TechSpot

After removing FBI Moneypak Ransomware, svchost.exe Trojan on Windows 7 keeps returning

Solved
By TruelightE525
Nov 14, 2012
  1. Can anyone help me permanently remove the Trojan horse disguised as svchost.exe from a Windows 7 computer? I started out having the FBI Moneypak Ransomware virus on the PC. So after doing some research, I downloaded Malwarebytes Anti-Malware software in order to clean the PC of this troublesome ransomware. Well, after cleaning up (I think!) the ransomware, now I can't get rid of a Trojan horse that looks like svchost.exe.

    I've been continuing to use Malwarebytes to do full scans of the PC and remove the svchost.exe Trojan files (and any related files). But everytime I restart the PC, the svchost.exe Trojan is back again. It doesn't seem to matter how many times I run Malwarebytes, or whether I'm in Safe Mode or Safe Mode with Networking. This svchost.exe Trojan will not be removed.

    I haven't tried other anti-virus tools yet, but I have tried to search for and manually delete specific infected files (to no avail). I'm not familiar with creating the various logs that I've seen in other uses post, but I do have several logs from Malwarebytes that I can copy and paste to this forum, if it would help resolve this issue. I've been working to resolve this problem for several days now, so I have logs from multiple days. Please let me know if you will only need the most recent logs from today, or if you need logs from the past as well that may include info from the FBI Moneypak ransomware. Thanks in advance for any assistance you can provide!
     
  2. Broni

    Broni Malware Annihilator Posts: 47,616   +267

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. TruelightE525

    TruelightE525 TS Rookie Topic Starter Posts: 44

    Hi Broni,

    I'm worried. I began to execute the steps you sent me from http://www.techspot.com/vb/topic58138.html. So, far I have only been able to complete Steps 1 and 2. While in the process on completing Steps 1 and 2, my computer crashed several times (blue screen) and I had to reboot. Now, in Step 3 (GMER), during the latest crash and reboot cycle, Windows automatically began Startup Repair which says, "Your computer was unable to start Startup Repair is checking your system for problems...". It goes on to say, "If problems are found, Startup Repair will fix them automatically. Your computer might restart several times during this process. No changes will be made to your personal files or information. This might take several minutes." Finally, there is a moving bar which scrolls across the screen continuously, beneath which are the words, "Attempting repairs..." There is a Cancel button that I can click to stop the Startup Repair process, but I don't know what that will do and I'm concerned that I won't be able to start the PC if I cancel out of the process.

    So far, I have only a log file for MalwareBytes, but I'm concerned about this Startup Repair process because your instructions indicated I should refrain from "running any tools, fixes, or applying any changes", and it seems like Startup Repair might be doing just that! It's been running for the last 10 minutes with no other indications when the process will end. Please help! I've include the only Log info I have so far, from MalwareBytes. Fortunately, I emailed this Log info to my MacBook (which works fine) before the Startup Repair process began on the PC:

    Malwarebytes Anti-Malware 1.65.1.1000
    www.malwarebytes.org

    Database version: v2012.11.15.05

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    kc :: KC-PC [administrator]

    11/15/2012 9:58:35 AM
    mbam-log-2012-11-15 (09-58-35).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 227262
    Time elapsed: 14 minute(s), 45 second(s)

    Memory Processes Detected: 1
    C:\Windows\svchost.exe (Trojan.Agent) -> 5024 -> Delete on reboot.

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 3
    C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.
    C:\Users\kc\Local Settings\Application Data\chromeupdate.crx (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Users\kc\AppData\Local\chromeupdate.crx (Trojan.Agent) -> Quarantined and deleted successfully.

    (end)
     
  4. Broni

    Broni Malware Annihilator Posts: 47,616   +267

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  5. TruelightE525

    TruelightE525 TS Rookie Topic Starter Posts: 44

    Hi Broni,

    Thanks for the response. I ran TDSSKiller and I will be sending the contents of the log file in a few minutes from another computer. I have to split the log because it exceeds 50,000 characters. Also, I have more info to share with you, but I will do that in another post because I need to send the log to my other computer before my infected PC crashes again. I hope you will still be available in a few minutes...
     
  6. TruelightE525

    TruelightE525 TS Rookie Topic Starter Posts: 44

    Hi Broni, Below is the first part of the TDSSKiller log contents:

    19:43:29.0456 7136 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
    19:43:30.0158 7136 ============================================================
    19:43:30.0158 7136 Current date / time: 2012/11/15 19:43:30.0158
    19:43:30.0158 7136 SystemInfo:
    19:43:30.0158 7136
    19:43:30.0158 7136 OS Version: 6.1.7601 ServicePack: 1.0
    19:43:30.0158 7136 Product type: Workstation
    19:43:30.0158 7136 ComputerName: KC-PC
    19:43:30.0158 7136 UserName: kc
    19:43:30.0158 7136 Windows directory: C:\Windows
    19:43:30.0158 7136 System windows directory: C:\Windows
    19:43:30.0158 7136 Running under WOW64
    19:43:30.0158 7136 Processor architecture: Intel x64
    19:43:30.0158 7136 Number of processors: 2
    19:43:30.0158 7136 Page size: 0x1000
    19:43:30.0158 7136 Boot type: Normal boot
    19:43:30.0158 7136 ============================================================
    19:43:32.0248 7136 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    19:43:32.0389 7136 ============================================================
    19:43:32.0389 7136 \Device\Harddisk0\DR0:
    19:43:32.0404 7136 MBR partitions:
    19:43:32.0404 7136 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
    19:43:32.0404 7136 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x38444000
    19:43:32.0404 7136 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x384A8000, BlocksNum 0x1EAA000
    19:43:32.0404 7136 ============================================================
    19:43:32.0420 7136 C: <-> \Device\Harddisk0\DR0\Partition2
    19:43:32.0451 7136 D: <-> \Device\Harddisk0\DR0\Partition3
    19:43:32.0467 7136 ============================================================
    19:43:32.0467 7136 Initialize success
    19:43:32.0467 7136 ============================================================
    19:43:37.0896 6344 ============================================================
    19:43:37.0896 6344 Scan started
    19:43:37.0896 6344 Mode: Manual;
    19:43:37.0896 6344 ============================================================
    19:43:39.0612 6344 ================ Scan system memory ========================
    19:43:39.0612 6344 System memory - ok
    19:43:39.0612 6344 ================ Scan services =============================
    19:43:40.0282 6344 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
    19:43:40.0282 6344 1394ohci - ok
    19:43:40.0314 6344 [ 3E2427D4966C7606097341E55AB4E105 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys
    19:43:40.0314 6344 Accelerometer - ok
    19:43:40.0345 6344 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
    19:43:40.0360 6344 ACPI - ok
    19:43:40.0392 6344 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
    19:43:40.0407 6344 AcpiPmi - ok
    19:43:40.0641 6344 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    19:43:40.0657 6344 AdobeARMservice - ok
    19:43:41.0078 6344 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    19:43:41.0078 6344 AdobeFlashPlayerUpdateSvc - ok
    19:43:41.0140 6344 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
    19:43:41.0156 6344 adp94xx - ok
    19:43:41.0172 6344 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
    19:43:41.0187 6344 adpahci - ok
    19:43:41.0187 6344 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
    19:43:41.0203 6344 adpu320 - ok
    19:43:41.0234 6344 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    19:43:41.0234 6344 AeLookupSvc - ok
    19:43:41.0281 6344 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
    19:43:41.0281 6344 AFD - ok
    19:43:41.0437 6344 [ B65F8DBA54F251906BBE8611B5A0E7AB ] AgereModemAudio C:\Program Files\LSI SoftModem\agr64svc.exe
    19:43:41.0437 6344 AgereModemAudio - ok
    19:43:41.0499 6344 [ AF4748EF93416159459769A24A0053AF ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys
    19:43:41.0546 6344 AgereSoftModem - ok
    19:43:41.0608 6344 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
    19:43:41.0608 6344 agp440 - ok
    19:43:42.0201 6344 [ B9B98E08EC127900025F42462D3D0A66 ] Akamai c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll
    19:43:42.0201 6344 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll. md5: B9B98E08EC127900025F42462D3D0A66
    19:43:42.0217 6344 Akamai ( HiddenFile.Multi.Generic ) - warning
    19:43:42.0217 6344 Akamai - detected HiddenFile.Multi.Generic (1)
    19:43:42.0264 6344 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
    19:43:42.0264 6344 ALG - ok
    19:43:42.0279 6344 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
    19:43:42.0279 6344 aliide - ok
    19:43:42.0326 6344 [ D0D8877969011D1B0ED9C3C55A9A9108 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
    19:43:42.0342 6344 AMD External Events Utility - ok
    19:43:42.0357 6344 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
    19:43:42.0357 6344 amdide - ok
    19:43:42.0388 6344 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
    19:43:42.0404 6344 AmdK8 - ok
    19:43:42.0420 6344 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
    19:43:42.0420 6344 AmdPPM - ok
    19:43:42.0466 6344 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
    19:43:42.0466 6344 amdsata - ok
    19:43:42.0498 6344 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
    19:43:42.0498 6344 amdsbs - ok
    19:43:42.0529 6344 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
    19:43:42.0529 6344 amdxata - ok
    19:43:42.0576 6344 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
    19:43:42.0576 6344 AppID - ok
    19:43:42.0622 6344 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
    19:43:42.0622 6344 AppIDSvc - ok
    19:43:42.0669 6344 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
    19:43:42.0669 6344 Appinfo - ok
    19:43:42.0825 6344 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    19:43:42.0841 6344 Apple Mobile Device - ok
    19:43:42.0950 6344 [ 44F0479ACDBC24D20C62B63E23720B4A ] Application Sendori C:\Program Files (x86)\Sendori\SendoriSvc.exe
    19:43:42.0966 6344 Application Sendori - ok
    19:43:42.0997 6344 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
    19:43:42.0997 6344 arc - ok
    19:43:43.0044 6344 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
    19:43:43.0044 6344 arcsas - ok
    19:43:43.0153 6344 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    19:43:43.0153 6344 AsyncMac - ok
    19:43:43.0184 6344 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
    19:43:43.0184 6344 atapi - ok
    19:43:43.0293 6344 [ F8633CDD09647A64EE8DB550630427FF ] athr C:\Windows\system32\DRIVERS\athrx.sys
    19:43:43.0340 6344 athr - ok
    19:43:43.0434 6344 [ 38467FF83C2B4265D51F418812A91E3C ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
    19:43:43.0434 6344 AtiHdmiService - ok
    19:43:43.0902 6344 [ C5758BF1DFD762A5B17041FF061B7750 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
    19:43:44.0058 6344 atikmdag - ok
    19:43:44.0120 6344 [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
    19:43:44.0136 6344 AtiPcie - ok
    19:43:44.0307 6344 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    19:43:44.0338 6344 AudioEndpointBuilder - ok
    19:43:44.0385 6344 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
    19:43:44.0401 6344 AudioSrv - ok
    19:43:44.0432 6344 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
    19:43:44.0448 6344 AxInstSV - ok
    19:43:44.0541 6344 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
    19:43:44.0557 6344 b06bdrv - ok
    19:43:44.0697 6344 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
    19:43:44.0697 6344 b57nd60a - ok
    19:43:45.0087 6344 [ 2ED050291BC1D7F9E322E328DB3AAECF ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
    19:43:45.0087 6344 BBSvc - ok
    19:43:45.0181 6344 [ 785DE7ABDA13309D6065305542829E76 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    19:43:45.0181 6344 BBUpdate - ok
    19:43:45.0212 6344 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
    19:43:45.0228 6344 BDESVC - ok
    19:43:45.0243 6344 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
    19:43:45.0243 6344 Beep - ok
    19:43:45.0337 6344 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
    19:43:45.0384 6344 BFE - ok
    19:43:45.0415 6344 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
    19:43:45.0430 6344 BITS - ok
    19:43:45.0446 6344 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
    19:43:45.0446 6344 blbdrive - ok
    19:43:45.0524 6344 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    19:43:45.0524 6344 Bonjour Service - ok
    19:43:45.0571 6344 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    19:43:45.0571 6344 bowser - ok
    19:43:45.0633 6344 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
    19:43:45.0649 6344 BrFiltLo - ok
    19:43:45.0664 6344 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
    19:43:45.0711 6344 BrFiltUp - ok
    19:43:45.0742 6344 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
    19:43:45.0742 6344 Browser - ok
    19:43:45.0789 6344 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
    19:43:45.0789 6344 Brserid - ok
    19:43:45.0805 6344 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
    19:43:45.0836 6344 BrSerWdm - ok
    19:43:45.0867 6344 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
    19:43:45.0930 6344 BrUsbMdm - ok
    19:43:45.0945 6344 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
    19:43:45.0945 6344 BrUsbSer - ok
    19:43:45.0961 6344 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
    19:43:45.0992 6344 BTHMODEM - ok
    19:43:46.0008 6344 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
    19:43:46.0023 6344 bthserv - ok
    19:43:46.0039 6344 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    19:43:46.0054 6344 cdfs - ok
    19:43:46.0101 6344 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
    19:43:46.0101 6344 cdrom - ok
    19:43:46.0210 6344 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
    19:43:46.0210 6344 CertPropSvc - ok
    19:43:46.0273 6344 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
    19:43:46.0273 6344 circlass - ok
    19:43:46.0320 6344 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
    19:43:46.0320 6344 CLFS - ok
    19:43:46.0616 6344 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    19:43:46.0632 6344 clr_optimization_v2.0.50727_32 - ok
    19:43:46.0678 6344 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    19:43:46.0678 6344 clr_optimization_v2.0.50727_64 - ok
    19:43:46.0756 6344 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    19:43:46.0772 6344 clr_optimization_v4.0.30319_32 - ok
    19:43:46.0850 6344 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    19:43:46.0850 6344 clr_optimization_v4.0.30319_64 - ok
    19:43:46.0897 6344 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
    19:43:46.0897 6344 CmBatt - ok
    19:43:46.0944 6344 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
    19:43:46.0944 6344 cmdide - ok
    19:43:47.0053 6344 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
    19:43:47.0115 6344 CNG - ok
    19:43:47.0256 6344 [ C7A0E61D5714AC20DE52D4F66EC773B8 ] Com4QLBEx C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    19:43:47.0271 6344 Com4QLBEx - ok
    19:43:47.0318 6344 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
    19:43:47.0318 6344 Compbatt - ok
    19:43:47.0380 6344 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
    19:43:47.0380 6344 CompositeBus - ok
    19:43:47.0396 6344 COMSysApp - ok
    19:43:47.0443 6344 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
    19:43:47.0443 6344 crcdisk - ok
    19:43:47.0817 6344 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
    19:43:47.0817 6344 CryptSvc - ok
    19:43:47.0911 6344 [ BF62FF663AE55E4ED99DE76881C2C0F1 ] ctxusbm C:\Windows\system32\DRIVERS\ctxusbm.sys
    19:43:47.0926 6344 ctxusbm - ok
    19:43:48.0004 6344 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
    19:43:48.0020 6344 DcomLaunch - ok
    19:43:48.0082 6344 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
    19:43:48.0082 6344 defragsvc - ok
    19:43:48.0129 6344 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    19:43:48.0129 6344 DfsC - ok
    19:43:48.0207 6344 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
    19:43:48.0270 6344 Dhcp - ok
    19:43:48.0301 6344 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
    19:43:48.0301 6344 discache - ok
    19:43:48.0348 6344 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
    19:43:48.0348 6344 Disk - ok
    19:43:48.0410 6344 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
    19:43:48.0410 6344 Dnscache - ok
    19:43:48.0457 6344 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
    19:43:48.0457 6344 dot3svc - ok
    19:43:48.0488 6344 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
    19:43:48.0504 6344 DPS - ok
    19:43:48.0535 6344 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    19:43:48.0535 6344 drmkaud - ok
    19:43:48.0582 6344 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    19:43:48.0582 6344 DXGKrnl - ok
    19:43:48.0597 6344 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
    19:43:48.0597 6344 EapHost - ok
    19:43:48.0722 6344 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
    19:43:48.0769 6344 ebdrv - ok
    19:43:48.0800 6344 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
    19:43:48.0816 6344 EFS - ok
    19:43:48.0956 6344 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    19:43:49.0050 6344 ehRecvr - ok
    19:43:49.0065 6344 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
    19:43:49.0143 6344 ehSched - ok
    19:43:49.0237 6344 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
    19:43:49.0237 6344 elxstor - ok
    19:43:49.0252 6344 [ 524C79054636D2E5751169005006460B ] enecir C:\Windows\system32\DRIVERS\enecir.sys
    19:43:49.0252 6344 enecir - ok
    19:43:49.0268 6344 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
    19:43:49.0268 6344 ErrDev - ok
    19:43:49.0330 6344 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
    19:43:49.0346 6344 EventSystem - ok
    19:43:49.0362 6344 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
