Jump to content

svchost.exe


Recommended Posts

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31

Run by Molly K at 23:38:33 on 2012-08-08

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8175.6487 [GMT -5:00]

.

AV: Trend Micro Titanium Maximum Security 2012 *Disabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}

SP: Trend Micro Titanium Maximum Security 2012 *Disabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe

C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe

C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe

C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe

C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE

C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe

C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe

C:\Program Files (x86)\Common Files\Logishrd\LVMVFM\LVPrS64H.exe

C:\Program Files (x86)\Common Files\Motive\pcCMService.exe

C:\Program Files\Common Files\Motive\pcCMService.exe

C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe

C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe

C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files\ATT-SST\pcTrayApp.exe

C:\Program Files (x86)\Common Files\Motive\pcContextHookShim.exe

C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

C:\Program Files (x86)\Kodak\MediaImpression\ArcMonitor.exe

C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe

C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe

C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe

C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe

C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Windows\sysWOW64\wbem\wmiprvse.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\system32\SearchIndexer.exe

-netsvcs

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_270_ActiveX.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: Splashtop Connect SearchHook: {0f3dc9e0-c459-4a40-bcf8-747bd9322e10} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\AddressBarSearch.dll

BHO: Splashtop Connect VisualBookmark: {0e5680d1-bf44-4929-94af-fd30d784ad1d} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STC.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll

BHO: TSToolbarBHO: {43c6d902-a1c5-45c9-91f6-fd9e90337e18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL

BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL

BHO: TmBpIeBHO Class: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1102\7.1.1102\TmBpIe32.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Trend Micro Toolbar: {ccac5586-44d7-4c43-b64a-f042461a97d2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll

uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe

uRun: [NVIDIA nTune] "C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe" clear

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [ArcSoft Connection Service] "C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe"

mRun: [ArcSoft MediaImpression Monitor] "C:\Program Files (x86)\Kodak\MediaImpression\ArcMonitor.exe"

mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide

mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

mRun: [sTCAgent] "C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe"

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe

mRun: [ZyngaGamesAgent] "C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe"

mRun: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEVENT~1.EXE

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Trusted Zone: $talisma_url$

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_17-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{18E913FB-9919-4288-8DA7-27333B19059B} : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{CE42A69D-E8E6-4531-BA8A-53BE196CA14F} : DhcpNameServer = 192.168.1.254

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe32.dll

Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll

Handler: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll

Handler: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL

BHO-X64: Splashtop Connect VisualBookmark: {0E5680D1-BF44-4929-94AF-FD30D784AD1D} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STC.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll

BHO-X64: Trend Micro NSC BHO - No File

BHO-X64: TSToolbarBHO: {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll

BHO-X64: Trend Micro Toolbar BHO - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL

BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO-X64: SkypeIEPluginBHO - No File

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1102\7.1.1102\TmBpIe32.dll

BHO-X64: TmBpIeBHO - No File

BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: Trend Micro Toolbar: {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [ArcSoft Connection Service] "C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe"

mRun-x64: [ArcSoft MediaImpression Monitor] "C:\Program Files (x86)\Kodak\MediaImpression\ArcMonitor.exe"

mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun-x64: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide

mRun-x64: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe

mRun-x64: [sTCAgent] "C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe"

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe

mRun-x64: [ZyngaGamesAgent] "C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe"

mRun-x64: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEVENT~1.EXE

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Molly K\AppData\Roaming\Mozilla\Firefox\Profiles\auikov9m.default\

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: network.proxy.type - 0

FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Common Files\Motive\npMotive.dll

FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll

.

============= SERVICES / DRIVERS ===============

.

R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);C:\Windows\system32\DRIVERS\tdrpm258.sys --> C:\Windows\system32\DRIVERS\tdrpm258.sys [?]

R1 AppleCharger;AppleCharger;C:\Windows\system32\DRIVERS\AppleCharger.sys --> C:\Windows\system32\DRIVERS\AppleCharger.sys [?]

R1 tmevtmgr;tmevtmgr;C:\Windows\system32\DRIVERS\tmevtmgr.sys --> C:\Windows\system32\DRIVERS\tmevtmgr.sys [?]

R2 afcdpsrv;Acronis Nonstop Backup service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2010-5-19 2480048]

R2 LVPrcS64;Process Monitor;C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe [2010-5-7 197976]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-8-8 655944]

R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-3-10 2348352]

R2 pcCMService;pcCMService;C:\Program Files (x86)\Common Files\Motive\pcCMService.exe [2012-7-19 361472]

R2 pcCMService64;pcCMService64;C:\Program Files\Common Files\Motive\pcCMService.exe [2012-7-19 441344]

R2 pcServiceHost;pcServiceHost;C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe [2012-7-19 342016]

R2 SCBackService;Splashtop Connect Service;C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe [2010-11-15 477000]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-2-9 382272]

R2 WCUService_STC_FF;Splashtop Connect Firefox Software Updater Service;C:\Program Files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe [2011-3-23 493384]

R2 WCUService_STC_IE;Splashtop Connect IE Software Updater Service;C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe [2011-3-22 497480]

R3 afcdp;afcdp;C:\Windows\system32\DRIVERS\afcdp.sys --> C:\Windows\system32\DRIVERS\afcdp.sys [?]

R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\system32\Drivers\EtronHub3.sys --> C:\Windows\system32\Drivers\EtronHub3.sys [?]

R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\system32\Drivers\EtronXHCI.sys --> C:\Windows\system32\Drivers\EtronXHCI.sys [?]

R3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys --> C:\Windows\system32\DRIVERS\LVPr2M64.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 MEIx64;Intel® Management Engine Interface ;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]

R3 tmeevw;tmeevw;C:\Windows\system32\DRIVERS\tmeevw.sys --> C:\Windows\system32\DRIVERS\tmeevw.sys [?]

R3 tmnciesc;tmnciesc;C:\Windows\system32\DRIVERS\tmnciesc.sys --> C:\Windows\system32\DRIVERS\tmnciesc.sys [?]

S2 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2012-8-8 275912]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-24 136176]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-9 250056]

S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]

S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-5-15 79360]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-24 136176]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 113120]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);C:\Windows\system32\DRIVERS\ssadbus.sys --> C:\Windows\system32\DRIVERS\ssadbus.sys [?]

S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);C:\Windows\system32\DRIVERS\ssadmdfl.sys --> C:\Windows\system32\DRIVERS\ssadmdfl.sys [?]

S3 ssadmdm;SAMSUNG Android USB Modem Drivers;C:\Windows\system32\DRIVERS\ssadmdm.sys --> C:\Windows\system32\DRIVERS\ssadmdm.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe --> C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [?]

.

=============== Created Last 30 ================

.

2012-08-09 04:25:38 20480 ----a-w- C:\Windows\svchost.exe

2012-08-09 04:10:57 -------- d-sh--w- C:\$RECYCLE.BIN

2012-08-09 04:01:35 -------- d-----w- C:\ComboFix

2012-08-09 02:00:11 98816 ----a-w- C:\Windows\sed.exe

2012-08-09 02:00:11 518144 ----a-w- C:\Windows\SWREG.exe

2012-08-09 02:00:11 256000 ----a-w- C:\Windows\PEV.exe

2012-08-09 02:00:11 208896 ----a-w- C:\Windows\MBR.exe

2012-08-09 01:49:25 21520 ----a-w- C:\Windows\DCEBoot64.exe

2012-08-09 01:07:38 134672 ----a-w- C:\Windows\RegBootClean64.exe

2012-08-08 21:39:35 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-08-08 20:15:28 67344 ----a-w- C:\Windows\System32\drivers\tmeevw.sys

2012-08-08 20:15:28 210704 ----a-w- C:\Windows\System32\drivers\tmnciesc.sys

2012-08-08 20:15:26 105744 ----a-w- C:\Windows\System32\drivers\tmtdi.sys

2012-08-08 20:15:22 91920 ----a-w- C:\Windows\System32\drivers\tmactmon.sys

2012-08-08 20:15:22 70928 ----a-w- C:\Windows\System32\drivers\tmevtmgr.sys

2012-08-08 20:15:22 167696 ----a-w- C:\Windows\System32\drivers\tmcomm.sys

2012-08-08 20:14:29 -------- d-----w- C:\Program Files\Trend Micro

2012-08-08 15:54:31 -------- d-----w- C:\Program Files (x86)\Trend Micro

2012-08-08 15:41:00 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll

2012-08-08 15:41:00 366592 ----a-w- C:\Windows\System32\qdvd.dll

2012-08-08 14:06:47 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{8599059B-106A-4D1D-8374-A62C2960CB64}\mpengine.dll

2012-07-19 15:17:13 -------- d-----w- C:\Program Files\ATT-SST

2012-07-19 15:17:08 -------- d-----w- C:\Program Files (x86)\ATT-SST

2012-07-19 15:14:54 -------- d-----w- C:\Program Files (x86)\Common Files\Motive

2012-07-19 15:14:48 -------- d-----w- C:\Program Files\Common Files\Motive

2012-07-11 03:06:43 3148800 ----a-w- C:\Windows\System32\win32k.sys

.

==================== Find3M ====================

.

2012-08-08 20:14:45 56 ----a-w- C:\Windows\System32\SupportTool.exe.bat

2012-08-03 13:43:07 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-08-03 13:43:07 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll

2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll

2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll

2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll

2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll

2012-06-05 07:37:22 256904 ----a-w- C:\Windows\SysWow64\drivers\tmcomm.sys

2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-02 20:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-06-02 20:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll

2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys

2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll

2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll

2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

2012-05-31 17:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe

.

============= FINISH: 23:38:58.69 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 3/22/2012 8:42:25 PM

System Uptime: 8/8/2012 11:24:12 PM (0 hours ago)

.

Motherboard: Gigabyte Technology Co., Ltd. | | Z68AP-D3

Processor: Intel® Core™ i5-2500K CPU @ 3.30GHz | Socket 1155 | 3601/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 466 GiB total, 236.726 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP12: 4/12/2012 12:23:12 AM - Windows Update

RP13: 4/19/2012 8:19:36 PM - Scheduled Checkpoint

RP14: 4/28/2012 6:01:48 AM - Removed H&R Block Deluxe + Efile + State 2010.

RP15: 4/28/2012 6:33:10 AM - Removed H&R Block Missouri 2010.

RP16: 5/5/2012 8:25:05 AM - Scheduled Checkpoint

RP17: 5/10/2012 12:27:06 AM - Windows Update

RP18: 5/17/2012 10:43:10 AM - Scheduled Checkpoint

RP19: 5/24/2012 10:50:06 AM - Scheduled Checkpoint

RP20: 5/31/2012 7:33:15 PM - Scheduled Checkpoint

RP21: 6/4/2012 11:34:13 AM - Windows Update

RP22: 6/11/2012 6:04:16 PM - Scheduled Checkpoint

RP23: 6/13/2012 9:41:46 PM - Windows Update

RP24: 6/21/2012 8:19:02 AM - Windows Update

RP25: 6/28/2012 10:32:46 AM - Scheduled Checkpoint

RP26: 7/5/2012 7:25:29 PM - Scheduled Checkpoint

RP27: 7/10/2012 10:03:02 PM - Windows Update

RP28: 7/18/2012 10:43:08 AM - Scheduled Checkpoint

RP29: 7/25/2012 11:05:32 AM - Scheduled Checkpoint

RP30: 8/2/2012 11:31:10 AM - Scheduled Checkpoint

RP31: 8/8/2012 9:06:16 AM - Windows Update

RP32: 8/8/2012 10:41:26 AM - Windows Update

RP34: 8/8/2012 4:02:59 PM - TITANUIMRES5[0x01001101]

.

==== Installed Programs ======================

.

Acrobat.com

Acronis True Image Home

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader 9.5.1

Apple Application Support

Apple Software Update

AT&T Troubleshoot & Resolve Tool

Belarc Advisor 8.1

BlackBerry Desktop Software 6.0.2

BlackBerry Desktop Software 6.1

CameraHelperMsi

D3DX10

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

EA Download Manager

EPSON Scan

EpsonNet Print

EpsonNet Setup

EQ2MAP Updater 1.2.4

erLT

Etron USB3.0 Host Controller

EverQuest II

Google Earth

Google Update Helper

Intel® Control Center

Intel® Management Engine Components

J2SE Runtime Environment 5.0 Update 17

Java Auto Updater

Java™ 6 Update 31

Junk Mail filter update

Legends of Norrath

Logitech Webcam Software

LWS Facebook

LWS Gallery

LWS Help_main

LWS Launcher

LWS Motion Detection

LWS Pictures And Video

LWS Twitter

LWS Video Mask Maker

LWS Webcam Software

LWS WLM Plugin

LWS YouTube Plugin

Malwarebytes Anti-Malware version 1.62.0.1300

Microsoft .NET Framework 1.1

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319

Microsoft WSE 3.0 Runtime

Mozilla Firefox 14.0.1 (x86 en-US)

Mozilla Maintenance Service

Mozilla Thunderbird 14.0 (x86 en-US)

MSVCRT

MSVCRT_amd64

NVIDIA nTune

NVIDIA PhysX

NVIDIA Stereoscopic 3D Driver

Omron Health Management Software

OpenAL

Pando Media Booster

QuickTime

Realtek Ethernet Controller Driver

Realtek High Definition Audio Driver

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2553431) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)

Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition

Segoe UI

Skype Click to Call

Skype™ 5.5

Splashtop Connect for Firefox

Splashtop Connect IE

Star Wars: The Old Republic

System Requirements Lab

System Requirements Lab for Intel

The Sims Medieval

The Sims™ 3

The Sims™ 3 Ambitions

The Sims™ 3 Generations

The Sims™ 3 Late Night

The Sims™ 3 Town Life Stuff

The Sims™ 3 World Adventures

Trillian

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Visual C++ 2008 x86 Runtime - (v9.0.30729)

Visual C++ 2008 x86 Runtime - v9.0.30729.01

Windows 7 Upgrade Advisor

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

World of Warcraft

XnView 1.97.8

Yahoo! Detect

.

==== Event Viewer Messages From Past Week ========

.

8/8/2012 9:24:32 AM, Error: Service Control Manager [7034] - The Trend Micro Solution Platform service terminated unexpectedly. It has done this 2 time(s).

8/8/2012 9:18:31 AM, Error: Service Control Manager [7034] - The Trend Micro Solution Platform service terminated unexpectedly. It has done this 1 time(s).

8/8/2012 9:07:29 PM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.

8/8/2012 8:53:51 PM, Error: Service Control Manager [7023] - The Security Center service terminated with the following error: The system cannot find the file specified.

8/8/2012 8:51:34 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

8/8/2012 8:51:29 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891

8/8/2012 8:47:11 AM, Error: Service Control Manager [7034] - The Trend Micro Solution Platform service terminated unexpectedly. It has done this 4 time(s).

8/8/2012 8:41:45 AM, Error: Service Control Manager [7034] - The Trend Micro Solution Platform service terminated unexpectedly. It has done this 3 time(s).

8/8/2012 8:32:20 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

8/8/2012 8:32:20 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

8/8/2012 8:32:10 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

8/8/2012 8:32:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

8/8/2012 8:31:55 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AppleCharger discache spldr tmactmon tmcomm tmevtmgr tmtdi Wanarpv6

8/8/2012 8:28:15 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.

8/8/2012 8:24:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}

8/8/2012 8:24:31 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}

8/8/2012 8:23:48 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800035bf6ea, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 080812-37502-01.

8/8/2012 8:23:43 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AppleCharger DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx tmactmon tmcomm tmevtmgr tmtdi Wanarpv6 WfpLwf

8/8/2012 8:23:43 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.

8/8/2012 8:23:43 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

8/8/2012 8:23:43 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.

8/8/2012 8:23:43 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

8/8/2012 8:23:42 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.

8/8/2012 8:23:42 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

8/8/2012 8:23:42 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.

8/8/2012 8:23:42 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.

8/8/2012 8:23:42 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.

8/8/2012 8:21:07 PM, Error: Service Control Manager [7000] - The Security Center service failed to start due to the following error: The account specified for this service is different from the account specified for other services running in the same process.

8/8/2012 8:20:52 PM, Error: Service Control Manager [7000] - The tmeevw service failed to start due to the following error: There are no more endpoints available from the endpoint mapper.

8/8/2012 7:54:36 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

8/8/2012 11:07:24 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

8/8/2012 11:07:03 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

8/8/2012 11:04:24 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.

8/8/2012 10:52:56 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800032667ef, 0x0000000000000000, 0x000000007efa0000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 080812-26738-01.

8/8/2012 10:50:16 AM, Error: Service Control Manager [7001] - The tmevtmgr service depends on the tmcomm service which failed to start because of the following error: An instance of the service is already running.

8/8/2012 10:49:46 AM, Error: Service Control Manager [7001] - The tmactmon service depends on the tmevtmgr service which failed to start because of the following error: The dependency service or group failed to start.

8/8/2012 10:30:58 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: tmactmon tmcomm tmevtmgr

8/7/2012 6:41:20 PM, Error: Service Control Manager [7034] - The Trend Micro Solution Platform service terminated unexpectedly. It has done this 11 time(s).

8/7/2012 6:35:54 PM, Error: Service Control Manager [7034] - The Trend Micro Solution Platform service terminated unexpectedly. It has done this 10 time(s).

8/7/2012 6:30:29 PM, Error: Service Control Manager [7034] - The Trend Micro Solution Platform service terminated unexpectedly. It has done this 9 time(s).

8/7/2012 6:25:03 PM, Error: Service Control Manager [7034] - The Trend Micro Solution Platform service terminated unexpectedly. It has done this 8 time(s).

8/7/2012 6:19:38 PM, Error: Service Control Manager [7034] - The Trend Micro Solution Platform service terminated unexpectedly. It has done this 7 time(s).

