Google Redirect Virus

SPIKETAPPR · August 21, 2012

Need some help getting rid of the Google Redirect Virus. My logs below, thanks for the help.

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421

Run by Ricky at 19:06:40 on 2012-08-20

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8163.5894 [GMT -7:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\taskeng.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe

C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\svchost.exe -k HPService

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Microsoft IntelliType Pro\itype.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe

C:\Program Files (x86)\Steam\Steam.exe

C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe

C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe

C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe

C:\Users\Ricky\AppData\Local\Programs\Google\MusicManager\MusicManager.exe

C:\Program Files (x86)\Samsung\Kies\Kies.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe

C:\Windows\system32\conhost.exe

C:\Program Files (x86)\MSI\Live Update 5\LU5.exe

C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe

C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe

C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\DllHost.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

C:\Windows\system32\sppsvc.exe

C:\Users\Ricky\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.yahoo.com/

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll

mURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll

mWinlogon: Userinit=userinit.exe,

BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll

BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: StartNow Toolbar Helper: {6e13d095-45c3-4271-9475-f3b48227dd9f} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll

BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

TB: StartNow Toolbar: {5911488e-9d1e-40ec-8cbb-06b231cc153f} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll

TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

uRun: [com.apple.dav.bookmarks.daemon] C:\Program Files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe

uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent

uRun: [Power2GoExpress] "C:\Program Files (x86)\CyberLink\Power2Go\Power2GoExpress.exe"

uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe

uRun: [Google Update] "C:\Users\Ricky\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [MusicManager] "C:\Users\Ricky\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"

uRun: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload

uRun: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup

uRun: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

uRun: [spotify] "C:\Users\Ricky\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart

uRun: [spotify Web Helper] "C:\Users\Ricky\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun: [super-Charger] C:\Program Files (x86)\MSI\Super-Charger\StartSuperCharger.exe

mRun: [startNowToolbarHelper] "C:\Program Files (x86)\StartNow Toolbar\ToolbarHelper.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [Live Update 5] C:\Program Files (x86)\MSI\Live Update 5\LU5.exe /reminder

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"

mRun: [TrayServer] C:\PROGRA~2\MAGIX\MOVIE_~1\TrayServer_en.exe

mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun: [<NO NAME>]

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe

mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} - hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{0C1221FE-52F8-465E-895B-7D25DF61E872} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{646D1E7B-27DF-42BB-A419-B3D158DF4C77} : DhcpNameServer = 192.168.1.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO-X64: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll

BHO-X64: 0x1 - No File

BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

BHO-X64: HP Print Enhancer - No File

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: StartNow Toolbar Helper: {6E13D095-45C3-4271-9475-F3B48227DD9F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll

BHO-X64: StartNow Toolbar Helper - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll

BHO-X64: Vuze Remote - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO-X64: Yontoo Layers: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll

BHO-X64: Yontoo Layers - No File

BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

BHO-X64: HP Smart BHO Class - No File

TB-X64: StartNow Toolbar: {5911488E-9D1E-40ec-8CBB-06B231CC153F} - C:\Program Files (x86)\StartNow Toolbar\Toolbar32.dll

TB-X64: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files (x86)\Vuze_Remote\prxtbVuze.dll

TB-X64: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File

mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun-x64: [super-Charger] C:\Program Files (x86)\MSI\Super-Charger\StartSuperCharger.exe

mRun-x64: [startNowToolbarHelper] "C:\Program Files (x86)\StartNow Toolbar\ToolbarHelper.exe"

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [Live Update 5] C:\Program Files (x86)\MSI\Live Update 5\LU5.exe /reminder

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun-x64: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"

mRun-x64: [TrayServer] C:\PROGRA~2\MAGIX\MOVIE_~1\TrayServer_en.exe

mRun-x64: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

mRun-x64: [(Default)]

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe

mRun-x64: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

.

============= SERVICES / DRIVERS ===============

.

R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]

R2 Fabs;FABS - Helping agent for MAGIX media database;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-8-27 1253376]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-21 655944]

R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-3-15 2348352]

R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [2012-2-15 474168]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-2-29 382272]

R2 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe [2012-6-22 265952]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 MBfilt;MBfilt;C:\Windows\system32\drivers\MBfilt64.sys --> C:\Windows\system32\drivers\MBfilt64.sys [?]

R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;C:\Program Files (x86)\MSI\Live Update 5\msibios64_100507.sys [2011-11-22 33592]

R3 NTIOLib_1_0_4;NTIOLib_1_0_4;C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [2011-11-22 14136]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-13 136176]

S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys --> C:\Windows\system32\DRIVERS\ssudbus.sys [?]

S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-8-7 3276800]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-13 136176]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]

S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]

S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]

S3 NTIOLib_1_0_6;NTIOLib_1_0_6;C:\Program Files (x86)\Setup Files\Ms7673v1E0\NTIOLib_X64.sys [2011-1-6 11888]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudmdm.sys --> C:\Windows\system32\DRIVERS\ssudmdm.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

.

=============== Created Last 30 ================

.

2012-08-21 02:03:08 -------- d-----w- C:\Users\Ricky\AppData\Roaming\StartNow Toolbar

2012-08-21 01:36:54 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9576CFC5-1EB7-4645-AB2F-BF99C48D127B}\offreg.dll

2012-08-21 01:31:09 927800 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4902E24E-3EB6-44D5-8EFF-77260B8E0208}\gapaengine.dll

2012-08-21 01:31:07 9309624 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9576CFC5-1EB7-4645-AB2F-BF99C48D127B}\mpengine.dll

2012-08-21 01:30:36 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client

2012-08-21 01:30:34 -------- d-----w- C:\Program Files\Microsoft Security Client

2012-08-19 20:53:22 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FC656006-BE38-4CFA-9E46-EC70EDC24C39}\mpengine.dll

2012-08-15 02:47:19 503808 ----a-w- C:\Windows\System32\srcore.dll

2012-08-15 02:47:19 43008 ----a-w- C:\Windows\SysWow64\srclient.dll

2012-08-15 02:47:18 751104 ----a-w- C:\Windows\System32\win32spl.dll

2012-08-15 02:47:18 67072 ----a-w- C:\Windows\splwow64.exe

2012-08-15 02:47:18 59392 ----a-w- C:\Windows\System32\browcli.dll

2012-08-15 02:47:18 559104 ----a-w- C:\Windows\System32\spoolsv.exe

2012-08-15 02:47:18 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll

2012-08-15 02:47:18 41984 ----a-w- C:\Windows\SysWow64\browcli.dll

2012-08-15 02:47:18 3148800 ----a-w- C:\Windows\System32\win32k.sys

2012-08-15 02:47:18 136704 ----a-w- C:\Windows\System32\browser.dll

2012-08-15 02:47:17 956928 ----a-w- C:\Windows\System32\localspl.dll

2012-08-04 12:01:57 -------- d-----w- C:\Users\Ricky\AppData\Local\Spotify

2012-08-04 12:01:49 -------- d-----w- C:\Users\Ricky\AppData\Roaming\Spotify

2012-07-30 23:43:52 -------- d-----w- C:\Users\Ricky\AppData\Local\Amazon

2012-07-27 20:51:30 184248 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll

.

==================== Find3M ====================

.

2012-07-12 03:20:58 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-12 03:20:58 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-07-03 20:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-06-26 23:03:06 4659712 ----a-w- C:\Windows\SysWow64\Redemption.dll

2012-06-06 15:49:52 1070152 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX

2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll

2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll

2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll

2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll

2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll

2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll

2012-06-04 07:59:20 99384 ----a-w- C:\Windows\System32\drivers\ssudbus.sys

2012-06-04 07:59:20 203320 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys

2012-06-02 22:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll

2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll

2012-06-02 22:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe

2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll

2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys

2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll

2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll

2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll

2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll

2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

.

============= FINISH: 19:07:19.64 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 11/13/2011 10:42:26 AM

System Uptime: 8/20/2012 7:02:31 PM (0 hours ago)

.

Motherboard: MSI | | P67A-G43 (MS-7673)

Processor: Intel® Core i5-2500K CPU @ 3.30GHz | SOCKET 0 | 3301/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 1863 GiB total, 1703.761 GiB free.

D: is CDROM (UDF)

E: is Removable

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP106: 7/17/2012 2:57:47 PM - Windows Update

RP108: 7/21/2012 10:16:00 AM - Windows Defender Checkpoint

RP109: 7/25/2012 6:10:14 PM - Windows Update

RP110: 7/31/2012 5:09:03 PM - Windows Update

RP111: 8/7/2012 4:47:06 PM - Windows Update

RP112: 8/14/2012 7:45:59 PM - Windows Update

RP113: 8/15/2012 3:00:27 AM - Windows Update

RP114: 8/19/2012 1:52:51 PM - Windows Update

.

==== Installed Programs ======================

.

2600

2600_Help

2600Trb

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.4)

Age of Empires Online

AIO_CDB_ProductContext

AIO_CDB_Software

AIO_Scan

Aiseesoft Blu-ray Ripper

Amazon Kindle

Amazon MP3 Downloader 1.0.15

Amazon MP3 Uploader

Apple Application Support

Apple Software Update

Battlefield 3™

Battlelog Web Plugins

BufferChm

Copy

CyberLink Power2Go

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Destinations

DeviceDiscovery

Diablo III

Diablo III Beta

DocProc

ESN Sonar

Fax

Firebird SQL Server - MAGIX Edition

Google Chrome

Google Earth Plug-in

Google Toolbar for Internet Explorer

Google Update Helper

GPBaseService2

Hewlett-Packard ACLM.NET v1.1.0.0

Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)

HP Product Detection

HP Update

HPPhotoGadget

HPPhotoSmartDiscLabelContent1

HPPhotosmartEssential

HPProductAssistant

HPSSupply

Intel® Management Engine Components

Java Auto Updater

Java 6 Update 29

Java 7 Update 2

Live Update 5

Logitech Harmony Remote Software 7

MAGIX Movie Edit Pro 17 Plus

MAGIX Screenshare

MAGIX Speed burnR (MSI)

Malwarebytes Anti-Malware version 1.62.0.1300

MarketResearch

Microsoft Games for Windows - LIVE Redistributable

Microsoft Games for Windows Marketplace

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Music Manager

MyFreeCodec

NVIDIA 3D Vision Controller Driver

NVIDIA PhysX

NVIDIA Stereoscopic 3D Driver

Origin

PlayMemories Home

PS3 Media Server

PunkBuster Services

Realtek Ethernet Controller Driver

Realtek High Definition Audio Driver

Remote Control USB Driver

Renesas Electronics USB 3.0 Host Controller Driver

Samsung Kies

Scan

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2553431) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition

Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)

Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition

Sid Meier's Civilization V

Sid Meier's Civilization V SDK

SmartWebPrinting

SolutionCenter

Spotify

StartNow Toolbar

Status

Steam

Super-Charger

The Elder Scrolls V: Skyrim

Toolbox

TrayApp

UnloadSupport

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Vuze

Vuze Remote Toolbar

WebReg

WinZip 15.0

Yahoo! Toolbar

.

==== Event Viewer Messages From Past Week ========

.

8/15/2012 3:19:36 AM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control.

.

==== End Of File ===========================

TheDarkKnight · August 21, 2012

:welcome: I am TheDarkKnight and will be assisting you. Please ask questions if anything is unclear.

I see that you have a P2P (Peer-to-Peer) file sharing program installed (Vuze). I highly recommend that you consider uninstalling it. P2P programs represent a security threat to the information on your system as they allow others to access your system. Just look at the number of high profile compromises in the news as a result of P2P software:

Data about Obama's helicopter breached via P2P?

Leak of congressional ethics document prompts calls for cybersecurity probe

Walter Reed suffers peer-to-peer data breach

Update: Seattle man arrested for p-to-p ID theft

More listed here:

Data Security Threats And Breaches

You should read the link at the bottom of that page:

Why File Sharing Networks Are Dangerous (Dartmouth study, .pdf file)

In many cases P2P programs also represent a risk of infection from the program itself, as some have installed adware/spyware, or other programs without consent. Even if the program itself is clean, many P2P networks are riddled with malware, and it's often the newest, most difficult to remove malware. There are many risks associated with P2P programs, none are worth the risks. If you don't uninstall the P2P software, we will continue to clean your system, but realize that it's likely only a matter of time before you are infected again.

