Trojan.Dropper.BCMiner, Rootkit.0Access, & Trojan.Agent

[kpz]

Like many other people here, my computer's been infected with the aforementioned viruses, which can be seen in the topic title. I've run the Malwarebytes Anti-Malware program, had it remove the viruses, but they still remain.

Below are the logs needed (1: MbAM, 2: DDS, 3: Attach).

-----------------------------------------------------------------------

8/10/2012 8:46:20 PM

mbam-log-2012-08-10 (20-48-33).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 222671

Time elapsed: 58 second(s)

Memory Processes Detected: 1

C:\Windows\svchost.exe (Trojan.Agent) -> 3236 -> No action taken.

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 4

C:\Windows\Installer\{2137bfcd-29e9-534b-910a-f787603f1930}\U\00000008.@ (Trojan.Dropper.BCMiner) -> No action taken.

C:\Windows\Installer\{2137bfcd-29e9-534b-910a-f787603f1930}\U\000000cb.@ (Rootkit.0Access) -> No action taken.

C:\Windows\Installer\{2137bfcd-29e9-534b-910a-f787603f1930}\U\80000032.@ (Rootkit.0Access) -> No action taken.

C:\Windows\svchost.exe (Trojan.Agent) -> No action taken.

(end)

-----------------------------------------------------------------------

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31

Run by Kevin at 20:45:06 on 2012-08-10

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8191.6053 [GMT -5:00]

.

AV: Norton Internet Security *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k apphost

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

C:\Program Files (x86)\Common Files\Motive\pcCMService.exe

C:\Program Files\Common Files\Motive\pcCMService.exe

C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

C:\Windows\system32\svchost.exe -k iissvcs

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\ATT-SST\pcTrayApp.exe

C:\Windows\System32\rundll32.exe

C:\Program Files (x86)\Common Files\Motive\pcContextHookShim.exe

C:\Windows\SysWOW64\rundll32.exe

C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files (x86)\Razer\DeathAdder\razertra.exe

C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe

C:\Program Files (x86)\Razer\DeathAdder\vdDaemon.exe

C:\Program Files (x86)\iPod\bin\iPodService.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

-netsvcs

c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe

c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\System32\svchost.exe -k WerSvcGroup

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cndt

mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cndt

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cndt

uInternet Settings,ProxyOverride = *.local

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.0.30\coIEPlg.dll

BHO: SteadyVideoBHO Class: {6c680bae-655c-4e3d-8fc4-e6a520c3d928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.0.30\IPSBHO.DLL

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: hpBHO Class: {abd3b5e1-b268-407b-a150-2641dab8d898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.0.30\coIEPlg.dll

TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

uRun: [Google Update] "C:\Users\Kevin\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [sony Creative Software] RUNDLL32.EXE "C:\Users\Kevin\AppData\Local\Sony Creative Software\wytvfypj.dll",InjectDll

mRun: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

LSP: mswsock.dll

Trusted Zone: $talisma_url$

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{3F15B4B8-496F-4121-AD1B-5162465E2AEF} : DhcpNameServer = 192.168.1.254

TCP: Interfaces\{6DE8DF63-D704-47BD-A36D-F889CAC8DBBE} : DhcpNameServer = 192.168.1.1

Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll

Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.0.30\CoIEPlg.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.0.30\coIEPlg.dll

BHO-X64: Symantec NCO BHO - No File

BHO-X64: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll

BHO-X64: AMD SteadyVideo BHO - No File

BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.0.30\IPSBHO.DLL

BHO-X64: Symantec Intrusion Prevention - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: hpBHO Class: {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll

BHO-X64: HelloWorldBHO - No File

BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\16.7.0.30\coIEPlg.dll

TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File

TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

mRun-x64: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\2vir7fcg.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.startup.homepage - hxxp://swagbucks.com/

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&q=

FF - component: C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\2vir7fcg.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\RadioWMPCoreGecko19.dll

FF - component: C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\2vir7fcg.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\RadioWMPCoreGecko5.dll

FF - component: C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\2vir7fcg.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\RadioWMPCoreGecko6.dll

FF - component: C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\2vir7fcg.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}\components\RadioWMPCoreGecko7.dll

FF - component: C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\2vir7fcg.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll

FF - component: C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\2vir7fcg.default\extensions\toolbar@ask.com\chrome\content\AudioService.dll

FF - plugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll

FF - plugin: C:\Program Files (x86)\Common Files\Motive\npMotive.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npijjiFFPlugin1.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\Kevin\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: C:\Users\Kevin\AppData\Roaming\raidcall\plugins\nprcplugin.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll

.

---- FIREFOX POLICIES ----

FF - user.js: general.useragent.extra.brc - BRI/1

.

============= SERVICES / DRIVERS ===============

.

R0 ahcix64s;ahcix64s;C:\Windows\system32\DRIVERS\ahcix64s.sys --> C:\Windows\system32\DRIVERS\ahcix64s.sys [?]

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-8-9 655944]

R2 pcCMService;pcCMService;C:\Program Files (x86)\Common Files\Motive\pcCMService.exe [2012-8-9 361472]

R2 pcCMService64;pcCMService64;C:\Program Files\Common Files\Motive\pcCMService.exe [2012-8-9 441344]

R2 pcServiceHost;pcServiceHost;C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe [2012-8-9 342016]

R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-7-3 2666880]

R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 danewFltr;NewDeathAdder Mouse;C:\Windows\system32\drivers\danew.sys --> C:\Windows\system32\drivers\danew.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]

R3 VKbms;Virtual HID Minidriver;C:\Windows\system32\DRIVERS\VKbms.sys --> C:\Windows\system32\DRIVERS\VKbms.sys [?]

S2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-8-9 250056]

S3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys --> C:\Windows\system32\DRIVERS\LVPr2M64.sys [?]

S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]

S3 LVUVC64;Logitech Webcam Pro 9000(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]

S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

S4 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-4-5 361984]

S4 AMD_RAIDXpert;AMD RAIDXpert;C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2009-3-16 122880]

S4 HPBtnSrv;HP Easy Backup Button Service;C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [2009-9-4 192512]

S4 LVPrcS64;Process Monitor;C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe [2009-10-7 191000]

S4 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-3 113120]

S4 Norton Internet Security;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\16.7.0.30\ccSvcHst.exe [2009-9-4 117640]

.

=============== Created Last 30 ================

.

2012-08-10 14:34:41 20480 ----a-w- C:\Windows\svchost.exe

2012-08-10 01:00:31 -------- d-----w- C:\Users\Kevin\AppData\Roaming\Malwarebytes

2012-08-10 01:00:29 -------- d-----w- C:\ProgramData\Malwarebytes

2012-08-10 01:00:28 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-08-10 01:00:28 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2012-08-10 00:01:49 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-08-10 00:01:49 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-08-09 23:23:02 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%

2012-08-09 20:44:49 -------- d-----w- C:\Program Files\iTunes

2012-08-09 20:44:49 -------- d-----w- C:\Program Files (x86)\iTunes

2012-08-09 16:59:47 -------- d-----w- C:\Program Files\ATT-SST

2012-08-09 16:59:39 -------- d-----w- C:\Program Files (x86)\ATT-SST

2012-08-09 16:41:13 -------- d-----w- C:\Program Files (x86)\Common Files\Motive

2012-08-09 16:41:03 -------- d-----w- C:\Program Files\Common Files\Motive

2012-08-07 22:05:51 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F29922B5-5102-4977-8E03-6CC806D6FB73}\mpengine.dll

2012-08-01 18:42:16 24376 ----a-w- C:\Windows\System32\drivers\cqcpu.sys

2012-08-01 18:42:16 24376 ----a-w- C:\Windows\System32\drivers\cpqdfw.sys

2012-08-01 18:42:00 -------- d---a-w- C:\HPVNEW

2012-07-18 17:28:28 -------- d-----w- C:\Users\Kevin\AppData\Local\Sony Creative Software

2012-07-16 19:22:50 -------- d-----w- C:\Users\Kevin\AppData\Roaming\raidcall

2012-07-12 04:34:17 3148800 ----a-w- C:\Windows\System32\win32k.sys

.

==================== Find3M ====================

.

2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll

2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll

2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll

2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll

2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll

2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-02 20:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-06-02 20:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll

2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys

2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll

2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll

2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

2012-05-31 17:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe

.

============= FINISH: 20:47:32.27 ===============

-----------------------------------------------------------------------

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 11/13/2009 6:10:36 PM

System Uptime: 8/10/2012 5:33:55 PM (3 hours ago)

.

Motherboard: FOXCONN | | ALOE

Processor: AMD Phenom™ II X4 910 Processor | CPU 1 | 2600/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 919 GiB total, 673.8 GiB free.

D: is CDROM ()

F: is Removable

G: is Removable

H: is Removable

I: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}

Description: NAVEX15

Device ID: ROOT\LEGACY_NAVEX15\0000

Manufacturer:

Name: NAVEX15

PNP Device ID: ROOT\LEGACY_NAVEX15\0000

Service: NAVEX15

.

==== System Restore Points ===================

.

RP474: 7/17/2012 8:18:57 AM - Windows Update

RP475: 7/20/2012 8:27:07 AM - Windows Update

RP477: 8/1/2012 12:43:33 PM - Windows Defender Checkpoint

RP478: 8/7/2012 5:04:16 PM - Windows Update

RP480: 8/8/2012 11:59:08 PM - Windows Defender Checkpoint

RP481: 8/9/2012 6:44:55 PM - Removed JChem .NET API 5.4.1.1062

RP482: 8/10/2012 9:30:50 AM - Removed LogMeIn Hamachi

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

Ace of Spades

Acrobat.com

Activate Norton Online Backup

ActiveCheck component for HP Active Support Library

Adobe AIR

Adobe Community Help

Adobe Download Assistant

Adobe Flash Player 11 Plugin

Adobe Media Player

Adobe Reader 9.4.0

Adobe Shockwave Player 11.5

Adobe Story

AMD USB Filter Driver

AMD VISION Engine Control Center

Any Video Converter 2.7.9

Apple Application Support

Apple Software Update

Application Profiles

AT&T Troubleshoot & Resolve Tool

Bandicam

Bandisoft MPEG-1 Decoder

Bing Rewards Client Installer

Camtasia Studio 5

Canon Digital Camera Solution Disk 40-46 Software Starter Guide

CANON iMAGE GATEWAY Task for ZoomBrowser EX

Canon Internet Library for ZoomBrowser EX

Canon MOV Decoder

Canon MOV Encoder

Canon MovieEdit Task for ZoomBrowser EX

Canon Personal Printing Guide

Canon Utilities CameraWindow

Canon Utilities CameraWindow DC

Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX

Canon Utilities MyCamera

Canon Utilities MyCamera DC

Canon Utilities PhotoStitch

Canon Utilities RemoteCapture Task for ZoomBrowser EX

Canon Utilities ZoomBrowser EX

Canon ZoomBrowser EX Memory Card Utility

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

ChemAxon Marvin Beans 5.4.1.1

Compatibility Pack for the 2007 Office system

Counter-Strike: Source

Cross Fire En

CyberLink DVD Suite Deluxe

CyberLink YouCam

D3DX10

DirectX for Managed Code Update (Summer 2004)

Fallout 3 - Game of the Year Edition

Fallout 3 - The Garden of Eden Creation Kit

Fallout Mod Manager 0.12.6

FEARCombat

Fraps (remove only)

GIMP 2.6.11

Google Chrome

Homepage Protection

HP Advisor

HP Customer Experience Enhancements

HP Easy Backup

HP Games

HP MediaSmart Demo

HP MediaSmart DVD

HP MediaSmart Movie Themes

HP MediaSmart Music/Photo/Video

HP Odometer

HP Remote Solution

HP Setup

HP Support Assistant

HP Support Information

HP Update

HPAsset component for HP Active Support Library

HydraVision

iPod for Windows 2006-06-28

Java Auto Updater

Java™ 6 Update 31

LabelPrint

LightScribe System Software

Logitech Vid

Malwarebytes Anti-Malware version 1.62.0.1300

Microsoft Default Manager

Microsoft Games for Windows - LIVE Redistributable

Microsoft Live Search Toolbar

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Works

Microsoft_VC80_ATL_x86

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_ATL_x86

Microsoft_VC90_CRT_x86

Microsoft_VC90_MFC_x86

Microsoft_VC90_MFCLOC_x86

Mozilla Firefox 14.0.1 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSVCRT Redists

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML4 Parser

Mumble 1.2.3

Norton Internet Security

PictureMover

Power2Go

PowerDirector

PowerRecover

PxMergeModule

QuickTime

RaidCall

RAIDXpert

Razer DeathAdder™ Mouse

Realtek High Definition Audio Driver

RollerCoaster Tycoon 2

RollerCoaster Tycoon Deluxe

Safari

Security Update for CAPICOM (KB931906)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition

Skype™ 4.2

Steam™

System Requirements Lab

System Requirements Lab CYRI

Team Fortress 2

TeamViewer 7

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Ventrilo Client

VideoCam Suite

VideoCam Suite 1.0

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Media Player Firefox Plugin

Windows Movie Maker 2.6

WinRAR archiver

Xfire (remove only)

.