8/7/2012 6:14:12 PM, Error: Service Control Manager [7034] - The Trend Micro Solution Platform service terminated unexpectedly. It has done this 6 time(s).

8/7/2012 6:08:45 PM, Error: Service Control Manager [7034] - The Trend Micro Solution Platform service terminated unexpectedly. It has done this 5 time(s).

8/6/2012 8:33:35 PM, Error: Service Control Manager [7034] - The Trend Micro Solution Platform service terminated unexpectedly. It has done this 12 time(s).

8/1/2012 9:36:22 AM, Error: Service Control Manager [7034] - The Trend Micro Solution Platform service terminated unexpectedly. It has done this 13 time(s).

.

==== End Of File ===========================

Link to post
Share on other sites

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

Link to post
Share on other sites

RogueKiller V7.6.5 [08/03/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: Molly K [Admin rights]

Mode: Scan -- Date: 08/09/2012 07:47:24

¤¤¤ Bad processes: 2 ¤¤¤

[HJ NAME] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc]

[RESIDUE] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 4 ¤¤¤

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

[ZeroAccess][FOLDER] U : c:\windows\installer\{c0bbd9c8-dc52-6eac-0619-123afb8c61ab}\U --> FOUND

[ZeroAccess][FOLDER] L : c:\windows\installer\{c0bbd9c8-dc52-6eac-0619-123afb8c61ab}\L --> FOUND

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess|Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD5000AACS-00ZUB0 ATA Device +++++

--- User ---

[MBR] 1ccfabf4b4a924bec3fbbd6bd2de7354

[bSP] a04dc3e56052820b06bf7586ce024c78 : Windows 7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476936 Mo

User = LL1 ... OK!

User != LL2 ... KO!

--- LL2 ---

[MBR] 6b32e36dd24d21acb5dcb46043b0a35a

[bSP] a04dc3e56052820b06bf7586ce024c78 : Windows 7 MBR Code

Partition table:

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476936 Mo

Finished : << RKreport[1].txt >>

RKreport[1].txt

Link to post
Share on other sites

¤¤¤ Infection : ZeroAccess|Root.MBR ¤¤¤

Here you go......

Your computer is infected with a nasty rootkit. Please read the following information first.

You're infected with Rootkit.ZeroAccess, a BackDoor Trojan.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

http://www.dslreports.com/faq/10451

When Should I Format, How Should I Reinstall

http://www.dslreports.com/faq/10063

I will try my best to clean this machine but I can't guarantee that it will be 100% secure afterwards.

Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

-----------------------------------------

Please make sure system restore is running and create a new restore point before continuing!

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

How to tell > 32 or 64 bit

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:



    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt

    [*]Select Command Prompt

    [*]In the command window type in notepad and press Enter.

    [*]The notepad opens. Under File menu select Open.

    [*]Select "Computer" and find your flash drive letter and close the notepad.

    [*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

    Note: Replace letter e with the drive letter of your flash drive.

    [*]The tool will start to run.

    [*]When the tool opens click Yes to disclaimer.

    [*]Press Scan button.

    [*]FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:

    services.exe

    [*]Now press the Search button

    [*]When the search is complete, search.txt will also be written to your USB

    [*]Type exit and reboot the computer normally

    [*]Please copy and paste both logs in your reply.(FRST.txt and Search.txt)

MrC

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool Version: 08-08-2012 02

Ran by SYSTEM at 09-08-2012 10:18:50

Running from E:\

Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)

The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [12632168 2011-07-21] (Realtek Semiconductor)

HKLM\...\Run: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [361632 2009-11-12] (Acronis)

HKLM\...\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL [x]

HKLM\...\Run: [ATT-SST_McciTrayApp] "C:\Program Files\ATT-SST\pcTrayApp.exe" [2727936 2012-06-07] (Alcatel-Lucent)

HKLM\...\Run: [Trend Micro Titanium] "C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" -set Silent "1" SplashURL "" [1304824 2012-07-05] (Trend Micro Inc.)

HKLM\...\Run: [Trend Micro Client Framework] "C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [213824 2012-02-27] (Trend Micro Inc.)

HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-02] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [37296 2012-03-27] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)

HKLM-x32\...\Run: [ArcSoft Connection Service] "C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [207424 2010-10-27] (ArcSoft Inc.)

HKLM-x32\...\Run: [ArcSoft MediaImpression Monitor] "C:\Program Files (x86)\Kodak\MediaImpression\ArcMonitor.exe" [80448 2010-12-15] (ArcSoft, Inc.)

HKLM-x32\...\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)

HKLM-x32\...\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide [165208 2010-05-07] (Logitech Inc.)

HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [79192 2011-02-18] (Research In Motion Limited)

HKLM-x32\...\Run: [sTCAgent] "C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe" [776064 2011-03-04] (Splashtop Inc.)

HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)

HKLM-x32\...\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5106904 2009-11-12] (Acronis)

HKLM-x32\...\Run: [ZyngaGamesAgent] "C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe" [841544 2010-11-15] (Splashtop Inc.)

HKLM-x32\...\Run: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEVENT~1.EXE [673616 2009-04-07] (SEIKO EPSON CORPORATION)

HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)

HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation)

HKU\Molly K\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [163328 2010-11-20] (Microsoft Corporation)

HKU\Molly K\...\Run: [NVIDIA nTune] "C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe" clear [98304 2007-07-03] (NVIDIA)

HKU\Molly K\...\Policies\system: [LogonHoursAction] 2

HKU\Molly K\...\Policies\system: [DontDisplayLogonHoursWarnings] 1

HKU\UpdatusUser\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [163328 2010-11-20] (Microsoft Corporation)

HKU\UpdatusUser\...\Run: [EPSON NX510 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFIA.EXE /FU "C:\Windows\TEMP\E_S8028.tmp" /EF "HKCU" [223232 2008-11-20] (SEIKO EPSON CORPORATION)

HKU\UpdatusUser\...\Run: [NVIDIA nTune] "C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe" clear [98304 2007-07-03] (NVIDIA)

HKU\UpdatusUser\...\Run: [Epson Stylus NX510(Network)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFIA.EXE /FU "C:\Users\MOLLYK~1\AppData\Local\Temp\E_S5908.tmp" /EF "HKCU" [223232 2008-11-20] (SEIKO EPSON CORPORATION)

HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1085000 2012-07-03] (Malwarebytes Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

==================== Services (Whitelisted) ======

2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)

2 AcrSch2Svc; "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe" [894136 2009-11-12] (Acronis)

2 afcdpsrv; C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2480048 2010-05-19] (Acronis)

3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()

2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)

2 nTuneService; C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe /StartService [179712 2007-07-03] (NVIDIA)

2 pcCMService64; "C:\Program Files\Common Files\Motive\pcCMService.exe" [441344 2012-07-06] (Alcatel-Lucent)

2 SCBackService; C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe [477000 2010-11-15] (Splashtop Inc.)

2 WCUService_STC_FF; C:\Program Files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe [493384 2011-03-23] (Splashtop Inc.)

2 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad [x]

3 WPFFontCache_v0400; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [x]

========================== Drivers (Whitelisted) =============

3 afcdp; C:\Windows\System32\Drivers\afcdp.sys [251488 2010-05-19] (Acronis)

1 AppleCharger; C:\Windows\System32\Drivers\AppleCharger.sys [21104 2011-01-10] ()

3 LVPr2M64; C:\Windows\System32\Drivers\LVPr2M64.sys [30304 2010-05-07] ()

3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30304 2010-05-07] ()

3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation)

3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [43008 2012-06-14] (Printing Communications Assoc., Inc. (PCAUSA))

3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [40960 2012-06-14] (Printing Communications Assoc., Inc. (PCAUSA))

3 NVR0Dev; \??\C:\Windows\nvoclk64.sys [17952 2007-07-03] (NVidia Corp.)

0 snapman; C:\Windows\System32\Drivers\snapman.sys [257120 2010-05-19] (Acronis)

0 tdrpman258; C:\Windows\System32\DRIVERS\tdrpm258.sys [1477728 2010-05-19] (Acronis)

1 tmactmon; C:\Windows\System32\Drivers\tmactmon.sys [91920 2012-08-08] (Trend Micro Inc.)

1 tmcomm; C:\Windows\System32\Drivers\tmcomm.sys [167696 2012-08-08] (Trend Micro Inc.)

1 tmcomm; C:\Windows\SysWow64\Drivers\tmcomm.sys [256904 2012-06-04] (Trend Micro Inc.)

3 tmeevw; C:\Windows\System32\Drivers\tmeevw.sys [67344 2012-08-08] (Trend Micro Inc.)

1 tmevtmgr; C:\Windows\System32\Drivers\tmevtmgr.sys [70928 2012-08-08] (Trend Micro Inc.)

3 tmnciesc; C:\Windows\System32\Drivers\tmnciesc.sys [210704 2012-08-08] (Trend Micro Inc.)

1 tmtdi; C:\Windows\System32\Drivers\tmtdi.sys [105744 2012-08-08] (Trend Micro Inc.)

3 catchme; \??\C:\ComboFix\catchme.sys [x]

3 gdrv; \??\C:\Windows\gdrv.sys [x]

3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [x]

3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [x]

2 TMAgent; [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-08-09 04:47 - 2012-08-09 04:47 - 00001934 ____A C:\Users\Molly K\Desktop\RKreport[1].txt

2012-08-09 04:46 - 2012-08-09 04:47 - 00000000 ____D C:\Users\Molly K\Desktop\RK_Quarantine

2012-08-09 04:45 - 2012-08-09 04:45 - 01552896 ____A C:\Users\Molly K\Desktop\RogueKiller.exe

2012-08-09 04:41 - 2009-07-13 17:14 - 00020480 ____N (Microsoft Corporation) C:\Windows\svchost.exe

2012-08-08 20:40 - 2012-08-08 20:40 - 00026701 ____A C:\Users\Molly K\Desktop\DDS.txt

2012-08-08 20:40 - 2012-08-08 20:40 - 00018589 ____A C:\Users\Molly K\Desktop\Attach.txt

2012-08-08 20:35 - 2012-08-08 20:35 - 00607260 ____R (Swearware) C:\Users\Molly K\Desktop\dds.scr

2012-08-08 20:08 - 2012-08-08 20:08 - 00025372 ____A C:\ComboFix.txt

2012-08-08 20:01 - 2012-08-08 20:08 - 00000000 ____D C:\ComboFix

2012-08-08 19:52 - 2012-08-08 19:52 - 00283832 ____A C:\Windows\Minidump\080812-26738-01.dmp

2012-08-08 18:47 - 2012-08-08 18:47 - 08656400 ____A (Trend Micro Inc.) C:\Users\Molly K\Downloads\RootkitBuster_v5_1061.exe

2012-08-08 18:47 - 2012-08-08 18:47 - 00000000 ____D C:\Users\Molly K\Downloads\TMRBLog

2012-08-08 18:00 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe

2012-08-08 18:00 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe

2012-08-08 18:00 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe

2012-08-08 18:00 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe

2012-08-08 18:00 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe

2012-08-08 18:00 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe

2012-08-08 18:00 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe

2012-08-08 18:00 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe

2012-08-08 17:51 - 2012-08-08 17:51 - 00000000 ____A C:\Windows\DCEBOOT.LOG

2012-08-08 17:49 - 2012-08-08 17:49 - 00021520 ____A C:\Windows\DCEBoot64.exe

2012-08-08 17:37 - 2012-08-08 20:01 - 04727758 ____R (Swearware) C:\Users\Molly K\Desktop\ComboFix.exe

2012-08-08 17:23 - 2012-08-08 19:52 - 00000000 ____D C:\Windows\Minidump

2012-08-08 17:23 - 2012-08-08 17:23 - 00285112 ____A C:\Windows\Minidump\080812-37502-01.dmp

2012-08-08 17:21 - 2012-08-08 20:08 - 00000000 ____D C:\Qoobox

2012-08-08 17:21 - 2012-08-08 18:12 - 00000000 ____D C:\Windows\erdnt

2012-08-08 17:15 - 2012-08-08 17:15 - 04727110 ____A (Swearware) C:\Users\Molly K\Downloads\ComboFix.exe

2012-08-08 17:07 - 2012-08-08 17:14 - 00134672 ____A C:\Windows\RegBootClean64.exe

2012-08-08 13:39 - 2012-08-08 13:39 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-08-08 13:39 - 2012-07-03 10:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-08-08 13:38 - 2012-08-08 13:38 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Molly K\Downloads\mbam-setup-1.62.0.1300(1).exe

2012-08-08 12:29 - 2012-08-08 12:29 - 00000632 _RASH C:\Users\Molly K\ntuser.pol

2012-08-08 12:25 - 2012-08-08 12:25 - 15562880 ____A (Trend Micro Inc. ) C:\Users\Molly K\Downloads\Trend_Micro_SafeSync_5.1.0.1173.exe

2012-08-08 12:16 - 2012-08-08 12:16 - 00001441 ____A C:\Users\Molly K\Desktop\Trend Micro Titanium Maximum Security 2012.lnk

2012-08-08 12:15 - 2012-08-08 12:13 - 00210704 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmnciesc.sys

2012-08-08 12:15 - 2012-08-08 12:13 - 00167696 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmcomm.sys

2012-08-08 12:15 - 2012-08-08 12:13 - 00105744 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmtdi.sys

2012-08-08 12:15 - 2012-08-08 12:13 - 00091920 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmactmon.sys

2012-08-08 12:15 - 2012-08-08 12:13 - 00070928 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmevtmgr.sys

2012-08-08 12:15 - 2012-08-08 12:13 - 00067344 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmeevw.sys

2012-08-08 12:14 - 2012-08-08 12:14 - 00000000 ____D C:\Program Files\Trend Micro

2012-08-08 11:31 - 2012-08-08 11:34 - 117896248 ____A (Trend Micro Inc.) C:\Users\Molly K\Desktop\TTi_5.0_HE_Full.exe

2012-08-08 07:54 - 2012-08-08 12:19 - 00000000 ____D C:\Program Files (x86)\Trend Micro

2012-08-08 07:48 - 2012-08-08 07:51 - 117896248 ____A (Trend Micro Inc.) C:\Users\Molly K\Downloads\TTi_5.0_HE_Full(1).exe

2012-08-08 07:41 - 2012-05-04 03:00 - 00366592 ____A (Microsoft Corporation) C:\Windows\System32\qdvd.dll

2012-08-08 07:41 - 2012-05-04 01:59 - 00514560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll

2012-08-08 06:25 - 2012-08-08 06:25 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Molly K\Downloads\mbam-setup-1.62.0.1300.exe

2012-08-08 05:58 - 2012-08-08 05:58 - 00000000 ____D C:\Windows\Sun

2012-08-08 05:56 - 2012-08-08 05:56 - 02406064 ____A (Trend Micro Inc.) C:\Users\Molly K\Downloads\HousecallLauncher64(4).exe

2012-07-30 14:37 - 2012-07-30 14:37 - 00000045 ____A C:\Users\Molly K\Desktop\7-30-12.txt

2012-07-19 07:17 - 2012-07-19 07:17 - 00002163 ____A C:\Users\Public\Desktop\AT&T Troubleshoot & Resolve Tool.lnk

2012-07-19 07:17 - 2012-07-19 07:17 - 00000000 ____D C:\Users\Molly K\AppData\Roaming\Motive

2012-07-19 07:17 - 2012-07-19 07:17 - 00000000 ____D C:\Program Files\ATT-SST

2012-07-19 07:17 - 2012-07-19 07:17 - 00000000 ____D C:\Program Files (x86)\ATT-SST

2012-07-19 07:14 - 2012-08-02 07:55 - 00000000 ____D C:\Users\All Users\Motive

2012-07-19 07:14 - 2012-07-19 07:17 - 00000000 ____D C:\Program Files\Common Files\Motive

2012-07-19 07:14 - 2012-07-19 07:14 - 00385904 ____A C:\Users\Molly K\Downloads\ATT_SST.exe

2012-07-16 14:41 - 2012-07-26 08:48 - 00000620 ____A C:\Users\Molly K\Desktop\7-16-12.txt

2012-07-10 19:06 - 2012-06-11 19:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2012-07-10 19:04 - 2012-06-02 04:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-07-10 19:04 - 2012-06-02 04:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-07-10 19:04 - 2012-06-02 04:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-07-10 19:04 - 2012-06-02 04:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-07-10 19:04 - 2012-06-02 04:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-07-10 19:04 - 2012-06-02 04:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-07-10 19:04 - 2012-06-02 04:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2012-07-10 19:04 - 2012-06-02 04:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-07-10 19:04 - 2012-06-02 03:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-07-10 19:04 - 2012-06-02 03:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-07-10 19:04 - 2012-06-02 03:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-07-10 19:04 - 2012-06-02 03:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-07-10 19:04 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2012-07-10 19:04 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2012-07-10 19:04 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2012-07-10 19:04 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2012-07-10 19:04 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2012-07-10 19:04 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2012-07-10 19:04 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2012-07-10 19:04 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2012-07-10 19:04 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2012-07-10 19:04 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2012-07-10 19:04 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2012-07-10 19:04 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2012-07-10 19:03 - 2012-06-02 04:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-07-10 19:03 - 2012-06-02 04:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-07-10 19:03 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2012-07-10 19:03 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2012-07-10 16:25 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll

2012-07-10 16:25 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2012-07-10 16:25 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll

2012-07-10 16:25 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll

2012-07-10 16:25 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll

2012-07-10 16:25 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll

2012-07-10 16:25 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

2012-07-10 16:25 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll

2012-07-10 16:25 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys

2012-07-10 16:25 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys

2012-07-10 16:25 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys

2012-07-10 16:25 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll

2012-07-10 16:25 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll

2012-07-10 16:25 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2012-07-10 16:25 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2012-07-10 16:25 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2012-07-10 16:25 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2012-07-10 16:25 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll

2012-07-10 16:25 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll

============ 3 Months Modified Files ========================

2012-08-09 07:11 - 2012-03-22 16:46 - 01066245 ____A C:\Windows\WindowsUpdate.log

2012-08-09 06:44 - 2010-11-24 19:58 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2012-08-09 06:43 - 2012-04-09 04:29 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2012-08-09 05:44 - 2010-11-24 19:58 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2012-08-09 05:03 - 2009-07-13 20:51 - 06902999 ____A C:\Windows\setupact.log

2012-08-09 04:49 - 2012-03-23 04:54 - 00011104 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2012-08-09 04:49 - 2012-03-23 04:54 - 00011104 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2012-08-09 04:47 - 2012-08-09 04:47 - 00001934 ____A C:\Users\Molly K\Desktop\RKreport[1].txt

2012-08-09 04:45 - 2012-08-09 04:45 - 01552896 ____A C:\Users\Molly K\Desktop\RogueKiller.exe

2012-08-09 04:40 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2012-08-08 20:40 - 2012-08-08 20:40 - 00026701 ____A C:\Users\Molly K\Desktop\DDS.txt

2012-08-08 20:40 - 2012-08-08 20:40 - 00018589 ____A C:\Users\Molly K\Desktop\Attach.txt

2012-08-08 20:35 - 2012-08-08 20:35 - 00607260 ____R (Swearware) C:\Users\Molly K\Desktop\dds.scr

2012-08-08 20:10 - 2010-11-20 19:47 - 00026894 ____A C:\Windows\PFRO.log

2012-08-08 20:08 - 2012-08-08 20:08 - 00025372 ____A C:\ComboFix.txt

2012-08-08 20:07 - 2009-07-13 18:34 - 00000215 ____N C:\Windows\system.ini

2012-08-08 20:01 - 2012-08-08 17:37 - 04727758 ____R (Swearware) C:\Users\Molly K\Desktop\ComboFix.exe

2012-08-08 19:52 - 2012-08-08 19:52 - 00283832 ____A C:\Windows\Minidump\080812-26738-01.dmp

2012-08-08 19:52 - 2010-05-15 11:58 - 612182324 ____A C:\Windows\MEMORY.DMP

2012-08-08 18:47 - 2012-08-08 18:47 - 08656400 ____A (Trend Micro Inc.) C:\Users\Molly K\Downloads\RootkitBuster_v5_1061.exe

2012-08-08 18:07 - 2012-03-22 17:42 - 00000258 _RASH C:\Users\All Users\ntuser.pol

2012-08-08 17:51 - 2012-08-08 17:51 - 00000000 ____A C:\Windows\DCEBOOT.LOG

2012-08-08 17:49 - 2012-08-08 17:49 - 00021520 ____A C:\Windows\DCEBoot64.exe

2012-08-08 17:23 - 2012-08-08 17:23 - 00285112 ____A C:\Windows\Minidump\080812-37502-01.dmp

2012-08-08 17:15 - 2012-08-08 17:15 - 04727110 ____A (Swearware) C:\Users\Molly K\Downloads\ComboFix.exe

2012-08-08 17:14 - 2012-08-08 17:07 - 00134672 ____A C:\Windows\RegBootClean64.exe

2012-08-08 17:02 - 2012-04-04 05:38 - 01058403 ____A C:\Users\Molly K\AppData\Local\census.cache

2012-08-08 17:01 - 2012-04-04 05:38 - 00119565 ____A C:\Users\Molly K\AppData\Local\ars.cache

2012-08-08 16:58 - 2012-04-04 05:33 - 00000036 ____A C:\Users\Molly K\AppData\Local\housecall.guid.cache

2012-08-08 13:39 - 2012-08-08 13:39 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2012-08-08 13:38 - 2012-08-08 13:38 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Molly K\Downloads\mbam-setup-1.62.0.1300(1).exe

2012-08-08 12:29 - 2012-08-08 12:29 - 00000632 _RASH C:\Users\Molly K\ntuser.pol

2012-08-08 12:25 - 2012-08-08 12:25 - 15562880 ____A (Trend Micro Inc. ) C:\Users\Molly K\Downloads\Trend_Micro_SafeSync_5.1.0.1173.exe

2012-08-08 12:16 - 2012-08-08 12:16 - 00001441 ____A C:\Users\Molly K\Desktop\Trend Micro Titanium Maximum Security 2012.lnk

2012-08-08 12:15 - 2009-07-13 21:13 - 00808656 ____A C:\Windows\System32\PerfStringBackup.INI

2012-08-08 12:14 - 2012-02-29 07:06 - 00000056 ____A C:\Windows\System32\SupportTool.exe.bat

2012-08-08 12:13 - 2012-08-08 12:15 - 00210704 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmnciesc.sys

2012-08-08 12:13 - 2012-08-08 12:15 - 00167696 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmcomm.sys

2012-08-08 12:13 - 2012-08-08 12:15 - 00105744 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmtdi.sys

2012-08-08 12:13 - 2012-08-08 12:15 - 00091920 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmactmon.sys

2012-08-08 12:13 - 2012-08-08 12:15 - 00070928 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmevtmgr.sys

2012-08-08 12:13 - 2012-08-08 12:15 - 00067344 ____A (Trend Micro Inc.) C:\Windows\System32\Drivers\tmeevw.sys

2012-08-08 11:34 - 2012-08-08 11:31 - 117896248 ____A (Trend Micro Inc.) C:\Users\Molly K\Desktop\TTi_5.0_HE_Full.exe

2012-08-08 07:51 - 2012-08-08 07:48 - 117896248 ____A (Trend Micro Inc.) C:\Users\Molly K\Downloads\TTi_5.0_HE_Full(1).exe

2012-08-08 06:25 - 2012-08-08 06:25 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Molly K\Downloads\mbam-setup-1.62.0.1300.exe

2012-08-08 05:56 - 2012-08-08 05:56 - 02406064 ____A (Trend Micro Inc.) C:\Users\Molly K\Downloads\HousecallLauncher64(4).exe

2012-08-03 05:43 - 2012-04-09 04:29 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2012-08-03 05:43 - 2011-06-21 16:17 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2012-07-30 14:37 - 2012-07-30 14:37 - 00000045 ____A C:\Users\Molly K\Desktop\7-30-12.txt

2012-07-26 08:48 - 2012-07-16 14:41 - 00000620 ____A C:\Users\Molly K\Desktop\7-16-12.txt

2012-07-19 07:17 - 2012-07-19 07:17 - 00002163 ____A C:\Users\Public\Desktop\AT&T Troubleshoot & Resolve Tool.lnk

2012-07-19 07:14 - 2012-07-19 07:14 - 00385904 ____A C:\Users\Molly K\Downloads\ATT_SST.exe

2012-07-16 06:02 - 2012-07-05 08:32 - 00000299 ____A C:\Users\Molly K\Desktop\7-6-12.txt

2012-07-11 05:02 - 2009-07-13 20:45 - 00412880 ____A C:\Windows\System32\FNTCACHE.DAT

2012-07-10 19:04 - 2012-03-22 18:07 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2012-07-03 10:46 - 2012-08-08 13:39 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys

2012-07-02 16:20 - 2012-06-08 21:18 - 00000332 ____A C:\Users\Molly K\Desktop\6-8-12 billage.txt

2012-06-13 16:15 - 2012-06-13 16:15 - 02002320 ____A (Trend Micro Inc.) C:\Users\Molly K\Downloads\HousecallLauncher(3).exe

2012-06-13 06:57 - 2012-06-13 06:57 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk

2012-06-11 19:08 - 2012-07-10 19:06 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2012-06-08 21:43 - 2012-07-10 16:25 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll

2012-06-08 20:41 - 2012-07-10 16:25 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2012-06-07 08:43 - 2012-06-07 08:43 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

2012-06-05 22:06 - 2012-07-10 16:25 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll

2012-06-05 22:06 - 2012-07-10 16:25 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll

2012-06-05 22:02 - 2012-07-10 16:25 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll

2012-06-05 21:05 - 2012-07-10 16:25 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll

2012-06-05 21:05 - 2012-07-10 16:25 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

2012-06-05 21:03 - 2012-07-10 16:25 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll

2012-06-04 23:37 - 2012-04-04 05:33 - 00256904 ____A (Trend Micro Inc.) C:\Windows\SysWOW64\Drivers\tmcomm.sys

2012-06-04 09:30 - 2012-06-04 09:30 - 02405568 ____A (Trend Micro Inc.) C:\Users\Molly K\Downloads\HousecallLauncher64(3).exe

2012-06-02 14:19 - 2012-06-21 05:20 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll

2012-06-02 14:19 - 2012-06-21 05:20 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe

2012-06-02 14:19 - 2012-06-21 05:20 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll

2012-06-02 14:19 - 2012-06-21 05:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll

2012-06-02 14:19 - 2012-06-21 05:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll

2012-06-02 14:15 - 2012-06-21 05:20 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll

2012-06-02 14:15 - 2012-06-21 05:19 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll

2012-06-02 12:19 - 2012-06-21 05:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll

2012-06-02 12:15 - 2012-06-21 05:19 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe

2012-06-02 04:49 - 2012-07-10 19:03 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2012-06-02 04:17 - 2012-07-10 19:03 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2012-06-02 04:12 - 2012-07-10 19:04 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2012-06-02 04:05 - 2012-07-10 19:04 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2012-06-02 04:05 - 2012-07-10 19:04 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2012-06-02 04:04 - 2012-07-10 19:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2012-06-02 04:04 - 2012-07-10 19:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2012-06-02 04:03 - 2012-07-10 19:04 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2012-06-02 04:01 - 2012-07-10 19:04 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2012-06-02 04:00 - 2012-07-10 19:04 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2012-06-02 03:59 - 2012-07-10 19:04 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2012-06-02 03:57 - 2012-07-10 19:04 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2012-06-02 03:57 - 2012-07-10 19:04 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2012-06-02 03:54 - 2012-07-10 19:04 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2012-06-02 01:07 - 2012-07-10 19:03 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2012-06-02 00:43 - 2012-07-10 19:03 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2012-06-02 00:33 - 2012-07-10 19:04 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2012-06-02 00:26 - 2012-07-10 19:04 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2012-06-02 00:25 - 2012-07-10 19:04 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2012-06-02 00:25 - 2012-07-10 19:04 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2012-06-02 00:23 - 2012-07-10 19:04 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2012-06-02 00:21 - 2012-07-10 19:04 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2012-06-02 00:20 - 2012-07-10 19:04 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2012-06-02 00:19 - 2012-07-10 19:04 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2012-06-02 00:19 - 2012-07-10 19:04 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2012-06-02 00:17 - 2012-07-10 19:04 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2012-06-02 00:16 - 2012-07-10 19:04 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2012-06-02 00:14 - 2012-07-10 19:04 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2012-06-01 21:50 - 2012-07-10 16:25 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys

2012-06-01 21:48 - 2012-07-10 16:25 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys

2012-06-01 21:48 - 2012-07-10 16:25 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys

2012-06-01 21:45 - 2012-07-10 16:25 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll

2012-06-01 21:44 - 2012-07-10 16:25 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll

2012-06-01 20:40 - 2012-07-10 16:25 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2012-06-01 20:40 - 2012-07-10 16:25 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll

2012-06-01 20:39 - 2012-07-10 16:25 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll

2012-06-01 20:34 - 2012-07-10 16:25 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll

2012-05-31 09:25 - 2010-11-20 19:27 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe

2012-05-31 08:50 - 2009-07-13 21:08 - 00032590 ____A C:\Windows\Tasks\SCHEDLGU.TXT

2012-05-31 06:01 - 2010-12-20 06:44 - 00000304 ____A C:\Users\Molly K\Desktop\address.txt

2012-05-27 17:02 - 2012-02-26 01:19 - 00000633 ____A C:\Users\Molly K\Desktop\Ellen Ahearn Rigney.txt

2012-05-14 02:41 - 2012-05-14 02:41 - 02405568 ____A (Trend Micro Inc.) C:\Users\Molly K\Downloads\HousecallLauncher64(2).exe

ZeroAccess:

C:\Windows\Installer\{c0bbd9c8-dc52-6eac-0619-123afb8c61ab}

C:\Windows\Installer\{c0bbd9c8-dc52-6eac-0619-123afb8c61ab}\L

C:\Windows\Installer\{c0bbd9c8-dc52-6eac-0619-123afb8c61ab}\U

Type 00 partition infection:

C:\Windows\svchost.exe

========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 9%

Total physical RAM: 8175.12 MB

Available physical RAM: 7401.65 MB

Total Pagefile: 8173.32 MB

Available Pagefile: 7400.3 MB

Total Virtual: 8192 MB

Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:465.76 GB) (Free:246.65 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

3 Drive e: (NEW VOLUME) (Removable) (Total:29.67 GB) (Free:29.67 GB) FAT32

4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 465 GB 0 B

Disk 1 Online 29 GB 0 B

Partitions of Disk 0:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 465 GB 1024 KB

==================================================================================

Disk: 0

Partition 1

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 C NTFS Partition 465 GB Healthy

==================================================================================

Partitions of Disk 1:

===============

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 29 GB 16 KB

==================================================================================

Disk: 1

Partition 1

Type : 0C

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 E NEW VOLUME FAT32 Removable 29 GB Healthy

==================================================================================

==========================================================

Last Boot: 2012-08-07 05:31

======================= End Of Log ==========================

Link to post
Share on other sites

Farbar Recovery Scan Tool Version: 08-08-2012 02

Ran by SYSTEM at 2012-08-09 10:20:56

Running from E:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\Services.exe

[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\erdnt\cache64\Services.exe

[2012-08-08 18:12] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

====== End Of Search ======

Link to post
Share on other sites

OK, here you go......Please carefully carry out this procedure!!!!!!

Please download the attached fixlist.txt and copy it to your flashdrive.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options. (as you did before)

Run FRST64 or FRST (which ever one you're using) and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

MrC

MBR also!!

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 08-08-2012 02

Ran by SYSTEM at 2012-08-09 11:13:39 Run:1

Running from E:\

==============================================

C:\Windows\Installer\{c0bbd9c8-dc52-6eac-0619-123afb8c61ab} moved successfully.

C:\Windows\Installer\{c0bbd9c8-dc52-6eac-0619-123afb8c61ab}\L not found.

C:\Windows\Installer\{c0bbd9c8-dc52-6eac-0619-123afb8c61ab}\U not found.

==== End of Fixlog ====

Link to post
Share on other sites

Well Done....a couple of more scans to run >>>>

Please make sure system restore is running and create a new restore point before continuing.

XP <===> Vista & W7

XP users > please back up the registry using ERUNT.

-----------------------------------------

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

tdss_1.jpg

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

tdss_2.jpg

------------------------

Click the Start Scan button.

tdss_3.jpg

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

tdss_4.jpg

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

tdss_5.jpg

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

Link to post
Share on other sites

11:34:29.0715 1688 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32

11:34:29.0731 1688 ============================================================

11:34:29.0731 1688 Current date / time: 2012/08/09 11:34:29.0731

11:34:29.0731 1688 SystemInfo:

11:34:29.0731 1688

11:34:29.0731 1688 OS Version: 6.1.7601 ServicePack: 1.0

11:34:29.0731 1688 Product type: Workstation

11:34:29.0731 1688 ComputerName: MOLLYK-PC

11:34:29.0731 1688 UserName: Molly K

11:34:29.0731 1688 Windows directory: C:\Windows

11:34:29.0731 1688 System windows directory: C:\Windows

11:34:29.0731 1688 Running under WOW64

11:34:29.0731 1688 Processor architecture: Intel x64

11:34:29.0731 1688 Number of processors: 4

11:34:29.0731 1688 Page size: 0x1000

11:34:29.0731 1688 Boot type: Normal boot

11:34:29.0731 1688 ============================================================

11:34:31.0322 1688 Drive \Device\Harddisk0\DR0 - Size: 0x7470AFDE00 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

11:34:31.0322 1688 ============================================================

11:34:31.0322 1688 \Device\Harddisk0\DR0:

11:34:31.0322 1688 MBR partitions:

11:34:31.0322 1688 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x3A384000

11:34:31.0322 1688 ============================================================

11:34:31.0416 1688 C: <-> \Device\Harddisk0\DR0\Partition0

11:34:31.0416 1688 ============================================================

11:34:31.0416 1688 Initialize success

11:34:31.0416 1688 ============================================================

11:35:40.0415 5896 ============================================================

11:35:40.0415 5896 Scan started

11:35:40.0415 5896 Mode: Manual; SigCheck; TDLFS;

11:35:40.0415 5896 ============================================================

11:35:42.0053 5896 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

11:35:42.0193 5896 1394ohci - ok

11:35:42.0302 5896 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe

11:35:42.0333 5896 ACDaemon - ok

11:35:42.0365 5896 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

11:35:42.0396 5896 ACPI - ok

11:35:42.0411 5896 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

11:35:42.0474 5896 AcpiPmi - ok

11:35:43.0238 5896 AcrSch2Svc (00bfc7a51046cbd77e2a71f237ed2838) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe

11:35:43.0269 5896 AcrSch2Svc - ok

11:35:43.0379 5896 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

11:35:43.0410 5896 AdobeFlashPlayerUpdateSvc - ok

11:35:43.0893 5896 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys

11:35:43.0940 5896 adp94xx - ok

11:35:44.0003 5896 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys

11:35:44.0034 5896 adpahci - ok

11:35:44.0065 5896 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys

11:35:44.0096 5896 adpu320 - ok

11:35:44.0127 5896 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

11:35:44.0315 5896 AeLookupSvc - ok

11:35:44.0346 5896 afcdp (3f5fdc12ffa4794fc3a178a26d48e7cf) C:\Windows\system32\DRIVERS\afcdp.sys

