0169 5896 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll11:36:07.0231 5896 MMCSS - ok11:36:07.0309 5896 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys11:36:07.0371 5896 Modem - ok11:36:07.0403 5896 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys11:36:07.0449 5896 monitor - ok11:36:07.0481 5896 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys11:36:07.0512 5896 mouclass - ok11:36:07.0621 5896 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys11:36:07.0699 5896 mouhid - ok11:36:07.0730 5896 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys11:36:07.0761 5896 mountmgr - ok11:36:07.0793 5896 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe11:36:07.0824 5896 MozillaMaintenance - ok11:36:07.0871 5896 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys11:36:07.0917 5896 mpio - ok11:36:07.0933 5896 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys11:36:07.0964 5896 mpsdrv - ok11:36:08.0089 5896 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll11:36:08.0151 5896 MpsSvc - ok11:36:08.0214 5896 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS11:36:08.0261 5896 MREMP50 ( UnsignedFile.Multi.Generic ) - warning11:36:08.0261 5896 MREMP50 - detected UnsignedFile.Multi.Generic (1)11:36:08.0354 5896 MREMP50a64 (c2758df79c83a0d12a5599a040ca1818) C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS11:36:08.0385 5896 MREMP50a64 - ok11:36:08.0385 5896 MREMPR5 - ok11:36:08.0385 5896 MRENDIS5 - ok11:36:08.0432 5896 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS11:36:08.0479 5896 MRESP50 ( UnsignedFile.Multi.Generic ) - warning11:36:08.0479 5896 MRESP50 - detected UnsignedFile.Multi.Generic (1)11:36:08.0510 5896 MRESP50a64 (38bd5b32e0722752be8465d2a6da43d9) C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS11:36:08.0541 5896 MRESP50a64 - ok11:36:08.0588 5896 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys11:36:08.0651 5896 MRxDAV - ok11:36:08.0697 5896 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys11:36:08.0775 5896 mrxsmb - ok11:36:08.0807 5896 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys11:36:08.0853 5896 mrxsmb10 - ok11:36:08.0885 5896 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys11:36:08.0916 5896 mrxsmb20 - ok11:36:08.0931 5896 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys11:36:08.0947 5896 msahci - ok11:36:08.0963 5896 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys11:36:08.0978 5896 msdsm - ok11:36:09.0009 5896 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe11:36:09.0072 5896 MSDTC - ok11:36:09.0072 5896 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys11:36:09.0103 5896 Msfs - ok11:36:09.0134 5896 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys11:36:09.0212 5896 mshidkmdf - ok11:36:09.0228 5896 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys11:36:09.0259 5896 msisadrv - ok11:36:09.0290 5896 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll11:36:09.0368 5896 MSiSCSI - ok11:36:09.0368 5896 msiserver - ok11:36:09.0415 5896 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys11:36:09.0477 5896 MSKSSRV - ok11:36:09.0509 5896 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys11:36:09.0540 5896 MSPCLOCK - ok11:36:09.0555 5896 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys11:36:09.0633 5896 MSPQM - ok11:36:09.0680 5896 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys11:36:09.0696 5896 MsRPC - ok11:36:09.0711 5896 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys11:36:09.0727 5896 mssmbios - ok11:36:09.0727 5896 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys11:36:09.0789 5896 MSTEE - ok11:36:09.0821 5896 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys11:36:09.0836 5896 MTConfig - ok11:36:09.0836 5896 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys11:36:09.0852 5896 Mup - ok11:36:09.0899 5896 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll11:36:09.0961 5896 napagent - ok11:36:09.0992 5896 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys11:36:10.0070 5896 NativeWifiP - ok11:36:10.0179 5896 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys11:36:10.0195 5896 NDIS - ok11:36:10.0226 5896 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys11:36:10.0273 5896 NdisCap - ok11:36:10.0320 5896 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys11:36:10.0382 5896 NdisTapi - ok11:36:10.0398 5896 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys11:36:10.0445 5896 Ndisuio - ok11:36:10.0476 5896 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys11:36:10.0569 5896 NdisWan - ok11:36:10.0601 5896 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys11:36:10.0632 5896 NDProxy - ok11:36:10.0663 5896 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys11:36:10.0741 5896 NetBIOS - ok11:36:10.0757 5896 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys11:36:10.0819 5896 NetBT - ok11:36:10.0835 5896 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe11:36:10.0850 5896 Netlogon - ok11:36:10.0897 5896 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll11:36:10.0959 5896 Netman - ok11:36:11.0256 5896 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe11:36:11.0271 5896 NetMsmqActivator - ok11:36:11.0271 5896 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe11:36:11.0287 5896 NetPipeActivator - ok11:36:11.0334 5896 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll11:36:11.0396 5896 netprofm - ok11:36:11.0396 5896 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe11:36:11.0412 5896 NetTcpActivator - ok11:36:11.0412 5896 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe11:36:11.0412 5896 NetTcpPortSharing - ok11:36:11.0474 5896 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys11:36:11.0490 5896 nfrd960 - ok11:36:11.0552 5896 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll11:36:11.0599 5896 NlaSvc - ok11:36:11.0630 5896 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys11:36:11.0661 5896 Npfs - ok11:36:11.0677 5896 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll11:36:11.0739 5896 nsi - ok11:36:11.0786 5896 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys11:36:11.0880 5896 nsiproxy - ok11:36:12.0239 5896 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys11:36:12.0332 5896 Ntfs - ok11:36:12.0441 5896 nTuneService - ok11:36:13.0128 5896 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys11:36:13.0190 5896 Null - ok11:36:13.0268 5896 NVHDA (8d4aac74b571fc356560e5b308955e93) C:\Windows\system32\drivers\nvhda64v.sys11:36:13.0299 5896 NVHDA - ok11:36:18.0448 5896 nvlddmkm (9c1996dd3c0469bc8933321f15709f5a) C:\Windows\system32\DRIVERS\nvlddmkm.sys11:36:18.0604 5896 nvlddmkm - ok11:36:18.0744 5896 NVR0Dev (ebbf32c06b044d0d61e5030a16663b34) C:\Windows\nvoclk64.sys11:36:18.0760 5896 NVR0Dev - ok11:36:18.0869 5896 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys11:36:18.0916 5896 nvraid - ok11:36:18.0978 5896 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys11:36:19.0025 5896 nvstor - ok11:36:19.0196 5896 nvsvc (34e5498528bb3d5a951f889f8756ad26) C:\Windows\system32\nvvsvc.exe11:36:19.0228 5896 nvsvc - ok11:36:20.0054 5896 nvUpdatusService (cd0bfaa6872cfe38c908d313ae17c350) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe11:36:20.0086 5896 nvUpdatusService - ok11:36:20.0273 5896 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys11:36:20.0304 5896 nv_agp - ok11:36:20.0413 5896 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys11:36:20.0460 5896 ohci1394 - ok11:36:20.0725 5896 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE11:36:20.0741 5896 ose - ok11:36:22.0691 5896 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE11:36:22.0738 5896 osppsvc - ok11:36:23.0642 5896 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll11:36:23.0736 5896 p2pimsvc - ok11:36:23.0798 5896 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll11:36:23.0845 5896 p2psvc - ok11:36:23.0954 5896 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys11:36:24.0001 5896 Parport - ok11:36:24.0126 5896 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys11:36:24.0157 5896 partmgr - ok11:36:24.0329 5896 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll11:36:24.0376 5896 PcaSvc - ok11:36:24.0532 5896 pcCMService (bae04007a679893e975a2b75e9e001e9) C:\Program Files (x86)\Common Files\Motive\pcCMService.exe11:36:24.0547 5896 pcCMService ( UnsignedFile.Multi.Generic ) - warning11:36:24.0547 5896 pcCMService - detected UnsignedFile.Multi.Generic (1)11:36:24.0922 5896 pcCMService64 (3bea1d461531d1d26f5695bb9ca97a18) C:\Program Files\Common Files\Motive\pcCMService.exe11:36:24.0953 5896 pcCMService64 ( UnsignedFile.Multi.Generic ) - warning11:36:24.0953 5896 pcCMService64 - detected UnsignedFile.Multi.Generic (1)11:36:25.0156 5896 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys11:36:25.0202 5896 pci - ok11:36:25.0265 5896 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys11:36:25.0296 5896 pciide - ok11:36:25.0483 5896 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys11:36:25.0530 5896 pcmcia - ok11:36:25.0873 5896 pcServiceHost (a792405e6c84c3debc02b1cf29a928f0) C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe11:36:25.0889 5896 pcServiceHost ( UnsignedFile.Multi.Generic ) - warning11:36:25.0889 5896 pcServiceHost - detected UnsignedFile.Multi.Generic (1)11:36:25.0967 5896 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys11:36:25.0998 5896 pcw - ok11:36:26.0528 5896 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys11:36:26.0638 5896 PEAUTH - ok11:36:26.0762 5896 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe11:36:26.0809 5896 PerfHost - ok11:36:27.0589 5896 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll11:36:27.0730 5896 pla - ok11:36:27.0792 5896 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll11:36:27.0886 5896 PlugPlay - ok11:36:27.0901 5896 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll11:36:27.0964 5896 PNRPAutoReg - ok11:36:27.0995 5896 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll11:36:28.0010 5896 PNRPsvc - ok11:36:28.0400 5896 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll11:36:28.0494 5896 PolicyAgent - ok11:36:28.0541 5896 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll11:36:28.0619 5896 Power - ok11:36:28.0728 5896 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys11:36:28.0822 5896 PptpMiniport - ok11:36:28.0853 5896 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys11:36:28.0900 5896 Processor - ok11:36:28.0931 5896 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll11:36:28.0993 5896 ProfSvc - ok11:36:29.0040 5896 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe11:36:29.0056 5896 ProtectedStorage - ok11:36:29.0118 5896 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys11:36:29.0180 5896 