MoneyPak & white screen help needed

[EirualMac]

Hello,

Am helping to clean up a laptop that is infected with MoneyPak (I believe)-

Upon launching the laptop, user (only one) immediately loads to a white screen. MoneyPak never actually loads with the FBI warning screen, just remains a white screen. If I "shutdown" the pc (through ctrl-alt-delete for 5 seconds), laptop will shut down, and I will briefly see the desktop, and then laptop will shut down. Laptop is Win7 HP Pavilion Entertainment

Have managed to run the Farbar Recovery Scan Tool, and the log is below (captured on thumb drive and am posting via a second laptop).

Please advise next steps - Thanks!!

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-04-2013 07

Ran by SYSTEM on 27-04-2013 14:01:33

Running from H:\

Windows 7 Home Premium (X64) OS Language: English(US)

Internet Explorer Version 9

Boot Mode: Recovery

The current controlset is ControlSet001

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [synTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [1814312 2010-11-01] (Synaptics Incorporated)

HKLM\...\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" [171520 2009-08-15] (Sun Microsystems, Inc.)

HKLM\...\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-11-01] (IDT, Inc.)

HKLM-x32\...\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2009-07-02] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam" [218408 2009-02-25] (CyberLink Corp.)

HKLM-x32\...\Run: [updatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover" [222504 2009-05-19] (CyberLink Corp.)

HKLM-x32\...\Run: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [500792 2010-03-23] (Hewlett-Packard Company)

HKLM-x32\...\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume [439568 2010-05-10] (Microsoft Corporation)

HKLM-x32\...\Run: [F-Secure TNB] "C:\Program Files (x86)\Charter Security Suite\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW [2349664 2009-08-05] (F-Secure Corporation)

HKLM-x32\...\Run: [RegWork] C:\Program Files (x86)\RegWork\RegWork.exe [x]

HKLM-x32\...\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.)

HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.)

HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)

HKLM-x32\...\Run: [] [x]

HKLM-x32\...\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [1561768 2012-05-04] (Ask)

HKLM-x32\...\Run: [F-Secure Hoster (42626)] "C:\Program Files (x86)\Charter Security Suite\fshoster32.exe" -app -hosterid:1 [183864 2012-11-26] (F-Secure Corporation)

HKLM-x32\...\Run: [F-Secure Manager] "C:\Program Files (x86)\Charter Security Suite\Common\FSM32.EXE" /splash [310992 2012-10-18] (F-Secure Corporation)

HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-10-25] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.)

HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-18] (Adobe Systems Incorporated)

HKU\Default\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1668664 2009-10-25] (Hewlett-Packard)

HKU\Default\...\Policies\system: [WallpaperStyle] 2

HKU\Default User\...\Run: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN [1668664 2009-10-25] (Hewlett-Packard)

HKU\Default User\...\Policies\system: [WallpaperStyle] 2

HKU\Rooter\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2009-12-29] (Google Inc.)

HKU\Rooter\...\Run: [Google Update] "C:\Users\Rooter\AppData\Local\Google\Update\GoogleUpdate.exe" /c [135664 2009-12-21] (Google Inc.)

HKU\Rooter\...\Run: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe [x]

HKU\Rooter\...\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [18705664 2013-01-08] (Skype Technologies S.A.)

HKU\Rooter\...\Policies\system: [WallpaperStyle] 2

HKU\Rooter\...\Winlogon: [shell] explorer.exe,C:\Users\Rooter\AppData\Roaming\skype.dat [128512 2011-11-16] (HitSoft Group) <==== ATTENTION

Startup: C:\Users\Rooter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson multimedia projector Registration.lnk

ShortcutTarget: Epson multimedia projector Registration.lnk -> (No File)

==================== Services (Whitelisted) =================

S2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\AESTSr64.exe [89600 2010-11-01] (Andrea Electronics Corporation)

S2 fshoster; C:\Program Files (x86)\Charter Security Suite\fshoster32.exe [183864 2012-11-26] (F-Secure Corporation)

S3 FSMA; C:\Program Files (x86)\Charter Security Suite\Common\FSMA32.EXE [208592 2012-10-18] (F-Secure Corporation)

S2 FSORSPClient; C:\Program Files (x86)\Charter Security Suite\apps\CCF_Reputation\fsorsp.exe [61176 2012-08-06] (F-Secure Corporation)

S2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [227184 2011-08-10] ()

S2 NWVZHelper; C:\Program Files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe [270848 2010-06-14] (Novatel Wireless Inc.)

S2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-01-21] ()

S2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\STacSV64.exe [247808 2010-11-01] (IDT, Inc.)

S2 DeviceMonitorService; "C:\Program Files (x86)\Motorola Media Link\NServiceEntry.exe" [x]

==================== Drivers (Whitelisted) ====================

S3 F-Secure Gatekeeper; C:\Program Files (x86)\Charter Security Suite\Anti-Virus\minifilter\fsgk.sys [198864 2012-10-18] ()

S1 F-Secure HIPS; C:\Program Files (x86)\Charter Security Suite\HIPS\drivers\fshs.sys [62032 2012-10-18] (F-Secure Corporation)

S0 fsbts; C:\Windows\SysWow64\Drivers\fsbts.sys [42672 2011-08-17] ()

S3 fsni; C:\Program Files (x86)\Charter Security Suite\apps\CCF_Scanning\fsni64.sys [71680 2013-01-30] (F-Secure Corporation)

S1 fsvista; C:\Program Files (x86)\Charter Security Suite\Anti-Virus\minifilter\fsvista.sys [14032 2012-10-18] ()

S3 cpuz132; \??\C:\Users\Rooter\AppData\Local\Temp\cpuz132\cpuz132_x64.sys [x]

S4 eabfiltr;

S3 RtsUIR; system32\DRIVERS\Rts516xIR.sys [x]

S3 USBCCID; system32\DRIVERS\RtsUCcid.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-04-27 14:01 - 2013-04-27 14:01 - 00000000 ____D C:\FRST

2013-04-25 14:13 - 2013-04-27 08:58 - 00000004 ____A C:\Users\Rooter\AppData\Roaming\skype.ini

2013-04-24 11:59 - 2013-04-24 11:59 - 14015490 ____A C:\Users\Public\Desktop\fsdiag.zip

2013-04-23 16:03 - 2013-04-12 06:45 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys

2013-04-10 02:34 - 2013-02-21 22:57 - 17817088 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2013-04-10 02:34 - 2013-02-21 22:29 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2013-04-10 02:34 - 2013-02-21 22:27 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2013-04-10 02:34 - 2013-02-21 22:21 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2013-04-10 02:34 - 2013-02-21 22:20 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2013-04-10 02:34 - 2013-02-21 22:19 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl

2013-04-10 02:34 - 2013-02-21 22:18 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll

2013-04-10 02:34 - 2013-02-21 22:17 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2013-04-10 02:34 - 2013-02-21 22:15 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2013-04-10 02:34 - 2013-02-21 22:15 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll

2013-04-10 02:34 - 2013-02-21 22:15 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe

2013-04-10 02:34 - 2013-02-21 22:14 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2013-04-10 02:34 - 2013-02-21 22:13 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2013-04-10 02:34 - 2013-02-21 22:13 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll

2013-04-10 02:34 - 2013-02-21 22:12 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2013-04-10 02:34 - 2013-02-21 22:09 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2013-04-10 02:34 - 2013-02-21 20:05 - 12324352 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2013-04-10 02:34 - 2013-02-21 19:47 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2013-04-10 02:34 - 2013-02-21 19:46 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2013-04-10 02:34 - 2013-02-21 19:38 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2013-04-10 02:34 - 2013-02-21 19:38 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2013-04-10 02:34 - 2013-02-21 19:37 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2013-04-10 02:34 - 2013-02-21 19:36 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2013-04-10 02:34 - 2013-02-21 19:35 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2013-04-10 02:34 - 2013-02-21 19:34 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2013-04-10 02:34 - 2013-02-21 19:34 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2013-04-10 02:34 - 2013-02-21 19:34 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2013-04-10 02:34 - 2013-02-21 19:33 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2013-04-10 02:34 - 2013-02-21 19:32 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2013-04-10 02:34 - 2013-02-21 19:31 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2013-04-10 02:34 - 2013-02-21 19:31 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2013-04-10 02:34 - 2013-02-21 19:28 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2013-04-09 17:05 - 2013-02-14 22:08 - 00044032 ____A (Microsoft Corporation) C:\Windows\System32\tsgqec.dll

2013-04-09 17:05 - 2013-02-14 22:06 - 03717632 ____A (Microsoft Corporation) C:\Windows\System32\mstscax.dll

2013-04-09 17:05 - 2013-02-14 22:02 - 00158720 ____A (Microsoft Corporation) C:\Windows\System32\aaclient.dll

2013-04-09 17:05 - 2013-02-14 20:37 - 03217408 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll

2013-04-09 17:05 - 2013-02-14 20:34 - 00131584 ____A (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll

2013-04-09 17:05 - 2013-02-14 19:25 - 00036864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll

2013-04-09 17:04 - 2013-02-28 19:36 - 03153408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys

2013-04-09 17:03 - 2013-03-18 22:04 - 05550424 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe

2013-04-09 17:03 - 2013-03-18 21:46 - 00043520 ____A (Microsoft Corporation) C:\Windows\System32\csrsrv.dll

2013-04-09 17:03 - 2013-03-18 21:04 - 03968856 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe

2013-04-09 17:03 - 2013-03-18 21:04 - 03913560 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe

2013-04-09 17:03 - 2013-03-18 19:06 - 00112640 ____A (Microsoft Corporation) C:\Windows\System32\smss.exe

2013-04-09 17:03 - 2013-01-23 22:01 - 00223752 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fvevol.sys

2013-04-09 17:02 - 2013-03-18 20:47 - 00006656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll

2013-04-02 16:12 - 2013-04-02 16:12 - 00001979 ____A C:\Users\Public\Desktop\Adobe Reader XI.lnk

==================== One Month Modified Files and Folders =======

2013-04-27 14:01 - 2013-04-27 14:01 - 00000000 ____D C:\FRST

2013-04-27 08:59 - 2009-11-24 00:15 - 01066933 ____A C:\Windows\WindowsUpdate.log

2013-04-27 08:59 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-04-27 08:59 - 2009-07-13 20:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-04-27 08:58 - 2013-04-25 14:13 - 00000004 ____A C:\Users\Rooter\AppData\Roaming\skype.ini

2013-04-27 08:57 - 2009-07-13 21:13 - 00744066 ____A C:\Windows\System32\PerfStringBackup.INI

2013-04-27 08:56 - 2011-07-13 10:36 - 00448700 ____A C:\Windows\setupact.log

2013-04-27 08:55 - 2011-07-18 07:40 - 00000508 ____A C:\Windows\Tasks\Scheduled scanning task.job

2013-04-27 08:55 - 2010-01-29 10:16 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-04-27 08:55 - 2009-12-21 12:00 - 00000190 ____A C:ProgramData\HPWALog.txt

2013-04-27 08:55 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2013-04-26 15:53 - 2010-01-29 10:16 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-04-26 15:25 - 2012-04-01 03:17 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-04-26 15:06 - 2009-12-21 12:16 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1452508999-931761885-3285026272-1000UA.job

2013-04-25 14:15 - 2010-09-25 10:01 - 00000000 ____D C:\Users\Rooter\AppData\Roaming\Skype

2013-04-24 11:59 - 2013-04-24 11:59 - 14015490 ____A C:\Users\Public\Desktop\fsdiag.zip

2013-04-24 10:30 - 2011-01-08 09:34 - 00000336 ____A C:\Windows\Tasks\HPCeeScheduleForRooter.job

2013-04-20 10:06 - 2011-10-29 17:06 - 00000000 ____A C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt

2013-04-20 10:06 - 2010-01-12 12:03 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log

2013-04-14 11:53 - 2009-08-14 22:58 - 00000000 ____D C:ProgramData\Adobe

2013-04-14 11:52 - 2009-12-21 12:15 - 00000000 ____D C:\Users\Rooter\AppData\Roaming\Adobe

2013-04-12 06:45 - 2013-04-23 16:03 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys

2013-04-12 04:19 - 2011-07-18 12:39 - 00000340 ____A C:\Windows\Tasks\Regwork.job

