Issue with 'Live Security Platinum' & installing Malwarebytes.

[Phyrrus]

Good day (for some I guess),

This morning, during the usual routine of newsites/webcomics, a malicious program decided to help itself to my computer, going by the name of 'Live Security Platinum'. A quick check confirmed it as a problem, so the computer got shut down until after work. A little investigating during the day seemed to come to the consensus that Malwarebytes was the go to for removing this one.

Unfortunately, I did not already have it installed, so I made sure to grab the installer while at work, along with the chameleon, just in case.

Firing the computer back up, showed the program to still be present, and capable of interfering with an install, so I tried the chamelon a few times with no avail. Eventually, at the suggestion of some other sources, I simply delted/'uninstalled' the files it stuck in the computer, and gave it a restart. Since then it hasn't shown its head, but I figure somethings gotta still be there, so I go ahead with attempting to install Malwarebytes.

Still no luck though, though this time I get an error claiming that the installer has an error, that the 'Access is Denied' starting with the config.conf file (and monving on to others if skipped). I get the smae result with a number of the chamelon options, and even while running the regualr install file as admin.

I've done a full system scan with my current software, Avira, and it found nothing that needed to be deal with.

I just want to get Malware installed so I can have some degree of confidence that the problem is fixed (hopefully without needing to resort to a reformat). Can I get a little assistance, please? (and thanks)

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1

Run by Phyrrus at 22:14:47 on 2012-09-06

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8169.5846 [GMT -6:00]

.

AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

C:\Program Files (x86)\Bluetooth Suite\adminservice.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\IProsetMonitor.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe

C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files\Logitech\SetPointP\SetPoint.exe

C:\Program Files\Logitech Gaming Software\LCore.exe

C:\Program Files (x86)\Steam\Steam.exe

C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe

C:\Program Files (x86)\GamersFirst\LIVE!\Live.exe

C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE

C:\Program Files\Logitech\SetPointG\SetPointII.exe

C:\Users\Phyrrus\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files (x86)\Windows Media Player\wmplayer.exe

C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe

C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe

C:\Program Files (x86)\CyberLink\Shared files\brs.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files (x86)\Winamp\winampa.exe

C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe

C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin

C:\Windows\system32\taskhost.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\SearchProtocolHost.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsMono-8.12.072\Applets\x86\LCDMedia.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Logitech Gaming Software\plugins\LCDAppletsMono-8.12.072\Applets\x64\LCDClock.exe

C:\Windows\system32\DllHost.exe

C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.ca/

mWinlogon: Userinit=userinit.exe

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO: CIESpeechBHO Class: {8d10f6c4-0e01-4bd4-8601-11ac1fdf8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

uRun: [NCsoft]

uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent

uRun: [Google Update] "C:\Users\Phyrrus\AppData\Local\Google\Update\GoogleUpdate.exe" /c

mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe

mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"

mRun: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"

mRun: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe

mRun: [updatePSTShortCut] "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"

mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"

mRun: [Win7PDF] C:\Program Files\PDF Printer for Windows 7\PDF.exe

mRun: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized

mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

StartupFolder: C:\Users\Phyrrus\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Phyrrus\AppData\Roaming\Dropbox\bin\Dropbox.exe

StartupFolder: C:\Users\Phyrrus\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GAMERS~1.LNK - C:\Program Files (x86)\GamersFirst\LIVE!\Live.exe

uPolicies-explorer: HideSCAHealth = 1 (0x1)

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB

DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{9631A7A0-AC57-4A7B-AE94-2A519821A9B7} : DhcpNameServer = 192.168.0.1

BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll

BHO-X64: Increase performance and video formats for your HTML5 <video> - No File

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

BHO-X64: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll

BHO-X64: IESpeakDoc - No File

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"

mRun-x64: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe

mRun-x64: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"

mRun-x64: [updateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"

mRun-x64: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"

mRun-x64: [bDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe

mRun-x64: [updatePSTShortCut] "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"

mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"

mRun-x64: [Win7PDF] C:\Program Files\PDF Printer for Windows 7\PDF.exe

mRun-x64: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized

mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

.

============= SERVICES / DRIVERS ===============

.

R1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys --> C:\Windows\system32\DRIVERS\avkmgr.sys [?]

R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-17 86224]

R2 AntiVirService;Avira Realtime Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-10-17 110032]

R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2010-10-27 52896]

R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]

R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\system32\IProsetMonitor.exe --> C:\Windows\system32\IProsetMonitor.exe [?]

R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-3-17 1262400]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-5-15 382272]

R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\system32\DRIVERS\btath_flt.sys --> C:\Windows\system32\DRIVERS\btath_flt.sys [?]

R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\system32\drivers\btath_a2dp.sys --> C:\Windows\system32\drivers\btath_a2dp.sys [?]

R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\system32\DRIVERS\btath_bus.sys --> C:\Windows\system32\DRIVERS\btath_bus.sys [?]

R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\system32\DRIVERS\btath_hcrp.sys --> C:\Windows\system32\DRIVERS\btath_hcrp.sys [?]

R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\system32\DRIVERS\btath_lwflt.sys --> C:\Windows\system32\DRIVERS\btath_lwflt.sys [?]

R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\system32\DRIVERS\btath_rcp.sys --> C:\Windows\system32\DRIVERS\btath_rcp.sys [?]

R3 BtFilter;BtFilter;C:\Windows\system32\DRIVERS\btfilter.sys --> C:\Windows\system32\DRIVERS\btfilter.sys [?]

R3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;C:\Windows\system32\DRIVERS\e1c62x64.sys --> C:\Windows\system32\DRIVERS\e1c62x64.sys [?]

R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\system32\drivers\LGBusEnum.sys --> C:\Windows\system32\drivers\LGBusEnum.sys [?]

R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\system32\drivers\LGVirHid.sys --> C:\Windows\system32\drivers\LGVirHid.sys [?]

R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]

R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]

S2 CLKMSVC10_9EC60124;CyberLink Product - 2012/06/13 22:35:52;C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2010-11-23 240112]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 ATHDFU;Atheros Valkyrie USB BootROM;C:\Windows\system32\Drivers\AthDfu.sys --> C:\Windows\system32\Drivers\AthDfu.sys [?]

S3 mbamchameleon;mbamchameleon;\??\C:\Windows\system32\drivers\mbamchameleon.sys --> C:\Windows\system32\drivers\mbamchameleon.sys [?]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]

.

=============== Created Last 30 ================

.

2012-09-07 02:10:40 -------- d-----w- C:\Users\Phyrrus\AppData\Local\{3FFA36A7-A8A4-40E2-A3F9-38D552BBE5B8}

2012-09-07 01:14:57 -------- d-----w- C:\Users\Phyrrus\AppData\Local\{6E0F22B3-A38C-4098-ACC6-2981E2C311A7}

2012-09-07 00:00:57 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-09-07 00:00:57 -------- d-----w- C:\ProgramData\Malwarebytes

2012-09-06 23:46:54 9310152 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{A1D52497-A226-40A5-8141-8B3F50C9B0B3}\mpengine.dll

2012-09-06 23:44:28 36680 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys

2012-09-06 02:08:42 323584 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpcpp103.dll

2012-09-06 02:07:45 193592 ----a-w- C:\Windows\System32\hppdcompio.dll

2012-09-06 02:07:44 167480 ----a-w- C:\Windows\SysWow64\hppccompio.dll

2012-09-06 02:07:43 491008 ----a-w- C:\Windows\SysWow64\hpcdmc32.dll

2012-09-06 02:07:43 305664 ----a-w- C:\Windows\SysWow64\hpcc3103.dll

2012-09-06 02:07:43 176640 ----a-w- C:\Windows\System32\hpcpn103.dll

2012-09-06 02:07:32 -------- d-----w- C:\Program Files (x86)\HP

2012-09-06 02:06:47 976440 ----a-w- C:\Windows\System32\hpxp1410_x64.dll

2012-09-06 02:06:47 751160 ----a-w- C:\Windows\SysWow64\hpptsp08.dll

2012-09-06 02:06:47 311296 ----a-w- C:\Windows\System32\hpbcoins64.dll

2012-09-06 02:06:47 217656 ----a-w- C:\Windows\System32\hppscancoins64.dll

2012-09-06 02:06:47 1150520 ----a-w- C:\Windows\System32\hpptsp08_x64.dll

2012-09-06 02:06:39 -------- d-----w- C:\HP_LaserJet_Professional_CM1410_Series

2012-09-05 23:42:53 -------- d-----w- C:\Users\Phyrrus\AppData\Local\{43B3E8FD-5A50-4C1E-8C0D-13DCCBFAC394}

2012-09-05 05:02:32 -------- d-----w- C:\Users\Phyrrus\AppData\Local\{F29A75B3-8503-4496-8A13-6CD72C6BE9E0}

2012-09-05 02:19:53 -------- d-----w- C:\Users\Phyrrus\AppData\Local\{BECE3D04-2229-42DF-817B-848BCB33A500}

2012-09-03 07:42:47 -------- d-----w- C:\Users\Phyrrus\AppData\Local\{8A511633-604D-4BA7-96D6-48F938744D3F}

2012-09-01 20:45:53 -------- d-----w- C:\Users\Phyrrus\AppData\Local\{3999AE1B-91E9-4245-B843-6D015D70B319}

2012-08-31 23:18:11 -------- d-----w- C:\Users\Phyrrus\AppData\Local\{F365F606-E9A9-406D-9E22-5CA79920116A}

2012-08-31 02:44:59 -------- d-----w- C:\Users\Phyrrus\AppData\Local\{C623AB95-B17F-4291-A9A9-B83E08461CB3}

2012-08-30 00:56:08 -------- d-----w- C:\Users\Phyrrus\AppData\Local\{A04EFD2F-A3D2-492C-A64D-FA23D5602C69}

2012-08-29 12:50:08 -------- d-----w- C:\Users\Phyrrus\AppData\Local\{A5DA8021-2710-4129-824E-61D255807AA7}

2012-08-29 04:53:03 -------- d-----w- C:\Users\Phyrrus\AppData\Local\{7693FC06-A0E1-45DD-9908-023C74BC330A}

2012-08-28 13:09:08 -------- d-----w- C:\Users\Phyrrus\AppData\Local\{81AC4CEF-CE53-409D-831F-7EC861A277F2}

2012-08-28 02:53:58 -------- d-----w- C:\Program Files (x86)\Guild Wars 2

2012-08-28 01:08:18 -------- d-----w- C:\Users\Phyrrus\AppData\Local\{68A6A50C-B8F0-4ECD-AAC2-ED6B55447601}

2012-08-26 20:36:32 -------- d-----w- C:\Users\Phyrrus\AppData\Local\Google

2012-08-26 20:36:19 -------- d-----w- C:\Users\Phyrrus\AppData\Local\Deployment

2012-08-26 20:36:19 -------- d-----w- C:\Users\Phyrrus\AppData\Local\Apps

2012-08-26 19:24:55 -------- d-----w- C:\Users\Phyrrus\AppData\Local\{E5D7435F-D872-49CD-B0E6-E32630C98928}

2012-08-25 23:39:10 -------- d-----w- C:\Users\Phyrrus\AppData\Local\{884E52A4-0920-4BEA-A257-F69828F1BE01}

2012-08-25 16:29:34 -------- d-----w- C:\Users\Phyrrus\AppData\Local\{B37139C7-6D60-4D00-80D9-1CDBFF0CADBE}

2012-08-24 05:39:08 -------- d-----w- C:\Users\Phyrrus\AppData\Local\{5CEE49D3-8FE7-4216-9801-E22BAF9DC0AE}

2012-08-23 12:54:26 -------- d-----w- C:\Users\Phyrrus\AppData\Local\{5DF60FF6-84B6-4E25-A0D0-5D108784367D}

2012-08-23 04:51:34 -------- d-----w- C:\Users\Phyrrus\AppData\Local\{16CDC367-6B5C-4F29-B8F8-AD0A1AD043A4}

2012-08-22 12:57:05 -------- d-----w- C:\Users\Phyrrus\AppData\Local\{041F52E2-B8B5-4F30-B0F7-C8EE5A733421}

2012-08-21 23:26:18 -------- d-----w- C:\Users\Phyrrus\AppData\Local\{89F9A5B8-C520-4427-BB50-9A0100614C5C}

2012-08-20 12:38:19 -------- d-----w- C:\Users\Phyrrus\AppData\Local\{C5E574A9-9C6C-40E6-972B-04A594EE00AC}