Psched - ok11:36:29.0305 5896 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys11:36:29.0399 5896 ql2300 - ok11:36:29.0960 5896 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys11:36:29.0992 5896 ql40xx - ok11:36:30.0226 5896 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll11:36:30.0288 5896 QWAVE - ok11:36:30.0350 5896 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys11:36:30.0428 5896 QWAVEdrv - ok11:36:30.0444 5896 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys11:36:30.0506 5896 RasAcd - ok11:36:30.0569 5896 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys11:36:30.0616 5896 RasAgileVpn - ok11:36:30.0662 5896 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll11:36:30.0740 5896 RasAuto - ok11:36:30.0772 5896 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys11:36:30.0850 5896 Rasl2tp - ok11:36:30.0912 5896 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll11:36:30.0959 5896 RasMan - ok11:36:30.0990 5896 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys11:36:31.0037 5896 RasPppoe - ok11:36:31.0052 5896 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys11:36:31.0115 5896 RasSstp - ok11:36:31.0146 5896 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys11:36:31.0255 5896 rdbss - ok11:36:31.0286 5896 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys11:36:31.0380 5896 rdpbus - ok11:36:31.0396 5896 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys11:36:31.0474 5896 RDPCDD - ok11:36:31.0505 5896 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys11:36:31.0567 5896 RDPENCDD - ok11:36:31.0598 5896 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys11:36:31.0645 5896 RDPREFMP - ok11:36:31.0770 5896 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys11:36:31.0817 5896 RDPWD - ok11:36:31.0879 5896 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys11:36:31.0910 5896 rdyboost - ok11:36:31.0957 5896 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll11:36:32.0020 5896 RemoteAccess - ok11:36:32.0051 5896 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll11:36:32.0113 5896 RemoteRegistry - ok11:36:32.0144 5896 RimVSerPort (c903d49655b4aae46673f0aaa6be0f58) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys11:36:32.0176 5896 RimVSerPort - ok11:36:32.0207 5896 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll11:36:32.0254 5896 RpcEptMapper - ok11:36:32.0285 5896 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe11:36:32.0332 5896 RpcLocator - ok11:36:32.0784 5896 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll11:36:32.0831 5896 RpcSs - ok11:36:32.0893 5896 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys11:36:32.0940 5896 rspndr - ok11:36:33.0049 5896 RTL8169 (e3aa12faa3192d1090b9069c3925373b) C:\Windows\system32\DRIVERS\Rtlh64.sys11:36:33.0080 5896 RTL8169 - ok11:36:33.0143 5896 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe11:36:33.0174 5896 SamSs - ok11:36:33.0283 5896 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys11:36:33.0314 5896 sbp2port - ok11:36:33.0533 5896 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll11:36:33.0595 5896 SCardSvr - ok11:36:34.0110 5896 SCBackService (8475e746eb72d04f1015e6f091f50e09) C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe11:36:34.0126 5896 SCBackService - ok11:36:34.0172 5896 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys11:36:34.0235 5896 scfilter - ok11:36:35.0218 5896 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll11:36:35.0280 5896 Schedule - ok11:36:35.0420 5896 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll11:36:35.0467 5896 SCPolicySvc - ok11:36:35.0670 5896 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll11:36:35.0748 5896 SDRSVC - ok11:36:35.0842 5896 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys11:36:35.0935 5896 secdrv - ok11:36:35.0951 5896 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll11:36:35.0982 5896 seclogon - ok11:36:36.0029 5896 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll11:36:36.0091 5896 SENS - ok11:36:36.0122 5896 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll11:36:36.0154 5896 SensrSvc - ok11:36:36.0185 5896 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys11:36:36.0232 5896 Serenum - ok11:36:36.0263 5896 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys11:36:36.0341 5896 Serial - ok11:36:36.0372 5896 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys11:36:36.0419 5896 sermouse - ok11:36:36.0450 5896 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll11:36:36.0497 5896 SessionEnv - ok11:36:36.0512 5896 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys11:36:36.0544 5896 sffdisk - ok11:36:36.0575 5896 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys11:36:36.0637 5896 sffp_mmc - ok11:36:36.0668 5896 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys11:36:36.0731 5896 sffp_sd - ok11:36:36.0746 5896 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys11:36:36.0809 5896 sfloppy - ok11:36:36.0902 5896 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll11:36:37.0012 5896 SharedAccess - ok11:36:37.0136 5896 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll11:36:37.0183 5896 ShellHWDetection - ok11:36:37.0246 5896 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys11:36:37.0277 5896 SiSRaid2 - ok11:36:37.0292 5896 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys11:36:37.0308 5896 SiSRaid4 - ok11:36:37.0324 5896 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys11:36:37.0386 5896 Smb - ok11:36:37.0573 5896 snapman (27ba49f89468fddae6c2b311c53bce3a) C:\Windows\system32\DRIVERS\snapman.sys11:36:37.0604 5896 snapman - ok11:36:37.0667 5896 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe11:36:37.0729 5896 SNMPTRAP - ok11:36:37.0745 5896 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys11:36:37.0760 5896 spldr - ok11:36:37.0823 5896 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe11:36:37.0854 5896 Spooler - ok11:36:39.0398 5896 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe11:36:39.0445 5896 sppsvc - ok11:36:40.0054 5896 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll11:36:40.0116 5896 sppuinotify - ok11:36:40.0568 5896 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys11:36:40.0740 5896 srv - ok11:36:41.0099 5896 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys11:36:41.0208 5896 srv2 - ok11:36:41.0255 5896 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys11:36:41.0302 5896 srvnet - ok11:36:41.0333 5896 ssadbus (8f8324ed1de63ffc7b1a02cd2d963c72) C:\Windows\system32\DRIVERS\ssadbus.sys11:36:41.0395 5896 ssadbus - ok11:36:41.0426 5896 ssadmdfl (58221efcb74167b73667f0024c661ce0) C:\Windows\system32\DRIVERS\ssadmdfl.sys11:36:41.0442 5896 ssadmdfl - ok11:36:41.0489 5896 ssadmdm (4da7c71bfac5ad71255b7e4cab980163) C:\Windows\system32\DRIVERS\ssadmdm.sys11:36:41.0567 5896 ssadmdm - ok11:36:41.0614 5896 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll11:36:41.0692 5896 SSDPSRV - ok11:36:41.0707 5896 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll11:36:41.0738 5896 SstpSvc - ok11:36:42.0128 5896 Stereo Service (8544a200c40447e465f06e58687428bb) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe11:36:42.0160 5896 Stereo Service - ok11:36:42.0206 5896 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys11:36:42.0238 5896 stexstor - ok11:36:42.0347 5896 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll11:36:42.0409 5896 stisvc - ok11:36:42.0440 5896 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys11:36:42.0456 5896 swenum - ok11:36:42.0955 5896 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll11:36:43.0018 5896 swprv - ok11:36:44.0406 5896 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll11:36:44.0453 5896 SysMain - ok11:36:44.0640 5896 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll11:36:44.0765 5896 TabletInputService - ok11:36:44.0999 5896 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll11:36:45.0092 5896 TapiSrv - ok11:36:45.0108 5896 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll11:36:45.0139 5896 TBS - ok11:36:45.0638 5896 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys11:36:45.0716 5896 Tcpip - ok11:36:46.0247 5896 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys11:36:46.0294 5896 TCPIP6 - ok11:36:46.0871 5896 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys11:36:46.0996 5896 tcpipreg - ok11:36:47.0027 5896 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys11:36:47.0074 5896 TDPIPE - ok11:36:47.0198 5896 tdrpman258 (bf7ac81df6fbe09438d9dc7188178ea9) C:\Windows\system32\DRIVERS\tdrpm258.sys11:36:47.0245 5896 tdrpman258 - ok11:36:47.0339 5896 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys11:36:47.0401 5896 TDTCP - ok11:36:47.0432 5896 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys11:36:47.0495 5896 tdx - ok11:36:47.0510 5896 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys11:36:47.0526 5896 TermDD - ok11:36:48.0072 5896 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll11:36:48.0166 5896 TermService - ok11:36:48.0197 5896 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll11:36:48.0259 5896 Themes - ok11:36:48.0384 5896 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll11:36:48.0431 5896 THREADORDER - ok11:36:48.0493 5896 tmactmon (e386dd8ec68c67ca3e2a3abdc1df5c56) C:\Windows\system32\DRIVERS\tmactmon.sys11:36:48.0524 5896 tmactmon - ok11:36:48.0618 5896 tmcomm (ab011c569487fd65c8944ddf8cbb2572) C:\Windows\system32\DRIVERS\tmcomm.sys11:36:48.0649 5896 tmcomm - ok11:36:48.0665 5896 tmeevw (1161f882b3cfa8076870a09924e0adc2) C:\Windows\system32\DRIVERS\tmeevw.sys11:36:48.0680 5896 tmeevw - ok11:36:48.0727 5896 tmevtmgr (8870a3d7305455b47adccd226f8e51bc) C:\Windows\system32\DRIVERS\tmevtmgr.sys11:36:48.0743 5896 tmevtmgr - ok11:36:48.0790 5896 tmnciesc (f0ae672ee91e7f1ef24644621b57ca7f) C:\Windows\system32\DRIVERS\tmnciesc.sys11:36:48.0836 5896 tmnciesc - ok11:36:48.0868 5896 tmtdi (065cb7d9278d778fb9ef62cead01433f) C:\Windows\system32\DRIVERS\tmtdi.sys11:36:48.0899 5896 tmtdi - ok11:36:48.0930 5896 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll11:36:48.0961 5896 TrkWks - ok11:36:49.0195 5896 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe11:36:49.0226 5896 TrustedInstaller - ok11:36:49.0304 5896 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys11:36:49.0414 5896 tssecsrv - ok11:36:49.0460 5896 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys11:36:49.0492 5896 TsUsbFlt - ok11:36:49.0538 5896 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys11:36:49.0554 5896 TsUsbGD - ok11:36:49.0601 5896 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys11:36:49.0663 5896 tunnel - ok11:36:49.0757 5896 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys11:36:49.0788 5896 