2013-04-10 14:36 - 2009-12-21 12:16 - 00002370 ____A C:\Users\Rooter\Desktop\Google Chrome.lnk

2013-04-10 11:23 - 2009-12-21 12:16 - 00000860 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1452508999-931761885-3285026272-1000Core.job

2013-04-10 02:47 - 2009-07-13 20:45 - 00348656 ____A C:\Windows\System32\FNTCACHE.DAT

2013-04-10 02:35 - 2010-01-11 17:49 - 72702784 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2013-04-06 14:49 - 2011-07-16 09:57 - 00022950 ____A C:\Windows\PFRO.log

2013-04-06 13:50 - 2012-01-11 04:51 - 00000000 __SHD C:\Users\Rooter\AppData\Local\{1c867dd1-ade9-e81c-767f-6933486390b6}

2013-04-02 16:12 - 2013-04-02 16:12 - 00001979 ____A C:\Users\Public\Desktop\Adobe Reader XI.lnk

2013-04-02 16:12 - 2009-08-14 22:58 - 00000000 ____D C:\Program Files (x86)\Adobe

2013-04-02 16:11 - 2009-12-28 10:13 - 00000000 ____D C:\Users\Rooter\AppData\Local\Adobe

2013-03-29 13:42 - 2010-04-24 06:05 - 00000020 ____H C:ProgramData\PKP_DLdw.DAT

ZeroAccess:

C:\Users\Rooter\AppData\Local\{1c867dd1-ade9-e81c-767f-6933486390b6}

C:\Users\Rooter\AppData\Local\{1c867dd1-ade9-e81c-767f-6933486390b6}\@

C:\Users\Rooter\AppData\Local\{1c867dd1-ade9-e81c-767f-6933486390b6}\L

C:\Users\Rooter\AppData\Local\{1c867dd1-ade9-e81c-767f-6933486390b6}\U

C:\Users\Rooter\AppData\Local\{1c867dd1-ade9-e81c-767f-6933486390b6}\L\00000004.@

C:\Users\Rooter\AppData\Local\{1c867dd1-ade9-e81c-767f-6933486390b6}\L\1afb2d56

C:\Users\Rooter\AppData\Local\{1c867dd1-ade9-e81c-767f-6933486390b6}\U\00000004.$

C:\Users\Rooter\AppData\Local\{1c867dd1-ade9-e81c-767f-6933486390b6}\U\00000008.$

C:\Users\Rooter\AppData\Local\{1c867dd1-ade9-e81c-767f-6933486390b6}\U\80000000.$

Other Malware:

===========

C:\Users\Rooter\AppData\Roaming\skype.dat

C:\Users\Rooter\AppData\Roaming\skype.ini

==================== Known DLLs (Whitelisted) ================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\SysWOW64\explorer.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points =========================

Restore point made on: 2013-03-12 05:55:31

Restore point made on: 2013-03-14 04:13:34

Restore point made on: 2013-03-18 03:46:40

Restore point made on: 2013-03-22 16:21:12

Restore point made on: 2013-03-26 03:54:45

Restore point made on: 2013-03-29 13:13:55

Restore point made on: 2013-04-02 16:22:09

Restore point made on: 2013-04-09 17:02:35

Restore point made on: 2013-04-10 02:33:10

Restore point made on: 2013-04-16 12:38:27

Restore point made on: 2013-04-23 14:06:02

Restore point made on: 2013-04-24 05:46:02

==================== Memory info ===========================

Percentage of memory in use: 18%

Total physical RAM: 3836.2 MB

Available physical RAM: 3129.41 MB

Total Pagefile: 3834.34 MB

Available Pagefile: 3113.43 MB

Total Virtual: 8192 MB

Available Virtual: 8191.88 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:284.68 GB) (Free:122.1 GB) NTFS (Disk=0 Partition=2) ==>[system with boot components (obtained from reading drive)]

Drive e: (RECOVERY) (Fixed) (Total:13.11 GB) (Free:2.19 GB) NTFS (Disk=0 Partition=3) ==>[system with boot components (obtained from reading drive)]

Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32 (Disk=0 Partition=4)

Drive h: (SPX) (Removable) (Total:0.93 GB) (Free:0.93 GB) FAT (Disk=1 Partition=1)

Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS (Disk=0 Partition=1) ==>[system with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt

-------- ------------- ------- ------- --- ---

Disk 0 Online 298 GB 0 B

Disk 1 Online 956 MB 0 B

Partitions of Disk 0:

===============

Disk ID: 762FB085

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 199 MB 1024 KB

Partition 2 Primary 284 GB 200 MB

Partition 3 Primary 13 GB 284 GB

Partition 4 Primary 103 MB 297 GB

==================================================================================

Disk: 0

Partition 1

Type : 07

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 1 Y SYSTEM NTFS Partition 199 MB Healthy

=========================================================

Disk: 0

Partition 2

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 2 C NTFS Partition 284 GB Healthy

=========================================================

Disk: 0

Partition 3

Type : 07

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 3 E RECOVERY NTFS Partition 13 GB Healthy

=========================================================

Disk: 0

Partition 4

Type : 0C

Hidden: No

Active: No

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 4 F HP_TOOLS FAT32 Partition 103 MB Healthy

=========================================================

Partitions of Disk 1:

===============

Disk ID: C3072E18

Partition ### Type Size Offset

------------- ---------------- ------- -------

Partition 1 Primary 955 MB 256 KB

==================================================================================

Disk: 1

Partition 1

Type : 06

Hidden: No

Active: Yes

Volume ### Ltr Label Fs Type Size Status Info

---------- --- ----------- ----- ---------- ------- --------- --------

* Volume 5 H SPX FAT Removable 955 MB Healthy

=========================================================

============================== MBR & Partition Table ==================

====================================================================

Disk: 0 (Size: 298 GB) (Disk ID: 762FB085)

Partition 1: (Active) - (Size=199 MB) - (Type=07) (NTFS)

Partition 2: (Not Active) - (Size=285 GB) - (Type=07) (NTFS)

Partition 3: (Not Active) - (Size=13 GB) - (Type=07) (NTFS)

Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)

====================================================================

Disk: 1 (MBR Code: Windows XP) (Size: 956 MB) (Disk ID: C3072E18)

Partition 1: (Active) - (Size=956 MB) - (Type=06)

Last Boot: 2013-04-25 15:16

==================== End Of Log ============================

[gringo_pr]

Hello EirualMac

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.

Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

• 
  
• Please do not run any tools unless instructed to do so.
  
  • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
    

  [*]Please do not attach logs or use code boxes, just copy and paste the text.

  • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
    

  [*]Please read every post completely before doing anything.

  • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
    

  [*]Please provide feedback about your experience as we go.

  • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
  
  

NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the flash drive as fixlist.txt

 
HKU\Rooter\...\Winlogon: [Shell] explorer.exe,C:\Users\Rooter\AppData\Roaming\skype.dat [128512 2011-11-16] (HitSoft Group) <==== ATTENTION
C:\Users\Rooter\AppData\Local\{1c867dd1-ade9-e81c-767f-6933486390b6}
C:\Users\Rooter\AppData\Roaming\skype.dat
C:\Users\Rooter\AppData\Roaming\skype.ini

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.

Run FRST again like we did before but this time press the Fix button just once and wait.

The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.

Also boot the computer into normal mode and let me know how things are looking.

Gringo

[EirualMac]

I have copied to notepad, saving to flashdrive, and ran frst64, clicked on "fix", and received the following popup window:

Farbar Recovery Scan Tool

Warning:

Looks you don't know what to do. To prevent damage to the system the tool will exit.

Only option is to click on "OK".

[gringo_pr]

how did you save the fix - under what name?

[EirualMac]

fixlist.txt

I deleted the first log and the fixlist.txt

I have deleted it completely, and recreated it, and tried again. I must have typed it wrong.

see below for newest log. sorry about that -

Rebooted laptop after fix worked, windows started normally, white screen is gone - am able to access the desktop now (thank you!!). What should I do next?

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 27-04-2013 07

Ran by SYSTEM at 2013-04-27 16:00:43 Run:1

Running from H:\

Boot Mode: Recovery

==============================================

C:\Users\Rooter\AppData\Local\{1c867dd1-ade9-e81c-767f-6933486390b6} moved successfully.

C:\Users\Rooter\AppData\Roaming\skype.dat moved successfully.

C:\Users\Rooter\AppData\Roaming\skype.ini moved successfully.

==

[gringo_pr]

Hello EirualMac

These are the programs I would like you to run next, if you have any problems with these just skip it and move on to the next one.

-AdwCleaner-

• Please download

AdwCleaner by Xplode onto your desktop.

• Close all open programs and internet browsers.
  
• Double click on AdwCleaner.exe to run the tool.
  
• Click on Delete.
  
• Confirm each time with Ok.
  
• Your computer will be rebooted automatically. A text file will open after the restart.
  
• Please post the content of that logfile with your next answer.
  
• You can find the logfile at C:\AdwCleaner[s1].txt as well.
  

--RogueKiller--

• Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
  
  • Quit all programs that you may have started.
    
  • Please disconnect any USB or external drives from the computer before you run this scan!
    
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
    
  • For Windows XP, double-click to start.
    
  • Wait until Prescan has finished ...
    
  • Then Click on "Scan" button
    
  • Wait until the Status box shows "Scan Finished"
    
  • click on "delete"
    
  • Wait until the Status box shows "Deleting Finished"
    
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
    
  • The log should be found in RKreport[1].txt on your Desktop
    
  • Exit/Close RogueKiller+
    

Gringo

[EirualMac]

Success on both!

AdwCleaner Log:

# AdwCleaner v2.202 - Logfile created 04/27/2013 at 16:31:47

# Updated 23/04/2013 by Xplode

# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)

# User : Rooter - ROOTER-PC

# Boot Mode : Normal

# Running from : C:\Users\Rooter\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk

File Deleted : C:\user.js

Folder Deleted : C:\Program Files (x86)\Ask.com

Folder Deleted : C:\ProgramData\Ask

Folder Deleted : C:\ProgramData\Babylon

Folder Deleted : C:\Users\Rooter\AppData\Local\Temp\BabylonToolbar

Folder Deleted : C:\Users\Rooter\AppData\LocalLow\AskToolbar

Folder Deleted : C:\Users\Rooter\AppData\Roaming\Babylon

Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Deleted : HKCU\Software\APN

Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar

Key Deleted : HKCU\Software\Ask.com

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{568F1261-D116-4E54-90B8-17D0ACDE2AD7}

Key Deleted : HKLM\Software\APN

Key Deleted : HKLM\Software\AskToolbar

Key Deleted : HKLM\Software\Babylon

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL

Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr

Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1

Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd

Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1

Key Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF

Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF

Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7CD74AFF-3433-4E34-92E2-D98DFDB30754}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{568F1261-D116-4E54-90B8-17D0ACDE2AD7}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{568F1261-D116-4E54-90B8-17D0ACDE2AD7}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]

Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16476

[OK] Registry is clean.

-\\ Google Chrome v26.0.1410.64

File : C:\Users\Rooter\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.35] : icon_url = "hxxp://www.babylon.com/favicon.ico",

Deleted [l.38] : keyword = "babylon.com",

Deleted [l.41] : search_url = "hxxp://search.babylon.com/?q={searchTerms}&babsrc=SP_crm",

*************************

AdwCleaner[s1].txt - [6593 octets] - [27/04/2013 16:31:47]

########## EOF - C:\AdwCleaner[s1].txt - [6653 octets] ##########

[EirualMac]

RogueKiller Log:

RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Rooter [Admin rights]

Mode : Remove -- Date : 04/27/2013 16:40:14

| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤

[sHELL][Rans.Gendarm] HKCU\[...]\Winlogon : shell (explorer.exe,C:\Users\Rooter\AppData\Roaming\skype.dat) [x] -> DELETED

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : Rans.Gendarm ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS725032A9A364 ATA Device +++++

--- User ---

[MBR] 58a2b4c86090ec0f56f133c99fec76c3

[bSP] 35a8b976d9a2aa6136dc919269895d6a : Windows Vista/7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 291517 Mo

2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 597436416 | Size: 13424 Mo

3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 624928768 | Size: 103 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[2]_D_04272013_02d1640.txt >>

RKreport[1]_S_04272013_02d1637.txt ; RKreport[2]_D_04272013_02d1640.txt

[gringo_pr]

Hello EirualMac

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.