11:35:44.0361 5896 afcdp - ok

11:35:45.0843 5896 afcdpsrv (b8c03e224e49e0f9726cddef872237eb) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe

11:35:45.0890 5896 afcdpsrv - ok

11:35:46.0452 5896 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

11:35:46.0577 5896 AFD - ok

11:35:46.0701 5896 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

11:35:46.0733 5896 agp440 - ok

11:35:46.0779 5896 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

11:35:46.0857 5896 ALG - ok

11:35:46.0889 5896 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

11:35:46.0904 5896 aliide - ok

11:35:46.0920 5896 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

11:35:46.0935 5896 amdide - ok

11:35:46.0951 5896 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys

11:35:46.0998 5896 AmdK8 - ok

11:35:47.0013 5896 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys

11:35:47.0060 5896 AmdPPM - ok

11:35:47.0107 5896 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

11:35:47.0138 5896 amdsata - ok

11:35:47.0185 5896 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys

11:35:47.0232 5896 amdsbs - ok

11:35:47.0263 5896 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

11:35:47.0294 5896 amdxata - ok

11:35:47.0419 5896 Amsp (1b7d1f0a0dfadbc797c16364792a7aa5) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe

11:35:47.0435 5896 Amsp - ok

11:35:47.0481 5896 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

11:35:47.0575 5896 AppID - ok

11:35:47.0591 5896 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

11:35:47.0622 5896 AppIDSvc - ok

11:35:47.0653 5896 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

11:35:47.0715 5896 Appinfo - ok

11:35:47.0887 5896 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

11:35:47.0903 5896 Apple Mobile Device - ok

11:35:47.0934 5896 AppleCharger (6be11ad81d4527d299f0cb5f3731aabc) C:\Windows\system32\DRIVERS\AppleCharger.sys

11:35:47.0949 5896 AppleCharger - ok

11:35:48.0027 5896 AppleChargerSrv (95ef7247c50c7241fdae39a9b3aff4ae) C:\Windows\system32\AppleChargerSrv.exe

11:35:48.0059 5896 AppleChargerSrv - ok

11:35:48.0074 5896 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys

11:35:48.0105 5896 arc - ok

11:35:48.0121 5896 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys

11:35:48.0137 5896 arcsas - ok

11:35:48.0246 5896 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe

11:35:48.0261 5896 aspnet_state - ok

11:35:48.0308 5896 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

11:35:48.0371 5896 AsyncMac - ok

11:35:48.0402 5896 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

11:35:48.0417 5896 atapi - ok

11:35:48.0511 5896 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

11:35:48.0573 5896 AudioEndpointBuilder - ok

11:35:48.0573 5896 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

11:35:48.0605 5896 AudioSrv - ok

11:35:48.0636 5896 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

11:35:48.0714 5896 AxInstSV - ok

11:35:48.0776 5896 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys

11:35:48.0854 5896 b06bdrv - ok

11:35:48.0901 5896 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

11:35:48.0948 5896 b57nd60a - ok

11:35:48.0995 5896 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

11:35:49.0057 5896 BDESVC - ok

11:35:49.0073 5896 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

11:35:49.0151 5896 Beep - ok

11:35:49.0244 5896 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll

11:35:49.0322 5896 BFE - ok

11:35:49.0369 5896 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

11:35:49.0416 5896 blbdrive - ok

11:35:49.0494 5896 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe

11:35:49.0525 5896 Bonjour Service - ok

11:35:49.0587 5896 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

11:35:49.0665 5896 bowser - ok

11:35:49.0681 5896 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys

11:35:49.0728 5896 BrFiltLo - ok

11:35:49.0743 5896 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys

11:35:49.0775 5896 BrFiltUp - ok

11:35:49.0790 5896 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys

11:35:49.0821 5896 BridgeMP - ok

11:35:49.0868 5896 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

11:35:49.0946 5896 Browser - ok

11:35:49.0977 5896 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

11:35:50.0024 5896 Brserid - ok

11:35:50.0055 5896 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

11:35:50.0118 5896 BrSerWdm - ok

11:35:50.0133 5896 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

11:35:50.0165 5896 BrUsbMdm - ok

11:35:50.0180 5896 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

11:35:50.0227 5896 BrUsbSer - ok

11:35:50.0258 5896 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys

11:35:50.0289 5896 BTHMODEM - ok

11:35:50.0321 5896 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

11:35:50.0383 5896 bthserv - ok

11:35:50.0414 5896 catchme - ok

11:35:50.0445 5896 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

11:35:50.0523 5896 cdfs - ok

11:35:50.0555 5896 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

11:35:50.0617 5896 cdrom - ok

11:35:50.0648 5896 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

11:35:50.0695 5896 CertPropSvc - ok

11:35:50.0711 5896 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys

11:35:50.0742 5896 circlass - ok

11:35:50.0789 5896 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

11:35:50.0835 5896 CLFS - ok

11:35:50.0929 5896 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

11:35:50.0945 5896 clr_optimization_v2.0.50727_32 - ok

11:35:51.0116 5896 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

11:35:51.0132 5896 clr_optimization_v2.0.50727_64 - ok

11:35:51.0303 5896 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

11:35:51.0319 5896 clr_optimization_v4.0.30319_32 - ok

11:35:51.0381 5896 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

11:35:51.0397 5896 clr_optimization_v4.0.30319_64 - ok

11:35:51.0491 5896 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys

11:35:51.0522 5896 CmBatt - ok

11:35:51.0553 5896 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

11:35:51.0569 5896 cmdide - ok

11:35:51.0615 5896 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys

11:35:51.0662 5896 CNG - ok

11:35:51.0709 5896 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys

11:35:51.0725 5896 Compbatt - ok

11:35:51.0756 5896 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys

11:35:51.0803 5896 CompositeBus - ok

11:35:51.0818 5896 COMSysApp - ok

11:35:51.0849 5896 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys

11:35:51.0881 5896 crcdisk - ok

11:35:51.0943 5896 Creative ALchemy AL6 Licensing Service (c8bd651e13895b93ed9ec5b4f1df42bc) C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe

11:35:51.0990 5896 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - warning

11:35:51.0990 5896 Creative ALchemy AL6 Licensing Service - detected UnsignedFile.Multi.Generic (1)

11:35:52.0037 5896 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll

11:35:52.0115 5896 CryptSvc - ok

11:35:52.0161 5896 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

11:35:52.0224 5896 DcomLaunch - ok

11:35:52.0442 5896 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

11:35:52.0551 5896 defragsvc - ok

11:35:52.0598 5896 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

11:35:52.0661 5896 DfsC - ok

11:35:52.0707 5896 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

11:35:52.0801 5896 Dhcp - ok

11:35:52.0817 5896 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

11:35:52.0895 5896 discache - ok

11:35:52.0957 5896 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys

11:35:52.0973 5896 Disk - ok

11:35:53.0004 5896 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

11:35:53.0051 5896 Dnscache - ok

11:35:53.0097 5896 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

11:35:53.0207 5896 dot3svc - ok

11:35:53.0222 5896 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

11:35:53.0285 5896 DPS - ok

11:35:53.0363 5896 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

11:35:53.0409 5896 drmkaud - ok

11:35:53.0472 5896 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

11:35:53.0519 5896 DXGKrnl - ok

11:35:53.0612 5896 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

11:35:53.0706 5896 EapHost - ok

11:35:54.0751 5896 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys

11:35:55.0047 5896 ebdrv - ok

11:35:55.0562 5896 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

11:35:55.0593 5896 EFS - ok

11:35:55.0718 5896 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

11:35:55.0765 5896 ehRecvr - ok

11:35:55.0796 5896 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

11:35:55.0812 5896 ehSched - ok

11:35:56.0093 5896 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys

11:35:56.0139 5896 elxstor - ok

11:35:56.0295 5896 EpsonBidirectionalService (abdd5ad016affd34ad40e944ce94bf59) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe

11:35:56.0311 5896 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - warning

11:35:56.0311 5896 EpsonBidirectionalService - detected UnsignedFile.Multi.Generic (1)

11:35:56.0498 5896 EPSON_EB_RPCV4_01 (b5581646636759d0dafa8b008881c079) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE

11:35:56.0529 5896 EPSON_EB_RPCV4_01 - ok

11:35:56.0561 5896 EPSON_PM_RPCV4_01 (1e345f2a2d95da3190596e691cde9342) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE

11:35:56.0592 5896 EPSON_PM_RPCV4_01 - ok

11:35:56.0654 5896 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

11:35:56.0748 5896 ErrDev - ok

11:35:56.0826 5896 EtronHub3 (db6aec32faf5bd002d9ed6c38692d42b) C:\Windows\system32\Drivers\EtronHub3.sys

11:35:56.0888 5896 EtronHub3 - ok

11:35:56.0919 5896 EtronXHCI (9cc2f24274741e12f9df92125ea6d6d8) C:\Windows\system32\Drivers\EtronXHCI.sys

11:35:56.0951 5896 EtronXHCI - ok

11:35:56.0997 5896 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

11:35:57.0044 5896 EventSystem - ok

11:35:57.0107 5896 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

11:35:57.0185 5896 exfat - ok

11:35:57.0216 5896 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

11:35:57.0294 5896 fastfat - ok

11:35:57.0387 5896 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

11:35:57.0450 5896 Fax - ok

11:35:57.0465 5896 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys

11:35:57.0512 5896 fdc - ok

11:35:57.0528 5896 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

11:35:57.0559 5896 fdPHost - ok

11:35:57.0621 5896 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

11:35:57.0668 5896 FDResPub - ok

11:35:57.0715 5896 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

11:35:57.0746 5896 FileInfo - ok

11:35:57.0793 5896 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

11:35:57.0887 5896 Filetrace - ok

11:35:57.0918 5896 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys

11:35:57.0933 5896 flpydisk - ok

11:35:57.0949 5896 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

11:35:57.0980 5896 FltMgr - ok

11:35:58.0573 5896 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

11:35:58.0698 5896 FontCache - ok

11:35:58.0869 5896 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

11:35:58.0885 5896 FontCache3.0.0.0 - ok

11:35:59.0010 5896 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

11:35:59.0041 5896 FsDepends - ok

11:35:59.0119 5896 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys

11:35:59.0150 5896 Fs_Rec - ok

11:35:59.0197 5896 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

11:35:59.0244 5896 fvevol - ok

11:35:59.0306 5896 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys

11:35:59.0322 5896 gagp30kx - ok

11:35:59.0353 5896 gdrv - ok

11:35:59.0384 5896 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

11:35:59.0400 5896 GEARAspiWDM - ok

11:35:59.0478 5896 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

11:35:59.0525 5896 gpsvc - ok

11:35:59.0727 5896 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

11:35:59.0743 5896 gupdate - ok

11:35:59.0743 5896 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

11:35:59.0759 5896 gupdatem - ok

11:35:59.0805 5896 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

11:35:59.0883 5896 hcw85cir - ok

11:35:59.0961 5896 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys

11:35:59.0993 5896 HDAudBus - ok

11:36:00.0024 5896 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys

11:36:00.0071 5896 HidBatt - ok

11:36:00.0102 5896 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys

11:36:00.0133 5896 HidBth - ok

11:36:00.0164 5896 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys

11:36:00.0211 5896 HidIr - ok

11:36:00.0258 5896 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll

11:36:00.0336 5896 hidserv - ok

11:36:00.0383 5896 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

11:36:00.0414 5896 HidUsb - ok

11:36:00.0523 5896 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

11:36:00.0648 5896 hkmsvc - ok

11:36:00.0773 5896 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

11:36:00.0851 5896 HomeGroupListener - ok

11:36:00.0897 5896 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

11:36:00.0944 5896 HomeGroupProvider - ok

11:36:00.0960 5896 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

11:36:00.0991 5896 HpSAMD - ok

11:36:01.0038 5896 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

11:36:01.0116 5896 HTTP - ok

11:36:01.0147 5896 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

11:36:01.0163 5896 hwpolicy - ok

11:36:01.0178 5896 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

11:36:01.0225 5896 i8042prt - ok

11:36:01.0272 5896 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

11:36:01.0319 5896 iaStorV - ok

11:36:01.0599 5896 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

11:36:01.0631 5896 idsvc - ok

11:36:01.0662 5896 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys

11:36:01.0677 5896 iirsp - ok

11:36:01.0833 5896 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

11:36:01.0911 5896 IKEEXT - ok

11:36:02.0598 5896 IntcAzAudAddService (98f4e841ea43ed5a442f0dc60cab4326) C:\Windows\system32\drivers\RTKVHD64.sys

11:36:02.0660 5896 IntcAzAudAddService - ok

11:36:03.0300 5896 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

11:36:03.0331 5896 intelide - ok

11:36:03.0440 5896 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

11:36:03.0518 5896 intelppm - ok

11:36:03.0581 5896 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

11:36:03.0674 5896 IPBusEnum - ok

11:36:03.0705 5896 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

11:36:03.0752 5896 IpFilterDriver - ok

11:36:03.0783 5896 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll

11:36:03.0846 5896 iphlpsvc - ok

11:36:03.0877 5896 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

11:36:03.0908 5896 IPMIDRV - ok

11:36:03.0955 5896 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

11:36:04.0033 5896 IPNAT - ok

11:36:04.0158 5896 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files\iPod\bin\iPodService.exe

11:36:04.0173 5896 iPod Service - ok

11:36:04.0236 5896 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

11:36:04.0267 5896 IRENUM - ok

11:36:04.0283 5896 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

11:36:04.0298 5896 isapnp - ok

11:36:04.0361 5896 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

11:36:04.0439 5896 iScsiPrt - ok

11:36:04.0470 5896 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

11:36:04.0485 5896 kbdclass - ok

11:36:04.0517 5896 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys

11:36:04.0532 5896 kbdhid - ok

11:36:04.0579 5896 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

11:36:04.0579 5896 KeyIso - ok

11:36:04.0595 5896 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys

11:36:04.0610 5896 KSecDD - ok

11:36:04.0844 5896 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys

11:36:04.0875 5896 KSecPkg - ok

11:36:04.0891 5896 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

11:36:04.0953 5896 ksthunk - ok

11:36:05.0016 5896 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

11:36:05.0125 5896 KtmRm - ok

11:36:05.0156 5896 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll

11:36:05.0203 5896 LanmanServer - ok

11:36:05.0234 5896 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

11:36:05.0343 5896 LanmanWorkstation - ok

11:36:05.0375 5896 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

11:36:05.0453 5896 lltdio - ok

11:36:05.0484 5896 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

11:36:05.0546 5896 lltdsvc - ok

11:36:05.0546 5896 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

11:36:05.0577 5896 lmhosts - ok

11:36:05.0624 5896 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys

11:36:05.0640 5896 LSI_FC - ok

11:36:05.0671 5896 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys

11:36:05.0687 5896 LSI_SAS - ok

11:36:05.0702 5896 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys

11:36:05.0718 5896 LSI_SAS2 - ok

11:36:05.0733 5896 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys

11:36:05.0749 5896 LSI_SCSI - ok

11:36:05.0765 5896 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

11:36:05.0811 5896 luafv - ok

11:36:05.0874 5896 LVPr2M64 (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys

11:36:05.0889 5896 LVPr2M64 - ok

11:36:05.0889 5896 LVPr2Mon (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys

11:36:05.0905 5896 LVPr2Mon - ok

11:36:06.0123 5896 LVPrcS64 (9cd0dc863be5d40a762f7d84f11a8471) C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe

11:36:06.0139 5896 LVPrcS64 - ok

11:36:06.0170 5896 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys

11:36:06.0186 5896 MBAMProtector - ok

11:36:06.0576 5896 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

11:36:06.0591 5896 MBAMService - ok

11:36:06.0654 5896 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

11:36:06.0685 5896 Mcx2Svc - ok

11:36:06.0763 5896 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys

11:36:06.0810 5896 megasas - ok

11:36:06.0903 5896 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys

11:36:06.0935 5896 MegaSR - ok

11:36:06.0997 5896 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\DRIVERS\HECIx64.sys

11:36:07.0028 5896 MEIx64 - ok

11:36:07.0059 5896 Microsoft SharePoint Workspace Audit Service - ok

11:36:07.0169 5896 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

11:36:07.0231 5896 MMCSS - ok

11:36:07.0309 5896 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

11:36:07.0371 5896 Modem - ok

11:36:07.0403 5896 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

11:36:07.0449 5896 monitor - ok

11:36:07.0481 5896 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

11:36:07.0512 5896 mouclass - ok

11:36:07.0621 5896 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

11:36:07.0699 5896 mouhid - ok

11:36:07.0730 5896 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

11:36:07.0761 5896 mountmgr - ok

11:36:07.0793 5896 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

11:36:07.0824 5896 MozillaMaintenance - ok

11:36:07.0871 5896 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

11:36:07.0917 5896 mpio - ok

11:36:07.0933 5896 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

11:36:07.0964 5896 mpsdrv - ok

11:36:08.0089 5896 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll

11:36:08.0151 5896 MpsSvc - ok

11:36:08.0214 5896 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS

11:36:08.0261 5896 MREMP50 ( UnsignedFile.Multi.Generic ) - warning

11:36:08.0261 5896 MREMP50 - detected UnsignedFile.Multi.Generic (1)

11:36:08.0354 5896 MREMP50a64 (c2758df79c83a0d12a5599a040ca1818) C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS

11:36:08.0385 5896 MREMP50a64 - ok

11:36:08.0385 5896 MREMPR5 - ok

11:36:08.0385 5896 MRENDIS5 - ok

11:36:08.0432 5896 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS

11:36:08.0479 5896 MRESP50 ( UnsignedFile.Multi.Generic ) - warning

11:36:08.0479 5896 MRESP50 - detected UnsignedFile.Multi.Generic (1)