uagp35 - ok11:36:50.0084 5896 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys11:36:50.0256 5896 udfs - ok11:36:50.0303 5896 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe11:36:50.0350 5896 UI0Detect - ok11:36:50.0396 5896 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys11:36:50.0412 5896 uliagpkx - ok11:36:50.0474 5896 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys11:36:50.0521 5896 umbus - ok11:36:50.0552 5896 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys11:36:50.0615 5896 UmPass - ok11:36:50.0693 5896 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll11:36:50.0755 5896 upnphost - ok11:36:50.0833 5896 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys11:36:50.0880 5896 USBAAPL64 - ok11:36:50.0942 5896 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys11:36:50.0974 5896 usbccgp - ok11:36:51.0005 5896 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys11:36:51.0020 5896 usbcir - ok11:36:51.0052 5896 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys11:36:51.0083 5896 usbehci - ok11:36:51.0130 5896 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys11:36:51.0192 5896 usbhub - ok11:36:51.0223 5896 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys11:36:51.0254 5896 usbohci - ok11:36:51.0270 5896 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys11:36:51.0317 5896 usbprint - ok11:36:51.0332 5896 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS11:36:51.0379 5896 USBSTOR - ok11:36:51.0410 5896 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys11:36:51.0457 5896 usbuhci - ok11:36:51.0473 5896 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll11:36:51.0520 5896 UxSms - ok11:36:51.0582 5896 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe11:36:51.0613 5896 VaultSvc - ok11:36:51.0691 5896 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys11:36:51.0707 5896 vdrvroot - ok11:36:52.0190 5896 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe11:36:52.0315 5896 vds - ok11:36:52.0393 5896 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys11:36:52.0424 5896 vga - ok11:36:52.0471 5896 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys11:36:52.0549 5896 VgaSave - ok11:36:52.0768 5896 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys11:36:52.0814 5896 vhdmp - ok11:36:52.0861 5896 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys11:36:52.0877 5896 viaide - ok11:36:52.0908 5896 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys11:36:52.0939 5896 volmgr - ok11:36:53.0017 5896 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys11:36:53.0048 5896 volmgrx - ok11:36:53.0142 5896 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys11:36:53.0173 5896 volsnap - ok11:36:53.0220 5896 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys11:36:53.0236 5896 vsmraid - ok11:36:53.0704 5896 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe11:36:53.0750 5896 VSS - ok11:36:53.0938 5896 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys11:36:53.0984 5896 vwifibus - ok11:36:54.0094 5896 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll11:36:54.0234 5896 W32Time - ok11:36:54.0281 5896 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys11:36:54.0343 5896 WacomPen - ok11:36:54.0390 5896 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys11:36:54.0452 5896 WANARP - ok11:36:54.0468 5896 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys11:36:54.0515 5896 Wanarpv6 - ok11:36:54.0718 5896 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe11:36:54.0780 5896 WatAdminSvc - ok11:36:54.0920 5896 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe11:36:55.0045 5896 wbengine - ok11:36:55.0217 5896 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll11:36:55.0264 5896 WbioSrvc - ok11:36:55.0310 5896 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll11:36:55.0373 5896 wcncsvc - ok11:36:55.0404 5896 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll11:36:55.0420 5896 WcsPlugInService - ok11:36:55.0669 5896 WCUService_STC_FF (e47e66538692b1cfd6cc8021546fcc83) C:\Program Files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe11:36:55.0685 5896 WCUService_STC_FF - ok11:36:55.0841 5896 WCUService_STC_IE (147c60622cb53e901efd8bb6d44a4c46) C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe11:36:55.0872 5896 WCUService_STC_IE - ok11:36:55.0934 5896 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys11:36:55.0966 5896 Wd - ok11:36:56.0106 5896 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys11:36:56.0215 5896 Wdf01000 - ok11:36:56.0262 5896 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll11:36:56.0387 5896 WdiServiceHost - ok11:36:56.0387 5896 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll11:36:56.0402 5896 WdiSystemHost - ok11:36:56.0527 5896 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll11:36:56.0621 5896 WebClient - ok11:36:56.0699 5896 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll11:36:56.0792 5896 Wecsvc - ok11:36:56.0824 5896 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll11:36:56.0855 5896 wercplsupport - ok11:36:56.0886 5896 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll11:36:56.0933 5896 WerSvc - ok11:36:56.0964 5896 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys11:36:56.0995 5896 WfpLwf - ok11:36:56.0995 5896 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys11:36:57.0011 5896 WIMMount - ok11:36:57.0073 5896 WinDefend - ok11:36:57.0073 5896 WinHttpAutoProxySvc - ok11:36:57.0151 5896 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll11:36:57.0198 5896 Winmgmt - ok11:36:57.0713 5896 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll11:36:57.0822 5896 WinRM - ok11:36:58.0150 5896 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys11:36:58.0181 5896 WinUsb - ok11:36:58.0555 5896 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll11:36:58.0602 5896 Wlansvc - ok11:36:59.0710 5896 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE11:36:59.0741 5896 wlidsvc - ok11:37:00.0349 5896 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys11:37:00.0490 5896 WmiAcpi - ok11:37:00.0552 5896 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe11:37:00.0599 5896 wmiApSrv - ok11:37:00.0661 5896 WMPNetworkSvc - ok11:37:00.0677 5896 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll11:37:00.0708 5896 WPCSvc - ok11:37:00.0724 5896 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll11:37:00.0755 5896 WPDBusEnum - ok11:37:00.0848 5896 WPFFontCache_v0400 - ok11:37:00.0864 5896 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys11:37:00.0926 5896 ws2ifsl - ok11:37:00.0926 5896 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll11:37:00.0958 5896 wscsvc - ok11:37:00.0973 5896 WSearch - ok11:37:01.0114 5896 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll11:37:01.0160 5896 wuauserv - ok11:37:01.0238 5896 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys11:37:01.0316 5896 WudfPf - ok11:37:01.0363 5896 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys11:37:01.0410 5896 WUDFRd - ok11:37:01.0441 5896 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll11:37:01.0472 5896 wudfsvc - ok11:37:01.0488 5896 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll11:37:01.0550 5896 WwanSvc - ok11:37:01.0582 5896 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR011:37:01.0628 5896 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected11:37:01.0628 5896 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)11:37:01.0691 5896 \Device\Harddisk0\DR0 ( TDSS File System ) - warning11:37:01.0691 5896 \Device\Harddisk0\DR0 - detected TDSS File System (1)11:37:01.0691 5896 Boot (0x1200) (dfd2ea691b98846456380b4a72ac8898) \Device\Harddisk0\DR0\Partition011:37:01.0691 5896 \Device\Harddisk0\DR0\Partition0 - ok11:37:01.0691 5896 ============================================================11:37:01.0691 5896 Scan finished11:37:01.0691 5896 ============================================================11:37:01.0691 5820 Detected object count: 911:37:01.0691 5820 Actual detected object count: 911:40:40.0590 5820 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user11:40:40.0590 5820 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip11:40:40.0590 5820 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - skipped by user11:40:40.0590 5820 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - User select action: Skip11:40:40.0606 5820 MREMP50 ( UnsignedFile.Multi.Generic ) - skipped by user11:40:40.0606 5820 MREMP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip11:40:40.0606 5820 MRESP50 ( UnsignedFile.Multi.Generic ) - skipped by user11:40:40.0606 5820 MRESP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip11:40:40.0606 5820 pcCMService ( UnsignedFile.Multi.Generic ) - skipped by user11:40:40.0606 5820 pcCMService ( UnsignedFile.Multi.Generic ) - User select action: Skip11:40:40.0606 5820 pcCMService64 ( UnsignedFile.Multi.Generic ) - skipped by user11:40:40.0606 5820 pcCMService64 ( UnsignedFile.Multi.Generic ) - User select action: Skip11:40:40.0606 5820 pcServiceHost ( UnsignedFile.Multi.Generic ) - skipped by user11:40:40.0606 5820 pcServiceHost ( UnsignedFile.Multi.Generic ) - User select action: Skip11:40:41.0339 5820 \Device\Harddisk0\DR0\# - copied to quarantine11:40:41.0339 5820 \Device\Harddisk0\DR0 - copied to quarantine11:40:41.0386 5820 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine11:40:41.0402 5820 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine11:40:42.0447 5820 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine11:40:43.0492 5820 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine11:40:43.0539 5820 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine11:40:43.0586 5820 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine11:40:43.0601 5820 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine11:40:43.0632 5820 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine11:40:43.0664 5820 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine11:40:43.0679 5820 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine11:40:47.0782 5820 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine11:40:47.0798 5820 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine11:40:47.0798 5820 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine11:40:47.0813 5820 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine11:40:47.0876 5820 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot11:40:47.0922 5820 \Device\Harddisk0\DR0 - ok11:40:47.0969 5820 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure11:40:47.0969 5820 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user11:40:47.0969 5820 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip Link to post Share on other sites More sharing options...