Link 1
Link 2
Link 3

1. Close any open browsers or any other programs that are open.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

• In your next post I need the following
  
• Log from Combofix
  
• let me know of any problems you may have had
  
• How is the computer doing now?
  

Gringo

[EirualMac]

Have been running the ComboFix for a while, received "Completed Stage_4" about 10 minutes ago -

not being familiar with "Comcast Security Suite", could I have "not" closed/stopped the antivirus, causing ComboFix to stall?

Have not touched laptop since launching ComboFix.

[gringo_pr]

Hello EirualMac

I would like you to try and run these next.

TDSSKiller

Please download the latest version of TDSSKiller from here and save it to your Desktop.

• Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  
• Put a checkmark beside loaded modules.
  
• A reboot will be needed to apply the changes. Do it.
  
• TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  
• Then click on Change parameters in TDSSKiller.
  
• Check all boxes then click OK.
  
• Click the Start Scan button.
  
• The scan should take no longer than 2 minutes.
  
• If a suspicious object is detected, the default action will be Skip, click on Continue.
  
• If malicious objects are found, they will show in the Scan results
  
• Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  
• A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  Note** this report can be very long - so if the website gives you an error saying it is to long you may attache it
  If the forum still complains about it being to long send me everything that is at the end of the report after where it says
  ==================
  Scan finished
  ==================
  

and I will see if I want to see the whole report

Malwarebytes Anti-Rootkit

1.Download Malwarebytes Anti-Rootkit

2.Unzip the contents to a folder in a convenient location.

3.Open the folder where the contents were unzipped and run mbar.exe

4.Follow the instructions in the wizard to update and allow the program to scan your computer for threats.

5.Click on the Cleanup button to remove any threats and reboot if prompted to do so.

6.Wait while the system shuts down and the cleanup process is performed.

7.Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.

8.If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

• •Internet access
  •Windows Update
  •Windows Firewall

9.If there are additional problems with your system, such as any of those listed above or other system issues, then run the 'fixdamage' tool included with Malwarebytes Anti-Rootkit and reboot.

10.Verify that your system is now functioning normally.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and MBAR

Gringo

[EirualMac]

Combofix completed (I closed the first run attempt, rebooted laptop & restarted combofix). have recieved the "Illegal operation attempted on a registry key that has been marked for deletion."

After the log was generated, and I attempted to launch iE to post the log. Am posting log from 2nd laptop, as I am rebooting laptop now.

upon reboot, I will launch TDSSKiller.

Log from Combofix

ComboFix 13-04-27.04 - Rooter 04/27/2013 18:24:12.2.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3836.2185 [GMT -4:00]

Running from: c:\users\Rooter\Desktop\ComboFix.exe

AV: Computer Security *Disabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}

FW: Charter Security Suite 9.01 *Disabled* {2D7AC0A6-6241-D774-E168-461178D9686C}

SP: Computer Security *Disabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Public\videos\HP MediaSmart Demo.exe

c:\users\Rooter\AppData\Roaming\.#

.

.

((((((((((((((((((((((((( Files Created from 2013-03-27 to 2013-04-27 )))))))))))))))))))))))))))))))

.

.

2013-04-27 22:34 . 2013-04-27 22:34 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-04-27 20:53 . 2013-04-27 20:54 -------- d-----w- c:\users\Rooter People

2013-04-27 20:23 . 2013-04-10 03:46 9317456 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2E371E36-F3E1-4EC6-8B6F-7699555F5B80}\mpengine.dll

2013-04-24 00:03 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys

2013-04-10 01:05 . 2013-02-15 06:06 3717632 ----a-w- c:\windows\system32\mstscax.dll

2013-04-10 01:05 . 2013-02-15 04:37 3217408 ----a-w- c:\windows\SysWow64\mstscax.dll

2013-04-10 01:05 . 2013-02-15 04:34 131584 ----a-w- c:\windows\SysWow64\aaclient.dll

2013-04-10 01:05 . 2013-02-15 06:02 158720 ----a-w- c:\windows\system32\aaclient.dll

2013-04-10 01:05 . 2013-02-15 06:08 44032 ----a-w- c:\windows\system32\tsgqec.dll

2013-04-10 01:05 . 2013-02-15 03:25 36864 ----a-w- c:\windows\SysWow64\tsgqec.dll

2013-04-10 01:04 . 2013-03-01 03:36 3153408 ----a-w- c:\windows\system32\win32k.sys

2013-04-10 01:03 . 2013-01-24 06:01 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys

2013-04-10 01:03 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-04-10 01:03 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2013-04-10 01:03 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2013-04-10 01:03 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe

2013-04-10 01:03 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll

2013-04-10 01:02 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll

2013-04-03 00:12 . 2013-04-03 00:12 -------- d-----w- c:\program files (x86)\Common Files\Adobe

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-04-10 10:35 . 2010-01-12 01:49 72702784 ----a-w- c:\windows\system32\MRT.exe

2013-03-13 21:26 . 2012-04-01 11:16 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-03-13 21:26 . 2011-05-21 10:48 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-03-12 05:10 . 2009-12-21 20:09 282744 ------w- c:\windows\system32\MpSigStub.exe

2013-02-12 05:45 . 2013-03-13 20:34 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2013-02-12 05:45 . 2013-03-13 20:34 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll

2013-02-12 05:45 . 2013-03-13 20:34 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2013-02-12 05:45 . 2013-03-13 20:34 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll

2013-02-12 04:48 . 2013-03-13 20:34 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll

2013-02-12 04:48 . 2013-03-13 20:34 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll

2013-02-12 04:12 . 2013-03-17 19:53 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{47B6A4A9-DC94-4738-9F20-7411D9691EA4}]

2011-04-20 17:29 81920 ----a-w- c:\program files (x86)\chartertoolbar\chartertoolbarDx.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}]

2009-06-08 21:41 120104 ----a-w- c:\program files (x86)\Common Files\Homepage Protection\HomepageProtection.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{47B6A4A9-DC94-4738-9F20-7411D9691EA4}"= "c:\program files (x86)\chartertoolbar\chartertoolbarDx.dll" [2011-04-20 81920]

.

[HKEY_CLASSES_ROOT\clsid\{47b6a4a9-dc94-4738-9f20-7411d9691ea4}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-29 39408]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18705664]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-02 98304]

"HPCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]

"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2010-03-23 500792]

"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]

"F-Secure TNB"="c:\program files (x86)\Charter Security Suite\FSGUI\TNBUtil.exe" [2009-08-05 2349664]

"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"F-Secure Hoster (42626)"="c:\program files (x86)\Charter Security Suite\fshoster32.exe" [2012-11-26 183864]

"F-Secure Manager"="c:\program files (x86)\Charter Security Suite\Common\FSM32.EXE" [2012-10-18 310992]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]

.

c:\users\Rooter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Epson multimedia projector Registration.lnk - e:\common\EpsonReg\EX3210\EpsonReg.exe [N/A]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]

"WallpaperStyle"= 2

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 DeviceMonitorService;DeviceMonitorService;c:\program files (x86)\Motorola Media Link\NServiceEntry.exe [x]

R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]

R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]

R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-02-25 227896]

R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]

R3 NWUSBCDFIL64;Novatel Wireless Installation CD;c:\windows\system32\DRIVERS\NwUsbCdFil64.sys [2010-07-08 25600]

R3 NWUSBModem_000;Novatel Wireless USB Modem Driver (vGEN);c:\windows\system32\DRIVERS\nwusbmdm_000.sys [2010-07-08 217728]

R3 NWUSBPort_000;Novatel Wireless USB Status Port Driver (vGEN);c:\windows\system32\DRIVERS\nwusbser_000.sys [2010-07-08 217728]

R3 NWUSBPort2_000;Novatel Wireless USB Status2 Port Driver (vGEN);c:\windows\system32\DRIVERS\nwusbser2_000.sys [2010-07-08 217728]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-24 216576]

R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-06 1255736]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]

S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [2012-08-15 56016]

S1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files (x86)\Charter Security Suite\HIPS\drivers\fshs.sys [2012-10-18 62032]

S1 fsvista;F-Secure Vista Support Driver;c:\program files (x86)\Charter Security Suite\Anti-Virus\minifilter\fsvista.sys [2012-10-18 14032]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\AESTSr64.exe [2010-11-01 89600]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-02 203264]

S2 fshoster;F-Secure Dll Hoster;c:\program files (x86)\Charter Security Suite\fshoster32.exe [2012-11-26 183864]

S2 FSORSPClient;F-Secure ORSP Client;c:\program files (x86)\Charter Security Suite\apps\CCF_Reputation\fsorsp.exe [2012-08-06 61176]

S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2009-07-08 30520]

S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-08-10 227184]

S2 NWVZHelper;Novatel Wireless Verizon Device Helper;c:\program files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe [2010-06-14 270848]

S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 92008]

S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2009-06-29 70656]

S3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files (x86)\Charter Security Suite\Anti-Virus\minifilter\fsgk.sys [2012-10-18 198864]

S3 fsni;fsni;c:\program files (x86)\Charter Security Suite\apps\CCF_Scanning\fsni64.sys [2013-01-30 71680]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-23 215040]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-03-09 36408]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2010-02-22 15:38 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-04-27 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 21:26]

.

2013-04-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-29 18:16]

.

2013-04-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-29 18:16]

.

2013-04-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1452508999-931761885-3285026272-1000Core.job

- c:\users\Rooter\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-21 20:16]

.

2013-04-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1452508999-931761885-3285026272-1000UA.job

- c:\users\Rooter\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-21 20:16]

.

2013-04-24 c:\windows\Tasks\HPCeeScheduleForRooter.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15]

.

2013-04-27 c:\windows\Tasks\Scheduled scanning task.job

- c:\progra~2\CHARTE~1\ANTI-V~1\fsav.exe [2010-02-06 16:43]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-15 171520]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-11-01 487424]

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService

FontCache

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uLocal Page = c:\windows\system32\blank.htm

mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = 192.168.*.*;*.local

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html

LSP: c:\program files (x86)\Charter Security Suite\FSPS\program\FSLSP.DLL

TCP: DhcpNameServer = 192.168.1.254

DPF: {DB90DEA9-0897-4B02-9FE0-1E321A22EAB0} - hxxps://eplans.atlantaga.gov/ProjectDox/Resources/Uploader/ChilkatZip2.cab

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKCU-Run-MobileDocuments - c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe

Wow6432Node-HKLM-Run-RegWork - c:\program files (x86)\RegWork\RegWork.exe

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\fshoster]

"ImagePath"="\"c:\program files (x86)\Charter Security Suite\fshoster32.exe\" -hosterid:0"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\F-Secure\My Services Agent\Protected]

@Denied: ) (Everyone)

"AgentIdentifier"="de46e0cf-be9e-46d0-9cd3-37e36dfb1c3a"

"AuthorizationCode"=""

"42626_AgentIdentifier"="de46e0cf-be9e-46d0-9cd3-37e36dfb1c3a"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe

c:\program files (x86)\Charter Security Suite\Anti-Virus\FSGK32.EXE

c:\program files (x86)\CyberLink\Shared files\RichVideo.exe

c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE

c:\program files (x86)\Charter Security Suite\Common\FSMA32.EXE

c:\program files (x86)\Charter Security Suite\Anti-Virus\fssm32.exe

c:\program files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe

c:\program files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe

c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe

c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe

.

**************************************************************************

.

Completion time: 2013-04-27 18:43:52 - machine was rebooted

ComboFix-quarantined-files.txt 2013-04-27 22:43

.

Pre-Run: 133,343,596,544 bytes free

Post-Run: 134,125,219,840 bytes free

.