Please also go here to view our policy on P2P programs.

Also, I notice that you have the following installed:

Yahoo! Toolbar - has been known to exhibit borderline behaviour (please see here for more information).

Vuze Remote Toolbar - has been known to exhibit suspicious behaviour (please see here for more information).

StartNow Toolbar Helper - adware (please see here for more information)

Yontoo Layers - adware (please see here for more information).

I recommend removing all of these browser additions.

Please go to Start>Control Panel>Programs and Features>Programs and uninstall the following (if present):

StartNow Toolbar
Vuze
Vuze Remote Toolbar
Yahoo! Toolbar
Yontoo Layers

Please restart your computer after these program removals.

==========

Next, please follow these instructions to run ComboFix.exe. Please visit this webpage for download links and instructions for running this tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix (CF).

Please go here to see a list of programs that need to be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall.**

**Note 2: If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.**

Please include the C:\ComboFix.txt in your next reply for further review.

=========

Finally, please download to your Desktop:

TDSSKiller.zip from here and extract it (right click on it => "Extract here").

>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.

Click on the Start Scan button and wait for the scan and disinfection process to be over.
If an infected file is detected, the default action will be Cure. Instead, choose SKIP, then click on Continue
If a suspicious file is detected, the default action will be Skip, click on Continue
If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.

==========

In your next post please provide the following:

ComboFix.txt.
TDSSKiller log.

Are the redirects still occurring?

SPIKETAPPR · August 21, 2012

Deleted the programs listed and ran the two programs. Logs below. I appear to still be having the issue with redirected Google search links.

ComboFix 12-08-20.02 - Ricky 08/20/2012 22:45:00.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8163.6155 [GMT -7:00]

Running from: c:\users\Ricky\Downloads\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}

SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe

c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

c:\program files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe

c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe

c:\users\Ricky\AppData\Local\Temp\99cab429-f99d-4f69-9d04-113ad532bd0f\CliSecureRT.dll

c:\users\Ricky\Favorites\Videos.url

c:\windows\SysWow64\muzapp.exe

.

((((((((((((((((((((((((( Files Created from 2012-07-21 to 2012-08-21 )))))))))))))))))))))))))))))))

.

2012-08-21 05:48 . 2012-08-21 05:48 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2012-08-21 05:48 . 2012-08-21 05:48 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-08-21 01:36 . 2012-08-21 01:36 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9576CFC5-1EB7-4645-AB2F-BF99C48D127B}\offreg.dll

2012-08-21 01:31 . 2012-08-21 01:31 927800 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4902E24E-3EB6-44D5-8EFF-77260B8E0208}\gapaengine.dll

2012-08-21 01:31 . 2012-08-01 22:58 9309624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9576CFC5-1EB7-4645-AB2F-BF99C48D127B}\mpengine.dll

2012-08-21 01:30 . 2012-08-21 01:30 -------- d-----w- c:\program files (x86)\Microsoft Security Client

2012-08-21 01:30 . 2012-08-21 01:30 -------- d-----w- c:\program files\Microsoft Security Client

2012-08-19 20:53 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FC656006-BE38-4CFA-9E46-EC70EDC24C39}\mpengine.dll

2012-08-15 02:47 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll

2012-08-15 02:47 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll

2012-08-15 02:47 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys

2012-08-15 02:47 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll

2012-08-15 02:47 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll

2012-08-15 02:47 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll

2012-08-15 02:47 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll

2012-08-15 02:47 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll

2012-08-15 02:47 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe

2012-08-15 02:47 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe

2012-08-15 02:47 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll

2012-08-15 02:47 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll

2012-08-04 12:01 . 2012-08-21 05:32 -------- d-----w- c:\users\Ricky\AppData\Local\Spotify

2012-08-04 12:01 . 2012-08-21 05:32 -------- d-----w- c:\users\Ricky\AppData\Roaming\Spotify

2012-07-30 23:43 . 2012-07-30 23:43 -------- d-----w- c:\users\Ricky\AppData\Local\Amazon

2012-07-27 20:51 . 2012-07-27 20:51 184248 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-15 10:00 . 2011-11-23 11:00 62134624 ----a-w- c:\windows\system32\MRT.exe

2012-07-12 03:20 . 2012-03-29 02:08 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-07-12 03:20 . 2011-11-13 19:13 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-07-03 20:46 . 2012-07-21 18:03 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-26 23:03 . 2012-07-15 23:02 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll

2012-06-26 23:02 . 2012-06-26 23:02 90112 ----a-w- c:\windows\MAMCityDownload.ocx

2012-06-26 23:02 . 2012-06-26 23:02 330240 ----a-w- c:\windows\MASetupCaller.dll

2012-06-26 23:02 . 2012-06-26 23:02 30568 ----a-w- c:\windows\MusiccityDownload.exe

2012-06-26 23:02 . 2012-06-26 23:02 974848 ----a-w- c:\windows\SysWow64\cis-2.4.dll

2012-06-26 23:02 . 2012-06-26 23:02 81920 ----a-w- c:\windows\SysWow64\issacapi_bs-2.3.dll

2012-06-26 23:02 . 2012-06-26 23:02 65536 ----a-w- c:\windows\SysWow64\issacapi_pe-2.3.dll

2012-06-26 23:02 . 2012-06-26 23:02 57344 ----a-w- c:\windows\SysWow64\MTXSYNCICON.dll

2012-06-26 23:02 . 2012-06-26 23:02 57344 ----a-w- c:\windows\SysWow64\MK_Lyric.dll

2012-06-26 23:02 . 2012-06-26 23:02 57344 ----a-w- c:\windows\SysWow64\issacapi_se-2.3.dll

2012-06-26 23:02 . 2012-06-26 23:02 569344 ----a-w- c:\windows\SysWow64\muzdecode.ax

2012-06-26 23:02 . 2012-06-26 23:02 491520 ----a-w- c:\windows\SysWow64\muzapp.dll

2012-06-26 23:02 . 2012-06-26 23:02 49152 ----a-w- c:\windows\SysWow64\MaJGUILib.dll

2012-06-26 23:02 . 2012-06-26 23:02 45320 ----a-w- c:\windows\SysWow64\MAMACExtract.dll

2012-06-26 23:02 . 2012-06-26 23:02 45056 ----a-w- c:\windows\SysWow64\MaXMLProto.dll

2012-06-26 23:02 . 2012-06-26 23:02 45056 ----a-w- c:\windows\SysWow64\MACXMLProto.dll

2012-06-26 23:02 . 2012-06-26 23:02 40960 ----a-w- c:\windows\SysWow64\MTTELECHIP.dll

2012-06-26 23:02 . 2012-06-26 23:02 352256 ----a-w- c:\windows\SysWow64\MSLUR71.dll

2012-06-26 23:02 . 2012-06-26 23:02 258048 ----a-w- c:\windows\SysWow64\muzoggsp.ax

2012-06-26 23:02 . 2012-06-26 23:02 245760 ----a-w- c:\windows\SysWow64\MSCLib.dll

2012-06-26 23:02 . 2012-06-26 23:02 24576 ----a-w- c:\windows\SysWow64\MASetupCleaner.exe

2012-06-26 23:02 . 2012-06-26 23:02 200704 ----a-w- c:\windows\SysWow64\muzwmts.dll

2012-06-26 23:02 . 2012-06-26 23:02 155648 ----a-w- c:\windows\SysWow64\MSFLib.dll

2012-06-26 23:02 . 2012-06-26 23:02 143360 ----a-w- c:\windows\SysWow64\3DAudio.ax

2012-06-26 23:02 . 2012-06-26 23:02 135168 ----a-w- c:\windows\SysWow64\muzaf1.dll

2012-06-26 23:02 . 2012-06-26 23:02 131072 ----a-w- c:\windows\SysWow64\muzmpgsp.ax

2012-06-26 23:02 . 2012-06-26 23:02 122880 ----a-w- c:\windows\SysWow64\muzeffect.ax

2012-06-26 23:02 . 2012-06-26 23:02 118784 ----a-w- c:\windows\SysWow64\MaDRM.dll

2012-06-26 23:02 . 2012-06-26 23:02 110592 ----a-w- c:\windows\SysWow64\muzmp4sp.ax

2012-06-26 23:02 . 2012-07-15 23:02 821824 ----a-w- c:\windows\SysWow64\dgderapi.dll

2012-06-09 05:43 . 2012-07-11 02:54 14172672 ----a-w- c:\windows\system32\shell32.dll

2012-06-06 15:49 . 2012-06-06 15:49 1070152 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX

2012-06-06 06:06 . 2012-07-11 02:54 2004480 ----a-w- c:\windows\system32\msxml6.dll

2012-06-06 06:06 . 2012-07-11 02:54 1881600 ----a-w- c:\windows\system32\msxml3.dll

2012-06-06 06:02 . 2012-07-11 02:54 1133568 ----a-w- c:\windows\system32\cdosys.dll

2012-06-06 05:05 . 2012-07-11 02:54 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll

2012-06-06 05:05 . 2012-07-11 02:54 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll

2012-06-06 05:03 . 2012-07-11 02:54 805376 ----a-w- c:\windows\SysWow64\cdosys.dll

2012-06-04 07:59 . 2012-07-15 23:03 99384 ----a-w- c:\windows\system32\drivers\ssudbus.sys

2012-06-04 07:59 . 2012-07-15 23:03 203320 ----a-w- c:\windows\system32\drivers\ssudmdm.sys

2012-06-02 22:19 . 2012-06-19 00:15 38424 ----a-w- c:\windows\system32\wups.dll

2012-06-02 22:19 . 2012-06-19 00:15 2428952 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 22:19 . 2012-06-19 00:15 57880 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 22:19 . 2012-06-19 00:15 44056 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 22:19 . 2012-06-19 00:15 186752 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-02 22:19 . 2012-06-19 00:15 701976 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 22:15 . 2012-06-19 00:15 2622464 ----a-w- c:\windows\system32\wucltux.dll

2012-06-02 22:15 . 2012-06-19 00:15 36864 ----a-w- c:\windows\system32\wuapp.exe

2012-06-02 22:15 . 2012-06-19 00:15 99840 ----a-w- c:\windows\system32\wudriver.dll

2012-06-02 05:50 . 2012-07-11 02:54 458704 ----a-w- c:\windows\system32\drivers\cng.sys

2012-06-02 05:48 . 2012-07-11 02:54 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-06-02 05:48 . 2012-07-11 02:54 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2012-06-02 05:45 . 2012-07-11 02:54 340992 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 05:44 . 2012-07-11 02:54 307200 ----a-w- c:\windows\system32\ncrypt.dll

2012-06-02 04:40 . 2012-07-11 02:54 22016 ----a-w- c:\windows\SysWow64\secur32.dll

2012-06-02 04:40 . 2012-07-11 02:54 225280 ----a-w- c:\windows\SysWow64\schannel.dll

2012-06-02 04:39 . 2012-07-11 02:54 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll

2012-06-02 04:34 . 2012-07-11 02:54 96768 ----a-w- c:\windows\SysWow64\sspicli.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-11-13 39408]

"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-08-05 1353080]

"Power2GoExpress"="c:\program files (x86)\CyberLink\Power2Go\Power2GoExpress.exe" [2010-11-26 2639144]

"MusicManager"="c:\users\Ricky\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2012-06-01 13806592]

"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2012-07-03 975288]

"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-07-03 21432]

"Spotify"="c:\users\Ricky\AppData\Roaming\Spotify\Spotify.exe" [2012-08-21 5576408]

"Spotify Web Helper"="c:\users\Ricky\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-08-21 1193176]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]

"Super-Charger"="c:\program files (x86)\MSI\Super-Charger\StartSuperCharger.exe" [2011-01-25 303104]

"Live Update 5"="c:\program files (x86)\MSI\Live Update 5\LU5.exe" [2011-11-08 1858064]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2010-08-20 107816]

"TrayServer"="c:\progra~2\MAGIX\MOVIE_~1\TrayServer_en.exe" [2008-11-13 90112]

"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-23 150528]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-09-30 252296]

"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]

"PMBVolumeWatcher"="c:\program files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe" [2012-04-22 724536]

"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-07-03 3524536]

"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-13 136176]

R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-06-04 99384]

R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-13 136176]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-27 291696]

R3 NTIOLib_1_0_6;NTIOLib_1_0_6;c:\program files (x86)\Setup Files\Ms7673v1E0\NTIOLib_X64.sys [2011-01-06 11888]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]

R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-06-04 203320]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-15 1255736]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]

S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-28 1253376]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]

S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [2012-04-22 474168]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]

S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-07-29 52584]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]

S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [2009-11-17 32344]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]

S3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\program files (x86)\MSI\Live Update 5\msibios64_100507.sys [2010-05-10 33592]

S3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [2010-10-22 14136]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-01-17 188224]

S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-08-24 565352]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-13 19:12]

.