11:36:08.0510 5896 MRESP50a64 (38bd5b32e0722752be8465d2a6da43d9) C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS

11:36:08.0541 5896 MRESP50a64 - ok

11:36:08.0588 5896 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

11:36:08.0651 5896 MRxDAV - ok

11:36:08.0697 5896 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

11:36:08.0775 5896 mrxsmb - ok

11:36:08.0807 5896 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

11:36:08.0853 5896 mrxsmb10 - ok

11:36:08.0885 5896 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

11:36:08.0916 5896 mrxsmb20 - ok

11:36:08.0931 5896 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

11:36:08.0947 5896 msahci - ok

11:36:08.0963 5896 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

11:36:08.0978 5896 msdsm - ok

11:36:09.0009 5896 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

11:36:09.0072 5896 MSDTC - ok

11:36:09.0072 5896 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

11:36:09.0103 5896 Msfs - ok

11:36:09.0134 5896 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

11:36:09.0212 5896 mshidkmdf - ok

11:36:09.0228 5896 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

11:36:09.0259 5896 msisadrv - ok

11:36:09.0290 5896 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

11:36:09.0368 5896 MSiSCSI - ok

11:36:09.0368 5896 msiserver - ok

11:36:09.0415 5896 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

11:36:09.0477 5896 MSKSSRV - ok

11:36:09.0509 5896 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

11:36:09.0540 5896 MSPCLOCK - ok

11:36:09.0555 5896 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

11:36:09.0633 5896 MSPQM - ok

11:36:09.0680 5896 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

11:36:09.0696 5896 MsRPC - ok

11:36:09.0711 5896 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys

11:36:09.0727 5896 mssmbios - ok

11:36:09.0727 5896 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

11:36:09.0789 5896 MSTEE - ok

11:36:09.0821 5896 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys

11:36:09.0836 5896 MTConfig - ok

11:36:09.0836 5896 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

11:36:09.0852 5896 Mup - ok

11:36:09.0899 5896 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

11:36:09.0961 5896 napagent - ok

11:36:09.0992 5896 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

11:36:10.0070 5896 NativeWifiP - ok

11:36:10.0179 5896 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

11:36:10.0195 5896 NDIS - ok

11:36:10.0226 5896 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

11:36:10.0273 5896 NdisCap - ok

11:36:10.0320 5896 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

11:36:10.0382 5896 NdisTapi - ok

11:36:10.0398 5896 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

11:36:10.0445 5896 Ndisuio - ok

11:36:10.0476 5896 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

11:36:10.0569 5896 NdisWan - ok

11:36:10.0601 5896 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

11:36:10.0632 5896 NDProxy - ok

11:36:10.0663 5896 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

11:36:10.0741 5896 NetBIOS - ok

11:36:10.0757 5896 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

11:36:10.0819 5896 NetBT - ok

11:36:10.0835 5896 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

11:36:10.0850 5896 Netlogon - ok

11:36:10.0897 5896 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

11:36:10.0959 5896 Netman - ok

11:36:11.0256 5896 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

11:36:11.0271 5896 NetMsmqActivator - ok

11:36:11.0271 5896 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

11:36:11.0287 5896 NetPipeActivator - ok

11:36:11.0334 5896 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

11:36:11.0396 5896 netprofm - ok

11:36:11.0396 5896 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

11:36:11.0412 5896 NetTcpActivator - ok

11:36:11.0412 5896 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

11:36:11.0412 5896 NetTcpPortSharing - ok

11:36:11.0474 5896 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys

11:36:11.0490 5896 nfrd960 - ok

11:36:11.0552 5896 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

11:36:11.0599 5896 NlaSvc - ok

11:36:11.0630 5896 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

11:36:11.0661 5896 Npfs - ok

11:36:11.0677 5896 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

11:36:11.0739 5896 nsi - ok

11:36:11.0786 5896 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

11:36:11.0880 5896 nsiproxy - ok

11:36:12.0239 5896 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

11:36:12.0332 5896 Ntfs - ok

11:36:12.0441 5896 nTuneService - ok

11:36:13.0128 5896 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

11:36:13.0190 5896 Null - ok

11:36:13.0268 5896 NVHDA (8d4aac74b571fc356560e5b308955e93) C:\Windows\system32\drivers\nvhda64v.sys

11:36:13.0299 5896 NVHDA - ok

11:36:18.0448 5896 nvlddmkm (9c1996dd3c0469bc8933321f15709f5a) C:\Windows\system32\DRIVERS\nvlddmkm.sys

11:36:18.0604 5896 nvlddmkm - ok

11:36:18.0744 5896 NVR0Dev (ebbf32c06b044d0d61e5030a16663b34) C:\Windows\nvoclk64.sys

11:36:18.0760 5896 NVR0Dev - ok

11:36:18.0869 5896 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

11:36:18.0916 5896 nvraid - ok

11:36:18.0978 5896 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

11:36:19.0025 5896 nvstor - ok

11:36:19.0196 5896 nvsvc (34e5498528bb3d5a951f889f8756ad26) C:\Windows\system32\nvvsvc.exe

11:36:19.0228 5896 nvsvc - ok

11:36:20.0054 5896 nvUpdatusService (cd0bfaa6872cfe38c908d313ae17c350) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

11:36:20.0086 5896 nvUpdatusService - ok

11:36:20.0273 5896 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

11:36:20.0304 5896 nv_agp - ok

11:36:20.0413 5896 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

11:36:20.0460 5896 ohci1394 - ok

11:36:20.0725 5896 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

11:36:20.0741 5896 ose - ok

11:36:22.0691 5896 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

11:36:22.0738 5896 osppsvc - ok

11:36:23.0642 5896 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

11:36:23.0736 5896 p2pimsvc - ok

11:36:23.0798 5896 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

11:36:23.0845 5896 p2psvc - ok

11:36:23.0954 5896 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

11:36:24.0001 5896 Parport - ok

11:36:24.0126 5896 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys

11:36:24.0157 5896 partmgr - ok

11:36:24.0329 5896 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

11:36:24.0376 5896 PcaSvc - ok

11:36:24.0532 5896 pcCMService (bae04007a679893e975a2b75e9e001e9) C:\Program Files (x86)\Common Files\Motive\pcCMService.exe

11:36:24.0547 5896 pcCMService ( UnsignedFile.Multi.Generic ) - warning

11:36:24.0547 5896 pcCMService - detected UnsignedFile.Multi.Generic (1)

11:36:24.0922 5896 pcCMService64 (3bea1d461531d1d26f5695bb9ca97a18) C:\Program Files\Common Files\Motive\pcCMService.exe

11:36:24.0953 5896 pcCMService64 ( UnsignedFile.Multi.Generic ) - warning

11:36:24.0953 5896 pcCMService64 - detected UnsignedFile.Multi.Generic (1)

11:36:25.0156 5896 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

11:36:25.0202 5896 pci - ok

11:36:25.0265 5896 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

11:36:25.0296 5896 pciide - ok

11:36:25.0483 5896 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys

11:36:25.0530 5896 pcmcia - ok

11:36:25.0873 5896 pcServiceHost (a792405e6c84c3debc02b1cf29a928f0) C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe

11:36:25.0889 5896 pcServiceHost ( UnsignedFile.Multi.Generic ) - warning

11:36:25.0889 5896 pcServiceHost - detected UnsignedFile.Multi.Generic (1)

11:36:25.0967 5896 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

11:36:25.0998 5896 pcw - ok

11:36:26.0528 5896 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

11:36:26.0638 5896 PEAUTH - ok

11:36:26.0762 5896 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

11:36:26.0809 5896 PerfHost - ok

11:36:27.0589 5896 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

11:36:27.0730 5896 pla - ok

11:36:27.0792 5896 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

11:36:27.0886 5896 PlugPlay - ok

11:36:27.0901 5896 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

11:36:27.0964 5896 PNRPAutoReg - ok

11:36:27.0995 5896 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

11:36:28.0010 5896 PNRPsvc - ok

11:36:28.0400 5896 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

11:36:28.0494 5896 PolicyAgent - ok

11:36:28.0541 5896 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

11:36:28.0619 5896 Power - ok

11:36:28.0728 5896 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

11:36:28.0822 5896 PptpMiniport - ok

11:36:28.0853 5896 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys

11:36:28.0900 5896 Processor - ok

11:36:28.0931 5896 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll

11:36:28.0993 5896 ProfSvc - ok

11:36:29.0040 5896 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

11:36:29.0056 5896 ProtectedStorage - ok

11:36:29.0118 5896 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

11:36:29.0180 5896 Psched - ok

11:36:29.0305 5896 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys

11:36:29.0399 5896 ql2300 - ok

11:36:29.0960 5896 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys

11:36:29.0992 5896 ql40xx - ok

11:36:30.0226 5896 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

11:36:30.0288 5896 QWAVE - ok

11:36:30.0350 5896 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

11:36:30.0428 5896 QWAVEdrv - ok

11:36:30.0444 5896 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

11:36:30.0506 5896 RasAcd - ok

11:36:30.0569 5896 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

11:36:30.0616 5896 RasAgileVpn - ok

11:36:30.0662 5896 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

11:36:30.0740 5896 RasAuto - ok

11:36:30.0772 5896 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

11:36:30.0850 5896 Rasl2tp - ok

11:36:30.0912 5896 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

11:36:30.0959 5896 RasMan - ok

11:36:30.0990 5896 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

11:36:31.0037 5896 RasPppoe - ok

11:36:31.0052 5896 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

11:36:31.0115 5896 RasSstp - ok

11:36:31.0146 5896 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

11:36:31.0255 5896 rdbss - ok

11:36:31.0286 5896 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys

11:36:31.0380 5896 rdpbus - ok

11:36:31.0396 5896 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

11:36:31.0474 5896 RDPCDD - ok

11:36:31.0505 5896 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

11:36:31.0567 5896 RDPENCDD - ok

11:36:31.0598 5896 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

11:36:31.0645 5896 RDPREFMP - ok

11:36:31.0770 5896 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys

11:36:31.0817 5896 RDPWD - ok

11:36:31.0879 5896 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

11:36:31.0910 5896 rdyboost - ok

11:36:31.0957 5896 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

11:36:32.0020 5896 RemoteAccess - ok

11:36:32.0051 5896 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

11:36:32.0113 5896 RemoteRegistry - ok

11:36:32.0144 5896 RimVSerPort (c903d49655b4aae46673f0aaa6be0f58) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys

11:36:32.0176 5896 RimVSerPort - ok

11:36:32.0207 5896 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

11:36:32.0254 5896 RpcEptMapper - ok

11:36:32.0285 5896 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

11:36:32.0332 5896 RpcLocator - ok

11:36:32.0784 5896 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

11:36:32.0831 5896 RpcSs - ok

11:36:32.0893 5896 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

11:36:32.0940 5896 rspndr - ok

11:36:33.0049 5896 RTL8169 (e3aa12faa3192d1090b9069c3925373b) C:\Windows\system32\DRIVERS\Rtlh64.sys

11:36:33.0080 5896 RTL8169 - ok

11:36:33.0143 5896 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

11:36:33.0174 5896 SamSs - ok

11:36:33.0283 5896 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

11:36:33.0314 5896 sbp2port - ok

11:36:33.0533 5896 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

11:36:33.0595 5896 SCardSvr - ok

11:36:34.0110 5896 SCBackService (8475e746eb72d04f1015e6f091f50e09) C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe

11:36:34.0126 5896 SCBackService - ok

11:36:34.0172 5896 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

11:36:34.0235 5896 scfilter - ok

11:36:35.0218 5896 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

11:36:35.0280 5896 Schedule - ok

11:36:35.0420 5896 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

11:36:35.0467 5896 SCPolicySvc - ok

11:36:35.0670 5896 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

11:36:35.0748 5896 SDRSVC - ok

11:36:35.0842 5896 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

11:36:35.0935 5896 secdrv - ok

11:36:35.0951 5896 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

11:36:35.0982 5896 seclogon - ok

11:36:36.0029 5896 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll

11:36:36.0091 5896 SENS - ok

11:36:36.0122 5896 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

11:36:36.0154 5896 SensrSvc - ok

11:36:36.0185 5896 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

11:36:36.0232 5896 Serenum - ok

11:36:36.0263 5896 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

11:36:36.0341 5896 Serial - ok

11:36:36.0372 5896 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys

11:36:36.0419 5896 sermouse - ok

11:36:36.0450 5896 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

11:36:36.0497 5896 SessionEnv - ok

11:36:36.0512 5896 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

11:36:36.0544 5896 sffdisk - ok

11:36:36.0575 5896 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

11:36:36.0637 5896 sffp_mmc - ok

11:36:36.0668 5896 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

11:36:36.0731 5896 sffp_sd - ok

11:36:36.0746 5896 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys

11:36:36.0809 5896 sfloppy - ok

11:36:36.0902 5896 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

11:36:37.0012 5896 SharedAccess - ok

11:36:37.0136 5896 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

11:36:37.0183 5896 ShellHWDetection - ok

11:36:37.0246 5896 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys

11:36:37.0277 5896 SiSRaid2 - ok

11:36:37.0292 5896 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys

11:36:37.0308 5896 SiSRaid4 - ok

11:36:37.0324 5896 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

11:36:37.0386 5896 Smb - ok

11:36:37.0573 5896 snapman (27ba49f89468fddae6c2b311c53bce3a) C:\Windows\system32\DRIVERS\snapman.sys

11:36:37.0604 5896 snapman - ok

11:36:37.0667 5896 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

11:36:37.0729 5896 SNMPTRAP - ok

11:36:37.0745 5896 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

11:36:37.0760 5896 spldr - ok

11:36:37.0823 5896 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

11:36:37.0854 5896 Spooler - ok

11:36:39.0398 5896 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

11:36:39.0445 5896 sppsvc - ok

11:36:40.0054 5896 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

11:36:40.0116 5896 sppuinotify - ok

11:36:40.0568 5896 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

11:36:40.0740 5896 srv - ok

11:36:41.0099 5896 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

11:36:41.0208 5896 srv2 - ok

11:36:41.0255 5896 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

11:36:41.0302 5896 srvnet - ok

11:36:41.0333 5896 ssadbus (8f8324ed1de63ffc7b1a02cd2d963c72) C:\Windows\system32\DRIVERS\ssadbus.sys

11:36:41.0395 5896 ssadbus - ok

11:36:41.0426 5896 ssadmdfl (58221efcb74167b73667f0024c661ce0) C:\Windows\system32\DRIVERS\ssadmdfl.sys

11:36:41.0442 5896 ssadmdfl - ok

11:36:41.0489 5896 ssadmdm (4da7c71bfac5ad71255b7e4cab980163) C:\Windows\system32\DRIVERS\ssadmdm.sys

11:36:41.0567 5896 ssadmdm - ok

11:36:41.0614 5896 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

11:36:41.0692 5896 SSDPSRV - ok

11:36:41.0707 5896 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

11:36:41.0738 5896 SstpSvc - ok

11:36:42.0128 5896 Stereo Service (8544a200c40447e465f06e58687428bb) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

11:36:42.0160 5896 Stereo Service - ok

11:36:42.0206 5896 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys

11:36:42.0238 5896 stexstor - ok

11:36:42.0347 5896 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

11:36:42.0409 5896 stisvc - ok

11:36:42.0440 5896 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys

11:36:42.0456 5896 swenum - ok

11:36:42.0955 5896 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

11:36:43.0018 5896 swprv - ok

11:36:44.0406 5896 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

11:36:44.0453 5896 SysMain - ok

11:36:44.0640 5896 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

11:36:44.0765 5896 TabletInputService - ok

11:36:44.0999 5896 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

11:36:45.0092 5896 TapiSrv - ok

11:36:45.0108 5896 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

11:36:45.0139 5896 TBS - ok

11:36:45.0638 5896 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys

11:36:45.0716 5896 Tcpip - ok

11:36:46.0247 5896 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys

11:36:46.0294 5896 TCPIP6 - ok

11:36:46.0871 5896 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

11:36:46.0996 5896 tcpipreg - ok

11:36:47.0027 5896 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

11:36:47.0074 5896 TDPIPE - ok

11:36:47.0198 5896 tdrpman258 (bf7ac81df6fbe09438d9dc7188178ea9) C:\Windows\system32\DRIVERS\tdrpm258.sys

11:36:47.0245 5896 tdrpman258 - ok

11:36:47.0339 5896 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

11:36:47.0401 5896 TDTCP - ok

11:36:47.0432 5896 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

11:36:47.0495 5896 tdx - ok

11:36:47.0510 5896 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys

11:36:47.0526 5896 TermDD - ok

11:36:48.0072 5896 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

11:36:48.0166 5896 TermService - ok

11:36:48.0197 5896 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

11:36:48.0259 5896 Themes - ok

11:36:48.0384 5896 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

11:36:48.0431 5896 THREADORDER - ok

11:36:48.0493 5896 tmactmon (e386dd8ec68c67ca3e2a3abdc1df5c56) C:\Windows\system32\DRIVERS\tmactmon.sys

11:36:48.0524 5896 tmactmon - ok

11:36:48.0618 5896 tmcomm (ab011c569487fd65c8944ddf8cbb2572) C:\Windows\system32\DRIVERS\tmcomm.sys

11:36:48.0649 5896 tmcomm - ok

11:36:48.0665 5896 tmeevw (1161f882b3cfa8076870a09924e0adc2) C:\Windows\system32\DRIVERS\tmeevw.sys

11:36:48.0680 5896 tmeevw - ok

11:36:48.0727 5896 tmevtmgr (8870a3d7305455b47adccd226f8e51bc) C:\Windows\system32\DRIVERS\tmevtmgr.sys