- - End Of File - - D31647D4182DBD5C4B8D19D3CE58C185

[EirualMac]

Only Suspicious found, no malicious objects found on TDSSKILLER

19:16:41.0467 5440 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42

19:16:42.0091 5440 ============================================================

19:16:42.0091 5440 Current date / time: 2013/04/27 19:16:42.0091

19:16:42.0091 5440 SystemInfo:

19:16:42.0091 5440

19:16:42.0091 5440 OS Version: 6.1.7601 ServicePack: 1.0

19:16:42.0091 5440 Product type: Workstation

19:16:42.0091 5440 ComputerName: ROOTER-PC

19:16:42.0091 5440 UserName: Rooter

19:16:42.0091 5440 Windows directory: C:\Windows

19:16:42.0091 5440 System windows directory: C:\Windows

19:16:42.0091 5440 Running under WOW64

19:16:42.0091 5440 Processor architecture: Intel x64

19:16:42.0091 5440 Number of processors: 2

19:16:42.0091 5440 Page size: 0x1000

19:16:42.0091 5440 Boot type: Normal boot

19:16:42.0091 5440 ============================================================

19:16:42.0980 5440 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

19:16:42.0996 5440 ============================================================

19:16:42.0996 5440 \Device\Harddisk0\DR0:

19:16:42.0996 5440 MBR partitions:

19:16:42.0996 5440 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800

19:16:42.0996 5440 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x2395E800

19:16:42.0996 5440 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x239C2800, BlocksNum 0x1A38000

19:16:42.0996 5440 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x253FA800, BlocksNum 0x33AB0

19:16:42.0996 5440 ============================================================

19:16:43.0011 5440 C: <-> \Device\Harddisk0\DR0\Partition2

19:16:43.0058 5440 D: <-> \Device\Harddisk0\DR0\Partition3

19:16:43.0058 5440 ============================================================

19:16:43.0058 5440 Initialize success

19:16:43.0058 5440 ============================================================

19:16:45.0538 4932 ============================================================

19:16:45.0538 4932 Scan started

19:16:45.0538 4932 Mode: Manual;

19:16:45.0538 4932 ============================================================

19:16:46.0318 4932 ================ Scan system memory ========================

19:16:46.0318 4932 System memory - ok

19:16:46.0318 4932 ================ Scan services =============================

19:16:46.0474 4932 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys

19:16:46.0474 4932 1394ohci - ok

19:16:46.0506 4932 [ 1CFFE9C06E66A57DAE1452E449A58240 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys

19:16:46.0506 4932 Accelerometer - ok

19:16:46.0568 4932 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys

19:16:46.0568 4932 ACPI - ok

19:16:46.0584 4932 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys

19:16:46.0584 4932 AcpiPmi - ok

19:16:46.0708 4932 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

19:16:46.0708 4932 AdobeARMservice - ok

19:16:46.0818 4932 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

19:16:46.0818 4932 AdobeFlashPlayerUpdateSvc - ok

19:16:46.0864 4932 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys

19:16:46.0864 4932 adp94xx - ok

19:16:46.0911 4932 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys

19:16:46.0911 4932 adpahci - ok

19:16:46.0927 4932 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys

19:16:46.0927 4932 adpu320 - ok

19:16:46.0958 4932 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll

19:16:46.0958 4932 AeLookupSvc - ok

19:16:47.0098 4932 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\AESTSr64.exe

19:16:47.0098 4932 AESTFilters - ok

19:16:47.0161 4932 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys

19:16:47.0161 4932 AFD - ok

19:16:47.0239 4932 [ B65F8DBA54F251906BBE8611B5A0E7AB ] AgereModemAudio C:\Program Files\LSI SoftModem\agr64svc.exe

19:16:47.0239 4932 AgereModemAudio - ok

19:16:47.0270 4932 [ AF4748EF93416159459769A24A0053AF ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys

19:16:47.0286 4932 AgereSoftModem - ok

19:16:47.0332 4932 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys

19:16:47.0332 4932 agp440 - ok

19:16:47.0379 4932 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe

19:16:47.0379 4932 ALG - ok

19:16:47.0395 4932 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys

19:16:47.0395 4932 aliide - ok

19:16:47.0442 4932 [ D0D8877969011D1B0ED9C3C55A9A9108 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe

19:16:47.0442 4932 AMD External Events Utility - ok

19:16:47.0442 4932 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys

19:16:47.0442 4932 amdide - ok

19:16:47.0488 4932 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys

19:16:47.0488 4932 AmdK8 - ok

19:16:47.0504 4932 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys

19:16:47.0504 4932 AmdPPM - ok

19:16:47.0535 4932 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys

19:16:47.0535 4932 amdsata - ok

19:16:47.0566 4932 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys

19:16:47.0566 4932 amdsbs - ok

19:16:47.0582 4932 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys

19:16:47.0582 4932 amdxata - ok

19:16:47.0644 4932 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys

19:16:47.0644 4932 AppID - ok

19:16:47.0676 4932 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll

19:16:47.0676 4932 AppIDSvc - ok

19:16:47.0722 4932 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll

19:16:47.0722 4932 Appinfo - ok

19:16:47.0800 4932 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

19:16:47.0816 4932 Apple Mobile Device - ok

19:16:47.0847 4932 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys

19:16:47.0847 4932 arc - ok

19:16:47.0863 4932 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys

19:16:47.0863 4932 arcsas - ok

19:16:47.0894 4932 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys

19:16:47.0894 4932 AsyncMac - ok

19:16:47.0941 4932 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys

19:16:47.0941 4932 atapi - ok

19:16:48.0003 4932 [ F8633CDD09647A64EE8DB550630427FF ] athr C:\Windows\system32\DRIVERS\athrx.sys

19:16:48.0019 4932 athr - ok

19:16:48.0066 4932 [ 38467FF83C2B4265D51F418812A91E3C ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys

19:16:48.0066 4932 AtiHdmiService - ok

19:16:48.0175 4932 [ C5758BF1DFD762A5B17041FF061B7750 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys

19:16:48.0237 4932 atikmdag - ok

19:16:48.0284 4932 [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys

19:16:48.0284 4932 AtiPcie - ok

19:16:48.0346 4932 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll

19:16:48.0362 4932 AudioEndpointBuilder - ok

19:16:48.0362 4932 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll

19:16:48.0378 4932 AudioSrv - ok

19:16:48.0424 4932 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll

19:16:48.0424 4932 AxInstSV - ok

19:16:48.0456 4932 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys

19:16:48.0456 4932 b06bdrv - ok

19:16:48.0502 4932 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys

19:16:48.0502 4932 b57nd60a - ok

19:16:48.0580 4932 [ 825F81A6F7DD073509DB101F0BA6DC59 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE

19:16:48.0596 4932 BBSvc - ok

19:16:48.0627 4932 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll

19:16:48.0627 4932 BDESVC - ok

19:16:48.0643 4932 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys

19:16:48.0643 4932 Beep - ok

19:16:48.0705 4932 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll

19:16:48.0705 4932 BFE - ok

19:16:48.0736 4932 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll

19:16:48.0736 4932 BITS - ok

19:16:48.0768 4932 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys

19:16:48.0768 4932 blbdrive - ok

19:16:48.0846 4932 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe

19:16:48.0846 4932 Bonjour Service - ok

19:16:48.0892 4932 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys

19:16:48.0892 4932 bowser - ok

19:16:48.0924 4932 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys

19:16:48.0924 4932 BrFiltLo - ok

19:16:48.0955 4932 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys

19:16:48.0955 4932 BrFiltUp - ok

19:16:48.0970 4932 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys

19:16:48.0970 4932 BridgeMP - ok

19:16:49.0017 4932 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll

19:16:49.0017 4932 Browser - ok

19:16:49.0048 4932 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys

19:16:49.0048 4932 Brserid - ok

19:16:49.0064 4932 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys

19:16:49.0064 4932 BrSerWdm - ok

19:16:49.0080 4932 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys

19:16:49.0080 4932 BrUsbMdm - ok

19:16:49.0080 4932 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys

19:16:49.0080 4932 BrUsbSer - ok

19:16:49.0111 4932 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys

19:16:49.0111 4932 BTHMODEM - ok

19:16:49.0142 4932 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll

19:16:49.0142 4932 bthserv - ok

19:16:49.0189 4932 catchme - ok

19:16:49.0220 4932 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys

19:16:49.0220 4932 cdfs - ok

19:16:49.0267 4932 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys

19:16:49.0267 4932 cdrom - ok

19:16:49.0329 4932 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll

19:16:49.0329 4932 CertPropSvc - ok

19:16:49.0360 4932 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys

19:16:49.0360 4932 circlass - ok

19:16:49.0376 4932 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys

19:16:49.0376 4932 CLFS - ok

19:16:49.0454 4932 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

19:16:49.0454 4932 clr_optimization_v2.0.50727_32 - ok

19:16:49.0501 4932 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

19:16:49.0501 4932 clr_optimization_v2.0.50727_64 - ok

19:16:49.0610 4932 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

19:16:49.0610 4932 clr_optimization_v4.0.30319_32 - ok

19:16:49.0672 4932 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

19:16:49.0672 4932 clr_optimization_v4.0.30319_64 - ok

19:16:49.0688 4932 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys

19:16:49.0688 4932 CmBatt - ok

19:16:49.0719 4932 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys

19:16:49.0719 4932 cmdide - ok

19:16:49.0766 4932 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys

19:16:49.0766 4932 CNG - ok

19:16:49.0875 4932 [ C7A0E61D5714AC20DE52D4F66EC773B8 ] Com4QLBEx C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

19:16:49.0875 4932 Com4QLBEx - ok

19:16:49.0891 4932 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys

19:16:49.0891 4932 Compbatt - ok

19:16:49.0906 4932 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys

19:16:49.0906 4932 CompositeBus - ok

19:16:49.0922 4932 COMSysApp - ok

19:16:50.0031 4932 cpuz132 - ok

19:16:50.0047 4932 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys

19:16:50.0047 4932 crcdisk - ok

19:16:50.0094 4932 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll

19:16:50.0109 4932 CryptSvc - ok

19:16:50.0156 4932 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll

19:16:50.0156 4932 DcomLaunch - ok

19:16:50.0203 4932 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll

19:16:50.0203 4932 defragsvc - ok

19:16:50.0265 4932 DeviceMonitorService - ok

19:16:50.0312 4932 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys

19:16:50.0312 4932 DfsC - ok

19:16:50.0374 4932 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll

19:16:50.0390 4932 Dhcp - ok

19:16:50.0530 4932 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys

19:16:50.0546 4932 discache - ok

19:16:50.0577 4932 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys

19:16:50.0577 4932 Disk - ok

19:16:50.0624 4932 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll

19:16:50.0624 4932 Dnscache - ok

19:16:50.0671 4932 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll

19:16:50.0671 4932 dot3svc - ok

19:16:50.0718 4932 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll

19:16:50.0718 4932 DPS - ok

19:16:50.0733 4932 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys

19:16:50.0733 4932 drmkaud - ok

19:16:50.0796 4932 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys

19:16:50.0796 4932 DXGKrnl - ok

19:16:50.0842 4932 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll

19:16:50.0842 4932 EapHost - ok

19:16:50.0905 4932 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys

19:16:50.0936 4932 ebdrv - ok

19:16:50.0983 4932 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe

19:16:50.0983 4932 EFS - ok

19:16:51.0061 4932 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe

19:16:51.0061 4932 ehRecvr - ok

19:16:51.0092 4932 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe

19:16:51.0092 4932 ehSched - ok

19:16:51.0139 4932 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys

19:16:51.0139 4932 elxstor - ok

19:16:51.0154 4932 [ 524C79054636D2E5751169005006460B ] enecir C:\Windows\system32\DRIVERS\enecir.sys

19:16:51.0170 4932 enecir - ok

19:16:51.0201 4932 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys

19:16:51.0201 4932 ErrDev - ok

19:16:51.0248 4932 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll

19:16:51.0248 4932 EventSystem - ok

19:16:51.0279 4932 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys

19:16:51.0279 4932 exfat - ok

19:16:51.0373 4932 [ 66B1CCEFC2D4DB85571769779907655C ] F-Secure Gatekeeper C:\Program Files (x86)\Charter Security Suite\Anti-Virus\minifilter\fsgk.sys

19:16:51.0373 4932 F-Secure Gatekeeper - ok

19:16:51.0466 4932 [ 36FE693EC6519D333E1CA0169C121281 ] F-Secure HIPS C:\Program Files (x86)\Charter Security Suite\HIPS\drivers\fshs.sys