2012-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-13 19:12]

.

2012-08-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-581695653-2586300961-3122369496-1000Core.job

- c:\users\Ricky\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-16 01:32]

.

2012-08-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-581695653-2586300961-3122369496-1000UA.job

- c:\users\Ricky\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-16 01:32]

.

--------- X64 Entries -----------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-01-17 6602856]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]

"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-11 1873256]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-27 1271168]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.yahoo.com/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.1.1

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKCU-Run-iCloudServices - c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

Wow6432Node-HKCU-Run-ApplePhotoStreams - c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

Wow6432Node-HKCU-Run-com.apple.dav.bookmarks.daemon - c:\program files (x86)\Common Files\Apple\Internet Services\BookmarkDAV_client.exe

Wow6432Node-HKCU-Run-MobileDocuments - c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe

Wow6432Node-HKCU-Run-KiesAirMessage - c:\program files (x86)\Samsung\Kies\KiesAirMessage.exe

Wow6432Node-HKLM-Run-APSDaemon - c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe

WebBrowser-{BA14329E-9550-4989-B3F2-9732E92D17CC} - (no file)

AddRemove-Battlelog Web Plugins - c:\program files (x86)\Battlelog Web Plugins\uninstall.exe

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\DbgagD\1*]

"value"="?\01\02\18\01\00\1a\07"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\windows\SysWOW64\PnkBstrA.exe

c:\program files (x86)\MSI\Super-Charger\Super-Charger.exe

c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe

c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe

c:\program files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

.

**************************************************************************

.

Completion time: 2012-08-20 22:56:10 - machine was rebooted

ComboFix-quarantined-files.txt 2012-08-21 05:56

.

Pre-Run: 1,834,524,938,240 bytes free

Post-Run: 1,837,464,825,856 bytes free

.

- - End Of File - - DC3735F4420DE1EFEC87D1FD42F8EE55

23:03:02.0273 5244 TDSS rootkit removing tool 2.8.7.0 Aug 20 2012 17:30:03

23:03:02.0754 5244 ============================================================

23:03:02.0754 5244 Current date / time: 2012/08/20 23:03:02.0754

23:03:02.0754 5244 SystemInfo:

23:03:02.0754 5244

23:03:02.0754 5244 OS Version: 6.1.7601 ServicePack: 1.0

23:03:02.0754 5244 Product type: Workstation

23:03:02.0754 5244 ComputerName: RICKY-PC

23:03:02.0754 5244 UserName: Ricky

23:03:02.0754 5244 Windows directory: C:\Windows

23:03:02.0754 5244 System windows directory: C:\Windows

23:03:02.0755 5244 Running under WOW64

23:03:02.0755 5244 Processor architecture: Intel x64

23:03:02.0755 5244 Number of processors: 4

23:03:02.0755 5244 Page size: 0x1000

23:03:02.0755 5244 Boot type: Normal boot

23:03:02.0755 5244 ============================================================

23:03:03.0311 5244 Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

23:03:03.0329 5244 ============================================================

23:03:03.0329 5244 \Device\Harddisk0\DR0:

23:03:03.0329 5244 MBR partitions:

23:03:03.0329 5244 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

23:03:03.0329 5244 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xE8DCE8B0

23:03:03.0329 5244 ============================================================

23:03:03.0381 5244 C: <-> \Device\Harddisk0\DR0\Partition2

23:03:03.0381 5244 ============================================================

23:03:03.0381 5244 Initialize success

23:03:03.0381 5244 ============================================================

23:03:05.0029 3868 ============================================================

23:03:05.0029 3868 Scan started

23:03:05.0029 3868 Mode: Manual;

23:03:05.0029 3868 ============================================================

23:03:05.0621 3868 ================ Scan system memory ========================

23:03:05.0621 3868 System memory - ok

23:03:05.0621 3868 ================ Scan services =============================

23:03:06.0112 3868 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys

23:03:06.0115 3868 1394ohci - ok

23:03:06.0140 3868 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys

23:03:06.0143 3868 ACPI - ok

23:03:06.0164 3868 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

23:03:06.0166 3868 AcpiPmi - ok

23:03:06.0297 3868 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

23:03:06.0297 3868 AdobeARMservice - ok

23:03:06.0320 3868 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys

23:03:06.0326 3868 adp94xx - ok

23:03:06.0347 3868 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys

23:03:06.0352 3868 adpahci - ok

23:03:06.0373 3868 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys

23:03:06.0376 3868 adpu320 - ok

23:03:06.0396 3868 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

23:03:06.0398 3868 AeLookupSvc - ok

23:03:06.0455 3868 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys

23:03:06.0461 3868 AFD - ok

23:03:06.0476 3868 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys

23:03:06.0478 3868 agp440 - ok

23:03:06.0495 3868 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe

23:03:06.0497 3868 ALG - ok

23:03:06.0512 3868 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys

23:03:06.0514 3868 aliide - ok

23:03:06.0526 3868 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys

23:03:06.0528 3868 amdide - ok

23:03:06.0546 3868 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys

23:03:06.0548 3868 AmdK8 - ok

23:03:06.0563 3868 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys

23:03:06.0565 3868 AmdPPM - ok

23:03:06.0594 3868 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys

23:03:06.0596 3868 amdsata - ok

23:03:06.0611 3868 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys

23:03:06.0614 3868 amdsbs - ok

23:03:06.0633 3868 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys

23:03:06.0634 3868 amdxata - ok

23:03:06.0655 3868 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys

23:03:06.0657 3868 AppID - ok

23:03:06.0665 3868 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll

23:03:06.0667 3868 AppIDSvc - ok

23:03:06.0692 3868 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll

23:03:06.0694 3868 Appinfo - ok

23:03:06.0746 3868 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

23:03:06.0747 3868 Apple Mobile Device - ok

23:03:06.0771 3868 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys

23:03:06.0773 3868 arc - ok

23:03:06.0786 3868 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys

23:03:06.0789 3868 arcsas - ok

23:03:06.0800 3868 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

23:03:06.0801 3868 AsyncMac - ok

23:03:06.0805 3868 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys

23:03:06.0806 3868 atapi - ok

23:03:06.0821 3868 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

23:03:06.0828 3868 AudioEndpointBuilder - ok

23:03:06.0836 3868 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll

23:03:06.0841 3868 AudioSrv - ok

23:03:06.0859 3868 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll

23:03:06.0862 3868 AxInstSV - ok

23:03:06.0886 3868 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys

23:03:06.0891 3868 b06bdrv - ok

23:03:06.0930 3868 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

23:03:06.0934 3868 b57nd60a - ok

23:03:06.0961 3868 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll

23:03:06.0964 3868 BDESVC - ok

23:03:06.0973 3868 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys

23:03:06.0975 3868 Beep - ok

23:03:07.0055 3868 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll

23:03:07.0062 3868 BFE - ok

23:03:07.0088 3868 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll

23:03:07.0095 3868 BITS - ok

23:03:07.0101 3868 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

23:03:07.0102 3868 blbdrive - ok

23:03:07.0161 3868 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

23:03:07.0165 3868 Bonjour Service - ok

23:03:07.0193 3868 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

23:03:07.0195 3868 bowser - ok

23:03:07.0213 3868 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys

23:03:07.0215 3868 BrFiltLo - ok

23:03:07.0224 3868 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys

23:03:07.0225 3868 BrFiltUp - ok

23:03:07.0238 3868 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys

23:03:07.0240 3868 BridgeMP - ok

23:03:07.0323 3868 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll

23:03:07.0324 3868 Browser - ok

23:03:07.0346 3868 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys

23:03:07.0350 3868 Brserid - ok

23:03:07.0364 3868 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

23:03:07.0367 3868 BrSerWdm - ok

23:03:07.0372 3868 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

23:03:07.0373 3868 BrUsbMdm - ok

23:03:07.0380 3868 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

23:03:07.0382 3868 BrUsbSer - ok

23:03:07.0397 3868 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys

23:03:07.0400 3868 BTHMODEM - ok

23:03:07.0428 3868 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll

23:03:07.0430 3868 bthserv - ok

23:03:07.0433 3868 catchme - ok

23:03:07.0453 3868 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

23:03:07.0455 3868 cdfs - ok

23:03:07.0473 3868 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

23:03:07.0475 3868 cdrom - ok

23:03:07.0540 3868 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll

23:03:07.0543 3868 CertPropSvc - ok

23:03:07.0558 3868 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys

23:03:07.0559 3868 circlass - ok

23:03:07.0594 3868 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys

23:03:07.0599 3868 CLFS - ok

23:03:07.0655 3868 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

23:03:07.0658 3868 clr_optimization_v2.0.50727_32 - ok

23:03:07.0699 3868 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

23:03:07.0701 3868 clr_optimization_v2.0.50727_64 - ok

23:03:07.0742 3868 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

23:03:07.0743 3868 clr_optimization_v4.0.30319_32 - ok

23:03:07.0773 3868 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

23:03:07.0774 3868 clr_optimization_v4.0.30319_64 - ok

23:03:07.0786 3868 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys

23:03:07.0787 3868 CmBatt - ok

23:03:07.0796 3868 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys

23:03:07.0797 3868 cmdide - ok

23:03:07.0851 3868 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys

23:03:07.0856 3868 CNG - ok

23:03:07.0866 3868 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys

23:03:07.0867 3868 Compbatt - ok

23:03:07.0890 3868 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys

23:03:07.0892 3868 CompositeBus - ok

23:03:07.0904 3868 COMSysApp - ok

23:03:07.0915 3868 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys

23:03:07.0917 3868 crcdisk - ok

23:03:07.0946 3868 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll

23:03:07.0948 3868 CryptSvc - ok

23:03:07.0974 3868 [ 1CA90212A99DB6975C344826D11055C9 ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys

23:03:07.0975 3868 dc3d - ok

23:03:08.0018 3868 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll

23:03:08.0023 3868 DcomLaunch - ok

23:03:08.0047 3868 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll

23:03:08.0051 3868 defragsvc - ok

23:03:08.0064 3868 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

23:03:08.0067 3868 DfsC - ok

23:03:08.0117 3868 [ 6060106CE00F32F63F1A73160E46E9D2 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys

23:03:08.0118 3868 dg_ssudbus - ok

23:03:08.0155 3868 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll

23:03:08.0159 3868 Dhcp - ok

23:03:08.0169 3868 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys

23:03:08.0169 3868 discache - ok

23:03:08.0211 3868 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys

23:03:08.0213 3868 Disk - ok

23:03:08.0230 3868 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll

23:03:08.0233 3868 Dnscache - ok

23:03:08.0250 3868 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll

23:03:08.0254 3868 dot3svc - ok

23:03:08.0287 3868 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys

23:03:08.0289 3868 Dot4 - ok

23:03:08.0299 3868 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys

23:03:08.0301 3868 Dot4Print - ok

23:03:08.0309 3868 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys

23:03:08.0311 3868 dot4usb - ok

23:03:08.0323 3868 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll

23:03:08.0326 3868 DPS - ok

23:03:08.0351 3868 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

23:03:08.0352 3868 drmkaud - ok

23:03:08.0377 3868 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

23:03:08.0385 3868 DXGKrnl - ok

23:03:08.0394 3868 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll

23:03:08.0397 3868 EapHost - ok

23:03:08.0460 3868 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys

23:03:08.0502 3868 ebdrv - ok

23:03:08.0529 3868 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe

23:03:08.0530 3868 EFS - ok

23:03:08.0577 3868 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

23:03:08.0585 3868 ehRecvr - ok

23:03:08.0610 3868 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe

23:03:08.0613 3868 ehSched - ok

23:03:08.0636 3868 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys

23:03:08.0642 3868 elxstor - ok

23:03:08.0657 3868 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys

23:03:08.0659 3868 ErrDev - ok

23:03:08.0684 3868 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll

23:03:08.0687 3868 EventSystem - ok

23:03:08.0732 3868 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys

23:03:08.0735 3868 exfat - ok

23:03:08.0777 3868 Fabs - ok

23:03:08.0793 3868 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys

23:03:08.0797 3868 fastfat - ok

23:03:08.0815 3868 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe

23:03:08.0823 3868 Fax - ok

23:03:08.0838 3868 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys

23:03:08.0840 3868 fdc - ok

23:03:08.0851 3868 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll

23:03:08.0853 3868 fdPHost - ok

23:03:08.0868 3868 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll

23:03:08.0871 3868 FDResPub - ok

23:03:08.0883 3868 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

23:03:08.0885 3868 FileInfo - ok

23:03:08.0894 3868 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

23:03:08.0896 3868 Filetrace - ok

23:03:08.0968 3868 [ FFF1130F7C9FA01D093A1EDFC5CCE8FC ] FirebirdServerMAGIXInstance C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe

23:03:09.0012 3868 FirebirdServerMAGIXInstance - ok

23:03:09.0045 3868 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys

23:03:09.0047 3868 flpydisk - ok

23:03:09.0059 3868 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

23:03:09.0062 3868 FltMgr - ok

23:03:09.0096 3868 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll

23:03:09.0117 3868 FontCache - ok

23:03:09.0144 3868 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

23:03:09.0167 3868 FontCache3.0.0.0 - ok

23:03:09.0178 3868 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

23:03:09.0180 3868 FsDepends - ok

23:03:09.0216 3868 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

23:03:09.0216 3868 Fs_Rec - ok

23:03:09.0233 3868 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

23:03:09.0236 3868 fvevol - ok

23:03:09.0244 3868 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys

23:03:09.0246 3868 gagp30kx - ok

23:03:09.0278 3868 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

23:03:09.0279 3868 GEARAspiWDM - ok

23:03:09.0308 3868 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll

23:03:09.0316 3868 gpsvc - ok

23:03:09.0392 3868 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

23:03:09.0394 3868 gupdate - ok

23:03:09.0401 3868 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

23:03:09.0402 3868 gupdatem - ok

23:03:09.0410 3868 [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

23:03:09.0412 3868 gusvc - ok

23:03:09.0426 3868 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

23:03:09.0433 3868 hcw85cir - ok

23:03:09.0472 3868 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

23:03:09.0477 3868 HdAudAddService - ok

23:03:09.0502 3868 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys

23:03:09.0505 3868 HDAudBus - ok

23:03:09.0526 3868 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys

23:03:09.0527 3868 HidBatt - ok

23:03:09.0544 3868 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys

23:03:09.0547 3868 HidBth - ok

23:03:09.0554 3868 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys

23:03:09.0556 3868 HidIr - ok

23:03:09.0576 3868 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll

23:03:09.0578 3868 hidserv - ok

23:03:09.0600 3868 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

23:03:09.0602 3868 HidUsb - ok

23:03:09.0612 3868 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll

23:03:09.0616 3868 hkmsvc - ok

23:03:09.0630 3868 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll

23:03:09.0634 3868 HomeGroupListener - ok

23:03:09.0657 3868 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

23:03:09.0661 3868 HomeGroupProvider - ok

23:03:09.0744 3868 [ 1DAE5C46D42B02A6D5862E1482EFB390 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll

23:03:09.0747 3868 hpqcxs08 - ok

23:03:09.0774 3868 [ 99E8EEF42FE2F4AF29B08C3355DD7685 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll

23:03:09.0776 3868 hpqddsvc - ok

23:03:09.0788 3868 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys

23:03:09.0790 3868 HpSAMD - ok

23:03:09.0900 3868 [ F37882F128EFACEFE353E0BAE2766909 ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL

23:03:09.0927 3868 HPSLPSVC - ok

23:03:09.0981 3868 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys

23:03:09.0997 3868 HTTP - ok

23:03:10.0032 3868 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

23:03:10.0032 3868 hwpolicy - ok

23:03:10.0050 3868 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys

23:03:10.0052 3868 i8042prt - ok

23:03:10.0073 3868 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

23:03:10.0077 3868 iaStorV - ok

23:03:10.0128 3868 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

23:03:10.0134 3868 idsvc - ok

23:03:10.0148 3868 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys

23:03:10.0150 3868 iirsp - ok

23:03:10.0176 3868 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll

23:03:10.0182 3868 IKEEXT - ok

23:03:10.0245 3868 [ 13089F31AA37CDE1CE3784EE01A48484 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys

23:03:10.0265 3868 IntcAzAudAddService - ok

23:03:10.0278 3868 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys

23:03:10.0279 3868 intelide - ok

23:03:10.0291 3868 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

23:03:10.0292 3868 intelppm - ok

23:03:10.0302 3868 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll

23:03:10.0304 3868 IPBusEnum - ok

23:03:10.0315 3868 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

23:03:10.0317 3868 IpFilterDriver - ok

23:03:10.0323 3868 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

23:03:10.0328 3868 iphlpsvc - ok

23:03:10.0343 3868 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys

23:03:10.0345 3868 IPMIDRV - ok

23:03:10.0367 3868 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys

23:03:10.0370 3868 IPNAT - ok

23:03:10.0418 3868 [ 50D6CCC6FF5561F9F56946B3E6164FB8 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

23:03:10.0425 3868 iPod Service - ok

23:03:10.0440 3868 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

23:03:10.0442 3868 IRENUM - ok

23:03:10.0468 3868 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys

23:03:10.0471 3868 isapnp - ok

23:03:10.0486 3868 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys

23:03:10.0489 3868 iScsiPrt - ok

23:03:10.0509 3868 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

23:03:10.0510 3868 kbdclass - ok

23:03:10.0531 3868 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys

23:03:10.0533 3868 kbdhid - ok

23:03:10.0559 3868 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe

23:03:10.0560 3868 KeyIso - ok

23:03:10.0603 3868 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

23:03:10.0605 3868 KSecDD - ok

23:03:10.0617 3868 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

23:03:10.0619 3868 KSecPkg - ok

23:03:10.0626 3868 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

23:03:10.0628 3868 ksthunk - ok

23:03:10.0643 3868 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll

23:03:10.0648 3868 KtmRm - ok

23:03:10.0675 3868 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll

23:03:10.0679 3868 LanmanServer - ok

23:03:10.0715 3868 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

23:03:10.0719 3868 LanmanWorkstation - ok

23:03:10.0745 3868 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

23:03:10.0747 3868 lltdio - ok

23:03:10.0766 3868 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll

23:03:10.0771 3868 lltdsvc - ok

23:03:10.0787 3868 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll

23:03:10.0789 3868 lmhosts - ok

23:03:10.0811 3868 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys

23:03:10.0814 3868 LSI_FC - ok

23:03:10.0834 3868 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys

23:03:10.0837 3868 LSI_SAS - ok

23:03:10.0856 3868 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys

23:03:10.0857 3868 LSI_SAS2 - ok

23:03:10.0873 3868 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys

23:03:10.0876 3868 LSI_SCSI - ok

23:03:10.0895 3868 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys

23:03:10.0897 3868 luafv - ok

23:03:10.0932 3868 [ DC8490812A3B72811AE534F423B4C206 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys

23:03:10.0933 3868 MBAMProtector - ok

23:03:11.0082 3868 [ 43683E970F008C93C9429EF428147A54 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

23:03:11.0087 3868 MBAMService - ok

23:03:11.0112 3868 [ 8FF2D95CBA49B405C5DE27039FF0BF35 ] MBfilt C:\Windows\system32\drivers\MBfilt64.sys

23:03:11.0113 3868 MBfilt - ok

23:03:11.0132 3868 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

23:03:11.0135 3868 Mcx2Svc - ok

23:03:11.0145 3868 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys

23:03:11.0147 3868 megasas - ok

23:03:11.0178 3868 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys

23:03:11.0182 3868 MegaSR - ok

23:03:11.0203 3868 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys

23:03:11.0204 3868 MEIx64 - ok

23:03:11.0245 3868 Microsoft SharePoint Workspace Audit Service - ok

23:03:11.0263 3868 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll

23:03:11.0267 3868 MMCSS - ok

23:03:11.0275 3868 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys

23:03:11.0277 3868 Modem - ok

23:03:11.0299 3868 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys

23:03:11.0299 3868 monitor - ok

23:03:11.0312 3868 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

23:03:11.0313 3868 mouclass - ok

23:03:11.0325 3868 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

23:03:11.0326 3868 mouhid - ok

23:03:11.0360 3868 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

23:03:11.0362 3868 mountmgr - ok

23:03:11.0394 3868 [ 94C66EDEDCDB6A126880472F9A704D8E ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys

23:03:11.0397 3868 MpFilter - ok

23:03:11.0418 3868 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys

23:03:11.0421 3868 mpio - ok

23:03:11.0425 3868 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

23:03:11.0427 3868 mpsdrv - ok

23:03:11.0449 3868 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll

23:03:11.0459 3868 MpsSvc - ok

23:03:11.0480 3868 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

23:03:11.0483 3868 MRxDAV - ok

23:03:11.0504 3868 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

23:03:11.0506 3868 mrxsmb - ok

23:03:11.0525 3868 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

23:03:11.0529 3868 mrxsmb10 - ok

23:03:11.0539 3868 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

23:03:11.0541 3868 mrxsmb20 - ok

23:03:11.0551 3868 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys

23:03:11.0553 3868 msahci - ok

23:03:11.0564 3868 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys

23:03:11.0566 3868 msdsm - ok

23:03:11.0583 3868 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe

23:03:11.0586 3868 MSDTC - ok

23:03:11.0605 3868 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys

23:03:11.0606 3868 Msfs - ok

23:03:11.0612 3868 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

23:03:11.0614 3868 mshidkmdf - ok

23:03:11.0625 3868 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

23:03:11.0625 3868 msisadrv - ok

23:03:11.0638 3868 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

23:03:11.0641 3868 MSiSCSI - ok

23:03:11.0644 3868 msiserver - ok

23:03:11.0685 3868 [ 192476C10371DC83243D67432B2CDCBF ] MSI_MSIBIOS_010507 C:\Program Files (x86)\MSI\Live Update 5\msibios64_100507.sys

23:03:11.0686 3868 MSI_MSIBIOS_010507 - ok

23:03:11.0710 3868 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

23:03:11.0713 3868 MSKSSRV - ok

23:03:11.0783 3868 [ 59FAAF2C83C8169EA20F9E335E418907 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe

23:03:11.0784 3868 MsMpSvc - ok

23:03:11.0803 3868 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

23:03:11.0805 3868 MSPCLOCK - ok

23:03:11.0816 3868 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

23:03:11.0818 3868 MSPQM - ok

23:03:11.0833 3868 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

23:03:11.0837 3868 MsRPC - ok

23:03:11.0855 3868 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys

23:03:11.0856 3868 mssmbios - ok

23:03:11.0871 3868 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

23:03:11.0873 3868 MSTEE - ok

23:03:11.0885 3868 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys

23:03:11.0886 3868 MTConfig - ok

23:03:11.0905 3868 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys

23:03:11.0906 3868 Mup - ok

23:03:11.0938 3868 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll

23:03:11.0945 3868 napagent - ok

23:03:11.0980 3868 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

23:03:11.0984 3868 NativeWifiP - ok

23:03:12.0017 3868 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys

23:03:12.0024 3868 NDIS - ok

23:03:12.0050 3868 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

23:03:12.0052 3868 NdisCap - ok

23:03:12.0075 3868 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

23:03:12.0077 3868 NdisTapi - ok

23:03:12.0097 3868 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

23:03:12.0099 3868 Ndisuio - ok

23:03:12.0112 3868 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

23:03:12.0115 3868 NdisWan - ok

23:03:12.0128 3868 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

23:03:12.0130 3868 NDProxy - ok

23:03:12.0174 3868 [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll

23:03:12.0176 3868 Net Driver HPZ12 - ok

23:03:12.0202 3868 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

23:03:12.0205 3868 NetBIOS - ok

23:03:12.0219 3868 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

23:03:12.0223 3868 NetBT - ok

23:03:12.0238 3868 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe

23:03:12.0239 3868 Netlogon - ok

23:03:12.0269 3868 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll

23:03:12.0273 3868 Netman - ok

23:03:12.0282 3868 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll

23:03:12.0289 3868 netprofm - ok

23:03:12.0308 3868 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

23:03:12.0311 3868 NetTcpPortSharing - ok

23:03:12.0359 3868 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys

23:03:12.0361 3868 nfrd960 - ok

23:03:12.0418 3868 [ 91B4E0273D2F6C24EF845F2B41311289 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys

23:03:12.0420 3868 NisDrv - ok

23:03:12.0441 3868 [ 10A43829A9E606AF3EEF25A1C1665923 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe

23:03:12.0445 3868 NisSrv - ok

23:03:12.0465 3868 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll

23:03:12.0471 3868 NlaSvc - ok

23:03:12.0483 3868 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys

23:03:12.0485 3868 Npfs - ok

23:03:12.0495 3868 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll

23:03:12.0498 3868 nsi - ok

23:03:12.0511 3868 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

23:03:12.0513 3868 nsiproxy - ok

23:03:12.0551 3868 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

23:03:12.0564 3868 Ntfs - ok

23:03:12.0604 3868 [ 1B32C54B95121AB1683C7B83B2DB4B96 ] NTIOLib_1_0_4 C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys

23:03:12.0604 3868 NTIOLib_1_0_4 - ok

23:03:12.0653 3868 [ C02F70960FA934B8DEFA16A03D7F6556 ] NTIOLib_1_0_6 C:\Program Files (x86)\Setup Files\Ms7673v1E0\NTIOLib_X64.sys

23:03:12.0655 3868 NTIOLib_1_0_6 - ok

23:03:12.0672 3868 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys

23:03:12.0672 3868 Null - ok

23:03:12.0698 3868 [ 158AD24745BD85BA9BE3C51C38F48C32 ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys

23:03:12.0701 3868 nusb3hub - ok

23:03:12.0721 3868 [ D40A13B2C0891E218F9523B376955DB6 ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys

23:03:12.0724 3868 nusb3xhc - ok

23:03:12.0761 3868 [ 8D4AAC74B571FC356560E5B308955E93 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys

23:03:12.0763 3868 NVHDA - ok

23:03:12.0963 3868 [ 0EB204639119370F5F8F2871FBF4E14B ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys

23:03:13.0009 3868 nvlddmkm - ok

23:03:13.0030 3868 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys

23:03:13.0032 3868 nvraid - ok

23:03:13.0054 3868 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys

23:03:13.0055 3868 nvstor - ok

23:03:13.0078 3868 [ 32FF8EE6DCEE5C0CB91FF892FB1CA364 ] nvsvc C:\Windows\system32\nvvsvc.exe

23:03:13.0088 3868 nvsvc - ok

23:03:13.0171 3868 [ BD012DC22C78BE1071BC21EB125D782F ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

23:03:13.0185 3868 nvUpdatusService - ok

23:03:13.0202 3868 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

23:03:13.0204 3868 nv_agp - ok

23:03:13.0230 3868 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

23:03:13.0232 3868 ohci1394 - ok

23:03:13.0300 3868 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

23:03:13.0302 3868 ose - ok

23:03:13.0443 3868 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

23:03:13.0464 3868 osppsvc - ok

23:03:13.0491 3868 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

23:03:13.0494 3868 p2pimsvc - ok

23:03:13.0516 3868 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll

23:03:13.0522 3868 p2psvc - ok

23:03:13.0533 3868 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys

23:03:13.0535 3868 Parport - ok

23:03:13.0574 3868 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys

23:03:13.0575 3868 partmgr - ok

23:03:13.0594 3868 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll

23:03:13.0598 3868 PcaSvc - ok

23:03:13.0612 3868 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys

23:03:13.0615 3868 pci - ok

23:03:13.0628 3868 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys

23:03:13.0628 3868 pciide - ok

23:03:13.0644 3868 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys

23:03:13.0647 3868 pcmcia - ok

23:03:13.0663 3868 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys

23:03:13.0664 3868 pcw - ok

23:03:13.0677 3868 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys

23:03:13.0684 3868 PEAUTH - ok

23:03:13.0741 3868 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe

23:03:13.0743 3868 PerfHost - ok

23:03:13.0781 3868 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll

23:03:13.0812 3868 pla - ok

23:03:13.0850 3868 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

23:03:13.0856 3868 PlugPlay - ok

23:03:13.0930 3868 [ 3072137896BFCCF4B190D248F583B48E ] PMBDeviceInfoProvider C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe

23:03:13.0934 3868 PMBDeviceInfoProvider - ok

23:03:13.0975 3868 [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll

23:03:13.0978 3868 Pml Driver HPZ12 - ok

23:03:13.0988 3868 PnkBstrA - ok

23:03:13.0997 3868 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

23:03:14.0000 3868 PNRPAutoReg - ok

23:03:14.0017 3868 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

23:03:14.0021 3868 PNRPsvc - ok

23:03:14.0044 3868 [ 4F0878FD62D5F7444C5F1C4C66D9D293 ] Point64 C:\Windows\system32\DRIVERS\point64.sys

23:03:14.0045 3868 Point64 - ok

23:03:14.0071 3868 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

23:03:14.0077 3868 PolicyAgent - ok

23:03:14.0102 3868 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll

23:03:14.0106 3868 Power - ok

23:03:14.0132 3868 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

23:03:14.0134 3868 PptpMiniport - ok

23:03:14.0157 3868 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys

23:03:14.0159 3868 Processor - ok

23:03:14.0185 3868 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll

23:03:14.0189 3868 ProfSvc - ok

23:03:14.0196 3868 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe

23:03:14.0197 3868 ProtectedStorage - ok

23:03:14.0208 3868 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys

23:03:14.0210 3868 Psched - ok

23:03:14.0256 3868 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys

23:03:14.0287 3868 ql2300 - ok

23:03:14.0302 3868 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys

23:03:14.0304 3868 ql40xx - ok

23:03:14.0324 3868 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll

23:03:14.0328 3868 QWAVE - ok

23:03:14.0343 3868 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

23:03:14.0346 3868 QWAVEdrv - ok

23:03:14.0353 3868 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

23:03:14.0354 3868 RasAcd - ok

23:03:14.0379 3868 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

23:03:14.0380 3868 RasAgileVpn - ok

23:03:14.0387 3868 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll

23:03:14.0391 3868 RasAuto - ok

23:03:14.0404 3868 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

23:03:14.0407 3868 Rasl2tp - ok

23:03:14.0430 3868 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll

23:03:14.0436 3868 RasMan - ok

23:03:14.0451 3868 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

23:03:14.0454 3868 RasPppoe - ok

23:03:14.0476 3868 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

23:03:14.0479 3868 RasSstp - ok

23:03:14.0495 3868 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

23:03:14.0499 3868 rdbss - ok

23:03:14.0515 3868 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys

23:03:14.0517 3868 rdpbus - ok

23:03:14.0521 3868 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

23:03:14.0522 3868 RDPCDD - ok

23:03:14.0537 3868 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

23:03:14.0538 3868 RDPENCDD - ok

23:03:14.0551 3868 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

23:03:14.0553 3868 RDPREFMP - ok

23:03:14.0567 3868 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

23:03:14.0570 3868 RDPWD - ok

23:03:14.0589 3868 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

23:03:14.0592 3868 rdyboost - ok

23:03:14.0606 3868 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll

23:03:14.0609 3868 RemoteAccess - ok

23:03:14.0615 3868 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll

23:03:14.0617 3868 RemoteRegistry - ok

23:03:14.0634 3868 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

23:03:14.0637 3868 RpcEptMapper - ok

23:03:14.0647 3868 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe

23:03:14.0650 3868 RpcLocator - ok

23:03:14.0664 3868 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll

23:03:14.0670 3868 RpcSs - ok

23:03:14.0689 3868 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

23:03:14.0691 3868 rspndr - ok

23:03:14.0733 3868 [ 9140DB0911DE035FED0A9A77A2D156EA ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys

23:03:14.0738 3868 RTL8167 - ok

23:03:14.0751 3868 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe

23:03:14.0753 3868 SamSs - ok

23:03:14.0767 3868 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

23:03:14.0770 3868 sbp2port - ok

23:03:14.0788 3868 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll

23:03:14.0792 3868 SCardSvr - ok

23:03:14.0808 3868 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

23:03:14.0810 3868 scfilter - ok

23:03:14.0836 3868 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll

23:03:14.0845 3868 Schedule - ok

23:03:14.0863 3868 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll

23:03:14.0864 3868 SCPolicySvc - ok

23:03:14.0876 3868 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll

23:03:14.0880 3868 SDRSVC - ok

23:03:14.0899 3868 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys

23:03:14.0901 3868 secdrv - ok

23:03:14.0914 3868 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll

23:03:14.0917 3868 seclogon - ok

23:03:14.0936 3868 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll

23:03:14.0939 3868 SENS - ok

23:03:14.0960 3868 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll

23:03:14.0963 3868 SensrSvc - ok

23:03:14.0984 3868 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys

23:03:14.0986 3868 Serenum - ok

23:03:15.0050 3868 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys

23:03:15.0052 3868 Serial - ok

23:03:15.0095 3868 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys

23:03:15.0119 3868 sermouse - ok

23:03:15.0140 3868 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll

23:03:15.0144 3868 SessionEnv - ok

23:03:15.0160 3868 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

23:03:15.0163 3868 sffdisk - ok

23:03:15.0175 3868 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

23:03:15.0178 3868 sffp_mmc - ok

23:03:15.0187 3868 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

23:03:15.0188 3868 sffp_sd - ok

23:03:15.0201 3868 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys

23:03:15.0204 3868 sfloppy - ok

23:03:15.0223 3868 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll

23:03:15.0228 3868 SharedAccess - ok

23:03:15.0240 3868 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll

23:03:15.0244 3868 ShellHWDetection - ok

23:03:15.0257 3868 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys

23:03:15.0260 3868 SiSRaid2 - ok

23:03:15.0276 3868 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys

23:03:15.0278 3868 SiSRaid4 - ok

23:03:15.0290 3868 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys

23:03:15.0293 3868 Smb - ok

23:03:15.0320 3868 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe

23:03:15.0323 3868 SNMPTRAP - ok

23:03:15.0333 3868 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys

23:03:15.0334 3868 spldr - ok

23:03:15.0372 3868 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe

23:03:15.0378 3868 Spooler - ok

23:03:15.0442 3868 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe

23:03:15.0504 3868 sppsvc - ok

23:03:15.0521 3868 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll

23:03:15.0524 3868 sppuinotify - ok

23:03:15.0548 3868 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys

23:03:15.0553 3868 srv - ok

23:03:15.0561 3868 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

23:03:15.0566 3868 srv2 - ok

23:03:15.0578 3868 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

23:03:15.0581 3868 srvnet - ok

23:03:15.0594 3868 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

23:03:15.0597 3868 SSDPSRV - ok

23:03:15.0607 3868 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll

23:03:15.0611 3868 SstpSvc - ok

23:03:15.0645 3868 [ 855335BF5792E56164F98C012E3D92DD ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys

23:03:15.0647 3868 ssudmdm - ok

23:03:15.0698 3868 Steam Client Service - ok

23:03:15.0748 3868 [ FC0A58529A02B1EED55DDC58696B7908 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