    19:43:49.0377 6344 exfat - ok
    19:43:49.0393 6344 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
    19:43:49.0393 6344 fastfat - ok
    19:43:49.0440 6344 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
    19:43:49.0455 6344 Fax - ok
    19:43:49.0502 6344 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
    19:43:49.0502 6344 fdc - ok
    19:43:49.0533 6344 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
    19:43:49.0533 6344 fdPHost - ok
    19:43:49.0580 6344 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
    19:43:49.0580 6344 FDResPub - ok
    19:43:49.0627 6344 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    19:43:49.0627 6344 FileInfo - ok
    19:43:49.0642 6344 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    19:43:49.0642 6344 Filetrace - ok
    19:43:49.0658 6344 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
    19:43:49.0658 6344 flpydisk - ok
    19:43:49.0720 6344 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    19:43:49.0720 6344 FltMgr - ok
    19:43:49.0798 6344 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
    19:43:49.0830 6344 FontCache - ok
    19:43:49.0861 6344 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    19:43:49.0876 6344 FontCache3.0.0.0 - ok
    19:43:49.0876 6344 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
    19:43:49.0876 6344 FsDepends - ok
    19:43:49.0939 6344 [ 07DA62C960DDCCC2D35836AEAB4FC578 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
    19:43:49.0939 6344 fssfltr - ok
    19:43:50.0110 6344 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
    19:43:50.0157 6344 fsssvc - ok
    19:43:50.0188 6344 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    19:43:50.0188 6344 Fs_Rec - ok
    19:43:50.0235 6344 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
    19:43:50.0235 6344 fvevol - ok
    19:43:50.0266 6344 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
    19:43:50.0266 6344 gagp30kx - ok
    19:43:50.0376 6344 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
    19:43:50.0376 6344 GamesAppService - ok
    19:43:50.0422 6344 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    19:43:50.0422 6344 GEARAspiWDM - ok
    19:43:50.0500 6344 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
    19:43:50.0532 6344 gpsvc - ok
    19:43:50.0672 6344 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    19:43:50.0672 6344 gupdate - ok
    19:43:50.0703 6344 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    19:43:50.0703 6344 gupdatem - ok
    19:43:50.0766 6344 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    19:43:50.0781 6344 gusvc - ok
    19:43:50.0797 6344 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
    19:43:50.0797 6344 hcw85cir - ok
    19:43:50.0859 6344 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    19:43:50.0859 6344 HdAudAddService - ok
    19:43:50.0906 6344 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
    19:43:50.0906 6344 HDAudBus - ok
    19:43:50.0922 6344 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
    19:43:50.0922 6344 HidBatt - ok
    19:43:50.0968 6344 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
    19:43:50.0968 6344 HidBth - ok
    19:43:51.0000 6344 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
    19:43:51.0000 6344 HidIr - ok
    19:43:51.0031 6344 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
    19:43:51.0031 6344 hidserv - ok
    19:43:51.0093 6344 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    19:43:51.0109 6344 HidUsb - ok
    19:43:51.0140 6344 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
    19:43:51.0156 6344 hkmsvc - ok
    19:43:51.0202 6344 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    19:43:51.0218 6344 HomeGroupListener - ok
    19:43:51.0265 6344 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    19:43:51.0265 6344 HomeGroupProvider - ok
    19:43:51.0358 6344 [ 170233B8D743EFE35F462A5D516B93E3 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    19:43:51.0358 6344 HP Support Assistant Service - ok
    19:43:51.0452 6344 [ BCC4A8B2E2E902F52E7F2E7D8E125765 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    19:43:51.0452 6344 HPDrvMntSvc.exe - ok
    19:43:51.0483 6344 [ CCBE758967CC0F53F5BA3B271653C4E6 ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys
    19:43:51.0483 6344 hpdskflt - ok
    19:43:51.0514 6344 [ 9AF482D058BE59CC28BCE52E7C4B747C ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
    19:43:51.0514 6344 HpqKbFiltr - ok
    19:43:51.0577 6344 [ EC9739A46F1F83C6E52A7A4697F44A65 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    19:43:51.0608 6344 hpqwmiex - ok
    19:43:51.0639 6344 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
    19:43:51.0639 6344 HpSAMD - ok
    19:43:51.0670 6344 [ E2223A37896A76861D7F79FD81A2A193 ] hpsrv C:\Windows\system32\Hpservice.exe
    19:43:51.0670 6344 hpsrv - ok
    19:43:51.0717 6344 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    19:43:51.0717 6344 HTTP - ok
    19:43:51.0748 6344 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    19:43:51.0748 6344 hwpolicy - ok
    19:43:51.0811 6344 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
    19:43:51.0811 6344 i8042prt - ok
    19:43:51.0858 6344 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
    19:43:51.0858 6344 iaStorV - ok
    19:43:51.0967 6344 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    19:43:51.0998 6344 idsvc - ok
    19:43:52.0388 6344 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
    19:43:52.0606 6344 igfx - ok
    19:43:52.0638 6344 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
    19:43:52.0638 6344 iirsp - ok
    19:43:52.0778 6344 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
    19:43:52.0825 6344 IKEEXT - ok
    19:43:52.0887 6344 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
    19:43:52.0887 6344 intelide - ok
    19:43:52.0950 6344 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    19:43:52.0950 6344 intelppm - ok
    19:43:52.0981 6344 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    19:43:52.0996 6344 IPBusEnum - ok
    19:43:53.0043 6344 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    19:43:53.0059 6344 IpFilterDriver - ok
    19:43:53.0137 6344 [ A34A587FFFD45FA649FBA6D03784D257 ] IpHlpSvc C:\Windows\System32\iphlpsvc.dll
    19:43:53.0168 6344 IpHlpSvc - ok
    19:43:53.0184 6344 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
    19:43:53.0184 6344 IPMIDRV - ok
    19:43:53.0230 6344 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
    19:43:53.0230 6344 IPNAT - ok
    19:43:53.0402 6344 [ 50D6CCC6FF5561F9F56946B3E6164FB8 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    19:43:53.0449 6344 iPod Service - ok
    19:43:53.0480 6344 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
    19:43:53.0480 6344 IRENUM - ok
    19:43:53.0511 6344 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    19:43:53.0511 6344 isapnp - ok
    19:43:53.0574 6344 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
    19:43:53.0574 6344 iScsiPrt - ok
    19:43:53.0620 6344 [ F8844B00C10E386C704C610E95A9847D ] JMCR C:\Windows\system32\DRIVERS\jmcr.sys
    19:43:53.0620 6344 JMCR - ok
    19:43:53.0636 6344 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
    19:43:53.0636 6344 kbdclass - ok
    19:43:53.0667 6344 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
    19:43:53.0667 6344 kbdhid - ok
    19:43:53.0667 6344 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
    19:43:53.0667 6344 KeyIso - ok
    19:43:53.0714 6344 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    19:43:53.0714 6344 KSecDD - ok
    19:43:53.0745 6344 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
    19:43:53.0761 6344 KSecPkg - ok
    19:43:53.0776 6344 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
    19:43:53.0776 6344 ksthunk - ok
    19:43:53.0839 6344 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
    19:43:53.0854 6344 KtmRm - ok
    19:43:53.0901 6344 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
    19:43:53.0901 6344 LanmanServer - ok
    19:43:53.0964 6344 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    19:43:53.0964 6344 LanmanWorkstation - ok
    19:43:54.0213 6344 [ 83D8BE94E1CBCBE2EA8372DB1A95A159 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    19:43:54.0213 6344 LightScribeService - ok
    19:43:54.0229 6344 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    19:43:54.0229 6344 lltdio - ok
    19:43:54.0276 6344 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
    19:43:54.0291 6344 lltdsvc - ok
    19:43:54.0307 6344 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
    19:43:54.0307 6344 lmhosts - ok
    19:43:54.0322 6344 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
    19:43:54.0322 6344 LSI_FC - ok
    19:43:54.0369 6344 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
    19:43:54.0400 6344 LSI_SAS - ok
    19:43:54.0432 6344 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
    19:43:54.0432 6344 LSI_SAS2 - ok
    19:43:54.0478 6344 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
    19:43:54.0478 6344 LSI_SCSI - ok
    19:43:54.0510 6344 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
    19:43:54.0510 6344 luafv - ok
    19:43:54.0572 6344 lxcc_device - ok
    19:43:54.0634 6344 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
    19:43:54.0634 6344 MBAMProtector - ok
    19:43:54.0697 6344 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    19:43:54.0712 6344 MBAMScheduler - ok
    19:43:54.0744 6344 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    19:43:54.0759 6344 MBAMService - ok
    19:43:54.0806 6344 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    19:43:54.0806 6344 Mcx2Svc - ok
    19:43:54.0822 6344 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
    19:43:54.0822 6344 megasas - ok
    19:43:54.0853 6344 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
    19:43:54.0868 6344 MegaSR - ok
    19:43:54.0931 6344 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
    19:43:54.0931 6344 Microsoft Office Groove Audit Service - ok
    19:43:54.0978 6344 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
    19:43:54.0978 6344 MMCSS - ok
    19:43:54.0993 6344 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
    19:43:54.0993 6344 Modem - ok
    19:43:55.0009 6344 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    19:43:55.0009 6344 monitor - ok
    19:43:55.0056 6344 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
    19:43:55.0056 6344 mouclass - ok
    19:43:55.0102 6344 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    19:43:55.0102 6344 mouhid - ok
    19:43:55.0212 6344 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
    19:43:55.0212 6344 mountmgr - ok
    19:43:55.0290 6344 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
    19:43:55.0290 6344 MpFilter - ok
    19:43:55.0352 6344 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
    19:43:55.0352 6344 mpio - ok
    19:43:55.0399 6344 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    19:43:55.0399 6344 mpsdrv - ok
    19:43:55.0461 6344 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
    19:43:55.0492 6344 MpsSvc - ok
    19:43:55.0539 6344 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    19:43:55.0539 6344 MRxDAV - ok
    19:43:55.0570 6344 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    19:43:55.0586 6344 mrxsmb - ok
    19:43:55.0648 6344 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    19:43:55.0664 6344 mrxsmb10 - ok
    19:43:55.0680 6344 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    19:43:55.0680 6344 mrxsmb20 - ok
    19:43:55.0726 6344 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
    19:43:55.0726 6344 msahci - ok
    19:43:55.0773 6344 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    19:43:55.0789 6344 msdsm - ok
    19:43:55.0804 6344 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
    19:43:56.0038 6344 MSDTC - ok
    19:43:56.0179 6344 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    19:43:56.0194 6344 Msfs - ok
    19:43:56.0304 6344 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
    19:43:56.0350 6344 mshidkmdf - ok
    19:43:56.0428 6344 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    19:43:56.0428 6344 msisadrv - ok
    19:43:56.0444 6344 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    19:43:56.0460 6344 MSiSCSI - ok
    19:43:56.0475 6344 msiserver - ok
    19:43:56.0491 6344 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    19:43:56.0506 6344 MSKSSRV - ok
    19:43:56.0600 6344 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
    19:43:56.0600 6344 MsMpSvc - ok
    19:43:56.0616 6344 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    19:43:56.0616 6344 MSPCLOCK - ok
    19:43:56.0631 6344 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    19:43:56.0631 6344 MSPQM - ok
    19:43:56.0725 6344 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    19:43:56.0740 6344 MsRPC - ok
    19:43:56.0818 6344 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
    19:43:56.0818 6344 mssmbios - ok
    19:43:56.0818 6344 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    19:43:56.0818 6344 MSTEE - ok
    19:43:56.0850 6344 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
    19:43:56.0850 6344 MTConfig - ok
    19:43:56.0865 6344 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
    19:43:56.0865 6344 Mup - ok
    19:43:56.0896 6344 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
    19:43:56.0912 6344 napagent - ok
    19:43:56.0959 6344 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    19:43:56.0974 6344 NativeWifiP - ok
    19:43:57.0037 6344 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
    19:43:57.0068 6344 NDIS - ok
    19:43:57.0146 6344 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
    19:43:57.0146 6344 NdisCap - ok
    19:43:57.0177 6344 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    19:43:57.0177 6344 NdisTapi - ok
    19:43:57.0208 6344 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    19:43:57.0208 6344 Ndisuio - ok
    19:43:57.0271 6344 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    19:43:57.0302 6344 NdisWan - ok
    19:43:57.0333 6344 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    19:43:57.0364 6344 NDProxy - ok
    19:43:57.0396 6344 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    19:43:57.0411 6344 NetBIOS - ok
    19:43:57.0489 6344 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
    19:43:57.0489 6344 NetBT - ok
    19:43:57.0505 6344 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
    19:43:57.0505 6344 Netlogon - ok
    19:43:57.0552 6344 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
    19:43:57.0583 6344 Netman - ok
    19:43:57.0598 6344 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
    19:43:57.0630 6344 netprofm - ok
    19:43:57.0661 6344 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    19:43:57.0661 6344 NetTcpPortSharing - ok
    19:43:57.0942 6344 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
    19:43:58.0238 6344 netw5v64 - ok
    19:43:58.0254 6344 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
    19:43:58.0254 6344 nfrd960 - ok
    19:43:58.0316 6344 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
    19:43:58.0332 6344 NisDrv - ok
    19:43:58.0441 6344 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
    19:43:58.0456 6344 NisSrv - ok
    19:43:58.0519 6344 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
    19:43:58.0550 6344 NlaSvc - ok
    19:43:58.0597 6344 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    19:43:58.0597 6344 Npfs - ok
    19:43:58.0628 6344 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
    19:43:58.0628 6344 nsi - ok
    19:43:58.0659 6344 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    19:43:58.0659 6344 nsiproxy - ok
    19:43:59.0034 6344 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    19:43:59.0080 6344 Ntfs - ok
    19:43:59.0112 6344 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
    19:43:59.0112 6344 Null - ok
    19:43:59.0190 6344 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
    19:43:59.0190 6344 nvraid - ok
    19:43:59.0221 6344 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
    19:43:59.0221 6344 nvstor - ok
    19:43:59.0268 6344 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    19:43:59.0283 6344 nv_agp - ok
    19:43:59.0392 6344 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    19:43:59.0408 6344 odserv - ok
    19:43:59.0439 6344 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
    19:43:59.0455 6344 ohci1394 - ok
    19:43:59.0502 6344 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    19:43:59.0502 6344 ose - ok
    19:43:59.0564 6344 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
    19:43:59.0595 6344 p2pimsvc - ok
    19:43:59.0829 6344 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
    19:43:59.0845 6344 p2psvc - ok
    19:43:59.0876 6344 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
    19:44:00.0001 6344 Parport - ok
    19:44:00.0032 6344 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
    19:44:00.0110 6344 partmgr - ok
    19:44:00.0172 6344 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
    19:44:00.0172 6344 PcaSvc - ok
    19:44:00.0235 6344 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
    19:44:00.0235 6344 pci - ok
    19:44:00.0282 6344 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
    19:44:00.0282 6344 pciide - ok
    19:44:00.0516 6344 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
    19:44:00.0531 6344 pcmcia - ok
    19:44:00.0562 6344 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
    19:44:00.0578 6344 pcw - ok
    19:44:00.0796 6344 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    19:44:00.0812 6344 PEAUTH - ok
    19:44:01.0249 6344 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
    19:44:01.0264 6344 PerfHost - ok
    19:44:01.0498 6344 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
    19:44:01.0545 6344 pla - ok
    19:44:01.0701 6344 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    19:44:01.0701 6344 PlugPlay - ok
    19:44:01.0732 6344 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
    19:44:01.0732 6344 PNRPAutoReg - ok
    19:44:01.0748 6344 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
    19:44:01.0764 6344 PNRPsvc - ok
    19:44:01.0842 6344 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    19:44:01.0873 6344 PolicyAgent - ok
    19:44:01.0920 6344 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
    19:44:01.0935 6344 Power - ok
    19:44:01.0982 6344 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    19:44:01.0998 6344 PptpMiniport - ok
    19:44:02.0044 6344 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
    19:44:02.0044 6344 Processor - ok
    19:44:02.0107 6344 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
    19:44:02.0122 6344 ProfSvc - ok
    19:44:02.0154 6344 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
    19:44:02.0154 6344 ProtectedStorage - ok
     