2012-08-19 16:03:40 -------- d-----w- C:\Users\Phyrrus\AppData\Local\{132C8D59-B462-4CD8-A0C3-2683637E6A28}

2012-08-18 20:14:08 -------- d-----w- C:\Users\Phyrrus\AppData\Local\{E247CB74-CC76-4ECF-B13B-A48BBC6A310C}

2012-08-18 18:54:00 -------- d-----w- C:\Program Files\Diablo II

2012-08-18 18:03:48 -------- d-----w- C:\Users\Phyrrus\D2-1.12A-enUS

2012-08-18 17:48:29 -------- d-----w- C:\Users\Phyrrus\D2LOD-1.12A-enUS

2012-08-18 16:22:10 -------- d-----w- C:\Users\Phyrrus\AppData\Local\{10FE7295-3699-4242-AD25-768913B35FE2}

2012-08-17 23:20:50 -------- d-----w- C:\Users\Phyrrus\AppData\Local\{0FA163CB-C908-4BC3-BF33-41CA0D362239}

2012-08-17 23:19:31 -------- d-----w- C:\Users\Phyrrus\AppData\Local\{F0F3D74B-F7A7-4400-A720-843315D1996C}

2012-08-17 01:17:01 -------- d-----w- C:\Users\Phyrrus\AppData\Local\{85F7E969-68E0-4580-B8F4-1B82F224EDD3}

2012-08-17 01:16:26 -------- d-----w- C:\Users\Phyrrus\AppData\Local\{E5F7963A-1C74-4A6D-A8FC-2943ED169F6C}

2012-08-17 01:15:34 -------- d-----w- C:\Users\Phyrrus\AppData\Local\{27EC35BA-8219-4439-86AF-2F89BC077848}

2012-08-16 03:37:24 -------- d-----w- C:\Users\Phyrrus\AppData\Local\{9249EF03-853F-4D07-B951-49AF326738FC}

2012-08-16 03:36:22 -------- d-----w- C:\Users\Phyrrus\AppData\Local\{238C4F9B-A9FF-4BF4-8912-5AA84BF12677}

2012-08-16 03:21:03 -------- d-----w- C:\Users\Phyrrus\AppData\Local\{68E33FF5-D917-4FD3-B66D-F06DE8FFC4E0}

2012-08-15 12:51:15 -------- d-----w- C:\Users\Phyrrus\AppData\Local\{48D224D1-3B5C-4327-8BED-D1A08DF5B191}

2012-08-15 12:51:13 -------- d-----w- C:\Users\Phyrrus\AppData\Local\{2B135598-5655-4EF1-9D41-D7B15F317082}

2012-08-15 00:04:45 503808 ----a-w- C:\Windows\System32\srcore.dll

2012-08-15 00:04:45 43008 ----a-w- C:\Windows\SysWow64\srclient.dll

2012-08-15 00:04:42 751104 ----a-w- C:\Windows\System32\win32spl.dll

2012-08-15 00:04:42 67072 ----a-w- C:\Windows\splwow64.exe

2012-08-15 00:04:42 559104 ----a-w- C:\Windows\System32\spoolsv.exe

2012-08-15 00:04:42 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll

2012-08-15 00:04:40 59392 ----a-w- C:\Windows\System32\browcli.dll

2012-08-15 00:04:40 41984 ----a-w- C:\Windows\SysWow64\browcli.dll

2012-08-15 00:04:40 136704 ----a-w- C:\Windows\System32\browser.dll

2012-08-15 00:04:38 3148800 ----a-w- C:\Windows\System32\win32k.sys

2012-08-15 00:04:37 956928 ----a-w- C:\Windows\System32\localspl.dll

2012-08-14 23:20:11 -------- d-----w- C:\Users\Phyrrus\AppData\Local\{B7C2B2DB-E3B9-4D32-8B76-C04CD5FD6E98}

2012-08-13 13:13:31 -------- d-----w- C:\Users\Phyrrus\AppData\Local\{0FFA6D86-A0EB-493B-8481-702D22DD7081}

2012-08-13 13:13:30 -------- d-----w- C:\Users\Phyrrus\AppData\Local\{49244525-22F3-4113-B8E9-AA4FD8A3B918}

2012-08-12 00:23:33 -------- d-----w- C:\Users\Phyrrus\AppData\Roaming\Magic Set Editor

2012-08-12 00:23:20 -------- d-----w- C:\Program Files (x86)\Magic Set Editor 2

2012-08-10 12:57:22 -------- d-----w- C:\Users\Phyrrus\AppData\Local\{27CDDFAC-BC13-43D7-AD55-68A8B07172DB}

2012-08-10 12:57:20 -------- d-----w- C:\Users\Phyrrus\AppData\Local\{3CE99312-305D-40B5-AC2A-4B69504CEE19}

2012-08-10 02:37:10 -------- d-----w- C:\Users\Phyrrus\AppData\Local\{F54734F2-78E0-4394-B96E-07FE82F02168}

2012-08-10 02:21:10 -------- d-----w- C:\Users\Phyrrus\AppData\Roaming\Empty Clip Studios

2012-08-09 12:57:13 -------- d-----w- C:\Users\Phyrrus\AppData\Local\{784C6725-29CE-475B-9DC5-D9196EB1250E}

2012-08-09 12:57:12 -------- d-----w- C:\Users\Phyrrus\AppData\Local\{E9605111-90AB-4EE9-B480-BD1E049D2488}

2012-08-08 23:58:43 -------- d-----w- C:\Users\Phyrrus\AppData\Local\{F072DA8E-0BEF-4B61-B1D6-461242786BE2}

2012-08-08 23:58:18 -------- d-----w- C:\Users\Phyrrus\AppData\Local\{ED87BA8C-40B6-4A18-89AA-31726CC0C642}

.

==================== Find3M ====================

.

2012-08-26 18:53:20 281288 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr

2012-08-26 18:53:20 281288 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2012-08-26 05:28:25 281288 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0

2012-08-17 03:45:07 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe

2012-07-06 20:07:42 552960 ----a-w- C:\Windows\System32\drivers\bthport.sys

2012-07-06 04:06:30 772544 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll

2012-07-06 04:06:20 687544 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2012-06-14 04:34:51 505128 ----a-w- C:\Windows\SysWow64\msvcp71.dll

2012-06-14 04:34:51 29480 ----a-w- C:\Windows\SysWow64\msxml3a.dll

.

============= FINISH: 22:15:17.11 ===============</video></video></video>

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume1

Install Date: 10/14/2011 11:52:46 PM

System Uptime: 9/6/2012 9:53:56 PM (1 hours ago)

.

Motherboard: ASUSTeK Computer INC. | | P8P67 PRO

Processor: Intel® Core i5-2400 CPU @ 3.10GHz | LGA1155 | 3101/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 931 GiB total, 181.163 GiB free.

D: is CDROM (UDF)

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP144: 9/4/2012 12:00:01 AM - Scheduled Checkpoint

RP145: 9/4/2012 2:33:26 AM - Windows Update

RP146: 9/6/2012 9:59:00 PM - Removed WinZip 16.0

.

==== Installed Programs ======================

.

Adobe AIR

APB Reloaded

Avira Free Antivirus

Batman: Arkham Asylum GOTY Edition

Batman: Arkham City™

Borderlands

Bulletstorm

Champions Online: Free For All

City of Heroes

CyberLink Blu-ray Disc Suite

CyberLink LG Burning Tool

CyberLink PowerDVD 9

D3DX10

DC Universe Online

Defense Grid: The Awakening

Diablo II

Diablo III

Diablo III Beta

DivX Setup

Dota 2

Dota 2 Test

DriveImage XML (Private Edition)

Dropbox

Dungeon Siege III

eReg

EVGA Precision 2.0.4

F.E.A.R.

F.E.A.R. 2: Project Origin

Fallen Earth

Flash Movie Player 1.5

Foxit Reader

GamersFirst LIVE!

Garmin Lifetime Updater

Gish

Google Chrome

Guild Wars 2

Hero Lab 3.9b

HP LaserJet Professional CM1410 Series

HP LJ CM1410 MFP Series HP Scan

HP Unified IO

Hunted: The Demon's Forge

Hydrophobia: Prophecy

I.R.I.S. OCR

Intel® Management Engine Components

IrfanView (remove only)

Java Auto Updater

Java 7 Update 5

JavaFX 2.1.1

JMicron JMB36X Driver

Junk Mail filter update

League of Legends

Magic Set Editor 2.0.0

Magic: The Gathering - Duels of the Planeswalkers

Magic: The Gathering — Duels of the Planeswalkers 2012

Magic: The Gathering – Tactics

MapleStory

Mass Effect

Microsoft Games for Windows - LIVE

Microsoft Games for Windows - LIVE Redistributable

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Visual C++ Run Time Lib Setup

MSVCRT

MSVCRT_amd64

NCsoft Launcher

NVIDIA 3D Vision Controller Driver

NVIDIA PhysX

NVIDIA Stereoscopic 3D Driver

OpenOffice.org 3.3

Pando Media Booster

Plants vs. Zombies: Game of the Year

Portal 2

PunkBuster Services

Realtek High Definition Audio Driver

Renesas Electronics USB 3.0 Host Controller Driver

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Shatter

Source Filmmaker

Star Wars - Jedi Knight II: Jedi Outcast

Star Wars - Jedi Knight: Mysteries of the Sith

Star Wars Jedi Knight: Dark Forces II

Star Wars Jedi Knight: Jedi Academy

Star Wars: Dark Forces

Star Wars: Knights of the Old Republic

Star Wars: The Old Republic

Steam

Super Meat Boy

Super Monday Night Combat

Symphony

System Requirements Lab

Team Fortress 2

TERA

The Secret World

Torchlight

Trine

Trine 2

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

VC80CRTRedist - 8.0.50727.6195

Wasteland Angel

Winamp

Winamp Detector Plug-in

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Photo Common

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

WinRAR 4.11 (32-bit)

.

==== Event Viewer Messages From Past Week ========

.

9/6/2012 9:54:33 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: mv91xx

9/6/2012 9:33:23 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for DeleteFlag with the following error: Access is denied.

9/6/2012 6:02:38 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Live ID Sign-in Assistant service to connect.

9/6/2012 6:02:38 PM, Error: Service Control Manager [7000] - The Windows Live ID Sign-in Assistant service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

9/6/2012 6:02:29 PM, Error: Service Control Manager [7031] - The Software Protection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

9/6/2012 6:02:28 PM, Error: Service Control Manager [7034] - The PnkBstrA service terminated unexpectedly. It has done this 1 time(s).

9/6/2012 6:02:28 PM, Error: Service Control Manager [7034] - The NVIDIA Update Service Daemon service terminated unexpectedly. It has done this 1 time(s).

9/6/2012 6:02:28 PM, Error: Service Control Manager [7034] - The Intel® PROSet Monitoring Service service terminated unexpectedly. It has done this 1 time(s).

9/6/2012 6:02:28 PM, Error: Service Control Manager [7034] - The AtherosSvc service terminated unexpectedly. It has done this 1 time(s).

9/6/2012 6:02:28 PM, Error: Service Control Manager [7031] - The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

9/6/2012 6:02:28 PM, Error: Service Control Manager [7031] - The Windows Live ID Sign-in Assistant service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

9/6/2012 6:00:12 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.

9/3/2012 3:08:42 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

.

==== End Of File ===========================

Edited September 7, 2012 by Maurice Naggar

[Maurice Naggar]

Hello Phyruss.

Going forward, please only Copy and Paste the contents of logs directly into the main-body of reply box.

Use NOTEPAD to open a log. Do a CTRL+A to Copy ALL

In the reply box, do a CTRL+V inside the reply box to Paste

[Maurice Naggar]

Step 1

Disable CD-ROM Emulation Software:

Please download the following tool DeFogger to your desktop.

Double click DeFogger to run the tool.

The application window will appear

Click the Disable button to disable your CD Emulation drivers.

Click Yes to continue

A 'Finished!' message will appear

Click OK

DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Do not re-enable these drivers until otherwise instructed.

Step 2

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 3

To show all files:

• Go to your Desktop
• Double-Click the Computer icon.
  
• From the menu options, Select Tools, then Folder Options.
  
• Next click the View tab.
  
• Locate and uncheck Hide file extensions for known file types.
  
• Locate and uncheck Hide protected operating system files (Recommended).
  
• Locate and click Show hidden files and folders and drives.
  
• Click Apply > OK.