19:16:51.0466 4932 F-Secure HIPS - ok

19:16:51.0482 4932 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys

19:16:51.0498 4932 fastfat - ok

19:16:51.0544 4932 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe

19:16:51.0560 4932 Fax - ok

19:16:51.0576 4932 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys

19:16:51.0576 4932 fdc - ok

19:16:51.0607 4932 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll

19:16:51.0607 4932 fdPHost - ok

19:16:51.0622 4932 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll

19:16:51.0622 4932 FDResPub - ok

19:16:51.0654 4932 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys

19:16:51.0654 4932 FileInfo - ok

19:16:51.0669 4932 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys

19:16:51.0669 4932 Filetrace - ok

19:16:51.0700 4932 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys

19:16:51.0700 4932 flpydisk - ok

19:16:51.0732 4932 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys

19:16:51.0732 4932 FltMgr - ok

19:16:51.0794 4932 [ C4C183E6551084039EC862DA1C945E3D ] FontCache C:\Windows\system32\FntCache.dll

19:16:51.0810 4932 FontCache - ok

19:16:51.0856 4932 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

19:16:51.0856 4932 FontCache3.0.0.0 - ok

19:16:51.0919 4932 [ F59F2C574AA5D84477EB89F87C938F16 ] fsbts C:\Windows\system32\Drivers\fsbts.sys

19:16:51.0919 4932 fsbts - ok

19:16:51.0934 4932 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys

19:16:51.0934 4932 FsDepends - ok

19:16:51.0997 4932 [ 10881D41226100F44DF3BF66F5EA75C6 ] fshoster C:\Program Files (x86)\Charter Security Suite\fshoster32.exe

19:16:51.0997 4932 fshoster - ok

19:16:52.0075 4932 [ 11CA1330E16D1772E868A86FBFD8A0AD ] FSMA C:\Program Files (x86)\Charter Security Suite\Common\FSMA32.EXE

19:16:52.0075 4932 FSMA - ok

19:16:52.0215 4932 [ FFF3982981DF6DCD12FFDBE8BB101451 ] fsni C:\Program Files (x86)\Charter Security Suite\apps\CCF_Scanning\fsni64.sys

19:16:52.0215 4932 fsni - ok

19:16:52.0278 4932 [ C67B42683036A503A2123EBEE9220AAA ] FSORSPClient C:\Program Files (x86)\Charter Security Suite\apps\CCF_Reputation\fsorsp.exe

19:16:52.0278 4932 FSORSPClient - ok

19:16:52.0324 4932 [ 339E52896B03045FC2A738F9997FA38D ] fsvista C:\Program Files (x86)\Charter Security Suite\Anti-Virus\minifilter\fsvista.sys

19:16:52.0324 4932 fsvista - ok

19:16:52.0356 4932 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys

19:16:52.0356 4932 Fs_Rec - ok

19:16:52.0402 4932 [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys

19:16:52.0402 4932 fvevol - ok

19:16:52.0434 4932 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys

19:16:52.0434 4932 gagp30kx - ok

19:16:52.0558 4932 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe

19:16:52.0558 4932 GamesAppService - ok

19:16:52.0621 4932 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

19:16:52.0621 4932 GEARAspiWDM - ok

19:16:52.0683 4932 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll

19:16:52.0683 4932 gpsvc - ok

19:16:52.0777 4932 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

19:16:52.0777 4932 gupdate - ok

19:16:52.0808 4932 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

19:16:52.0808 4932 gupdatem - ok

19:16:52.0839 4932 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

19:16:52.0839 4932 gusvc - ok

19:16:52.0855 4932 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys

19:16:52.0855 4932 hcw85cir - ok

19:16:52.0917 4932 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys

19:16:52.0917 4932 HdAudAddService - ok

19:16:52.0948 4932 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys

19:16:52.0948 4932 HDAudBus - ok

19:16:52.0964 4932 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys

19:16:52.0964 4932 HidBatt - ok

19:16:52.0995 4932 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys

19:16:52.0995 4932 HidBth - ok

19:16:53.0026 4932 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys

19:16:53.0026 4932 HidIr - ok

19:16:53.0042 4932 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll

19:16:53.0042 4932 hidserv - ok

19:16:53.0073 4932 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys

19:16:53.0073 4932 HidUsb - ok

19:16:53.0104 4932 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll

19:16:53.0104 4932 hkmsvc - ok

19:16:53.0151 4932 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll

19:16:53.0167 4932 HomeGroupListener - ok

19:16:53.0198 4932 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll

19:16:53.0198 4932 HomeGroupProvider - ok

19:16:53.0292 4932 [ BB1FC298BE53AAB1E110F6E786BD8AC5 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe

19:16:53.0292 4932 HP Support Assistant Service - ok

19:16:53.0323 4932 [ 05712FDDBD45A5864EB326FAABC6A4E3 ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys

19:16:53.0323 4932 hpdskflt - ok

19:16:53.0338 4932 [ 9AF482D058BE59CC28BCE52E7C4B747C ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys

19:16:53.0338 4932 HpqKbFiltr - ok

19:16:53.0416 4932 [ 9B7EDD3FE7C211C36E921D34D18A3A0A ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

19:16:53.0416 4932 hpqwmiex - ok

19:16:53.0494 4932 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys

19:16:53.0494 4932 HpSAMD - ok

19:16:53.0494 4932 [ AA036CC5F5221D9B915F4D4DCE74BA9A ] hpsrv C:\Windows\system32\Hpservice.exe

19:16:53.0494 4932 hpsrv - ok

19:16:53.0541 4932 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys

19:16:53.0557 4932 HTTP - ok

19:16:53.0588 4932 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys

19:16:53.0588 4932 hwpolicy - ok

19:16:53.0635 4932 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys

19:16:53.0635 4932 i8042prt - ok

19:16:53.0666 4932 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys

19:16:53.0666 4932 iaStorV - ok

19:16:53.0760 4932 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

19:16:53.0760 4932 IDriverT - ok

19:16:53.0822 4932 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

19:16:53.0838 4932 idsvc - ok

19:16:53.0978 4932 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys

19:16:54.0040 4932 igfx - ok

19:16:54.0072 4932 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys

19:16:54.0072 4932 iirsp - ok

19:16:54.0118 4932 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll

19:16:54.0134 4932 IKEEXT - ok

19:16:54.0134 4932 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys

19:16:54.0134 4932 intelide - ok

19:16:54.0165 4932 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys

19:16:54.0165 4932 intelppm - ok

19:16:54.0181 4932 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll

19:16:54.0181 4932 IPBusEnum - ok

19:16:54.0228 4932 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys

19:16:54.0228 4932 IpFilterDriver - ok

19:16:54.0274 4932 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll

19:16:54.0290 4932 iphlpsvc - ok

19:16:54.0321 4932 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys

19:16:54.0337 4932 IPMIDRV - ok

19:16:54.0352 4932 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys

19:16:54.0368 4932 IPNAT - ok

19:16:54.0446 4932 [ 4EFFC8FF6D349E971E94B1C670C0C66A ] iPod Service C:\Program Files\iPod\bin\iPodService.exe

19:16:54.0446 4932 iPod Service - ok

19:16:54.0477 4932 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys

19:16:54.0477 4932 IRENUM - ok

19:16:54.0508 4932 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys

19:16:54.0508 4932 isapnp - ok

19:16:54.0540 4932 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys

19:16:54.0540 4932 iScsiPrt - ok

19:16:54.0571 4932 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys

19:16:54.0571 4932 kbdclass - ok

19:16:54.0586 4932 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys

19:16:54.0586 4932 kbdhid - ok

19:16:54.0602 4932 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe

19:16:54.0602 4932 KeyIso - ok

19:16:54.0649 4932 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys

19:16:54.0649 4932 KSecDD - ok

19:16:54.0680 4932 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys

19:16:54.0680 4932 KSecPkg - ok

19:16:54.0711 4932 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys

19:16:54.0711 4932 ksthunk - ok

19:16:54.0742 4932 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll

19:16:54.0742 4932 KtmRm - ok

19:16:54.0789 4932 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll

19:16:54.0805 4932 LanmanServer - ok

19:16:54.0836 4932 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll

19:16:54.0852 4932 LanmanWorkstation - ok

19:16:54.0898 4932 [ 47269F0DE1E5089C6F23BC1EC48CFC31 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

19:16:54.0898 4932 LightScribeService - ok

19:16:54.0914 4932 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys

19:16:54.0914 4932 lltdio - ok

19:16:54.0945 4932 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll

19:16:54.0945 4932 lltdsvc - ok

19:16:54.0961 4932 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll

19:16:54.0961 4932 lmhosts - ok

19:16:54.0992 4932 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys

19:16:54.0992 4932 LSI_FC - ok

19:16:55.0023 4932 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys

19:16:55.0023 4932 LSI_SAS - ok

19:16:55.0039 4932 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys

19:16:55.0039 4932 LSI_SAS2 - ok

19:16:55.0054 4932 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys

19:16:55.0054 4932 LSI_SCSI - ok

19:16:55.0086 4932 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys

19:16:55.0086 4932 luafv - ok

19:16:55.0148 4932 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll

19:16:55.0148 4932 Mcx2Svc - ok

19:16:55.0179 4932 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys

19:16:55.0179 4932 megasas - ok

19:16:55.0195 4932 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys

19:16:55.0210 4932 MegaSR - ok

19:16:55.0226 4932 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll

19:16:55.0226 4932 MMCSS - ok

19:16:55.0242 4932 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys

19:16:55.0242 4932 Modem - ok

19:16:55.0257 4932 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys

19:16:55.0257 4932 monitor - ok

19:16:55.0351 4932 [ 98A10AC4257A3BA48C9611338544EE49 ] MotoHelper C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe

19:16:55.0351 4932 MotoHelper - ok

19:16:55.0366 4932 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys

19:16:55.0366 4932 mouclass - ok

19:16:55.0382 4932 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys

19:16:55.0382 4932 mouhid - ok

19:16:55.0429 4932 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys

19:16:55.0429 4932 mountmgr - ok

19:16:55.0460 4932 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys

19:16:55.0460 4932 mpio - ok

19:16:55.0491 4932 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys

19:16:55.0491 4932 mpsdrv - ok

19:16:55.0585 4932 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll

19:16:55.0600 4932 MpsSvc - ok

19:16:55.0647 4932 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys

19:16:55.0647 4932 MRxDAV - ok

19:16:55.0694 4932 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys

19:16:55.0694 4932 mrxsmb - ok

19:16:55.0725 4932 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys

19:16:55.0741 4932 mrxsmb10 - ok

19:16:55.0772 4932 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys

19:16:55.0772 4932 mrxsmb20 - ok

19:16:55.0834 4932 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys

19:16:55.0834 4932 msahci - ok

19:16:55.0866 4932 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys

19:16:55.0866 4932 msdsm - ok

19:16:55.0881 4932 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe

19:16:55.0881 4932 MSDTC - ok

19:16:55.0928 4932 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys

19:16:55.0928 4932 Msfs - ok

19:16:55.0928 4932 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys

19:16:55.0928 4932 mshidkmdf - ok

19:16:55.0944 4932 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys

19:16:55.0944 4932 msisadrv - ok

19:16:55.0975 4932 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll

19:16:55.0975 4932 MSiSCSI - ok

19:16:55.0975 4932 msiserver - ok

19:16:56.0006 4932 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys

19:16:56.0006 4932 MSKSSRV - ok

19:16:56.0022 4932 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys

19:16:56.0022 4932 MSPCLOCK - ok

19:16:56.0037 4932 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys

19:16:56.0037 4932 MSPQM - ok

19:16:56.0084 4932 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys

19:16:56.0084 4932 MsRPC - ok

19:16:56.0131 4932 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys

19:16:56.0131 4932 mssmbios - ok

19:16:56.0146 4932 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys

19:16:56.0146 4932 MSTEE - ok

19:16:56.0162 4932 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys

19:16:56.0162 4932 MTConfig - ok

19:16:56.0193 4932 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys

19:16:56.0193 4932 Mup - ok

19:16:56.0240 4932 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll

19:16:56.0240 4932 napagent - ok

19:16:56.0271 4932 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys

19:16:56.0271 4932 NativeWifiP - ok

19:16:56.0334 4932 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys

19:16:56.0334 4932 NDIS - ok

19:16:56.0349 4932 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys

19:16:56.0349 4932 NdisCap - ok

19:16:56.0380 4932 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys

19:16:56.0380 4932 NdisTapi - ok

19:16:56.0427 4932 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys

19:16:56.0427 4932 Ndisuio - ok

19:16:56.0474 4932 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys

19:16:56.0474 4932 NdisWan - ok

19:16:56.0521 4932 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys

19:16:56.0521 4932 NDProxy - ok

19:16:56.0552 4932 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys

19:16:56.0552 4932 NetBIOS - ok

19:16:56.0599 4932 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys

19:16:56.0599 4932 NetBT - ok

19:16:56.0599 4932 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe

19:16:56.0614 4932 Netlogon - ok

19:16:56.0646 4932 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll

19:16:56.0646 4932 Netman - ok

19:16:56.0661 4932 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll

19:16:56.0661 4932 netprofm - ok

19:16:56.0692 4932 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

19:16:56.0692 4932 NetTcpPortSharing - ok

19:16:56.0802 4932 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys

19:16:56.0848 4932 netw5v64 - ok

19:16:56.0880 4932 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys

19:16:56.0880 4932 nfrd960 - ok

19:16:56.0895 4932 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll

19:16:56.0895 4932 NlaSvc - ok

19:16:56.0926 4932 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys

19:16:56.0926 4932 Npfs - ok

19:16:56.0958 4932 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll

19:16:56.0958 4932 nsi - ok

19:16:56.0973 4932 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys

19:16:56.0973 4932 nsiproxy - ok

19:16:57.0036 4932 [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys

19:16:57.0051 4932 Ntfs - ok

19:16:57.0067 4932 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys

19:16:57.0067 4932 Null - ok

19:16:57.0082 4932 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys

19:16:57.0082 4932 nvraid - ok

19:16:57.0129 4932 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys

19:16:57.0129 4932 nvstor - ok

19:16:57.0145 4932 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys

19:16:57.0145 4932 nv_agp - ok

19:16:57.0176 4932 [ 6EEB54E34603DD417ECE187C8402320A ] NWADI C:\Windows\system32\DRIVERS\NWADIenum.sys

19:16:57.0176 4932 NWADI - ok

19:16:57.0223 4932 [ D944D4341429093F55CB7F0EC87C86B3 ] NWUSBCDFIL64 C:\Windows\system32\DRIVERS\NwUsbCdFil64.sys

19:16:57.0223 4932 NWUSBCDFIL64 - ok

19:16:57.0270 4932 [ 877CE72712D7860FD815884438D824B8 ] NWUSBModem_000 C:\Windows\system32\DRIVERS\nwusbmdm_000.sys

19:16:57.0270 4932 NWUSBModem_000 - ok

19:16:57.0301 4932 [ 877CE72712D7860FD815884438D824B8 ] NWUSBPort2_000 C:\Windows\system32\DRIVERS\nwusbser2_000.sys

19:16:57.0301 4932 NWUSBPort2_000 - ok

19:16:57.0348 4932 [ 877CE72712D7860FD815884438D824B8 ] NWUSBPort_000 C:\Windows\system32\DRIVERS\nwusbser_000.sys

19:16:57.0348 4932 NWUSBPort_000 - ok

19:16:57.0410 4932 [ 6F67805EBE1C879DE008ED21BFCF2F02 ] NWVZHelper C:\Program Files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe

19:16:57.0410 4932 NWVZHelper - ok

19:16:57.0457 4932 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys

19:16:57.0457 4932 ohci1394 - ok

19:16:57.0488 4932 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll

19:16:57.0488 4932 p2pimsvc - ok

19:16:57.0519 4932 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll

19:16:57.0519 4932 p2psvc - ok

19:16:57.0550 4932 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys

19:16:57.0550 4932 Parport - ok

19:16:57.0566 4932 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys

19:16:57.0566 4932 partmgr - ok

19:16:57.0597 4932 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll

19:16:57.0597 4932 PcaSvc - ok

19:16:57.0644 4932 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys

19:16:57.0644 4932 pci - ok

19:16:57.0660 4932 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys

19:16:57.0660 4932 pciide - ok

19:16:57.0691 4932 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys

19:16:57.0691 4932 pcmcia - ok

19:16:57.0722 4932 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys

19:16:57.0722 4932 pcw - ok

19:16:57.0738 4932 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys

19:16:57.0738 4932 PEAUTH - ok

19:16:57.0816 4932 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe

19:16:57.0816 4932 PerfHost - ok

19:16:57.0894 4932 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll

19:16:57.0909 4932 pla - ok

19:16:57.0972 4932 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll

19:16:57.0972 4932 PlugPlay - ok

19:16:58.0003 4932 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll

19:16:58.0003 4932 PNRPAutoReg - ok

19:16:58.0018 4932 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll

19:16:58.0018 4932 PNRPsvc - ok

19:16:58.0034 4932 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll

19:16:58.0050 4932 PolicyAgent - ok

19:16:58.0081 4932 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll

19:16:58.0081 4932 Power - ok

19:16:58.0096 4932 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys

19:16:58.0096 4932 PptpMiniport - ok

19:16:58.0128 4932 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys

19:16:58.0128 4932 Processor - ok

19:16:58.0174 4932 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll

19:16:58.0190 4932 ProfSvc - ok

19:16:58.0190 4932 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe

19:16:58.0206 4932 ProtectedStorage - ok

19:16:58.0252 4932 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys

19:16:58.0252 4932 Psched - ok

19:16:58.0315 4932 [ F6EA2DCE39F1ACCB2C6C38D61FC79075 ] QBCFMonitorService C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

19:16:58.0315 4932 QBCFMonitorService - ok

19:16:58.0346 4932 [ BAB30D2799754F6EA22F0B9076311793 ] QBFCService C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe

19:16:58.0362 4932 QBFCService - ok

19:16:58.0408 4932 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys

19:16:58.0424 4932 ql2300 - ok

19:16:58.0440 4932 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys

19:16:58.0440 4932 ql40xx - ok

19:16:58.0471 4932 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll

19:16:58.0471 4932 QWAVE - ok

19:16:58.0486 4932 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys

19:16:58.0486 4932 QWAVEdrv - ok

19:16:58.0502 4932 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys

19:16:58.0502 4932 RasAcd - ok

19:16:58.0533 4932 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys

19:16:58.0533 4932 RasAgileVpn - ok

19:16:58.0549 4932 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll

19:16:58.0549 4932 RasAuto - ok

19:16:58.0596 4932 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys

19:16:58.0596 4932 Rasl2tp - ok

19:16:58.0642 4932 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll

19:16:58.0642 4932 RasMan - ok

19:16:58.0658 4932 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys

19:16:58.0658 4932 RasPppoe - ok

19:16:58.0674 4932 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys

19:16:58.0674 4932 RasSstp - ok

19:16:58.0720 4932 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys

19:16:58.0720 4932 rdbss - ok

19:16:58.0736 4932 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys

19:16:58.0736 4932 rdpbus - ok

19:16:58.0752 4932 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys

19:16:58.0752 4932 RDPCDD - ok

19:16:58.0783 4932 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys

19:16:58.0783 4932 RDPENCDD - ok

19:16:58.0814 4932 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys

19:16:58.0814 4932 RDPREFMP - ok

19:16:58.0845 4932 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys

19:16:58.0845 4932 RDPWD - ok

19:16:58.0908 4932 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys

19:16:58.0908 4932 rdyboost - ok

19:16:58.0939 4932 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll

19:16:58.0939 4932 RemoteAccess - ok

19:16:58.0970 4932 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll

19:16:58.0970 4932 RemoteRegistry - ok

19:16:59.0032 4932 [ 498EB62A160674E793FA40FD65390625 ] RichVideo C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

19:16:59.0032 4932 RichVideo - ok

19:16:59.0064 4932 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll

19:16:59.0064 4932 RpcEptMapper - ok

19:16:59.0079 4932 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe

19:16:59.0079 4932 RpcLocator - ok

19:16:59.0110 4932 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll

19:16:59.0126 4932 RpcSs - ok

19:16:59.0157 4932 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys

19:16:59.0157 4932 rspndr - ok

19:16:59.0204 4932 [ A5DF2F732A6C95554E548FCB6932BD31 ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys

19:16:59.0204 4932 RSUSBSTOR - ok

19:16:59.0235 4932 [ B49DC435AE3695BAC5623DD94B05732D ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys

19:16:59.0235 4932 RTL8167 - ok

19:16:59.0235 4932 RtsUIR - ok

19:16:59.0251 4932 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe

19:16:59.0251 4932 SamSs - ok

19:16:59.0298 4932 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys

19:16:59.0298 4932 sbp2port - ok

19:16:59.0313 4932 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll

19:16:59.0329 4932 SCardSvr - ok

19:16:59.0360 4932 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys

19:16:59.0360 4932 scfilter - ok

19:16:59.0422 4932 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll

19:16:59.0438 4932 Schedule - ok

19:16:59.0469 4932 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll

19:16:59.0469 4932 SCPolicySvc - ok

19:16:59.0500 4932 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys

19:16:59.0516 4932 sdbus - ok

19:16:59.0563 4932 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll

19:16:59.0563 4932 SDRSVC - ok

19:16:59.0656 4932 [ CC781378E7EDA615D2CDCA3B17829FA4 ] SeaPort C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

19:16:59.0656 4932 SeaPort - ok

19:16:59.0688 4932 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys

19:16:59.0703 4932 secdrv - ok

19:16:59.0703 4932 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll

19:16:59.0703 4932 seclogon - ok

19:16:59.0734 4932 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll

19:16:59.0734 4932 SENS - ok

19:16:59.0766 4932 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll

19:16:59.0766 4932 SensrSvc - ok

19:16:59.0781 4932 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys

19:16:59.0781 4932 Serenum - ok

19:16:59.0797 4932 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys

19:16:59.0797 4932 Serial - ok

19:16:59.0844 4932 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys

19:16:59.0844 4932 sermouse - ok

19:16:59.0890 4932 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll

19:16:59.0890 4932 SessionEnv - ok

19:16:59.0906 4932 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys

19:16:59.0906 4932 sffdisk - ok

19:16:59.0922 4932 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys

19:16:59.0922 4932 sffp_mmc - ok

19:16:59.0937 4932 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys

19:16:59.0937 4932 sffp_sd - ok

19:16:59.0953 4932 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys

19:16:59.0953 4932 sfloppy - ok

19:16:59.0984 4932 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll

19:16:59.0984 4932 SharedAccess - ok

19:17:00.0000 4932 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll

19:17:00.0015 4932 ShellHWDetection - ok

19:17:00.0062 4932 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys

19:17:00.0062 4932 SiSRaid2 - ok

19:17:00.0078 4932 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys

19:17:00.0078 4932 SiSRaid4 - ok

19:17:00.0140 4932 [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe

19:17:00.0140 4932 SkypeUpdate - ok

19:17:00.0187 4932 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys

19:17:00.0187 4932 Smb - ok

19:17:00.0218 4932 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe

19:17:00.0218 4932 SNMPTRAP - ok

19:17:00.0234 4932 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys

19:17:00.0234 4932 spldr - ok

19:17:00.0280 4932 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe

19:17:00.0280 4932 Spooler - ok

19:17:00.0374 4932 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe

19:17:00.0405 4932 sppsvc - ok

19:17:00.0436 4932 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll

19:17:00.0436 4932 sppuinotify - ok

19:17:00.0483 4932 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys

19:17:00.0499 4932 srv - ok

19:17:00.0546 4932 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys

19:17:00.0546 4932 srv2 - ok

19:17:00.0577 4932 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS

19:17:00.0577 4932 SrvHsfHDA - ok

19:17:00.0624 4932 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS

19:17:00.0639 4932 SrvHsfV92 - ok

19:17:00.0670 4932 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS

19:17:00.0670 4932 SrvHsfWinac - ok

19:17:00.0686 4932 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys

19:17:00.0686 4932 srvnet - ok

19:17:00.0733 4932 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll

19:17:00.0733 4932 SSDPSRV - ok

19:17:00.0748 4932 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll

19:17:00.0748 4932 SstpSvc - ok

19:17:00.0873 4932 [ 7595D53EE8E8B0BAA9A2DDDE867EBB0C ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\STacSV64.exe