  7. TruelightE525

    TruelightE525 TS Rookie Topic Starter Posts: 44

    Hi Broni, Below is the second part of the TDSSKiller log contents. Following the log, you'll see some more info I needed to share with you:

    19:44:02.0247 6344 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
    19:44:02.0263 6344 Psched - ok
    19:44:02.0325 6344 [ A6A7AD767BF5141665F5C675F671B3E1 ] PSI_SVC_2 C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    19:44:02.0325 6344 PSI_SVC_2 - ok
    19:44:02.0466 6344 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
    19:44:02.0512 6344 ql2300 - ok
    19:44:02.0871 6344 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
    19:44:02.0871 6344 ql40xx - ok
    19:44:02.0934 6344 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
    19:44:02.0949 6344 QWAVE - ok
    19:44:02.0980 6344 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    19:44:02.0980 6344 QWAVEdrv - ok
    19:44:03.0324 6344 [ A55E7D0D873B2C97585B3B5926AC6ADE ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll
    19:44:03.0324 6344 RapiMgr - ok
    19:44:03.0355 6344 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    19:44:03.0355 6344 RasAcd - ok
    19:44:03.0402 6344 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
    19:44:03.0417 6344 RasAgileVpn - ok
    19:44:03.0464 6344 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
    19:44:03.0464 6344 RasAuto - ok
    19:44:03.0526 6344 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    19:44:03.0526 6344 Rasl2tp - ok
    19:44:03.0589 6344 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
    19:44:03.0604 6344 RasMan - ok
    19:44:03.0714 6344 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    19:44:03.0714 6344 RasPppoe - ok
    19:44:03.0729 6344 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    19:44:03.0745 6344 RasSstp - ok
    19:44:03.0823 6344 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    19:44:03.0870 6344 rdbss - ok
    19:44:03.0916 6344 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
    19:44:03.0916 6344 rdpbus - ok
    19:44:03.0948 6344 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    19:44:03.0948 6344 RDPCDD - ok
    19:44:04.0010 6344 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    19:44:04.0010 6344 RDPENCDD - ok
    19:44:04.0150 6344 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
    19:44:04.0150 6344 RDPREFMP - ok
    19:44:04.0260 6344 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    19:44:04.0260 6344 RDPWD - ok
    19:44:04.0353 6344 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
    19:44:04.0369 6344 rdyboost - ok
    19:44:04.0509 6344 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
    19:44:04.0509 6344 RemoteAccess - ok
    19:44:04.0556 6344 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    19:44:04.0572 6344 RemoteRegistry - ok
    19:44:05.0133 6344 [ 498EB62A160674E793FA40FD65390625 ] RichVideo C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    19:44:05.0133 6344 RichVideo - ok
    19:44:05.0180 6344 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
    19:44:05.0196 6344 RpcEptMapper - ok
    19:44:05.0352 6344 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
    19:44:05.0352 6344 RpcLocator - ok
    19:44:05.0414 6344 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
    19:44:05.0414 6344 RpcSs - ok
    19:44:05.0492 6344 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    19:44:05.0492 6344 rspndr - ok
    19:44:05.0586 6344 [ B49DC435AE3695BAC5623DD94B05732D ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
    19:44:05.0601 6344 RTL8167 - ok
    19:44:05.0617 6344 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
    19:44:05.0617 6344 SamSs - ok
    19:44:05.0648 6344 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    19:44:05.0664 6344 sbp2port - ok
    19:44:05.0679 6344 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
    19:44:05.0695 6344 SCardSvr - ok
    19:44:05.0742 6344 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
    19:44:05.0742 6344 scfilter - ok
    19:44:05.0866 6344 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
    19:44:05.0882 6344 Schedule - ok
    19:44:05.0929 6344 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
    19:44:05.0929 6344 SCPolicySvc - ok
    19:44:06.0054 6344 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
    19:44:06.0054 6344 sdbus - ok
    19:44:06.0100 6344 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    19:44:06.0100 6344 SDRSVC - ok
    19:44:06.0163 6344 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    19:44:06.0163 6344 secdrv - ok
    19:44:06.0178 6344 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
    19:44:06.0194 6344 seclogon - ok
    19:44:06.0225 6344 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
    19:44:06.0225 6344 SENS - ok
    19:44:06.0272 6344 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
    19:44:06.0288 6344 SensrSvc - ok
    19:44:06.0319 6344 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
    19:44:06.0334 6344 Serenum - ok
    19:44:06.0350 6344 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
    19:44:06.0350 6344 Serial - ok
    19:44:06.0397 6344 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
    19:44:06.0412 6344 sermouse - ok
    19:44:06.0522 6344 [ 7B51D631CACD0EEEAA7ED20EDB1A7AFA ] Service Sendori C:\Program Files (x86)\Sendori\Sendori.Service.exe
    19:44:06.0522 6344 Service Sendori - ok
    19:44:06.0584 6344 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
    19:44:06.0584 6344 SessionEnv - ok
    19:44:06.0646 6344 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    19:44:06.0646 6344 sffdisk - ok
    19:44:06.0802 6344 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    19:44:06.0802 6344 sffp_mmc - ok
    19:44:06.0818 6344 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    19:44:06.0818 6344 sffp_sd - ok
    19:44:06.0834 6344 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
    19:44:06.0849 6344 sfloppy - ok
    19:44:06.0943 6344 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
    19:44:06.0958 6344 SharedAccess - ok
    19:44:07.0005 6344 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    19:44:07.0021 6344 ShellHWDetection - ok
    19:44:07.0052 6344 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
    19:44:07.0052 6344 SiSRaid2 - ok
    19:44:07.0208 6344 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
    19:44:07.0208 6344 SiSRaid4 - ok
    19:44:07.0348 6344 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
    19:44:07.0348 6344 SkypeUpdate - ok
    19:44:07.0426 6344 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    19:44:07.0426 6344 Smb - ok
    19:44:07.0707 6344 [ 4E9E7C7D857EA1C83BE6160DAE25B4DA ] sndappv2 C:\Program Files (x86)\Sendori\sndappv2.exe
    19:44:07.0738 6344 sndappv2 - ok
    19:44:07.0785 6344 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    19:44:07.0785 6344 SNMPTRAP - ok
    19:44:07.0801 6344 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
    19:44:07.0801 6344 spldr - ok
    19:44:07.0879 6344 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
    19:44:07.0910 6344 Spooler - ok
    19:44:08.0160 6344 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
    19:44:08.0253 6344 sppsvc - ok
    19:44:08.0284 6344 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
    19:44:08.0300 6344 sppuinotify - ok
    19:44:08.0378 6344 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
    19:44:08.0394 6344 srv - ok
    19:44:08.0440 6344 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    19:44:08.0456 6344 srv2 - ok
    19:44:08.0518 6344 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
    19:44:08.0518 6344 SrvHsfHDA - ok
    19:44:08.0628 6344 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
    19:44:08.0674 6344 SrvHsfV92 - ok
    19:44:08.0815 6344 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
    19:44:08.0830 6344 SrvHsfWinac - ok
    19:44:08.0893 6344 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    19:44:08.0893 6344 srvnet - ok
    19:44:08.0955 6344 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    19:44:08.0986 6344 SSDPSRV - ok
    19:44:09.0002 6344 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
    19:44:09.0002 6344 SstpSvc - ok
    19:44:09.0408 6344 [ 810199DCC3BDC38304D7D649992EA7BC ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe
    19:44:09.0501 6344 STacSV - ok
    19:44:09.0548 6344 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
    19:44:09.0548 6344 stexstor - ok
    19:44:09.0642 6344 [ ED1722F43CE61409EF68340402D6267D ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
    19:44:09.0673 6344 STHDA - ok
    19:44:09.0735 6344 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
    19:44:09.0735 6344 StillCam - ok
    19:44:09.0876 6344 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
    19:44:09.0891 6344 stisvc - ok
    19:44:09.0938 6344 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
    19:44:09.0938 6344 swenum - ok
    19:44:09.0985 6344 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
    19:44:10.0000 6344 swprv - ok
    19:44:10.0078 6344 [ 3A706A967295E16511E40842B1A2761D ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
    19:44:10.0078 6344 SynTP - ok
    19:44:10.0250 6344 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
    19:44:10.0297 6344 SysMain - ok
    19:44:10.0344 6344 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
    19:44:10.0359 6344 TabletInputService - ok
    19:44:10.0422 6344 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
    19:44:10.0437 6344 TapiSrv - ok
    19:44:10.0468 6344 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
    19:44:10.0468 6344 TBS - ok
    19:44:10.0640 6344 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    19:44:10.0702 6344 Tcpip - ok
    19:44:10.0890 6344 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
    19:44:10.0921 6344 TCPIP6 - ok
    19:44:10.0968 6344 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    19:44:10.0968 6344 tcpipreg - ok
    19:44:11.0014 6344 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    19:44:11.0014 6344 TDPIPE - ok
    19:44:11.0077 6344 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    19:44:11.0077 6344 TDTCP - ok
    19:44:11.0124 6344 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    19:44:11.0139 6344 tdx - ok
    19:44:11.0186 6344 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
    19:44:11.0186 6344 TermDD - ok
    19:44:11.0264 6344 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
    19:44:11.0295 6344 TermService - ok
    19:44:11.0311 6344 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
    19:44:11.0311 6344 Themes - ok
    19:44:11.0342 6344 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
    19:44:11.0342 6344 THREADORDER - ok
    19:44:11.0373 6344 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
    19:44:11.0373 6344 TrkWks - ok
    19:44:11.0420 6344 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    19:44:11.0467 6344 TrustedInstaller - ok
    19:44:11.0498 6344 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    19:44:11.0498 6344 tssecsrv - ok
    19:44:11.0560 6344 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
    19:44:11.0576 6344 TsUsbFlt - ok
    19:44:11.0638 6344 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    19:44:11.0654 6344 tunnel - ok
    19:44:11.0685 6344 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
    19:44:11.0685 6344 uagp35 - ok
    19:44:11.0732 6344 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    19:44:11.0732 6344 udfs - ok
    19:44:11.0779 6344 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    19:44:11.0794 6344 UI0Detect - ok
    19:44:11.0810 6344 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    19:44:11.0810 6344 uliagpkx - ok
    19:44:11.0888 6344 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
    19:44:11.0904 6344 umbus - ok
    19:44:11.0919 6344 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
    19:44:11.0919 6344 UmPass - ok
    19:44:11.0950 6344 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
    19:44:11.0966 6344 upnphost - ok
    19:44:12.0028 6344 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
    19:44:12.0028 6344 USBAAPL64 - ok
    19:44:12.0075 6344 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    19:44:12.0075 6344 usbccgp - ok
    19:44:12.0122 6344 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
    19:44:12.0138 6344 usbcir - ok
    19:44:12.0153 6344 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
    19:44:12.0153 6344 usbehci - ok
    19:44:12.0200 6344 [ 44D9C773FEBFF10593B50DDFC2D6BC27 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
    19:44:12.0200 6344 usbfilter - ok
    19:44:12.0262 6344 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    19:44:12.0278 6344 usbhub - ok
    19:44:12.0309 6344 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
    19:44:12.0309 6344 usbohci - ok
    19:44:12.0356 6344 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
    19:44:12.0356 6344 usbprint - ok
    19:44:12.0387 6344 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
    19:44:12.0387 6344 usbscan - ok
    19:44:12.0418 6344 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    19:44:12.0434 6344 USBSTOR - ok
    19:44:12.0450 6344 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
    19:44:12.0450 6344 usbuhci - ok
    19:44:12.0512 6344 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
    19:44:12.0528 6344 usbvideo - ok
    19:44:12.0574 6344 [ 70D05EE263568A742D14E1876DF80532 ] usb_rndisx C:\Windows\system32\drivers\usb8023x.sys
    19:44:12.0590 6344 usb_rndisx - ok
    19:44:12.0621 6344 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
    19:44:12.0621 6344 UxSms - ok
    19:44:12.0652 6344 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
    19:44:12.0652 6344 VaultSvc - ok
    19:44:12.0762 6344 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
    19:44:12.0762 6344 vdrvroot - ok
    19:44:12.0824 6344 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
    19:44:12.0855 6344 vds - ok
    19:44:12.0902 6344 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    19:44:12.0918 6344 vga - ok
    19:44:12.0933 6344 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
    19:44:12.0933 6344 VgaSave - ok
    19:44:12.0996 6344 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
    19:44:12.0996 6344 vhdmp - ok
    19:44:13.0027 6344 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
    19:44:13.0042 6344 viaide - ok
    19:44:13.0074 6344 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    19:44:13.0074 6344 volmgr - ok
    19:44:13.0136 6344 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    19:44:13.0152 6344 volmgrx - ok
    19:44:13.0198 6344 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
    19:44:13.0214 6344 volsnap - ok
    19:44:13.0230 6344 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
    19:44:13.0230 6344 vsmraid - ok
    19:44:13.0339 6344 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
    19:44:13.0666 6344 VSS - ok
    19:44:13.0713 6344 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
    19:44:13.0729 6344 vwifibus - ok
    19:44:13.0916 6344 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
    19:44:13.0916 6344 vwififlt - ok
    19:44:14.0072 6344 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
    19:44:14.0072 6344 vwifimp - ok
    19:44:14.0119 6344 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
    19:44:14.0119 6344 W32Time - ok
    19:44:14.0150 6344 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
    19:44:14.0150 6344 WacomPen - ok
    19:44:14.0212 6344 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
    19:44:14.0212 6344 WANARP - ok
    19:44:14.0244 6344 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    19:44:14.0244 6344 Wanarpv6 - ok
    19:44:14.0322 6344 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
    19:44:14.0353 6344 WatAdminSvc - ok
    19:44:14.0415 6344 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
    19:44:14.0462 6344 wbengine - ok
    19:44:14.0478 6344 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
    19:44:14.0493 6344 WbioSrvc - ok
    19:44:14.0602 6344 [ 8BDA6DB43AA54E8BB5E0794541DDC209 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll
    19:44:14.0665 6344 WcesComm - ok
    19:44:14.0743 6344 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
    19:44:14.0758 6344 wcncsvc - ok
    19:44:14.0805 6344 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    19:44:14.0805 6344 WcsPlugInService - ok
    19:44:14.0852 6344 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
    19:44:14.0852 6344 Wd - ok
    19:44:14.0914 6344 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    19:44:14.0930 6344 Wdf01000 - ok
    19:44:14.0961 6344 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
    19:44:14.0961 6344 WdiServiceHost - ok
    19:44:14.0977 6344 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
    19:44:14.0977 6344 WdiSystemHost - ok
    19:44:15.0086 6344 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
    19:44:15.0117 6344 WebClient - ok
    19:44:15.0164 6344 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
    19:44:15.0195 6344 Wecsvc - ok
    19:44:15.0211 6344 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    19:44:15.0242 6344 wercplsupport - ok
    19:44:15.0273 6344 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
    19:44:15.0289 6344 WerSvc - ok
    19:44:15.0320 6344 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
    19:44:15.0320 6344 WfpLwf - ok
    19:44:15.0382 6344 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
    19:44:15.0382 6344 WIMMount - ok
    19:44:15.0398 6344 WinDefend - ok
    19:44:15.0414 6344 WinHttpAutoProxySvc - ok
    19:44:15.0554 6344 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    19:44:15.0570 6344 Winmgmt - ok
    19:44:15.0788 6344 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
    19:44:15.0866 6344 WinRM - ok
    19:44:15.0991 6344 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
    19:44:15.0991 6344 WinUsb - ok
    19:44:16.0162 6344 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
    19:44:16.0225 6344 Wlansvc - ok
    19:44:16.0459 6344 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
    19:44:16.0474 6344 wlcrasvc - ok
    19:44:16.0740 6344 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    19:44:16.0755 6344 wlidsvc - ok
    19:44:16.0802 6344 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
    19:44:16.0802 6344 WmiAcpi - ok
    19:44:16.0896 6344 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    19:44:17.0005 6344 wmiApSrv - ok
    19:44:17.0067 6344 WMPNetworkSvc - ok
    19:44:17.0098 6344 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
    19:44:17.0114 6344 WPCSvc - ok
    19:44:17.0145 6344 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    19:44:17.0161 6344 WPDBusEnum - ok
    19:44:17.0176 6344 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    19:44:17.0176 6344 ws2ifsl - ok
    19:44:17.0223 6344 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
    19:44:17.0239 6344 wscsvc - ok
    19:44:17.0239 6344 WSearch - ok
    19:44:17.0520 6344 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
    19:44:17.0598 6344 wuauserv - ok
    19:44:17.0676 6344 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    19:44:17.0676 6344 WudfPf - ok
    19:44:17.0754 6344 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    19:44:17.0754 6344 WUDFRd - ok
    19:44:17.0816 6344 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    19:44:17.0816 6344 wudfsvc - ok
    19:44:17.0863 6344 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
    19:44:17.0878 6344 WwanSvc - ok
    19:44:18.0097 6344 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    19:44:18.0112 6344 YahooAUService - ok
    19:44:18.0190 6344 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
    19:44:18.0206 6344 yukonw7 - ok
    19:44:18.0237 6344 ================ Scan global ===============================
    19:44:18.0268 6344 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
    19:44:18.0362 6344 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
    19:44:18.0378 6344 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
    19:44:18.0393 6344 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
    19:44:18.0424 6344 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
    19:44:18.0424 6344 [Global] - ok
    19:44:18.0424 6344 ================ Scan MBR ==================================
    19:44:18.0440 6344 [ 54899EFEDDC7CC50FAD782DFCF105EAE ] \Device\Harddisk0\DR0
    19:44:18.0440 6344 Suspicious mbr (Forged): \Device\Harddisk0\DR0
    19:44:18.0518 6344 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
    19:44:18.0518 6344 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
    19:44:18.0518 6344 ================ Scan VBR ==================================
    19:44:18.0549 6344 [ C5BCE8938BC8AADC11AEDF6DCEEDE09C ] \Device\Harddisk0\DR0\Partition1
    19:44:18.0580 6344 \Device\Harddisk0\DR0\Partition1 - ok
    19:44:18.0596 6344 [ 983054DED5B96046F45F317903AD762D ] \Device\Harddisk0\DR0\Partition2
    19:44:18.0612 6344 \Device\Harddisk0\DR0\Partition2 - ok
    19:44:18.0643 6344 [ 5FB64333F5DD0B0F0E4B9FCB7231284F ] \Device\Harddisk0\DR0\Partition3
    19:44:18.0643 6344 \Device\Harddisk0\DR0\Partition3 - ok
    19:44:18.0643 6344 ============================================================
    19:44:18.0643 6344 Scan finished
    19:44:18.0643 6344 ============================================================
    19:44:18.0674 3388 Detected object count: 2
    19:44:18.0674 3388 Actual detected object count: 2
    19:44:41.0345 3388 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
    19:44:41.0345 3388 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
    19:44:48.0280 3388 \Device\Harddisk0\DR0\# - copied to quarantine
    19:44:48.0374 3388 \Device\Harddisk0\DR0 - copied to quarantine
    19:44:52.0211 3388 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
    19:44:52.0648 3388 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
    19:44:53.0163 3388 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
    19:44:56.0658 3388 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
    19:44:56.0736 3388 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
    19:44:56.0767 3388 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
    19:44:56.0782 3388 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
    19:44:56.0970 3388 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
    19:44:57.0048 3388 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
    19:44:57.0094 3388 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
    19:44:57.0110 3388 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
    19:44:57.0110 3388 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
    19:44:57.0297 3388 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
    19:44:57.0344 3388 \Device\Harddisk0\DR0 - ok
    19:44:58.0983 3388 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure


    Also, I wanted to let you know that the PC crashed (blue screen) before I could reboot it according to your TDSSKiller instructions, so I don't know if the infection was really cured on the reboot from the crash, or if I need to run TDSSKiller again and click on Reboot Now in order for the infection to actually be cured.

    In addition, earlier today, for the first time, after the Startup Repair that I referred to in a previous post, I received an error message on the screen with the heading of "RunDLL". That error message said, "There was a problem starting C:\Users\kc\AppData\Roaming\iatufg.dll Access is denied" and then there was an OK button. Shortly thereafter, the blue screen appeared, and the system crashed.

    I received a similar message prior to running TDSSKiller. It also had a heading of "RunDLL". But that error message said, "There was a problem starting C:\Users\kc\AppData\Roaming\iatufg.dll The specified module could not be found." and then there was an OK button.

    The system seems to be getting worse and crashing more often than yesterday or the day before. I'm ready for your next instructions or directions. Thanks for all your help!
     
  8. Broni

    Broni Malware Annihilator Posts: 47,616   +267

    Don't worry about those errors at this stage of cleaning process.

    Re-run MBAM one more time and post new log.

    See if you can run DDS now.
     
  9. TruelightE525

    TruelightE525 TS Rookie Topic Starter Posts: 44

    Hi Broni,

    I re-ran MBAM, but after the scan completed and before I get to the point where I post the log, I wasn't sure if I should "Select" all of the files for removal. There are four Trojan.Agent files and one Trojan.BHO file that are already Selected, and I know to keep them Selected. But there are also nine PUP.FaceThemes files that are NOT Selected. Should I select them also before clicking the Remove Selected button? Thanks!
     
  10. Broni

    Broni Malware Annihilator Posts: 47,616   +267

    Select all and remove.
     
  11. TruelightE525

    TruelightE525 TS Rookie Topic Starter Posts: 44

    Hi Broni,

    After reading a few other threads on the forum, I decided to Select all the PUP.FaceThemes files (there were actually 11, not 9) for removal as well. I will send you the log and attempt to run DDS now.
     
     
  12. TruelightE525

    TruelightE525 TS Rookie Topic Starter Posts: 44

    Hi Broni,

    The MBAM Log is below:

    Malwarebytes Anti-Malware 1.65.1.1000
    www.malwarebytes.org

    Database version: v2012.11.15.08

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    kc :: KC-PC [administrator]

    11/15/2012 9:09:02 PM
    mbam-log-2012-11-15 (21-09-02).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 225108
    Time elapsed: 10 minute(s), 12 second(s)

    Memory Processes Detected: 1
    C:\Windows\svchost.exe (Trojan.Agent) -> 4508 -> Delete on reboot.

    Memory Modules Detected: 1
    C:\Program Files (x86)\OApps\bho.dll (PUP.FaceThemes) -> Delete on reboot.

    Registry Keys Detected: 10
    HKCR\CLSID\{517E0D3E-17A4-4592-926E-A082DB43B7D3} (PUP.FaceThemes) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{517E0D3E-17A4-4592-926E-A082DB43B7D3} (PUP.FaceThemes) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{517E0D3E-17A4-4592-926E-A082DB43B7D3} (PUP.FaceThemes) -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{517E0D3E-17A4-4592-926E-A082DB43B7D3} (PUP.FaceThemes) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{517E0D3E-17A4-4592-926E-A082DB43B7D3} (PUP.FaceThemes) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{517E0D3E-17A4-4592-926E-A082DB43B7D3} (PUP.FaceThemes) -> Quarantined and deleted successfully.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{517E0D3E-17A4-4592-926E-A082DB43B7D3} (PUP.FaceThemes) -> Quarantined and deleted successfully.
    HKCR\TypeLib\{B00FE392-639D-4688-976E-A1BFF368CB96} (PUP.FaceThemes) -> Quarantined and deleted successfully.
    HKCR\Interface\{3AE26843-9171-4F23-A8E5-5421701276A4} (PUP.FaceThemes) -> Quarantined and deleted successfully.
    HKCR\AppID\{186E19A3-B909-4F48-B687-BB81EB8BC7CE} (Trojan.BHO) -> Quarantined and deleted successfully.

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 4
    C:\Program Files (x86)\OApps\bho.dll (PUP.FaceThemes) -> Delete on reboot.
    C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.
    C:\Users\kc\Local Settings\Application Data\chromeupdate.crx (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Users\kc\AppData\Local\chromeupdate.crx (Trojan.Agent) -> Quarantined and deleted successfully.

    (end)
     
  13. TruelightE525

    TruelightE525 TS Rookie Topic Starter Posts: 44

    Hi Broni,

    After running DDS, my system crashed (blue screen) twice. This was after it had seemed to be running better in Normal Windows mode (I.e., without crashing in a while). So, I'm now running this PC in Safe Mode with Networking to, hopefully, prevent another crash while I send this info to you. Here is the log for DDS.txt. I am going to have to split the contents of the log for Attach.txt before sending it to you because the file is too large.

    DDS.txt:

    DDS (Ver_2012-11-07.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16450 BrowserJavaVersion: 1.6.0_29
    Run by kc at 22:14:03 on 2012-11-15
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4092.2270 [GMT -5:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
    SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\Hpservice.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\LSI SoftModem\agr64svc.exe
    C:\Windows\SysWOW64\svchost.exe -k Akamai
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Uniblue\DriverScanner\dsmonitor.exe
    C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Windows\WindowsMobile\wmdc.exe
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Program Files (x86)\Lexmark 3300 Series\lxccmon.exe
    C:\Program Files (x86)\Lexmark 3300 Series\ezprint.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files (x86)\Citrix\GoToMeeting\723\g2mstart.exe
    C:\Users\kc\AppData\Local\Akamai\netsession_win.exe
    C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
    C:\Windows\system32\lxcccoms.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Windows\SysWOW64\rundll32.exe
    c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe
    c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
    c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Users\kc\AppData\Local\Akamai\netsession_win.exe
    C:\PROGRA~2\Uniblue\DRIVER~1\driverscanner.exe
    C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files (x86)\Dell\PC Suite\Application Launcher\Application Launcher.exe
    \\.\globalroot\systemroot\svchost.exe -netsvcs
    C:\Program Files (x86)\Citrix\GoToMeeting\723\g2mcomm.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Sendori\SendoriTray.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files (x86)\Citrix\GoToMeeting\723\g2mlauncher.exe
    C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
    C:\Program Files (x86)\Common Files\Teleca Shared\CapabilityManager.exe
    C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
    C:\Program Files (x86)\Common Files\Teleca Shared\logger.exe
    C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    C:\Program Files (x86)\Sendori\sndappv2.exe
    C:\Program Files (x86)\Common Files\Teleca Shared\Generic.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Dell\PC Suite\Mobile Phone Monitor\pcc_capi.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\Dell\PC Suite\Mobile Phone Monitor\TCPVBTServer.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files (x86)\Sendori\SendoriSvc.exe
    C:\Program Files (x86)\Sendori\Sendori.Service.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files (x86)\Sendori\SendoriUp.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
    C:\Windows\system32\svchost.exe -k WindowsMobile
    c:\Program Files\Microsoft Security Client\NisSrv.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
    c:\Program Files\Microsoft Security Client\MpCmdRun.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.aol.com/
    uWindow Title = Windows Internet Explorer provided by Yahoo!
    uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie9
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
    mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
    uURLSearchHooks: WhiteSmoke US New Toolbar: {462be121-2b54-4218-bf00-b9bf8135b23f} - C:\Program Files (x86)\WhiteSmoke_US_New\prxtbWhit.dll
    uURLSearchHooks: FCToolbarURLSearchHook Class: {dd716bcd-bc24-e944-69b7-b26d74121c70} - C:\Program Files (x86)\BucksBee Loyalty Plugin - 100884.rs\Helper.dll
    uURLSearchHooks: <No Name>: - LocalServer32 - <no file>
    mURLSearchHooks: WhiteSmoke US New Toolbar: {462be121-2b54-4218-bf00-b9bf8135b23f} - C:\Program Files (x86)\WhiteSmoke_US_New\prxtbWhit.dll
    mWinlogon: Userinit = userinit.exe,
    BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
    BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: WhiteSmoke US New Toolbar: {462be121-2b54-4218-bf00-b9bf8135b23f} - C:\Program Files (x86)\WhiteSmoke_US_New\prxtbWhit.dll
    BHO: BucksBee Loyalty Plugin - 100884.rs: {531D0355-4050-2CB4-2902-6A0CC0372774} - C:\Program Files (x86)\BucksBee Loyalty Plugin - 100884.rs\BucksBee Loyalty Plugin.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: hpBHO Class: {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
    BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
    BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: WhiteSmoke US New Toolbar: {462BE121-2B54-4218-BF00-B9BF8135B23F} - C:\Program Files (x86)\WhiteSmoke_US_New\prxtbWhit.dll
    TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: WhiteSmoke US New Toolbar: {462be121-2b54-4218-bf00-b9bf8135b23f} - C:\Program Files (x86)\WhiteSmoke_US_New\prxtbWhit.dll
    EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
    uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
    uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    uRun: [GoToMeeting] "C:\Program Files (x86)\Citrix\GoToMeeting\723\g2mstart.exe" "/Trigger RunAtLogon"
    uRun: [Akamai NetSession Interface] "C:\Users\kc\AppData\Local\Akamai\netsession_win.exe"
    uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
    uRun: [DriverScanner] "C:\PROGRA~2\Uniblue\DRIVER~1\launcher.exe" delay 20000
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"
    mRun: [Corel File Shell Monitor] C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
    mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    mRun: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [Dell PC Suite] "C:\Program Files (x86)\Dell\PC Suite\Application Launcher\Application Launcher.exe" /startoptions
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [Sendori Tray] "C:\Program Files (x86)\Sendori\SendoriTray.exe"
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    uPolicies-System: WallpaperStyle = 2
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableLUA = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    mPolicies-System: PromptOnSecureDesktop = dword:0
    mPolicies-System: WallpaperStyle = 2
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
    IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
    LSP: C:\Windows\System32\Sendori.dll
    DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
    DPF: {03A89EFD-E023-B200-A22D-45F77558EB4C} - hxxps://content10.ilinc.com/download/AXCltInst11.dll
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} - hxxp://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
    DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    TCP: NameServer = 75.75.75.75 75.75.76.76
    TCP: Interfaces\{F7212564-7208-4EE8-9940-09F3208E7C0A} : DHCPNameServer = 75.75.75.75 75.75.76.76
    TCP: Interfaces\{F93EDB5A-0437-4FB0-AE65-C0D7F6B17378} : NameServer = 216.146.35.240,216.146.36.240,75.75.75.75,75.75.76.76
    TCP: Interfaces\{F93EDB5A-0437-4FB0-AE65-C0D7F6B17378} : DHCPNameServer = 75.75.75.75 75.75.76.76
    TCP: Interfaces\{F93EDB5A-0437-4FB0-AE65-C0D7F6B17378}\342514655436F66666565686F6573756 : DHCPNameServer = 192.168.2.1
    TCP: Interfaces\{F93EDB5A-0437-4FB0-AE65-C0D7F6B17378}\960586F6E656 : DHCPNameServer = 69.78.96.14 66.174.95.44
    Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
    x64-mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
    x64-mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
    x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
    x64-Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
    x64-Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    x64-Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe
    x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
    x64-Run: [LXCCCATS] rundll32 C:\Windows\System32\spool\DRIVERS\x64\3\LXCCtime.dll,RunDLLEntry
    x64-Run: [lxccmon.exe] "C:\Program Files (x86)\Lexmark 3300 Series\lxccmon.exe"
    x64-Run: [EzPrint] "C:\Program Files (x86)\Lexmark 3300 Series\ezprint.exe"
    x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey
    x64-Run: [WMNetMgr] C:\Users\kc\AppData\Local\Microsoft\Windows\18\WMNetMgr.exe
    x64-Run: [iatufg] rundll32.exe "C:\Users\kc\AppData\Roaming\iatufg.dll",GetCounter
    x64-Run: [nsetfg] "C:\Windows\System32\rundll32.exe" "C:\Users\kc\AppData\Roaming\nsetfg.dll",set_packing
    x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
    x64-DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
    x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
    x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
    x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
    x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
    x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
    x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
    x64-SSODL: WebCheck - <orphaned>
    x64-mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - C:\Windows\System32\rundll32.exe C:\Windows\System32\advpack.dll,LaunchINFSectionEx C:\Program Files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\kc\AppData\Roaming\Mozilla\Firefox\Profiles\4tke2egd.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://xfinity.comcast.net/?cid=insDate10032012|http://www.comcast.net/xfinity/?cid...qry/goto?app=mail&cid=xfactiv_email&cid=ffpin
    FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=F32EBABE-D637-4386-9953-81789545DC3B&n=77ee166e&ind=2012092014&p2=^XP^xdm044^S02131^us&si=CJCFq5fTkLICFcVFMgod6DMAcQ&searchfor=
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPCltInst11.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npicaN.dll
    FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\kc\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
    FF - ExtSQL: 2012-10-24 15:47; plugin@selectionlinks.com; C:\Users\kc\AppData\Roaming\Mozilla\Firefox\Profiles\4tke2egd.default\extensions\plugin@selectionlinks.com
    FF - ExtSQL: 2012-11-15 21:53; {0f8e4bc3-2895-11e2-8271-b8ac6f996f26}; C:\Users\kc\AppData\Roaming\Mozilla\Firefox\Profiles\4tke2egd.default\extensions\{0f8e4bc3-2895-11e2-8271-b8ac6f996f26}.xpi
    FF - ExtSQL: !HIDDEN! 2010-04-08 13:40; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    .
    ---- FIREFOX POLICIES ----
    user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
    R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2011-8-11 91864]
    R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 27136]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-7-2 203264]
    R2 Application Sendori;Application Sendori;C:\Program Files (x86)\Sendori\SendoriSvc.exe [2012-9-26 118632]
    R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-6-15 249648]
    R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560]
    R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
    R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2010-7-16 30520]
    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-11-6 399432]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-11-6 676936]
    R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 128456]
    R2 Service Sendori;Service Sendori;C:\Program Files (x86)\Sendori\Sendori.Service.exe [2012-9-26 15208]
    R2 sndappv2;sndappv2;C:\Program Files (x86)\Sendori\sndappv2.exe [2012-9-26 3569512]
    R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-8-15 227896]
    R3 enecir;ENE CIR Receiver;C:\Windows\System32\drivers\enecir.sys [2009-6-29 70656]
    R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-11-6 25928]
    R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-9-20 215040]
    R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2009-9-20 36408]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
    S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-7-7 195336]
    S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-6-27 48488]
    S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
    S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    S3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2009-7-20 140712]
    S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
    S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
    S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
    S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-5-5 59392]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-5-11 1255736]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2012-11-16 02:55:27 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{43B8790B-2252-444B-B5F9-1A1DE3E7596C}\offreg.dll
    2012-11-16 02:53:47 20480 ----a-w- C:\Windows\svchost.exe
    2012-11-16 01:07:42 9291768 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{43B8790B-2252-444B-B5F9-1A1DE3E7596C}\mpengine.dll
    2012-11-16 00:44:41 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-11-16 00:27:52 -------- d-----w- C:\Users\kc\AppData\Local\{B769D7A2-7C6B-44BB-B11F-F990B19A8513}
    2012-11-15 22:47:36 9291768 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
    2012-11-15 22:42:42 -------- d-----w- C:\Users\kc\AppData\Local\{61B32D6D-472A-411E-A5E8-9CAB5F843820}
    2012-11-15 14:54:38 -------- d-----w- C:\Users\kc\AppData\Local\{DAC07FD6-5DC4-4FDD-A100-741AA414667F}
    2012-11-14 20:41:54 -------- d-----w- C:\Users\kc\AppData\Local\{9F76D7C4-3114-451A-9B79-D44E544178C7}
    2012-11-14 19:49:45 -------- d-----w- C:\Users\kc\AppData\Local\NPE
    2012-11-14 17:53:01 -------- d-----w- C:\Users\kc\AppData\Local\{9B0E9F4D-6DB3-4E2D-8B8B-C041449E29DF}
    2012-11-14 17:19:20 -------- d-----w- C:\Users\kc\AppData\Local\{C0690703-41B5-4031-9B36-8CB31BAFC201}
    2012-11-14 15:14:54 -------- d-----w- C:\Users\kc\AppData\Local\{8C033251-BA03-40D7-9B85-97B113C1D1CE}
    2012-11-14 03:14:12 -------- d-----w- C:\Users\kc\AppData\Local\{EA509772-1108-4F15-A934-4276F8788DB9}
    2012-11-13 15:02:06 -------- d-----w- C:\Users\kc\AppData\Local\{B35C3E0F-C9EF-47A7-ACDA-538D2AFA805F}
    2012-11-12 14:52:28 -------- d-----w- C:\Users\kc\AppData\Local\{A8AB62E4-44C9-4393-8EB9-AF0C102CD492}
    2012-11-12 14:41:28 -------- d-----w- C:\Users\kc\AppData\Local\{E01B2219-A45F-4C09-B496-21AEAB1E08E7}
    2012-11-12 08:51:42 -------- d-----w- C:\Users\kc\AppData\Local\{CD2DD2DC-BDB6-4275-9794-D5569C044D64}
    2012-11-11 06:23:26 -------- d-----w- C:\Users\kc\AppData\Local\{0A769565-BBE1-45E0-AC59-AF6CA0EE9C27}
    2012-11-10 18:22:57 -------- d-----w- C:\Users\kc\AppData\Local\{463FBA6D-15E7-46BC-8DB9-D7A6487E47B6}
    2012-11-10 01:28:13 -------- d-----w- C:\Users\kc\AppData\Local\{4A3A8CB5-7D1A-46E6-90DF-75AF1E2F530F}
    2012-11-09 13:27:56 -------- d-----w- C:\Users\kc\AppData\Local\{C91E1392-5171-497E-86E7-351A5D21534A}
    2012-11-08 22:29:37 -------- d-----w- C:\Users\kc\AppData\Local\{FFE3340F-47A9-4509-AEC8-C7CFECB15424}
    2012-11-08 13:53:34 -------- d-----w- C:\Users\kc\AppData\Local\{5FA35C94-7BA5-414A-B93C-66A685B9F281}
    2012-11-07 21:05:01 -------- d-----w- C:\Users\kc\AppData\Local\{F0A63067-A560-4C91-97A4-A500430EBC10}
    2012-11-07 04:55:18 -------- d-----w- C:\Users\kc\AppData\Local\{8CD14C7E-2CF5-461D-818A-C575D2A3800A}
    2012-11-07 04:39:12 457216 ----a-w- C:\Users\kc\AppData\Roaming\nsetfg.dll
    2012-11-07 04:34:42 -------- d-----w- C:\Users\kc\AppData\Local\{9458EA01-99E4-418F-A470-83E1BFC59914}
    2012-11-07 04:33:42 -------- d-----w- C:\Users\kc\AppData\Roaming\hellomoto
    2012-11-07 03:04:55 -------- d-----w- C:\Users\kc\AppData\Local\{633CB330-921F-4222-8822-5E739C7C886E}
    2012-11-07 03:00:34 -------- d-----w- C:\Users\kc\AppData\Local\{7C391D59-0251-4F84-B7B3-05ECD1D0B8C3}
    2012-11-07 02:45:09 -------- d-----w- C:\Users\kc\AppData\Roaming\Malwarebytes
    2012-11-07 02:44:54 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-11-07 02:44:53 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-11-07 02:44:52 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-11-03 16:19:23 -------- d-----w- C:\Users\kc\AppData\Local\{59EAC105-E0D4-48D5-BFCB-FBAABAA87294}
    2012-11-03 16:13:08 -------- d-sh--w- C:\found.000
    2012-11-03 16:05:30 -------- d-----w- C:\Users\kc\AppData\Local\{405AA6DC-00FC-473D-AE7B-94B3600E2B15}
    2012-11-02 12:59:45 -------- d-----w- C:\Users\kc\AppData\Local\{1E512B39-C3EC-4B51-811F-56FAC7D0D320}
    2012-11-01 14:39:31 -------- d-----w- C:\Users\kc\AppData\Local\{5B96CDAE-7FD3-42EC-86EC-E3BA4155F7F4}
    2012-10-31 16:49:30 -------- d-----w- C:\Users\kc\AppData\Local\{41E628BA-C782-4AD3-A144-36E40E13C673}
    2012-10-31 04:49:08 -------- d-----w- C:\Users\kc\AppData\Local\{A8A5473B-2242-494D-9A57-12A29093BA29}
    2012-10-30 16:48:45 -------- d-----w- C:\Users\kc\AppData\Local\{6D4FC340-F24D-4670-B778-5E8408B3ACC1}
    2012-10-30 04:48:33 -------- d-----w- C:\Users\kc\AppData\Local\{D664DE94-7CC2-4454-8B5F-F9852283ECC9}
    2012-10-30 04:37:12 -------- d-----w- C:\ProgramData\Uniblue
    2012-10-30 04:36:40 -------- d-----w- C:\Users\kc\AppData\Local\{6AA2DD8A-3D34-4712-9A24-9FA4C69A4019}
    2012-10-24 19:49:10 -------- d-----w- C:\Program Files (x86)\SMPlayer
    2012-10-24 19:49:01 -------- d-----w- C:\Users\kc\AppData\Roaming\Uniblue
    2012-10-24 19:48:54 -------- d-----w- C:\Program Files (x86)\Uniblue
    2012-10-24 19:48:30 -------- d-----w- C:\Program Files (x86)\BucksBee Loyalty Plugin - 100884.rs
    2012-10-24 19:48:01 321384 ----a-w- C:\Windows\SysWow64\Sendori.dll
    2012-10-24 19:47:56 -------- d-----w- C:\ProgramData\Sendori
    2012-10-24 19:47:53 -------- d-----w- C:\Program Files (x86)\Sendori
    2012-10-24 19:47:41 -------- d-----w- C:\Program Files (x86)\OApps
    2012-10-24 19:47:28 -------- d-----w- C:\Program Files (x86)\Conduit
    2012-10-24 19:46:39 -------- d-----w- C:\Users\kc\AppData\Local\Conduit
    2012-10-24 19:46:37 -------- d-----w- C:\Program Files (x86)\WhiteSmoke_US_New
    2012-10-21 13:30:54 591720 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\NPCltInst11.dll
    2012-10-21 13:30:54 -------- d-----w- C:\Users\kc\AppData\Local\iLinc
    2012-10-21 13:30:23 -------- d-----w- C:\Program Files (x86)\iLinc
    2012-10-21 13:19:13 -------- d-----w- C:\Users\kc\AppData\Local\{F57B6D52-6C02-4644-943D-86EAE622B207}
    2012-10-21 13:13:17 972192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B2C3E238-9664-4B4C-B3FC-6527F35165ED}\gapaengine.dll
    2012-10-17 13:05:26 -------- d-----w- C:\Users\kc\AppData\Local\{B6C2412A-3C9A-4C86-80FD-1A15D1163F9E}
    .
    ==================== Find3M ====================
    .
    2012-10-11 14:42:19 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-10-11 14:42:18 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll
    2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys
    2012-08-31 03:03:48 228768 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
    2012-08-31 03:03:48 128456 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
    2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2012-08-24 18:05:07 220160 ----a-w- C:\Windows\System32\wintrust.dll
    2012-08-24 16:57:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
    2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
    2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
    2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
    2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
    2012-08-21 21:01:00 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
    2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll
    2012-08-20 18:48:44 243200 ----a-w- C:\Windows\System32\wow64.dll
    2012-08-20 18:48:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
    2012-08-20 18:48:43 215040 ----a-w- C:\Windows\System32\winsrv.dll
    2012-08-20 18:48:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
    2012-08-20 18:48:35 424448 ----a-w- C:\Windows\System32\KernelBase.dll
    2012-08-20 18:46:22 338432 ----a-w- C:\Windows\System32\conhost.exe
    2012-08-20 17:40:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2012-08-20 17:38:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
    2012-08-20 17:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2012-08-20 17:37:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
    2012-08-20 15:38:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2012-08-20 15:38:20 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2012-08-20 15:33:28 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2012-08-20 15:33:28 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-08-20 15:33:28 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2012-08-20 15:33:28 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    .
    ============= FINISH: 22:16:39.16 ===============
     
  14. TruelightE525

    TruelightE525 TS Rookie Topic Starter Posts: 44

    Hi Broni,

    The Attach.txt log file is split into multiple posts, starting with this one:

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-07.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 2/21/2010 3:32:00 PM
    System Uptime: 11/15/2012 9:52:11 PM (1 hours ago)
    .
    Motherboard: Quanta | | 363A
    Processor: AMD Turion(tm) II Ultra Dual-Core Mobile M600 | Socket S1G3 | 2400/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 450 GiB total, 344.464 GiB free.
    D: is FIXED (NTFS) - 15 GiB total, 2.518 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
    Description: Canon MX860 ser Network
    Device ID: ROOT\CANON_IJ_NETWORK\0000
    Manufacturer: Canon
    Name: Canon MX860 ser Network
    PNP Device ID: ROOT\CANON_IJ_NETWORK\0000
    Service: StillCam
    .
    ==== System Restore Points ===================
    .
    RP497: 10/6/2012 1:20:18 AM - HPSF Restore Point
    RP498: 10/6/2012 7:00:10 PM - Windows Update
    RP499: 10/10/2012 7:59:20 AM - Windows Update
    RP500: 10/11/2012 10:10:37 AM - Windows Update
    RP501: 10/14/2012 5:23:44 PM - Windows Update
    RP502: 10/17/2012 9:14:43 PM - Windows Update
    RP503: 10/21/2012 9:11:48 AM - Windows Update
    RP504: 10/24/2012 3:40:14 PM - Windows Update
    RP505: 10/27/2012 4:38:07 PM - Windows Update
    RP506: 10/30/2012 10:32:16 PM - Windows Update
    RP507: 11/6/2012 11:46:47 PM - Windows Update
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader 9.4.5 MUI
    Adobe Reader X (10.1.4)
    Adobe Shockwave Player 11.5
    Akamai NetSession Interface
    Akamai NetSession Interface Service
    AMD USB Filter Driver
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Atheros Driver Installation Program
    ATI Catalyst Install Manager
    AVS DVD Copy version 4.1.1
    AVS Update Manager 1.0
    AVS4YOU Software Navigator 1.3
    BidFellow version 0.9.0.0
    Bing Bar
    Bonjour
    BucksBee Loyalty Plugin - 100884.rs
    Burn4Free CD & DVD 5.1.0.0
    Canon MX860 series MP Drivers
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-core-static
    ccc-utility64
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Cisco EAP-FAST Module
    Cisco LEAP Module
    Cisco PEAP Module
    Citrix Receiver
    Citrix Receiver (HDX Flash Redirection)
    Citrix Receiver Inside
    Citrix Receiver(Aero)
    Citrix Receiver(DV)
    Citrix Receiver(USB)
    Compatibility Pack for the 2007 Office system
    ConvertGenius 3.6
    Corel Paint Shop Pro Photo X2
    Corel VideoStudio 12
    COWON Media Center - jetAudio Basic VX
    CyberLink DVD Suite
    D3DX10
    Dell PC Suite
    dvdSanta 4.50
    ENE CIR Receiver Driver
    Facebook Plug-In
    Full Tilt Poker.Net
    Google Chrome
    Google Earth
    Google Toolbar for Internet Explorer
    Google Update Helper
    GoToMeeting 4.8.0.723
    Hewlett-Packard ACLM.NET v1.1.1.0
    Homepage Protection
    HP 3D DriveGuard
    HP Advisor
    HP Customer Experience Enhancements
    HP Games
    HP MediaSmart DVD
    HP MediaSmart Internet TV
    HP MediaSmart Live TV
    HP MediaSmart Movie Themes
    HP MediaSmart Music/Photo/Video
    HP MediaSmart SlingPlayer
    HP MediaSmart SmartMenu
    HP MediaSmart Software Notebook Demo
    HP MediaSmart Webcam
    HP Quick Launch Buttons
    HP Setup
    HP Smart Web Printing 4.60
    HP Support Assistant
    HP Update
    HP User Guides 0153
    HP Wireless Assistant
    iCloud
    IDT Audio
    iLinc 11 Client
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 14 (64-bit)
    Java(TM) 6 Update 29
    JMicron Flash Media Controller Driver
    Junk Mail filter update
    LabelPrint
    Lexmark 3300 Series
    LightScribe System Software
    LSI HDA Modem
    Malwarebytes Anti-Malware version 1.65.1.1000
    Mesh Runtime
    Messenger Companion
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Live Search Toolbar
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Office 64-bit Components 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook Connector
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Professional 2007
    Microsoft Office Professional 2007 Trial
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared 64-bit MUI (English) 2007
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Suite Activation Assistant
    Microsoft Office Word MUI (English) 2007
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Works
    Mozilla Firefox 4.0.1 (x86 en-US)
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Online Plug-in
    Power2Go
    PowerDirector
    PowerRecover
    QLBCASL
    QuickTime
    Realtek 8136 8168 8169 Ethernet Driver
    Safari
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition
    SelectionLinks
    Sendori
    Skype Click to Call
    Skype™ 5.10
    SlingBoxWatchYourTVAnyWhere
    SmartWebPrinting
    SMPlayer 0.6.9
    Synaptics Pointing Device Driver
    Uniblue DriverScanner
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update Installer for WildTangent Games App
    VideoStudio
    WhiteSmoke US New Toolbar
    WildTangent Games App (HP Games)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Language Selector
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live MIME IFilter
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live Remote Client
    Windows Live Remote Client Resources
    Windows Live Remote Service
    Windows Live Remote Service Resources
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live Sync
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Windows Media Encoder 9 Series
    Windows Mobile Device Center
    Yahoo! Detect
    Yahoo! Software Update
    Yahoo! Toolbar
    .
    ==== Event Viewer Messages From Past Week ========
    .
    18906120
    11/9/2012 8:27:28 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Application Sendori service.
    11/9/2012 4:57:58 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HP Support Assistant Service service.
    11/8/2012 9:18:07 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.139.1515.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8904.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    11/8/2012 8:53:18 AM, Error: Tcpip [4199] - The system detected an address conflict for IP address 0.0.0.0 with the system having network hardware address 00-00-00-00-00-00. Network operations on this system may be disrupted as a result.
    11/8/2012 6:43:16 PM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
    11/8/2012 5:29:00 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the MBAMScheduler service to connect.
    11/8/2012 5:29:00 PM, Error: Service Control Manager [7000] - The MBAMScheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    11/8/2012 10:44:49 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.139.1515.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8904.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    11/8/2012 1:23:07 PM, Error: Service Control Manager [7031] - The Windows Event Log service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    11/8/2012 1:23:07 PM, Error: Service Control Manager [7031] - The Windows Audio service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    11/8/2012 1:23:07 PM, Error: Service Control Manager [7031] - The TCP/IP NetBIOS Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
    11/8/2012 1:23:07 PM, Error: Service Control Manager [7031] - The Security Center service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    11/8/2012 1:23:07 PM, Error: Service Control Manager [7031] - The HomeGroup Provider service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    11/8/2012 1:23:07 PM, Error: Service Control Manager [7031] - The DHCP Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    11/15/2012 9:55:41 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:JS/Medfos.B&threatid=2147664014 Name: Trojan:JS/Medfos.B ID: 2147664014 Severity: Severe Category: Trojan Path: containerfile:_C:\Users\kc\AppData\Local\chromeupdate.crx;file:_C:\Users\kc\AppData\Local\chromeupdate.crx->manager.js Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\SysWOW64\rundll32.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.139.2195.0, AS: 1.139.2195.0, NIS: 15.13.0.0 Engine Version: AM: 1.1.8904.0, NIS: 2.1.8600.0
    11/15/2012 9:54:43 AM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
    11/15/2012 9:52:51 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:JS/Medfos.B&threatid=2147664014 Name: Trojan:JS/Medfos.B ID: 2147664014 Severity: Severe Category: Trojan Path: containerfile:_C:\Users\kc\AppData\Local\chromeupdate.crx;file:_C:\Users\kc\AppData\Local\chromeupdate.crx->manager.js Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\SysWOW64\rundll32.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.139.1740.0, AS: 1.139.1740.0, NIS: 15.13.0.0 Engine Version: AM: 1.1.8904.0, NIS: 2.1.8600.0
    11/15/2012 9:47:57 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:JS/Medfos.B&threatid=2147664014 Name: Trojan:JS/Medfos.B ID: 2147664014 Severity: Severe Category: Trojan Path: containerfile:_C:\Users\kc\AppData\Local\chromeupdate.crx;file:_C:\Users\kc\AppData\Local\chromeupdate.crx->manager.js Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\SysWOW64\rundll32.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.139.2195.0, AS: 1.139.2195.0, NIS: 15.13.0.0 Engine Version: AM: 1.1.8904.0, NIS: 2.1.8600.0
    11/15/2012 9:42:29 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:JS/Medfos.B&threatid=2147664014 Name: Trojan:JS/Medfos.B ID: 2147664014 Severity: Severe Category: Trojan Path: containerfile:_C:\Users\kc\AppData\Local\chromeupdate.crx;file:_C:\Users\kc\AppData\Local\chromeupdate.crx->manager.js Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\SysWOW64\rundll32.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.139.2195.0, AS: 1.139.2195.0, NIS: 15.13.0.0 Engine Version: AM: 1.1.8904.0, NIS: 2.1.8600.0
    11/15/2012 9:37:01 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:JS/Medfos.B&threatid=2147664014 Name: Trojan:JS/Medfos.B ID: 2147664014 Severity: Severe Category: Trojan Path: containerfile:_C:\Users\kc\AppData\Local\chromeupdate.crx;file:_C:\Users\kc\AppData\Local\chromeupdate.crx->manager.js Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\SysWOW64\rundll32.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.139.2195.0, AS: 1.139.2195.0, NIS: 15.13.0.0 Engine Version: AM: 1.1.8904.0, NIS: 2.1.8600.0
    11/15/2012 9:31:33 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:JS/Medfos.B&threatid=2147664014 Name: Trojan:JS/Medfos.B ID: 2147664014 Severity: Severe Category: Trojan Path: containerfile:_C:\Users\kc\AppData\Local\chromeupdate.crx;file:_C:\Users\kc\AppData\Local\chromeupdate.crx->manager.js Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\SysWOW64\rundll32.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.139.2195.0, AS: 1.139.2195.0, NIS: 15.13.0.0 Engine Version: AM: 1.1.8904.0, NIS: 2.1.8600.0
    11/15/2012 9:26:06 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:JS/Medfos.B&threatid=2147664014 Name: Trojan:JS/Medfos.B ID: 2147664014 Severity: Severe Category: Trojan Path: containerfile:_C:\Users\kc\AppData\Local\chromeupdate.crx;file:_C:\Users\kc\AppData\Local\chromeupdate.crx->manager.js Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\SysWOW64\rundll32.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.139.2195.0, AS: 1.139.2195.0, NIS: 15.13.0.0 Engine Version: AM: 1.1.8904.0, NIS: 2.1.8600.0
    11/15/2012 9:20:38 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:JS/Medfos.B&threatid=2147664014 Name: Trojan:JS/Medfos.B ID: 2147664014 Severity: Severe Category: Trojan Path: containerfile:_C:\Users\kc\AppData\Local\chromeupdate.crx;file:_C:\Users\kc\AppData\Local\chromeupdate.crx->manager.js Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\SysWOW64\rundll32.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.139.2195.0, AS: 1.139.2195.0, NIS: 15.13.0.0 Engine Version: AM: 1.1.8904.0, NIS: 2.1.8600.0
    11/15/2012 9:19:29 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:JS/Medfos.B&threatid=2147664014 Name: Trojan:JS/Medfos.B ID: 2147664014 Severity: Severe Category: Trojan Path: containerfile:_C:\Users\kc\AppData\Local\chromeupdate.crx;file:_C:\Users\kc\AppData\Local\chromeupdate.crx->manager.js Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.139.2195.0, AS: 1.139.2195.0, NIS: 15.13.0.0 Engine Version: AM: 1.1.8904.0, NIS: 2.1.8600.0
    11/15/2012 9:15:09 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:JS/Medfos.B&threatid=2147664014 Name: Trojan:JS/Medfos.B ID: 2147664014 Severity: Severe Category: Trojan Path: containerfile:_C:\Users\kc\AppData\Local\chromeupdate.crx;file:_C:\Users\kc\AppData\Local\chromeupdate.crx->manager.js Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\SysWOW64\rundll32.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.139.2195.0, AS: 1.139.2195.0, NIS: 15.13.0.0 Engine Version: AM: 1.1.8904.0, NIS: 2.1.8600.0
    11/15/2012 9:14:55 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:JS/Medfos.B&threatid=2147664014 Name: Trojan:JS/Medfos.B ID: 2147664014 Severity: Severe Category: Trojan Path: containerfile:_C:\Users\kc\AppData\Local\chromeupdate.crx;file:_C:\Users\kc\AppData\Local\chromeupdate.crx->manager.js Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.139.2195.0, AS: 1.139.2195.0, NIS: 15.13.0.0 Engine Version: AM: 1.1.8904.0, NIS: 2.1.8600.0
    11/15/2012 9:09:40 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:JS/Medfos.B&threatid=2147664014 Name: Trojan:JS/Medfos.B ID: 2147664014 Severity: Severe Category: Trojan Path: containerfile:_C:\Users\kc\AppData\Local\chromeupdate.crx;file:_C:\Users\kc\AppData\Local\chromeupdate.crx->manager.js Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\SysWOW64\rundll32.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.139.2195.0, AS: 1.139.2195.0, NIS: 15.13.0.0 Engine Version: AM: 1.1.8904.0, NIS: 2.1.8600.0
    11/15/2012 9:04:11 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:JS/Medfos.B&threatid=2147664014 Name: Trojan:JS/Medfos.B ID: 2147664014 Severity: Severe Category: Trojan Path: containerfile:_C:\Users\kc\AppData\Local\chromeupdate.crx;file:_C:\Users\kc\AppData\Local\chromeupdate.crx->manager.js Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\SysWOW64\rundll32.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.139.2195.0, AS: 1.139.2195.0, NIS: 15.13.0.0 Engine Version: AM: 1.1.8904.0, NIS: 2.1.8600.0
    11/15/2012 8:58:22 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:JS/Medfos.B&threatid=2147664014 Name: Trojan:JS/Medfos.B ID: 2147664014 Severity: Severe Category: Trojan Path: containerfile:_C:\Users\kc\AppData\Local\chromeupdate.crx;file:_C:\Users\kc\AppData\Local\chromeupdate.crx->manager.js Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\SysWOW64\rundll32.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.139.2195.0, AS: 1.139.2195.0, NIS: 15.13.0.0 Engine Version: AM: 1.1.8904.0, NIS: 2.1.8600.0
    11/15/2012 8:07:18 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.139.1642.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8904.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
    11/15/2012 7:55:34 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    11/15/2012 7:55:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    11/15/2012 7:55:27 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    11/15/2012 7:55:23 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athihvs.dll Error Code: 21
    11/15/2012 7:55:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    11/15/2012 7:55:08 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.139.1642.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...2.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8904.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    11/15/2012 7:55:08 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.139.1642.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...2.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8904.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    11/15/2012 7:55:08 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    11/15/2012 7:55:07 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.139.1642.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8904.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
    11/15/2012 7:55:07 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    11/15/2012 7:55:06 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ctxusbm discache MpFilter spldr Wanarpv6
    11/15/2012 7:55:03 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    11/15/2012 7:54:53 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffff8807c2df450, 0x0000000000000001, 0xfffffa8004d522e6, 0x0000000000000005). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111512-18454-01.
    11/15/2012 7:52:05 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:JS/Medfos.B&threatid=2147664014 Name: Trojan:JS/Medfos.B ID: 2147664014 Severity: Severe Category: Trojan Path: containerfile:_C:\Users\kc\AppData\Local\chromeupdate.crx;file:_C:\Users\kc\AppData\Local\chromeupdate.crx->manager.js Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\SysWOW64\rundll32.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.139.1642.0, AS: 1.139.1642.0, NIS: 15.13.0.0 Engine Version: AM: 1.1.8904.0, NIS: 2.1.8600.0
    11/15/2012 7:50:33 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffff88075006c00, 0x0000000000000001, 0xfffffa8004ca12e6, 0x0000000000000005). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111512-23166-01.
    11/15/2012 7:48:29 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load:
    11/15/2012 7:47:07 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:JS/Medfos.B&threatid=2147664014 Name: Trojan:JS/Medfos.B ID: 2147664014 Severity: Severe Category: Trojan Path: containerfile:_C:\Users\kc\AppData\Local\chromeupdate.crx;file:_C:\Users\kc\AppData\Local\chromeupdate.crx->manager.js Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\SysWOW64\rundll32.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.139.1642.0, AS: 1.139.1642.0, NIS: 15.13.0.0 Engine Version: AM: 1.1.8904.0, NIS: 2.1.8600.0
    11/15/2012 7:46:12 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000b8 (0xfffff80003060cc0, 0xfffffa8005a02770, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111512-24164-01.
    11/15/2012 7:42:35 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:JS/Medfos.B&threatid=2147664014 Name: Trojan:JS/Medfos.B ID: 2147664014 Severity: Severe Category: Trojan Path: containerfile:_C:\Users\kc\AppData\Local\chromeupdate.crx;file:_C:\Users\kc\AppData\Local\chromeupdate.crx->manager.js Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\SysWOW64\rundll32.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.139.1642.0, AS: 1.139.1642.0, NIS: 15.13.0.0 Engine Version: AM: 1.1.8904.0, NIS: 2.1.8600.0
    11/15/2012 7:41:28 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffff8807d530810, 0x0000000000000001, 0xfffffa8004bed2e6, 0x0000000000000005). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111512-25443-01.
    11/15/2012 7:38:48 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:JS/Medfos.B&threatid=2147664014 Name: Trojan:JS/Medfos.B ID: 2147664014 Severity: Severe Category: Trojan Path: containerfile:_C:\Users\kc\AppData\Local\chromeupdate.crx;file:_C:\Users\kc\AppData\Local\chromeupdate.crx->manager.js Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\SysWOW64\rundll32.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.139.1642.0, AS: 1.139.1642.0, NIS: 15.13.0.0 Engine Version: AM: 1.1.8904.0, NIS: 2.1.8600.0