MrCharlie Posted August 9, 2012 ID:582823 Share Posted August 9, 2012 We're getting there......Just run TDSSKiller again and just Delete this one only:11:40:47.0969 5820 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user11:40:47.0969 5820 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip-------------------------------Then..........Please download and run ComboFix.The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.Please visit this webpage for download links, and instructions for running ComboFixhttp://www.bleepingc...to-use-combofixEnsure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Information on disabling your malware programs can be found Here.Make sure you run ComboFix from your desktop. Give it at least 30-45 minutes to finish if needed.Please include the C:\ComboFix.txt in your next reply for further review.---------->NOTE<----------If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.MrC Link to post Share on other sites More sharing options...
mollyk36 Posted August 9, 2012 Author ID:582830 Share Posted August 9, 2012 ComboFix 12-08-08.03 - Molly K 08/09/2012 12:21:45.4.4 - x64Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8175.6561 [GMT -5:00]Running from: c:\users\Molly K\Desktop\ComboFix.exeAV: Trend Micro Titanium Maximum Security 2012 *Disabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}SP: Trend Micro Titanium Maximum Security 2012 *Disabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}..((((((((((((((((((((((((( Files Created from 2012-07-09 to 2012-08-09 )))))))))))))))))))))))))))))))..2012-08-09 18:18 . 2012-08-09 18:18 -------- d-----w- C:\FRST2012-08-09 17:25 . 2012-08-09 17:25 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp2012-08-09 17:25 . 2012-08-09 17:25 -------- d-----w- c:\users\Default\AppData\Local\temp2012-08-09 16:40 . 2012-08-09 17:19 -------- d-----w- C:\TDSSKiller_Quarantine2012-08-09 01:49 . 2012-08-09 01:49 21520 ----a-w- c:\windows\DCEBoot64.exe2012-08-09 01:07 . 2012-08-09 01:14 134672 ----a-w- c:\windows\RegBootClean64.exe2012-08-08 21:39 . 2012-07-03 18:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys2012-08-08 20:15 . 2012-08-08 20:13 67344 ----a-w- c:\windows\system32\drivers\tmeevw.sys2012-08-08 20:15 . 2012-08-08 20:13 210704 ----a-w- c:\windows\system32\drivers\tmnciesc.sys2012-08-08 20:15 . 2012-08-08 20:13 105744 ----a-w- c:\windows\system32\drivers\tmtdi.sys2012-08-08 20:15 . 2012-08-08 20:13 91920 ----a-w- c:\windows\system32\drivers\tmactmon.sys2012-08-08 20:15 . 2012-08-08 20:13 70928 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys2012-08-08 20:15 . 2012-08-08 20:13 167696 ----a-w- c:\windows\system32\drivers\tmcomm.sys2012-08-08 20:14 . 2012-08-08 20:14 -------- d-----w- c:\program files\Trend Micro2012-08-08 15:54 . 2012-08-08 20:19 -------- d-----w- c:\program files (x86)\Trend Micro2012-08-08 15:41 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll2012-08-08 15:41 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll2012-08-08 14:06 . 2012-07-16 07:40 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8599059B-106A-4D1D-8374-A62C2960CB64}\mpengine.dll2012-08-08 13:58 . 2012-08-08 13:58 -------- d-----w- c:\windows\Sun2012-07-19 15:17 . 2012-07-19 15:17 -------- d-----w- c:\users\Molly K\AppData\Roaming\Motive2012-07-19 15:17 . 2012-07-19 15:17 -------- d-----w- c:\program files\ATT-SST2012-07-19 15:17 . 2012-07-19 15:17 -------- d-----w- c:\program files (x86)\ATT-SST2012-07-19 15:14 . 2012-07-19 15:17 -------- d-----w- c:\program files (x86)\Common Files\Motive2012-07-19 15:14 . 2012-07-19 15:17 -------- d-----w- c:\program files\Common Files\Motive2012-07-19 15:14 . 2012-08-02 15:55 -------- d-----w- c:\programdata\Motive2012-07-11 03:06 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys2012-07-11 03:03 . 2012-06-02 12:49 17807360 ----a-w- c:\windows\system32\mshtml.dll2012-07-11 03:03 . 2012-06-02 12:17 10924032 ----a-w- c:\windows\system32\ieframe.dll...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2012-08-08 20:14 . 2012-02-29 15:06 56 ----a-w- c:\windows\system32\SupportTool.exe.bat2012-08-03 13:43 . 2012-04-09 12:29 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe2012-08-03 13:43 . 2011-06-22 00:17 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl2012-07-11 03:04 . 2012-03-23 02:07 59701280 ----a-w- c:\windows\system32\MRT.exe2012-06-05 07:37 . 2012-04-04 13:33 256904 ----a-w- c:\windows\SysWow64\drivers\tmcomm.sys2012-06-02 22:19 . 2012-06-21 13:19 38424 ----a-w- c:\windows\system32\wups.dll2012-06-02 22:19 . 2012-06-21 13:20 2428952 ----a-w- c:\windows\system32\wuaueng.dll2012-06-02 22:19 . 2012-06-21 13:20 57880 ----a-w- c:\windows\system32\wuauclt.exe2012-06-02 22:19 . 2012-06-21 13:20 44056 ----a-w- c:\windows\system32\wups2.dll2012-06-02 22:19 . 2012-06-21 13:19 701976 ----a-w- c:\windows\system32\wuapi.dll2012-06-02 22:15 . 2012-06-21 13:20 2622464 ----a-w- c:\windows\system32\wucltux.dll2012-06-02 22:15 . 2012-06-21 13:19 99840 ----a-w- c:\windows\system32\wudriver.dll2012-06-02 20:19 . 2012-06-21 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll2012-06-02 20:15 . 2012-06-21 13:19 36864 ----a-w- c:\windows\system32\wuapp.exe2012-05-31 17:25 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe..((((((((((((((((((((((((((((( SnapShot@2012-08-09_02.07.50 ))))))))))))))))))))))))))))))))))))))))).+ 2012-08-08 13:56 . 2012-08-09 12:41 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat- 2012-08-08 13:56 . 2012-08-09 01:58 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat- 2012-08-08 14:02 . 2012-08-09 00:14 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat+ 2012-08-08 14:02 . 2012-08-09 04:37 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat- 2012-08-08 13:57 . 2012-08-09 01:58 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat+ 2012-08-08 13:57 . 2012-08-09 12:41 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat+ 2010-11-21 03:09 . 2012-08-09 17:17 46808 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin+ 2009-07-14 05:10 . 2012-08-09 17:17 36854 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin- 2012-03-23 12:57 . 2012-08-07 13:34 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat+ 2012-03-23 12:57 . 2012-08-09 05:09 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat+ 2012-03-23 12:57 . 2012-08-09 05:09 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat- 2012-03-23 12:57 . 2012-08-07 13:34 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat- 2009-07-14 04:54 . 2012-08-07 13:34 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat+ 2009-07-14 04:54 . 2012-08-09 05:09 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat+ 2009-07-14 04:46 . 2012-08-09 16:32 95696 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat+ 2012-03-23 02:23 . 2012-08-09 17:17 6556 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-761091862-3678968245-921467866-1000_UserData.bin+ 2012-08-09 17:15 . 2012-08-09 17:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat- 2012-08-09 02:07 . 2012-08-09 02:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat+ 2012-08-09 17:15 . 2012-08-09 17:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat- 2012-08-09 02:07 . 2012-08-09 02:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat+ 2009-07-14 04:54 . 2012-08-09 16:59 180224 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat- 2009-07-14 04:54 . 2012-08-09 02:07 180224 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat- 2009-07-14 02:36 . 2012-08-08 20:15 680090 c:\windows\system32\perfh009.dat+ 2009-07-14 02:36 . 2012-08-09 16:19 680090 c:\windows\system32\perfh009.dat+ 2009-07-14 02:36 . 2012-08-09 16:19 128616 c:\windows\system32\perfc009.dat- 2009-07-14 02:36 . 2012-08-08 20:15 128616 c:\windows\system32\perfc009.dat+ 2009-07-14 05:01 . 2012-08-09 17:11 385004 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat- 2009-07-14 05:01 . 2012-08-09 02:06 385004 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat+ 2009-07-14 04:54 . 2012-08-09 16:59 3293184 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat- 2009-07-14 04:54 . 2012-08-09 02:07 3293184 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat+ 2009-07-14 04:54 . 2012-08-09 16:59 8781824 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat- 2009-07-14 04:54 . 2012-08-09 02:07 8781824 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat+ 2011-06-13 05:05 . 2012-08-09 15:11 6183556 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-761091862-3678968245-921467866-1000-12288.dat- 2011-06-13 05:05 . 2012-08-08 19:48 6183556 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-761091862-3678968245-921467866-1000-12288.dat+ 2012-08-08 15:29 . 2012-08-09 16:43 2255704 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat- 2012-08-08 15:29 . 2012-08-09 02:06 2255704 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat+ 2011-05-07 03:30 . 2012-08-09 16:10 34039124 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-761091862-3678968245-921467866-1000-8192.dat+ 2011-05-18 04:22 . 2012-08-09 17:11 22091776 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-761091862-3678968245-921467866-1000-4096.dat.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shownREGEDIT4.[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]"{0F3DC9E0-C459-4a40-BCF8-747BD9322E10}"= "c:\program files (x86)\Splashtop\Splashtop Connect IE\AddressBarSearch.dll" [2011-03-04 165776].