Step 4

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Download aswMBR.exe ( 511KB ) to your desktop.

On Windows 7 or Vista, RIGHT click on aswMBR.exe and select Run As Administrator to start.

On Windows XP, double click the exe to start.

change the a-v scan to None.

uncheck trace disk IO calls

Click the "Scan" button to start scan

On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply

Do not click any FIX button. We just need an initial report.

Step 5

Please read carefully and follow these steps.

• Download TDSSKiller and save it to your Desktop.
  
• Double-Click on TDSSKiller.exe to run the application, then on Start Scan.
  If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.
  
• If an infected file is detected, the default action will be Cure, click on Continue.
  
  
• If a suspicious file is detected, the default action will be Skip, click on Continue.
  
• If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
  Skip and click on Continue
  
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  
  
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  
• If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  

Step 6

• Download & SAVE to your Desktop >> Tigzy's RogueKillerfrom here << or
  >> from here <<
  
• Quit all programs that you may have started.
  
• Please disconnect any USB or external drives from the computer before you run this scan!
  
• For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
  For Windows XP, double-click to start.
  
• Wait until Prescan has finished ...
  
• Then Click on Scan button at upper right of screen.
  
• Wait until the Status box shows "Scan Finished"
  
• Click on Report and copy/paste the content of the Notepad into your next reply.
  
• The log should be found in RKreport[1].txt on your Desktop
  
• Exit/Close RogueKiller

Do NOT click any FIX buttons !

Step 7

RE-Enable your antivirus program.

Then copy/paste the following into your post (in order):

• the contents of aswMBR report;
  
• the contents of TDSSKILLER log;
  
• the contents of RKReport log;
  

Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

[Phyrrus]

Alright, finished up the scans, mostly uneventful it seems, 'cept maybe some stuff with RougeKiller. Here are the logs. (and again, thanks)

aswMBR

----------------------------------------------------------------------------

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-09-07 18:05:06

-----------------------------

18:05:06.106 OS Version: Windows x64 6.1.7601 Service Pack 1

18:05:06.106 Number of processors: 4 586 0x2A07

18:05:06.106 ComputerName: PHYRRUS-PC UserName: Phyrrus

18:05:11.473 Initialize success

18:06:11.476 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2

18:06:11.476 Disk 0 Vendor: ST31000524AS JC4B Size: 953869MB BusType: 11

18:06:11.492 Disk 0 MBR read successfully

18:06:11.492 Disk 0 MBR scan

18:06:11.492 Disk 0 Windows 7 default MBR code

18:06:11.492 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048

18:06:11.507 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953767 MB offset 206848

18:06:11.523 Disk 0 scanning C:\Windows\system32\drivers

18:06:22.303 Service scanning

18:06:36.015 Modules scanning

18:06:36.015 Scan finished successfully

18:07:35.295 Disk 0 MBR has been saved successfully to "C:\Users\Phyrrus\Desktop\MBR.dat"

18:07:35.326 The log file has been saved successfully to "C:\Users\Phyrrus\Desktop\aswMBR.txt"

------------------------------------

TDSSKiller Log

------------------------------------

18:44:33.0396 5200 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48

18:44:33.0989 5200 ============================================================

18:44:33.0989 5200 Current date / time: 2012/09/07 18:44:33.0989

18:44:33.0989 5200 SystemInfo:

18:44:33.0989 5200

18:44:33.0989 5200 OS Version: 6.1.7601 ServicePack: 1.0

18:44:33.0989 5200 Product type: Workstation

18:44:33.0989 5200 ComputerName: PHYRRUS-PC

18:44:33.0989 5200 UserName: Phyrrus

18:44:33.0989 5200 Windows directory: C:\Windows

18:44:33.0989 5200 System windows directory: C:\Windows

18:44:33.0989 5200 Running under WOW64

18:44:33.0989 5200 Processor architecture: Intel x64

18:44:33.0989 5200 Number of processors: 4

18:44:33.0989 5200 Page size: 0x1000

18:44:33.0989 5200 Boot type: Normal boot

18:44:33.0989 5200 ============================================================

18:44:34.0737 5200 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

18:44:34.0737 5200 ============================================================

18:44:34.0737 5200 \Device\Harddisk0\DR0:

18:44:34.0753 5200 MBR partitions:

18:44:34.0753 5200 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

18:44:34.0753 5200 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800

18:44:34.0753 5200 ============================================================

18:44:34.0769 5200 C: <-> \Device\Harddisk0\DR0\Partition2

18:44:34.0769 5200 ============================================================

18:44:34.0769 5200 Initialize success

18:44:34.0769 5200 ============================================================

18:44:36.0578 4712 ============================================================

18:44:36.0578 4712 Scan started

18:44:36.0578 4712 Mode: Manual;

18:44:36.0578 4712 ============================================================

18:44:37.0171 4712 ================ Scan system memory ========================

18:44:37.0171 4712 System memory - ok

18:44:37.0171 4712 ================ Scan services =============================

18:44:37.0280 4712 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys

18:44:37.0280 4712 1394ohci - ok

18:44:37.0327 4712 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys

18:44:37.0327 4712 ACPI - ok

18:44:37.0343 4712 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

18:44:37.0343 4712 AcpiPmi - ok

18:44:37.0374 4712 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys

18:44:37.0374 4712 adp94xx - ok

18:44:37.0389 4712 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys

18:44:37.0405 4712 adpahci - ok

18:44:37.0421 4712 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys

18:44:37.0421 4712 adpu320 - ok

18:44:37.0436 4712 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

18:44:37.0436 4712 AeLookupSvc - ok

18:44:37.0530 4712 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys

18:44:37.0530 4712 AFD - ok

18:44:37.0545 4712 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys

18:44:37.0545 4712 agp440 - ok

18:44:37.0561 4712 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe

18:44:37.0561 4712 ALG - ok

18:44:37.0608 4712 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys

18:44:37.0608 4712 aliide - ok

18:44:37.0623 4712 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys

18:44:37.0623 4712 amdide - ok

18:44:37.0639 4712 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys

18:44:37.0639 4712 AmdK8 - ok

18:44:37.0655 4712 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys

18:44:37.0655 4712 AmdPPM - ok

18:44:37.0717 4712 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys

18:44:37.0717 4712 amdsata - ok

18:44:37.0733 4712 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys

18:44:37.0733 4712 amdsbs - ok

18:44:37.0748 4712 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys

18:44:37.0748 4712 amdxata - ok

18:44:37.0842 4712 [ 0A1CC583E8147004E4AD4625D7FBF88C ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

18:44:37.0842 4712 AntiVirSchedulerService - ok

18:44:37.0842 4712 [ C9A36EF935ACED86AEDF93E97E606911 ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

18:44:37.0842 4712 AntiVirService - ok

18:44:37.0889 4712 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys

18:44:37.0889 4712 AppID - ok

18:44:37.0904 4712 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll

18:44:37.0904 4712 AppIDSvc - ok

18:44:37.0967 4712 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll

18:44:37.0967 4712 Appinfo - ok

18:44:37.0982 4712 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll

18:44:37.0982 4712 AppMgmt - ok

18:44:37.0998 4712 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys

18:44:37.0998 4712 arc - ok

18:44:38.0013 4712 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys

18:44:38.0013 4712 arcsas - ok

18:44:38.0045 4712 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

18:44:38.0045 4712 AsyncMac - ok

18:44:38.0060 4712 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys

18:44:38.0060 4712 atapi - ok

18:44:38.0091 4712 [ AAAE03F8EDA817EC28C5445193EA8BF3 ] AthBTPort C:\Windows\system32\DRIVERS\btath_flt.sys

18:44:38.0091 4712 AthBTPort - ok

18:44:38.0123 4712 [ 4ECC791539F23982411864037D1AC8FC ] ATHDFU C:\Windows\system32\Drivers\AthDfu.sys

18:44:38.0123 4712 ATHDFU - ok

18:44:38.0154 4712 [ C34B28D6285EAD94B3A2FABA84E90DA5 ] AtherosSvc C:\Program Files (x86)\Bluetooth Suite\adminservice.exe

18:44:38.0154 4712 AtherosSvc - ok

18:44:38.0201 4712 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

18:44:38.0216 4712 AudioEndpointBuilder - ok

18:44:38.0216 4712 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll

18:44:38.0232 4712 AudioSrv - ok

18:44:38.0247 4712 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys

18:44:38.0247 4712 avgntflt - ok

18:44:38.0294 4712 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys

18:44:38.0294 4712 avipbb - ok

18:44:38.0310 4712 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys

18:44:38.0310 4712 avkmgr - ok

18:44:38.0357 4712 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll

18:44:38.0372 4712 AxInstSV - ok

18:44:38.0388 4712 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys

18:44:38.0388 4712 b06bdrv - ok

18:44:38.0419 4712 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

18:44:38.0419 4712 b57nd60a - ok

18:44:38.0450 4712 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll

18:44:38.0450 4712 BDESVC - ok

18:44:38.0466 4712 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys

18:44:38.0466 4712 Beep - ok

18:44:38.0513 4712 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll

18:44:38.0513 4712 BFE - ok

18:44:38.0637 4712 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll

18:44:38.0637 4712 BITS - ok

18:44:38.0669 4712 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

18:44:38.0669 4712 blbdrive - ok

18:44:38.0762 4712 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

18:44:38.0762 4712 bowser - ok

18:44:38.0778 4712 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys

18:44:38.0778 4712 BrFiltLo - ok

18:44:38.0778 4712 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys

18:44:38.0778 4712 BrFiltUp - ok

18:44:38.0825 4712 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll

18:44:38.0825 4712 Browser - ok

18:44:38.0856 4712 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys

18:44:38.0856 4712 Brserid - ok

18:44:38.0871 4712 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

18:44:38.0871 4712 BrSerWdm - ok

18:44:38.0887 4712 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

18:44:38.0887 4712 BrUsbMdm - ok

18:44:38.0918 4712 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

18:44:38.0918 4712 BrUsbSer - ok

18:44:38.0949 4712 [ 3B1B573371B206D1D5F25E0EF5FCD6D6 ] BTATH_A2DP C:\Windows\system32\drivers\btath_a2dp.sys

18:44:38.0949 4712 BTATH_A2DP - ok

18:44:38.0981 4712 [ 2D0446336D9DB55A742B999EC16ADF15 ] BTATH_BUS C:\Windows\system32\DRIVERS\btath_bus.sys

18:44:38.0981 4712 BTATH_BUS - ok

18:44:38.0996 4712 [ 9A9694BBEB2849EAF95DFFCAE5DF02AD ] BTATH_HCRP C:\Windows\system32\DRIVERS\btath_hcrp.sys

18:44:38.0996 4712 BTATH_HCRP - ok

18:44:38.0996 4712 [ FC0A8075DDF2E9C66267AEC91E0676F9 ] BTATH_LWFLT C:\Windows\system32\DRIVERS\btath_lwflt.sys

18:44:38.0996 4712 BTATH_LWFLT - ok

18:44:39.0012 4712 [ 5EB4815CBDDBA4541F2380DAE6E269AB ] BTATH_RCP C:\Windows\system32\DRIVERS\btath_rcp.sys

18:44:39.0012 4712 BTATH_RCP - ok

18:44:39.0027 4712 [ 0ECEDE7B33CFD9A52A61220ABBD09A50 ] BtFilter C:\Windows\system32\DRIVERS\btfilter.sys

18:44:39.0043 4712 BtFilter - ok

18:44:39.0090 4712 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys

18:44:39.0090 4712 BthEnum - ok

18:44:39.0105 4712 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys

18:44:39.0105 4712 BTHMODEM - ok

18:44:39.0121 4712 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys

18:44:39.0121 4712 BthPan - ok

18:44:39.0137 4712 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys

18:44:39.0137 4712 BTHPORT - ok

18:44:39.0168 4712 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll

18:44:39.0168 4712 bthserv - ok

18:44:39.0183 4712 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys

18:44:39.0183 4712 BTHUSB - ok

18:44:39.0215 4712 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

18:44:39.0215 4712 cdfs - ok

18:44:39.0277 4712 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys

18:44:39.0277 4712 cdrom - ok

18:44:39.0339 4712 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll

18:44:39.0339 4712 CertPropSvc - ok

18:44:39.0355 4712 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys

18:44:39.0355 4712 circlass - ok

18:44:39.0371 4712 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys

18:44:39.0371 4712 CLFS - ok

18:44:39.0511 4712 [ 4642B5A3E0D2E61D08163DE95FC5B949 ] CLKMSVC10_9EC60124 C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe

18:44:39.0511 4712 CLKMSVC10_9EC60124 - ok

18:44:39.0573 4712 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

18:44:39.0589 4712 clr_optimization_v2.0.50727_32 - ok

18:44:39.0620 4712 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

18:44:39.0620 4712 clr_optimization_v2.0.50727_64 - ok

18:44:39.0714 4712 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

18:44:39.0714 4712 clr_optimization_v4.0.30319_32 - ok

18:44:39.0745 4712 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

18:44:39.0745 4712 clr_optimization_v4.0.30319_64 - ok

18:44:39.0761 4712 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys

18:44:39.0761 4712 CmBatt - ok

18:44:39.0823 4712 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys

18:44:39.0823 4712 cmdide - ok

18:44:39.0870 4712 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys

18:44:39.0870 4712 CNG - ok

18:44:39.0885 4712 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys

18:44:39.0885 4712 Compbatt - ok

18:44:39.0948 4712 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys

18:44:39.0948 4712 CompositeBus - ok

18:44:39.0948 4712 COMSysApp - ok

18:44:39.0979 4712 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys

18:44:39.0979 4712 crcdisk - ok

18:44:40.0026 4712 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll

18:44:40.0026 4712 CryptSvc - ok

18:44:40.0088 4712 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys

18:44:40.0088 4712 CSC - ok

18:44:40.0119 4712 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll

18:44:40.0119 4712 CscService - ok

18:44:40.0135 4712 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll

18:44:40.0151 4712 DcomLaunch - ok

18:44:40.0166 4712 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll

18:44:40.0166 4712 defragsvc - ok

18:44:40.0213 4712 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

18:44:40.0213 4712 DfsC - ok

18:44:40.0229 4712 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll

18:44:40.0244 4712 Dhcp - ok

18:44:40.0244 4712 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys

18:44:40.0244 4712 discache - ok

18:44:40.0260 4712 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys

18:44:40.0260 4712 Disk - ok

18:44:40.0291 4712 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll

18:44:40.0291 4712 Dnscache - ok

18:44:40.0338 4712 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll

18:44:40.0338 4712 dot3svc - ok

18:44:40.0400 4712 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll

18:44:40.0400 4712 DPS - ok

18:44:40.0416 4712 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

18:44:40.0416 4712 drmkaud - ok

18:44:40.0447 4712 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

18:44:40.0463 4712 DXGKrnl - ok

18:44:40.0494 4712 [ 6BAFD9819D9FEC2EDBAEBC8493C711A4 ] e1cexpress C:\Windows\system32\DRIVERS\e1c62x64.sys

18:44:40.0494 4712 e1cexpress - ok

18:44:40.0509 4712 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll

18:44:40.0509 4712 EapHost - ok

18:44:40.0587 4712 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys

18:44:40.0603 4712 ebdrv - ok

18:44:40.0665 4712 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe

18:44:40.0681 4712 EFS - ok

18:44:40.0712 4712 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

18:44:40.0712 4712 ehRecvr - ok

18:44:40.0728 4712 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe

18:44:40.0728 4712 ehSched - ok

18:44:40.0743 4712 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys

18:44:40.0743 4712 elxstor - ok

18:44:40.0806 4712 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys

18:44:40.0806 4712 ErrDev - ok

18:44:40.0837 4712 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll

18:44:40.0837 4712 EventSystem - ok

18:44:40.0853 4712 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys

18:44:40.0853 4712 exfat - ok

18:44:40.0868 4712 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys

18:44:40.0868 4712 fastfat - ok

18:44:40.0899 4712 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe

18:44:40.0915 4712 Fax - ok

18:44:40.0915 4712 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys

18:44:40.0915 4712 fdc - ok

18:44:40.0931 4712 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll

18:44:40.0931 4712 fdPHost - ok

18:44:40.0931 4712 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll

18:44:40.0931 4712 FDResPub - ok

18:44:40.0946 4712 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

18:44:40.0946 4712 FileInfo - ok

18:44:40.0962 4712 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

18:44:40.0962 4712 Filetrace - ok

18:44:40.0977 4712 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys

18:44:40.0977 4712 flpydisk - ok

18:44:41.0040 4712 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

18:44:41.0055 4712 FltMgr - ok

18:44:41.0087 4712 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll

18:44:41.0087 4712 FontCache - ok

18:44:41.0149 4712 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

18:44:41.0149 4712 FontCache3.0.0.0 - ok

18:44:41.0165 4712 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

18:44:41.0165 4712 FsDepends - ok

18:44:41.0196 4712 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

18:44:41.0196 4712 Fs_Rec - ok

18:44:41.0258 4712 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

18:44:41.0258 4712 fvevol - ok

18:44:41.0274 4712 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys

18:44:41.0289 4712 gagp30kx - ok

18:44:41.0305 4712 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll

18:44:41.0321 4712 gpsvc - ok

18:44:41.0321 4712 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

18:44:41.0321 4712 hcw85cir - ok

18:44:41.0399 4712 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

18:44:41.0399 4712 HdAudAddService - ok

18:44:41.0414 4712 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys

18:44:41.0414 4712 HDAudBus - ok

18:44:41.0430 4712 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys

18:44:41.0430 4712 HidBatt - ok

18:44:41.0430 4712 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys

18:44:41.0445 4712 HidBth - ok

18:44:41.0461 4712 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys

18:44:41.0461 4712 HidIr - ok

18:44:41.0477 4712 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll

18:44:41.0477 4712 hidserv - ok

18:44:41.0492 4712 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys

18:44:41.0492 4712 HidUsb - ok

18:44:41.0539 4712 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll

18:44:41.0539 4712 hkmsvc - ok

18:44:41.0601 4712 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll

18:44:41.0601 4712 HomeGroupListener - ok

18:44:41.0648 4712 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

18:44:41.0648 4712 HomeGroupProvider - ok

18:44:41.0664 4712 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys

18:44:41.0664 4712 HpSAMD - ok

18:44:41.0695 4712 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys

18:44:41.0711 4712 HTTP - ok

18:44:41.0757 4712 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

18:44:41.0757 4712 hwpolicy - ok

18:44:41.0773 4712 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys

18:44:41.0773 4712 i8042prt - ok

18:44:41.0789 4712 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

18:44:41.0789 4712 iaStorV - ok

18:44:41.0835 4712 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

18:44:41.0835 4712 idsvc - ok

18:44:41.0851 4712 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys

18:44:41.0851 4712 iirsp - ok

18:44:41.0867 4712 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll

18:44:41.0882 4712 IKEEXT - ok

18:44:41.0929 4712 [ DAB7318CCFA8081200D5B7B486793F74 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys

18:44:41.0929 4712 IntcAzAudAddService - ok

18:44:41.0960 4712 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys

18:44:41.0960 4712 intelide - ok

18:44:41.0976 4712 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

18:44:41.0976 4712 intelppm - ok

18:44:42.0038 4712 [ 068EC06F3B6DD7B81B365D8FD2CE27E6 ] Intel® PROSet Monitoring Service C:\Windows\system32\IProsetMonitor.exe

18:44:42.0038 4712 Intel® PROSet Monitoring Service - ok

18:44:42.0054 4712 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll

18:44:42.0069 4712 IPBusEnum - ok

18:44:42.0101 4712 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

18:44:42.0101 4712 IpFilterDriver - ok

18:44:42.0163 4712 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

18:44:42.0179 4712 iphlpsvc - ok

18:44:42.0179 4712 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys

18:44:42.0179 4712 IPMIDRV - ok

18:44:42.0194 4712 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys

18:44:42.0194 4712 IPNAT - ok

18:44:42.0210 4712 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

18:44:42.0210 4712 IRENUM - ok

18:44:42.0225 4712 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys

18:44:42.0225 4712 isapnp - ok

18:44:42.0241 4712 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys

18:44:42.0241 4712 iScsiPrt - ok

18:44:42.0272 4712 [ A577F5DB30F70ECA9708C07C2EACBD9D ] JRAID C:\Windows\system32\DRIVERS\jraid.sys

18:44:42.0272 4712 JRAID - ok

18:44:42.0272 4712 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys

18:44:42.0272 4712 kbdclass - ok

18:44:42.0288 4712 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys

18:44:42.0288 4712 kbdhid - ok

18:44:42.0288 4712 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe

18:44:42.0303 4712 KeyIso - ok

18:44:42.0319 4712 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

18:44:42.0319 4712 KSecDD - ok

18:44:42.0350 4712 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

18:44:42.0350 4712 KSecPkg - ok

18:44:42.0366 4712 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

18:44:42.0366 4712 ksthunk - ok

18:44:42.0381 4712 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll

18:44:42.0381 4712 KtmRm - ok

18:44:42.0413 4712 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll

18:44:42.0413 4712 LanmanServer - ok

18:44:42.0459 4712 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

18:44:42.0459 4712 LanmanWorkstation - ok

18:44:42.0584 4712 [ 19EFF704CD16DD0429E128431F1DD631 ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe

18:44:42.0584 4712 LBTServ - ok

18:44:42.0631 4712 [ FA529FB35694C24BF98A9EF67C1CD9D0 ] LGBusEnum C:\Windows\system32\drivers\LGBusEnum.sys

18:44:42.0631 4712 LGBusEnum - ok

18:44:42.0678 4712 [ 94B29CE153765E768F004FB3440BE2B0 ] LGVirHid C:\Windows\system32\drivers\LGVirHid.sys

18:44:42.0678 4712 LGVirHid - ok

18:44:42.0740 4712 [ 1074C77A47835E03C15BF92452F9A750 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys

18:44:42.0740 4712 LHidFilt - ok

18:44:42.0756 4712 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

18:44:42.0756 4712 lltdio - ok

18:44:42.0771 4712 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll

18:44:42.0771 4712 lltdsvc - ok

18:44:42.0803 4712 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll

18:44:42.0803 4712 lmhosts - ok

18:44:42.0803 4712 [ 96999C364C649E2866A268F7420A304A ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys

18:44:42.0803 4712 LMouFilt - ok

18:44:42.0834 4712 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys

18:44:42.0834 4712 LSI_FC - ok

18:44:42.0849 4712 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys

18:44:42.0849 4712 LSI_SAS - ok

18:44:42.0849 4712 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys

18:44:42.0865 4712 LSI_SAS2 - ok

18:44:42.0881 4712 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys

18:44:42.0881 4712 LSI_SCSI - ok

18:44:42.0896 4712 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys

18:44:42.0896 4712 luafv - ok

18:44:42.0974 4712 [ 8B03202C731A0B967927EB7E5B2E470C ] mbamchameleon C:\Windows\system32\drivers\mbamchameleon.sys