23:03:15.0751 3868 Stereo Service - ok

23:03:15.0755 3868 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys

23:03:15.0756 3868 stexstor - ok

23:03:15.0793 3868 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll

23:03:15.0802 3868 stisvc - ok

23:03:15.0813 3868 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys

23:03:15.0814 3868 swenum - ok

23:03:15.0828 3868 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll

23:03:15.0835 3868 swprv - ok

23:03:15.0867 3868 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll

23:03:15.0898 3868 SysMain - ok

23:03:15.0909 3868 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll

23:03:15.0912 3868 TabletInputService - ok

23:03:15.0923 3868 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll

23:03:15.0927 3868 TapiSrv - ok

23:03:15.0940 3868 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll

23:03:15.0943 3868 TBS - ok

23:03:16.0009 3868 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys

23:03:16.0023 3868 Tcpip - ok

23:03:16.0067 3868 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

23:03:16.0081 3868 TCPIP6 - ok

23:03:16.0098 3868 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

23:03:16.0100 3868 tcpipreg - ok

23:03:16.0113 3868 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

23:03:16.0114 3868 TDPIPE - ok

23:03:16.0132 3868 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

23:03:16.0133 3868 TDTCP - ok

23:03:16.0147 3868 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

23:03:16.0148 3868 tdx - ok

23:03:16.0162 3868 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys

23:03:16.0163 3868 TermDD - ok

23:03:16.0179 3868 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll

23:03:16.0184 3868 TermService - ok

23:03:16.0187 3868 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll

23:03:16.0189 3868 Themes - ok

23:03:16.0203 3868 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll

23:03:16.0204 3868 THREADORDER - ok

23:03:16.0212 3868 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll

23:03:16.0215 3868 TrkWks - ok

23:03:16.0249 3868 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

23:03:16.0251 3868 TrustedInstaller - ok

23:03:16.0259 3868 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

23:03:16.0261 3868 tssecsrv - ok

23:03:16.0286 3868 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys

23:03:16.0288 3868 TsUsbFlt - ok

23:03:16.0297 3868 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys

23:03:16.0299 3868 TsUsbGD - ok

23:03:16.0328 3868 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

23:03:16.0331 3868 tunnel - ok

23:03:16.0347 3868 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys

23:03:16.0349 3868 uagp35 - ok

23:03:16.0368 3868 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

23:03:16.0372 3868 udfs - ok

23:03:16.0388 3868 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe

23:03:16.0391 3868 UI0Detect - ok

23:03:16.0417 3868 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

23:03:16.0419 3868 uliagpkx - ok

23:03:16.0473 3868 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys

23:03:16.0474 3868 umbus - ok

23:03:16.0494 3868 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys

23:03:16.0496 3868 UmPass - ok

23:03:16.0515 3868 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll

23:03:16.0521 3868 upnphost - ok

23:03:16.0551 3868 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys

23:03:16.0554 3868 USBAAPL64 - ok

23:03:16.0568 3868 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

23:03:16.0570 3868 usbccgp - ok

23:03:16.0591 3868 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys

23:03:16.0593 3868 usbcir - ok

23:03:16.0620 3868 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys

23:03:16.0622 3868 usbehci - ok

23:03:16.0642 3868 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

23:03:16.0646 3868 usbhub - ok

23:03:16.0662 3868 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys

23:03:16.0664 3868 usbohci - ok

23:03:16.0685 3868 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

23:03:16.0686 3868 usbprint - ok

23:03:16.0715 3868 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys

23:03:16.0716 3868 usbscan - ok

23:03:16.0727 3868 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

23:03:16.0729 3868 USBSTOR - ok

23:03:16.0755 3868 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys

23:03:16.0757 3868 usbuhci - ok

23:03:16.0762 3868 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll

23:03:16.0764 3868 UxSms - ok

23:03:16.0781 3868 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe

23:03:16.0783 3868 VaultSvc - ok

23:03:16.0795 3868 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys

23:03:16.0796 3868 vdrvroot - ok

23:03:16.0814 3868 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe

23:03:16.0822 3868 vds - ok

23:03:16.0839 3868 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

23:03:16.0841 3868 vga - ok

23:03:16.0853 3868 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys

23:03:16.0856 3868 VgaSave - ok

23:03:16.0874 3868 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys

23:03:16.0878 3868 vhdmp - ok

23:03:16.0885 3868 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys

23:03:16.0887 3868 viaide - ok

23:03:16.0908 3868 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys

23:03:16.0910 3868 volmgr - ok

23:03:16.0924 3868 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

23:03:16.0928 3868 volmgrx - ok

23:03:16.0942 3868 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys

23:03:16.0946 3868 volsnap - ok

23:03:16.0963 3868 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys

23:03:16.0966 3868 vsmraid - ok

23:03:17.0002 3868 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe

23:03:17.0034 3868 VSS - ok

23:03:17.0062 3868 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys

23:03:17.0065 3868 vwifibus - ok

23:03:17.0084 3868 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll

23:03:17.0090 3868 W32Time - ok

23:03:17.0107 3868 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys

23:03:17.0109 3868 WacomPen - ok

23:03:17.0129 3868 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

23:03:17.0131 3868 WANARP - ok

23:03:17.0144 3868 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

23:03:17.0145 3868 Wanarpv6 - ok

23:03:17.0213 3868 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

23:03:17.0234 3868 WatAdminSvc - ok

23:03:17.0270 3868 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe

23:03:17.0301 3868 wbengine - ok

23:03:17.0318 3868 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

23:03:17.0323 3868 WbioSrvc - ok

23:03:17.0334 3868 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll

23:03:17.0340 3868 wcncsvc - ok

23:03:17.0348 3868 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

23:03:17.0352 3868 WcsPlugInService - ok

23:03:17.0359 3868 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys

23:03:17.0360 3868 Wd - ok

23:03:17.0380 3868 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

23:03:17.0388 3868 Wdf01000 - ok

23:03:17.0399 3868 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll

23:03:17.0403 3868 WdiServiceHost - ok

23:03:17.0406 3868 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll

23:03:17.0409 3868 WdiSystemHost - ok

23:03:17.0424 3868 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll

23:03:17.0429 3868 WebClient - ok

23:03:17.0445 3868 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll

23:03:17.0450 3868 Wecsvc - ok

23:03:17.0464 3868 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll

23:03:17.0468 3868 wercplsupport - ok

23:03:17.0500 3868 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll

23:03:17.0504 3868 WerSvc - ok

23:03:17.0531 3868 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

23:03:17.0533 3868 WfpLwf - ok

23:03:17.0545 3868 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys

23:03:17.0546 3868 WIMMount - ok

23:03:17.0558 3868 WinDefend - ok

23:03:17.0562 3868 WinHttpAutoProxySvc - ok

23:03:17.0604 3868 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

23:03:17.0607 3868 Winmgmt - ok

23:03:17.0655 3868 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll

23:03:17.0696 3868 WinRM - ok

23:03:17.0729 3868 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys

23:03:17.0731 3868 WinUsb - ok

23:03:17.0756 3868 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll

23:03:17.0767 3868 Wlansvc - ok

23:03:17.0898 3868 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

23:03:17.0914 3868 wlidsvc - ok

23:03:17.0927 3868 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys

23:03:17.0928 3868 WmiAcpi - ok

23:03:17.0943 3868 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

23:03:17.0945 3868 wmiApSrv - ok

23:03:17.0966 3868 WMPNetworkSvc - ok

23:03:17.0979 3868 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll

23:03:17.0981 3868 WPCSvc - ok

23:03:17.0986 3868 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

23:03:17.0989 3868 WPDBusEnum - ok

23:03:18.0000 3868 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

23:03:18.0002 3868 ws2ifsl - ok

23:03:18.0009 3868 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll

23:03:18.0012 3868 wscsvc - ok

23:03:18.0015 3868 WSearch - ok

23:03:18.0076 3868 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll

23:03:18.0117 3868 wuauserv - ok

23:03:18.0134 3868 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

23:03:18.0136 3868 WudfPf - ok

23:03:18.0156 3868 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

23:03:18.0159 3868 WUDFRd - ok

23:03:18.0182 3868 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

23:03:18.0184 3868 wudfsvc - ok

23:03:18.0207 3868 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll

23:03:18.0210 3868 WwanSvc - ok

23:03:18.0214 3868 ================ Scan global ===============================

23:03:18.0235 3868 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll

23:03:18.0252 3868 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll

23:03:18.0260 3868 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll

23:03:18.0276 3868 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll

23:03:18.0293 3868 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe

23:03:18.0297 3868 [Global] - ok

23:03:18.0298 3868 ================ Scan MBR ==================================

23:03:18.0309 3868 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0

23:03:18.0456 3868 \Device\Harddisk0\DR0 - ok

23:03:18.0456 3868 ================ Scan VBR ==================================

23:03:18.0460 3868 [ E1D0ED0F5E3937A21DAE1EA31BC6802F ] \Device\Harddisk0\DR0\Partition1

23:03:18.0462 3868 \Device\Harddisk0\DR0\Partition1 - ok

23:03:18.0470 3868 [ 089CF8ACFCEF5A60BE6EB156D686EB63 ] \Device\Harddisk0\DR0\Partition2

23:03:18.0472 3868 \Device\Harddisk0\DR0\Partition2 - ok

23:03:18.0472 3868 ============================================================

23:03:18.0472 3868 Scan finished

23:03:18.0472 3868 ============================================================

23:03:18.0483 5680 Detected object count: 0

23:03:18.0483 5680 Actual detected object count: 0

23:03:42.0126 1792 Deinitialize success

TheDarkKnight · August 21, 2012

Hello SPIKETAPPR.

Thank you for the logs.

I'd like you to upload a couple of files please (you will only be able to scan one at a time):

Go to VirusTotal.
Click Choose File.
Copy and paste the exact file name in bold:
- muzoggsp.ax
- muzaf1.dll
- MTTELECHIP.dll
- MASetupCleaner.exe
[*]Click Send It!.
[*]Copy and paste the results once VirusTotal has finished scanning the file in your reply.
[*]Note: If it says the file has already being scanned please have it rescanned.

==========

Next, please download MBRCheck by a_d_13 to your Desktop from one of these locations:

http://ad13.geekstogo.com/MBRCheck.exe

http://download.blee...al/MBRCheck.exe

http://www.kernelmod...fo/MBRCheck.exe

Close all opened programs/ windows and double-click on MBRCheck.exe.

It will produce a log file saved automatically on your Desktop as "MBRCheck_[Date]_[Time].txt".

Press the "Enter" key to close the MBRCheck window and post the contents of the log file.

Finally, please download aswMBR by gmer to your Desktop.

Please visit this site for instructions on how to run the tool.
Once familiar with this tool, double click aswMBR.exe to run it.
Click the Scan button to start the scan. Note: Do NOT fix anything.
Once the scan has completed, please save the aswMBR.txt log to the Desktop and post it in your next reply.

==========

Please post the following in your reply:

Results from VirusTotal.
MBRCheck log.
aswMBR.txt.