11:36:48.0743 5896 tmevtmgr - ok

11:36:48.0790 5896 tmnciesc (f0ae672ee91e7f1ef24644621b57ca7f) C:\Windows\system32\DRIVERS\tmnciesc.sys

11:36:48.0836 5896 tmnciesc - ok

11:36:48.0868 5896 tmtdi (065cb7d9278d778fb9ef62cead01433f) C:\Windows\system32\DRIVERS\tmtdi.sys

11:36:48.0899 5896 tmtdi - ok

11:36:48.0930 5896 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

11:36:48.0961 5896 TrkWks - ok

11:36:49.0195 5896 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

11:36:49.0226 5896 TrustedInstaller - ok

11:36:49.0304 5896 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

11:36:49.0414 5896 tssecsrv - ok

11:36:49.0460 5896 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

11:36:49.0492 5896 TsUsbFlt - ok

11:36:49.0538 5896 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys

11:36:49.0554 5896 TsUsbGD - ok

11:36:49.0601 5896 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

11:36:49.0663 5896 tunnel - ok

11:36:49.0757 5896 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys

11:36:49.0788 5896 uagp35 - ok

11:36:50.0084 5896 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

11:36:50.0256 5896 udfs - ok

11:36:50.0303 5896 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

11:36:50.0350 5896 UI0Detect - ok

11:36:50.0396 5896 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

11:36:50.0412 5896 uliagpkx - ok

11:36:50.0474 5896 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys

11:36:50.0521 5896 umbus - ok

11:36:50.0552 5896 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys

11:36:50.0615 5896 UmPass - ok

11:36:50.0693 5896 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

11:36:50.0755 5896 upnphost - ok

11:36:50.0833 5896 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys

11:36:50.0880 5896 USBAAPL64 - ok

11:36:50.0942 5896 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

11:36:50.0974 5896 usbccgp - ok

11:36:51.0005 5896 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

11:36:51.0020 5896 usbcir - ok

11:36:51.0052 5896 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys

11:36:51.0083 5896 usbehci - ok

11:36:51.0130 5896 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

11:36:51.0192 5896 usbhub - ok

11:36:51.0223 5896 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

11:36:51.0254 5896 usbohci - ok

11:36:51.0270 5896 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys

11:36:51.0317 5896 usbprint - ok

11:36:51.0332 5896 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

11:36:51.0379 5896 USBSTOR - ok

11:36:51.0410 5896 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

11:36:51.0457 5896 usbuhci - ok

11:36:51.0473 5896 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

11:36:51.0520 5896 UxSms - ok

11:36:51.0582 5896 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

11:36:51.0613 5896 VaultSvc - ok

11:36:51.0691 5896 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

11:36:51.0707 5896 vdrvroot - ok

11:36:52.0190 5896 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

11:36:52.0315 5896 vds - ok

11:36:52.0393 5896 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

11:36:52.0424 5896 vga - ok

11:36:52.0471 5896 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

11:36:52.0549 5896 VgaSave - ok

11:36:52.0768 5896 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

11:36:52.0814 5896 vhdmp - ok

11:36:52.0861 5896 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

11:36:52.0877 5896 viaide - ok

11:36:52.0908 5896 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

11:36:52.0939 5896 volmgr - ok

11:36:53.0017 5896 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

11:36:53.0048 5896 volmgrx - ok

11:36:53.0142 5896 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

11:36:53.0173 5896 volsnap - ok

11:36:53.0220 5896 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys

11:36:53.0236 5896 vsmraid - ok

11:36:53.0704 5896 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

11:36:53.0750 5896 VSS - ok

11:36:53.0938 5896 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys

11:36:53.0984 5896 vwifibus - ok

11:36:54.0094 5896 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

11:36:54.0234 5896 W32Time - ok

11:36:54.0281 5896 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys

11:36:54.0343 5896 WacomPen - ok

11:36:54.0390 5896 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

11:36:54.0452 5896 WANARP - ok

11:36:54.0468 5896 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

11:36:54.0515 5896 Wanarpv6 - ok

11:36:54.0718 5896 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

11:36:54.0780 5896 WatAdminSvc - ok

11:36:54.0920 5896 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

11:36:55.0045 5896 wbengine - ok

11:36:55.0217 5896 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

11:36:55.0264 5896 WbioSrvc - ok

11:36:55.0310 5896 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

11:36:55.0373 5896 wcncsvc - ok

11:36:55.0404 5896 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

11:36:55.0420 5896 WcsPlugInService - ok

11:36:55.0669 5896 WCUService_STC_FF (e47e66538692b1cfd6cc8021546fcc83) C:\Program Files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe

11:36:55.0685 5896 WCUService_STC_FF - ok

11:36:55.0841 5896 WCUService_STC_IE (147c60622cb53e901efd8bb6d44a4c46) C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe

11:36:55.0872 5896 WCUService_STC_IE - ok

11:36:55.0934 5896 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys

11:36:55.0966 5896 Wd - ok

11:36:56.0106 5896 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

11:36:56.0215 5896 Wdf01000 - ok

11:36:56.0262 5896 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

11:36:56.0387 5896 WdiServiceHost - ok

11:36:56.0387 5896 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

11:36:56.0402 5896 WdiSystemHost - ok

11:36:56.0527 5896 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

11:36:56.0621 5896 WebClient - ok

11:36:56.0699 5896 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

11:36:56.0792 5896 Wecsvc - ok

11:36:56.0824 5896 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

11:36:56.0855 5896 wercplsupport - ok

11:36:56.0886 5896 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

11:36:56.0933 5896 WerSvc - ok

11:36:56.0964 5896 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

11:36:56.0995 5896 WfpLwf - ok

11:36:56.0995 5896 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

11:36:57.0011 5896 WIMMount - ok

11:36:57.0073 5896 WinDefend - ok

11:36:57.0073 5896 WinHttpAutoProxySvc - ok

11:36:57.0151 5896 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

11:36:57.0198 5896 Winmgmt - ok

11:36:57.0713 5896 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

11:36:57.0822 5896 WinRM - ok

11:36:58.0150 5896 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

11:36:58.0181 5896 WinUsb - ok

11:36:58.0555 5896 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

11:36:58.0602 5896 Wlansvc - ok

11:36:59.0710 5896 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

11:36:59.0741 5896 wlidsvc - ok

11:37:00.0349 5896 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

11:37:00.0490 5896 WmiAcpi - ok

11:37:00.0552 5896 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

11:37:00.0599 5896 wmiApSrv - ok

11:37:00.0661 5896 WMPNetworkSvc - ok

11:37:00.0677 5896 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

11:37:00.0708 5896 WPCSvc - ok

11:37:00.0724 5896 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

11:37:00.0755 5896 WPDBusEnum - ok

11:37:00.0848 5896 WPFFontCache_v0400 - ok

11:37:00.0864 5896 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

11:37:00.0926 5896 ws2ifsl - ok

11:37:00.0926 5896 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll

11:37:00.0958 5896 wscsvc - ok

11:37:00.0973 5896 WSearch - ok

11:37:01.0114 5896 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll

11:37:01.0160 5896 wuauserv - ok

11:37:01.0238 5896 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

11:37:01.0316 5896 WudfPf - ok

11:37:01.0363 5896 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

11:37:01.0410 5896 WUDFRd - ok

11:37:01.0441 5896 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

11:37:01.0472 5896 wudfsvc - ok

11:37:01.0488 5896 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

11:37:01.0550 5896 WwanSvc - ok

11:37:01.0582 5896 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

11:37:01.0628 5896 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected

11:37:01.0628 5896 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)

11:37:01.0691 5896 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

11:37:01.0691 5896 \Device\Harddisk0\DR0 - detected TDSS File System (1)

11:37:01.0691 5896 Boot (0x1200) (dfd2ea691b98846456380b4a72ac8898) \Device\Harddisk0\DR0\Partition0

11:37:01.0691 5896 \Device\Harddisk0\DR0\Partition0 - ok

11:37:01.0691 5896 ============================================================

11:37:01.0691 5896 Scan finished

11:37:01.0691 5896 ============================================================

11:37:01.0691 5820 Detected object count: 9

11:37:01.0691 5820 Actual detected object count: 9

11:40:40.0590 5820 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user

11:40:40.0590 5820 Creative ALchemy AL6 Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:40:40.0590 5820 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - skipped by user

11:40:40.0590 5820 EpsonBidirectionalService ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:40:40.0606 5820 MREMP50 ( UnsignedFile.Multi.Generic ) - skipped by user

11:40:40.0606 5820 MREMP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:40:40.0606 5820 MRESP50 ( UnsignedFile.Multi.Generic ) - skipped by user

11:40:40.0606 5820 MRESP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:40:40.0606 5820 pcCMService ( UnsignedFile.Multi.Generic ) - skipped by user

11:40:40.0606 5820 pcCMService ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:40:40.0606 5820 pcCMService64 ( UnsignedFile.Multi.Generic ) - skipped by user

11:40:40.0606 5820 pcCMService64 ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:40:40.0606 5820 pcServiceHost ( UnsignedFile.Multi.Generic ) - skipped by user

11:40:40.0606 5820 pcServiceHost ( UnsignedFile.Multi.Generic ) - User select action: Skip

11:40:41.0339 5820 \Device\Harddisk0\DR0\# - copied to quarantine

11:40:41.0339 5820 \Device\Harddisk0\DR0 - copied to quarantine

11:40:41.0386 5820 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine

11:40:41.0402 5820 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine

11:40:42.0447 5820 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine

11:40:43.0492 5820 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine

11:40:43.0539 5820 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine

11:40:43.0586 5820 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine

11:40:43.0601 5820 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine

11:40:43.0632 5820 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine

11:40:43.0664 5820 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine

11:40:43.0679 5820 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine

11:40:47.0782 5820 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine

11:40:47.0798 5820 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine

11:40:47.0798 5820 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine

11:40:47.0813 5820 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine

11:40:47.0876 5820 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot

11:40:47.0922 5820 \Device\Harddisk0\DR0 - ok

11:40:47.0969 5820 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure

11:40:47.0969 5820 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

11:40:47.0969 5820 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

Link to post
Share on other sites

We're getting there......

Just run TDSSKiller again and just Delete this one only:

11:40:47.0969 5820 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

11:40:47.0969 5820 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

-------------------------------

Then..........

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

ComboFix 12-08-08.03 - Molly K 08/09/2012 12:21:45.4.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8175.6561 [GMT -5:00]

Running from: c:\users\Molly K\Desktop\ComboFix.exe

AV: Trend Micro Titanium Maximum Security 2012 *Disabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}

SP: Trend Micro Titanium Maximum Security 2012 *Disabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2012-07-09 to 2012-08-09 )))))))))))))))))))))))))))))))

.

.

2012-08-09 18:18 . 2012-08-09 18:18 -------- d-----w- C:\FRST

2012-08-09 17:25 . 2012-08-09 17:25 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-08-09 17:25 . 2012-08-09 17:25 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-08-09 16:40 . 2012-08-09 17:19 -------- d-----w- C:\TDSSKiller_Quarantine

2012-08-09 01:49 . 2012-08-09 01:49 21520 ----a-w- c:\windows\DCEBoot64.exe

2012-08-09 01:07 . 2012-08-09 01:14 134672 ----a-w- c:\windows\RegBootClean64.exe

2012-08-08 21:39 . 2012-07-03 18:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-08-08 20:15 . 2012-08-08 20:13 67344 ----a-w- c:\windows\system32\drivers\tmeevw.sys

2012-08-08 20:15 . 2012-08-08 20:13 210704 ----a-w- c:\windows\system32\drivers\tmnciesc.sys

2012-08-08 20:15 . 2012-08-08 20:13 105744 ----a-w- c:\windows\system32\drivers\tmtdi.sys

2012-08-08 20:15 . 2012-08-08 20:13 91920 ----a-w- c:\windows\system32\drivers\tmactmon.sys

2012-08-08 20:15 . 2012-08-08 20:13 70928 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys

2012-08-08 20:15 . 2012-08-08 20:13 167696 ----a-w- c:\windows\system32\drivers\tmcomm.sys

2012-08-08 20:14 . 2012-08-08 20:14 -------- d-----w- c:\program files\Trend Micro

2012-08-08 15:54 . 2012-08-08 20:19 -------- d-----w- c:\program files (x86)\Trend Micro

2012-08-08 15:41 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll

2012-08-08 15:41 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll

2012-08-08 14:06 . 2012-07-16 07:40 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8599059B-106A-4D1D-8374-A62C2960CB64}\mpengine.dll

2012-08-08 13:58 . 2012-08-08 13:58 -------- d-----w- c:\windows\Sun

2012-07-19 15:17 . 2012-07-19 15:17 -------- d-----w- c:\users\Molly K\AppData\Roaming\Motive

2012-07-19 15:17 . 2012-07-19 15:17 -------- d-----w- c:\program files\ATT-SST

2012-07-19 15:17 . 2012-07-19 15:17 -------- d-----w- c:\program files (x86)\ATT-SST

2012-07-19 15:14 . 2012-07-19 15:17 -------- d-----w- c:\program files (x86)\Common Files\Motive

2012-07-19 15:14 . 2012-07-19 15:17 -------- d-----w- c:\program files\Common Files\Motive

2012-07-19 15:14 . 2012-08-02 15:55 -------- d-----w- c:\programdata\Motive

2012-07-11 03:06 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys

2012-07-11 03:03 . 2012-06-02 12:49 17807360 ----a-w- c:\windows\system32\mshtml.dll

2012-07-11 03:03 . 2012-06-02 12:17 10924032 ----a-w- c:\windows\system32\ieframe.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-08 20:14 . 2012-02-29 15:06 56 ----a-w- c:\windows\system32\SupportTool.exe.bat

2012-08-03 13:43 . 2012-04-09 12:29 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-08-03 13:43 . 2011-06-22 00:17 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-11 03:04 . 2012-03-23 02:07 59701280 ----a-w- c:\windows\system32\MRT.exe

2012-06-05 07:37 . 2012-04-04 13:33 256904 ----a-w- c:\windows\SysWow64\drivers\tmcomm.sys

2012-06-02 22:19 . 2012-06-21 13:19 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-21 13:20 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:19 . 2012-06-21 13:20 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-21 13:20 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-21 13:19 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:15 . 2012-06-21 13:20 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:15 . 2012-06-21 13:19 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 20:19 . 2012-06-21 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 20:15 . 2012-06-21 13:19 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-05-31 17:25 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe

.

.

((((((((((((((((((((((((((((( SnapShot@2012-08-09_02.07.50 )))))))))))))))))))))))))))))))))))))))))

.

+ 2012-08-08 13:56 . 2012-08-09 12:41 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

- 2012-08-08 13:56 . 2012-08-09 01:58 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

- 2012-08-08 14:02 . 2012-08-09 00:14 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat

+ 2012-08-08 14:02 . 2012-08-09 04:37 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Internet Explorer\UserData\index.dat

- 2012-08-08 13:57 . 2012-08-09 01:58 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat

+ 2012-08-08 13:57 . 2012-08-09 12:41 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat

+ 2010-11-21 03:09 . 2012-08-09 17:17 46808 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-08-09 17:17 36854 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

- 2012-03-23 12:57 . 2012-08-07 13:34 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2012-03-23 12:57 . 2012-08-09 05:09 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2012-03-23 12:57 . 2012-08-09 05:09 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2012-03-23 12:57 . 2012-08-07 13:34 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-08-07 13:34 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:54 . 2012-08-09 05:09 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2009-07-14 04:46 . 2012-08-09 16:32 95696 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat

+ 2012-03-23 02:23 . 2012-08-09 17:17 6556 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-761091862-3678968245-921467866-1000_UserData.bin

+ 2012-08-09 17:15 . 2012-08-09 17:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-08-09 02:07 . 2012-08-09 02:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-08-09 17:15 . 2012-08-09 17:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2012-08-09 02:07 . 2012-08-09 02:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2009-07-14 04:54 . 2012-08-09 16:59 180224 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 04:54 . 2012-08-09 02:07 180224 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-07-14 02:36 . 2012-08-08 20:15 680090 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2012-08-09 16:19 680090 c:\windows\system32\perfh009.dat

+ 2009-07-14 02:36 . 2012-08-09 16:19 128616 c:\windows\system32\perfc009.dat

- 2009-07-14 02:36 . 2012-08-08 20:15 128616 c:\windows\system32\perfc009.dat

+ 2009-07-14 05:01 . 2012-08-09 17:11 385004 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 05:01 . 2012-08-09 02:06 385004 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 04:54 . 2012-08-09 16:59 3293184 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-07-14 04:54 . 2012-08-09 02:07 3293184 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2012-08-09 16:59 8781824 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:54 . 2012-08-09 02:07 8781824 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-06-13 05:05 . 2012-08-09 15:11 6183556 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-761091862-3678968245-921467866-1000-12288.dat

- 2011-06-13 05:05 . 2012-08-08 19:48 6183556 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-761091862-3678968245-921467866-1000-12288.dat

+ 2012-08-08 15:29 . 2012-08-09 16:43 2255704 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat

- 2012-08-08 15:29 . 2012-08-09 02:06 2255704 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-18-16384.dat

+ 2011-05-07 03:30 . 2012-08-09 16:10 34039124 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-761091862-3678968245-921467866-1000-8192.dat

+ 2011-05-18 04:22 . 2012-08-09 17:11 22091776 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-761091862-3678968245-921467866-1000-4096.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{0F3DC9E0-C459-4a40-BCF8-747BD9322E10}"= "c:\program files (x86)\Splashtop\Splashtop Connect IE\AddressBarSearch.dll" [2011-03-04 165776]

.