18:44:42.0974 4712 mbamchameleon - ok

18:44:43.0005 4712 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

18:44:43.0021 4712 Mcx2Svc - ok

18:44:43.0037 4712 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys

18:44:43.0037 4712 megasas - ok

18:44:43.0052 4712 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys

18:44:43.0052 4712 MegaSR - ok

18:44:43.0068 4712 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys

18:44:43.0068 4712 MEIx64 - ok

18:44:43.0068 4712 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll

18:44:43.0083 4712 MMCSS - ok

18:44:43.0099 4712 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys

18:44:43.0099 4712 Modem - ok

18:44:43.0115 4712 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys

18:44:43.0115 4712 monitor - ok

18:44:43.0161 4712 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys

18:44:43.0161 4712 mouclass - ok

18:44:43.0177 4712 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

18:44:43.0177 4712 mouhid - ok

18:44:43.0239 4712 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

18:44:43.0239 4712 mountmgr - ok

18:44:43.0302 4712 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys

18:44:43.0302 4712 mpio - ok

18:44:43.0317 4712 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

18:44:43.0317 4712 mpsdrv - ok

18:44:43.0380 4712 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll

18:44:43.0380 4712 MpsSvc - ok

18:44:43.0442 4712 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

18:44:43.0442 4712 MRxDAV - ok

18:44:43.0458 4712 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

18:44:43.0458 4712 mrxsmb - ok

18:44:43.0473 4712 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

18:44:43.0473 4712 mrxsmb10 - ok

18:44:43.0489 4712 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

18:44:43.0489 4712 mrxsmb20 - ok

18:44:43.0489 4712 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys

18:44:43.0489 4712 msahci - ok

18:44:43.0520 4712 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys

18:44:43.0520 4712 msdsm - ok

18:44:43.0536 4712 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe

18:44:43.0536 4712 MSDTC - ok

18:44:43.0551 4712 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys

18:44:43.0551 4712 Msfs - ok

18:44:43.0567 4712 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

18:44:43.0567 4712 mshidkmdf - ok

18:44:43.0583 4712 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

18:44:43.0583 4712 msisadrv - ok

18:44:43.0598 4712 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

18:44:43.0598 4712 MSiSCSI - ok

18:44:43.0598 4712 msiserver - ok

18:44:43.0629 4712 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

18:44:43.0629 4712 MSKSSRV - ok

18:44:43.0645 4712 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

18:44:43.0645 4712 MSPCLOCK - ok

18:44:43.0645 4712 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

18:44:43.0645 4712 MSPQM - ok

18:44:43.0692 4712 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

18:44:43.0692 4712 MsRPC - ok

18:44:43.0707 4712 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys

18:44:43.0707 4712 mssmbios - ok

18:44:43.0723 4712 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

18:44:43.0723 4712 MSTEE - ok

18:44:43.0739 4712 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys

18:44:43.0739 4712 MTConfig - ok

18:44:43.0770 4712 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys

18:44:43.0770 4712 Mup - ok

18:44:43.0941 4712 mv91xx - ok

18:44:44.0004 4712 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll

18:44:44.0019 4712 napagent - ok

18:44:44.0035 4712 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

18:44:44.0035 4712 NativeWifiP - ok

18:44:44.0113 4712 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys

18:44:44.0113 4712 NDIS - ok

18:44:44.0129 4712 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

18:44:44.0129 4712 NdisCap - ok

18:44:44.0144 4712 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

18:44:44.0160 4712 NdisTapi - ok

18:44:44.0207 4712 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

18:44:44.0207 4712 Ndisuio - ok

18:44:44.0253 4712 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

18:44:44.0253 4712 NdisWan - ok

18:44:44.0300 4712 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

18:44:44.0300 4712 NDProxy - ok

18:44:44.0363 4712 [ D4F51E88C71BF8F06EA1BE320B0BB75B ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll

18:44:44.0378 4712 Net Driver HPZ12 - ok

18:44:44.0378 4712 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

18:44:44.0378 4712 NetBIOS - ok

18:44:44.0441 4712 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

18:44:44.0441 4712 NetBT - ok

18:44:44.0456 4712 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe

18:44:44.0456 4712 Netlogon - ok

18:44:44.0487 4712 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll

18:44:44.0487 4712 Netman - ok

18:44:44.0503 4712 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll

18:44:44.0503 4712 netprofm - ok

18:44:44.0534 4712 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

18:44:44.0534 4712 NetTcpPortSharing - ok

18:44:44.0550 4712 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys

18:44:44.0550 4712 nfrd960 - ok

18:44:44.0597 4712 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll

18:44:44.0597 4712 NlaSvc - ok

18:44:44.0612 4712 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys

18:44:44.0612 4712 Npfs - ok

18:44:44.0612 4712 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll

18:44:44.0628 4712 nsi - ok

18:44:44.0628 4712 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

18:44:44.0628 4712 nsiproxy - ok

18:44:44.0690 4712 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

18:44:44.0706 4712 Ntfs - ok

18:44:44.0721 4712 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys

18:44:44.0721 4712 Null - ok

18:44:44.0753 4712 [ 786DB821BFD57C0551DBBE4F75384A7D ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys

18:44:44.0753 4712 nusb3hub - ok

18:44:44.0784 4712 [ DAA8005CAF745042BB427A1ED7433354 ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys

18:44:44.0784 4712 nusb3xhc - ok

18:44:44.0846 4712 [ 102806B360D0E6BC6E55BF47EF655D43 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys

18:44:44.0846 4712 NVHDA - ok

18:44:45.0049 4712 [ BA0B4889C40380A01ECDF84C227A89C9 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys

18:44:45.0111 4712 nvlddmkm - ok

18:44:45.0127 4712 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys

18:44:45.0127 4712 nvraid - ok

18:44:45.0189 4712 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys

18:44:45.0189 4712 nvstor - ok

18:44:45.0236 4712 [ 06633CF95BEA62164C3BFCA24BCE6B11 ] nvsvc C:\Windows\system32\nvvsvc.exe

18:44:45.0236 4712 nvsvc - ok

18:44:45.0314 4712 [ 53B629CE436B110C5689C2F6439E567B ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

18:44:45.0330 4712 nvUpdatusService - ok

18:44:45.0361 4712 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

18:44:45.0361 4712 nv_agp - ok

18:44:45.0408 4712 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

18:44:45.0408 4712 ohci1394 - ok

18:44:45.0439 4712 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

18:44:45.0439 4712 p2pimsvc - ok

18:44:45.0470 4712 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll

18:44:45.0470 4712 p2psvc - ok

18:44:45.0486 4712 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys

18:44:45.0501 4712 Parport - ok

18:44:45.0548 4712 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys

18:44:45.0548 4712 partmgr - ok

18:44:45.0564 4712 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll

18:44:45.0564 4712 PcaSvc - ok

18:44:45.0579 4712 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys

18:44:45.0579 4712 pci - ok

18:44:45.0595 4712 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys

18:44:45.0595 4712 pciide - ok

18:44:45.0626 4712 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys

18:44:45.0626 4712 pcmcia - ok

18:44:45.0642 4712 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys

18:44:45.0642 4712 pcw - ok

18:44:45.0657 4712 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys

18:44:45.0657 4712 PEAUTH - ok

18:44:45.0689 4712 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll

18:44:45.0704 4712 PeerDistSvc - ok

18:44:45.0751 4712 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe

18:44:45.0751 4712 PerfHost - ok

18:44:45.0813 4712 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll

18:44:45.0829 4712 pla - ok

18:44:45.0860 4712 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

18:44:45.0860 4712 PlugPlay - ok

18:44:45.0907 4712 [ 9A80707D8B6C1806531BFD7399B3CC76 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll

18:44:45.0907 4712 Pml Driver HPZ12 - ok

18:44:45.0923 4712 PnkBstrA - ok

18:44:45.0938 4712 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

18:44:45.0938 4712 PNRPAutoReg - ok

18:44:45.0954 4712 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

18:44:45.0969 4712 PNRPsvc - ok

18:44:45.0969 4712 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

18:44:45.0985 4712 PolicyAgent - ok

18:44:45.0985 4712 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll

18:44:46.0001 4712 Power - ok

18:44:46.0047 4712 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

18:44:46.0047 4712 PptpMiniport - ok

18:44:46.0079 4712 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys

18:44:46.0079 4712 Processor - ok

18:44:46.0125 4712 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll

18:44:46.0125 4712 ProfSvc - ok

18:44:46.0141 4712 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe

18:44:46.0141 4712 ProtectedStorage - ok

18:44:46.0203 4712 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys

18:44:46.0203 4712 Psched - ok

18:44:46.0235 4712 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys

18:44:46.0250 4712 ql2300 - ok

18:44:46.0281 4712 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys

18:44:46.0297 4712 ql40xx - ok

18:44:46.0313 4712 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll

18:44:46.0313 4712 QWAVE - ok

18:44:46.0328 4712 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

18:44:46.0328 4712 QWAVEdrv - ok

18:44:46.0344 4712 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

18:44:46.0344 4712 RasAcd - ok

18:44:46.0359 4712 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

18:44:46.0359 4712 RasAgileVpn - ok

18:44:46.0375 4712 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll

18:44:46.0375 4712 RasAuto - ok

18:44:46.0375 4712 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

18:44:46.0375 4712 Rasl2tp - ok

18:44:46.0406 4712 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll

18:44:46.0406 4712 RasMan - ok

18:44:46.0422 4712 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

18:44:46.0422 4712 RasPppoe - ok

18:44:46.0437 4712 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

18:44:46.0437 4712 RasSstp - ok

18:44:46.0500 4712 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

18:44:46.0500 4712 rdbss - ok

18:44:46.0500 4712 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys

18:44:46.0500 4712 rdpbus - ok

18:44:46.0515 4712 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

18:44:46.0515 4712 RDPCDD - ok

18:44:46.0593 4712 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys

18:44:46.0593 4712 RDPDR - ok

18:44:46.0609 4712 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

18:44:46.0609 4712 RDPENCDD - ok

18:44:46.0625 4712 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

18:44:46.0625 4712 RDPREFMP - ok

18:44:46.0687 4712 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys

18:44:46.0703 4712 RdpVideoMiniport - ok

18:44:46.0749 4712 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

18:44:46.0749 4712 RDPWD - ok

18:44:46.0812 4712 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

18:44:46.0812 4712 rdyboost - ok

18:44:46.0827 4712 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll

18:44:46.0843 4712 RemoteAccess - ok

18:44:46.0859 4712 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll

18:44:46.0859 4712 RemoteRegistry - ok

18:44:46.0874 4712 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys

18:44:46.0874 4712 RFCOMM - ok

18:44:46.0890 4712 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

18:44:46.0890 4712 RpcEptMapper - ok

18:44:46.0905 4712 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe

18:44:46.0905 4712 RpcLocator - ok

18:44:46.0921 4712 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll

18:44:46.0937 4712 RpcSs - ok

18:44:46.0937 4712 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

18:44:46.0937 4712 rspndr - ok

18:44:46.0999 4712 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys

18:44:46.0999 4712 s3cap - ok

18:44:47.0015 4712 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe

18:44:47.0015 4712 SamSs - ok

18:44:47.0046 4712 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

18:44:47.0046 4712 sbp2port - ok

18:44:47.0061 4712 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll

18:44:47.0061 4712 SCardSvr - ok

18:44:47.0108 4712 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

18:44:47.0108 4712 scfilter - ok

18:44:47.0139 4712 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll

18:44:47.0139 4712 Schedule - ok

18:44:47.0202 4712 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll

18:44:47.0202 4712 SCPolicySvc - ok

18:44:47.0217 4712 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll

18:44:47.0217 4712 SDRSVC - ok

18:44:47.0233 4712 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys

18:44:47.0233 4712 secdrv - ok

18:44:47.0280 4712 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll

18:44:47.0280 4712 seclogon - ok

18:44:47.0311 4712 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll

18:44:47.0311 4712 SENS - ok

18:44:47.0327 4712 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll

18:44:47.0327 4712 SensrSvc - ok

18:44:47.0342 4712 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys

18:44:47.0342 4712 Serenum - ok

18:44:47.0373 4712 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys

18:44:47.0373 4712 Serial - ok

18:44:47.0373 4712 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys

18:44:47.0389 4712 sermouse - ok

18:44:47.0405 4712 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll

18:44:47.0405 4712 SessionEnv - ok

18:44:47.0451 4712 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

18:44:47.0451 4712 sffdisk - ok

18:44:47.0451 4712 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

18:44:47.0451 4712 sffp_mmc - ok

18:44:47.0467 4712 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

18:44:47.0467 4712 sffp_sd - ok

18:44:47.0483 4712 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys

18:44:47.0483 4712 sfloppy - ok

18:44:47.0498 4712 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll

18:44:47.0498 4712 SharedAccess - ok

18:44:47.0545 4712 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll

18:44:47.0545 4712 ShellHWDetection - ok

18:44:47.0576 4712 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys

18:44:47.0576 4712 SiSRaid2 - ok

18:44:47.0576 4712 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys

18:44:47.0576 4712 SiSRaid4 - ok

18:44:47.0592 4712 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys

18:44:47.0592 4712 Smb - ok

18:44:47.0607 4712 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe

18:44:47.0607 4712 SNMPTRAP - ok

18:44:47.0623 4712 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys

18:44:47.0623 4712 spldr - ok

18:44:47.0670 4712 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe

18:44:47.0685 4712 Spooler - ok

18:44:47.0779 4712 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe

18:44:47.0795 4712 sppsvc - ok

18:44:47.0810 4712 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll

18:44:47.0810 4712 sppuinotify - ok

18:44:47.0841 4712 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys

18:44:47.0841 4712 srv - ok

18:44:47.0841 4712 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

18:44:47.0857 4712 srv2 - ok

18:44:47.0857 4712 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

18:44:47.0857 4712 srvnet - ok

18:44:47.0873 4712 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

18:44:47.0873 4712 SSDPSRV - ok

18:44:47.0888 4712 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll

18:44:47.0888 4712 SstpSvc - ok

18:44:47.0935 4712 Steam Client Service - ok

18:44:48.0060 4712 [ C354621B6B94E10AE7F5CDBE745FEB86 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