    11/15/2012 7:33:46 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:JS/Medfos.B&threatid=2147664014 Name: Trojan:JS/Medfos.B ID: 2147664014 Severity: Severe Category: Trojan Path: containerfile:_C:\Users\kc\AppData\Local\chromeupdate.crx;file:_C:\Users\kc\AppData\Local\chromeupdate.crx->manager.js Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\SysWOW64\rundll32.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.139.1642.0, AS: 1.139.1642.0, NIS: 15.13.0.0 Engine Version: AM: 1.1.8904.0, NIS: 2.1.8600.0
    11/15/2012 7:27:45 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:JS/Medfos.B&threatid=2147664014 Name: Trojan:JS/Medfos.B ID: 2147664014 Severity: Severe Category: Trojan Path: containerfile:_C:\Users\kc\AppData\Local\chromeupdate.crx;file:_C:\Users\kc\AppData\Local\chromeupdate.crx->manager.js Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\SysWOW64\rundll32.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.139.1642.0, AS: 1.139.1642.0, NIS: 15.13.0.0 Engine Version: AM: 1.1.8904.0, NIS: 2.1.8600.0
    11/15/2012 7:27:28 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.139.1642.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...2.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8904.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    11/15/2012 7:27:28 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware
     
  15. Broni

    Broni Malware Annihilator Posts: 47,616   +267

    PLease re-run TDSSKIller and MBAM one more time.
    Post new logs.

    ==============================

    Next....

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    ==============================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
     
  16. TruelightE525

    TruelightE525 TS Rookie Topic Starter Posts: 44

    Attach.txt (part 2):

    has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.139.1642.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...2.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8904.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    11/15/2012 7:27:23 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.139.1642.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8904.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    11/15/2012 5:59:33 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.139.1642.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8904.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
    11/15/2012 5:59:33 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.139.1642.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...2.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8904.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    11/15/2012 5:59:33 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.139.1642.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...2.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8904.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    11/15/2012 5:48:12 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    11/15/2012 5:48:03 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    11/15/2012 5:48:03 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    11/15/2012 5:47:59 PM, Error: Service Control Manager [7001] - The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: The dependency service or group failed to start.
    11/15/2012 5:47:59 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.139.1642.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8904.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
    11/15/2012 5:47:59 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.139.1642.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...2.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8904.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    11/15/2012 5:47:59 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.139.1642.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...2.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8904.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
    11/15/2012 5:47:36 PM, Error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070003 Error description: The system cannot find the path specified. Signature version: 1.139.1132.0;1.139.1132.0 Engine version: 1.1.8904.0
    11/15/2012 5:47:33 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffff8807ce8e400, 0x0000000000000001, 0xfffffa8004f3a2e6, 0x0000000000000005). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111512-160447-01.
    11/15/2012 5:47:32 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD ctxusbm DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf ws2ifsl
    11/15/2012 5:47:32 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    11/15/2012 5:47:32 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    11/15/2012 5:47:32 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    11/15/2012 5:47:32 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    11/15/2012 5:47:32 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    11/15/2012 5:47:32 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    11/15/2012 5:47:32 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    11/15/2012 5:47:32 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    11/15/2012 5:47:32 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    11/15/2012 5:47:32 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    11/15/2012 5:41:39 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:JS/Medfos.B&threatid=2147664014 Name: Trojan:JS/Medfos.B ID: 2147664014 Severity: Severe Category: Trojan Path: containerfile:_C:\Users\kc\AppData\Local\chromeupdate.crx;file:_C:\Users\kc\AppData\Local\chromeupdate.crx->manager.js Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\SysWOW64\rundll32.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.139.1642.0, AS: 1.139.1642.0, NIS: 15.13.0.0 Engine Version: AM: 1.1.8904.0, NIS: 2.1.8600.0
    11/15/2012 5:41:10 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Service Sendori service to connect.
    11/15/2012 5:41:10 PM, Error: Service Control Manager [7000] - The Service Sendori service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    11/15/2012 5:39:39 PM, Error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature version: 1.139.1132.0;1.139.1132.0 Engine version: 1.1.8904.0
    11/15/2012 10:39:29 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffff8807b772010, 0x0000000000000001, 0xfffffa8004cb92e6, 0x0000000000000005). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111512-35490-01.
    11/15/2012 10:33:39 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:JS/Medfos.B&threatid=2147664014 Name: Trojan:JS/Medfos.B ID: 2147664014 Severity: Severe Category: Trojan Path: containerfile:_C:\Users\kc\AppData\Local\chromeupdate.crx;file:_C:\Users\kc\AppData\Local\chromeupdate.crx->manager.js Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\SysWOW64\rundll32.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.139.1740.0, AS: 1.139.1740.0, NIS: 15.13.0.0 Engine Version: AM: 1.1.8904.0, NIS: 2.1.8600.0
    11/15/2012 10:28:21 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:JS/Medfos.B&threatid=2147664014 Name: Trojan:JS/Medfos.B ID: 2147664014 Severity: Severe Category: Trojan Path: containerfile:_C:\Users\kc\AppData\Local\chromeupdate.crx;file:_C:\Users\kc\AppData\Local\chromeupdate.crx->manager.js Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\SysWOW64\rundll32.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.139.1740.0, AS: 1.139.1740.0, NIS: 15.13.0.0 Engine Version: AM: 1.1.8904.0, NIS: 2.1.8600.0
    11/15/2012 10:21:18 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:JS/Medfos.B&threatid=2147664014 Name: Trojan:JS/Medfos.B ID: 2147664014 Severity: Severe Category: Trojan Path: containerfile:_C:\Users\kc\AppData\Local\chromeupdate.crx;file:_C:\Users\kc\AppData\Local\chromeupdate.crx->manager.js Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\SysWOW64\rundll32.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.139.1740.0, AS: 1.139.1740.0, NIS: 15.13.0.0 Engine Version: AM: 1.1.8904.0, NIS: 2.1.8600.0
    11/15/2012 10:20:34 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect.
    11/15/2012 10:20:34 AM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    11/15/2012 10:19:46 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffff8807d330210, 0x0000000000000001, 0xfffffa8004d232e6, 0x0000000000000005). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111512-31824-01.
    11/15/2012 10:16:24 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:JS/Medfos.B&threatid=2147664014 Name: Trojan:JS/Medfos.B ID: 2147664014 Severity: Severe Category: Trojan Path: containerfile:_C:\Users\kc\AppData\Local\chromeupdate.crx;file:_C:\Users\kc\AppData\Local\chromeupdate.crx->manager.js Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\SysWOW64\rundll32.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.139.1740.0, AS: 1.139.1740.0, NIS: 15.13.0.0 Engine Version: AM: 1.1.8904.0, NIS: 2.1.8600.0
    11/15/2012 10:14:24 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:JS/Medfos.B&threatid=2147664014 Name: Trojan:JS/Medfos.B ID: 2147664014 Severity: Severe Category: Trojan Path: containerfile:_C:\Users\kc\AppData\Local\chromeupdate.crx;file:_C:\Users\kc\AppData\Local\chromeupdate.crx->manager.js Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Users\kc\AppData\Local\Temp\nsx9C6F.tmp\PEV.DAT Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.139.2195.0, AS: 1.139.2195.0, NIS: 15.13.0.0 Engine Version: AM: 1.1.8904.0, NIS: 2.1.8600.0
    11/15/2012 10:13:37 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:JS/Medfos.B&threatid=2147664014 Name: Trojan:JS/Medfos.B ID: 2147664014 Severity: Severe Category: Trojan Path: containerfile:_C:\Users\kc\AppData\Local\chromeupdate.crx;file:_C:\Users\kc\AppData\Local\chromeupdate.crx->manager.js Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.139.1740.0, AS: 1.139.1740.0, NIS: 15.13.0.0 Engine Version: AM: 1.1.8904.0, NIS: 2.1.8600.0
    11/15/2012 10:11:40 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:JS/Medfos.B&threatid=2147664014 Name: Trojan:JS/Medfos.B ID: 2147664014 Severity: Severe Category: Trojan Path: containerfile:_C:\Users\kc\AppData\Local\chromeupdate.crx;file:_C:\Users\kc\AppData\Local\chromeupdate.crx->manager.js Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\SysWOW64\rundll32.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.139.2195.0, AS: 1.139.2195.0, NIS: 15.13.0.0 Engine Version: AM: 1.1.8904.0, NIS: 2.1.8600.0
    11/15/2012 10:11:21 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:JS/Medfos.B&threatid=2147664014 Name: Trojan:JS/Medfos.B ID: 2147664014 Severity: Severe Category: Trojan Path: containerfile:_C:\Users\kc\AppData\Local\chromeupdate.crx;file:_C:\Users\kc\AppData\Local\chromeupdate.crx->manager.js Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\SysWOW64\rundll32.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.139.1740.0, AS: 1.139.1740.0, NIS: 15.13.0.0 Engine Version: AM: 1.1.8904.0, NIS: 2.1.8600.0
    11/15/2012 10:10:58 PM, Error: Service Control Manager [7023] - The Peer Name Resolution Protocol service terminated with the following error: %%-2140993535
    11/15/2012 10:10:58 PM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140993535
    11/15/2012 10:10:58 PM, Error: Microsoft-Windows-PNRPSvc [102] - The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.
    11/15/2012 10:06:59 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:JS/Medfos.B&threatid=2147664014 Name: Trojan:JS/Medfos.B ID: 2147664014 Severity: Severe Category: Trojan Path: containerfile:_C:\Users\kc\AppData\Local\chromeupdate.crx;file:_C:\Users\kc\AppData\Local\chromeupdate.crx->manager.js Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.139.1740.0, AS: 1.139.1740.0, NIS: 15.13.0.0 Engine Version: AM: 1.1.8904.0, NIS: 2.1.8600.0
    11/15/2012 10:06:12 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:JS/Medfos.B&threatid=2147664014 Name: Trojan:JS/Medfos.B ID: 2147664014 Severity: Severe Category: Trojan Path: containerfile:_C:\Users\kc\AppData\Local\chromeupdate.crx;file:_C:\Users\kc\AppData\Local\chromeupdate.crx->manager.js Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\SysWOW64\rundll32.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.139.2195.0, AS: 1.139.2195.0, NIS: 15.13.0.0 Engine Version: AM: 1.1.8904.0, NIS: 2.1.8600.0
    11/15/2012 10:05:59 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:JS/Medfos.B&threatid=2147664014 Name: Trojan:JS/Medfos.B ID: 2147664014 Severity: Severe Category: Trojan Path: containerfile:_C:\Users\kc\AppData\Local\chromeupdate.crx;file:_C:\Users\kc\AppData\Local\chromeupdate.crx->manager.js Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\SysWOW64\rundll32.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.139.1740.0, AS: 1.139.1740.0, NIS: 15.13.0.0 Engine Version: AM: 1.1.8904.0, NIS: 2.1.8600.0
    11/15/2012 10:01:09 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:JS/Medfos.B&threatid=2147664014 Name: Trojan:JS/Medfos.B ID: 2147664014 Severity: Severe Category: Trojan Path: containerfile:_C:\Users\kc\AppData\Local\chromeupdate.crx;file:_C:\Users\kc\AppData\Local\chromeupdate.crx->manager.js Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\SysWOW64\rundll32.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.139.2195.0, AS: 1.139.2195.0, NIS: 15.13.0.0 Engine Version: AM: 1.1.8904.0, NIS: 2.1.8600.0
    11/15/2012 10:00:31 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:JS/Medfos.B&threatid=2147664014 Name: Trojan:JS/Medfos.B ID: 2147664014 Severity: Severe Category: Trojan Path: containerfile:_C:\Users\kc\AppData\Local\chromeupdate.crx;file:_C:\Users\kc\AppData\Local\chromeupdate.crx->manager.js Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\SysWOW64\rundll32.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.139.1740.0, AS: 1.139.1740.0, NIS: 15.13.0.0 Engine Version: AM: 1.1.8904.0, NIS: 2.1.8600.0
    11/14/2012 9:59:53 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:JS/Medfos.B&threatid=2147664014 Name: Trojan:JS/Medfos.B ID: 2147664014 Severity: Severe Category: Trojan Path: containerfile:_C:\Users\kc\AppData\Local\chromeupdate.crx;file:_C:\Users\kc\AppData\Local\chromeupdate.crx->manager.js Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\SysWOW64\rundll32.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.139.1740.0, AS: 1.139.1740.0, NIS: 15.13.0.0 Engine Version: AM: 1.1.8904.0, NIS: 2.1.8600.0
    11/14/2012 9:54:25 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:JS/Medfos.B&threatid=2147664014 Name: Trojan:JS/Medfos.B ID: 2147664014 Severity: Severe Category: Trojan Path: containerfile:_C:\Users\kc\AppData\Local\chromeupdate.crx;file:_C:\Users\kc\AppData\Local\chromeupdate.crx->manager.js Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\SysWOW64\rundll32.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.139.1740.0, AS: 1.139.1740.0, NIS: 15.13.0.0 Engine Version: AM: 1.1.8904.0, NIS: 2.1.8600.0
    11/14/2012 9:49:52 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.139.1740.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8904.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
    11/14/2012 9:49:30 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.139.1740.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8904.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
    11/14/2012 9:48:57 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:JS/Medfos.B&threatid=2147664014 Name: Trojan:JS/Medfos.B ID: 2147664014 Severity: Severe Category: Trojan Path: containerfile:_C:\Users\kc\AppData\Local\chromeupdate.crx;file:_C:\Users\kc\AppData\Local\chromeupdate.crx->manager.js Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\SysWOW64\rundll32.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.139.1740.0, AS: 1.139.1740.0, NIS: 15.13.0.0 Engine Version: AM: 1.1.8904.0, NIS: 2.1.8600.0
    11/14/2012 9:46:07 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.139.1740.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8904.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
    11/14/2012 9:46:02 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.139.1740.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8904.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
    11/14/2012 9:45:56 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.139.1740.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8904.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
    11/14/2012 9:45:55 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.139.1740.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8904.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
    11/14/2012 9:45:48 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.139.1740.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8904.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
    11/14/2012 9:45:30 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.139.1740.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8904.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
    11/14/2012 9:43:29 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:JS/Medfos.B&threatid=2147664014 Name: Trojan:JS/Medfos.B ID: 2147664014 Severity: Severe Category: Trojan Path: containerfile:_C:\Users\kc\AppData\Local\chromeupdate.crx;file:_C:\Users\kc\AppData\Local\chromeupdate.crx->manager.js Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\SysWOW64\rundll32.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.139.1740.0, AS: 1.139.1740.0, NIS: 15.13.0.0 Engine Version: AM: 1.1.8904.0, NIS: 2.1.8600.0
    11/14/2012 9:37:21 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:JS/Medfos.B&threatid=2147664014 Name: Trojan:JS/Medfos.B ID: 2147664014 Severity: Severe Category: Trojan Path: containerfile:_C:\Users\kc\AppData\Local\chromeupdate.crx;file:_C:\Users\kc\AppData\Local\chromeupdate.crx->manager.js Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\SysWOW64\rundll32.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.139.1740.0, AS: 1.139.1740.0, NIS: 15.13.0.0 Engine Version: AM: 1.1.8904.0, NIS: 2.1.8600.0
    11/14/2012 9:34:30 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffff8807aebf800, 0x0000000000000001, 0xfffffa8004a862e6, 0x0000000000000005). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111412-32448-01.
    11/14/2012 9:30:05 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:JS/Medfos.B&threatid=2147664014 Name: Trojan:JS/Medfos.B ID: 2147664014 Severity: Severe Category: Trojan Path: containerfile:_C:\Users\kc\AppData\Local\chromeupdate.crx;file:_C:\Users\kc\AppData\Local\chromeupdate.crx->manager.js Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\SysWOW64\rundll32.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.139.1740.0, AS: 1.139.1740.0, NIS: 15.13.0.0 Engine Version: AM: 1.1.8904.0, NIS: 2.1.8600.0
    11/14/2012 9:24:37 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:JS/Medfos.B&threatid=2147664014 Name: Trojan:JS/Medfos.B ID: 2147664014 Severity: Severe Category: Trojan Path: containerfile:_C:\Users\kc\AppData\Local\chromeupdate.crx;file:_C:\Users\kc\AppData\Local\chromeupdate.crx->manager.js Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\SysWOW64\rundll32.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.139.1740.0, AS: 1.139.1740.0, NIS: 15.13.0.0 Engine Version: AM: 1.1.8904.0, NIS: 2.1.8600.0
    11/14/2012 9:19:09 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:JS/Medfos.B&threatid=2147664014 Name: Trojan:JS/Medfos.B ID: 2147664014 Severity: Severe Category: Trojan Path: containerfile:_C:\Users\kc\AppData\Local\chromeupdate.crx;file:_C:\Users\kc\AppData\Local\chromeupdate.crx->manager.js Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\SysWOW64\rundll32.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.139.1740.0, AS: 1.139.1740.0, NIS: 15.13.0.0 Engine Version: AM: 1.1.8904.0, NIS: 2.1.8600.0
     