[HKEY_CLASSES_ROOT\clsid\{0f3dc9e0-c459-4a40-bcf8-747bd9322e10}]

[HKEY_CLASSES_ROOT\AddressBarSearch.SearchHook.1]

[HKEY_CLASSES_ROOT\TypeLib\{4E8E0178-00EF-413d-9324-E7B3E31572E3}]

[HKEY_CLASSES_ROOT\AddressBarSearch.SearchHook]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2010-11-21 163328]

"NVIDIA nTune"="c:\program files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-07-03 98304]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]

"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]

"ArcSoft MediaImpression Monitor"="c:\program files (x86)\Kodak\MediaImpression\ArcMonitor.exe" [2010-12-15 80448]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2010-05-07 165208]

"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]

"STCAgent"="c:\program files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe" [2011-03-04 776064]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-11-12 5106904]

"ZyngaGamesAgent"="c:\program files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe" [2010-11-15 841544]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer4"=wdmaud.drv

.

R2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-25 136176]

R2 LVPrcS64;Process Monitor;c:\program files\Common Files\Logishrd\LVMVFM\LVPrcSrv.exe [2010-05-07 197976]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-03 250056]

R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272]

R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-05-15 79360]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-25 136176]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-19 113120]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 157672]

R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 16872]

R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 177640]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-23 1255736]

S0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\DRIVERS\tdrpm258.sys [2010-05-20 1477728]

S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2011-01-10 21104]

S1 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2012-08-08 70928]

S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2010-05-20 2480048]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-02-10 2348352]

S2 pcCMService;pcCMService;c:\program files (x86)\Common Files\Motive\pcCMService.exe [2012-07-06 361472]

S2 pcCMService64;pcCMService64;c:\program files\Common Files\Motive\pcCMService.exe [2012-07-06 441344]

S2 pcServiceHost;pcServiceHost;c:\program files (x86)\Common Files\Motive\pcServiceHost.exe [2012-06-14 342016]

S2 SCBackService;Splashtop Connect Service;c:\program files (x86)\Splashtop\Splashtop Connect\BackService.exe [2010-11-15 477000]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-10 382272]

S2 WCUService_STC_FF;Splashtop Connect Firefox Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe [2011-03-24 493384]

S2 WCUService_STC_IE;Splashtop Connect IE Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe [2011-03-22 497480]

S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2010-05-20 251488]

S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2011-07-29 56960]

S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2011-07-29 79104]

S3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2010-05-07 30304]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]

S3 MEIx64;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-01-17 188224]

S3 tmeevw;tmeevw;c:\windows\system32\DRIVERS\tmeevw.sys [2012-08-08 67344]

S3 tmnciesc;tmnciesc;c:\windows\system32\DRIVERS\tmnciesc.sys [2012-08-08 210704]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - 71832407

*NewlyCreated* - APPLECHARGER

*Deregistered* - 71832407

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-09 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 13:43]

.

2012-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-25 03:57]

.

2012-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-25 03:57]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-07-21 12632168]

"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2009-11-12 361632]

"AsioReg"="CTASIO.DLL" [bU]

"ATT-SST_McciTrayApp"="c:\program files\ATT-SST\pcTrayApp.exe" [2012-06-07 2727936]

"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2012-07-06 1304824]

"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2012-02-27 213824]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105

Trusted Zone: $talisma_url$

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{18E913FB-9919-4288-8DA7-27333B19059B}: DhcpNameServer = 192.168.1.254

FF - ProfilePath - c:\users\Molly K\AppData\Roaming\Mozilla\Firefox\Profiles\auikov9m.default\

FF - prefs.js: browser.search.selectedEngine - Yahoo

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - prefs.js: network.proxy.type - 0

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{CCAC5586-44D7-4C43-B64A-F042461A97D2}"=hex:51,66,7a,6c,4c,1d,38,12,e8,56,bf,

c8,e5,0a,2d,09,c9,5c,b3,02,43,44,d3,c6

"{0E5680D1-BF44-4929-94AF-FD30D784AD1D}"=hex:51,66,7a,6c,4c,1d,38,12,bf,83,45,

0a,76,f1,47,0c,eb,b9,be,70,d2,da,e9,09

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,

1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7

"{1CA1377B-DC1D-4A52-9585-6E06050FAC53}"=hex:51,66,7a,6c,4c,1d,38,12,15,34,b2,

18,2f,92,3c,0f,ea,93,2d,46,00,51,e8,47

"{43C6D902-A1C5-45C9-91F6-FD9E90337E18}"=hex:51,66,7a,6c,4c,1d,38,12,6c,da,d5,

47,f7,ef,a7,00,ee,e0,be,de,95,6d,3a,0c

"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,

76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a

"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,

72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57

"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,

94,30,02,d1,0f,f1,da,12,24,73,56,27,d2

"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,38,12,07,5b,93,

aa,6e,60,ba,0b,f0,6d,b2,b7,80,44,00,83

"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,

b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb

"{BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC}"=hex:51,66,7a,6c,4c,1d,38,12,93,b9,bf,

bf,6c,b4,17,05,f4,25,43,ab,9a,4d,90,b8

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,

df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd

"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,

2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:6b,39,87,c1,86,75,cd,01

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-08-09 12:26:14

ComboFix-quarantined-files.txt 2012-08-09 17:26

ComboFix2.txt 2012-08-09 04:08

ComboFix3.txt 2012-08-09 03:20

ComboFix4.txt 2012-08-09 02:14

.

Pre-Run: 263,838,212,096 bytes free

Post-Run: 263,784,206,336 bytes free

.

- - End Of File - - 662403E8C39349ABA942E3817CAD25A6

Link to post
Share on other sites

Malwarebytes Anti-Malware (Trial) 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.09.09

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Molly K :: MOLLYK-PC [administrator]

Protection: Disabled

8/9/2012 12:38:45 PM

mbam-log-2012-08-09 (12-38-45).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 216980

Time elapsed: 5 minute(s), 5 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

I would like to do a happy dance but my Trend Micro is still saying it's stopping viruses and threats.

Virus

Date/Time,Affected Files,Threat,Response

8/8/2012 3:35 PM,C:\Users\Molly K\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\2f367388-4b1c6432\glass\mumux.class,JAVA_DLOADR.BBZ,Removed

8/8/2012 3:35 PM,C:\Users\Molly K\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\2f367388-4b1c6432\glass\Zo666.class,JAVA_DLOADR.BBZ,Removed

8/8/2012 3:35 PM,C:\Users\Molly K\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\2f367388-4b1c6432\glass\Zom.class,JAVA_DLOADR.BBZ,Removed

8/8/2012 3:35 PM,C:\Users\Molly K\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\2f367388-4b1c6432\glass\Zom2.class,JAVA_DLOADR.BBZ,Removed

8/8/2012 3:35 PM,C:\Users\Molly K\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\17ec923d-59ba9c60\pera\a2.class,JAVA_EXPLOYT.JB,Removed

8/8/2012 3:35 PM,C:\Users\Molly K\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\17ec923d-59ba9c60\pera\pera.class,JAVA_EXPLOYT.JB,Removed

8/8/2012 3:35 PM,C:\Users\Molly K\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\17ec923d-59ba9c60\pera\perb.class,JAVA_EXPLOYT.JB,Removed

8/8/2012 3:35 PM,C:\Users\Molly K\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\17ec923d-59ba9c60\pera\F.class,JAVA_EXPLOYT.JB,Removed

8/8/2012 3:35 PM,C:\Users\Molly K\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\17ec923d-59ba9c60\pera\perc.class,JAVA_EXPLOYT.JB,Removed

8/8/2012 3:35 PM,C:\Users\Molly K\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\17ec923d-59ba9c60\pera\pere.class,JAVA_EXPLOYT.JB,Removed

8/8/2012 3:35 PM,C:\Users\Molly K\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\17ec923d-59ba9c60\pera\perd.class,JAVA_EXPLOYT.JB,Removed

8/8/2012 3:35 PM,C:\Users\Molly K\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\ef12141-309c829e\ps_fa\b2e.class,JAVA_DLOAD.VO,Removed

8/8/2012 3:35 PM,C:\Users\Molly K\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\ef12141-309c829e\ps_fa\ps_fe.class,JAVA_DLOAD.VO,Removed

8/8/2012 3:35 PM,C:\Users\Molly K\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\ef12141-309c829e\ps_fa\ps_fd.class,JAVA_DLOAD.VO,Removed

8/8/2012 3:35 PM,C:\Users\Molly K\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\ef12141-309c829e\ps_fa\F.class,JAVA_DLOAD.VO,Removed

8/8/2012 3:35 PM,C:\Users\Molly K\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\ef12141-309c829e\ps_fa\ps_fa.class,JAVA_DLOAD.VO,Removed

8/8/2012 3:35 PM,C:\Users\Molly K\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\ef12141-309c829e\ps_fa\ps_fc.class,JAVA_DLOAD.VO,Removed

8/8/2012 3:35 PM,C:\Users\Molly K\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\ef12141-309c829e\ps_fa\ps_fb.class,JAVA_DLOAD.VO,Removed

8/8/2012 8:07 PM,C:\Windows\Installer\{c0bbd9c8-dc52-6eac-0619-123afb8c61ab}\U\80000064.@,TROJ_GEN.R01CDH7,Removed

8/8/2012 8:09 PM,C:\Windows\Installer\{c0bbd9c8-dc52-6eac-0619-123afb8c61ab}\U\00000004.@,TROJ_SIREFEF.UV,Removed

8/8/2012 8:09 PM,C:\Windows\Installer\{c0bbd9c8-dc52-6eac-0619-123afb8c61ab}\U\00000008.@,TROJ_SIREFEF.GF,Removed

8/8/2012 8:09 PM,C:\Windows\Installer\{c0bbd9c8-dc52-6eac-0619-123afb8c61ab}\U\000000cb.@,TROJ_SIREFEF.UT,Removed

8/8/2012 8:09 PM,C:\Windows\Installer\{c0bbd9c8-dc52-6eac-0619-123afb8c61ab}\U\00000004.@,TROJ_SIREFEF.UV,Removed

8/8/2012 8:09 PM,C:\Windows\Installer\{c0bbd9c8-dc52-6eac-0619-123afb8c61ab}\U\000000cb.@,TROJ_SIREFEF.UT,Removed

8/8/2012 8:09 PM,C:\Windows\Installer\{c0bbd9c8-dc52-6eac-0619-123afb8c61ab}\U\80000064.@,TROJ_GEN.R01CDH7,Removed

8/8/2012 8:09 PM,C:\Windows\Installer\{c0bbd9c8-dc52-6eac-0619-123afb8c61ab}\U\00000008.@,TROJ_SIREFEF.GF,Removed

8/8/2012 8:10 PM,C:\Windows\System32\services.exe,PTCH_ZACCESS.SIX,Detected

8/8/2012 8:13 PM,C:\Windows\Installer\{c0bbd9c8-dc52-6eac-0619-123afb8c61ab}\U\000000cb.@,TROJ_SIREFEF.UT,Removed

8/8/2012 8:13 PM,C:\Windows\Installer\{c0bbd9c8-dc52-6eac-0619-123afb8c61ab}\U\00000004.@,TROJ_SIREFEF.UV,Removed

8/8/2012 8:14 PM,C:\Windows\Installer\{c0bbd9c8-dc52-6eac-0619-123afb8c61ab}\U\80000064.@,TROJ_GEN.R01CDH7,Removed

8/8/2012 8:14 PM,C:\Windows\Installer\{c0bbd9c8-dc52-6eac-0619-123afb8c61ab}\U\00000008.@,TROJ_SIREFEF.GF,Removed

8/8/2012 8:49 PM,C:\Windows\assembly\GAC_32\Desktop.ini,TROJ_SIREFEF.DAM,Removed

8/8/2012 8:49 PM,C:\Windows\assembly\GAC_64\Desktop.ini,TROJ_SIREFEF.DAM,Removed

8/9/2012 11:40 AM,C:\TDSSKiller_Quarantine\09.08.2012_11.34.29\mbr0000\tdlfs0000\tsk0009.dta,RTKT_TDSS.BSS,Removed

8/9/2012 12:19 PM,C:\TDSSKiller_Quarantine\09.08.2012_12.15.52\tdlfs0000\tsk0009.dta,RTKT_TDSS.BSS,Removed

8/9/2012 12:40 PM,C:\TDSSKiller_Quarantine\09.08.2012_11.34.29\mbr0000\tdlfs0000\tsk0000.dta,TROJ_GEN.RCBC8H7,Removed

8/9/2012 12:40 PM,C:\TDSSKiller_Quarantine\09.08.2012_11.34.29\mbr0000\tdlfs0000\tsk0002.dta,TROJ_OLMARIK.OZ,Removed

8/9/2012 12:40 PM,C:\TDSSKiller_Quarantine\09.08.2012_11.34.29\mbr0000\tdlfs0000\tsk0003.dta,TROJ_OLMARIK.PA,Removed

8/9/2012 12:40 PM,C:\TDSSKiller_Quarantine\09.08.2012_11.34.29\mbr0000\tdlfs0000\tsk0005.dta,TROJ_OLMARIK.ERO,Removed

8/9/2012 12:40 PM,C:\TDSSKiller_Quarantine\09.08.2012_11.34.29\mbr0000\tdlfs0000\tsk0009.dta,TROJ_ALUREON.DRY,Removed

8/9/2012 12:40 PM,C:\TDSSKiller_Quarantine\09.08.2012_12.15.52\tdlfs0000\tsk0000.dta,TROJ_GEN.RCBC8H7,Removed

8/9/2012 12:40 PM,C:\TDSSKiller_Quarantine\09.08.2012_12.15.52\tdlfs0000\tsk0002.dta,TROJ_OLMARIK.OZ,Removed

8/9/2012 12:40 PM,C:\TDSSKiller_Quarantine\09.08.2012_12.15.52\tdlfs0000\tsk0003.dta,TROJ_OLMARIK.PA,Removed

8/9/2012 12:40 PM,C:\TDSSKiller_Quarantine\09.08.2012_12.15.52\tdlfs0000\tsk0005.dta,TROJ_OLMARIK.ERO,Removed

8/9/2012 12:40 PM,C:\TDSSKiller_Quarantine\09.08.2012_12.15.52\tdlfs0000\tsk0009.dta,TROJ_ALUREON.DRY,Removed

Web Threats

Date/Time,Website Address,Response

8/8/2012 3:24 PM,http://37.220.36.44/z/,Blocked

8/8/2012 3:32 PM,http://37.220.36.44/s/1057/5005/1344434165585_42788194776580/,Blocked

8/8/2012 3:32 PM,http://colexity777.com/x/,Blocked

8/8/2012 3:33 PM,http://37.220.36.44/s/1057/5005/1344434165585_42788194776580/,Blocked

8/8/2012 3:34 PM,http://37.220.36.44/z/,Blocked

8/8/2012 3:36 PM,http://colexity777.com/x/,Blocked

8/8/2012 3:40 PM,http://espeak911.com/x/,Blocked

8/8/2012 3:50 PM,http://37.220.36.44/s/1057/5005/1344434165585_42788194776580/,Blocked

8/8/2012 3:51 PM,http://37.220.36.44/s/1057/5005/1344434165585_42788194776580/,Blocked

8/8/2012 3:54 PM,http://espeak911.com/x/,Blocked

8/8/2012 3:58 PM,http://espeak911.com/x/,Blocked

8/8/2012 4:01 PM,http://colexity777.com/x/,Blocked

8/8/2012 4:03 PM,http://37.220.36.44/s/1057/5005/1344434165585_42788194776580/,Blocked

8/8/2012 4:05 PM,http://espeak911.com/x/,Blocked

8/8/2012 4:13 PM,http://37.220.36.44/z/,Blocked

8/8/2012 4:22 PM,http://espeak911.com/x/,Blocked

8/8/2012 4:28 PM,http://espeak911.com/x/,Blocked

8/8/2012 4:35 PM,http://37.220.36.44/x/,Blocked

8/8/2012 4:36 PM,http://colexity777.com/x/,Blocked

8/8/2012 4:44 PM,http://ads.trk4.com/rd/b.php?bid=55157&sid=4609&pub=102333,Blocked

8/8/2012 4:47 PM,http://37.220.36.44/x/,Blocked

8/8/2012 4:55 PM,http://37.220.36.44/x/,Blocked

8/8/2012 4:58 PM,http://37.220.36.44/x/,Blocked

8/8/2012 5:02 PM,http://colexity777.com/x/,Blocked

8/8/2012 5:10 PM,http://colexity777.com/x/,Blocked

8/8/2012 5:14 PM,http://colexity777.com/x/,Blocked

8/8/2012 5:16 PM,http://37.220.36.44/x/,Blocked

8/8/2012 5:18 PM,http://espeak911.com/x/,Blocked

8/8/2012 5:25 PM,http://37.220.36.44/x/,Blocked

8/8/2012 5:27 PM,http://colexity777.com/x/,Blocked

8/8/2012 5:29 PM,http://37.220.36.44/x/,Blocked

8/8/2012 5:32 PM,http://37.220.36.44/x/,Blocked

8/8/2012 5:34 PM,http://colexity777.com/x/,Blocked

8/8/2012 5:39 PM,http://37.220.36.44/x/,Blocked

8/8/2012 5:40 PM,http://colexity777.com/x/,Blocked

8/8/2012 5:43 PM,http://colexity777.com/x/,Blocked

8/8/2012 5:49 PM,http://colexity777.com/x/,Blocked

8/8/2012 5:52 PM,http://37.220.36.44/x/,Blocked

8/8/2012 5:53 PM,http://colexity777.com/x/,Blocked

8/8/2012 5:59 PM,http://colexity777.com/x/,Blocked

8/8/2012 6:05 PM,http://espeak911.com/x/,Blocked

8/8/2012 6:07 PM,http://37.220.36.44/x/,Blocked

8/8/2012 6:10 PM,http://37.220.36.44/x/,Blocked

8/8/2012 6:29 PM,http://37.220.36.44/x/,Blocked

8/8/2012 6:30 PM,http://colexity777.com/x/,Blocked

8/8/2012 6:33 PM,http://37.220.36.44/x/,Blocked

8/8/2012 6:35 PM,http://espeak911.com/x/,Blocked

8/8/2012 6:43 PM,http://colexity777.com/x/,Blocked

8/8/2012 6:44 PM,http://espeak911.com/x/,Blocked

8/8/2012 6:48 PM,http://37.220.36.44/x/,Blocked

8/8/2012 6:52 PM,http://colexity777.com/x/,Blocked

8/8/2012 6:56 PM,http://colexity777.com/x/,Blocked

8/8/2012 6:59 PM,http://colexity777.com/x/,Blocked

8/8/2012 7:01 PM,http://37.220.36.44/x/,Blocked

8/8/2012 7:04 PM,http://37.220.36.44/x/,Blocked

8/8/2012 8:07 PM,http://xicdvrxhegbcizpqwwao.com/zx8WSXh76iiLKdj01LjImaWQ9MDYyNmUwZDkmYWlkPTMwNTA3JnNpZD0zJnE9Y29tYm9maXgmZW5nPXd3dy5nb29nbGUuY29tJm9zPTYuMS02NCZicj1maXJlZm94JnM9MA==sRsyvv29nU,Blocked