==== Event Viewer Messages From Past Week ========

.

8/9/2012 9:59:02 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: The service has not been started.

8/9/2012 4:03:00 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000000000000, 0x0000000000000002, 0x0000000000000000, 0xfffff80002cdc915). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 080912-69264-01.

8/9/2012 3:41:15 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

8/9/2012 11:04:02 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000096, 0xfffff80002cc64aa, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 080912-24741-01.

8/9/2012 10:33:01 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

8/7/2012 5:06:05 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.131.1547.0).

8/10/2012 9:06:34 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

8/10/2012 7:05:44 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891

8/10/2012 7:05:44 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891

8/10/2012 5:35:07 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SRTSP

8/10/2012 5:34:58 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

8/10/2012 5:34:57 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

8/10/2012 5:34:54 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

8/10/2012 5:34:51 PM, Error: Service Control Manager [7000] - The AODDriver4.1 service failed to start due to the following error: The system cannot find the file specified.

8/10/2012 5:34:19 PM, Error: SRTSP [5] - Error loading Symantec real time Anti-Virus driver.

8/10/2012 5:34:19 PM, Error: SRTSP [4] - Error loading virus definitions.

.

==== End Of File ===========================

[MrCharlie]

Welcome to the forum.

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

[kpz]

RogueKiller V7.6.6 [08/10/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User: Kevin [Admin rights]

Mode: Scan -- Date: 08/10/2012 21:24:45

¤¤¤ Bad processes: 1 ¤¤¤

[sVCHOST] svchost.exe -- \\.\globalroot\systemroot\svchost.exe -> KILLED [TermProc]

¤¤¤ Registry Entries: 6 ¤¤¤

[sUSP PATH] HKCU\[...]\Run : Sony Creative Software (RUNDLL32.EXE "C:\Users\Kevin\AppData\Local\Sony Creative Software\wytvfypj.dll",InjectDll) -> FOUND

[sUSP PATH] HKUS\S-1-5-21-3666074475-405161259-3935603811-1001[...]\Run : Sony Creative Software (RUNDLL32.EXE "C:\Users\Kevin\AppData\Local\Sony Creative Software\wytvfypj.dll",InjectDll) -> FOUND

[sUSP PATH] RunAsStdUser Task.job @ : C:\Users\Kevin\AppData\Local\cheerychickenSA\bin\1.0.7.0\CheeryChickenSA.exe -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKCU\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

[ZeroAccess][FILE] @ : c:\windows\installer\{2137bfcd-29e9-534b-910a-f787603f1930}\@ --> FOUND

[ZeroAccess][FOLDER] U : c:\windows\installer\{2137bfcd-29e9-534b-910a-f787603f1930}\U --> FOUND

[ZeroAccess][FOLDER] L : c:\windows\installer\{2137bfcd-29e9-534b-910a-f787603f1930}\L --> FOUND

[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_32\desktop.ini --> FOUND

[ZeroAccess][FILE] Desktop.ini : c:\windows\assembly\gac_64\desktop.ini --> FOUND

[susp.ASLR][ASLR WIPED-OFF] services.exe : c:\windows\system32\services.exe --> FOUND

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess|Root.MBR ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 activate.adobe.com

127.0.0.1 practivate.adobe.com

127.0.0.1 ereg.adobe.com

127.0.0.1 activate.wip3.adobe.com

127.0.0.1 wip3.adobe.com

127.0.0.1 3dns-3.adobe.com

127.0.0.1 3dns-2.adobe.com

127.0.0.1 adobe-dns.adobe.com

127.0.0.1 adobe-dns-2.adobe.com

127.0.0.1 adobe-dns-3.adobe.com

127.0.0.1 ereg.wip3.adobe.com

127.0.0.1 activate-sea.adobe.com

127.0.0.1 wwis-dubc1-vip60.adobe.com

127.0.0.1 activate-sjc0.adobe.com

127.0.0.1 adobe.activate.com

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD10EADS-65M2BX ATA Device +++++

--- User ---

[MBR] 15a751cc298b5602b95153470e61fc20

[bSP] 221cbeb2319437e35aa64d3da59a294e : Windows Vista/7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 941137 Mo

3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1927655424 | Size: 12630 Mo

User = LL1 ... OK!

User != LL2 ... KO!

--- LL2 ---

[MBR] 7ded78816d13e200389e120fd745864f

[bSP] 221cbeb2319437e35aa64d3da59a294e : Windows Vista/7 MBR Code

Partition table:

1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 941137 Mo

Finished : << RKreport[1].txt >>

RKreport[1].txt

[MrCharlie]

Here you go......

Your computer is infected with a nasty rootkit. Please read the following information first.

You're infected with Rootkit.ZeroAccess, a BackDoor Trojan.

BACKDOOR WARNING

------------------------------

One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

http://www.dslreports.com/faq/10451

When Should I Format, How Should I Reinstall

http://www.dslreports.com/faq/10063

I will try my best to clean this machine but I can't guarantee that it will be 100% secure afterwards.

Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.

-----------------------------------------

Please make sure system restore is running and create a new restore point before continuing!

For x32 (x86) bit systems download Farbar Recovery Scan Tool and save it to a flash drive.

For x64 bit systems download Farbar Recovery Scan Tool x64 and save it to a flash drive.

How to tell > 32 or 64 bit

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

• Restart the computer.
  
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  
• Use the arrow keys to select the Repair your computer menu item.
  
• Select US as the keyboard language settings, and then click Next.
  
• Select the operating system you want to repair, and then click Next.
  
• Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

• Insert the installation disc.
  
• Restart your computer.
  
• If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  
• Click Repair your computer.
  
• Select US as the keyboard language settings, and then click Next.
  
• Select the operating system you want to repair, and then click Next.
  
• Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

• • 
    Startup Repair
    System Restore
    Windows Complete PC Restore
    Windows Memory Diagnostic Tool
    Command Prompt

[*]Select Command Prompt

[*]In the command window type in notepad and press Enter.

[*]The notepad opens. Under File menu select Open.

[*]Select "Computer" and find your flash drive letter and close the notepad.

[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

Note: Replace letter e with the drive letter of your flash drive.

[*]The tool will start to run.

[*]When the tool opens click Yes to disclaimer.

[*]Press Scan button.

[*]FRST will let you know when the scan is complete and has written the FRST.txt to file, close out this message, then type the following into the search box:

services.exe

[*]Now press the Search button

[*]When the search is complete, search.txt will also be written to your USB

[*]Type exit and reboot the computer normally

[*]Please copy and paste both logs in your reply.(FRST.txt and Search.txt)

MrC

[kpz]

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

• Restart the computer.
  
• As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  
• Use the arrow keys to select the Repair your computer menu item.
  
• Select US as the keyboard language settings, and then click Next.
  
• Select the operating system you want to repair, and then click Next.
  
• Select your user account an click Next.
  

The section I've quoted is what I'm having trouble with. When I select the "Repair your computer" option, Windows Boot Manager comes up and tells me that I need to 'insert my Windows installation disc and restart my computer.' Since I don't have/can't find the disc, is there any way to get around this issue? If not, then I have two options: 1) find the disc. 2) contact the computer manufacturer, as the Boot Manager tells me, to have a disc sent to me, I'm assuming.

[MrCharlie]

Lets try it this way.........

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

[kpz]

I'm supposed to disable my firewall before running ComboFix, but I keep getting the following message when I click on the button that says, "Use recommended settings," so that I can turn the firewall off:

[MrCharlie]

It's OK to leave it on. MrC

[kpz]

Whenever I run ComboFix, the installation process starts, but about 3/4 of the way through, it causes my computer to crash. I haven't run the program as an administrator, so if you think that might help, I'll go ahead and try that. If, however, that doesn't work either, should I try running it in Safe Mode w/ Networking?

[MrCharlie]

Try this.......

Delete your copy of ComboFix. Grab a fresh copy and save it to your Desktop, but do not run it yet.

Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).

Click Start --> Run, and enter this command exactly as shown: (copy and paste)

"%userprofile%\desktop\combofix.exe" /nombr

See if it will run successfully now. MrC

[kpz]

Unfortunately, my computer still crashes.

[MrCharlie]

Please make sure system restore is running and create a new restore point before continuing.

XP <===> Vista & W7

XP users > please back up the registry using ERUNT.

-----------------------------------------

TDSSKiller can be run in safe mode if needed.

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

------------------------

Click the Start Scan button.

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

[kpz]

20:09:04.0357 5072 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32

20:09:04.0930 5072 ============================================================

20:09:04.0930 5072 Current date / time: 2012/08/12 20:09:04.0930

20:09:04.0930 5072 SystemInfo:

20:09:04.0930 5072

20:09:04.0930 5072 OS Version: 6.1.7601 ServicePack: 1.0

20:09:04.0930 5072 Product type: Workstation

20:09:04.0930 5072 ComputerName: KEVIN-PC

20:09:04.0930 5072 UserName: Kevin

20:09:04.0930 5072 Windows directory: C:\Windows

20:09:04.0930 5072 System windows directory: C:\Windows

20:09:04.0930 5072 Running under WOW64

20:09:04.0930 5072 Processor architecture: Intel x64

20:09:04.0930 5072 Number of processors: 4

20:09:04.0930 5072 Page size: 0x1000

20:09:04.0930 5072 Boot type: Normal boot

20:09:04.0930 5072 ============================================================

20:09:07.0150 5072 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

20:09:07.0170 5072 ============================================================

20:09:07.0170 5072 \Device\Harddisk0\DR0:

20:09:07.0171 5072 MBR partitions:

20:09:07.0171 5072 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

20:09:07.0171 5072 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x72E28800

20:09:07.0171 5072 ============================================================

20:09:07.0224 5072 C: <-> \Device\Harddisk0\DR0\Partition1

20:09:07.0224 5072 ============================================================

20:09:07.0224 5072 Initialize success

20:09:07.0224 5072 ============================================================

20:09:29.0447 4816 ============================================================

20:09:29.0447 4816 Scan started

20:09:29.0447 4816 Mode: Manual; SigCheck; TDLFS;