[HKEY_CLASSES_ROOT\clsid\{0f3dc9e0-c459-4a40-bcf8-747bd9322e10}][HKEY_CLASSES_ROOT\AddressBarSearch.SearchHook.1][HKEY_CLASSES_ROOT\TypeLib\{4E8E0178-00EF-413d-9324-E7B3E31572E3}][HKEY_CLASSES_ROOT\AddressBarSearch.SearchHook].[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2010-11-21 163328]"NVIDIA nTune"="c:\program files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-07-03 98304].[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]"ArcSoft MediaImpression Monitor"="c:\program files (x86)\Kodak\MediaImpression\ArcMonitor.exe" [2010-12-15 80448]"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208]"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]"STCAgent"="c:\program files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe" [2011-03-04 776064]"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-11-12 5106904]"ZyngaGamesAgent"="c:\program files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe" [2010-11-15 841544]"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920].[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]"ConsentPromptBehaviorAdmin"= 5 (0x5)"ConsentPromptBehaviorUser"= 3 (0x3)"EnableUIADesktopToggle"= 0 (0x0).[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]"mixer4"=wdmaud.drv.R2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-25 136176]R2 LVPrcS64;Process Monitor;c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe [2010-05-07 197976]R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-03 250056]R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272]R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-05-15 79360]R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-25 136176]R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-19 113120]R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 157672]R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 16872]R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 177640]R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-23 1255736]S0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\DRIVERS\tdrpm258.sys [2010-05-20 1477728]S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2011-01-10 21104]S1 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2012-08-08 70928]S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2010-05-20 2480048]S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-02-10 2348352]S2 pcCMService;pcCMService;c:\program files (x86)\Common Files\Motive\pcCMService.exe [2012-07-06 361472]S2 pcCMService64;pcCMService64;c:\program files\Common Files\Motive\pcCMService.exe [2012-07-06 441344]S2 pcServiceHost;pcServiceHost;c:\program files (x86)\Common Files\Motive\pcServiceHost.exe [2012-06-14 342016]S2 SCBackService;Splashtop Connect Service;c:\program files (x86)\Splashtop\Splashtop Connect\BackService.exe [2010-11-15 477000]S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-10 382272]S2 WCUService_STC_FF;Splashtop Connect Firefox Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe [2011-03-24 493384]S2 WCUService_STC_IE;Splashtop Connect IE Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe [2011-03-22 497480]S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2010-05-20 251488]S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2011-07-29 56960]S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2011-07-29 79104]S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2010-05-07 30304]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]S3 MEIx64;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-01-17 188224]S3 tmeevw;tmeevw;c:\windows\system32\DRIVERS\tmeevw.sys [2012-08-08 67344]S3 tmnciesc;tmnciesc;c:\windows\system32\DRIVERS\tmnciesc.sys [2012-08-08 210704]..--- Other Services/Drivers In Memory ---.*NewlyCreated* - 71832407*NewlyCreated* - APPLECHARGER*Deregistered* - 71832407.Contents of the 'Scheduled Tasks' folder.2012-08-09 c:\windows\Tasks\Adobe Flash Player Updater.job- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 13:43].2012-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-25 03:57].2012-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-25 03:57]..--------- X64 Entries -----------..[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-07-21 12632168]"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-11-12 361632]"AsioReg"="CTASIO.DLL" [bU]"ATT-SST_McciTrayApp"="c:\program files\ATT-SST\pcTrayApp.exe" [2012-06-07 2727936]"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2012-07-06 1304824]"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2012-02-27 213824].------- Supplementary Scan -------.uLocal Page = c:\windows\system32\blank.htmmLocal Page = c:\windows\SysWOW64\blank.htmuInternet Settings,ProxyOverride = *.localIE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105Trusted Zone: $talisma_url$Trusted Zone: clonewarsadventures.comTrusted Zone: freerealms.comTrusted Zone: soe.comTrusted Zone: sony.comTCP: DhcpNameServer = 192.168.1.254TCP: Interfaces\{18E913FB-9919-4288-8DA7-27333B19059B}: DhcpNameServer = 192.168.1.254FF - ProfilePath - c:\users\Molly K\AppData\Roaming\Mozilla\Firefox\Profiles\auikov9m.default\FF - prefs.js: browser.search.selectedEngine - YahooFF - prefs.js: browser.startup.homepage - hxxp://www.google.com/FF - prefs.js: network.proxy.type - 0..--------------------- LOCKED REGISTRY KEYS ---------------------.[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]@Denied: (2) (LocalSystem)"{CCAC5586-44D7-4C43-B64A-F042461A97D2}"=hex:51,66,7a,6c,4c,1d,38,12,e8,56,bf, c8,e5,0a,2d,09,c9,5c,b3,02,43,44,d3,c6"{0E5680D1-BF44-4929-94AF-FD30D784AD1D}"=hex:51,66,7a,6c,4c,1d,38,12,bf,83,45, 0a,76,f1,47,0c,eb,b9,be,70,d2,da,e9,09"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc, 1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7"{1CA1377B-DC1D-4A52-9585-6E06050FAC53}"=hex:51,66,7a,6c,4c,1d,38,12,15,34,b2, 18,2f,92,3c,0f,ea,93,2d,46,00,51,e8,47"{43C6D902-A1C5-45C9-91F6-FD9E90337E18}"=hex:51,66,7a,6c,4c,1d,38,12,6c,da,d5, 47,f7,ef,a7,00,ee,e0,be,de,95,6d,3a,0c"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96, 76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07, 72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23, 94,30,02,d1,0f,f1,da,12,24,73,56,27,d2"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93, aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0, b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb"{BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC}"=hex:51,66,7a,6c,4c,1d,38,12,93,b9,bf, bf,6c,b4,17,05,f4,25,43,ab,9a,4d,90,b8"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47, 2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85.[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]@Denied: (2) (LocalSystem)"Timestamp"=hex:6b,39,87,c1,86,75,cd,01.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]@Denied: (A 2) (Everyone)@="FlashBroker""LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]"Enabled"=dword:00000001.[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Shockwave Flash Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]@="0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]@="ShockwaveFlash.ShockwaveFlash.11".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="ShockwaveFlash.ShockwaveFlash".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]@Denied: (A 2) (Everyone)@="Macromedia Flash Factory Object".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx""ThreadingModel"="Apartment".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]@="FlashFactory.FlashFactory.1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]@="{D27CDB6B-AE6D-11cf-96B8-444553540000}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]@="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]@="FlashFactory.FlashFactory".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]@Denied: (A 2) (Everyone)@="IFlashBroker4".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]@="{00020424-0000-0000-C000-000000000046}".[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}""Version"="1.0".[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]@Denied: (A) (Everyone)"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}".[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]@Denied: (A) (Everyone).[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]"Key"="ActionsPane3""Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd".[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]@Denied: (A) (Users)@Denied: (A) (Everyone)@Allowed: (B 1 2 3 4 5) (S-1-5-20)"BlindDial"=dword:00000000.[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]@Denied: (Full) (Everyone).Completion time: 2012-08-09 12:26:14ComboFix-quarantined-files.txt 2012-08-09 17:26ComboFix2.txt 2012-08-09 04:08ComboFix3.txt 2012-08-09 03:20ComboFix4.txt 2012-08-09 02:14.Pre-Run: 263,838,212,096 bytes freePost-Run: 263,784,206,336 bytes free.- - End Of File - - 662403E8C39349ABA942E3817CAD25A6 Link to post Share on other sites More sharing options...
MrCharlie Posted August 9, 2012 ID:582833 Share Posted August 9, 2012 Looks Good.....Please Update and run a Quick Scan with MBAM, post the report.Make sure that everything is checked, and click Remove Selected.Please let me know how computer is running now, MrC Link to post Share on other sites More sharing options...
