Solved After removing FBI Moneypak Ransomware, svchost.exe Trojan on Windows 7 keeps returning

[TruelightE525]

Can anyone help me permanently remove the Trojan horse disguised as svchost.exe from a Windows 7 computer? I started out having the FBI Moneypak Ransomware virus on the PC. So after doing some research, I downloaded Malwarebytes Anti-Malware software in order to clean the PC of this troublesome ransomware. Well, after cleaning up (I think!) the ransomware, now I can't get rid of a Trojan horse that looks like svchost.exe.

I've been continuing to use Malwarebytes to do full scans of the PC and remove the svchost.exe Trojan files (and any related files). But everytime I restart the PC, the svchost.exe Trojan is back again. It doesn't seem to matter how many times I run Malwarebytes, or whether I'm in Safe Mode or Safe Mode with Networking. This svchost.exe Trojan will not be removed.

I haven't tried other anti-virus tools yet, but I have tried to search for and manually delete specific infected files (to no avail). I'm not familiar with creating the various logs that I've seen in other uses post, but I do have several logs from Malwarebytes that I can copy and paste to this forum, if it would help resolve this issue. I've been working to resolve this problem for several days now, so I have logs from multiple days. Please let me know if you will only need the most recent logs from today, or if you need logs from the past as well that may include info from the FBI Moneypak ransomware. Thanks in advance for any assistance you can provide!

 

[Broni]

Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

 

[TruelightE525]

Hi Broni,

I'm worried. I began to execute the steps you sent me from https://www.techspot.com/community/topics/updated-4-step-viruses-spyware-malware-removal-preliminary-instructions.58138/. So, far I have only been able to complete Steps 1 and 2. While in the process on completing Steps 1 and 2, my computer crashed several times (blue screen) and I had to reboot. Now, in Step 3 (GMER), during the latest crash and reboot cycle, Windows automatically began Startup Repair which says, "Your computer was unable to start Startup Repair is checking your system for problems...". It goes on to say, "If problems are found, Startup Repair will fix them automatically. Your computer might restart several times during this process. No changes will be made to your personal files or information. This might take several minutes." Finally, there is a moving bar which scrolls across the screen continuously, beneath which are the words, "Attempting repairs..." There is a Cancel button that I can click to stop the Startup Repair process, but I don't know what that will do and I'm concerned that I won't be able to start the PC if I cancel out of the process.

So far, I have only a log file for MalwareBytes, but I'm concerned about this Startup Repair process because your instructions indicated I should refrain from "running any tools, fixes, or applying any changes", and it seems like Startup Repair might be doing just that! It's been running for the last 10 minutes with no other indications when the process will end. Please help! I've include the only Log info I have so far, from MalwareBytes. Fortunately, I emailed this Log info to my MacBook (which works fine) before the Startup Repair process began on the PC:

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.15.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
kc :: KC-PC [administrator]

11/15/2012 9:58:35 AM
mbam-log-2012-11-15 (09-58-35).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 227262
Time elapsed: 14 minute(s), 45 second(s)

Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 5024 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.
C:\Users\kc\Local Settings\Application Data\chromeupdate.crx (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\kc\AppData\Local\chromeupdate.crx (Trojan.Agent) -> Quarantined and deleted successfully.

(end)[FONT=Comic Sans MS][/FONT]

 

[Broni]

Download TDSSKiller and save it to your desktop.

• Extract (unzip) its contents to your desktop.
• Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
• If an infected file is detected, the default action will be Cure, click on Continue.
• If a suspicious file is detected, the default action will be Skip, click on Continue.
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

 

[TruelightE525]

Hi Broni,

Thanks for the response. I ran TDSSKiller and I will be sending the contents of the log file in a few minutes from another computer. I have to split the log because it exceeds 50,000 characters. Also, I have more info to share with you, but I will do that in another post because I need to send the log to my other computer before my infected PC crashes again. I hope you will still be available in a few minutes...