20:09:29.0447 4816 ============================================================

20:09:32.0061 4816 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

20:09:32.0218 4816 1394ohci - ok

20:09:32.0251 4816 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

20:09:32.0296 4816 ACPI - ok

20:09:32.0330 4816 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

20:09:32.0420 4816 AcpiPmi - ok

20:09:32.0541 4816 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

20:09:32.0585 4816 AdobeFlashPlayerUpdateSvc - ok

20:09:32.0646 4816 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

20:09:32.0695 4816 adp94xx - ok

20:09:32.0728 4816 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

20:09:32.0774 4816 adpahci - ok

20:09:32.0803 4816 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

20:09:32.0835 4816 adpu320 - ok

20:09:32.0862 4816 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

20:09:32.0985 4816 AeLookupSvc - ok

20:09:33.0062 4816 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

20:09:33.0155 4816 AFD - ok

20:09:33.0200 4816 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

20:09:33.0229 4816 agp440 - ok

20:09:33.0269 4816 ahcix64s (3327e85cadb3b65ee36016e35bcc0adc) C:\Windows\system32\DRIVERS\ahcix64s.sys

20:09:33.0331 4816 ahcix64s - ok

20:09:33.0351 4816 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

20:09:33.0402 4816 ALG - ok

20:09:33.0458 4816 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

20:09:33.0531 4816 aliide - ok

20:09:33.0578 4816 AMD External Events Utility (20c8a3e435a47f0408a1ea674afa6194) C:\Windows\system32\atiesrxx.exe

20:09:33.0663 4816 AMD External Events Utility - ok

20:09:33.0768 4816 AMD FUEL Service - ok

20:09:33.0785 4816 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

20:09:33.0850 4816 amdide - ok

20:09:33.0875 4816 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys

20:09:33.0902 4816 amdiox64 - ok

20:09:33.0930 4816 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

20:09:34.0050 4816 AmdK8 - ok

20:09:34.0611 4816 amdkmdag (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys

20:09:34.0924 4816 amdkmdag - ok

20:09:35.0099 4816 amdkmdap (0e57258e5cc4cc7a9a9a877afdf0cec6) C:\Windows\system32\DRIVERS\atikmpag.sys

20:09:35.0164 4816 amdkmdap - ok

20:09:35.0211 4816 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

20:09:35.0269 4816 AmdPPM - ok

20:09:35.0327 4816 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

20:09:35.0390 4816 amdsata - ok

20:09:35.0429 4816 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

20:09:35.0487 4816 amdsbs - ok

20:09:35.0498 4816 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

20:09:35.0527 4816 amdxata - ok

20:09:35.0605 4816 AMD_RAIDXpert (b01289cc07a2e21c4efca722d1efb243) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe

20:09:35.0673 4816 AMD_RAIDXpert ( UnsignedFile.Multi.Generic ) - warning

20:09:35.0673 4816 AMD_RAIDXpert - detected UnsignedFile.Multi.Generic (1)

20:09:35.0782 4816 AODDriver4.01 (5b25d1a753cc3a3edb909bb759ac1098) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys

20:09:35.0827 4816 AODDriver4.01 - ok

20:09:35.0841 4816 AODDriver4.1 (5b25d1a753cc3a3edb909bb759ac1098) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys

20:09:35.0868 4816 AODDriver4.1 - ok

20:09:35.0957 4816 AppHostSvc (59d01fa91962c9c1e9b4022b2d3b46db) C:\Windows\system32\inetsrv\apphostsvc.dll

20:09:36.0031 4816 AppHostSvc - ok

20:09:36.0075 4816 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

20:09:36.0262 4816 AppID - ok

20:09:36.0291 4816 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

20:09:36.0356 4816 AppIDSvc - ok

20:09:36.0411 4816 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

20:09:36.0483 4816 Appinfo - ok

20:09:36.0615 4816 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

20:09:36.0676 4816 Apple Mobile Device - ok

20:09:36.0730 4816 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

20:09:36.0770 4816 arc - ok

20:09:36.0780 4816 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

20:09:36.0809 4816 arcsas - ok

20:09:36.0882 4816 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

20:09:36.0997 4816 AsyncMac - ok

20:09:37.0074 4816 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

20:09:37.0136 4816 atapi - ok

20:09:37.0263 4816 athr (e0fabc10635c670bd7d89fd214a405d7) C:\Windows\system32\DRIVERS\athrx.sys

20:09:37.0356 4816 athr - ok

20:09:37.0477 4816 AtiHdmiService (77c149e6d702737b2e372dee166faef8) C:\Windows\system32\drivers\AtiHdmi.sys

20:09:37.0551 4816 AtiHdmiService - ok

20:09:38.0054 4816 atikmdag (0b45c18b0f3ee996d25baa4e74884b83) C:\Windows\system32\DRIVERS\atikmdag.sys

20:09:38.0185 4816 atikmdag - ok

20:09:38.0322 4816 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys

20:09:38.0373 4816 AtiPcie - ok

20:09:38.0451 4816 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

20:09:38.0590 4816 AudioEndpointBuilder - ok

20:09:38.0596 4816 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

20:09:38.0648 4816 AudioSrv - ok

20:09:38.0714 4816 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

20:09:38.0813 4816 AxInstSV - ok

20:09:38.0889 4816 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

20:09:38.0991 4816 b06bdrv - ok

20:09:39.0048 4816 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

20:09:39.0122 4816 b57nd60a - ok

20:09:39.0164 4816 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

20:09:39.0257 4816 BDESVC - ok

20:09:39.0282 4816 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

20:09:39.0364 4816 Beep - ok

20:09:39.0470 4816 bgsvcgen (acc9c8c560c567fad6f79c977ab2ea09) C:\Windows\SysWOW64\bgsvcgen.exe

20:09:39.0531 4816 bgsvcgen - ok

20:09:39.0579 4816 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

20:09:39.0651 4816 blbdrive - ok

20:09:39.0763 4816 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe

20:09:39.0835 4816 Bonjour Service - ok

20:09:39.0891 4816 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

20:09:39.0955 4816 bowser - ok

20:09:39.0973 4816 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

20:09:40.0070 4816 BrFiltLo - ok

20:09:40.0092 4816 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

20:09:40.0147 4816 BrFiltUp - ok

20:09:40.0203 4816 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

20:09:40.0290 4816 Browser - ok

20:09:40.0335 4816 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

20:09:40.0395 4816 Brserid - ok

20:09:40.0424 4816 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

20:09:40.0470 4816 BrSerWdm - ok

20:09:40.0492 4816 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

20:09:40.0541 4816 BrUsbMdm - ok

20:09:40.0562 4816 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

20:09:40.0599 4816 BrUsbSer - ok

20:09:40.0619 4816 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

20:09:40.0668 4816 BTHMODEM - ok

20:09:40.0709 4816 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

20:09:40.0763 4816 bthserv - ok

20:09:40.0798 4816 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

20:09:40.0892 4816 cdfs - ok

20:09:40.0947 4816 cdrbsdrv (9edd76d0800a022ae10b9243d0224e72) C:\Windows\system32\drivers\cdrbsdrv.sys

20:09:40.0973 4816 cdrbsdrv - ok

20:09:41.0031 4816 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

20:09:41.0074 4816 cdrom - ok

20:09:41.0129 4816 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

20:09:41.0219 4816 CertPropSvc - ok

20:09:41.0267 4816 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

20:09:41.0298 4816 circlass - ok

20:09:41.0349 4816 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

20:09:41.0409 4816 CLFS - ok

20:09:41.0478 4816 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

20:09:41.0506 4816 clr_optimization_v2.0.50727_32 - ok

20:09:41.0585 4816 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

20:09:41.0642 4816 clr_optimization_v2.0.50727_64 - ok

20:09:41.0751 4816 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

20:09:41.0811 4816 clr_optimization_v4.0.30319_32 - ok

20:09:41.0875 4816 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

20:09:41.0926 4816 clr_optimization_v4.0.30319_64 - ok

20:09:41.0958 4816 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

20:09:42.0006 4816 CmBatt - ok

20:09:42.0035 4816 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

20:09:42.0064 4816 cmdide - ok

20:09:42.0141 4816 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys

20:09:42.0185 4816 CNG - ok

20:09:42.0202 4816 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

20:09:42.0231 4816 Compbatt - ok

20:09:42.0293 4816 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

20:09:42.0367 4816 CompositeBus - ok

20:09:42.0387 4816 COMSysApp - ok

20:09:42.0447 4816 CpqDfw (a398ed024f739e7be74ecffa8a713a89) C:\Windows\system32\drivers\CpqDfw.sys

20:09:42.0501 4816 CpqDfw - ok

20:09:42.0529 4816 cqcpu (10fb0ff62af6262bf88e3607e2ae2a69) C:\Windows\system32\drivers\cqcpu.sys

20:09:42.0566 4816 cqcpu - ok

20:09:42.0593 4816 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

20:09:42.0621 4816 crcdisk - ok

20:09:42.0673 4816 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll

20:09:42.0751 4816 CryptSvc - ok

20:09:42.0805 4816 danewFltr (003626f7ca17c204f16cd5047af0703a) C:\Windows\system32\drivers\danew.sys

20:09:42.0873 4816 danewFltr - ok

20:09:42.0937 4816 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

20:09:43.0028 4816 DcomLaunch - ok

20:09:43.0095 4816 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

20:09:43.0184 4816 defragsvc - ok

20:09:43.0244 4816 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

20:09:43.0334 4816 DfsC - ok

20:09:43.0401 4816 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

20:09:43.0500 4816 Dhcp - ok

20:09:43.0530 4816 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

20:09:43.0578 4816 discache - ok

20:09:43.0633 4816 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

20:09:43.0693 4816 Disk - ok

20:09:43.0730 4816 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

20:09:43.0787 4816 Dnscache - ok

20:09:43.0825 4816 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

20:09:43.0904 4816 dot3svc - ok

20:09:43.0950 4816 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

20:09:44.0054 4816 DPS - ok

20:09:44.0090 4816 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

20:09:44.0142 4816 drmkaud - ok

20:09:44.0213 4816 dump_wmimmc - ok

20:09:44.0323 4816 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

20:09:44.0383 4816 DXGKrnl - ok

20:09:44.0414 4816 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

20:09:44.0479 4816 EapHost - ok

20:09:44.0659 4816 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

20:09:44.0776 4816 ebdrv - ok

20:09:44.0889 4816 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

20:09:44.0990 4816 EFS - ok

20:09:45.0085 4816 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

20:09:45.0170 4816 ehRecvr - ok

20:09:45.0192 4816 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

20:09:45.0266 4816 ehSched - ok

20:09:45.0358 4816 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

20:09:45.0399 4816 elxstor - ok

20:09:45.0429 4816 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

20:09:45.0475 4816 ErrDev - ok

20:09:45.0531 4816 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

20:09:45.0598 4816 EventSystem - ok

20:09:45.0642 4816 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

20:09:45.0692 4816 exfat - ok

20:09:45.0715 4816 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

20:09:45.0782 4816 fastfat - ok

20:09:45.0862 4816 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

20:09:45.0977 4816 Fax - ok

20:09:46.0002 4816 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

20:09:46.0088 4816 fdc - ok

20:09:46.0121 4816 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

20:09:46.0190 4816 fdPHost - ok

20:09:46.0206 4816 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

20:09:46.0265 4816 FDResPub - ok

20:09:46.0285 4816 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

20:09:46.0314 4816 FileInfo - ok

20:09:46.0337 4816 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

20:09:46.0396 4816 Filetrace - ok

20:09:46.0412 4816 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

20:09:46.0441 4816 flpydisk - ok

20:09:46.0489 4816 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

20:09:46.0522 4816 FltMgr - ok

20:09:46.0610 4816 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

20:09:46.0689 4816 FontCache - ok

20:09:46.0783 4816 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

20:09:46.0840 4816 FontCache3.0.0.0 - ok

20:09:46.0873 4816 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

20:09:46.0902 4816 FsDepends - ok

20:09:46.0944 4816 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys

20:09:46.0973 4816 Fs_Rec - ok

20:09:47.0022 4816 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

20:09:47.0087 4816 fvevol - ok

20:09:47.0114 4816 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

20:09:47.0143 4816 gagp30kx - ok

20:09:47.0289 4816 GameConsoleService (c44d560e441f091ea3b72f778ec60de2) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe

20:09:47.0393 4816 GameConsoleService - ok

20:09:47.0434 4816 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

20:09:47.0497 4816 GEARAspiWDM - ok

20:09:47.0564 4816 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

20:09:47.0639 4816 gpsvc - ok

20:09:47.0700 4816 hamachi (1e6438d4ea6e1174a3b3b1edc4de660b) C:\Windows\system32\DRIVERS\hamachi.sys

20:09:47.0735 4816 hamachi - ok

20:09:47.0749 4816 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

20:09:47.0818 4816 hcw85cir - ok

20:09:47.0876 4816 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

20:09:47.0948 4816 HDAudBus - ok

20:09:47.0971 4816 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

20:09:48.0000 4816 HidBatt - ok

20:09:48.0030 4816 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

20:09:48.0081 4816 HidBth - ok

20:09:48.0096 4816 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

20:09:48.0127 4816 HidIr - ok

20:09:48.0149 4816 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll

20:09:48.0207 4816 hidserv - ok

20:09:48.0231 4816 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

20:09:48.0260 4816 HidUsb - ok

20:09:48.0310 4816 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

20:09:48.0433 4816 hkmsvc - ok

20:09:48.0477 4816 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

20:09:48.0514 4816 HomeGroupListener - ok

20:09:48.0558 4816 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

20:09:48.0597 4816 HomeGroupProvider - ok

20:09:48.0693 4816 HP Health Check Service (0141816a095a3f5a83ffa5b4a47b8023) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

20:09:48.0752 4816 HP Health Check Service ( UnsignedFile.Multi.Generic ) - warning

20:09:48.0752 4816 HP Health Check Service - detected UnsignedFile.Multi.Generic (1)

20:09:48.0785 4816 HPBtnSrv (deab3bf5aefbdc3f9ac0e020926ec81d) C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe

20:09:48.0830 4816 HPBtnSrv ( UnsignedFile.Multi.Generic ) - warning

20:09:48.0830 4816 HPBtnSrv - detected UnsignedFile.Multi.Generic (1)

20:09:48.0896 4816 hpqwmiex (fdf273a845f1ffcceadf363aaf47582f) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

20:09:48.0953 4816 hpqwmiex - ok

20:09:49.0007 4816 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

20:09:49.0077 4816 HpSAMD - ok

20:09:49.0169 4816 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

20:09:49.0293 4816 HTTP - ok

20:09:49.0340 4816 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

20:09:49.0402 4816 hwpolicy - ok

20:09:49.0451 4816 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

20:09:49.0511 4816 i8042prt - ok

20:09:49.0543 4816 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

20:09:49.0578 4816 iaStorV - ok

20:09:49.0661 4816 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

20:09:49.0731 4816 IDriverT ( UnsignedFile.Multi.Generic ) - warning

20:09:49.0731 4816 IDriverT - detected UnsignedFile.Multi.Generic (1)

20:09:49.0869 4816 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

20:09:49.0941 4816 idsvc - ok

20:09:50.0026 4816 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

20:09:50.0083 4816 iirsp - ok

20:09:50.0181 4816 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

20:09:50.0273 4816 IKEEXT - ok

20:09:50.0369 4816 IntcAzAudAddService (31c32bc56d85d109ebb0c526be5caca7) C:\Windows\system32\drivers\RTKVHD64.sys

20:09:50.0418 4816 IntcAzAudAddService - ok

20:09:50.0546 4816 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

20:09:50.0602 4816 intelide - ok

20:09:50.0628 4816 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

20:09:50.0671 4816 intelppm - ok

20:09:50.0716 4816 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

20:09:50.0777 4816 IPBusEnum - ok

20:09:50.0818 4816 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

20:09:50.0881 4816 IpFilterDriver - ok

20:09:50.0918 4816 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

20:09:50.0958 4816 IPMIDRV - ok

20:09:51.0017 4816 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

20:09:51.0111 4816 IPNAT - ok

20:09:51.0246 4816 iPod Service (a9ab99ee7d39725eafec82732d2b3271) C:\Program Files (x86)\iPod\bin\iPodService.exe

20:09:51.0319 4816 iPod Service - ok

20:09:51.0348 4816 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

20:09:51.0420 4816 IRENUM - ok

20:09:51.0458 4816 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

20:09:51.0487 4816 isapnp - ok

20:09:51.0520 4816 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

20:09:51.0553 4816 iScsiPrt - ok

20:09:51.0606 4816 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

20:09:51.0657 4816 kbdclass - ok

20:09:51.0704 4816 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys

20:09:51.0770 4816 kbdhid - ok

20:09:51.0800 4816 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

20:09:51.0828 4816 KeyIso - ok

20:09:51.0871 4816 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys

20:09:51.0901 4816 KSecDD - ok

20:09:51.0951 4816 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys

20:09:52.0013 4816 KSecPkg - ok

20:09:52.0033 4816 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

20:09:52.0089 4816 ksthunk - ok

20:09:52.0141 4816 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

20:09:52.0233 4816 KtmRm - ok

20:09:52.0297 4816 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll

20:09:52.0392 4816 LanmanServer - ok

20:09:52.0578 4816 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

20:09:52.0688 4816 LanmanWorkstation - ok

20:09:52.0752 4816 LightScribeService (108333981c841eb0ff198aa5dfcf3d3b) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

20:09:52.0807 4816 LightScribeService ( UnsignedFile.Multi.Generic ) - warning

20:09:52.0807 4816 LightScribeService - detected UnsignedFile.Multi.Generic (1)

20:09:52.0830 4816 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

20:09:52.0892 4816 lltdio - ok

20:09:52.0950 4816 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

20:09:53.0033 4816 lltdsvc - ok

20:09:53.0052 4816 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

20:09:53.0100 4816 lmhosts - ok

20:09:53.0134 4816 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

20:09:53.0164 4816 LSI_FC - ok

20:09:53.0190 4816 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

20:09:53.0219 4816 LSI_SAS - ok

20:09:53.0238 4816 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

20:09:53.0267 4816 LSI_SAS2 - ok

20:09:53.0288 4816 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

20:09:53.0317 4816 LSI_SCSI - ok

20:09:53.0348 4816 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

20:09:53.0409 4816 luafv - ok

20:09:53.0476 4816 LVPr2M64 (ded333dbdbbcc3555a6e6244522e2f1a) C:\Windows\system32\DRIVERS\LVPr2M64.sys

20:09:53.0524 4816 LVPr2M64 - ok

20:09:53.0555 4816 LVPr2Mon (ded333dbdbbcc3555a6e6244522e2f1a) C:\Windows\system32\DRIVERS\LVPr2M64.sys

20:09:53.0581 4816 LVPr2Mon - ok

20:09:53.0660 4816 LVPrcS64 (a35679e56e78091e1042a2d7adbf2958) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe

20:09:53.0708 4816 LVPrcS64 - ok

20:09:53.0746 4816 LVRS64 (986c1cb787a007baa5f74e7d316d7246) C:\Windows\system32\DRIVERS\lvrs64.sys

20:09:53.0778 4816 LVRS64 - ok

20:09:54.0051 4816 LVUVC64 (5747bc465abea2858c5d037252aed84e) C:\Windows\system32\DRIVERS\lvuvc64.sys

20:09:54.0234 4816 LVUVC64 - ok

20:09:54.0414 4816 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys

20:09:54.0467 4816 MBAMProtector - ok

20:09:54.0623 4816 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

20:09:54.0719 4816 MBAMService - ok

20:09:54.0750 4816 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

20:09:54.0798 4816 Mcx2Svc - ok

20:09:54.0824 4816 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

20:09:54.0852 4816 megasas - ok

20:09:54.0887 4816 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

20:09:54.0920 4816 MegaSR - ok

20:09:55.0195 4816 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe

20:09:55.0260 4816 Microsoft Office Groove Audit Service - ok

20:09:55.0399 4816 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

20:09:55.0495 4816 MMCSS - ok

20:09:55.0590 4816 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

20:09:55.0685 4816 Modem - ok

20:09:55.0796 4816 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

20:09:55.0881 4816 monitor - ok

20:09:56.0007 4816 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

20:09:56.0070 4816 mouclass - ok

20:09:56.0152 4816 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

20:09:56.0222 4816 mouhid - ok

20:09:56.0344 4816 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

20:09:56.0427 4816 mountmgr - ok

20:09:56.0708 4816 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

20:09:56.0773 4816 MozillaMaintenance - ok

20:09:56.0916 4816 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

20:09:56.0984 4816 mpio - ok

20:09:57.0123 4816 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

20:09:57.0206 4816 mpsdrv - ok

20:09:57.0423 4816 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS

20:09:57.0502 4816 MREMP50 ( UnsignedFile.Multi.Generic ) - warning

20:09:57.0502 4816 MREMP50 - detected UnsignedFile.Multi.Generic (1)

20:09:57.0841 4816 MREMP50a64 (c2758df79c83a0d12a5599a040ca1818) C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS

20:09:57.0893 4816 MREMP50a64 - ok

20:09:57.0956 4816 MREMPR5 - ok

20:09:57.0974 4816 MRENDIS5 - ok

20:09:58.0072 4816 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS

20:09:58.0130 4816 MRESP50 ( UnsignedFile.Multi.Generic ) - warning

20:09:58.0130 4816 MRESP50 - detected UnsignedFile.Multi.Generic (1)

20:09:58.0237 4816 MRESP50a64 (38bd5b32e0722752be8465d2a6da43d9) C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS

20:09:58.0291 4816 MRESP50a64 - ok

20:09:58.0457 4816 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

20:09:58.0559 4816 MRxDAV - ok

20:09:58.0832 4816 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

20:09:58.0970 4816 mrxsmb - ok

20:09:59.0477 4816 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

20:09:59.0590 4816 mrxsmb10 - ok

20:09:59.0698 4816 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

20:09:59.0743 4816 mrxsmb20 - ok

20:09:59.0807 4816 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

20:09:59.0844 4816 msahci - ok

20:09:59.0927 4816 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

20:09:59.0992 4816 msdsm - ok

20:10:00.0126 4816 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

20:10:00.0227 4816 MSDTC - ok

20:10:00.0314 4816 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

20:10:00.0411 4816 Msfs - ok

20:10:00.0439 4816 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

20:10:00.0549 4816 mshidkmdf - ok

20:10:00.0591 4816 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

20:10:00.0620 4816 msisadrv - ok

20:10:00.0823 4816 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

20:10:00.0916 4816 MSiSCSI - ok

20:10:00.0918 4816 msiserver - ok

20:10:00.0999 4816 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

20:10:01.0107 4816 MSKSSRV - ok

20:10:01.0155 4816 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

20:10:01.0243 4816 MSPCLOCK - ok

20:10:01.0270 4816 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

20:10:01.0336 4816 MSPQM - ok

20:10:01.0748 4816 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

20:10:01.0817 4816 MsRPC - ok

20:10:01.0873 4816 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

20:10:01.0932 4816 mssmbios - ok

20:10:01.0993 4816 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

20:10:02.0097 4816 MSTEE - ok

20:10:02.0146 4816 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

20:10:02.0214 4816 MTConfig - ok

20:10:02.0333 4816 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

20:10:02.0389 4816 Mup - ok

20:10:02.0990 4816 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

20:10:03.0115 4816 napagent - ok

20:10:03.0514 4816 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

20:10:03.0635 4816 NativeWifiP - ok

20:10:03.0931 4816 NAVENG - ok

20:10:03.0940 4816 NAVEX15 - ok

20:10:05.0170 4816 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

20:10:05.0269 4816 NDIS - ok

20:10:05.0396 4816 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

20:10:05.0504 4816 NdisCap - ok

20:10:05.0569 4816 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

20:10:05.0652 4816 NdisTapi - ok

20:10:05.0777 4816 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

20:10:05.0879 4816 Ndisuio - ok

20:10:06.0115 4816 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

20:10:06.0190 4816 NdisWan - ok

20:10:06.0304 4816 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

20:10:06.0379 4816 NDProxy - ok

20:10:06.0485 4816 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

20:10:06.0600 4816 NetBIOS - ok

20:10:06.0895 4816 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

20:10:06.0963 4816 NetBT - ok

20:10:07.0039 4816 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

20:10:07.0116 4816 Netlogon - ok

20:10:07.0455 4816 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

20:10:07.0577 4816 Netman - ok

20:10:07.0822 4816 NetMsmqActivator (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