18:44:48.0060 4712 Stereo Service - ok

18:44:48.0075 4712 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys

18:44:48.0075 4712 stexstor - ok

18:44:48.0122 4712 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys

18:44:48.0122 4712 StillCam - ok

18:44:48.0200 4712 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll

18:44:48.0216 4712 stisvc - ok

18:44:48.0216 4712 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys

18:44:48.0216 4712 storflt - ok

18:44:48.0278 4712 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys

18:44:48.0278 4712 storvsc - ok

18:44:48.0294 4712 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys

18:44:48.0294 4712 swenum - ok

18:44:48.0309 4712 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll

18:44:48.0309 4712 swprv - ok

18:44:48.0309 4712 Synth3dVsc - ok

18:44:48.0403 4712 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll

18:44:48.0419 4712 SysMain - ok

18:44:48.0465 4712 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll

18:44:48.0481 4712 TabletInputService - ok

18:44:48.0543 4712 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll

18:44:48.0543 4712 TapiSrv - ok

18:44:48.0543 4712 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll

18:44:48.0559 4712 TBS - ok

18:44:48.0621 4712 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys

18:44:48.0637 4712 Tcpip - ok

18:44:48.0699 4712 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

18:44:48.0715 4712 TCPIP6 - ok

18:44:48.0777 4712 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

18:44:48.0777 4712 tcpipreg - ok

18:44:48.0793 4712 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

18:44:48.0793 4712 TDPIPE - ok

18:44:48.0840 4712 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

18:44:48.0840 4712 TDTCP - ok

18:44:48.0887 4712 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

18:44:48.0887 4712 tdx - ok

18:44:48.0918 4712 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys

18:44:48.0918 4712 TermDD - ok

18:44:48.0933 4712 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll

18:44:48.0933 4712 TermService - ok

18:44:48.0949 4712 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll

18:44:48.0949 4712 Themes - ok

18:44:48.0965 4712 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll

18:44:48.0965 4712 THREADORDER - ok

18:44:48.0980 4712 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll

18:44:48.0980 4712 TrkWks - ok

18:44:48.0996 4712 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

18:44:49.0011 4712 TrustedInstaller - ok

18:44:49.0121 4712 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

18:44:49.0121 4712 tssecsrv - ok

18:44:49.0136 4712 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys

18:44:49.0136 4712 TsUsbFlt - ok

18:44:49.0136 4712 tsusbhub - ok

18:44:49.0199 4712 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

18:44:49.0214 4712 tunnel - ok

18:44:49.0214 4712 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys

18:44:49.0214 4712 uagp35 - ok

18:44:49.0261 4712 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

18:44:49.0277 4712 udfs - ok

18:44:49.0292 4712 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe

18:44:49.0292 4712 UI0Detect - ok

18:44:49.0308 4712 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

18:44:49.0308 4712 uliagpkx - ok

18:44:49.0355 4712 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys

18:44:49.0370 4712 umbus - ok

18:44:49.0370 4712 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys

18:44:49.0370 4712 UmPass - ok

18:44:49.0386 4712 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll

18:44:49.0386 4712 UmRdpService - ok

18:44:49.0401 4712 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll

18:44:49.0417 4712 upnphost - ok

18:44:49.0448 4712 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

18:44:49.0448 4712 usbccgp - ok

18:44:49.0464 4712 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys

18:44:49.0479 4712 usbcir - ok

18:44:49.0479 4712 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys

18:44:49.0495 4712 usbehci - ok

18:44:49.0511 4712 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

18:44:49.0511 4712 usbhub - ok

18:44:49.0526 4712 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys

18:44:49.0526 4712 usbohci - ok

18:44:49.0573 4712 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

18:44:49.0589 4712 usbprint - ok

18:44:49.0604 4712 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

18:44:49.0604 4712 USBSTOR - ok

18:44:49.0604 4712 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys

18:44:49.0604 4712 usbuhci - ok

18:44:49.0620 4712 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll

18:44:49.0620 4712 UxSms - ok

18:44:49.0635 4712 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe

18:44:49.0635 4712 VaultSvc - ok

18:44:49.0651 4712 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys

18:44:49.0651 4712 vdrvroot - ok

18:44:49.0713 4712 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe

18:44:49.0713 4712 vds - ok

18:44:49.0729 4712 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

18:44:49.0729 4712 vga - ok

18:44:49.0729 4712 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys

18:44:49.0729 4712 VgaSave - ok

18:44:49.0729 4712 VGPU - ok

18:44:49.0807 4712 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys

18:44:49.0807 4712 vhdmp - ok

18:44:49.0823 4712 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys

18:44:49.0823 4712 viaide - ok

18:44:49.0838 4712 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys

18:44:49.0838 4712 vmbus - ok

18:44:49.0854 4712 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys

18:44:49.0869 4712 VMBusHID - ok

18:44:49.0885 4712 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys

18:44:49.0885 4712 volmgr - ok

18:44:49.0947 4712 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

18:44:49.0947 4712 volmgrx - ok

18:44:49.0963 4712 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys

18:44:49.0963 4712 volsnap - ok

18:44:49.0979 4712 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys

18:44:49.0994 4712 vsmraid - ok

18:44:50.0072 4712 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe

18:44:50.0088 4712 VSS - ok

18:44:50.0103 4712 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys

18:44:50.0103 4712 vwifibus - ok

18:44:50.0119 4712 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll

18:44:50.0119 4712 W32Time - ok

18:44:50.0135 4712 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys

18:44:50.0135 4712 WacomPen - ok

18:44:50.0150 4712 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

18:44:50.0150 4712 WANARP - ok

18:44:50.0150 4712 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

18:44:50.0150 4712 Wanarpv6 - ok

18:44:50.0197 4712 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

18:44:50.0213 4712 WatAdminSvc - ok

18:44:50.0291 4712 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe

18:44:50.0291 4712 wbengine - ok

18:44:50.0306 4712 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

18:44:50.0322 4712 WbioSrvc - ok

18:44:50.0369 4712 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll

18:44:50.0369 4712 wcncsvc - ok

18:44:50.0384 4712 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

18:44:50.0384 4712 WcsPlugInService - ok

18:44:50.0400 4712 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys

18:44:50.0400 4712 Wd - ok

18:44:50.0462 4712 [ A3D04EBF5227886029B4532F20D026F7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys

18:44:50.0462 4712 WDC_SAM - ok

18:44:50.0478 4712 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

18:44:50.0493 4712 Wdf01000 - ok

18:44:50.0493 4712 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll

18:44:50.0493 4712 WdiServiceHost - ok

18:44:50.0509 4712 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll

18:44:50.0509 4712 WdiSystemHost - ok

18:44:50.0525 4712 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll

18:44:50.0525 4712 WebClient - ok

18:44:50.0525 4712 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll

18:44:50.0525 4712 Wecsvc - ok

18:44:50.0540 4712 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll

18:44:50.0556 4712 wercplsupport - ok

18:44:50.0571 4712 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll

18:44:50.0571 4712 WerSvc - ok

18:44:50.0587 4712 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

18:44:50.0587 4712 WfpLwf - ok

18:44:50.0603 4712 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys

18:44:50.0603 4712 WIMMount - ok

18:44:50.0618 4712 WinDefend - ok

18:44:50.0618 4712 WinHttpAutoProxySvc - ok

18:44:50.0665 4712 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

18:44:50.0665 4712 Winmgmt - ok

18:44:50.0743 4712 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll

18:44:50.0759 4712 WinRM - ok

18:44:50.0821 4712 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys

18:44:50.0821 4712 WinUsb - ok

18:44:50.0852 4712 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll

18:44:50.0852 4712 Wlansvc - ok

18:44:50.0961 4712 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

18:44:50.0977 4712 wlidsvc - ok

18:44:51.0024 4712 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys

18:44:51.0024 4712 WmiAcpi - ok

18:44:51.0039 4712 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

18:44:51.0039 4712 wmiApSrv - ok

18:44:51.0055 4712 WMPNetworkSvc - ok

18:44:51.0071 4712 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll

18:44:51.0071 4712 WPCSvc - ok

18:44:51.0117 4712 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

18:44:51.0117 4712 WPDBusEnum - ok

18:44:51.0149 4712 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

18:44:51.0149 4712 ws2ifsl - ok

18:44:51.0164 4712 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll

18:44:51.0164 4712 wscsvc - ok

18:44:51.0164 4712 WSearch - ok

18:44:51.0258 4712 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll

18:44:51.0273 4712 wuauserv - ok

18:44:51.0320 4712 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

18:44:51.0320 4712 WudfPf - ok

18:44:51.0336 4712 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

18:44:51.0336 4712 WUDFRd - ok

18:44:51.0383 4712 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

18:44:51.0383 4712 wudfsvc - ok

18:44:51.0398 4712 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll

18:44:51.0398 4712 WwanSvc - ok

18:44:51.0461 4712 [ 2EE48CFCE7CA8E0DB4C44C7476C0943B ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys

18:44:51.0461 4712 xusb21 - ok

18:44:51.0507 4712 ================ Scan global ===============================

18:44:51.0523 4712 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll

18:44:51.0539 4712 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll

18:44:51.0554 4712 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll

18:44:51.0585 4712 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll

18:44:51.0585 4712 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe

18:44:51.0601 4712 [Global] - ok

18:44:51.0601 4712 ================ Scan MBR ==================================

18:44:51.0601 4712 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0

18:44:51.0835 4712 \Device\Harddisk0\DR0 - ok

18:44:51.0835 4712 ================ Scan VBR ==================================

18:44:51.0835 4712 [ 089AD7178127014F9176D3C52319A2E5 ] \Device\Harddisk0\DR0\Partition1

18:44:51.0835 4712 \Device\Harddisk0\DR0\Partition1 - ok

18:44:51.0866 4712 [ 36C739868F699C9689E05E092BABD214 ] \Device\Harddisk0\DR0\Partition2

18:44:51.0866 4712 \Device\Harddisk0\DR0\Partition2 - ok

18:44:51.0866 4712 ============================================================

18:44:51.0866 4712 Scan finished

18:44:51.0866 4712 ============================================================

18:44:51.0866 0792 Detected object count: 0

18:44:51.0866 0792 Actual detected object count: 0

-----------------------------------------------

RKReport

-----------------------------------------------

RogueKiller V8.0.2 [08/31/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Phyrrus [Admin rights]

Mode : Scan -- Date : 09/07/2012 18:46:16

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 7 ¤¤¤

[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND

[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND

[HJ] HKLM\[...]\Wow6432Node\Security Center : AntiVirusDisableNotify (1) -> FOUND

[HJ] HKLM\[...]\Wow6432Node\Security Center : FirewallDisableNotify (1) -> FOUND

[HJ] HKLM\[...]\Wow6432Node\Security Center : UpdatesDisableNotify (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST31000524AS ATA Device +++++

--- User ---

[MBR] cc698a7bc60c892e75f82b9661bb0a2e

[bSP] 65aeb7ed3264fd81f2c9b11a83186c48 : Windows 7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 953767 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

[Maurice Naggar]

Let's follow-up with this:

• Disable your anti-virus program, How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  
• Please disconnect any USB or external drives from the computer before you run this scan!
  
• Right-Click RogueKiller and select Run as Administrator.
  
• Wait until Prescan finishes.
  
• On the RogueKiller console, click the Registry tab.
  
• Then press the Delete button.
  
• When done, logoff & Restart the system.
• The log will be found as RKreport
  Copy & Paste the contents into next reply.

Step 2

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Please download Rkill by Grinler and save it to your desktop.

• 
  

Link 2
Link 3
Link 4
Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7, right-click on it and Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
If the tool does not run from any of the links provided, please let me know.
If your antivirus program gives a prompt message, respond positive to allow RKILL to run.
If a malware-rogue gives a message regarding RKILL, proceed forward to running RKILL

IF you still have a problem running RKILL, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.

Step 3

Turn off your Avira antivirus

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Save and close any work documents, close any apps that you started.