 

[TruelightE525]

Hi Broni, Below is the first part of the TDSSKiller log contents:

19:43:29.0456 7136 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
19:43:30.0158 7136 ============================================================
19:43:30.0158 7136 Current date / time: 2012/11/15 19:43:30.0158
19:43:30.0158 7136 SystemInfo:
19:43:30.0158 7136
19:43:30.0158 7136 OS Version: 6.1.7601 ServicePack: 1.0
19:43:30.0158 7136 Product type: Workstation
19:43:30.0158 7136 ComputerName: KC-PC
19:43:30.0158 7136 UserName: kc
19:43:30.0158 7136 Windows directory: C:\Windows
19:43:30.0158 7136 System windows directory: C:\Windows
19:43:30.0158 7136 Running under WOW64
19:43:30.0158 7136 Processor architecture: Intel x64
19:43:30.0158 7136 Number of processors: 2
19:43:30.0158 7136 Page size: 0x1000
19:43:30.0158 7136 Boot type: Normal boot
19:43:30.0158 7136 ============================================================
19:43:32.0248 7136 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
19:43:32.0389 7136 ============================================================
19:43:32.0389 7136 \Device\Harddisk0\DR0:
19:43:32.0404 7136 MBR partitions:
19:43:32.0404 7136 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
19:43:32.0404 7136 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x38444000
19:43:32.0404 7136 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x384A8000, BlocksNum 0x1EAA000
19:43:32.0404 7136 ============================================================
19:43:32.0420 7136 C: <-> \Device\Harddisk0\DR0\Partition2
19:43:32.0451 7136 D: <-> \Device\Harddisk0\DR0\Partition3
19:43:32.0467 7136 ============================================================
19:43:32.0467 7136 Initialize success
19:43:32.0467 7136 ============================================================
19:43:37.0896 6344 ============================================================
19:43:37.0896 6344 Scan started
19:43:37.0896 6344 Mode: Manual;
19:43:37.0896 6344 ============================================================
19:43:39.0612 6344 ================ Scan system memory ========================
19:43:39.0612 6344 System memory - ok
19:43:39.0612 6344 ================ Scan services =============================
19:43:40.0282 6344 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
19:43:40.0282 6344 1394ohci - ok
19:43:40.0314 6344 [ 3E2427D4966C7606097341E55AB4E105 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys
19:43:40.0314 6344 Accelerometer - ok
19:43:40.0345 6344 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
19:43:40.0360 6344 ACPI - ok
19:43:40.0392 6344 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
19:43:40.0407 6344 AcpiPmi - ok
19:43:40.0641 6344 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
19:43:40.0657 6344 AdobeARMservice - ok
19:43:41.0078 6344 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
19:43:41.0078 6344 AdobeFlashPlayerUpdateSvc - ok
19:43:41.0140 6344 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
19:43:41.0156 6344 adp94xx - ok
19:43:41.0172 6344 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
19:43:41.0187 6344 adpahci - ok
19:43:41.0187 6344 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
19:43:41.0203 6344 adpu320 - ok
19:43:41.0234 6344 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:43:41.0234 6344 AeLookupSvc - ok
19:43:41.0281 6344 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
19:43:41.0281 6344 AFD - ok
19:43:41.0437 6344 [ B65F8DBA54F251906BBE8611B5A0E7AB ] AgereModemAudio C:\Program Files\LSI SoftModem\agr64svc.exe
19:43:41.0437 6344 AgereModemAudio - ok
19:43:41.0499 6344 [ AF4748EF93416159459769A24A0053AF ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys
19:43:41.0546 6344 AgereSoftModem - ok
19:43:41.0608 6344 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
19:43:41.0608 6344 agp440 - ok
19:43:42.0201 6344 [ B9B98E08EC127900025F42462D3D0A66 ] Akamai c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll
19:43:42.0201 6344 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll. md5: B9B98E08EC127900025F42462D3D0A66
19:43:42.0217 6344 Akamai ( HiddenFile.Multi.Generic ) - warning
19:43:42.0217 6344 Akamai - detected HiddenFile.Multi.Generic (1)
19:43:42.0264 6344 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
19:43:42.0264 6344 ALG - ok
19:43:42.0279 6344 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
19:43:42.0279 6344 aliide - ok
19:43:42.0326 6344 [ D0D8877969011D1B0ED9C3C55A9A9108 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
19:43:42.0342 6344 AMD External Events Utility - ok
19:43:42.0357 6344 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
19:43:42.0357 6344 amdide - ok
19:43:42.0388 6344 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
19:43:42.0404 6344 AmdK8 - ok
19:43:42.0420 6344 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
19:43:42.0420 6344 AmdPPM - ok
19:43:42.0466 6344 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