mollyk36 Posted August 9, 2012 Author ID:582845 Share Posted August 9, 2012 Malwarebytes Anti-Malware (Trial) 1.62.0.1300www.malwarebytes.orgDatabase version: v2012.08.09.09Windows 7 Service Pack 1 x64 NTFSInternet Explorer 9.0.8112.16421Molly K :: MOLLYK-PC [administrator]Protection: Disabled8/9/2012 12:38:45 PMmbam-log-2012-08-09 (12-38-45).txtScan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUMScan options disabled: P2PObjects scanned: 216980Time elapsed: 5 minute(s), 5 second(s)Memory Processes Detected: 0(No malicious items detected)Memory Modules Detected: 0(No malicious items detected)Registry Keys Detected: 0(No malicious items detected)Registry Values Detected: 0(No malicious items detected)Registry Data Items Detected: 0(No malicious items detected)Folders Detected: 0(No malicious items detected)Files Detected: 0(No malicious items detected)(end)I would like to do a happy dance but my Trend Micro is still saying it's stopping viruses and threats.VirusDate/Time,Affected Files,Threat,Response8/8/2012 3:35 PM,C:\Users\Molly K\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\2f367388-4b1c6432\glass\mumux.class,JAVA_DLOADR.BBZ,Removed8/8/2012 3:35 PM,C:\Users\Molly K\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\2f367388-4b1c6432\glass\Zo666.class,JAVA_DLOADR.BBZ,Removed8/8/2012 3:35 PM,C:\Users\Molly K\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\2f367388-4b1c6432\glass\Zom.class,JAVA_DLOADR.BBZ,Removed8/8/2012 3:35 PM,C:\Users\Molly K\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\2f367388-4b1c6432\glass\Zom2.class,JAVA_DLOADR.BBZ,Removed8/8/2012 3:35 PM,C:\Users\Molly K\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\17ec923d-59ba9c60\pera\a2.class,JAVA_EXPLOYT.JB,Removed8/8/2012 3:35 PM,C:\Users\Molly K\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\17ec923d-59ba9c60\pera\pera.class,JAVA_EXPLOYT.JB,Removed8/8/2012 3:35 PM,C:\Users\Molly K\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\17ec923d-59ba9c60\pera\perb.class,JAVA_EXPLOYT.JB,Removed8/8/2012 3:35 PM,C:\Users\Molly K\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\17ec923d-59ba9c60\pera\F.class,JAVA_EXPLOYT.JB,Removed8/8/2012 3:35 PM,C:\Users\Molly K\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\17ec923d-59ba9c60\pera\perc.class,JAVA_EXPLOYT.JB,Removed8/8/2012 3:35 PM,C:\Users\Molly K\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\17ec923d-59ba9c60\pera\pere.class,JAVA_EXPLOYT.JB,Removed8/8/2012 3:35 PM,C:\Users\Molly K\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\17ec923d-59ba9c60\pera\perd.class,JAVA_EXPLOYT.JB,Removed8/8/2012 3:35 PM,C:\Users\Molly K\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\ef12141-309c829e\ps_fa\b2e.class,JAVA_DLOAD.VO,Removed8/8/2012 3:35 PM,C:\Users\Molly K\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\ef12141-309c829e\ps_fa\ps_fe.class,JAVA_DLOAD.VO,Removed8/8/2012 3:35 PM,C:\Users\Molly K\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\ef12141-309c829e\ps_fa\ps_fd.class,JAVA_DLOAD.VO,Removed8/8/2012 3:35 PM,C:\Users\Molly K\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\ef12141-309c829e\ps_fa\F.class,JAVA_DLOAD.VO,Removed8/8/2012 3:35 PM,C:\Users\Molly K\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\ef12141-309c829e\ps_fa\ps_fa.class,JAVA_DLOAD.VO,Removed8/8/2012 3:35 PM,C:\Users\Molly K\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\ef12141-309c829e\ps_fa\ps_fc.class,JAVA_DLOAD.VO,Removed8/8/2012 3:35 PM,C:\Users\Molly K\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\ef12141-309c829e\ps_fa\ps_fb.class,JAVA_DLOAD.VO,Removed8/8/2012 8:07 PM,C:\Windows\Installer\{c0bbd9c8-dc52-6eac-0619-123afb8c61ab}\U\80000064.@,TROJ_GEN.R01CDH7,Removed8/8/2012 8:09 PM,C:\Windows\Installer\{c0bbd9c8-dc52-6eac-0619-123afb8c61ab}\U\00000004.@,TROJ_SIREFEF.UV,Removed8/8/2012 8:09 PM,C:\Windows\Installer\{c0bbd9c8-dc52-6eac-0619-123afb8c61ab}\U\00000008.@,TROJ_SIREFEF.GF,Removed8/8/2012 8:09 PM,C:\Windows\Installer\{c0bbd9c8-dc52-6eac-0619-123afb8c61ab}\U\000000cb.@,TROJ_SIREFEF.UT,Removed8/8/2012 8:09 PM,C:\Windows\Installer\{c0bbd9c8-dc52-6eac-0619-123afb8c61ab}\U\00000004.@,TROJ_SIREFEF.UV,Removed8/8/2012 8:09 PM,C:\Windows\Installer\{c0bbd9c8-dc52-6eac-0619-123afb8c61ab}\U\000000cb.@,TROJ_SIREFEF.UT,Removed8/8/2012 8:09 PM,C:\Windows\Installer\{c0bbd9c8-dc52-6eac-0619-123afb8c61ab}\U\80000064.@,TROJ_GEN.R01CDH7,Removed8/8/2012 8:09 PM,C:\Windows\Installer\{c0bbd9c8-dc52-6eac-0619-123afb8c61ab}\U\00000008.@,TROJ_SIREFEF.GF,Removed8/8/2012 8:10 PM,C:\Windows\System32\services.exe,PTCH_ZACCESS.SIX,Detected8/8/2012 8:13 PM,C:\Windows\Installer\{c0bbd9c8-dc52-6eac-0619-123afb8c61ab}\U\000000cb.@,TROJ_SIREFEF.UT,Removed8/8/2012 8:13 PM,C:\Windows\Installer\{c0bbd9c8-dc52-6eac-0619-123afb8c61ab}\U\00000004.@,TROJ_SIREFEF.UV,Removed8/8/2012 8:14 PM,C:\Windows\Installer\{c0bbd9c8-dc52-6eac-0619-123afb8c61ab}\U\80000064.@,TROJ_GEN.R01CDH7,Removed8/8/2012 8:14 PM,C:\Windows\Installer\{c0bbd9c8-dc52-6eac-0619-123afb8c61ab}\U\00000008.@,TROJ_SIREFEF.GF,Removed8/8/2012 8:49 PM,C:\Windows\assembly\GAC_32\Desktop.ini,TROJ_SIREFEF.DAM,Removed8/8/2012 8:49 PM,C:\Windows\assembly\GAC_64\Desktop.ini,TROJ_SIREFEF.DAM,Removed8/9/2012 11:40 AM,C:\TDSSKiller_Quarantine\09.08.2012_11.34.29\mbr0000\tdlfs0000\tsk0009.dta,RTKT_TDSS.BSS,Removed8/9/2012 12:19 PM,C:\TDSSKiller_Quarantine\09.08.2012_12.15.52\tdlfs0000\tsk0009.dta,RTKT_TDSS.BSS,Removed8/9/2012 12:40 PM,C:\TDSSKiller_Quarantine\09.08.2012_11.34.29\mbr0000\tdlfs0000\tsk0000.dta,TROJ_GEN.RCBC8H7,Removed8/9/2012 12:40 PM,C:\TDSSKiller_Quarantine\09.08.2012_11.34.29\mbr0000\tdlfs0000\tsk0002.dta,TROJ_OLMARIK.OZ,Removed8/9/2012 12:40 PM,C:\TDSSKiller_Quarantine\09.08.2012_11.34.29\mbr0000\tdlfs0000\tsk0003.dta,TROJ_OLMARIK.PA,Removed8/9/2012 12:40 PM,C:\TDSSKiller_Quarantine\09.08.2012_11.34.29\mbr0000\tdlfs0000\tsk0005.dta,TROJ_OLMARIK.ERO,Removed8/9/2012 12:40 PM,C:\TDSSKiller_Quarantine\09.08.2012_11.34.29\mbr0000\tdlfs0000\tsk0009.dta,TROJ_ALUREON.DRY,Removed8/9/2012 12:40 PM,C:\TDSSKiller_Quarantine\09.08.2012_12.15.52\tdlfs0000\tsk0000.dta,TROJ_GEN.RCBC8H7,Removed8/9/2012 12:40 PM,C:\TDSSKiller_Quarantine\09.08.2012_12.15.52\tdlfs0000\tsk0002.dta,TROJ_OLMARIK.OZ,Removed8/9/2012 12:40 PM,C:\TDSSKiller_Quarantine\09.08.2012_12.15.52\tdlfs0000\tsk0003.dta,TROJ_OLMARIK.PA,Removed8/9/2012 12:40 PM,C:\TDSSKiller_Quarantine\09.08.2012_12.15.52\tdlfs0000\tsk0005.dta,TROJ_OLMARIK.ERO,Removed8/9/2012 12:40 PM,C:\TDSSKiller_Quarantine\09.08.2012_12.15.52\tdlfs0000\tsk0009.dta,TROJ_ALUREON.DRY,RemovedWeb ThreatsDate/Time,Website Address,Response8/8/2012 3:24 PM,http://37.220.36.44/z/,Blocked8/8/2012 3:32 PM,http://37.220.36.44/s/1057/5005/1344434165585_42788194776580/,Blocked8/8/2012 3:32 PM,http://colexity777.com/x/,Blocked8/8/2012 3:33 PM,http://37.220.36.44/s/1057/5005/1344434165585_42788194776580/,Blocked8/8/2012 3:34 PM,http://37.220.36.44/z/,Blocked8/8/2012 3:36 PM,http://colexity777.com/x/,Blocked8/8/2012 3:40 PM,http://espeak911.com/x/,Blocked8/8/2012 3:50 PM,http://37.220.36.44/s/1057/5005/1344434165585_42788194776580/,Blocked8/8/2012 3:51 PM,http://37.220.36.44/s/1057/5005/1344434165585_42788194776580/,Blocked8/8/2012 3:54 PM,http://espeak911.com/x/,Blocked8/8/2012 3:58 PM,http://espeak911.com/x/,Blocked8/8/2012 4:01 PM,http://colexity777.com/x/,Blocked8/8/2012 