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.

Do a FULL Scan.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

When all done, Copy and Paste the MBAM scan log.

Re-Enable your Avira realtime protection.

Edited September 8, 2012 by Maurice Naggar

[Phyrrus]

Ok, there was nothing to report/delete in the registry tab for RougeKiller, so here's the other reports. (I was actually able to install Malwarebytes this time!)

Rkill Log

====================================

Rkill 2.3.9 by Lawrence Abrams (Grinler)

http://www.bleepingcomputer.com/

Copyright 2008-2012 BleepingComputer.com

More Information about Rkill can be found at this link:

http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 09/08/2012 09:50:32 AM in x64 mode.

Windows Version: Windows 7 Ultimate Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* Explorer Policy Removed: NoActiveDesktopChanges [HKLM]

Backup Registry file created at:

C:\Users\Phyrrus\Desktop\rkill\rkill-09-08-2012-09-50-36.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* Windows Defender (WinDefend) is not Running.

Startup Type set to: Disabled

* Security Center (wscsvc) is not Running.

Startup Type set to: Disabled

Searching for Missing Digital Signatures:

* No issues found.

Program finished at: 09/08/2012 09:50:37 AM

Execution time: 0 hours(s), 0 minute(s), and 4 seconds(s)

mbam Log

================================================

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.09.08.04

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Phyrrus :: PHYRRUS-PC [administrator]

9/8/2012 9:54:14 AM

mbam-log-2012-09-08 (09-54-14).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 226651

Time elapsed: 4 minute(s), 22 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 3

HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 1

C:\Users\Phyrrus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum (Rogue.LiveSecurityPlatinum) -> Quarantined and deleted successfully.

Files Detected: 1

C:\Users\Phyrrus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum\Live Security Platinum.lnk (Rogue.LiveSecurityPlatinum) -> Quarantined and deleted successfully.

(end)

[Maurice Naggar]

That is very good. Follow up with a full scan, and a new log.

Temporarily disable your antivirus so that it does not interfere.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Save and close any work documents, close any apps that you started.

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.

Do a FULL Scan.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

When all done, Copy and Paste the MBAM scan log.

Re-enable your antivirus.

Download >> Farbar's Service Scanner utility << and Save to your Desktop.

If using Windows 7 or Vista, Right-Click on fss.exe and select Run As Admisnitrator.

If using XP, double-click to start.

Answer Yes to ok when prompted.

If your firewall then puts out a prompt, again, allow it to run.

Once FSS is on-screen, be sure the following items are checkmarked:

• Internet Services
  
• Windows Firewall
  
• System Restore
  
• Security Center/Action Center
  
• Windows Update
  
• Windows Defender
  

Click on "Scan".

It will create a log (FSS.txt) in the same directory the tool is run.

Copy & Paste contents of FSS.txt into your reply.

[Phyrrus]

Alright, this time, Malwarebytes seemed to have nothing to report.

mbam log

==========================

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.09.08.07

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Phyrrus :: PHYRRUS-PC [administrator]

9/8/2012 1:40:35 PM

mbam-log-2012-09-08 (13-40-35).txt

Scan type: Full scan (C:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 713169

Time elapsed: 2 hour(s), 17 minute(s), 51 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

FSS log

=================================

Farbar Service Scanner Version: 06-08-2012

Ran by Phyrrus (administrator) on 08-09-2012 at 16:03:02

Running from "C:\Users\Phyrrus\Desktop"

Microsoft Windows 7 Ultimate Service Pack 1 (X64)

Boot Mode: Normal

****************************************************************

Internet Services:

============

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Yahoo IP is accessible.

Yahoo.com is accessible.

Windows Firewall:

=============

Firewall Disabled Policy:

==================

System Restore:

============

System Restore Disabled Policy:

========================

Action Center:

============

wscsvc Service is not running. Checking service configuration:

The start type of wscsvc service is set to Disabled. The default start type is Auto.

The ImagePath of wscsvc service is OK.

The ServiceDll of wscsvc service is OK.

Windows Update:

============

Windows Autoupdate Disabled Policy:

============================

Windows Defender:

==============

WinDefend Service is not running. Checking service configuration:

The start type of WinDefend service is set to Disabled. The default start type is Auto.

The ImagePath of WinDefend service is OK.

The ServiceDll of WinDefend service is OK.

Other Services:

==============

File Check:

========

C:\Windows\System32\nsisvc.dll => MD5 is legit

C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit

C:\Windows\System32\dhcpcore.dll => MD5 is legit

C:\Windows\System32\drivers\afd.sys => MD5 is legit

C:\Windows\System32\drivers\tdx.sys => MD5 is legit

C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit

C:\Windows\System32\dnsrslvr.dll => MD5 is legit

C:\Windows\System32\mpssvc.dll => MD5 is legit

C:\Windows\System32\bfe.dll => MD5 is legit

C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit

C:\Windows\System32\SDRSVC.dll => MD5 is legit

C:\Windows\System32\vssvc.exe => MD5 is legit

C:\Windows\System32\wscsvc.dll => MD5 is legit

C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\System32\wuaueng.dll => MD5 is legit

C:\Windows\System32\qmgr.dll => MD5 is legit

C:\Windows\System32\es.dll => MD5 is legit

C:\Windows\System32\cryptsvc.dll => MD5 is legit

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

[Maurice Naggar]

The MBAM result is very, very good.

Would you advise me which specific version of Avira that you have ?

I'd like to have you do a run of Combofix:

You will want to print out or copy these instructions to Notepad for offline reference!

These steps are for member only. If you are a casual viewer, do NOT try this on your system!

If you are not and have a similar problem, do NOT post here; start your own topic

Do not run or start any other programs while these utilities and tools are in use!

Do NOT run any other tools on your own or do any fixes other than what is listed here.

If you have questions, please ask before you do something on your own.

But it is important that you get going on these following steps.

=

Close any of your open programs while you run these tools.

On most all of the following programs and tools, you will need to do a right-click on the program link or shortcut or desktop icon (as appropriate) and then select "Run as Administrator". Please remember that as you go along and use these tools, each in turn.

If you have a prior copy of Combofix, delete it now

Download Combofix from any of the links below, and SAVE it to your Desktop.

Link 1

Link 2

**Note: It is important that it is saved directly to your Desktop and not run straight away from download **

Turn OFF your antivirus, otherwise it will interfere. How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Have infinite patience during the run & scan by Combofix. It has many phases: some 50+ stages

It will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.

You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.

Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.

If this is on a notebook system, make sure first the notebook is connected to wall-power (AC power)or a UPS system

Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

Right- click on Combo-Fix.exe on your Desktop and select "Run as Administrator".

• A window may open with a warning or prompts. Accept the EULA and follow the prompts during the start phase of Combofix.
  When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.
  

A caution - Do not run Combofix more than once.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

If this occurs, please reboot to restore the desktop.

A file will be created at => C:\Combofix.txt.

Notes:

[1] IF after Combofix reboot you get the message

Illegal operation attempted on registry key that has been marked for deletion

....please reboot the computer, this should resolve the problem. You may have reboot the pc a second time if needed.

[2] Do not mouseclick combofix's window nor run any program while Combofix is running.

That may cause it to stall.

[3]When all done, IF Combofix did not do a Restart...then ... I need for you to Restart the system fresh

Reply & Copy & Paste contents of the C:\Combofix.txt log and tell me, How is the system now ?

Re-enable your antivirus program.

[Phyrrus]

A couple items before iI run this then.

My current verion of Avira is 12.0.0.1167

Also, despite disabling Avira, combo fix still seems to think its still running, and gives a warning before it will run. (claims its still active as both anitvirus adnd antispyware)

Is there something more to disable for it, or can I continue?

[Maurice Naggar]

You can do a Right click on the Avira icon on the taskbar, and then if there is a Checkmark by Realtime protection ....then... Click it one time to clear it.

Then proceed forward with my Combofix procedure.

[Phyrrus]

Thats kinda strange then. It does show as disabled in the bar, yet ComboFix still popped up its little blurb about it.

[Maurice Naggar]

Did you get Combofix going? Please do so.

[Phyrrus]

Alright, ComboFix ran (seemingly) without any issues, computer seems ok from a cursory review (Live Security Platinum no longer shows as a phantom entry in the program files list at least).

Here's the ComboFix log;

=============================

ComboFix 12-09-09.02 - Phyrrus 09/09/2012 12:31:19.1.4 - x64

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8169.6527 [GMT -6:00]

Running from: c:\users\Phyrrus\Desktop\ComboFix.exe

AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\Install.exe

c:\users\Phyrrus\AppData\Local\assembly\tmp

c:\users\Phyrrus\AppData\Local\Microsoft\Windows\Temporary Internet Files\www.leawo.com_favicon.ico

c:\users\Phyrrus\AppData\Local\Microsoft\Windows\Temporary Internet Files\www.youtube.com_favicon.ico

.

.

((((((((((((((((((((((((( Files Created from 2012-08-09 to 2012-09-09 )))))))))))))))))))))))))))))))

.

.

2012-09-08 15:52 . 2012-09-08 15:52 -------- d-----w- c:\users\Phyrrus\AppData\Roaming\Malwarebytes

2012-09-08 15:52 . 2012-09-08 15:52 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-09-07 23:59 . 2012-09-07 23:59 -------- d-----w- c:\program files (x86)\ERUNT

2012-09-07 00:00 . 2012-09-07 00:00 -------- d-----w- c:\programdata\Malwarebytes

2012-09-07 00:00 . 2012-07-03 19:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-09-06 23:46 . 2012-08-23 08:26 9310152 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A1D52497-A226-40A5-8141-8B3F50C9B0B3}\mpengine.dll

2012-09-06 23:44 . 2012-09-06 23:44 36680 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2012-09-06 02:09 . 2012-09-06 02:09 -------- d-----w- c:\programdata\HP

2012-09-06 02:08 . 2012-09-06 02:08 -------- d-----w- c:\programdata\Hewlett-Packard

2012-09-06 02:08 . 2010-10-13 18:02 323584 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpcpp103.dll

2012-09-06 02:07 . 2010-09-19 21:51 193592 ----a-w- c:\windows\system32\hppdcompio.dll

2012-09-06 02:07 . 2010-09-19 21:51 167480 ----a-w- c:\windows\SysWow64\hppccompio.dll

2012-09-06 02:07 . 2010-10-13 18:02 176640 ----a-w- c:\windows\system32\hpcpn103.dll

2012-09-06 02:07 . 2010-10-13 17:57 305664 ----a-w- c:\windows\SysWow64\hpcc3103.dll

2012-09-06 02:07 . 2010-02-11 16:19 491008 ----a-w- c:\windows\SysWow64\hpcdmc32.dll

2012-09-06 02:07 . 2012-09-06 02:09 -------- d-----w- c:\program files (x86)\HP

2012-09-06 02:06 . 2010-10-13 18:16 311296 ----a-w- c:\windows\system32\hpbcoins64.dll

2012-09-06 02:06 . 2010-08-23 22:45 976440 ----a-w- c:\windows\system32\hpxp1410_x64.dll

2012-09-06 02:06 . 2010-08-23 22:45 751160 ----a-w- c:\windows\SysWow64\hpptsp08.dll

2012-09-06 02:06 . 2010-08-23 22:45 217656 ----a-w- c:\windows\system32\hppscancoins64.dll

2012-09-06 02:06 . 2010-08-23 22:45 1150520 ----a-w- c:\windows\system32\hpptsp08_x64.dll

2012-09-06 02:06 . 2012-09-06 02:06 -------- d-----w- C:\HP_LaserJet_Professional_CM1410_Series

2012-08-28 02:53 . 2012-09-01 15:22 -------- d-----w- c:\program files (x86)\Guild Wars 2

2012-08-26 20:36 . 2012-08-26 20:37 -------- d-----w- c:\users\Phyrrus\AppData\Local\Google

2012-08-26 20:36 . 2012-08-26 20:36 -------- d-----w- c:\users\Phyrrus\AppData\Local\Deployment

2012-08-26 20:36 . 2012-08-26 20:36 -------- d-----w- c:\users\Phyrrus\AppData\Local\Apps

2012-08-18 18:54 . 2012-08-18 19:17 -------- d-----w- c:\program files\Diablo II

2012-08-18 18:03 . 2012-08-18 18:43 -------- d-----w- c:\users\Phyrrus\D2-1.12A-enUS

2012-08-18 17:48 . 2012-08-18 18:08 -------- d-----w- c:\users\Phyrrus\D2LOD-1.12A-enUS