19:43:42.0466 6344 amdsata - ok
19:43:42.0498 6344 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
19:43:42.0498 6344 amdsbs - ok
19:43:42.0529 6344 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
19:43:42.0529 6344 amdxata - ok
19:43:42.0576 6344 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
19:43:42.0576 6344 AppID - ok
19:43:42.0622 6344 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
19:43:42.0622 6344 AppIDSvc - ok
19:43:42.0669 6344 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
19:43:42.0669 6344 Appinfo - ok
19:43:42.0825 6344 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
19:43:42.0841 6344 Apple Mobile Device - ok
19:43:42.0950 6344 [ 44F0479ACDBC24D20C62B63E23720B4A ] Application Sendori C:\Program Files (x86)\Sendori\SendoriSvc.exe
19:43:42.0966 6344 Application Sendori - ok
19:43:42.0997 6344 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
19:43:42.0997 6344 arc - ok
19:43:43.0044 6344 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
19:43:43.0044 6344 arcsas - ok
19:43:43.0153 6344 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:43:43.0153 6344 AsyncMac - ok
19:43:43.0184 6344 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
19:43:43.0184 6344 atapi - ok
19:43:43.0293 6344 [ F8633CDD09647A64EE8DB550630427FF ] athr C:\Windows\system32\DRIVERS\athrx.sys
19:43:43.0340 6344 athr - ok
19:43:43.0434 6344 [ 38467FF83C2B4265D51F418812A91E3C ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
19:43:43.0434 6344 AtiHdmiService - ok
19:43:43.0902 6344 [ C5758BF1DFD762A5B17041FF061B7750 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
19:43:44.0058 6344 atikmdag - ok
19:43:44.0120 6344 [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
19:43:44.0136 6344 AtiPcie - ok
19:43:44.0307 6344 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:43:44.0338 6344 AudioEndpointBuilder - ok
19:43:44.0385 6344 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
19:43:44.0401 6344 AudioSrv - ok
19:43:44.0432 6344 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
19:43:44.0448 6344 AxInstSV - ok
19:43:44.0541 6344 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
19:43:44.0557 6344 b06bdrv - ok
19:43:44.0697 6344 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
19:43:44.0697 6344 b57nd60a - ok
19:43:45.0087 6344 [ 2ED050291BC1D7F9E322E328DB3AAECF ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
19:43:45.0087 6344 BBSvc - ok
19:43:45.0181 6344 [ 785DE7ABDA13309D6065305542829E76 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
19:43:45.0181 6344 BBUpdate - ok
19:43:45.0212 6344 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
19:43:45.0228 6344 BDESVC - ok
19:43:45.0243 6344 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
19:43:45.0243 6344 Beep - ok
19:43:45.0337 6344 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
19:43:45.0384 6344 BFE - ok
19:43:45.0415 6344 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
19:43:45.0430 6344 BITS - ok
19:43:45.0446 6344 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
19:43:45.0446 6344 blbdrive - ok
19:43:45.0524 6344 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:43:45.0524 6344 Bonjour Service - ok
19:43:45.0571 6344 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:43:45.0571 6344 bowser - ok
19:43:45.0633 6344 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:43:45.0649 6344 BrFiltLo - ok
19:43:45.0664 6344 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:43:45.0711 6344 BrFiltUp - ok
19:43:45.0742 6344 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
19:43:45.0742 6344 Browser - ok
19:43:45.0789 6344 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
19:43:45.0789 6344 Brserid - ok
19:43:45.0805 6344 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
19:43:45.0836 6344 BrSerWdm - ok
19:43:45.0867 6344 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
19:43:45.0930 6344 BrUsbMdm - ok
19:43:45.0945 6344 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
19:43:45.0945 6344 BrUsbSer - ok
19:43:45.0961 6344 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
19:43:45.0992 6344 BTHMODEM - ok
19:43:46.0008 6344 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
19:43:46.0023 6344 bthserv - ok
19:43:46.0039 6344 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:43:46.0054 6344 cdfs - ok
19:43:46.0101 6344 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
19:43:46.0101 6344 cdrom - ok
19:43:46.0210 6344 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
19:43:46.0210 6344 CertPropSvc - ok
19:43:46.0273 6344 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
19:43:46.0273 6344 circlass - ok
19:43:46.0320 6344 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
19:43:46.0320 6344 CLFS - ok
19:43:46.0616 6344 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:43:46.0632 6344 clr_optimization_v2.0.50727_32 - ok
19:43:46.0678 6344 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