4:03 PM,http://37.220.36.44/s/1057/5005/1344434165585_42788194776580/,Blocked8/8/2012 4:05 PM,http://espeak911.com/x/,Blocked8/8/2012 4:13 PM,http://37.220.36.44/z/,Blocked8/8/2012 4:22 PM,http://espeak911.com/x/,Blocked8/8/2012 4:28 PM,http://espeak911.com/x/,Blocked8/8/2012 4:35 PM,http://37.220.36.44/x/,Blocked8/8/2012 4:36 PM,http://colexity777.com/x/,Blocked8/8/2012 4:44 PM,http://ads.trk4.com/rd/b.php?bid=55157&sid=4609&pub=102333,Blocked8/8/2012 4:47 PM,http://37.220.36.44/x/,Blocked8/8/2012 4:55 PM,http://37.220.36.44/x/,Blocked8/8/2012 4:58 PM,http://37.220.36.44/x/,Blocked8/8/2012 5:02 PM,http://colexity777.com/x/,Blocked8/8/2012 5:10 PM,http://colexity777.com/x/,Blocked8/8/2012 5:14 PM,http://colexity777.com/x/,Blocked8/8/2012 5:16 PM,http://37.220.36.44/x/,Blocked8/8/2012 5:18 PM,http://espeak911.com/x/,Blocked8/8/2012 5:25 PM,http://37.220.36.44/x/,Blocked8/8/2012 5:27 PM,http://colexity777.com/x/,Blocked8/8/2012 5:29 PM,http://37.220.36.44/x/,Blocked8/8/2012 5:32 PM,http://37.220.36.44/x/,Blocked8/8/2012 5:34 PM,http://colexity777.com/x/,Blocked8/8/2012 5:39 PM,http://37.220.36.44/x/,Blocked8/8/2012 5:40 PM,http://colexity777.com/x/,Blocked8/8/2012 5:43 PM,http://colexity777.com/x/,Blocked8/8/2012 5:49 PM,http://colexity777.com/x/,Blocked8/8/2012 5:52 PM,http://37.220.36.44/x/,Blocked8/8/2012 5:53 PM,http://colexity777.com/x/,Blocked8/8/2012 5:59 PM,http://colexity777.com/x/,Blocked8/8/2012 6:05 PM,http://espeak911.com/x/,Blocked8/8/2012 6:07 PM,http://37.220.36.44/x/,Blocked8/8/2012 6:10 PM,http://37.220.36.44/x/,Blocked8/8/2012 6:29 PM,http://37.220.36.44/x/,Blocked8/8/2012 6:30 PM,http://colexity777.com/x/,Blocked8/8/2012 6:33 PM,http://37.220.36.44/x/,Blocked8/8/2012 6:35 PM,http://espeak911.com/x/,Blocked8/8/2012 6:43 PM,http://colexity777.com/x/,Blocked8/8/2012 6:44 PM,http://espeak911.com/x/,Blocked8/8/2012 6:48 PM,http://37.220.36.44/x/,Blocked8/8/2012 6:52 PM,http://colexity777.com/x/,Blocked8/8/2012 6:56 PM,http://colexity777.com/x/,Blocked8/8/2012 6:59 PM,http://colexity777.com/x/,Blocked8/8/2012 7:01 PM,http://37.220.36.44/x/,Blocked8/8/2012 7:04 PM,http://37.220.36.44/x/,Blocked8/8/2012 8:07 PM,http://xicdvrxhegbcizpqwwao.com/zx8WSXh76iiLKdj01LjImaWQ9MDYyNmUwZDkmYWlkPTMwNTA3JnNpZD0zJnE9Y29tYm9maXgmZW5nPXd3dy5nb29nbGUuY29tJm9zPTYuMS02NCZicj1maXJlZm94JnM9MA==sRsyvv29nU,Blocked8/8/2012 8:07 PM,http://xicdvrxhegbcizpqwwao.com/Ux4mSQQ78LiYjdj01LjImaWQ9MDYyNmUwZDkmYWlkPTMwNTA3JnNpZD0zJnE9Y29tYm9maXgmZW5nPXd3dy5nb29nbGUuY29tJm9zPTYuMS02NCZicj1maXJlZm94JnM9MA==eeZ5klecCE,Blocked8/8/2012 8:09 PM,http://37.220.36.44/z/,Blocked8/8/2012 8:09 PM,http://ariydbprsqjzknvqiydv.com/Ommmvdj0yLjAmaWQ9MDYyNmUwZDkmYWlkPTMwNTA3JnNpZD0zJmt3PVkyOXRZbTltYVhnTkNtTnZiV0p2Wm1sNERRcDBjbVZ1WkN0dGFXTnlieXRvYjNWelpXTmhiR3dOQ25SeVpXNWtLMjFwWTNKdksyaHZkWE5sWTJGc2JBMEtkSEpsYm1RcmJXbGpjbThyYUc5MWMyVmpZV3hzRFFwMGNtVnVaQ3...XpJd05UVTFOemt5Sm5KbGMzQnZibk5sWDNSNWNHVTlkRzlyWlc0bE1rTnphV2R1WldSZmNtVnhkV1Z6ZENVeVEyTnZaR1VtYzJSclBXcHZaWGs9JnJlZj1kM2QzTG1kbFpXdHpkRzluYnk1amIyMHZabTl5ZFcwdlptbHNaWE12Wm1sc1pTOHhPVGN0WTI5dFltOW1hWGd0WW5rdGMzVmljeTg9Jm9zPTYuMS02NA==sYBces9WU61IIthMznI,Blocked8/8/2012 8:10 PM,http://ojcpqnhrodavzlowbhfcug.com/nsZe54RhhVpwdj01LjUmaWQ9MDYyNmUwZDkmYWlkPTMwNTA3JnNpZD0zJm9zPTYuMS02NCZmcD0xJmFkPTE=55oAHqCm4N,Blocked8/8/2012 8:13 PM,http://ariydbprsqjzknvqiydv.com/VGnNcdj0yLjAmaWQ9MDYyNmUwZDkmYWlkPTMwNTA3JnNpZD0zJmt3PVkyOXRZbTltYVhnTkNtTnZiV0p2Wm1sNERRcDBjbVZ1WkN0dGFXTnlieXRvYjNWelpXTmhiR3dOQ25SeVpXNWtLMjFwWTNKdksyaHZkWE5sWTJGc2JBMEtkSEpsYm1RcmJXbGpjbThyYUc5MWMyVmpZV3hzRFFwMGNtVnVaQ3...XlSbVJ2ZDI1c2IyRmtMbU51WlhRdVkyOXRKVEpHUTI5dFltOW1hWGdsTWtZek1EQXdMVGd3TWpKZk5DMDNOVEl5TVRBM015NW9kRzFzSm1WcFBWcFJOR3BWU1c0eVF6aFFSWGxSUjJJNFNVZG5SSGNtZFhOblBVRkdVV3BEVGtocVozQkhhakJUUldSdUxWOVlkWFpYWlZGS1EyOXpkVll3TFdjPSZvcz02LjEtNjQ=YBScEl8ib44ttwBDNuA,Blocked8/8/2012 8:13 PM,http://37.220.36.44/z/,Blocked8/8/2012 8:13 PM,http://xicdvrxhegbcizpqwwao.com/UB5ThNQ74iiFndj01LjImaWQ9MDYyNmUwZDkmYWlkPTMwNTA3JnNpZD0zJnE9Y29tYm9maXguZXhlJmVuZz13d3cuZ29vZ2xlLmNvbSZvcz02LjEtNjQmYnI9ZmlyZWZveCZzPTA=exmMHsq4nw,Blocked8/8/2012 8:14 PM,http://ariydbprsqjzknvqiydv.com/2mbuYdj0yLjAmaWQ9MDYyNmUwZDkmYWlkPTMwNTA3JnNpZD0zJmt3PVkyOXRZbTltYVhndVpYaGxEUXBqYjIxaWIyWnBlQTBLWTI5dFltOW1hWGdOQ25SeVpXNWtLMjFwWTNKdksyaHZkWE5sWTJGc2JBMEtkSEpsYm1RcmJXbGpjbThyYUc5MWMyVmpZV3hzRFFwMGNtVnVaQ3R0YVdOeWJ5dG9iM1...1lsTWtaM2QzY3VZbXhsWlhCcGJtZGpiMjF3ZFhSbGNpNWpiMjBsTWtaamIyMWliMlpwZUNVeVJtaHZkeTEwYnkxMWMyVXRZMjl0WW05bWFYZ21aV2s5TUZFMGFsVkxkbUZNVDFoWE1rRlhjRE5uUlNaMWMyYzlRVVpSYWtOT1IxWmxkbTVWZGtWaGRITkVWMlF5YWkxTlIzcDZaV2hUTWtoWmR3PT0mb3M9Ni4xLTY0BJxtqV7fp52ItxKxGnU,Blocked8/8/2012 8:14 PM,http://ojcpqnhrodavzlowbhfcug.com/Ggam66xEOricdj01LjUmaWQ9MDYyNmUwZDkmYWlkPTMwNTA3JnNpZD0zJm9zPTYuMS02NCZmcD0xJmFkPTE=53YYlHuc8M,Blocked8/8/2012 8:16 PM,http://espeak911.com/z/,Blocked8/8/2012 8:50 PM,http://espeak911.com/z/,Blocked8/8/2012 9:15 PM,http://espeak911.com/s/1057/5005/1344434165585_42788194776580/,Blocked8/8/2012 9:15 PM,http://espeak911.com/z/,Blocked8/8/2012 9:24 PM,http://zolyawebadmin.com/?q=move+to+increase+the+security+of+financial+transactions+with+credit+cards+that+generate+a+onetime+pa,Blocked8/8/2012 9:24 PM,http://colexity777.com/s/1057/5005/1344434165585_42788194776580/,Blocked8/8/2012 9:29 PM,http://espeak911.com/z/,Blocked8/8/2012 9:30 PM,http://37.220.36.44/x/,Blocked8/8/2012 9:47 PM,http://espeak911.com/z/,Blocked8/8/2012 9:50 PM,http://colexity777.com/z/,Blocked8/8/2012 9:57 PM,http://37.220.36.44/x/,Blocked8/8/2012 10:01 PM,http://37.220.36.44/x/,Blocked8/8/2012 10:06 PM,http://37.220.36.44/x/,Blocked8/8/2012 11:17 PM,http://espeak911.com/z/,Blocked8/8/2012 11:19 PM,http://colexity777.com/z/,Blocked8/8/2012 11:23 PM,http://colexity777.com/z/,Blocked8/8/2012 11:27 PM,http://espeak911.com/z/,Blocked8/8/2012 11:28 PM,http://37.220.36.44/x/,Blocked8/8/2012 11:35 PM,http://espeak911.com/z/,Blocked8/9/2012 12:12 AM,http://37.220.36.44/z/,Blocked8/9/2012 12:14 AM,http://espeak911.com/s/1057/5005/1344434165585_42788194776580/,Blocked8/9/2012 12:18 AM,http://colexity777.com/z/,Blocked8/9/2012 12:18 AM,http://colexity777.com/s/1057/5005/1344434165585_42788194776580/,Blocked8/9/2012 7:42 AM,http://zolyatrafficworld.com/?q=cash+loans+instant+online+no+faxing+one+hour,Blocked8/9/2012 7:42 AM,http://zolyatrafficworld.com/?q=cash+loans+instant+online+no+faxing+one+hour,Blocked8/9/2012 7:42 AM,http://zolyatrafficworld.com/?q=cash+loans+instant+online+no+faxing+one+hour,Blocked8/9/2012 7:42 AM,http://zolyatrafficworld.com/?q=cash+loans+instant+online+no+faxing+one+hour,Blocked8/9/2012 7:42 AM,http://zolyatrafficworld.com/?q=cash+loans+instant+online+no+faxing+one+hour,Blocked8/9/2012 7:43 AM,http://zolyatrafficworld.com/?q=cash+loans+instant+online+no+faxing+one+hour,Blocked8/9/2012 7:43 AM,http://zolyatrafficworld.com/?q=cash+loans+instant+online+no+faxing+one+hour,Blocked8/9/2012 7:43 AM,http://zolyatrafficworld.com/?q=cash+loans+instant+online+no+faxing+one+hour,Blocked8/9/2012 7:43 AM,http://espeak911.com/x/,Blocked8/9/2012 7:43 AM,http://zolyatrafficworld.com/?q=cash+loans+instant+online+no+faxing+one+hour,Blocked8/9/2012 7:43 AM,http://zolyatrafficworld.com/?q=cash+loans+instant+online+no+faxing+one+hour,Blocked8/9/2012 7:43 AM,http://zolyatrafficworld.com/?q=cash+loans+instant+online+no+faxing+one+hour,Blocked8/9/2012 7:44 