  17. TruelightE525

    TruelightE525 TS Rookie Topic Starter Posts: 44

    Hi Broni,

    OK...I'm going to stop posting Attach.txt log contents and instead, follow your next instructions, starting with re-running TDSSKiller. If you need additional Attach.txt log contents, please let me know. Thanks!
     
  18. Broni

    Broni Malware Annihilator Posts: 47,616   +267

  19. TruelightE525

    TruelightE525 TS Rookie Topic Starter Posts: 44

    Hi Broni,

    I had relaunched Windows in Normal mode and had another system crash (blue screen) in the midst of running TDSSKiller. I'm rebooting now and with Windows in Safe Mode with Networking. Then, I'll re-run TDSSKiller. If you have any other suggestions, please let me know. Thanks!
     
  20. TruelightE525

    TruelightE525 TS Rookie Topic Starter Posts: 44

    I'm seeing something REALLY strange after re-running TDSSKiller and then Rebooting. Windows restarted in Normal Mode, but then, on a black screen, a window appeared with the title: C:\Windows\System32\cmd.exe. Then another window popped up with the title: Open File - Security Warning. There is a question which says, "Do you want to run this file?" The Name of the file is ...\6D16CD8F-9BE9-47D6-8A35-952ED225E312.exe. The Publisher is Kaspersky Lab. Is is located in a Temp directory. What do I do now? Is this another symptom of a virus?
     
  21. TruelightE525

    TruelightE525 TS Rookie Topic Starter Posts: 44

    Hi Broni,

    I cancelled out of that strange Open File - Security Warning window and now I'm pasting the TDSSKiller log contents below. I have to split it into two parts:

    00:44:51.0440 2972 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
    00:44:52.0142 2972 ============================================================
    00:44:52.0142 2972 Current date / time: 2012/11/16 00:44:52.0142
    00:44:52.0142 2972 SystemInfo:
    00:44:52.0142 2972
    00:44:52.0142 2972 OS Version: 6.1.7601 ServicePack: 1.0
    00:44:52.0142 2972 Product type: Workstation
    00:44:52.0142 2972 ComputerName: KC-PC
    00:44:52.0142 2972 UserName: kc
    00:44:52.0142 2972 Windows directory: C:\Windows
    00:44:52.0142 2972 System windows directory: C:\Windows
    00:44:52.0142 2972 Running under WOW64
    00:44:52.0142 2972 Processor architecture: Intel x64
    00:44:52.0142 2972 Number of processors: 2
    00:44:52.0142 2972 Page size: 0x1000
    00:44:52.0142 2972 Boot type: Safe boot with network
    00:44:52.0142 2972 ============================================================
    00:44:53.0468 2972 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    00:44:53.0468 2972 ============================================================
    00:44:53.0468 2972 \Device\Harddisk0\DR0:
    00:44:53.0468 2972 MBR partitions:
    00:44:53.0468 2972 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
    00:44:53.0468 2972 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x38444000
    00:44:53.0468 2972 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x384A8000, BlocksNum 0x1EAA000
    00:44:53.0468 2972 ============================================================
    00:44:53.0499 2972 C: <-> \Device\Harddisk0\DR0\Partition2
    00:44:53.0546 2972 D: <-> \Device\Harddisk0\DR0\Partition3
    00:44:53.0546 2972 ============================================================
    00:44:53.0546 2972 Initialize success
    00:44:53.0546 2972 ============================================================
    00:45:01.0830 3064 ============================================================
    00:45:01.0830 3064 Scan started
    00:45:01.0830 3064 Mode: Manual;
    00:45:01.0830 3064 ============================================================
    00:45:02.0797 3064 ================ Scan system memory ========================
    00:45:02.0797 3064 System memory - ok
    00:45:02.0797 3064 ================ Scan services =============================
    00:45:02.0937 3064 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
    00:45:02.0937 3064 1394ohci - ok
    00:45:02.0969 3064 [ 3E2427D4966C7606097341E55AB4E105 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys
    00:45:02.0969 3064 Accelerometer - ok
    00:45:03.0015 3064 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
    00:45:03.0015 3064 ACPI - ok
    00:45:03.0047 3064 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
    00:45:03.0047 3064 AcpiPmi - ok
    00:45:03.0171 3064 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    00:45:03.0171 3064 AdobeARMservice - ok
    00:45:03.0312 3064 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    00:45:03.0327 3064 AdobeFlashPlayerUpdateSvc - ok
    00:45:03.0359 3064 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
    00:45:03.0374 3064 adp94xx - ok
    00:45:03.0390 3064 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
    00:45:03.0390 3064 adpahci - ok
    00:45:03.0421 3064 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
    00:45:03.0421 3064 adpu320 - ok
    00:45:03.0452 3064 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    00:45:03.0452 3064 AeLookupSvc - ok
    00:45:03.0499 3064 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
    00:45:03.0515 3064 AFD - ok
    00:45:03.0577 3064 [ B65F8DBA54F251906BBE8611B5A0E7AB ] AgereModemAudio C:\Program Files\LSI SoftModem\agr64svc.exe
    00:45:03.0593 3064 AgereModemAudio - ok
    00:45:03.0608 3064 [ AF4748EF93416159459769A24A0053AF ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys
    00:45:03.0639 3064 AgereSoftModem - ok
    00:45:03.0671 3064 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
    00:45:03.0671 3064 agp440 - ok
    00:45:03.0842 3064 [ B9B98E08EC127900025F42462D3D0A66 ] Akamai c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll
    00:45:03.0842 3064 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll. md5: B9B98E08EC127900025F42462D3D0A66
    00:45:03.0842 3064 Akamai ( HiddenFile.Multi.Generic ) - warning
    00:45:03.0842 3064 Akamai - detected HiddenFile.Multi.Generic (1)
    00:45:03.0889 3064 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
    00:45:03.0905 3064 ALG - ok
    00:45:03.0920 3064 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
    00:45:03.0920 3064 aliide - ok
    00:45:03.0967 3064 [ D0D8877969011D1B0ED9C3C55A9A9108 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
    00:45:03.0983 3064 AMD External Events Utility - ok
    00:45:03.0998 3064 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
    00:45:03.0998 3064 amdide - ok
    00:45:04.0029 3064 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
    00:45:04.0029 3064 AmdK8 - ok
    00:45:04.0045 3064 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
    00:45:04.0061 3064 AmdPPM - ok
    00:45:04.0076 3064 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
    00:45:04.0076 3064 amdsata - ok
    00:45:04.0107 3064 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
    00:45:04.0107 3064 amdsbs - ok
    00:45:04.0123 3064 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
    00:45:04.0123 3064 amdxata - ok
    00:45:04.0154 3064 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
    00:45:04.0154 3064 AppID - ok
    00:45:04.0170 3064 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
    00:45:04.0185 3064 AppIDSvc - ok
    00:45:04.0201 3064 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
    00:45:04.0201 3064 Appinfo - ok
    00:45:04.0279 3064 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    00:45:04.0295 3064 Apple Mobile Device - ok
    00:45:04.0373 3064 [ 44F0479ACDBC24D20C62B63E23720B4A ] Application Sendori C:\Program Files (x86)\Sendori\SendoriSvc.exe
    00:45:04.0373 3064 Application Sendori - ok
    00:45:04.0404 3064 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
    00:45:04.0404 3064 arc - ok
    00:45:04.0419 3064 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
    00:45:04.0419 3064 arcsas - ok
    00:45:04.0451 3064 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    00:45:04.0451 3064 AsyncMac - ok
    00:45:04.0482 3064 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
    00:45:04.0482 3064 atapi - ok
    00:45:04.0544 3064 [ F8633CDD09647A64EE8DB550630427FF ] athr C:\Windows\system32\DRIVERS\athrx.sys
    00:45:04.0575 3064 athr - ok
    00:45:04.0622 3064 [ 38467FF83C2B4265D51F418812A91E3C ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
    00:45:04.0622 3064 AtiHdmiService - ok
    00:45:04.0731 3064 [ C5758BF1DFD762A5B17041FF061B7750 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
    00:45:04.0841 3064 atikmdag - ok
    00:45:04.0887 3064 [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
    00:45:04.0887 3064 AtiPcie - ok
    00:45:04.0934 3064 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    00:45:04.0950 3064 AudioEndpointBuilder - ok
    00:45:04.0981 3064 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
    00:45:04.0981 3064 AudioSrv - ok
    00:45:05.0028 3064 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
    00:45:05.0028 3064 AxInstSV - ok
    00:45:05.0075 3064 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
    00:45:05.0090 3064 b06bdrv - ok
    00:45:05.0106 3064 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
    00:45:05.0121 3064 b57nd60a - ok
    00:45:05.0246 3064 [ 2ED050291BC1D7F9E322E328DB3AAECF ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
    00:45:05.0246 3064 BBSvc - ok
    00:45:05.0293 3064 [ 785DE7ABDA13309D6065305542829E76 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    00:45:05.0309 3064 BBUpdate - ok
    00:45:05.0355 3064 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
    00:45:05.0355 3064 BDESVC - ok
    00:45:05.0387 3064 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
    00:45:05.0387 3064 Beep - ok
    00:45:05.0449 3064 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
    00:45:05.0465 3064 BFE - ok
    00:45:05.0496 3064 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
    00:45:05.0652 3064 BITS - ok
    00:45:05.0683 3064 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
    00:45:05.0683 3064 blbdrive - ok
    00:45:05.0745 3064 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    00:45:05.0761 3064 Bonjour Service - ok
    00:45:05.0808 3064 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    00:45:05.0808 3064 bowser - ok
    00:45:05.0839 3064 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
    00:45:05.0839 3064 BrFiltLo - ok
    00:45:05.0855 3064 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
    00:45:05.0855 3064 BrFiltUp - ok
    00:45:05.0886 3064 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
    00:45:05.0901 3064 Browser - ok
    00:45:05.0917 3064 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
    00:45:05.0917 3064 Brserid - ok
    00:45:05.0933 3064 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
    00:45:05.0933 3064 BrSerWdm - ok
    00:45:05.0948 3064 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
    00:45:05.0948 3064 BrUsbMdm - ok
    00:45:05.0964 3064 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
    00:45:05.0964 3064 BrUsbSer - ok
    00:45:05.0995 3064 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
    00:45:05.0995 3064 BTHMODEM - ok
    00:45:06.0011 3064 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
    00:45:06.0011 3064 bthserv - ok
    00:45:06.0026 3064 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    00:45:06.0042 3064 cdfs - ok
    00:45:06.0073 3064 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
    00:45:06.0073 3064 cdrom - ok
    00:45:06.0104 3064 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
    00:45:06.0104 3064 CertPropSvc - ok
    00:45:06.0135 3064 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
    00:45:06.0135 3064 circlass - ok
    00:45:06.0151 3064 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
    00:45:06.0151 3064 CLFS - ok
    00:45:06.0229 3064 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    00:45:06.0229 3064 clr_optimization_v2.0.50727_32 - ok
    00:45:06.0260 3064 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    00:45:06.0276 3064 clr_optimization_v2.0.50727_64 - ok
    00:45:06.0354 3064 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    00:45:06.0385 3064 clr_optimization_v4.0.30319_32 - ok
    00:45:06.0416 3064 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    00:45:06.0416 3064 clr_optimization_v4.0.30319_64 - ok
    00:45:06.0447 3064 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
    00:45:06.0447 3064 CmBatt - ok
    00:45:06.0479 3064 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
    00:45:06.0479 3064 cmdide - ok
    00:45:06.0541 3064 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
    00:45:06.0541 3064 CNG - ok
    00:45:06.0588 3064 [ C7A0E61D5714AC20DE52D4F66EC773B8 ] Com4QLBEx C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    00:45:06.0588 3064 Com4QLBEx - ok
    00:45:06.0619 3064 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
    00:45:06.0619 3064 Compbatt - ok
    00:45:06.0666 3064 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
    00:45:06.0666 3064 CompositeBus - ok
    00:45:06.0666 3064 COMSysApp - ok
    00:45:06.0697 3064 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
    00:45:06.0697 3064 crcdisk - ok
    00:45:06.0744 3064 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
    00:45:06.0744 3064 CryptSvc - ok
    00:45:06.0806 3064 [ BF62FF663AE55E4ED99DE76881C2C0F1 ] ctxusbm C:\Windows\system32\DRIVERS\ctxusbm.sys
    00:45:06.0806 3064 ctxusbm - ok
    00:45:06.0853 3064 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
    00:45:06.0853 3064 DcomLaunch - ok
    00:45:06.0884 3064 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
    00:45:06.0884 3064 defragsvc - ok
    00:45:06.0915 3064 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    00:45:06.0915 3064 DfsC - ok
    00:45:06.0962 3064 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
    00:45:06.0962 3064 Dhcp - ok
    00:45:07.0009 3064 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
    00:45:07.0009 3064 discache - ok
    00:45:07.0040 3064 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
    00:45:07.0040 3064 Disk - ok
    00:45:07.0087 3064 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
    00:45:07.0087 3064 Dnscache - ok
    00:45:07.0134 3064 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
    00:45:07.0134 3064 dot3svc - ok
    00:45:07.0165 3064 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
    00:45:07.0165 3064 DPS - ok
    00:45:07.0196 3064 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    00:45:07.0196 3064 drmkaud - ok
    00:45:07.0243 3064 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    00:45:07.0259 3064 DXGKrnl - ok
    00:45:07.0290 3064 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
    00:45:07.0290 3064 EapHost - ok
    00:45:07.0368 3064 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
    00:45:07.0430 3064 ebdrv - ok
    00:45:07.0461 3064 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
    00:45:07.0461 3064 EFS - ok
    00:45:07.0539 3064 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    00:45:07.0555 3064 ehRecvr - ok
    00:45:07.0586 3064 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
    00:45:07.0586 3064 ehSched - ok
    00:45:07.0617 3064 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
    00:45:07.0633 3064 elxstor - ok
    00:45:07.0664 3064 [ 524C79054636D2E5751169005006460B ] enecir C:\Windows\system32\DRIVERS\enecir.sys
    00:45:07.0664 3064 enecir - ok
    00:45:07.0680 3064 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
    00:45:07.0680 3064 ErrDev - ok
    00:45:07.0727 3064 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
    00:45:07.0727 3064 EventSystem - ok
    00:45:07.0758 3064 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
    00:45:07.0758 3064 exfat - ok
    00:45:07.0773 3064 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
    00:45:07.0789 3064 fastfat - ok
    00:45:07.0820 3064 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
    00:45:07.0836 3064 Fax - ok
    00:45:07.0851 3064 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
    00:45:07.0851 3064 fdc - ok
    00:45:07.0883 3064 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
    00:45:07.0883 3064 fdPHost - ok
    00:45:07.0898 3064 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
    00:45:07.0898 3064 FDResPub - ok
    00:45:07.0929 3064 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    00:45:07.0929 3064 FileInfo - ok
    00:45:07.0945 3064 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    00:45:07.0945 3064 Filetrace - ok
    00:45:07.0961 3064 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
    00:45:07.0961 3064 flpydisk - ok
    00:45:07.0992 3064 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    00:45:08.0007 3064 FltMgr - ok
    00:45:08.0039 3064 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
    00:45:08.0070 3064 FontCache - ok
    00:45:08.0179 3064 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    00:45:08.0195 3064 FontCache3.0.0.0 - ok
    00:45:08.0210 3064 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
    00:45:08.0210 3064 FsDepends - ok
    00:45:08.0366 3064 [ 07DA62C960DDCCC2D35836AEAB4FC578 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
    00:45:08.0366 3064 fssfltr - ok
    00:45:08.0663 3064 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
    00:45:08.0709 3064 fsssvc - ok
    00:45:08.0772 3064 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    00:45:08.0772 3064 Fs_Rec - ok
    00:45:08.0865 3064 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
    00:45:08.0881 3064 fvevol - ok
    00:45:08.0928 3064 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
    00:45:08.0928 3064 gagp30kx - ok
    00:45:09.0131 3064 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
    00:45:09.0131 3064 GamesAppService - ok
    00:45:09.0177 3064 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    00:45:09.0177 3064 GEARAspiWDM - ok
    00:45:09.0271 3064 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
    00:45:09.0302 3064 gpsvc - ok
    00:45:09.0489 3064 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    00:45:09.0489 3064 gupdate - ok
    00:45:09.0505 3064 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    00:45:09.0505 3064 gupdatem - ok
    00:45:09.0599 3064 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    00:45:09.0599 3064 gusvc - ok
    00:45:09.0614 3064 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
    00:45:09.0630 3064 hcw85cir - ok
    00:45:09.0739 3064 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    00:45:09.0739 3064 HdAudAddService - ok
    00:45:09.0770 3064 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
    00:45:09.0770 3064 HDAudBus - ok
    00:45:09.0786 3064 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
    00:45:09.0801 3064 HidBatt - ok
    00:45:09.0833 3064 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
    00:45:09.0833 3064 HidBth - ok
    00:45:09.0895 3064 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
    00:45:09.0911 3064 HidIr - ok
    00:45:09.0973 3064 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
    00:45:09.0973 3064 hidserv - ok
    00:45:10.0035 3064 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    00:45:10.0035 3064 HidUsb - ok
    00:45:10.0082 3064 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
    00:45:10.0082 3064 hkmsvc - ok
    00:45:10.0129 3064 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    00:45:10.0145 3064 HomeGroupListener - ok
    00:45:10.0176 3064 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    00:45:10.0176 3064 HomeGroupProvider - ok
    00:45:10.0269 3064 [ 170233B8D743EFE35F462A5D516B93E3 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    00:45:10.0269 3064 HP Support Assistant Service - ok
    00:45:10.0394 3064 [ BCC4A8B2E2E902F52E7F2E7D8E125765 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    00:45:10.0394 3064 HPDrvMntSvc.exe - ok
    00:45:10.0425 3064 [ CCBE758967CC0F53F5BA3B271653C4E6 ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys
    00:45:10.0441 3064 hpdskflt - ok
    00:45:10.0472 3064 [ 9AF482D058BE59CC28BCE52E7C4B747C ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
    00:45:10.0472 3064 HpqKbFiltr - ok
    00:45:10.0535 3064 [ EC9739A46F1F83C6E52A7A4697F44A65 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    00:45:10.0550 3064 hpqwmiex - ok
    00:45:10.0581 3064 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
    00:45:10.0597 3064 HpSAMD - ok
    00:45:10.0613 3064 [ E2223A37896A76861D7F79FD81A2A193 ] hpsrv C:\Windows\system32\Hpservice.exe
    00:45:10.0613 3064 hpsrv - ok
    00:45:10.0675 3064 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    00:45:10.0675 3064 HTTP - ok
    00:45:10.0706 3064 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    00:45:10.0706 3064 hwpolicy - ok
    00:45:10.0753 3064 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
    00:45:10.0753 3064 i8042prt - ok
    00:45:10.0784 3064 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
    00:45:10.0784 3064 iaStorV - ok
    00:45:10.0847 3064 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    00:45:10.0862 3064 idsvc - ok
    00:45:11.0018 3064 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
    00:45:11.0127 3064 igfx - ok
    00:45:11.0174 3064 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
    00:45:11.0174 3064 iirsp - ok
    00:45:11.0205 3064 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
    00:45:11.0221 3064 IKEEXT - ok
    00:45:11.0237 3064 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
    00:45:11.0237 3064 intelide - ok
    00:45:11.0268 3064 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
    00:45:11.0268 3064 intelppm - ok
    00:45:11.0283 3064 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    00:45:11.0299 3064 IPBusEnum - ok
    00:45:11.0315 3064 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    00:45:11.0330 3064 IpFilterDriver - ok
    00:45:11.0361 3064 [ A34A587FFFD45FA649FBA6D03784D257 ] IpHlpSvc C:\Windows\System32\iphlpsvc.dll
    00:45:11.0361 3064 IpHlpSvc - ok
    00:45:11.0393 3064 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
    00:45:11.0393 3064 IPMIDRV - ok
    00:45:11.0408 3064 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
    00:45:11.0408 3064 IPNAT - ok
    00:45:11.0486 3064 [ 50D6CCC6FF5561F9F56946B3E6164FB8 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    00:45:11.0517 3064 iPod Service - ok
    00:45:11.0564 3064 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
    00:45:11.0564 3064 IRENUM - ok
    00:45:11.0580 3064 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    00:45:11.0580 3064 isapnp - ok
    00:45:11.0595 3064 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
    00:45:11.0595 3064 iScsiPrt - ok
    00:45:11.0658 3064 [ F8844B00C10E386C704C610E95A9847D ] JMCR C:\Windows\system32\DRIVERS\jmcr.sys
    00:45:11.0658 3064 JMCR - ok
    00:45:11.0689 3064 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
    00:45:11.0689 3064 kbdclass - ok
    00:45:11.0720 3064 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
    00:45:11.0720 3064 kbdhid - ok
    00:45:11.0736 3064 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
    00:45:11.0736 3064 KeyIso - ok
    00:45:11.0767 3064 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    00:45:11.0767 3064 KSecDD - ok
    00:45:11.0798 3064 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
    00:45:11.0798 3064 KSecPkg - ok
    00:45:11.0814 3064 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
    00:45:11.0814 3064 ksthunk - ok
    00:45:11.0845 3064 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
    00:45:11.0845 3064 KtmRm - ok
    00:45:11.0876 3064 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
    00:45:11.0892 3064 LanmanServer - ok
    00:45:11.0923 3064 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    00:45:11.0923 3064 LanmanWorkstation - ok
    00:45:12.0001 3064 [ 83D8BE94E1CBCBE2EA8372DB1A95A159 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    00:45:12.0001 3064 LightScribeService - ok
    00:45:12.0032 3064 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    00:45:12.0032 3064 lltdio - ok
    00:45:12.0063 3064 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
    00:45:12.0063 3064 lltdsvc - ok
    00:45:12.0095 3064 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
    00:45:12.0095 3064 lmhosts - ok
    00:45:12.0141 3064 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
    00:45:12.0141 3064 LSI_FC - ok
    00:45:12.0157 3064 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
    00:45:12.0157 3064 LSI_SAS - ok
    00:45:12.0173 3064 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
    00:45:12.0188 3064 LSI_SAS2 - ok
    00:45:12.0204 3064 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
    00:45:12.0204 3064 LSI_SCSI - ok
    00:45:12.0219 3064 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
    00:45:12.0235 3064 luafv - ok
    00:45:12.0251 3064 lxcc_device - ok
    00:45:12.0282 3064 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
    00:45:12.0282 3064 MBAMProtector - ok
    00:45:12.0329 3064 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    00:45:12.0329 3064 MBAMScheduler - ok
    00:45:12.0344 3064 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    00:45:12.0360 3064 MBAMService - ok
    00:45:12.0391 3064 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    00:45:12.0391 3064 Mcx2Svc - ok
    00:45:12.0407 3064 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
    00:45:12.0407 3064 megasas - ok
    00:45:12.0438 3064 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
    00:45:12.0438 3064 MegaSR - ok
    00:45:12.0516 3064 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
    00:45:12.0516 3064 Microsoft Office Groove Audit Service - ok
    00:45:12.0547 3064 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
    00:45:12.0547 3064 MMCSS - ok
    00:45:12.0578 3064 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
    00:45:12.0578 3064 Modem - ok
    00:45:12.0594 3064 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    00:45:12.0609 3064 monitor - ok
    00:45:12.0641 3064 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
    00:45:12.0641 3064 mouclass - ok
    00:45:12.0672 3064 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    00:45:12.0672 3064 mouhid - ok
    00:45:12.0703 3064 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
    00:45:12.0719 3064 mountmgr - ok
    00:45:12.0750 3064 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
    00:45:12.0750 3064 MpFilter - ok
    00:45:12.0765 3064 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
    00:45:12.0765 3064 mpio - ok
    00:45:12.0781 3064 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    00:45:12.0781 3064 mpsdrv - ok
    00:45:12.0828 3064 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
    00:45:12.0859 3064 MpsSvc - ok
    00:45:12.0890 3064 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    00:45:12.0890 3064 MRxDAV - ok
    00:45:12.0921 3064 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    00:45:12.0921 3064 mrxsmb - ok
    00:45:12.0953 3064 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    00:45:12.0968 3064 mrxsmb10 - ok
    00:45:12.0984 3064 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    00:45:12.0984 3064 mrxsmb20 - ok
    00:45:13.0062 3064 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
    00:45:13.0062 3064 msahci - ok
    00:45:13.0109 3064 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    00:45:13.0109 3064 msdsm - ok
    00:45:13.0171 3064 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
    00:45:13.0187 3064 MSDTC - ok
    00:45:13.0218 3064 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    00:45:13.0218 3064 Msfs - ok
    00:45:13.0218 3064 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
    00:45:13.0218 3064 mshidkmdf - ok
    00:45:13.0265 3064 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    00:45:13.0265 3064 msisadrv - ok
    00:45:13.0296 3064 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    00:45:13.0296 3064 MSiSCSI - ok
    00:45:13.0296 3064 msiserver - ok
    00:45:13.0327 3064 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    00:45:13.0343 3064 MSKSSRV - ok
    00:45:13.0421 3064 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
    00:45:13.0421 3064 MsMpSvc - ok
    00:45:13.0436 3064 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    00:45:13.0452 3064 MSPCLOCK - ok
    00:45:13.0452 3064 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    00:45:13.0452 3064 MSPQM - ok
    00:45:13.0499 3064 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    00:45:13.0499 3064 MsRPC - ok
    00:45:13.0514 3064 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
    00:45:13.0514 3064 mssmbios - ok
    00:45:13.0545 3064 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    00:45:13.0545 3064 MSTEE - ok
    00:45:13.0561 3064 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
    00:45:13.0561 3064 MTConfig - ok
    00:45:13.0577 3064 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
    00:45:13.0577 3064 Mup - ok
    00:45:13.0608 3064 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
    00:45:13.0623 3064 napagent - ok
    00:45:13.0670 3064 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    00:45:13.0686 3064 NativeWifiP - ok
    00:45:13.0733 3064 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
    00:45:13.0764 3064 NDIS - ok
    00:45:13.0764 3064 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
    00:45:13.0764 3064 NdisCap - ok
    00:45:13.0795 3064 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    00:45:13.0811 3064 NdisTapi - ok
    00:45:13.0842 3064 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    00:45:13.0842 3064 Ndisuio - ok
    00:45:13.0873 3064 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    00:45:13.0873 3064 NdisWan - ok
    00:45:13.0904 3064 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    00:45:13.0904 3064 NDProxy - ok
    00:45:13.0920 3064 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    00:45:13.0935 3064 NetBIOS - ok
    00:45:13.0935 3064 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
    00:45:13.0951 3064 NetBT - ok
    00:45:13.0982 3064 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
    00:45:13.0982 3064 Netlogon - ok
    00:45:14.0013 3064 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
    00:45:14.0029 3064 Netman - ok
    00:45:14.0045 3064 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
    00:45:14.0045 3064 netprofm - ok
    00:45:14.0076 3064 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
    00:45:14.0076 3064 NetTcpPortSharing - ok
     