20:10:07.0897 4816 NetMsmqActivator - ok

20:10:07.0900 4816 NetPipeActivator (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

20:10:07.0928 4816 NetPipeActivator - ok

20:10:08.0513 4816 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

20:10:08.0635 4816 netprofm - ok

20:10:08.0650 4816 NetTcpActivator (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

20:10:08.0677 4816 NetTcpActivator - ok

20:10:08.0680 4816 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

20:10:08.0708 4816 NetTcpPortSharing - ok

20:10:08.0840 4816 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

20:10:08.0909 4816 nfrd960 - ok

20:10:09.0155 4816 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

20:10:09.0265 4816 NlaSvc - ok

20:10:09.0508 4816 Norton Internet Security (ee215321e83be72ab77b6627fd149eae) C:\Program Files (x86)\Norton Internet Security\Engine\16.7.0.30\ccSvcHst.exe

20:10:09.0610 4816 Norton Internet Security - ok

20:10:09.0678 4816 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

20:10:09.0764 4816 Npfs - ok

20:10:09.0932 4816 npggsvc - ok

20:10:10.0008 4816 NPPTNT2 - ok

20:10:10.0080 4816 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

20:10:10.0183 4816 nsi - ok

20:10:10.0229 4816 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

20:10:10.0324 4816 nsiproxy - ok

20:10:11.0948 4816 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

20:10:12.0061 4816 Ntfs - ok

20:10:12.0959 4816 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

20:10:13.0071 4816 Null - ok

20:10:13.0246 4816 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

20:10:13.0313 4816 nvraid - ok

20:10:13.0487 4816 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

20:10:13.0554 4816 nvstor - ok

20:10:13.0659 4816 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

20:10:13.0716 4816 nv_agp - ok

20:10:14.0119 4816 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE

20:10:14.0186 4816 odserv - ok

20:10:14.0267 4816 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

20:10:14.0348 4816 ohci1394 - ok

20:10:14.0857 4816 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

20:10:14.0921 4816 ose - ok

20:10:15.0425 4816 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

20:10:15.0580 4816 p2pimsvc - ok

20:10:16.0075 4816 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

20:10:16.0137 4816 p2psvc - ok

20:10:16.0263 4816 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

20:10:16.0317 4816 Parport - ok

20:10:17.0517 4816 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys

20:10:17.0662 4816 partmgr - ok

20:10:21.0150 4816 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

20:10:21.0362 4816 PcaSvc - ok

20:10:24.0891 4816 pcCMService (bae04007a679893e975a2b75e9e001e9) C:\Program Files (x86)\Common Files\Motive\pcCMService.exe

20:10:25.0048 4816 pcCMService ( UnsignedFile.Multi.Generic ) - warning

20:10:25.0048 4816 pcCMService - detected UnsignedFile.Multi.Generic (1)

20:10:30.0844 4816 pcCMService64 (3bea1d461531d1d26f5695bb9ca97a18) C:\Program Files\Common Files\Motive\pcCMService.exe

20:10:31.0096 4816 pcCMService64 ( UnsignedFile.Multi.Generic ) - warning

20:10:31.0096 4816 pcCMService64 - detected UnsignedFile.Multi.Generic (1)

20:10:32.0585 4816 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

20:10:32.0651 4816 pci - ok

20:10:32.0813 4816 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

20:10:32.0858 4816 pciide - ok

20:10:33.0186 4816 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

20:10:33.0244 4816 pcmcia - ok

20:10:33.0437 4816 pcServiceHost (a792405e6c84c3debc02b1cf29a928f0) C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe

20:10:33.0542 4816 pcServiceHost ( UnsignedFile.Multi.Generic ) - warning

20:10:33.0543 4816 pcServiceHost - detected UnsignedFile.Multi.Generic (1)

20:10:33.0636 4816 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

20:10:33.0687 4816 pcw - ok

20:10:34.0027 4816 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

20:10:34.0128 4816 PEAUTH - ok

20:10:34.0648 4816 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

20:10:34.0695 4816 PerfHost - ok

20:10:35.0227 4816 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

20:10:35.0310 4816 pla - ok

20:10:35.0368 4816 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

20:10:35.0427 4816 PlugPlay - ok

20:10:35.0449 4816 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

20:10:35.0493 4816 PNRPAutoReg - ok

20:10:35.0509 4816 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

20:10:35.0540 4816 PNRPsvc - ok

20:10:35.0591 4816 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

20:10:35.0673 4816 PolicyAgent - ok

20:10:35.0708 4816 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

20:10:35.0773 4816 Power - ok

20:10:35.0834 4816 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

20:10:35.0896 4816 PptpMiniport - ok

20:10:35.0919 4816 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

20:10:35.0960 4816 Processor - ok

20:10:35.0998 4816 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll

20:10:36.0051 4816 ProfSvc - ok

20:10:36.0077 4816 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

20:10:36.0105 4816 ProtectedStorage - ok

20:10:36.0163 4816 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

20:10:36.0222 4816 Psched - ok

20:10:36.0306 4816 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys

20:10:36.0333 4816 PxHlpa64 - ok

20:10:36.0491 4816 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

20:10:36.0560 4816 ql2300 - ok

20:10:36.0672 4816 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

20:10:36.0703 4816 ql40xx - ok

20:10:36.0762 4816 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

20:10:36.0797 4816 QWAVE - ok

20:10:36.0838 4816 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

20:10:36.0882 4816 QWAVEdrv - ok

20:10:36.0894 4816 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

20:10:36.0950 4816 RasAcd - ok

20:10:37.0016 4816 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

20:10:37.0063 4816 RasAgileVpn - ok

20:10:37.0092 4816 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

20:10:37.0155 4816 RasAuto - ok

20:10:37.0206 4816 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

20:10:37.0253 4816 Rasl2tp - ok

20:10:37.0301 4816 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

20:10:37.0353 4816 RasMan - ok

20:10:37.0370 4816 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

20:10:37.0422 4816 RasPppoe - ok

20:10:37.0448 4816 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

20:10:37.0515 4816 RasSstp - ok

20:10:37.0561 4816 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

20:10:37.0611 4816 rdbss - ok

20:10:37.0630 4816 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

20:10:37.0674 4816 rdpbus - ok

20:10:37.0687 4816 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

20:10:37.0749 4816 RDPCDD - ok

20:10:37.0802 4816 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

20:10:37.0849 4816 RDPENCDD - ok

20:10:37.0856 4816 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

20:10:37.0903 4816 RDPREFMP - ok

20:10:37.0945 4816 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys

20:10:38.0002 4816 RDPWD - ok

20:10:38.0053 4816 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

20:10:38.0085 4816 rdyboost - ok

20:10:38.0121 4816 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

20:10:38.0189 4816 RemoteAccess - ok

20:10:38.0244 4816 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

20:10:38.0304 4816 RemoteRegistry - ok

20:10:38.0317 4816 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

20:10:38.0376 4816 RpcEptMapper - ok

20:10:38.0452 4816 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

20:10:38.0521 4816 RpcLocator - ok

20:10:38.0582 4816 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

20:10:38.0679 4816 RpcSs - ok

20:10:38.0759 4816 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

20:10:38.0894 4816 rspndr - ok

20:10:38.0951 4816 RTL8167 (91296f0b2653281b2f11e0fce56aa427) C:\Windows\system32\DRIVERS\Rt64win7.sys

20:10:39.0012 4816 RTL8167 - ok

20:10:39.0043 4816 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

20:10:39.0072 4816 SamSs - ok

20:10:39.0111 4816 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

20:10:39.0141 4816 sbp2port - ok

20:10:39.0157 4816 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

20:10:39.0208 4816 SCardSvr - ok

20:10:39.0248 4816 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

20:10:39.0313 4816 scfilter - ok

20:10:39.0471 4816 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

20:10:39.0555 4816 Schedule - ok

20:10:39.0594 4816 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

20:10:39.0654 4816 SCPolicySvc - ok

20:10:39.0700 4816 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

20:10:39.0743 4816 SDRSVC - ok

20:10:39.0780 4816 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

20:10:39.0886 4816 seclogon - ok

20:10:39.0900 4816 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll

20:10:39.0949 4816 SENS - ok

20:10:39.0961 4816 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

20:10:40.0014 4816 SensrSvc - ok

20:10:40.0056 4816 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

20:10:40.0104 4816 Serenum - ok

20:10:40.0134 4816 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

20:10:40.0164 4816 Serial - ok

20:10:40.0196 4816 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

20:10:40.0243 4816 sermouse - ok

20:10:40.0295 4816 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

20:10:40.0387 4816 SessionEnv - ok

20:10:40.0424 4816 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

20:10:40.0464 4816 sffdisk - ok

20:10:40.0482 4816 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

20:10:40.0513 4816 sffp_mmc - ok

20:10:40.0546 4816 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

20:10:40.0618 4816 sffp_sd - ok

20:10:40.0634 4816 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

20:10:40.0663 4816 sfloppy - ok

20:10:40.0731 4816 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

20:10:40.0784 4816 ShellHWDetection - ok

20:10:40.0814 4816 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

20:10:40.0843 4816 SiSRaid2 - ok

20:10:40.0880 4816 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

20:10:40.0910 4816 SiSRaid4 - ok

20:10:40.0934 4816 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

20:10:40.0996 4816 Smb - ok

20:10:41.0027 4816 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

20:10:41.0071 4816 SNMPTRAP - ok

20:10:41.0091 4816 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

20:10:41.0119 4816 spldr - ok

20:10:41.0179 4816 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

20:10:41.0256 4816 Spooler - ok

20:10:41.0434 4816 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

20:10:41.0553 4816 sppsvc - ok

20:10:41.0652 4816 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

20:10:41.0712 4816 sppuinotify - ok

20:10:41.0796 4816 SRTSP (9e399476e5d5e0d3c8822c857a7e9a9a) C:\Windows\system32\drivers\NISx64\1007000.01E\SRTSP64.SYS

20:10:41.0830 4816 SRTSP - ok

20:10:41.0847 4816 SRTSPX (3d7717b582f0365e75071556936e5a6b) C:\Windows\system32\drivers\NISx64\1007000.01E\SRTSPX64.SYS