19:17:00.0873 4932 STacSV - ok

19:17:00.0904 4932 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys

19:17:00.0904 4932 stexstor - ok

19:17:00.0951 4932 [ DFFBC024DFC7BB05B2129E05CBC7A201 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys

19:17:00.0951 4932 STHDA - ok

19:17:01.0014 4932 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll

19:17:01.0014 4932 stisvc - ok

19:17:01.0060 4932 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys

19:17:01.0060 4932 swenum - ok

19:17:01.0092 4932 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll

19:17:01.0107 4932 swprv - ok

19:17:01.0154 4932 [ 924D711941956F7420A4925592BE8253 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys

19:17:01.0154 4932 SynTP - ok

19:17:01.0216 4932 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll

19:17:01.0232 4932 SysMain - ok

19:17:01.0279 4932 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll

19:17:01.0279 4932 TabletInputService - ok

19:17:01.0294 4932 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll

19:17:01.0294 4932 TapiSrv - ok

19:17:01.0326 4932 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll

19:17:01.0326 4932 TBS - ok

19:17:01.0404 4932 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys

19:17:01.0419 4932 Tcpip - ok

19:17:01.0450 4932 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys

19:17:01.0466 4932 TCPIP6 - ok

19:17:01.0497 4932 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys

19:17:01.0497 4932 tcpipreg - ok

19:17:01.0528 4932 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys

19:17:01.0528 4932 TDPIPE - ok

19:17:01.0575 4932 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys

19:17:01.0575 4932 TDTCP - ok

19:17:01.0622 4932 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys

19:17:01.0622 4932 tdx - ok

19:17:01.0669 4932 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys

19:17:01.0669 4932 TermDD - ok

19:17:01.0716 4932 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll

19:17:01.0731 4932 TermService - ok

19:17:01.0762 4932 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll

19:17:01.0762 4932 Themes - ok

19:17:01.0778 4932 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll

19:17:01.0778 4932 THREADORDER - ok

19:17:01.0872 4932 [ FBD16717FD68B206C4CE3BB3C9EE5CB3 ] TomTomHOMEService C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe

19:17:01.0872 4932 TomTomHOMEService - ok

19:17:01.0887 4932 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll

19:17:01.0887 4932 TrkWks - ok

19:17:01.0950 4932 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe

19:17:01.0950 4932 TrustedInstaller - ok

19:17:01.0981 4932 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys

19:17:01.0996 4932 tssecsrv - ok

19:17:02.0043 4932 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys

19:17:02.0043 4932 TsUsbFlt - ok

19:17:02.0090 4932 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys

19:17:02.0090 4932 tunnel - ok

19:17:02.0106 4932 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys

19:17:02.0106 4932 uagp35 - ok

19:17:02.0137 4932 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys

19:17:02.0152 4932 udfs - ok

19:17:02.0184 4932 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe

19:17:02.0184 4932 UI0Detect - ok

19:17:02.0199 4932 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys

19:17:02.0199 4932 uliagpkx - ok

19:17:02.0246 4932 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys

19:17:02.0246 4932 umbus - ok

19:17:02.0277 4932 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys

19:17:02.0277 4932 UmPass - ok

19:17:02.0293 4932 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll

19:17:02.0293 4932 upnphost - ok

19:17:02.0308 4932 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys

19:17:02.0308 4932 usbccgp - ok

19:17:02.0324 4932 USBCCID - ok

19:17:02.0355 4932 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys

19:17:02.0355 4932 usbcir - ok

19:17:02.0371 4932 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys

19:17:02.0371 4932 usbehci - ok

19:17:02.0386 4932 [ 44D9C773FEBFF10593B50DDFC2D6BC27 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys

19:17:02.0386 4932 usbfilter - ok

19:17:02.0418 4932 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys

19:17:02.0418 4932 usbhub - ok

19:17:02.0433 4932 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys

19:17:02.0433 4932 usbohci - ok

19:17:02.0449 4932 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys

19:17:02.0449 4932 usbprint - ok

19:17:02.0496 4932 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys

19:17:02.0496 4932 usbscan - ok

19:17:02.0527 4932 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS

19:17:02.0527 4932 USBSTOR - ok

19:17:02.0542 4932 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys

19:17:02.0542 4932 usbuhci - ok

19:17:02.0558 4932 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys

19:17:02.0558 4932 usbvideo - ok

19:17:02.0574 4932 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll

19:17:02.0574 4932 UxSms - ok

19:17:02.0605 4932 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe

19:17:02.0605 4932 VaultSvc - ok

19:17:02.0620 4932 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys

19:17:02.0620 4932 vdrvroot - ok

19:17:02.0667 4932 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe

19:17:02.0667 4932 vds - ok

19:17:02.0698 4932 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys

19:17:02.0698 4932 vga - ok

19:17:02.0714 4932 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys

19:17:02.0714 4932 VgaSave - ok

19:17:02.0730 4932 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys

19:17:02.0745 4932 vhdmp - ok

19:17:02.0761 4932 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys

19:17:02.0761 4932 viaide - ok

19:17:02.0808 4932 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys

19:17:02.0808 4932 volmgr - ok

19:17:02.0839 4932 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys

19:17:02.0854 4932 volmgrx - ok

19:17:02.0854 4932 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys

19:17:02.0870 4932 volsnap - ok

19:17:02.0901 4932 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys

19:17:02.0901 4932 vsmraid - ok

19:17:02.0964 4932 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe

19:17:02.0979 4932 VSS - ok

19:17:03.0010 4932 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys

19:17:03.0010 4932 vwifibus - ok

19:17:03.0042 4932 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys

19:17:03.0042 4932 vwififlt - ok

19:17:03.0073 4932 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll

19:17:03.0073 4932 W32Time - ok

19:17:03.0088 4932 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys

19:17:03.0088 4932 WacomPen - ok

19:17:03.0151 4932 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys

19:17:03.0151 4932 WANARP - ok

19:17:03.0151 4932 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys

19:17:03.0151 4932 Wanarpv6 - ok

19:17:03.0244 4932 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe

19:17:03.0244 4932 WatAdminSvc - ok

19:17:03.0307 4932 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe

19:17:03.0322 4932 wbengine - ok

19:17:03.0354 4932 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll

19:17:03.0369 4932 WbioSrvc - ok

19:17:03.0416 4932 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll

19:17:03.0416 4932 wcncsvc - ok

19:17:03.0432 4932 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll

19:17:03.0432 4932 WcsPlugInService - ok

19:17:03.0463 4932 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys

19:17:03.0463 4932 Wd - ok

19:17:03.0510 4932 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys

19:17:03.0510 4932 Wdf01000 - ok

19:17:03.0525 4932 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll

19:17:03.0541 4932 WdiServiceHost - ok

19:17:03.0541 4932 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll

19:17:03.0541 4932 WdiSystemHost - ok

19:17:03.0588 4932 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll

19:17:03.0588 4932 WebClient - ok

19:17:03.0619 4932 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll

19:17:03.0619 4932 Wecsvc - ok

19:17:03.0634 4932 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll

19:17:03.0634 4932 wercplsupport - ok

19:17:03.0650 4932 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll

19:17:03.0650 4932 WerSvc - ok

19:17:03.0681 4932 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys

19:17:03.0681 4932 WfpLwf - ok

19:17:03.0697 4932 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys

19:17:03.0697 4932 WIMMount - ok

19:17:03.0712 4932 WinDefend - ok

19:17:03.0712 4932 WinHttpAutoProxySvc - ok

19:17:03.0775 4932 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll

19:17:03.0775 4932 Winmgmt - ok

19:17:03.0837 4932 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll

19:17:03.0868 4932 WinRM - ok

19:17:03.0915 4932 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys

19:17:03.0915 4932 WinUsb - ok

19:17:03.0962 4932 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll

19:17:03.0962 4932 Wlansvc - ok

19:17:04.0009 4932 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys

19:17:04.0009 4932 WmiAcpi - ok

19:17:04.0040 4932 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

19:17:04.0040 4932 wmiApSrv - ok

19:17:04.0056 4932 WMPNetworkSvc - ok

19:17:04.0071 4932 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll

19:17:04.0071 4932 WPCSvc - ok

19:17:04.0118 4932 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

19:17:04.0118 4932 WPDBusEnum - ok

19:17:04.0149 4932 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

19:17:04.0149 4932 ws2ifsl - ok

19:17:04.0165 4932 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll

19:17:04.0180 4932 wscsvc - ok

19:17:04.0180 4932 WSearch - ok

19:17:04.0258 4932 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll

19:17:04.0274 4932 wuauserv - ok

19:17:04.0321 4932 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

19:17:04.0321 4932 WudfPf - ok

19:17:04.0352 4932 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

19:17:04.0368 4932 WUDFRd - ok

19:17:04.0368 4932 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

19:17:04.0383 4932 wudfsvc - ok

19:17:04.0399 4932 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll

19:17:04.0414 4932 WwanSvc - ok

19:17:04.0446 4932 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys

19:17:04.0446 4932 yukonw7 - ok

19:17:04.0461 4932 ================ Scan global ===============================

19:17:04.0477 4932 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll

19:17:04.0524 4932 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll

19:17:04.0539 4932 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll

19:17:04.0570 4932 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll

19:17:04.0570 4932 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe

19:17:04.0586 4932 [Global] - ok

19:17:04.0586 4932 ================ Scan MBR ==================================

19:17:04.0586 4932 [ DDE255BD595281C7119C5DCBA9F7F419 ] \Device\Harddisk0\DR0

19:17:04.0773 4932 \Device\Harddisk0\DR0 - ok

19:17:04.0773 4932 ================ Scan VBR ==================================

19:17:04.0773 4932 [ 98386FDD716BBFD0884BB7B5668D6AA5 ] \Device\Harddisk0\DR0\Partition1

19:17:04.0773 4932 \Device\Harddisk0\DR0\Partition1 - ok

19:17:04.0789 4932 [ D2B125975C2AB12197318E35C5C440E9 ] \Device\Harddisk0\DR0\Partition2

19:17:04.0789 4932 \Device\Harddisk0\DR0\Partition2 - ok

19:17:04.0820 4932 [ D220D8306A7D9CBCF7D4AF74A647EE43 ] \Device\Harddisk0\DR0\Partition3

19:17:04.0820 4932 \Device\Harddisk0\DR0\Partition3 - ok

19:17:04.0836 4932 [ 365840A14A1CDB120C56B2E17DDDCC9D ] \Device\Harddisk0\DR0\Partition4

19:17:04.0836 4932 \Device\Harddisk0\DR0\Partition4 - ok

19:17:04.0836 4932 ============================================================

19:17:04.0836 4932 Scan finished

19:17:04.0836 4932 ============================================================

19:17:04.0836 0396 Detected object count: 0

19:17:04.0836 0396 Actual detected object count: 0

19:17:27.0705 6108 Deinitialize success

[EirualMac]

Completed Malwarebytes Anti-Rootkit. restarted Antivirus, firewall, security suite.

Appears to be working fine. I am not able to report on any speed issues, as I don't have anything to compare to (since it's not my machine).

However, win7 loads quickly, and the background programs a quickly loading as well.

Malware log:

Malwarebytes Anti-Rootkit BETA 1.05.0.1001

www.malwarebytes.org

Database version: v2013.04.27.04

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Rooter :: ROOTER-PC [administrator]

4/27/2013 7:42:56 PM

mbar-log-2013-04-27 (19-42-56).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 32053

Time elapsed: 10 minute(s), 7 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

[gringo_pr]

Hello EirualMac

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe

This will let ComboFix run again.