AM,http://tags.expo9.exponential.com/tags/BurstMediacom/AudienceSelectUK/tags.js,Blocked8/9/2012 7:44 AM,http://zolyatrafficworld.com/?q=cash+loans+instant+online+no+faxing+one+hour,Blocked8/9/2012 7:44 AM,http://zolyatrafficworld.com/?q=cash+loans+instant+online+no+faxing+one+hour,Blocked8/9/2012 7:44 AM,http://zolyatrafficworld.com/?q=cash+loans+instant+online+no+faxing+one+hour,Blocked8/9/2012 7:44 AM,http://zolyatrafficworld.com/?q=cash+loans+instant+online+no+faxing+one+hour,Blocked8/9/2012 7:44 AM,http://zolyatrafficworld.com/?q=cash+loans+instant+online+no+faxing+one+hour,Blocked8/9/2012 7:45 AM,http://37.220.36.44/x/,Blocked8/9/2012 7:45 AM,http://zolyatrafficworld.com/?q=cash+loans+instant+online+no+faxing+one+hour,Blocked8/9/2012 7:45 AM,http://zolyatrafficworld.com/?q=cash+loans+instant+online+no+faxing+one+hour,Blocked8/9/2012 7:45 AM,http://zolyatrafficworld.com/?q=cash+loans+instant+online+no+faxing+one+hour,Blocked8/9/2012 7:45 AM,http://zolyatrafficworld.com/?q=cash+loans+instant+online+no+faxing+one+hour,Blocked8/9/2012 7:45 AM,http://zolyatrafficworld.com/?q=cash+loans+instant+online+no+faxing+one+hour,Blocked8/9/2012 7:46 AM,http://zolyatrafficworld.com/?q=cash+loans+instant+online+no+faxing+one+hour,Blocked8/9/2012 7:46 AM,http://zolyatrafficworld.com/?q=cash+loans+instant+online+no+faxing+one+hour,Blocked8/9/2012 7:46 AM,http://zolyatrafficworld.com/?q=cash+loans+instant+online+no+faxing+one+hour,Blocked8/9/2012 7:49 AM,http://37.220.36.44/x/,Blocked8/9/2012 7:51 AM,http://colexity777.com/z/,Blocked8/9/2012 7:52 AM,http://espeak911.com/x/,Blocked8/9/2012 7:53 AM,http://37.220.36.44/x/,Blocked8/9/2012 7:55 AM,http://colexity777.com/z/,Blocked8/9/2012 7:57 AM,http://espeak911.com/x/,Blocked8/9/2012 7:58 AM,http://37.220.36.44/x/,Blocked8/9/2012 8:00 AM,http://colexity777.com/z/,Blocked8/9/2012 8:01 AM,http://espeak911.com/x/,Blocked8/9/2012 10:43 AM,http://espeak911.com/x/,Blocked8/9/2012 10:45 AM,http://colexity777.com/z/,Blocked8/9/2012 11:31 AM,http://37.220.36.44/x/,Blocked8/9/2012 11:42 AM,http://37.220.36.44/x/,Blocked Link to post Share on other sites More sharing options...
MrCharlie Posted August 9, 2012 ID:582873 Share Posted August 9, 2012 Check the dates on them:Most of them:8/8/2012 <---was yesterdayThis was today > it found files that were already in quarantine:8/9/2012 11:40 AM,C:\TDSSKiller_Quarantine\09.08.2012_11.34.29\mbr0000\tdlfs0000\tsk0009.dta,RTKT_TDSS.BSS,Removed8/9/2012 12:19 PM,C:\TDSSKiller_Quarantine\09.08.2012_12.15.52\tdlfs0000\tsk0009.dta,RTKT_TDSS.BSS,Removed8/9/2012 12:40 PM,C:\TDSSKiller_Quarantine\09.08.2012_11.34.29\mbr0000\tdlfs0000\tsk0000.dta,TROJ_GEN.RCBC8H7,Removed8/9/2012 12:40 PM,C:\TDSSKiller_Quarantine\09.08.2012_11.34.29\mbr0000\tdlfs0000\tsk0002.dta,TROJ_OLMARIK.OZ,Removed8/9/2012 12:40 PM,C:\TDSSKiller_Quarantine\09.08.2012_11.34.29\mbr0000\tdlfs0000\tsk0003.dta,TROJ_OLMARIK.PA,Removed8/9/2012 12:40 PM,C:\TDSSKiller_Quarantine\09.08.2012_11.34.29\mbr0000\tdlfs0000\tsk0005.dta,TROJ_OLMARIK.ERO,Removed8/9/2012 12:40 PM,C:\TDSSKiller_Quarantine\09.08.2012_11.34.29\mbr0000\tdlfs0000\tsk0009.dta,TROJ_ALUREON.DRY,Removed8/9/2012 12:40 PM,C:\TDSSKiller_Quarantine\09.08.2012_12.15.52\tdlfs0000\tsk0000.dta,TROJ_GEN.RCBC8H7,Removed8/9/2012 12:40 PM,C:\TDSSKiller_Quarantine\09.08.2012_12.15.52\tdlfs0000\tsk0002.dta,TROJ_OLMARIK.OZ,Removed8/9/2012 12:40 PM,C:\TDSSKiller_Quarantine\09.08.2012_12.15.52\tdlfs0000\tsk0003.dta,TROJ_OLMARIK.PA,Removed8/9/2012 12:40 PM,C:\TDSSKiller_Quarantine\09.08.2012_12.15.52\tdlfs0000\tsk0005.dta,TROJ_OLMARIK.ERO,Removed8/9/2012 12:40 PM,C:\TDSSKiller_Quarantine\09.08.2012_12.15.52\tdlfs0000\tsk0009.dta,TROJ_ALUREON.DRY,Removed---------------------------Clear out Java cache:http://www.java.com/...lugin_cache.xmlReboot and run another scan with RogueKiller and post the log, MrC Link to post Share on other sites More sharing options...
mollyk36 Posted August 9, 2012 Author ID:582910 Share Posted August 9, 2012 RogueKiller V7.6.5 [08/03/2012] by Tigzymail: tigzyRK<at>gmail<dot>comFeedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/Blog: http://tigzyrk.blogspot.comOperating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits versionStarted in : Normal modeUser: Molly K [Admin rights]Mode: Scan -- Date: 08/09/2012 14:45:13¤¤¤ Bad processes: 0 ¤¤¤¤¤¤ Registry Entries: 4 ¤¤¤[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND[HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND¤¤¤ Particular Files / Folders: ¤¤¤¤¤¤ Driver: [NOT LOADED] ¤¤¤¤¤¤ Infection : ¤¤¤¤¤¤ HOSTS File: ¤¤¤127.0.0.1 localhost¤¤¤ MBR Check: ¤¤¤+++++ PhysicalDrive0: WDC WD5000AACS-00ZUB0 ATA Device +++++--- User ---[MBR] 1ccfabf4b4a924bec3fbbd6bd2de7354[bSP] a04dc3e56052820b06bf7586ce024c78 : Windows 7 MBR CodePartition table:0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476936 MoUser = LL1 ... OK!User = LL2 ... OK!Finished : << RKreport[2].txt >>RKreport[1].txt ; RKreport[2].txt Link to post Share on other sites More sharing options...
MrCharlie Posted August 9, 2012 ID:582911 Share Posted August 9, 2012 It's clean ----- How's it running?? MrC Link to post Share on other sites More sharing options...
mollyk36 Posted August 9, 2012 Author ID:582924 Share Posted August 9, 2012 Yay! It seems to be running fine.Do you think I am safe to do any online work with it or should I just back-up and format from here?What protection software should I be using to prevent this from happening again?Is there any way of knowing how long i was infected? or where I got it from?I have to admit I am a little freaked out by all of this. Link to post Share on other sites More sharing options...
MrCharlie Posted August 9, 2012 ID:582930 Share Posted August 9, 2012 Do you think I am safe to do any online work with it or should I just back-up and format from here?I nor anyone else can say 100% that you're clean and safe, but I would say you're OKFormat and reinstall is the only sure way to say you're secure.What protection software should I be using to prevent this from happening again?Take a good look at my Preventive Maintenance belowIs there any way of knowing how long i was infected? or where I got it from?Did you recently install an Adobe Flash Player Update?It's a fairly new infection so I would within the last 2 weeks.--------------------------------------A little clean up to do....Please Uninstall ComboFix: (if you used it)Press the Windows logo key + R to bring up the "run box"Copy and paste next command in the field:ComboFix /uninstallMake sure there's a space between Combofix and /Then hit enter.This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall)---------------------------------Please download OTL from one of the links below: (you may already have OTL on the system)http://oldtimer.geekstogo.com/OTL.exehttp://oldtimer.geekstogo.com/OTL.comhttp://www.itxassoci...T-Tools/OTL.exeSave it to your desktop.Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)Any other programs or logs you can manually delete.IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, etc....-------------------------------Any questions...please post back.If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.Take a look at My Preventive Maintenance to avoid being infected again.Good Luck and Thanks for using the forum, MrC Link to post Share on other sites More sharing options...
Recommended Posts