20:10:41.0885 4816 SRTSPX - ok

20:10:41.0932 4816 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

20:10:42.0009 4816 srv - ok

20:10:42.0041 4816 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

20:10:42.0077 4816 srv2 - ok

20:10:42.0093 4816 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

20:10:42.0134 4816 srvnet - ok

20:10:42.0166 4816 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

20:10:42.0227 4816 SSDPSRV - ok

20:10:42.0249 4816 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

20:10:42.0299 4816 SstpSvc - ok

20:10:42.0390 4816 Steam Client Service - ok

20:10:42.0434 4816 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

20:10:42.0473 4816 stexstor - ok

20:10:42.0551 4816 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

20:10:42.0687 4816 stisvc - ok

20:10:42.0737 4816 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

20:10:42.0783 4816 swenum - ok

20:10:42.0886 4816 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

20:10:43.0057 4816 swprv - ok

20:10:43.0201 4816 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

20:10:43.0311 4816 SysMain - ok

20:10:43.0439 4816 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

20:10:43.0474 4816 TabletInputService - ok

20:10:43.0529 4816 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

20:10:43.0590 4816 TapiSrv - ok

20:10:43.0625 4816 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

20:10:43.0674 4816 TBS - ok

20:10:43.0812 4816 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys

20:10:43.0879 4816 Tcpip - ok

20:10:43.0997 4816 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys

20:10:44.0050 4816 TCPIP6 - ok

20:10:44.0106 4816 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

20:10:44.0171 4816 tcpipreg - ok

20:10:44.0196 4816 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

20:10:44.0251 4816 TDPIPE - ok

20:10:44.0293 4816 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

20:10:44.0332 4816 TDTCP - ok

20:10:44.0367 4816 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

20:10:44.0415 4816 tdx - ok

20:10:44.0988 4816 TeamViewer7 (a4d2ce94b028ef1e437cf4ac3d8ff26c) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

20:10:45.0047 4816 TeamViewer7 - ok

20:10:45.0362 4816 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

20:10:45.0422 4816 TermDD - ok

20:10:45.0554 4816 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

20:10:45.0651 4816 TermService - ok

20:10:45.0674 4816 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

20:10:45.0724 4816 Themes - ok

20:10:45.0924 4816 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

20:10:46.0003 4816 THREADORDER - ok

20:10:46.0263 4816 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

20:10:46.0377 4816 TrkWks - ok

20:10:46.0518 4816 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

20:10:46.0595 4816 TrustedInstaller - ok

20:10:46.0887 4816 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

20:10:47.0082 4816 tssecsrv - ok

20:10:47.0916 4816 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

20:10:48.0027 4816 TsUsbFlt - ok

20:10:50.0015 4816 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

20:10:50.0177 4816 tunnel - ok

20:10:50.0762 4816 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

20:10:50.0800 4816 uagp35 - ok

20:10:52.0796 4816 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

20:10:52.0924 4816 udfs - ok

20:10:53.0006 4816 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

20:10:53.0038 4816 UI0Detect - ok

20:10:53.0258 4816 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

20:10:53.0302 4816 uliagpkx - ok

20:10:53.0435 4816 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys

20:10:53.0486 4816 umbus - ok

20:10:53.0590 4816 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

20:10:53.0623 4816 UmPass - ok

20:10:53.0764 4816 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

20:10:53.0871 4816 upnphost - ok

20:10:53.0953 4816 USBAAPL64 (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys

20:10:53.0973 4816 USBAAPL64 - ok

20:10:54.0057 4816 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys

20:10:54.0082 4816 usbaudio - ok

20:10:54.0101 4816 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

20:10:54.0140 4816 usbccgp - ok

20:10:54.0236 4816 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

20:10:54.0274 4816 usbcir - ok

20:10:54.0297 4816 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys

20:10:54.0307 4816 usbehci - ok

20:10:54.0336 4816 usbfilter (6648c6d7323a2ce0c4776c36cefbcb14) C:\Windows\system32\DRIVERS\usbfilter.sys

20:10:54.0345 4816 usbfilter - ok

20:10:54.0523 4816 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

20:10:54.0572 4816 usbhub - ok

20:10:54.0603 4816 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys

20:10:54.0642 4816 usbohci - ok

20:10:54.0670 4816 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

20:10:54.0699 4816 usbprint - ok

20:10:54.0740 4816 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

20:10:54.0788 4816 usbscan - ok

20:10:54.0854 4816 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

20:10:54.0903 4816 USBSTOR - ok

20:10:54.0920 4816 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

20:10:54.0954 4816 usbuhci - ok

20:10:55.0002 4816 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

20:10:55.0042 4816 UxSms - ok

20:10:55.0099 4816 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

20:10:55.0124 4816 VaultSvc - ok

20:10:55.0175 4816 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

20:10:55.0186 4816 vdrvroot - ok

20:10:55.0263 4816 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

20:10:55.0321 4816 vds - ok

20:10:55.0357 4816 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

20:10:55.0393 4816 vga - ok

20:10:55.0401 4816 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

20:10:55.0477 4816 VgaSave - ok

20:10:55.0520 4816 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

20:10:55.0532 4816 vhdmp - ok

20:10:55.0558 4816 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

20:10:55.0567 4816 viaide - ok

20:10:55.0602 4816 VKbms (3b59bb6d10cf969dbe4db93d9ead7fb4) C:\Windows\system32\DRIVERS\VKbms.sys

20:10:55.0642 4816 VKbms - ok

20:10:55.0659 4816 VMnetAdapter - ok

20:10:56.0231 4816 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

20:10:56.0241 4816 volmgr - ok

20:10:56.0561 4816 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

20:10:56.0586 4816 volmgrx - ok

20:10:56.0609 4816 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

20:10:56.0632 4816 volsnap - ok

20:10:56.0671 4816 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

20:10:56.0700 4816 vsmraid - ok

20:10:56.0795 4816 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

20:10:56.0879 4816 VSS - ok

20:10:57.0002 4816 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

20:10:57.0047 4816 vwifibus - ok

20:10:57.0078 4816 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

20:10:57.0123 4816 vwififlt - ok

20:10:57.0176 4816 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

20:10:57.0223 4816 W32Time - ok

20:10:57.0349 4816 W3SVC (b32009db1972e7f2c227499289c4384a) C:\Windows\system32\inetsrv\iisw3adm.dll

20:10:57.0401 4816 W3SVC - ok

20:10:57.0426 4816 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

20:10:57.0451 4816 WacomPen - ok

20:10:57.0509 4816 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

20:10:57.0573 4816 WANARP - ok

20:10:57.0576 4816 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

20:10:57.0603 4816 Wanarpv6 - ok

20:10:57.0629 4816 WAS (b32009db1972e7f2c227499289c4384a) C:\Windows\system32\inetsrv\iisw3adm.dll

20:10:57.0640 4816 WAS - ok

20:10:57.0752 4816 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

20:10:57.0810 4816 WatAdminSvc - ok

20:10:57.0896 4816 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

20:10:57.0952 4816 wbengine - ok

20:10:58.0070 4816 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

20:10:58.0110 4816 WbioSrvc - ok

20:10:58.0167 4816 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

20:10:58.0190 4816 wcncsvc - ok

20:10:58.0219 4816 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

20:10:58.0254 4816 WcsPlugInService - ok

20:10:58.0283 4816 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

20:10:58.0306 4816 Wd - ok

20:10:58.0441 4816 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

20:10:58.0474 4816 Wdf01000 - ok

20:10:58.0484 4816 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

20:10:58.0580 4816 WdiServiceHost - ok

20:10:58.0587 4816 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

20:10:58.0623 4816 WdiSystemHost - ok

20:10:58.0682 4816 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

20:10:58.0719 4816 WebClient - ok

20:10:58.0752 4816 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

20:10:58.0825 4816 Wecsvc - ok

20:10:58.0846 4816 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

20:10:58.0888 4816 wercplsupport - ok

20:10:58.0909 4816 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

20:10:58.0955 4816 WerSvc - ok

20:10:59.0009 4816 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

20:10:59.0079 4816 WfpLwf - ok

20:10:59.0116 4816 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

20:10:59.0125 4816 WIMMount - ok

20:10:59.0137 4816 WinHttpAutoProxySvc - ok

20:10:59.0193 4816 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

20:10:59.0251 4816 Winmgmt - ok

20:10:59.0483 4816 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

20:10:59.0559 4816 WinRM - ok

20:10:59.0808 4816 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

20:10:59.0845 4816 WinUsb - ok

20:10:59.0929 4816 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

20:10:59.0979 4816 Wlansvc - ok

20:11:00.0210 4816 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

20:11:00.0259 4816 wlidsvc - ok

20:11:00.0403 4816 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

20:11:00.0440 4816 WmiAcpi - ok

20:11:00.0556 4816 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

20:11:00.0599 4816 wmiApSrv - ok

20:11:00.0667 4816 WMPNetworkSvc - ok

20:11:00.0746 4816 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

20:11:00.0801 4816 WPCSvc - ok

20:11:01.0017 4816 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

20:11:01.0172 4816 WPDBusEnum - ok

20:11:01.0189 4816 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

20:11:01.0231 4816 ws2ifsl - ok

20:11:01.0234 4816 WSearch - ok

20:11:01.0343 4816 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

20:11:01.0394 4816 WudfPf - ok

20:11:01.0474 4816 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

20:11:01.0566 4816 WUDFRd - ok

20:11:01.0831 4816 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

20:11:01.0932 4816 wudfsvc - ok

20:11:01.0972 4816 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

20:11:01.0999 4816 WwanSvc - ok

20:11:02.0156 4816 X6va001 - ok

20:11:02.0164 4816 X6va002 - ok

20:11:02.0178 4816 X6va003 - ok

20:11:02.0190 4816 X6va005 - ok

20:11:02.0215 4816 X6va006 - ok

20:11:02.0223 4816 X6va007 - ok

20:11:02.0348 4816 X6va008 - ok

20:11:02.0353 4816 X6va009 - ok

20:11:02.0370 4816 MBR (0x1B8) (d903658e313289c7e22a468124057bec) \Device\Harddisk0\DR0

20:11:02.0434 4816 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected

20:11:02.0434 4816 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)

20:11:02.0695 4816 \Device\Harddisk0\DR0 ( TDSS File System ) - warning

20:11:02.0695 4816 \Device\Harddisk0\DR0 - detected TDSS File System (1)

20:11:02.0705 4816 Boot (0x1200) (5319ab105eb2cdafbc4dab0af835f236) \Device\Harddisk0\DR0\Partition0

20:11:02.0708 4816 \Device\Harddisk0\DR0\Partition0 - ok

20:11:02.0726 4816 Boot (0x1200) (0be0791d5a858884a5e2a19c936b2799) \Device\Harddisk0\DR0\Partition1

20:11:02.0728 4816 \Device\Harddisk0\DR0\Partition1 - ok

20:11:02.0729 4816 ============================================================

20:11:02.0729 4816 Scan finished

20:11:02.0729 4816 ============================================================

20:11:02.0740 4104 Detected object count: 12

20:11:02.0740 4104 Actual detected object count: 12

20:12:35.0839 4104 AMD_RAIDXpert ( UnsignedFile.Multi.Generic ) - skipped by user

20:12:35.0839 4104 AMD_RAIDXpert ( UnsignedFile.Multi.Generic ) - User select action: Skip

20:12:35.0842 4104 HP Health Check Service ( UnsignedFile.Multi.Generic ) - skipped by user

20:12:35.0843 4104 HP Health Check Service ( UnsignedFile.Multi.Generic ) - User select action: Skip

20:12:35.0846 4104 HPBtnSrv ( UnsignedFile.Multi.Generic ) - skipped by user

20:12:35.0846 4104 HPBtnSrv ( UnsignedFile.Multi.Generic ) - User select action: Skip