Restart if you have to.

Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

• In your next post I need the following
  

1. report from Combofix
   
2. let me know of any problems you may have had
   
3. How is the computer doing now after running the script?

Gringo

[EirualMac]

This morning, I encountered a few errors:

Last night, while reviewing the system, I discovered the antivirus has not updated definitions since Feb. Contacted the ISP, who said i had to uninstall their security suite and reinstall. I attempted to uninstall, and the system locked up, crashing iE. After rebooting, I couldn't get back online, and received multiple errors. I did do a system restore back to where I had removed the security suite software. At this time, the laptop is unable to get to the internet, Security Suite will not launch, and am receiving the following errors.

WerFault.eze application error - the instruction at 0x7455f290 referenced memory at ..The memory could not be written.

Completed stage_50: 9:11

I apologize - was trying to be proactive in getting the antivirus done, as I know it'lll have to be repaired before I can give them back this laptop. Windows explorer continues to crash, but I did complete the CFScript. :

ComboFix 13-04-27.04 - Rooter 04/28/2013 9:00.3.2 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3836.2453 [GMT -4:00]

Running from: c:\users\Rooter\Desktop\ComboFix.exe

Command switches used :: c:\users\Rooter\Desktop\CFScript.txt

AV: Computer Security *Disabled/Outdated* {15414183-282E-D62C-CA37-EF24860A2F17}

FW: Charter Security Suite 9.01 *Disabled* {2D7AC0A6-6241-D774-E168-461178D9686C}

SP: Computer Security *Disabled/Outdated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2013-03-28 to 2013-04-28 )))))))))))))))))))))))))))))))

.

.

2013-04-28 13:14 . 2013-04-28 13:14 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-04-27 23:32 . 2013-04-27 23:32 -------- d-----w- c:\programdata\Malwarebytes

2013-04-27 22:01 . 2013-04-27 22:01 -------- d-----w- C:\FRST

2013-04-27 20:53 . 2013-04-28 12:44 -------- d-----w- c:\users\Rooter People

2013-04-27 20:23 . 2013-04-10 03:46 9317456 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2E371E36-F3E1-4EC6-8B6F-7699555F5B80}\mpengine.dll

2013-04-24 00:03 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys

2013-04-10 01:05 . 2013-02-15 06:06 3717632 ----a-w- c:\windows\system32\mstscax.dll

2013-04-10 01:05 . 2013-02-15 04:37 3217408 ----a-w- c:\windows\SysWow64\mstscax.dll

2013-04-10 01:05 . 2013-02-15 04:34 131584 ----a-w- c:\windows\SysWow64\aaclient.dll

2013-04-10 01:05 . 2013-02-15 06:02 158720 ----a-w- c:\windows\system32\aaclient.dll

2013-04-10 01:05 . 2013-02-15 06:08 44032 ----a-w- c:\windows\system32\tsgqec.dll

2013-04-10 01:05 . 2013-02-15 03:25 36864 ----a-w- c:\windows\SysWow64\tsgqec.dll

2013-04-10 01:04 . 2013-03-01 03:36 3153408 ----a-w- c:\windows\system32\win32k.sys

2013-04-10 01:03 . 2013-01-24 06:01 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys

2013-04-10 01:03 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-04-10 01:03 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2013-04-10 01:03 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2013-04-10 01:03 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe

2013-04-10 01:03 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll

2013-04-10 01:02 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll

2013-04-03 00:12 . 2013-04-03 00:12 -------- d-----w- c:\program files (x86)\Common Files\Adobe

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-04-10 10:35 . 2010-01-12 01:49 72702784 ----a-w- c:\windows\system32\MRT.exe

2013-03-13 21:26 . 2012-04-01 11:16 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-03-13 21:26 . 2011-05-21 10:48 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-03-12 05:10 . 2009-12-21 20:09 282744 ------w- c:\windows\system32\MpSigStub.exe

2013-02-12 05:45 . 2013-03-13 20:34 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2013-02-12 05:45 . 2013-03-13 20:34 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll

2013-02-12 05:45 . 2013-03-13 20:34 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2013-02-12 05:45 . 2013-03-13 20:34 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll

2013-02-12 04:48 . 2013-03-13 20:34 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll

2013-02-12 04:48 . 2013-03-13 20:34 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll

2013-02-12 04:12 . 2013-03-17 19:53 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{47B6A4A9-DC94-4738-9F20-7411D9691EA4}]

2011-04-20 17:29 81920 ----a-w- c:\program files (x86)\chartertoolbar\chartertoolbarDx.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}]

2009-06-08 21:41 120104 ----a-w- c:\program files (x86)\Common Files\Homepage Protection\HomepageProtection.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]

"{47B6A4A9-DC94-4738-9F20-7411D9691EA4}"= "c:\program files (x86)\chartertoolbar\chartertoolbarDx.dll" [2011-04-20 81920]

.

[HKEY_CLASSES_ROOT\clsid\{47b6a4a9-dc94-4738-9f20-7411d9691ea4}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-29 39408]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18705664]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-02 98304]

"HPCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]

"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]

"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2010-03-23 500792]

"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2010-05-10 439568]

"F-Secure TNB"="c:\program files (x86)\Charter Security Suite\FSGUI\TNBUtil.exe" [2009-08-05 2349664]

"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"F-Secure Manager"="c:\program files (x86)\Charter Security Suite\Common\FSM32.EXE" [2012-10-18 310992]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-02-20 152392]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]

.

c:\users\Rooter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Epson multimedia projector Registration.lnk - e:\common\EpsonReg\EX3210\EpsonReg.exe [N/A]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]

"WallpaperStyle"= 2

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 DeviceMonitorService;DeviceMonitorService;c:\program files (x86)\Motorola Media Link\NServiceEntry.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-01-08 161536]

R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]

R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-02-25 227896]

R3 F-Secure Gatekeeper;F-Secure Gatekeeper;c:\program files (x86)\Charter Security Suite\Anti-Virus\minifilter\fsgk.sys [2012-10-18 198864]

R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]

R3 NWUSBCDFIL64;Novatel Wireless Installation CD;c:\windows\system32\DRIVERS\NwUsbCdFil64.sys [2010-07-08 25600]

R3 NWUSBModem_000;Novatel Wireless USB Modem Driver (vGEN);c:\windows\system32\DRIVERS\nwusbmdm_000.sys [2010-07-08 217728]

R3 NWUSBPort_000;Novatel Wireless USB Status Port Driver (vGEN);c:\windows\system32\DRIVERS\nwusbser_000.sys [2010-07-08 217728]

R3 NWUSBPort2_000;Novatel Wireless USB Status2 Port Driver (vGEN);c:\windows\system32\DRIVERS\nwusbser2_000.sys [2010-07-08 217728]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-24 216576]

R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-06 1255736]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]

S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys [2012-08-15 56016]

S1 F-Secure HIPS;F-Secure HIPS Driver;c:\program files (x86)\Charter Security Suite\HIPS\drivers\fshs.sys [2012-10-18 62032]

S1 fsvista;F-Secure Vista Support Driver;c:\program files (x86)\Charter Security Suite\Anti-Virus\minifilter\fsvista.sys [2012-10-18 14032]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_70dacb64382a61a7\AESTSr64.exe [2010-11-01 89600]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-02 203264]

S2 fshoster;F-Secure Dll Hoster;c:\program files (x86)\Charter Security Suite\fshoster32.exe [2012-11-26 183864]

S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528]

S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2009-07-08 30520]

S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2011-08-10 227184]

S2 NWVZHelper;Novatel Wireless Verizon Device Helper;c:\program files (x86)\Novatel Wireless\Verizon\Drivers\NWHelper_001.exe [2010-06-14 270848]

S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 92008]

S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2009-06-29 70656]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-23 215040]

S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-03-09 36408]

.

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]

2010-02-22 15:38 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-04-28 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 21:26]

.

2013-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-29 18:16]

.

2013-04-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-29 18:16]

.

2013-04-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1452508999-931761885-3285026272-1000Core.job

- c:\users\Rooter\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-21 20:16]

.

2013-04-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1452508999-931761885-3285026272-1000UA.job

- c:\users\Rooter\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-21 20:16]

.

2013-04-24 c:\windows\Tasks\HPCeeScheduleForRooter.job

- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15]

.

2013-04-27 c:\windows\Tasks\Scheduled scanning task.job

- c:\progra~2\CHARTE~1\ANTI-V~1\fsav.exe [2010-02-06 16:43]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-15 171520]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-11-01 487424]

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService

FontCache

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uLocal Page = c:\windows\system32\blank.htm

mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = 192.168.*.*;*.local

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html

LSP: c:\program files (x86)\Charter Security Suite\FSPS\program\FSLSP.DLL

TCP: DhcpNameServer = 192.168.1.254

DPF: {DB90DEA9-0897-4B02-9FE0-1E321A22EAB0} - hxxps://eplans.atlantaga.gov/ProjectDox/Resources/Uploader/ChilkatZip2.cab

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

SafeBoot-83740665.sys

AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\fshoster]

"ImagePath"="\"c:\program files (x86)\Charter Security Suite\fshoster32.exe\" -hosterid:0"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\F-Secure\My Services Agent\Protected]

@Denied: ) (Everyone)

"AgentIdentifier"="de46e0cf-be9e-46d0-9cd3-37e36dfb1c3a"

"AuthorizationCode"=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2013-04-28 09:37:26

ComboFix-quarantined-files.txt 2013-04-28 13:37

ComboFix2.txt 2013-04-27 22:43

.

Pre-Run: 134,910,586,880 bytes free

Post-Run: 134,705,893,376 bytes free

.

- - End Of File - - DC98B614276BBDE0B980BDC01A413C16

[gringo_pr]

Hello

Wow, I do not know what to say. I hope I can get this fixed.

Lets see if this will fix what is wrong with the internet

Complete Internet Repair

• Please download http://datum.mediafire.com/download.php?xzibd27bujdg2ey and save it to your desktop
  
• Double click the icon and select Run
  
• Click Extract
  
• Double click the Complete Internet Repair folder on your desktop
  
• Double click the CIntRep.exe icon
  
• Place a checkmark next to the following entries:
  
  • Reset Internet Protocol (TCP/IP)
    
  • Repair Winsock (Reset Catalog)
    
  • Renew Internet Connections
    
  • Flush DNS Resolver Cache
    
  • Repair Internet Explorer 6.0.2900
    
  • Clear Windows Update History
    
  • Repair Windows / Automatic Updates
    
  • Repair SSL / HTTPS / Cryptography
    
  • Reset Windows Firewall Configuration
    
  • Restore the default hosts file
    
  • Repair Workgroup Computers view
    

  [*]Click Go!

  [*]Ignore any error messages for now

  [*]Click OK to reboot your computer

  [*]Check your internet access

Please let me know if this worked

Gringo

[EirualMac]

newest errors:

GoogleToolbarnotifier.exe Entry Point Not found

The procedure entry point RtlCopyContext could not be located in the dynamic link library ntdll.dll

Skype.exe Entry Point not Found

The procedure entry point RtlCopyContext could not be located in the dynamic link library ntdll.dll

And when attempting to launch iE:

iexpore.exe-Entry Point Not Found

The procedure entry point RtlCopyContext could not be located in the dynamic link library ntdll.dll

and of course nothing else (control panel, ie, etc...) will launch. I can open a window explorer.

I am considering restoring from an earlier system restore point. Like a month ago..

[gringo_pr]

Try that and let me know how it goes

gringo

[EirualMac]

I finally am able to get back online with the laptop & cannot say for sure where it is in the cleaning process.

I do know the security suite is hosed & will attack that at a later time. However, I would like to see what you recommend as the next steps.

[gringo_pr]

Hello

how did you get back online?

also give me a rundown of the status of the computer

gringo

[gringo_pr]

Greetings

I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools

Gringo

[gringo_pr]

Hello

48 Hour bump

It has been more than 48 hours since my last post.

• do you still need help with this?
  
• do you need more time?
  
• are you having problems following my instructions?
  
• if after 48hrs you have not replied to this thread then it will have to be closed!
  

Gringo

[LDTate]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!