SPIKETAPPR · August 22, 2012

Antivirus Result Updat AhnLab-V3 - 20120821 AntiVir - 20120821 Antiy-AVL - 20120821 Avast - 20120821 AVG - 20120822 BitDefender - 20120821 ByteHero - 20120814 CAT-QuickHeal - 20120821 ClamAV - 20120822 Commtouch - 20120822 Comodo - 20120821 DrWeb - 20120822 Emsisoft - 20120821 eSafe - 20120821 ESET-NOD32 - 20120821 F-Prot - 20120821 F-Secure - 20120821 Fortinet - 20120822 GData - 20120821 Ikarus - 20120818 Jiangmin - 20120821 K7AntiVirus - 20120821 Kaspersky - 20120822 McAfee - 20120822 McAfee-GW-Edition - 20120822 Microsoft - 20120822 Norman - 20120821 nProtect - 20120821 Panda - 20120821 PCTools - 20120822 Rising - 20120821 Sophos - 20120822 SUPERAntiSpyware - 20120821 Symantec - 20120821 TheHacker - 20120820 TotalDefense - 20120821 TrendMicro - 20120822 TrendMicro-HouseCall - 20120822 VBA32 - 20120821 VIPRE - 20120822 ViRobot - 20120821 VirusBuster -

20120821

SHA256: 2d467a46756a10cd764abf3d8344050066b027c8f368e96237ef0e9e69c923c2 File name: muzoggsp.ax Detection ratio: 0 / 42 Analysis date: 2012-08-22 00:47:34 UTC ( 0 minutes ago

Antivirus Result Update AhnLab-V3 - 20120821 AntiVir - 20120821 Antiy-AVL - 20120821 Avast - 20120821 AVG - 20120821 BitDefender - 20120821 ByteHero - 20120814 CAT-QuickHeal - 20120821 ClamAV - 20120821 Commtouch - 20120821 Comodo - 20120821 DrWeb - 20120821 Emsisoft - 20120821 eSafe - 20120821 ESET-NOD32 - 20120821 F-Prot - 20120820 F-Secure - 20120821 Fortinet - 20120821 GData - 20120821 Ikarus - 20120818 Jiangmin - 20120821 K7AntiVirus - 20120820 Kaspersky - 20120821 McAfee - 20120821 McAfee-GW-Edition - 20120821 Microsoft - 20120821 Norman - 20120821 nProtect - 20120821 Panda - 20120821 PCTools - 20120821 Rising - 20120821 Sophos - 20120821 SUPERAntiSpyware - 20120821 Symantec - 20120821 TheHacker - 20120820 TotalDefense - 20120821 TrendMicro - 20120821 TrendMicro-HouseCall - 20120821 VBA32 - 20120821 VIPRE - 20120821 ViRobot - 20120821 VirusBuster - 20120821

SHA256: b6079e6a6159ff9d21fd1cf26a96e851d09c35448b66a08b314978368bf771d1 File name: muzaf1.dll Detection ratio: 0 / 42 Analysis date: 2012-08-22 00:48:07 UTC ( 0 minutes a

Antivirus Result Update AhnLab-V3 - 20120821 AntiVir - 20120821 Antiy-AVL - 20120821 Avast - 20120821 AVG - 20120821 BitDefender - 20120821 ByteHero - 20120814 CAT-QuickHeal - 20120821 ClamAV - 20120821 Commtouch - 20120821 Comodo - 20120821 DrWeb - 20120821 Emsisoft - 20120821 eSafe - 20120821 ESET-NOD32 - 20120821 F-Prot - 20120820 F-Secure - 20120821 Fortinet - 20120821 GData - 20120821 Ikarus - 20120818 Jiangmin - 20120821 K7AntiVirus - 20120820 Kaspersky - 20120821 McAfee - 20120821 McAfee-GW-Edition - 20120821 Microsoft - 20120821 Norman - 20120821 nProtect - 20120821 Panda - 20120821 PCTools - 20120821 Rising - 20120821 Sophos - 20120821 SUPERAntiSpyware - 20120821 Symantec - 20120821 TheHacker - 20120820 TotalDefense - 20120821 TrendMicro - 20120821 TrendMicro-HouseCall - 20120821 VBA32 - 20120821 VIPRE - 20120821 ViRobot - 20120821 VirusBuster - 20120821

SHA256: 98a67ad02f8d49726d09e3c8bb83de4c1abf46874d43db62c494ec92c693ce6c File name: MASetupCleaner.exe Detection ratio: 0 / 42 Analysis date: 2012-08-22 00:50:56 UTC ( 1 minute ago

More details

Antivirus Result Update AhnLab-V3 - 20120821 AntiVir - 20120821 Antiy-AVL - 20120821 Avast - 20120821 AVG - 20120822 BitDefender - 20120821 ByteHero - 20120817 CAT-QuickHeal - 20120821 ClamAV - 20120822 Commtouch - 20120822 Comodo - 20120821 DrWeb - 20120822 Emsisoft - 20120821 eSafe - 20120821 ESET-NOD32 - 20120821 F-Prot - 20120821 F-Secure - 20120821 Fortinet - 20120822 GData - 20120821 Ikarus - 20120818 Jiangmin - 20120821 K7AntiVirus - 20120821 Kaspersky - 20120822 McAfee - 20120822 McAfee-GW-Edition - 20120822 Microsoft - 20120822 Norman - 20120821 nProtect - 20120821 Panda - 20120821 PCTools - 20120822 Rising - 20120821 Sophos - 20120822 SUPERAntiSpyware - 20120821 Symantec - 20120821 TheHacker - 20120820 TotalDefense - 20120821 TrendMicro - 20120822 TrendMicro-HouseCall - 20120822 VBA32 - 20120821 VIPRE - 20120822 ViRobot - 20120821 VirusBuster - 20120821

SHA256: 98c9392c16f8f02a8fb812124f9cf6af4e9ebd5c232d0bffdd2313edc8f5c187 File name: MTTELECHIP.dll Detection ratio: 0 / 42 Analysis date: 2012-08-22 00:45:13 UTC ( 10 minutes ago )

More details

Antivirus Result Update AhnLab-V3 - 20120821 AntiVir - 20120821 Antiy-AVL - 20120821 Avast - 20120821 AVG - 20120822 BitDefender - 20120821 ByteHero - 20120814 CAT-QuickHeal - 20120821 ClamAV - 20120822 Commtouch - 20120822 Comodo - 20120821 DrWeb - 20120822 Emsisoft - 20120821 eSafe - 20120821 ESET-NOD32 - 20120821 F-Prot - 20120821 F-Secure - 20120821 Fortinet - 20120822 GData - 20120821 Ikarus - 20120818 Jiangmin - 20120821 K7AntiVirus - 20120821 Kaspersky - 20120822 McAfee - 20120822 McAfee-GW-Edition - 20120822 Microsoft - 20120822 Norman - 20120821 nProtect - 20120821 Panda - 20120821 PCTools - 20120822 Rising - 20120821 Sophos - 20120822 SUPERAntiSpyware - 20120821 Symantec - 20120821 TheHacker - 20120820 TotalDefense - 20120821 TrendMicro - 20120822 TrendMicro-HouseCall - 20120822 VBA32 - 20120821 VIPRE - 20120822 ViRobot - 20120821 VirusBuster - 20120821

MBRCheck, version 1.2.3

Command-line:

Windows Version: Windows 7 Home Premium Edition

Windows Information: Service Pack 1 (build 7601), 64-bit

Base Board Manufacturer: MSI

BIOS Manufacturer: American Megatrends Inc.

System Manufacturer: MSI

System Product Name: MS-7673

Logical Drives Mask: 0x0000001c

Kernel Drivers (total 198):

0x03208000 \SystemRoot\system32\ntoskrnl.exe

0x037F0000 \SystemRoot\system32\hal.dll

0x00BC3000 \SystemRoot\system32\kdcom.dll

0x00C4C000 \SystemRoot\system32\mcupdate_GenuineIntel.dll

0x00C9B000 \SystemRoot\system32\PSHED.dll

0x00CAF000 \SystemRoot\system32\CLFS.SYS

0x00D0D000 \SystemRoot\system32\CI.dll

0x00E7E000 \SystemRoot\system32\drivers\Wdf01000.sys

0x00F22000 \SystemRoot\system32\drivers\WDFLDR.SYS

0x00F31000 \SystemRoot\system32\drivers\ACPI.sys

0x00F88000 \SystemRoot\system32\drivers\WMILIB.SYS

0x00F91000 \SystemRoot\system32\drivers\msisadrv.sys

0x00F9B000 \SystemRoot\system32\drivers\pci.sys

0x00FCE000 \SystemRoot\system32\drivers\vdrvroot.sys

0x00FDB000 \SystemRoot\System32\drivers\partmgr.sys

0x00E00000 \SystemRoot\system32\drivers\volmgr.sys

0x00E15000 \SystemRoot\System32\drivers\volmgrx.sys

0x00E71000 \SystemRoot\system32\drivers\pciide.sys

0x00FF0000 \SystemRoot\system32\drivers\PCIIDEX.SYS

0x00DCD000 \SystemRoot\System32\drivers\mountmgr.sys

0x00DE7000 \SystemRoot\system32\drivers\atapi.sys

0x00C00000 \SystemRoot\system32\drivers\ataport.SYS

0x00C2A000 \SystemRoot\system32\drivers\amdxata.sys

0x010AF000 \SystemRoot\system32\drivers\fltmgr.sys

0x010FB000 \SystemRoot\system32\drivers\fileinfo.sys

0x0110F000 \SystemRoot\system32\DRIVERS\MpFilter.sys

0x01204000 \SystemRoot\System32\Drivers\Ntfs.sys

0x01144000 \SystemRoot\System32\Drivers\msrpc.sys

0x013A7000 \SystemRoot\System32\Drivers\ksecdd.sys

0x01000000 \SystemRoot\System32\Drivers\cng.sys

0x013C2000 \SystemRoot\System32\drivers\pcw.sys

0x013D3000 \SystemRoot\System32\Drivers\Fs_Rec.sys

0x01406000 \SystemRoot\system32\drivers\ndis.sys

0x014F9000 \SystemRoot\system32\drivers\NETIO.SYS

0x01559000 \SystemRoot\System32\Drivers\ksecpkg.sys

0x01637000 \SystemRoot\System32\drivers\tcpip.sys

0x0183A000 \SystemRoot\System32\drivers\fwpkclnt.sys

0x01884000 \SystemRoot\system32\drivers\volsnap.sys

0x018D0000 \SystemRoot\System32\Drivers\spldr.sys

0x018D8000 \SystemRoot\System32\drivers\rdyboost.sys

0x01912000 \SystemRoot\System32\Drivers\mup.sys

0x01924000 \SystemRoot\System32\drivers\hwpolicy.sys

0x0192D000 \SystemRoot\System32\DRIVERS\fvevol.sys

0x01967000 \SystemRoot\system32\drivers\disk.sys

0x0197D000 \SystemRoot\system32\drivers\CLASSPNP.SYS

0x01600000 \SystemRoot\system32\DRIVERS\cdrom.sys

0x0162A000 \SystemRoot\System32\Drivers\Null.SYS

0x019E3000 \SystemRoot\System32\Drivers\Beep.SYS

0x019EA000 \SystemRoot\System32\drivers\vga.sys

0x01583000 \SystemRoot\System32\drivers\VIDEOPRT.SYS

0x015A8000 \SystemRoot\System32\drivers\watchdog.sys

0x015B8000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0x015C1000 \SystemRoot\system32\drivers\rdpencdd.sys

0x015CA000 \SystemRoot\system32\drivers\rdprefmp.sys

0x015D3000 \SystemRoot\System32\Drivers\Msfs.SYS

0x015DE000 \SystemRoot\System32\Drivers\Npfs.SYS

0x013DD000 \SystemRoot\system32\DRIVERS\tdx.sys

0x015EF000 \SystemRoot\system32\DRIVERS\TDI.SYS

0x03E90000 \SystemRoot\system32\drivers\afd.sys

0x03F19000 \SystemRoot\System32\DRIVERS\netbt.sys

0x03F5E000 \SystemRoot\system32\drivers\ws2ifsl.sys

0x03F69000 \SystemRoot\system32\DRIVERS\wfplwf.sys

0x03F72000 \SystemRoot\system32\DRIVERS\pacer.sys

0x03F98000 \SystemRoot\system32\DRIVERS\netbios.sys

0x03FA7000 \SystemRoot\system32\DRIVERS\serial.sys

0x03FC4000 \SystemRoot\system32\DRIVERS\wanarp.sys

0x03FDF000 \SystemRoot\system32\DRIVERS\termdd.sys

0x03E00000 \SystemRoot\system32\DRIVERS\rdbss.sys

0x03E51000 \SystemRoot\system32\drivers\nsiproxy.sys

0x03E5D000 \SystemRoot\system32\DRIVERS\mssmbios.sys

0x03E68000 \SystemRoot\System32\drivers\discache.sys

0x01072000 \SystemRoot\System32\Drivers\dfsc.sys

0x03E77000 \SystemRoot\system32\DRIVERS\blbdrive.sys

0x011A2000 \SystemRoot\system32\DRIVERS\tunnel.sys

0x0F0B6000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys

0x0FDD4000 \SystemRoot\System32\Drivers\nvBridge.kmd

0x04201000 \SystemRoot\System32\drivers\dxgkrnl.sys

0x042F5000 \SystemRoot\System32\drivers\dxgmms1.sys

0x0433B000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

0x0435F000 \SystemRoot\system32\DRIVERS\HECIx64.sys

0x04370000 \SystemRoot\system32\drivers\usbehci.sys

0x04381000 \SystemRoot\system32\drivers\USBPORT.SYS

0x0F000000 \SystemRoot\system32\DRIVERS\nusb3xhc.sys

0x043D7000 \SystemRoot\system32\DRIVERS\USBD.SYS

0x040CB000 \SystemRoot\system32\DRIVERS\Rt64win7.sys

0x04158000 \SystemRoot\system32\DRIVERS\serenum.sys

0x04164000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

0x04171000 \SystemRoot\system32\DRIVERS\wmiacpi.sys

0x0417A000 \SystemRoot\system32\DRIVERS\intelppm.sys

0x04190000 \SystemRoot\system32\DRIVERS\CompositeBus.sys

0x041A0000 \SystemRoot\system32\DRIVERS\AgileVpn.sys

0x041B6000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0x041DA000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0x04000000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0x0402F000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0x0404A000 \SystemRoot\system32\DRIVERS\raspptp.sys