20:12:35.0848 4104 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user

20:12:35.0848 4104 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip

20:12:35.0850 4104 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user

20:12:35.0850 4104 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip

20:12:35.0851 4104 MREMP50 ( UnsignedFile.Multi.Generic ) - skipped by user

20:12:35.0851 4104 MREMP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip

20:12:35.0853 4104 MRESP50 ( UnsignedFile.Multi.Generic ) - skipped by user

20:12:35.0853 4104 MRESP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip

20:12:35.0855 4104 pcCMService ( UnsignedFile.Multi.Generic ) - skipped by user

20:12:35.0855 4104 pcCMService ( UnsignedFile.Multi.Generic ) - User select action: Skip

20:12:35.0856 4104 pcCMService64 ( UnsignedFile.Multi.Generic ) - skipped by user

20:12:35.0856 4104 pcCMService64 ( UnsignedFile.Multi.Generic ) - User select action: Skip

20:12:35.0858 4104 pcServiceHost ( UnsignedFile.Multi.Generic ) - skipped by user

20:12:35.0858 4104 pcServiceHost ( UnsignedFile.Multi.Generic ) - User select action: Skip

20:12:36.0470 4104 \Device\Harddisk0\DR0\# - copied to quarantine

20:12:36.0471 4104 \Device\Harddisk0\DR0 - copied to quarantine

20:12:36.0512 4104 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine

20:12:36.0514 4104 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine

20:12:36.0520 4104 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine

20:12:36.0525 4104 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine

20:12:36.0537 4104 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine

20:12:36.0545 4104 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine

20:12:36.0547 4104 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine

20:12:36.0549 4104 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine

20:12:36.0552 4104 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine

20:12:36.0555 4104 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine

20:12:36.0558 4104 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine

20:12:36.0561 4104 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine

20:12:36.0564 4104 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine

20:12:36.0566 4104 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine

20:12:36.0604 4104 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot

20:12:36.0615 4104 \Device\Harddisk0\DR0 - ok

20:12:37.0128 4104 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure

20:12:37.0129 4104 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

20:12:37.0129 4104 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

20:12:50.0191 4888 Deinitialize success

[MrCharlie]

Run TDSSKiller again and choose Delete for this one only: (You don't have to post the log)

20:12:37.0129 4104 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user

20:12:37.0129 4104 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip

Now see if you can run ComboFix, MrC

[kpz]

I ran it, and it seemed to work, but it closed after about two minutes (I think it installed successfully, but I'm not sure), and the blue screen never came up.

[MrCharlie]

Try it like this.......

Delete your copy of ComboFix. Grab a fresh copy and save it to your Desktop, but do not run it yet.

Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).

Click Start --> Run, and enter this command exactly as shown: (copy and paste)

"%userprofile%\desktop\combofix.exe" /nombr

See if it will run successfully now. MrC

[kpz]

Yep, it ran. The log's below.

-----------------------------------------------------------------------

ComboFix 12-08-10.02 - Kevin 08/12/2012 20:45:18.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8191.6945 [GMT -5:00]

Running from: c:\users\Kevin\Desktop\ComboFix.exe

AV: Norton Internet Security *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\CFLog

c:\cflog\CrashLog_20100811.txt

c:\cflog\CrashLog_20100815.txt

c:\cflog\CrashLog_20100816.txt

c:\cflog\CrashLog_20100817.txt

c:\cflog\CrashLog_20100820.txt

c:\cflog\CrashLog_20100821.txt

c:\cflog\CrashLog_20100822.txt

c:\cflog\CrashLog_20100824.txt

c:\cflog\CrashLog_20100825.txt

c:\cflog\CrashLog_20100826.txt

c:\cflog\CrashLog_20100904.txt

c:\cflog\CrashLog_20100916.txt

c:\cflog\CrashLog_20100920.txt

c:\cflog\CrashLog_20101107.txt

c:\cflog\CrashLog_20101210.txt

c:\cflog\CrashLog_20101220.txt

c:\cflog\CrashLog_20110101.txt

c:\cflog\CrashLog_20110103.txt

c:\cflog\CrashLog_20110108.txt

c:\cflog\CrashLog_20110207.txt

c:\cflog\CrashLog_20110217.txt

c:\cflog\CrashLog_20110218.txt

c:\cflog\CrashLog_20110219.txt

c:\cflog\CrashLog_20110221.txt

c:\cflog\CrashLog_20110226.txt

c:\cflog\CrashLog_20110302.txt

c:\cflog\CrashLog_20110320.txt

c:\cflog\CrashLog_20110325.txt

c:\cflog\CrashLog_20110421.txt

c:\cflog\CrashLog_20110502.txt

c:\cflog\CrashLog_20110508.txt

c:\cflog\CrashLog_20110520.txt

c:\cflog\CrashLog_20110610.txt

c:\cflog\CrashLog_20110614.txt

c:\cflog\CrashLog_20110802.txt

c:\cflog\CrashLog_20110807.txt

c:\cflog\CrashLog_20110810.txt

c:\cflog\CrashLog_20110811.txt

c:\cflog\CrashLog_20110814.txt

c:\cflog\CrashLog_20110817.txt

c:\cflog\CrashLog_20110819.txt

c:\cflog\CrashLog_20110822.txt

c:\cflog\CrashLog_20110825.txt

c:\cflog\CrashLog_20110826.txt

c:\cflog\CrashLog_20110828.txt

c:\cflog\CrashLog_20110831.txt

c:\cflog\CrashLog_20110903.txt

c:\cflog\CrashLog_20110910.txt

c:\cflog\CrashLog_20110918.txt

c:\cflog\CrashLog_20110923.txt

c:\cflog\CrashLog_20110928.txt

c:\cflog\CrashLog_20110930.txt

c:\cflog\CrashLog_20111001.txt

c:\cflog\CrashLog_20111009.txt

c:\cflog\CrashLog_20111012.txt

c:\cflog\CrashLog_20111015.txt

c:\cflog\CrashLog_20111016.txt

c:\cflog\CrashLog_20111022.txt

c:\cflog\CrashLog_20111023.txt

c:\cflog\CrashLog_20111027.txt

c:\cflog\CrashLog_20111028.txt

c:\cflog\CrashLog_20111029.txt

c:\cflog\CrashLog_20111030.txt

c:\cflog\CrashLog_20111110.txt

c:\cflog\CrashLog_20111112.txt

c:\cflog\CrashLog_20111122.txt

c:\cflog\CrashLog_20111123.txt

c:\cflog\CrashLog_20111213.txt

c:\cflog\CrashLog_20111215.txt

c:\cflog\CrashLog_20111216.txt

c:\cflog\CrashLog_20111218.txt

c:\cflog\CrashLog_20111219.txt

c:\cflog\CrashLog_20111220.txt

c:\cflog\CrashLog_20111222.txt

c:\cflog\CrashLog_20111225.txt

c:\cflog\CrashLog_20120212.txt

c:\cflog\CrashLog_20120301.txt

c:\cflog\CrashLog_20120307.txt

c:\cflog\CrashLog_20120311.txt

c:\cflog\CrashLog_20120319.txt

c:\cflog\CrashLog_20120331.txt

c:\cflog\CrashLog_20120401.txt

c:\cflog\CrashLog_20120407.txt

c:\cflog\CrashLog_20120416.txt

c:\cflog\CrashLog_20120417.txt

c:\cflog\CrashLog_20120420.txt

c:\cflog\CrashLog_20120421.txt

c:\cflog\CrashLog_20120422.txt

c:\cflog\CrashLog_20120428.txt

c:\cflog\CrashLog_20120529.txt

c:\cflog\CrashLog_20120602.txt

c:\cflog\CrashLog_20120603.txt

c:\cflog\CrashLog_20120607.txt

c:\cflog\CrashLog_20120630.txt

c:\cflog\CrashLog_20120705.txt

c:\cflog\CrashLog_20120707.txt

C:\Install.exe

c:\users\Kevin\AppData\Local\Sony Creative Software\wytvfypj.dll

c:\windows\assembly\GAC_32\Desktop.ini

c:\windows\assembly\GAC_64\Desktop.ini

c:\windows\Installer\{2137bfcd-29e9-534b-910a-f787603f1930}\@

c:\windows\Installer\{2137bfcd-29e9-534b-910a-f787603f1930}\L\00000004.@

c:\windows\Installer\{2137bfcd-29e9-534b-910a-f787603f1930}\L\201d3dde

c:\windows\Installer\{2137bfcd-29e9-534b-910a-f787603f1930}\U\00000004.@

c:\windows\Installer\{2137bfcd-29e9-534b-910a-f787603f1930}\U\00000008.@

c:\windows\Installer\{2137bfcd-29e9-534b-910a-f787603f1930}\U\000000cb.@

c:\windows\Installer\{2137bfcd-29e9-534b-910a-f787603f1930}\U\80000000.@

c:\windows\Installer\{2137bfcd-29e9-534b-910a-f787603f1930}\U\80000032.@

c:\windows\Installer\{2137bfcd-29e9-534b-910a-f787603f1930}\U\80000064.@

.

Infected copy of c:\windows\system32\services.exe was found and disinfected

Restored copy from - c:\32788r22fwjfw\HarddiskVolumeShadowCopy5_!Windows!System32!services.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-07-13 to 2012-08-13 )))))))))))))))))))))))))))))))

.

.

2012-08-13 01:56 . 2012-08-13 01:56 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp

2012-08-13 01:56 . 2012-08-13 01:56 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-08-13 01:12 . 2012-08-13 01:22 -------- d-----w- C:\TDSSKiller_Quarantine

2012-08-10 01:00 . 2012-08-10 01:00 -------- d-----w- c:\users\Kevin\AppData\Roaming\Malwarebytes

2012-08-10 01:00 . 2012-08-10 01:00 -------- d-----w- c:\programdata\Malwarebytes

2012-08-10 01:00 . 2012-08-10 01:00 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-08-10 01:00 . 2012-07-03 18:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-08-10 00:01 . 2012-08-10 00:07 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-08-10 00:01 . 2012-08-10 00:07 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-08-09 23:58 . 2012-08-09 23:58 -------- d-----w- c:\programdata\McAfee

2012-08-09 23:23 . 2012-08-09 23:23 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%

2012-08-09 23:14 . 2012-08-09 23:14 -------- d-----w- c:\windows\Sun

2012-08-09 20:44 . 2012-08-09 20:47 -------- d-----w- c:\program files\iTunes

2012-08-09 20:44 . 2012-08-09 20:47 -------- d-----w- c:\program files (x86)\iTunes

2012-08-09 17:01 . 2012-08-09 17:01 -------- d-----w- c:\users\Kevin\AppData\Roaming\Motive

2012-08-09 16:59 . 2012-08-09 17:00 -------- d-----w- c:\program files\ATT-SST

2012-08-09 16:59 . 2012-08-09 17:00 -------- d-----w- c:\program files (x86)\ATT-SST

2012-08-09 16:41 . 2012-08-09 16:59 -------- d-----w- c:\program files (x86)\Common Files\Motive

2012-08-09 16:41 . 2012-08-09 17:00 -------- d-----w- c:\program files\Common Files\Motive

2012-08-09 16:40 . 2012-08-09 17:06 -------- d-----w- c:\programdata\Motive

2012-08-01 18:42 . 2010-03-01 21:59 24376 ----a-w- c:\windows\system32\drivers\cqcpu.sys

2012-08-01 18:42 . 2010-03-01 21:59 24376 ----a-w- c:\windows\system32\drivers\cpqdfw.sys

2012-08-01 18:42 . 2012-08-02 11:01 -------- d---a-w- C:\HPVNEW

2012-07-18 17:28 . 2012-08-13 01:56 -------- d-----w- c:\users\Kevin\AppData\Local\Sony Creative Software

2012-07-16 19:22 . 2012-07-16 19:22 -------- d-----w- c:\users\Kevin\AppData\Roaming\raidcall