8/8/2012 8:07 PM,http://xicdvrxhegbcizpqwwao.com/Ux4mSQQ78LiYjdj01LjImaWQ9MDYyNmUwZDkmYWlkPTMwNTA3JnNpZD0zJnE9Y29tYm9maXgmZW5nPXd3dy5nb29nbGUuY29tJm9zPTYuMS02NCZicj1maXJlZm94JnM9MA==eeZ5klecCE,Blocked

8/8/2012 8:09 PM,http://37.220.36.44/z/,Blocked

8/8/2012 8:09 PM,http://ariydbprsqjzknvqiydv.com/Ommmvdj0yLjAmaWQ9MDYyNmUwZDkmYWlkPTMwNTA3JnNpZD0zJmt3PVkyOXRZbTltYVhnTkNtTnZiV0p2Wm1sNERRcDBjbVZ1WkN0dGFXTnlieXRvYjNWelpXTmhiR3dOQ25SeVpXNWtLMjFwWTNKdksyaHZkWE5sWTJGc2JBMEtkSEpsYm1RcmJXbGpjbThyYUc5MWMyVmpZV3hzRFFwMGNtVnVaQ3...XpJd05UVTFOemt5Sm5KbGMzQnZibk5sWDNSNWNHVTlkRzlyWlc0bE1rTnphV2R1WldSZmNtVnhkV1Z6ZENVeVEyTnZaR1VtYzJSclBXcHZaWGs9JnJlZj1kM2QzTG1kbFpXdHpkRzluYnk1amIyMHZabTl5ZFcwdlptbHNaWE12Wm1sc1pTOHhPVGN0WTI5dFltOW1hWGd0WW5rdGMzVmljeTg9Jm9zPTYuMS02NA==sYBces9WU61IIthMznI,Blocked

8/8/2012 8:10 PM,http://ojcpqnhrodavzlowbhfcug.com/nsZe54RhhVpwdj01LjUmaWQ9MDYyNmUwZDkmYWlkPTMwNTA3JnNpZD0zJm9zPTYuMS02NCZmcD0xJmFkPTE=55oAHqCm4N,Blocked

8/8/2012 8:13 PM,http://ariydbprsqjzknvqiydv.com/VGnNcdj0yLjAmaWQ9MDYyNmUwZDkmYWlkPTMwNTA3JnNpZD0zJmt3PVkyOXRZbTltYVhnTkNtTnZiV0p2Wm1sNERRcDBjbVZ1WkN0dGFXTnlieXRvYjNWelpXTmhiR3dOQ25SeVpXNWtLMjFwWTNKdksyaHZkWE5sWTJGc2JBMEtkSEpsYm1RcmJXbGpjbThyYUc5MWMyVmpZV3hzRFFwMGNtVnVaQ3...XlSbVJ2ZDI1c2IyRmtMbU51WlhRdVkyOXRKVEpHUTI5dFltOW1hWGdsTWtZek1EQXdMVGd3TWpKZk5DMDNOVEl5TVRBM015NW9kRzFzSm1WcFBWcFJOR3BWU1c0eVF6aFFSWGxSUjJJNFNVZG5SSGNtZFhOblBVRkdVV3BEVGtocVozQkhhakJUUldSdUxWOVlkWFpYWlZGS1EyOXpkVll3TFdjPSZvcz02LjEtNjQ=YBScEl8ib44ttwBDNuA,Blocked

8/8/2012 8:13 PM,http://37.220.36.44/z/,Blocked

8/8/2012 8:13 PM,http://xicdvrxhegbcizpqwwao.com/UB5ThNQ74iiFndj01LjImaWQ9MDYyNmUwZDkmYWlkPTMwNTA3JnNpZD0zJnE9Y29tYm9maXguZXhlJmVuZz13d3cuZ29vZ2xlLmNvbSZvcz02LjEtNjQmYnI9ZmlyZWZveCZzPTA=exmMHsq4nw,Blocked

8/8/2012 8:14 PM,http://ariydbprsqjzknvqiydv.com/2mbuYdj0yLjAmaWQ9MDYyNmUwZDkmYWlkPTMwNTA3JnNpZD0zJmt3PVkyOXRZbTltYVhndVpYaGxEUXBqYjIxaWIyWnBlQTBLWTI5dFltOW1hWGdOQ25SeVpXNWtLMjFwWTNKdksyaHZkWE5sWTJGc2JBMEtkSEpsYm1RcmJXbGpjbThyYUc5MWMyVmpZV3hzRFFwMGNtVnVaQ3R0YVdOeWJ5dG9iM1...1lsTWtaM2QzY3VZbXhsWlhCcGJtZGpiMjF3ZFhSbGNpNWpiMjBsTWtaamIyMWliMlpwZUNVeVJtaHZkeTEwYnkxMWMyVXRZMjl0WW05bWFYZ21aV2s5TUZFMGFsVkxkbUZNVDFoWE1rRlhjRE5uUlNaMWMyYzlRVVpSYWtOT1IxWmxkbTVWZGtWaGRITkVWMlF5YWkxTlIzcDZaV2hUTWtoWmR3PT0mb3M9Ni4xLTY0BJxtqV7fp52ItxKxGnU,Blocked

8/8/2012 8:14 PM,http://ojcpqnhrodavzlowbhfcug.com/Ggam66xEOricdj01LjUmaWQ9MDYyNmUwZDkmYWlkPTMwNTA3JnNpZD0zJm9zPTYuMS02NCZmcD0xJmFkPTE=53YYlHuc8M,Blocked

8/8/2012 8:16 PM,http://espeak911.com/z/,Blocked

8/8/2012 8:50 PM,http://espeak911.com/z/,Blocked

8/8/2012 9:15 PM,http://espeak911.com/s/1057/5005/1344434165585_42788194776580/,Blocked

8/8/2012 9:15 PM,http://espeak911.com/z/,Blocked

8/8/2012 9:24 PM,http://zolyawebadmin.com/?q=move+to+increase+the+security+of+financial+transactions+with+credit+cards+that+generate+a+onetime+pa,Blocked

8/8/2012 9:24 PM,http://colexity777.com/s/1057/5005/1344434165585_42788194776580/,Blocked

8/8/2012 9:29 PM,http://espeak911.com/z/,Blocked

8/8/2012 9:30 PM,http://37.220.36.44/x/,Blocked

8/8/2012 9:47 PM,http://espeak911.com/z/,Blocked

8/8/2012 9:50 PM,http://colexity777.com/z/,Blocked

8/8/2012 9:57 PM,http://37.220.36.44/x/,Blocked

8/8/2012 10:01 PM,http://37.220.36.44/x/,Blocked

8/8/2012 10:06 PM,http://37.220.36.44/x/,Blocked

8/8/2012 11:17 PM,http://espeak911.com/z/,Blocked

8/8/2012 11:19 PM,http://colexity777.com/z/,Blocked

8/8/2012 11:23 PM,http://colexity777.com/z/,Blocked

8/8/2012 11:27 PM,http://espeak911.com/z/,Blocked

8/8/2012 11:28 PM,http://37.220.36.44/x/,Blocked

8/8/2012 11:35 PM,http://espeak911.com/z/,Blocked

8/9/2012 12:12 AM,http://37.220.36.44/z/,Blocked

8/9/2012 12:14 AM,http://espeak911.com/s/1057/5005/1344434165585_42788194776580/,Blocked

8/9/2012 12:18 AM,http://colexity777.com/z/,Blocked

8/9/2012 12:18 AM,http://colexity777.com/s/1057/5005/1344434165585_42788194776580/,Blocked

8/9/2012 7:42 AM,http://zolyatrafficworld.com/?q=cash+loans+instant+online+no+faxing+one+hour,Blocked

8/9/2012 7:42 AM,http://zolyatrafficworld.com/?q=cash+loans+instant+online+no+faxing+one+hour,Blocked

8/9/2012 7:42 AM,http://zolyatrafficworld.com/?q=cash+loans+instant+online+no+faxing+one+hour,Blocked

8/9/2012 7:42 AM,http://zolyatrafficworld.com/?q=cash+loans+instant+online+no+faxing+one+hour,Blocked

8/9/2012 7:42 AM,http://zolyatrafficworld.com/?q=cash+loans+instant+online+no+faxing+one+hour,Blocked

8/9/2012 7:43 AM,http://zolyatrafficworld.com/?q=cash+loans+instant+online+no+faxing+one+hour,Blocked

8/9/2012 7:43 AM,http://zolyatrafficworld.com/?q=cash+loans+instant+online+no+faxing+one+hour,Blocked

8/9/2012 7:43 AM,http://zolyatrafficworld.com/?q=cash+loans+instant+online+no+faxing+one+hour,Blocked

8/9/2012 7:43 AM,http://espeak911.com/x/,Blocked

8/9/2012 7:43 AM,http://zolyatrafficworld.com/?q=cash+loans+instant+online+no+faxing+one+hour,Blocked

8/9/2012 7:43 AM,http://zolyatrafficworld.com/?q=cash+loans+instant+online+no+faxing+one+hour,Blocked

8/9/2012 7:43 AM,http://zolyatrafficworld.com/?q=cash+loans+instant+online+no+faxing+one+hour,Blocked

8/9/2012 7:44 AM,http://tags.expo9.exponential.com/tags/BurstMediacom/AudienceSelectUK/tags.js,Blocked

8/9/2012 7:44 AM,http://zolyatrafficworld.com/?q=cash+loans+instant+online+no+faxing+one+hour,Blocked

8/9/2012 7:44 AM,http://zolyatrafficworld.com/?q=cash+loans+instant+online+no+faxing+one+hour,Blocked

8/9/2012 7:44 AM,http://zolyatrafficworld.com/?q=cash+loans+instant+online+no+faxing+one+hour,Blocked

8/9/2012 7:44 AM,http://zolyatrafficworld.com/?q=cash+loans+instant+online+no+faxing+one+hour,Blocked

8/9/2012 7:44 AM,http://zolyatrafficworld.com/?q=cash+loans+instant+online+no+faxing+one+hour,Blocked

8/9/2012 7:45 AM,http://37.220.36.44/x/,Blocked

8/9/2012 7:45 AM,http://zolyatrafficworld.com/?q=cash+loans+instant+online+no+faxing+one+hour,Blocked

8/9/2012 7:45 AM,http://zolyatrafficworld.com/?q=cash+loans+instant+online+no+faxing+one+hour,Blocked

8/9/2012 7:45 AM,http://zolyatrafficworld.com/?q=cash+loans+instant+online+no+faxing+one+hour,Blocked

8/9/2012 7:45 AM,http://zolyatrafficworld.com/?q=cash+loans+instant+online+no+faxing+one+hour,Blocked

8/9/2012 7:45 AM,http://zolyatrafficworld.com/?q=cash+loans+instant+online+no+faxing+one+hour,Blocked

8/9/2012 7:46 AM,http://zolyatrafficworld.com/?q=cash+loans+instant+online+no+faxing+one+hour,Blocked

8/9/2012 7:46 AM,http://zolyatrafficworld.com/?q=cash+loans+instant+online+no+faxing+one+hour,Blocked

8/9/2012 7:46 AM,http://zolyatrafficworld.com/?q=cash+loans+instant+online+no+faxing+one+hour,Blocked

8/9/2012 7:49 AM,http://37.220.36.44/x/,Blocked

8/9/2012 7:51 AM,http://colexity777.com/z/,Blocked

8/9/2012 7:52 AM,http://espeak911.com/x/,Blocked

8/9/2012 7:53 AM,http://37.220.36.44/x/,Blocked

8/9/2012 7:55 AM,http://colexity777.com/z/,Blocked

8/9/2012 7:57 AM,http://espeak911.com/x/,Blocked

8/9/2012 7:58 AM,http://37.220.36.44/x/,Blocked

8/9/2012 8:00 AM,http://colexity777.com/z/,Blocked

8/9/2012 8:01 AM,http://espeak911.com/x/,Blocked

8/9/2012 10:43 AM,http://espeak911.com/x/,Blocked

8/9/2012 10:45 AM,http://colexity777.com/z/,Blocked

8/9/2012 11:31 AM,http://37.220.36.44/x/,Blocked

8/9/2012 11:42 AM,http://37.220.36.44/x/,Blocked

Link to post
Share on other sites

Check the dates on them:

Most of them:

8/8/2012 <---was yesterday

This was today > it found files that were already in quarantine:

8/9/2012 11:40 AM,C:\TDSSKiller_Quarantine\09.08.2012_11.34.29\mbr0000\tdlfs0000\tsk0009.dta,RTKT_TDSS.BSS,Removed

8/9/2012 12:19 PM,C:\TDSSKiller_Quarantine\09.08.2012_12.15.52\tdlfs0000\tsk0009.dta,RTKT_TDSS.BSS,Removed

8/9/2012 12:40 PM,C:\TDSSKiller_Quarantine\09.08.2012_11.34.29\mbr0000\tdlfs0000\tsk0000.dta,TROJ_GEN.RCBC8H7,Removed

8/9/2012 12:40 PM,C:\TDSSKiller_Quarantine\09.08.2012_11.34.29\mbr0000\tdlfs0000\tsk0002.dta,TROJ_OLMARIK.OZ,Removed

8/9/2012 12:40 PM,C:\TDSSKiller_Quarantine\09.08.2012_11.34.29\mbr0000\tdlfs0000\tsk0003.dta,TROJ_OLMARIK.PA,Removed

8/9/2012 12:40 PM,C:\TDSSKiller_Quarantine\09.08.2012_11.34.29\mbr0000\tdlfs0000\tsk0005.dta,TROJ_OLMARIK.ERO,Removed

8/9/2012 12:40 PM,C:\TDSSKiller_Quarantine\09.08.2012_11.34.29\mbr0000\tdlfs0000\tsk0009.dta,TROJ_ALUREON.DRY,Removed

8/9/2012 12:40 PM,C:\TDSSKiller_Quarantine\09.08.2012_12.15.52\tdlfs0000\tsk0000.dta,TROJ_GEN.RCBC8H7,Removed

8/9/2012 12:40 PM,C:\TDSSKiller_Quarantine\09.08.2012_12.15.52\tdlfs0000\tsk0002.dta,TROJ_OLMARIK.OZ,Removed

8/9/2012 12:40 PM,C:\TDSSKiller_Quarantine\09.08.2012_12.15.52\tdlfs0000\tsk0003.dta,TROJ_OLMARIK.PA,Removed

8/9/2012 12:40 PM,C:\TDSSKiller_Quarantine\09.08.2012_12.15.52\tdlfs0000\tsk0005.dta,TROJ_OLMARIK.ERO,Removed

8/9/2012 12:40 PM,C:\TDSSKiller_Quarantine\09.08.2012_12.15.52\tdlfs0000\tsk0009.dta,TROJ_ALUREON.DRY,Removed

---------------------------

Clear out Java cache:

http://www.java.com/...lugin_cache.xml

Reboot and run another scan with RogueKiller and post the log, MrC

Link to post
Share on other sites

RogueKiller V7.6.5 [08/03/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: Molly K [Admin rights]

Mode: Scan -- Date: 08/09/2012 14:45:13

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 4 ¤¤¤

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD5000AACS-00ZUB0 ATA Device +++++

--- User ---

[MBR] 1ccfabf4b4a924bec3fbbd6bd2de7354

[bSP] a04dc3e56052820b06bf7586ce024c78 : Windows 7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476936 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[2].txt >>

RKreport[1].txt ; RKreport[2].txt

Link to post
Share on other sites

Yay! It seems to be running fine.

Do you think I am safe to do any online work with it or should I just back-up and format from here?

What protection software should I be using to prevent this from happening again?

Is there any way of knowing how long i was infected? or where I got it from?

I have to admit I am a little freaked out by all of this.

Link to post
Share on other sites

Do you think I am safe to do any online work with it or should I just back-up and format from here?

I nor anyone else can say 100% that you're clean and safe, but I would say you're OK

Format and reinstall is the only sure way to say you're secure.

What protection software should I be using to prevent this from happening again?

Take a good look at my Preventive Maintenance below

Is there any way of knowing how long i was infected? or where I got it from?

Did you recently install an Adobe Flash Player Update?

It's a fairly new infection so I would within the last 2 weeks.

--------------------------------------

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall)

---------------------------------

Please download OTL from one of the links below: (you may already have OTL on the system)

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

http://www.itxassoci...T-Tools/OTL.exe

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, etc....

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.