0x0406B000 \SystemRoot\system32\DRIVERS\rassstp.sys

0x04085000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0x04094000 \SystemRoot\system32\DRIVERS\mouclass.sys

0x040A3000 \SystemRoot\system32\DRIVERS\swenum.sys

0x0F031000 \SystemRoot\system32\DRIVERS\ks.sys

0x040A5000 \SystemRoot\system32\DRIVERS\umbus.sys

0x048E5000 \SystemRoot\system32\DRIVERS\usbhub.sys

0x0493F000 \SystemRoot\system32\DRIVERS\nusb3hub.sys

0x04958000 \SystemRoot\System32\Drivers\NDProxy.SYS

0x0496D000 \SystemRoot\system32\drivers\nvhda64v.sys

0x0499F000 \SystemRoot\system32\drivers\portcls.sys

0x049DC000 \SystemRoot\system32\drivers\drmk.sys

0x04800000 \SystemRoot\system32\drivers\ksthunk.sys

0x058E0000 \SystemRoot\system32\drivers\RTKVHD64.sys

0x05B79000 \SystemRoot\system32\drivers\MBfilt64.sys

0x000A0000 \SystemRoot\System32\win32k.sys

0x05B87000 \SystemRoot\System32\drivers\Dxapi.sys

0x05B93000 \SystemRoot\system32\DRIVERS\udfs.sys

0x05BE8000 \SystemRoot\system32\DRIVERS\monitor.sys

0x05800000 \SystemRoot\System32\Drivers\crashdmp.sys

0x0580E000 \SystemRoot\System32\Drivers\dump_dumpata.sys

0x0581A000 \SystemRoot\System32\Drivers\dump_atapi.sys

0x05823000 \SystemRoot\System32\Drivers\dump_dumpfve.sys

0x005F0000 \SystemRoot\System32\TSDDD.dll

0x00650000 \SystemRoot\System32\cdd.dll

0x05836000 \SystemRoot\system32\DRIVERS\usbccgp.sys

0x05853000 \SystemRoot\system32\DRIVERS\dc3d.sys

0x05865000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

0x0586E000 \SystemRoot\system32\DRIVERS\hidusb.sys

0x0587C000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

0x05895000 \SystemRoot\system32\DRIVERS\kbdhid.sys

0x058A3000 \SystemRoot\system32\DRIVERS\mouhid.sys

0x058B0000 \SystemRoot\system32\DRIVERS\point64.sys

0x058C0000 \SystemRoot\system32\DRIVERS\usbscan.sys

0x058D1000 \SystemRoot\system32\DRIVERS\usbprint.sys

0x04806000 \SystemRoot\system32\DRIVERS\dot4usb.sys

0x04816000 \SystemRoot\system32\DRIVERS\Dot4.sys

0x0483E000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS

0x05BF6000 \SystemRoot\system32\DRIVERS\Dot4Prt.sys

0x008C0000 \SystemRoot\System32\ATMFD.DLL

0x04859000 \SystemRoot\system32\drivers\luafv.sys

0x0487C000 \SystemRoot\system32\drivers\WudfPf.sys

0x0489D000 \SystemRoot\system32\DRIVERS\lltdio.sys

0x048B2000 \SystemRoot\system32\DRIVERS\rspndr.sys

0x03A0D000 \SystemRoot\system32\drivers\HTTP.sys

0x03AD6000 \SystemRoot\system32\DRIVERS\bowser.sys

0x03AF4000 \SystemRoot\System32\drivers\mpsdrv.sys

0x03B0C000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0x03B39000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys

0x03B87000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys

0x05407000 \SystemRoot\system32\drivers\peauth.sys

0x054AD000 \SystemRoot\System32\Drivers\secdrv.SYS

0x054B8000 \SystemRoot\System32\DRIVERS\srvnet.sys

0x054E9000 \SystemRoot\System32\drivers\tcpipreg.sys

0x054FB000 \SystemRoot\System32\DRIVERS\srv2.sys

0x05564000 \SystemRoot\System32\DRIVERS\srv.sys

0x03BAB000 \SystemRoot\system32\DRIVERS\WUDFRd.sys

0x05400000 \??\C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys

0x03BDC000 \??\C:\Program Files (x86)\MSI\Live Update 5\msibios64_100507.sys

0x03BE9000 \??\C:\Windows\system32\drivers\mbam.sys

0x09077000 \SystemRoot\system32\DRIVERS\asyncmac.sys

0x09082000 \??\C:\Windows\system32\Drivers\PROCEXP113.SYS

0x77060000 \Windows\System32\ntdll.dll

0x47CA0000 \Windows\System32\smss.exe

0xFF380000 \Windows\System32\apisetschema.dll

0xFF240000 \Windows\System32\autochk.exe

0xFF2D0000 \Windows\System32\clbcatq.dll

0xFF260000 \Windows\System32\gdi32.dll

0xFF1E0000 \Windows\System32\shlwapi.dll

0xFF110000 \Windows\System32\usp10.dll

0x76E50000 \Windows\System32\iertutil.dll

0xFF000000 \Windows\System32\msctf.dll

0xFEF60000 \Windows\System32\comdlg32.dll

0xFEF40000 \Windows\System32\sechost.dll

0xFEEF0000 \Windows\System32\ws2_32.dll

0xFEE70000 \Windows\System32\difxapi.dll

0xFEE60000 \Windows\System32\lpk.dll

0xFE0D0000 \Windows\System32\shell32.dll

0xFE0A0000 \Windows\System32\imm32.dll

0xFDFC0000 \Windows\System32\oleaut32.dll

0xFDDE0000 \Windows\System32\setupapi.dll

0x76D50000 \Windows\System32\user32.dll

0x77230000 \Windows\System32\normaliz.dll

0xFDD00000 \Windows\System32\advapi32.dll

0x76C00000 \Windows\System32\urlmon.dll

0x76AE0000 \Windows\System32\kernel32.dll

0xFDCE0000 \Windows\System32\imagehlp.dll

0x77220000 \Windows\System32\psapi.dll

0xFDCD0000 \Windows\System32\nsi.dll

0xFDC70000 \Windows\System32\Wldap32.dll

0x76980000 \Windows\System32\wininet.dll

0xFDA60000 \Windows\System32\ole32.dll

0xFD930000 \Windows\System32\rpcrt4.dll

0xFD890000 \Windows\System32\msvcrt.dll

0xFD7F0000 \Windows\System32\comctl32.dll

0xFD7B0000 \Windows\System32\cfgmgr32.dll

0xFD640000 \Windows\System32\crypt32.dll

0xFD5D0000 \Windows\System32\KernelBase.dll

0xFD5B0000 \Windows\System32\devobj.dll

0xFD570000 \Windows\System32\wintrust.dll

0xFD560000 \Windows\System32\msasn1.dll

0x77210000 \Windows\SysWOW64\normaliz.dll

Processes (total 85):

0 System Idle Process

4 System

292 C:\Windows\System32\smss.exe

452 csrss.exe

516 C:\Windows\System32\wininit.exe

540 csrss.exe

580 C:\Windows\System32\services.exe

600 C:\Windows\System32\lsass.exe

608 C:\Windows\System32\lsm.exe

660 C:\Windows\System32\winlogon.exe

752 C:\Windows\System32\svchost.exe

816 C:\Windows\System32\nvvsvc.exe

840 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

884 C:\Windows\System32\svchost.exe

976 C:\Program Files\Microsoft Security Client\MsMpEng.exe

120 C:\Windows\System32\svchost.exe

336 C:\Windows\System32\svchost.exe

436 C:\Windows\System32\svchost.exe

1052 C:\Windows\System32\svchost.exe

1140 C:\Windows\System32\svchost.exe

1248 C:\Windows\System32\spoolsv.exe

1280 C:\Windows\System32\svchost.exe

1380 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

1520 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

1556 C:\Program Files\Bonjour\mDNSResponder.exe

1600 C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe

1648 C:\Windows\SysWOW64\svchost.exe

1800 C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe

1864 C:\Windows\SysWOW64\PnkBstrA.exe

1896 C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

1908 C:\Windows\System32\nvvsvc.exe

1960 C:\Windows\System32\svchost.exe

2028 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

2340 C:\Windows\System32\SearchIndexer.exe

2496 C:\Windows\System32\svchost.exe

2728 C:\Windows\System32\svchost.exe

2764 WUDFHost.exe

2864 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

2984 C:\Windows\System32\taskhost.exe

3064 C:\Windows\System32\dwm.exe

2384 C:\Windows\explorer.exe

3456 C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

3468 C:\Program Files\Microsoft IntelliPoint\ipoint.exe

3484 C:\Program Files\Microsoft IntelliType Pro\itype.exe

3672 C:\Program Files\Microsoft Security Client\msseces.exe

3680 C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

3976 C:\Program Files (x86)\Samsung\Kies\Kies.exe

4020 C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

4084 C:\Users\Ricky\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

3628 C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

3840 C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe

4008 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

3924 C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

3104 C:\Program Files (x86)\iTunes\iTunesHelper.exe

3152 C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe

1788 C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

2216 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

1796 C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe

3448 C:\Windows\System32\svchost.exe

3112 C:\Program Files\iPod\bin\iPodService.exe

4240 C:\Program Files\Windows Media Player\wmpnetwk.exe

4440 C:\Windows\System32\svchost.exe

5092 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe

4524 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe

3724 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

5084 dllhost.exe

1456 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

5788 C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

2600 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

2412 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

5660 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

3580 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

5856 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

2368 C:\Windows\System32\svchost.exe

5968 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

4496 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

1580 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

4572 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

3600 C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

5032 C:\Windows\splwow64.exe

5088 C:\Windows\System32\audiodg.exe

4908 C:\Windows\System32\taskeng.exe

5820 C:\Users\Ricky\Desktop\MBRCheck.exe

3240 C:\Windows\System32\conhost.exe

2440 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)

PhysicalDrive0 Model Number: ST2000DL003-9VT166, Rev: CC32

Size Device Name MBR Status

--------------------------------------------

1863 GB \\.\PhysicalDrive0 Windows 7 MBR code detected

SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79

Done!

SPIKETAPPR · August 22, 2012

ok sorry for the formatting above that is not what it looked like when i posted. did not appear to find anything when i analyzed the 4 files. Posted the log from the MBR check below that. However I could not download the aswMBR.exe file or connect to their website. Is it currently down? Thanks

TheDarkKnight · August 22, 2012

ok sorry for the formatting above that is not what it looked like when i posted. did not appear to find anything when i analyzed the 4 files.

All good.

Posted the log from the MBR check below that. However I could not download the aswMBR.exe file or connect to their website. Is it currently down? Thanks

I just checked and it let me go there. Interesting.

Please download to the Desktop RogueKiller (by tigzy).

Please quit all programs.
Start RogueKiller.exe.
Wait until Prescan has finished.
Click on Scan.
Click on Report and copy/paste the contents of the report in your next reply.

===========

Then, please try this tool.

For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.

For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

- Startup Repair
  System Restore
  Windows Complete PC Restore
  Windows Memory Diagnostic Tool
  Command Prompt

[*]Select Command Prompt

[*]In the command window type in notepad and press Enter.

[*]The notepad opens. Under File menu select Open.

[*]Select "Computer" and find your flash drive letter and close the notepad.

[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter

Note: Replace letter e with the drive letter of your flash drive.

[*]The tool will start to run.

[*]When the tool opens click Yes to disclaimer.

[*]Press Scan button.

[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

==========

In your reply I would like to see the following please:

RogueKiller log.
FRST.txt.

screen317 · August 30, 2012

Are you still with us? This topic will be closed in a few days if we do not hear back from you.

Maurice Naggar · September 9, 2012

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Google Redirect Virus

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information