  22. TruelightE525

    TruelightE525 TS Rookie Topic Starter Posts: 44

    TDSSKiller log (part 2):

    00:45:14.0185 3064 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
    00:45:14.0294 3064 netw5v64 - ok
    00:45:14.0325 3064 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
    00:45:14.0341 3064 nfrd960 - ok
    00:45:14.0372 3064 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
    00:45:14.0372 3064 NisDrv - ok
    00:45:14.0419 3064 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
    00:45:14.0419 3064 NisSrv - ok
    00:45:14.0450 3064 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
    00:45:14.0466 3064 NlaSvc - ok
    00:45:14.0466 3064 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    00:45:14.0481 3064 Npfs - ok
    00:45:14.0481 3064 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
    00:45:14.0481 3064 nsi - ok
    00:45:14.0497 3064 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    00:45:14.0497 3064 nsiproxy - ok
    00:45:14.0559 3064 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    00:45:14.0591 3064 Ntfs - ok
    00:45:14.0606 3064 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
    00:45:14.0606 3064 Null - ok
    00:45:14.0637 3064 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
    00:45:14.0637 3064 nvraid - ok
    00:45:14.0653 3064 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
    00:45:14.0669 3064 nvstor - ok
    00:45:14.0684 3064 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    00:45:14.0684 3064 nv_agp - ok
    00:45:14.0731 3064 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
    00:45:14.0747 3064 odserv - ok
    00:45:14.0762 3064 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
    00:45:14.0762 3064 ohci1394 - ok
    00:45:14.0809 3064 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    00:45:14.0809 3064 ose - ok
    00:45:14.0825 3064 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
    00:45:14.0825 3064 p2pimsvc - ok
    00:45:14.0856 3064 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
    00:45:14.0856 3064 p2psvc - ok
    00:45:14.0871 3064 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
    00:45:14.0871 3064 Parport - ok
    00:45:14.0918 3064 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
    00:45:14.0918 3064 partmgr - ok
    00:45:14.0934 3064 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
    00:45:14.0934 3064 PcaSvc - ok
    00:45:14.0949 3064 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
    00:45:14.0949 3064 pci - ok
    00:45:14.0981 3064 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
    00:45:14.0981 3064 pciide - ok
    00:45:15.0012 3064 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
    00:45:15.0012 3064 pcmcia - ok
    00:45:15.0043 3064 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
    00:45:15.0043 3064 pcw - ok
    00:45:15.0059 3064 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    00:45:15.0074 3064 PEAUTH - ok
    00:45:15.0137 3064 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
    00:45:15.0308 3064 PerfHost - ok
    00:45:15.0371 3064 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
    00:45:15.0402 3064 pla - ok
    00:45:15.0433 3064 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    00:45:15.0449 3064 PlugPlay - ok
    00:45:15.0449 3064 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
    00:45:15.0449 3064 PNRPAutoReg - ok
    00:45:15.0464 3064 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
    00:45:15.0464 3064 PNRPsvc - ok
    00:45:15.0495 3064 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    00:45:15.0511 3064 PolicyAgent - ok
    00:45:15.0558 3064 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
    00:45:15.0558 3064 Power - ok
    00:45:15.0589 3064 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    00:45:15.0589 3064 PptpMiniport - ok
    00:45:15.0605 3064 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
    00:45:15.0605 3064 Processor - ok
    00:45:15.0651 3064 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
    00:45:15.0651 3064 ProfSvc - ok
    00:45:15.0667 3064 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
    00:45:15.0667 3064 ProtectedStorage - ok
    00:45:15.0698 3064 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
    00:45:15.0714 3064 Psched - ok
    00:45:15.0745 3064 [ A6A7AD767BF5141665F5C675F671B3E1 ] PSI_SVC_2 C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    00:45:15.0761 3064 PSI_SVC_2 - ok
    00:45:15.0807 3064 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
    00:45:15.0839 3064 ql2300 - ok
    00:45:15.0854 3064 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
    00:45:15.0854 3064 ql40xx - ok
    00:45:15.0885 3064 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
    00:45:15.0885 3064 QWAVE - ok
    00:45:15.0917 3064 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    00:45:15.0917 3064 QWAVEdrv - ok
    00:45:15.0963 3064 [ A55E7D0D873B2C97585B3B5926AC6ADE ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll
    00:45:15.0979 3064 RapiMgr - ok
    00:45:15.0979 3064 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    00:45:15.0979 3064 RasAcd - ok
    00:45:16.0010 3064 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
    00:45:16.0010 3064 RasAgileVpn - ok
    00:45:16.0026 3064 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
    00:45:16.0026 3064 RasAuto - ok
    00:45:16.0057 3064 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    00:45:16.0057 3064 Rasl2tp - ok
    00:45:16.0088 3064 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
    00:45:16.0104 3064 RasMan - ok
    00:45:16.0119 3064 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    00:45:16.0119 3064 RasPppoe - ok
    00:45:16.0135 3064 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    00:45:16.0135 3064 RasSstp - ok
    00:45:16.0166 3064 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    00:45:16.0182 3064 rdbss - ok
    00:45:16.0197 3064 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
    00:45:16.0197 3064 rdpbus - ok
    00:45:16.0213 3064 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    00:45:16.0213 3064 RDPCDD - ok
    00:45:16.0229 3064 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    00:45:16.0229 3064 RDPENCDD - ok
    00:45:16.0244 3064 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
    00:45:16.0244 3064 RDPREFMP - ok
    00:45:16.0275 3064 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    00:45:16.0275 3064 RDPWD - ok
    00:45:16.0338 3064 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
    00:45:16.0338 3064 rdyboost - ok
    00:45:16.0353 3064 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
    00:45:16.0353 3064 RemoteAccess - ok
    00:45:16.0385 3064 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    00:45:16.0385 3064 RemoteRegistry - ok
    00:45:16.0447 3064 [ 498EB62A160674E793FA40FD65390625 ] RichVideo C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    00:45:16.0463 3064 RichVideo - ok
    00:45:16.0478 3064 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
    00:45:16.0478 3064 RpcEptMapper - ok
    00:45:16.0494 3064 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
    00:45:16.0494 3064 RpcLocator - ok
    00:45:16.0541 3064 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
    00:45:16.0556 3064 RpcSs - ok
    00:45:16.0587 3064 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    00:45:16.0587 3064 rspndr - ok
    00:45:16.0634 3064 [ B49DC435AE3695BAC5623DD94B05732D ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
    00:45:16.0634 3064 RTL8167 - ok
    00:45:16.0634 3064 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
    00:45:16.0650 3064 SamSs - ok
    00:45:16.0665 3064 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    00:45:16.0665 3064 sbp2port - ok
    00:45:16.0681 3064 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
    00:45:16.0681 3064 SCardSvr - ok
    00:45:16.0712 3064 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
    00:45:16.0712 3064 scfilter - ok
    00:45:16.0743 3064 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
    00:45:16.0759 3064 Schedule - ok
    00:45:16.0806 3064 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
    00:45:16.0821 3064 SCPolicySvc - ok
    00:45:16.0931 3064 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
    00:45:16.0931 3064 sdbus - ok
    00:45:16.0993 3064 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    00:45:16.0993 3064 SDRSVC - ok
    00:45:17.0024 3064 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    00:45:17.0024 3064 secdrv - ok
    00:45:17.0071 3064 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
    00:45:17.0071 3064 seclogon - ok
    00:45:17.0087 3064 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
    00:45:17.0087 3064 SENS - ok
    00:45:17.0149 3064 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
    00:45:17.0149 3064 SensrSvc - ok
    00:45:17.0180 3064 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
    00:45:17.0180 3064 Serenum - ok
    00:45:17.0196 3064 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
    00:45:17.0196 3064 Serial - ok
    00:45:17.0258 3064 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
    00:45:17.0258 3064 sermouse - ok
    00:45:17.0321 3064 [ 7B51D631CACD0EEEAA7ED20EDB1A7AFA ] Service Sendori C:\Program Files (x86)\Sendori\Sendori.Service.exe
    00:45:17.0321 3064 Service Sendori - ok
    00:45:17.0367 3064 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
    00:45:17.0367 3064 SessionEnv - ok
    00:45:17.0383 3064 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    00:45:17.0383 3064 sffdisk - ok
    00:45:17.0399 3064 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    00:45:17.0399 3064 sffp_mmc - ok
    00:45:17.0414 3064 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    00:45:17.0414 3064 sffp_sd - ok
    00:45:17.0430 3064 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
    00:45:17.0430 3064 sfloppy - ok
    00:45:17.0445 3064 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
    00:45:17.0461 3064 SharedAccess - ok
    00:45:17.0492 3064 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    00:45:17.0508 3064 ShellHWDetection - ok
    00:45:17.0539 3064 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
    00:45:17.0539 3064 SiSRaid2 - ok
    00:45:17.0555 3064 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
    00:45:17.0555 3064 SiSRaid4 - ok
    00:45:17.0648 3064 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
    00:45:17.0648 3064 SkypeUpdate - ok
    00:45:17.0695 3064 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    00:45:17.0695 3064 Smb - ok
    00:45:17.0789 3064 [ 4E9E7C7D857EA1C83BE6160DAE25B4DA ] sndappv2 C:\Program Files (x86)\Sendori\sndappv2.exe
    00:45:17.0867 3064 sndappv2 - ok
    00:45:17.0882 3064 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    00:45:17.0882 3064 SNMPTRAP - ok
    00:45:17.0898 3064 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
    00:45:17.0898 3064 spldr - ok
    00:45:17.0929 3064 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
    00:45:17.0945 3064 Spooler - ok
    00:45:18.0023 3064 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
    00:45:18.0101 3064 sppsvc - ok
    00:45:18.0101 3064 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
    00:45:18.0116 3064 sppuinotify - ok
    00:45:18.0147 3064 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
    00:45:18.0147 3064 srv - ok
    00:45:18.0179 3064 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    00:45:18.0179 3064 srv2 - ok
    00:45:18.0225 3064 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
    00:45:18.0225 3064 SrvHsfHDA - ok
    00:45:18.0272 3064 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
    00:45:18.0303 3064 SrvHsfV92 - ok
    00:45:18.0319 3064 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
    00:45:18.0350 3064 SrvHsfWinac - ok
    00:45:18.0366 3064 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    00:45:18.0366 3064 srvnet - ok
    00:45:18.0397 3064 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    00:45:18.0397 3064 SSDPSRV - ok
    00:45:18.0413 3064 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
    00:45:18.0428 3064 SstpSvc - ok
    00:45:18.0522 3064 [ 810199DCC3BDC38304D7D649992EA7BC ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe
    00:45:18.0537 3064 STacSV - ok
    00:45:18.0553 3064 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
    00:45:18.0569 3064 stexstor - ok
    00:45:18.0615 3064 [ ED1722F43CE61409EF68340402D6267D ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
    00:45:18.0615 3064 STHDA - ok
    00:45:18.0662 3064 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
    00:45:18.0662 3064 StillCam - ok
    00:45:18.0693 3064 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
    00:45:18.0709 3064 stisvc - ok
    00:45:18.0740 3064 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
    00:45:18.0740 3064 swenum - ok
    00:45:18.0771 3064 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
    00:45:18.0787 3064 swprv - ok
    00:45:18.0818 3064 [ 3A706A967295E16511E40842B1A2761D ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
    00:45:18.0818 3064 SynTP - ok
    00:45:18.0881 3064 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
    00:45:18.0912 3064 SysMain - ok
    00:45:18.0943 3064 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
    00:45:18.0959 3064 TabletInputService - ok
    00:45:18.0990 3064 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
    00:45:18.0990 3064 TapiSrv - ok
    00:45:19.0005 3064 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
    00:45:19.0005 3064 TBS - ok
    00:45:19.0068 3064 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    00:45:19.0115 3064 Tcpip - ok
    00:45:19.0161 3064 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
    00:45:19.0177 3064 TCPIP6 - ok
    00:45:19.0224 3064 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    00:45:19.0224 3064 tcpipreg - ok
    00:45:19.0255 3064 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    00:45:19.0255 3064 TDPIPE - ok
    00:45:19.0286 3064 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    00:45:19.0286 3064 TDTCP - ok
    00:45:19.0333 3064 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    00:45:19.0333 3064 tdx - ok
    00:45:19.0380 3064 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
    00:45:19.0380 3064 TermDD - ok
    00:45:19.0395 3064 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
    00:45:19.0411 3064 TermService - ok
    00:45:19.0442 3064 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
    00:45:19.0442 3064 Themes - ok
    00:45:19.0458 3064 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
    00:45:19.0458 3064 THREADORDER - ok
    00:45:19.0473 3064 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
    00:45:19.0473 3064 TrkWks - ok
    00:45:19.0520 3064 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    00:45:19.0536 3064 TrustedInstaller - ok
    00:45:19.0567 3064 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    00:45:19.0567 3064 tssecsrv - ok
    00:45:19.0614 3064 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
    00:45:19.0614 3064 TsUsbFlt - ok
    00:45:19.0661 3064 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    00:45:19.0661 3064 tunnel - ok
    00:45:19.0676 3064 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
    00:45:19.0692 3064 uagp35 - ok
    00:45:19.0707 3064 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    00:45:19.0707 3064 udfs - ok
    00:45:19.0723 3064 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    00:45:19.0723 3064 UI0Detect - ok
    00:45:19.0739 3064 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    00:45:19.0739 3064 uliagpkx - ok
    00:45:19.0785 3064 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
    00:45:19.0785 3064 umbus - ok
    00:45:19.0801 3064 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
    00:45:19.0801 3064 UmPass - ok
    00:45:19.0832 3064 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
    00:45:19.0832 3064 upnphost - ok
    00:45:19.0879 3064 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
    00:45:19.0879 3064 USBAAPL64 - ok
    00:45:19.0895 3064 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    00:45:19.0895 3064 usbccgp - ok
    00:45:19.0926 3064 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
    00:45:19.0941 3064 usbcir - ok
    00:45:19.0941 3064 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
    00:45:19.0941 3064 usbehci - ok
    00:45:19.0973 3064 [ 44D9C773FEBFF10593B50DDFC2D6BC27 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
    00:45:19.0973 3064 usbfilter - ok
    00:45:20.0004 3064 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    00:45:20.0004 3064 usbhub - ok
    00:45:20.0019 3064 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
    00:45:20.0019 3064 usbohci - ok
    00:45:20.0051 3064 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
    00:45:20.0066 3064 usbprint - ok
    00:45:20.0097 3064 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
    00:45:20.0097 3064 usbscan - ok
    00:45:20.0097 3064 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    00:45:20.0113 3064 USBSTOR - ok
    00:45:20.0129 3064 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
    00:45:20.0129 3064 usbuhci - ok
    00:45:20.0144 3064 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
    00:45:20.0144 3064 usbvideo - ok
    00:45:20.0191 3064 [ 70D05EE263568A742D14E1876DF80532 ] usb_rndisx C:\Windows\system32\drivers\usb8023x.sys
    00:45:20.0191 3064 usb_rndisx - ok
    00:45:20.0207 3064 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
    00:45:20.0222 3064 UxSms - ok
    00:45:20.0222 3064 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
    00:45:20.0222 3064 VaultSvc - ok
    00:45:20.0238 3064 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
    00:45:20.0238 3064 vdrvroot - ok
    00:45:20.0269 3064 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
    00:45:20.0300 3064 vds - ok
    00:45:20.0316 3064 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    00:45:20.0316 3064 vga - ok
    00:45:20.0331 3064 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
    00:45:20.0331 3064 VgaSave - ok
    00:45:20.0347 3064 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
    00:45:20.0363 3064 vhdmp - ok
    00:45:20.0378 3064 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
    00:45:20.0378 3064 viaide - ok
    00:45:20.0394 3064 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    00:45:20.0394 3064 volmgr - ok
    00:45:20.0425 3064 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    00:45:20.0425 3064 volmgrx - ok
    00:45:20.0456 3064 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
    00:45:20.0456 3064 volsnap - ok
    00:45:20.0487 3064 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
    00:45:20.0503 3064 vsmraid - ok
    00:45:20.0550 3064 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
    00:45:20.0581 3064 VSS - ok
    00:45:20.0597 3064 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
    00:45:20.0597 3064 vwifibus - ok
    00:45:20.0628 3064 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
    00:45:20.0628 3064 vwififlt - ok
    00:45:20.0675 3064 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
    00:45:20.0675 3064 vwifimp - ok
    00:45:20.0721 3064 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
    00:45:20.0721 3064 W32Time - ok
    00:45:20.0753 3064 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
    00:45:20.0753 3064 WacomPen - ok
    00:45:20.0799 3064 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
    00:45:20.0799 3064 WANARP - ok
    00:45:20.0815 3064 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    00:45:20.0815 3064 Wanarpv6 - ok
    00:45:20.0862 3064 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
    00:45:20.0893 3064 WatAdminSvc - ok
    00:45:20.0955 3064 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
    00:45:20.0987 3064 wbengine - ok
    00:45:21.0002 3064 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
    00:45:21.0018 3064 WbioSrvc - ok
    00:45:21.0065 3064 [ 8BDA6DB43AA54E8BB5E0794541DDC209 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll
    00:45:21.0065 3064 WcesComm - ok
    00:45:21.0111 3064 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
    00:45:21.0111 3064 wcncsvc - ok
    00:45:21.0127 3064 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    00:45:21.0127 3064 WcsPlugInService - ok
    00:45:21.0158 3064 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
    00:45:21.0158 3064 Wd - ok
    00:45:21.0174 3064 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    00:45:21.0205 3064 Wdf01000 - ok
    00:45:21.0205 3064 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
    00:45:21.0221 3064 WdiServiceHost - ok
    00:45:21.0221 3064 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
    00:45:21.0221 3064 WdiSystemHost - ok
    00:45:21.0236 3064 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
    00:45:21.0252 3064 WebClient - ok
    00:45:21.0252 3064 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
    00:45:21.0267 3064 Wecsvc - ok
    00:45:21.0267 3064 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    00:45:21.0283 3064 wercplsupport - ok
    00:45:21.0283 3064 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
    00:45:21.0283 3064 WerSvc - ok
    00:45:21.0314 3064 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
    00:45:21.0330 3064 WfpLwf - ok
    00:45:21.0345 3064 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
    00:45:21.0345 3064 WIMMount - ok
    00:45:21.0361 3064 WinDefend - ok
    00:45:21.0361 3064 WinHttpAutoProxySvc - ok
    00:45:21.0408 3064 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    00:45:21.0408 3064 Winmgmt - ok
    00:45:21.0470 3064 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
    00:45:21.0517 3064 WinRM - ok
    00:45:21.0564 3064 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
    00:45:21.0564 3064 WinUsb - ok
    00:45:21.0595 3064 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
    00:45:21.0626 3064 Wlansvc - ok
    00:45:21.0735 3064 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
    00:45:21.0751 3064 wlcrasvc - ok
    00:45:21.0845 3064 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    00:45:21.0907 3064 wlidsvc - ok
    00:45:21.0923 3064 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
    00:45:21.0923 3064 WmiAcpi - ok
    00:45:21.0954 3064 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    00:45:21.0954 3064 wmiApSrv - ok
    00:45:21.0985 3064 WMPNetworkSvc - ok
    00:45:22.0001 3064 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
    00:45:22.0001 3064 WPCSvc - ok
    00:45:22.0016 3064 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    00:45:22.0032 3064 WPDBusEnum - ok
    00:45:22.0047 3064 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    00:45:22.0047 3064 ws2ifsl - ok
    00:45:22.0063 3064 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
    00:45:22.0063 3064 wscsvc - ok
    00:45:22.0063 3064 WSearch - ok
    00:45:22.0141 3064 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
    00:45:22.0188 3064 wuauserv - ok
    00:45:22.0219 3064 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    00:45:22.0219 3064 WudfPf - ok
    00:45:22.0266 3064 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    00:45:22.0266 3064 WUDFRd - ok
    00:45:22.0297 3064 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    00:45:22.0297 3064 wudfsvc - ok
    00:45:22.0328 3064 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
    00:45:22.0328 3064 WwanSvc - ok
    00:45:22.0422 3064 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
    00:45:22.0437 3064 YahooAUService - ok
    00:45:22.0469 3064 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
    00:45:22.0469 3064 yukonw7 - ok
    00:45:22.0500 3064 ================ Scan global ===============================
    00:45:22.0515 3064 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
    00:45:22.0547 3064 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
    00:45:22.0562 3064 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
    00:45:22.0593 3064 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
    00:45:22.0593 3064 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
    00:45:22.0609 3064 [Global] - ok
    00:45:22.0609 3064 ================ Scan MBR ==================================
    00:45:22.0609 3064 [ 54899EFEDDC7CC50FAD782DFCF105EAE ] \Device\Harddisk0\DR0
    00:45:22.0609 3064 Suspicious mbr (Forged): \Device\Harddisk0\DR0
    00:45:22.0687 3064 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
    00:45:22.0687 3064 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
    00:45:22.0687 3064 ================ Scan VBR ==================================
    00:45:22.0687 3064 [ C5BCE8938BC8AADC11AEDF6DCEEDE09C ] \Device\Harddisk0\DR0\Partition1
    00:45:22.0687 3064 \Device\Harddisk0\DR0\Partition1 - ok
    00:45:22.0703 3064 [ 983054DED5B96046F45F317903AD762D ] \Device\Harddisk0\DR0\Partition2
    00:45:22.0703 3064 \Device\Harddisk0\DR0\Partition2 - ok
    00:45:22.0734 3064 [ 5FB64333F5DD0B0F0E4B9FCB7231284F ] \Device\Harddisk0\DR0\Partition3
    00:45:22.0749 3064 \Device\Harddisk0\DR0\Partition3 - ok
    00:45:22.0749 3064 ============================================================
    00:45:22.0749 3064 Scan finished
    00:45:22.0749 3064 ============================================================
    00:45:22.0749 3056 Detected object count: 2
    00:45:22.0749 3056 Actual detected object count: 2
    00:46:36.0803 3056 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
    00:46:36.0803 3056 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
    00:46:37.0598 3056 \Device\Harddisk0\DR0\# - copied to quarantine
    00:46:37.0598 3056 \Device\Harddisk0\DR0 - copied to quarantine
    00:46:37.0692 3056 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
    00:46:37.0708 3056 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
    00:46:37.0739 3056 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
    00:46:37.0754 3056 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
    00:46:37.0754 3056 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
    00:46:37.0770 3056 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
    00:46:37.0770 3056 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
    00:46:37.0770 3056 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
    00:46:37.0770 3056 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
    00:46:37.0786 3056 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
    00:46:37.0786 3056 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
    00:46:37.0786 3056 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
    00:46:37.0879 3056 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
    00:46:37.0879 3056 \Device\Harddisk0\DR0 - ok
    00:46:38.0347 3056 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
    00:46:43.0870 2968 Deinitialize success
     
  23. TruelightE525

    TruelightE525 TS Rookie Topic Starter Posts: 44

    Hi Broni,

    Here is the latest MBAM log:

    Malwarebytes Anti-Malware 1.65.1.1000
    www.malwarebytes.org

    Database version: v2012.11.15.08

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    kc :: KC-PC [administrator]

    11/16/2012 1:12:16 AM
    mbam-log-2012-11-16 (01-12-16).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 225005
    Time elapsed: 10 minute(s), 3 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 3
    C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Users\kc\Local Settings\Application Data\chromeupdate.crx (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Users\kc\AppData\Local\chromeupdate.crx (Trojan.Agent) -> Quarantined and deleted successfully.

    (end)
     
  24. TruelightE525

    TruelightE525 TS Rookie Topic Starter Posts: 44

    Hi Broni,

    Below is the RogueKiller log contents:

    RogueKiller V8.2.3 [11/07/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Website: http://tigzy.geekstogo.com/roguekiller.php
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : kc [Admin rights]
    Mode : Remove -- Date : 11/16/2012 01:44:51

    ¤¤¤ Bad processes : 1 ¤¤¤
    [SUSP PATH][DLL] rundll32.exe -- C:\Windows\SysWOW64\rundll32.exe : C:\Users\kc\AppData\Roaming\nsetfg.dll -> KILLED [TermProc]

    ¤¤¤ Registry Entries : 14 ¤¤¤
    [RUN][ROGUE ST] HKCU\[...]\Run : DriverScanner ("C:\PROGRA~2\Uniblue\DRIVER~1\launcher.exe" delay 20000 ) -> DELETED
    [RUN][SUSP PATH] HKLM\[...]\Run : WMNetMgr (C:\Users\kc\AppData\Local\Microsoft\Windows\18\WMNetMgr.exe) -> DELETED
    [RUN][SUSP PATH] HKLM\[...]\Run : iatufg (rundll32.exe "C:\Users\kc\AppData\Roaming\iatufg.dll",GetCounter) -> DELETED
    [RUN][SUSP PATH] HKLM\[...]\Run : nsetfg ("C:\Windows\System32\rundll32.exe" "C:\Users\kc\AppData\Roaming\nsetfg.dll",set_packing) -> DELETED
    [RUN][SUSP PATH] HKUS\S-1-5-19[...]\Run : CyberLink (rundll32.exe "C:\Users\kc\AppData\Local\Dell\CyberLink\tluljl.dll",ASN1_TIME_checkW) -> DELETED
    [RUN][SUSP PATH] HKUS\S-1-5-20[...]\Run : CyberLink (rundll32.exe "C:\Users\kc\AppData\Local\Dell\CyberLink\tluljl.dll",ASN1_TIME_checkW) -> DELETED
    [RUN][SUSP PATH] HKUS\S-1-5-21-3380616676-2187846278-3982259641-1001_Classes[...]\Run : CyberLink (rundll32.exe "C:\Users\kc\AppData\Local\Dell\CyberLink\tluljl.dll",ASN1_TIME_checkW) -> DELETED
    [TASK][SUSP PATH] Update Check : C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe /s /p 1 -> DELETED
    [DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{F93EDB5A-0437-4FB0-AE65-C0D7F6B17378} : NameServer (216.146.35.240,216.146.36.240,75.75.75.75,75.75.76.76) -> NOT REMOVED, USE DNSFIX
    [DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{F93EDB5A-0437-4FB0-AE65-C0D7F6B17378} : NameServer (216.146.35.240,216.146.36.240,75.75.75.75,75.75.76.76) -> NOT REMOVED, USE DNSFIX
    [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
    [HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

    ¤¤¤ Particular Files / Folders: ¤¤¤
    [ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-18\$e9ea9d6614e30f568bd32a7abea33c20\@ --> REMOVED
    [ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-3380616676-2187846278-3982259641-1001\$e9ea9d6614e30f568bd32a7abea33c20\@ --> REMOVED
    [ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-18\$e9ea9d6614e30f568bd32a7abea33c20\U --> REMOVED
    [ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-3380616676-2187846278-3982259641-1001\$e9ea9d6614e30f568bd32a7abea33c20\U --> REMOVED
    [ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-18\$e9ea9d6614e30f568bd32a7abea33c20\L --> REMOVED
    [ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-3380616676-2187846278-3982259641-1001\$e9ea9d6614e30f568bd32a7abea33c20\L --> REMOVED

    ¤¤¤ Driver : [NOT LOADED] ¤¤¤

    ¤¤¤ Infection : ZeroAccess ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts



    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: ST9500420AS ATA Device +++++
    --- User ---
    [MBR] d1e41d6eb1523095bbce8e31a6b3dcfc
    [BSP] 7642e7a786131a3ca407809e18555274 : Windows Vista/7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 460936 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 944406528 | Size: 15700 Mo
    3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 976560128 | Size: 103 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[2]_D_11162012_02d0144.txt >>
    RKreport[1]_S_11162012_02d0142.txt ; RKreport[2]_D_11162012_02d0144.txt


    Broni, Thanks for all your help! It feels like we're getting close to the end of this process. Is that true?
     
  25. TruelightE525

    TruelightE525 TS Rookie Topic Starter Posts: 44

    Hi Broni,

    Here are the aswMBR log contents:

    aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
    Run date: 2012-11-16 01:57:35
    -----------------------------
    01:57:35.330 OS Version: Windows x64 6.1.7601 Service Pack 1
    01:57:35.330 Number of processors: 2 586 0x602
    01:57:35.330 ComputerName: KC-PC UserName: kc
    01:57:37.280 Initialize success
    01:59:30.297 AVAST engine defs: 12111501
    01:59:38.299 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    01:59:38.315 Disk 0 Vendor: ST9500420AS 0003HPM1 Size: 476940MB BusType: 11
    01:59:38.315 Disk 0 MBR read successfully
    01:59:38.315 Disk 0 MBR scan
    01:59:38.331 Disk 0 unknown MBR code
    01:59:38.331 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
    01:59:38.377 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 460936 MB offset 409600
    01:59:38.440 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 15700 MB offset 944406528
    01:59:38.487 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 976560128
    01:59:38.736 Disk 0 scanning C:\Windows\system32\drivers
    01:59:55.662 Service scanning
    02:00:35.305 Modules scanning
    02:00:35.320 Disk 0 trace - called modules:
    02:00:35.336 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
    02:00:35.352 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004672060]
    02:00:35.367 3 CLASSPNP.SYS[fffff880010eb43f] -> nt!IofCallDriver -> [0xfffffa8004671040]
    02:00:35.383 5 hpdskflt.sys[fffff88001c4e2bd] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80045f6060]
    02:00:38.505 AVAST engine scan C:\Windows
    02:00:43.512 AVAST engine scan C:\Windows\system32
    02:05:53.180 AVAST engine scan C:\Windows\system32\drivers
    02:06:13.070 AVAST engine scan C:\Users\kc
    02:39:52.748 AVAST engine scan C:\ProgramData
    02:46:46.397 Scan finished successfully
    02:53:17.068 Disk 0 MBR has been saved successfully to "C:\Users\kc\Desktop\MBR.dat"
    02:53:17.162 The log file has been saved successfully to "C:\Users\kc\Desktop\aswMBR.txt"

    What's the next step? My PC hasn't crashed in awhile...
     


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.