2012-08-15 00:04 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll

2012-08-15 00:04 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll

2012-08-15 00:04 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll

2012-08-15 00:04 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe

2012-08-15 00:04 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe

2012-08-15 00:04 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll

2012-08-15 00:04 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll

2012-08-15 00:04 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll

2012-08-15 00:04 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll

2012-08-15 00:04 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll

2012-08-15 00:04 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys

2012-08-15 00:04 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll

2012-08-12 00:23 . 2012-08-12 00:23 -------- d-----w- c:\users\Phyrrus\AppData\Roaming\Magic Set Editor

2012-08-12 00:23 . 2012-08-12 00:23 -------- d-----w- c:\program files (x86)\Magic Set Editor 2

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-26 18:53 . 2011-10-30 19:11 281288 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

2012-08-26 18:53 . 2011-10-29 21:58 281288 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2012-08-26 05:28 . 2011-10-29 21:58 281288 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0

2012-08-17 03:45 . 2011-10-29 21:58 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe

2012-08-15 09:00 . 2011-10-15 05:41 62134624 ----a-w- c:\windows\system32\MRT.exe

2012-07-06 04:06 . 2012-08-01 12:53 772544 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2012-07-06 04:06 . 2012-02-03 04:19 687544 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-06-14 04:34 . 2011-10-15 16:43 505128 ----a-w- c:\windows\SysWow64\msvcp71.dll

2012-06-14 04:34 . 2011-10-15 16:43 29480 ----a-w- c:\windows\SysWow64\msxml3a.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-01-18 18:49 94208 ----a-w- c:\users\Phyrrus\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-01-18 18:49 94208 ----a-w- c:\users\Phyrrus\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-01-18 18:49 94208 ----a-w- c:\users\Phyrrus\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-08-15 1353080]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]

"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]

"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-12-15 103720]

"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2010-08-03 87336]

"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2010-11-23 75048]

"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" [2010-12-23 222504]

"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]

"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-12-09 74752]

"Win7PDF"="c:\program files\PDF Printer for Windows 7\PDF.exe" [2009-07-22 484352]

"Garmin Lifetime Updater"="c:\program files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe" [2012-01-06 1446760]

"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]

.

c:\users\Phyrrus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Phyrrus\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]

OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

GamersFirst LIVE!.lnk - c:\program files (x86)\GamersFirst\LIVE!\Live.exe [2012-6-22 2720408]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

R0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [x]

R2 CLKMSVC10_9EC60124;CyberLink Product - 2012/06/13 22:35;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2010-11-24 240112]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys [2010-10-27 55336]

R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2012-09-06 36680]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-15 1255736]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-11 27760]

S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-09 86224]

S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2010-10-27 52896]

S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2010-08-12 133800]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]

S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2010-10-27 38248]

S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2010-10-27 301680]

S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2010-10-27 31080]

S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2010-10-27 203624]

S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2010-10-27 58992]

S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2010-10-27 156520]

S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2010-10-27 279152]

S3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [2010-09-21 313520]

S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2011-10-19 22408]

S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2011-10-19 16008]

S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-09-30 80384]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-09-30 180736]

S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-04-18 188736]

.

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - CLKMDRV10_9EC60124

.

Contents of the 'Scheduled Tasks' folder

.

2012-09-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2078085388-3190077232-1471101432-1000Core.job

- c:\users\Phyrrus\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-26 20:36]

.

2012-09-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2078085388-3190077232-1471101432-1000UA.job

- c:\users\Phyrrus\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-26 20:36]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-01-18 18:49 97792 ----a-w- c:\users\Phyrrus\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-01-18 18:49 97792 ----a-w- c:\users\Phyrrus\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-01-18 18:49 97792 ----a-w- c:\users\Phyrrus\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-01-18 18:49 97792 ----a-w- c:\users\Phyrrus\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-02 11545192]

"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2010-10-27 613536]

"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2010-10-27 379040]

"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-06-23 1744152]

"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-09-29 110360]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_DLLs"=0x0

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.ca/

mLocal Page = c:\windows\SysWOW64\blank.htm

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: DhcpNameServer = 192.168.0.1

DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKCU-Run-NCsoft - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,

72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57

"{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126}"=hex:51,66,7a,6c,4c,1d,38,12,aa,f5,03,

89,33,40,ba,0e,f9,17,52,ec,1a,81,c5,32

"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,

94,30,02,d1,0f,f1,da,12,24,73,56,27,d2

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,

df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:ec,1b,07,f0,55,05,cd,01

.

[HKEY_USERS\S-1-5-21-2078085388-3190077232-1471101432-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.Email.1"

.

[HKEY_USERS\S-1-5-21-2078085388-3190077232-1471101432-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="WindowsLiveMail.VCard.1"

.

[HKEY_USERS\S-1-5-21-2078085388-3190077232-1471101432-1000\Software\SecuROM\License information*]

"datasecu"=hex:b6,ed,8c,7f,39,18,5f,e2,c4,eb,dc,9c,07,e0,e0,f9,8d,15,33,9b,54,

22,cd,c2,d8,20,04,9c,83,87,2f,9e,09,26,52,f1,c8,9e,e3,ae,54,6d,4e,99,6f,6e,\

"rkeysecu"=hex:53,6b,27,dd,2e,4e,65,b0,4b,74,bc,89,64,7f,db,ad

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-09-09 12:41:04

ComboFix-quarantined-files.txt 2012-09-09 18:41

.

Pre-Run: 191,340,126,208 bytes free

Post-Run: 192,573,689,856 bytes free

.

- - End Of File - - C02907F9FD185CD186F0D228A2E69A8B

[Maurice Naggar]

You are good to go after the following. Let me know after you have finished the cleanups.

Your Java runtime is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

• Accept the EULA & Download the latest version of >> Windows Offline << from here
  or >> from here <<
  and save it to your desktop.
  
• Seeing that you have a 64-bit Windows o.s., get and apply both of the 32-bit & 64-bit Windows files.
  
• Close any programs you may have running - especially your web browser(s).
  
• Go to Start > Settings > Control Panel, select Programs and Features and remove all older versions of Java.
  
• Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java) in the name.
  
• Click the Remove or Change/Remove button.
  
• Repeat as many times as necessary to remove each Java versions.
  
• Reboot your computer once all Java components are removed.
  
• Then from your desktop double-click on jre-7u7-windows-i586.exe to install the newest version.
  ( jre-7u7-windows-x64.exe if this is a 64-bit Windows o.s.)
  

• After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
  • On the General tab, under Temporary Internet Files, click the Settings button.
    
  • Next, click on the Delete Files button
    
  • There are two options in the window to clear the cache - Leave BOTH Checked
    • Applications and Applets
      Trace and Log Files
      

    [*]Click OK on Delete Temporary Files Window

    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.

    [*]Click OK to leave the Temporary Files Window

Small tweaks for Java runtime, since most all users do not need to load Java at each Windows startup:

Click Advanced Tab. Expand the Miscellaneous item.

UN-check the line Java quick starter

Press Apply then OK. Close the applet when done.

Defogger

To re-enable CD Emulation programs using DeFogger please perform these steps:

Please download >> DeFogger <<and save it to your desktop.

• Once downloaded, double-click on the DeFogger icon to start the tool.
  
• The application window will appear.
  
• You should now click on the Enable button to re-enable your CD Emulation drivers.
  
• When it prompts you whether or not you want to continue, please click on the Yes button to continue.
  
• When the program has completed you will see a Finished! message. Click on the OK button to exit the program.
  
• If CD Emulation programs are present and have been enabled, DeFogger will now ask you to reboot the machine. Please allow it to do so by clicking on the OK button.

Windows services

This will be a batch-fix .

• Press the Windows-key on keyboard.
  
• In the box, type notepad and press Enter.
  
• Highlight the contents of the following codebox, and copy and paste that text into NOTEPAD.
  

  @Echo off
  sc config wscsvc start= delayed-auto
  sc start wscsvc
  sc config windefend start= delayed-auto
  sc start windefend
  shutdown -r -t 1
  del %0

  
  

• Select File -> Save AS.
  
• Press the Desktop button on the left side of the save dialog.
  
• In the box, type in Fix.bat.
  
• Press .
  
• Close Notepad.
  
• Right click Fix.bat on your desktop, and choose .
  
• Press Yes if prompted by User Account Control.
  

This procedure will do its tasks and then it will Restart Windows.

We can wrap this up now. I see that you are clear of your original issues.

If you have a problem with these steps, or something does not quite work here, do let me know.

The following few steps will remove tools we used. Advise me after you have completed the cleanups.

We have to remove Combofix and all its associated folders. By whichever name you named it, ( you had named it ComboFix ),

put that name in the RUN box stated just below.

The "/uninstall" in the Run line below is to start Combofix for it's cleanup & removal function.

Note the space before the slash mark.

The utility must be removed to prevent any un-intentional or accidental usage, PLUS, to free up much space on your hard disk.

• Highlight the line in this CODEBOX.
  Select & Copy the entire line within this codebox (so that it is in Windows clipboard memory)
  

  c:\users\Phyrrus\Desktop\ComboFix.exe /uninstall

  
  

• Start >> type in cmd >> press the Ctrl+Shift+Enter keyboard combination and cmd.exe will be launched as if you selected Run as Administrator. You will then see a User Account Control prompt asking if you would like to allow the Command Prompt to be able to make changes on your computer. Click on the Yes button and you will now be at the Elevated Command Prompt.
  Do a Right click within the command prompt window and select Paste. This must show the line from Codebox above.
  Then tap Enter
  

IF in the case Combofix un-install has an issue, skip that step.

NEXT

• Download OTC to your desktop and run it
  
• Click Yes to beginning the Cleanup process and remove these components, including this application.
  
• You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
  

ERUNT you should keep and use periodically to backup Windows registry.

Delete the following if still present:

aswMBR.exe

Defogger.exe

FSS.exe

RKILL

RogueKiller.exe

TDSSKILLER.exe

Safer practices & malware prevention

• Have a hardware router between the incoming internet-modem and your computer.
  
• Configure your Antivirus software to check for updates daily, at a time in which you are sure the computer will be on.
  
• Check in at Windows Update and install any Critical Updates offered.
  
• Make certain that Automatic Updates is enabled.
  How to configure and use Automatic Updates in Windows
  http://support.microsoft.com/kb/306525
  
• Check on other update issues as well, visit Secunia Online Software Inspector (OSI)
  See How to detect vulnerable and out-dated programs using Secunia Personal Software Inspector
  
• Download, install, and keep updated Spyware Blaster (free): http://www.javacoolsoftware.com/spywareblaster.html (all Protections should be enabled at all times)
  Tutorial for Spywareblaster: Using SpywareBlaster to protect your computer from Spyware, Hijackers, and Malware
  
• I'd recommend that you get and use MVP Mike Burgess' custom hosts file http://mvps.org/winhelp2002/hosts.htm
  See the FAQ page http://mvps.org/winhelp2002/hostsfaq.htm
  That would help to keep your browser away from known spyware/malware sites.
  
• Make regular backups of your system to removable media: DVD, USB external hard drive, etc.
  Having a total image backup of your system stored on DVD/CD is highly important.
  Get and make use of imaging-backup utilities and save them to offline media. That way you have something to fall back to if another disaster hits.
  Examples of image backup software: Acronis True Image, or the free (for personal use) Macrium Reflect http://www.macrium.com/reflectfree.asp
  or Paragon Backup & Recovery http://www.paragon-software.com/home/br-free/download.html
  
• Consider using Web of Trust WOT add-on for your browser(s)
  http://www.mywot.com/en/download
  http://www.mywot.com/en/faq/add-on
  On some regular schedule, it is a good idea to do an online scan for viruses and malware. Here is a very short list of sites where this may be done:
  ESET Online Scanner
  BitDefender Quickscan
  Trend Micro Housecall
  F-Secure Online Scanner
  Microsoft Safety Scanner
  Panda ActiveScan
  
• See Six tips to help you stay safer online
  
• Never, ever download free games, free tools, videos, mutli-media files or anything free unless you can be absolutely sure the source is safe !
  

We are finished here. Best regards.

[Phyrrus]

Thank you so much for all the help. I'll keep this stuff in mind.

I do usually try to be as careful as possible, guess I'd gotten a little lazy lately. And thanks for the tips, I wasn't aware of some of these!

[Maurice Naggar]

Very well then. Wish you well and stay safe. Cheers.