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-07-12 04:31 . 2010-01-23 21:04 59701280 ----a-w- c:\windows\system32\MRT.exe

2012-06-29 10:04 . 2012-08-07 22:05 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F29922B5-5102-4977-8E03-6CC806D6FB73}\mpengine.dll

2012-06-12 03:08 . 2012-07-12 04:34 3148800 ----a-w- c:\windows\system32\win32k.sys

2012-06-09 05:43 . 2012-07-11 10:14 14172672 ----a-w- c:\windows\system32\shell32.dll

2012-06-06 06:06 . 2012-07-11 10:14 2004480 ----a-w- c:\windows\system32\msxml6.dll

2012-06-06 06:06 . 2012-07-11 10:14 1881600 ----a-w- c:\windows\system32\msxml3.dll

2012-06-06 06:02 . 2012-07-11 10:13 1133568 ----a-w- c:\windows\system32\cdosys.dll

2012-06-06 05:05 . 2012-07-11 10:14 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll

2012-06-06 05:05 . 2012-07-11 10:14 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll

2012-06-06 05:03 . 2012-07-11 10:13 805376 ----a-w- c:\windows\SysWow64\cdosys.dll

2012-06-02 22:19 . 2012-06-22 14:42 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-22 14:42 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:19 . 2012-06-22 14:42 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-22 14:42 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-22 14:42 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:15 . 2012-06-22 14:42 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:15 . 2012-06-22 14:42 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 20:19 . 2012-06-22 14:42 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 20:15 . 2012-06-22 14:42 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-06-02 12:49 . 2012-07-12 04:30 17807360 ----a-w- c:\windows\system32\mshtml.dll

2012-06-02 12:17 . 2012-07-12 04:30 10924032 ----a-w- c:\windows\system32\ieframe.dll

2012-06-02 12:12 . 2012-07-12 04:30 2311680 ----a-w- c:\windows\system32\jscript9.dll

2012-06-02 12:05 . 2012-07-12 04:30 1346048 ----a-w- c:\windows\system32\urlmon.dll

2012-06-02 12:05 . 2012-07-12 04:30 1392128 ----a-w- c:\windows\system32\wininet.dll

2012-06-02 12:04 . 2012-07-12 04:30 1494528 ----a-w- c:\windows\system32\inetcpl.cpl

2012-06-02 12:04 . 2012-07-12 04:30 237056 ----a-w- c:\windows\system32\url.dll

2012-06-02 12:03 . 2012-07-12 04:30 85504 ----a-w- c:\windows\system32\jsproxy.dll

2012-06-02 12:01 . 2012-07-12 04:30 173056 ----a-w- c:\windows\system32\ieUnatt.exe

2012-06-02 12:00 . 2012-07-12 04:30 818688 ----a-w- c:\windows\system32\jscript.dll

2012-06-02 11:59 . 2012-07-12 04:30 2144768 ----a-w- c:\windows\system32\iertutil.dll

2012-06-02 11:57 . 2012-07-12 04:30 96768 ----a-w- c:\windows\system32\mshtmled.dll

2012-06-02 11:57 . 2012-07-12 04:30 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-06-02 11:54 . 2012-07-12 04:30 248320 ----a-w- c:\windows\system32\ieui.dll

2012-06-02 08:33 . 2012-07-12 04:30 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll

2012-06-02 08:25 . 2012-07-12 04:30 1129472 ----a-w- c:\windows\SysWow64\wininet.dll

2012-06-02 08:25 . 2012-07-12 04:30 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2012-06-02 08:20 . 2012-07-12 04:30 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2012-06-02 08:16 . 2012-07-12 04:30 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2012-06-02 05:50 . 2012-07-11 10:14 458704 ----a-w- c:\windows\system32\drivers\cng.sys

2012-06-02 05:48 . 2012-07-11 10:14 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2012-06-02 05:48 . 2012-07-11 10:14 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-06-02 05:45 . 2012-07-11 10:14 340992 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 05:44 . 2012-07-11 10:14 307200 ----a-w- c:\windows\system32\ncrypt.dll

2012-06-02 04:40 . 2012-07-11 10:14 22016 ----a-w- c:\windows\SysWow64\secur32.dll

2012-06-02 04:40 . 2012-07-11 10:14 225280 ----a-w- c:\windows\SysWow64\schannel.dll

2012-06-02 04:39 . 2012-07-11 10:14 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll

2012-06-02 04:34 . 2012-07-11 10:14 96768 ----a-w- c:\windows\SysWow64\sspicli.dll

2012-05-31 17:25 . 2009-11-14 00:35 279656 ------w- c:\windows\system32\MpSigStub.exe

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}]

2009-06-08 21:41 120104 ----a-w- c:\program files (x86)\Common Files\Homepage Protection\HomepageProtection.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"DeathAdder"="c:\program files (x86)\Razer\DeathAdder\razerhid.exe" [2011-03-21 248320]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-08 421776]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux3"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]

@="FSFilter Activity Monitor"

.

R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-10 250056]

R3 dump_wmimmc;dump_wmimmc;c:\ijji\ENGLISH\AVA\Binaries\GameGuard\dump_wmimmc.sys [x]

R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [2009-10-07 30232]

R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2009-10-07 327704]

R3 LVUVC64;Logitech Webcam Pro 9000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2009-10-07 6379288]

R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-03 1255736]

R3 X6va001;X6va001;c:\users\Kevin\AppData\Local\Temp\0014C0.tmp [x]

R3 X6va002;X6va002;c:\users\Kevin\AppData\Local\Temp\0027ED4.tmp [x]

R3 X6va003;X6va003;c:\users\Kevin\AppData\Local\Temp\00392A8.tmp [x]

R3 X6va005;X6va005;c:\users\Kevin\AppData\Local\Temp\005E4A3.tmp [x]

R3 X6va006;X6va006;c:\users\Kevin\AppData\Local\Temp\00663E3.tmp [x]

R3 X6va007;X6va007;c:\users\Kevin\AppData\Local\Temp\007F941.tmp [x]

R3 X6va008;X6va008;c:\windows\SysWOW64\Drivers\X6va008 [x]

R3 X6va009;X6va009;c:\windows\SysWOW64\Drivers\X6va009 [x]

R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544]

R4 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-04-06 361984]

R4 AMD_RAIDXpert;AMD RAIDXpert;c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2009-03-16 122880]

R4 HPBtnSrv;HP Easy Backup Button Service;c:\program files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [2008-10-01 192512]

R4 LVPrcS64;Process Monitor;c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe [2009-10-07 191000]

R4 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-19 113120]

R4 Norton Internet Security;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\16.7.0.30\ccSvcHst.exe [2009-09-04 117640]

S0 ahcix64s;ahcix64s;c:\windows\system32\DRIVERS\ahcix64s.sys [2009-07-31 237936]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]

S2 pcCMService;pcCMService;c:\program files (x86)\Common Files\Motive\pcCMService.exe [2012-07-06 361472]

S2 pcCMService64;pcCMService64;c:\program files\Common Files\Motive\pcCMService.exe [2012-07-06 441344]

S2 pcServiceHost;pcServiceHost;c:\program files (x86)\Common Files\Motive\pcServiceHost.exe [2012-06-14 342016]

S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]

S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-04-06 343040]

S3 danewFltr;NewDeathAdder Mouse;c:\windows\system32\drivers\danew.sys [2010-03-23 12032]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-07-13 233472]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-04-03 34872]

S3 VKbms;Virtual HID Minidriver;c:\windows\system32\DRIVERS\VKbms.sys [2010-10-01 13312]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

iissvcs REG_MULTI_SZ w3svc was

apphost REG_MULTI_SZ apphostsvc

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-13 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-10 00:07]

.

2012-08-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3666074475-405161259-3935603811-1001Core.job

- c:\users\Kevin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-30 13:47]

.

2012-08-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3666074475-405161259-3935603811-1001UA.job

- c:\users\Kevin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-30 13:47]

.

2012-08-01 c:\windows\Tasks\HPCeeScheduleForKevin.job

- c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2009-09-04 21:38]

.

2012-06-30 c:\windows\Tasks\PCDRScheduledMaintenance.job

- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-06-10 11:04]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ATT-SST_McciTrayApp"="c:\program files\ATT-SST\pcTrayApp.exe" [2012-06-07 2727936]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cndt

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000

Trusted Zone: $talisma_url$

TCP: DhcpNameServer = 192.168.1.254

FF - ProfilePath - c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\2vir7fcg.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&SearchSource=3&q={searchTerms}

FF - prefs.js: browser.startup.homepage - hxxp://swagbucks.com/

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2260173&q=

FF - user.js: general.useragent.extra.brc - BRI/1

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKCU-Run-Sony Creative Software - c:\users\Kevin\AppData\Local\Sony Creative Software\wytvfypj.dll

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe

.

.

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Norton Internet Security]

"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\16.7.0.30\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files (x86)\Norton Internet Security\Engine\16.7.0.30\diMaster.dll\" /prefetch:1"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va001]

"ImagePath"="\??\c:\users\Kevin\AppData\Local\Temp\0014C0.tmp"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va002]

"ImagePath"="\??\c:\users\Kevin\AppData\Local\Temp\0027ED4.tmp"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va003]

"ImagePath"="\??\c:\users\Kevin\AppData\Local\Temp\00392A8.tmp"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va005]

"ImagePath"="\??\c:\users\Kevin\AppData\Local\Temp\005E4A3.tmp"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va006]

"ImagePath"="\??\c:\users\Kevin\AppData\Local\Temp\00663E3.tmp"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va007]

"ImagePath"="\??\c:\users\Kevin\AppData\Local\Temp\007F941.tmp"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va008]

"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va008"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va009]

"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va009"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,

7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de

"{D4027C7F-154A-4066-A1AD-4243D8127440}"=hex:51,66,7a,6c,4c,1d,38,12,11,7f,11,

d0,78,5b,08,05,de,bb,01,03,dd,4c,30,54

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,

1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7

"{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39,

64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c

"{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}"=hex:51,66,7a,6c,4c,1d,38,12,c0,08,7b,

68,6e,2b,53,0b,f0,d2,a5,e5,25,9d,9d,3c

"{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,

69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18

"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,

76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a

"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,

72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57

"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,

94,30,02,d1,0f,f1,da,12,24,73,56,27,d2

"{ABD3B5E1-B268-407B-A150-2641DAB8D898}"=hex:51,66,7a,6c,4c,1d,38,12,8f,b6,c0,

af,5a,fc,15,05,de,46,65,01,df,e6,9c,8c

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,

df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd

"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,

2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85

"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,

fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17

"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,

b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:0a,7a,57,39,e9,74,cd,01

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

.

**************************************************************************

.

Completion time: 2012-08-12 21:07:29 - machine was rebooted

ComboFix-quarantined-files.txt 2012-08-13 02:07

.

Pre-Run: 772,679,155,712 bytes free

Post-Run: 774,224,338,944 bytes free

.

- - End Of File - - 13071AAA7288B53A9DE7142C4898623E

[MrCharlie]

Looks Good.....

Please Update and run a Quick Scan with MBAM, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

[kpz]

Malwarebytes Anti-Malware (Trial) 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.13.04

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Kevin :: KEVIN-PC [administrator]

Protection: Enabled

8/13/2012 10:18:33 AM

mbam-log-2012-08-13 (10-18-33).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 222481

Time elapsed: 4 minute(s), 52 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

-----------------------------------------------------------------------

My computer's running well now. Thank you so much.

[MrCharlie]

Great

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall)

---------------------------------

Please download OTL from one of the links below: (you may already have OTL on the system)

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

http://www.itxassociates.com/OT-Tools/OTL.exe

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, etc....

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

[Maurice Naggar]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!