19:43:46.0678 6344 clr_optimization_v2.0.50727_64 - ok
19:43:46.0756 6344 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:43:46.0772 6344 clr_optimization_v4.0.30319_32 - ok
19:43:46.0850 6344 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
19:43:46.0850 6344 clr_optimization_v4.0.30319_64 - ok
19:43:46.0897 6344 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
19:43:46.0897 6344 CmBatt - ok
19:43:46.0944 6344 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:43:46.0944 6344 cmdide - ok
19:43:47.0053 6344 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
19:43:47.0115 6344 CNG - ok
19:43:47.0256 6344 [ C7A0E61D5714AC20DE52D4F66EC773B8 ] Com4QLBEx C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
19:43:47.0271 6344 Com4QLBEx - ok
19:43:47.0318 6344 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
19:43:47.0318 6344 Compbatt - ok
19:43:47.0380 6344 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
19:43:47.0380 6344 CompositeBus - ok
19:43:47.0396 6344 COMSysApp - ok
19:43:47.0443 6344 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
19:43:47.0443 6344 crcdisk - ok
19:43:47.0817 6344 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:43:47.0817 6344 CryptSvc - ok
19:43:47.0911 6344 [ BF62FF663AE55E4ED99DE76881C2C0F1 ] ctxusbm C:\Windows\system32\DRIVERS\ctxusbm.sys
19:43:47.0926 6344 ctxusbm - ok
19:43:48.0004 6344 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
19:43:48.0020 6344 DcomLaunch - ok
19:43:48.0082 6344 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
19:43:48.0082 6344 defragsvc - ok
19:43:48.0129 6344 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:43:48.0129 6344 DfsC - ok
19:43:48.0207 6344 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
19:43:48.0270 6344 Dhcp - ok
19:43:48.0301 6344 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
19:43:48.0301 6344 discache - ok
19:43:48.0348 6344 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
19:43:48.0348 6344 Disk - ok
19:43:48.0410 6344 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:43:48.0410 6344 Dnscache - ok
19:43:48.0457 6344 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
19:43:48.0457 6344 dot3svc - ok
19:43:48.0488 6344 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
19:43:48.0504 6344 DPS - ok
19:43:48.0535 6344 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:43:48.0535 6344 drmkaud - ok
19:43:48.0582 6344 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:43:48.0582 6344 DXGKrnl - ok
19:43:48.0597 6344 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
19:43:48.0597 6344 EapHost - ok
19:43:48.0722 6344 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
19:43:48.0769 6344 ebdrv - ok
19:43:48.0800 6344 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
19:43:48.0816 6344 EFS - ok
19:43:48.0956 6344 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:43:49.0050 6344 ehRecvr - ok
19:43:49.0065 6344 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
19:43:49.0143 6344 ehSched - ok
19:43:49.0237 6344 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
19:43:49.0237 6344 elxstor - ok
19:43:49.0252 6344 [ 524C79054636D2E5751169005006460B ] enecir C:\Windows\system32\DRIVERS\enecir.sys
19:43:49.0252 6344 enecir - ok
19:43:49.0268 6344 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:43:49.0268 6344 ErrDev - ok
19:43:49.0330 6344 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
19:43:49.0346 6344 EventSystem - ok
19:43:49.0362 6344 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
19:43:49.0377 6344 exfat - ok
19:43:49.0393 6344 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:43:49.0393 6344 fastfat - ok
19:43:49.0440 6344 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
19:43:49.0455 6344 Fax - ok
19:43:49.0502 6344 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
19:43:49.0502 6344 fdc - ok
19:43:49.0533 6344 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
19:43:49.0533 6344 fdPHost - ok
19:43:49.0580 6344 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
19:43:49.0580 6344 FDResPub - ok
19:43:49.0627 6344 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:43:49.0627 6344 FileInfo - ok
19:43:49.0642 6344 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:43:49.0642 6344 Filetrace - ok
19:43:49.0658 6344 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
19:43:49.0658 6344 flpydisk - ok
19:43:49.0720 6344 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:43:49.0720 6344 FltMgr - ok
19:43:49.0798 6344 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
19:43:49.0830 6344 FontCache - ok
19:43:49.0861 6344 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
19:43:49.0876 6344 FontCache3.0.0.0 - ok
19:43:49.0876 6344 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
19:43:49.0876 6344 FsDepends - ok
19:43:49.0939 6344 [ 07DA62C960DDCCC2D35836AEAB4FC578 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
19:43:49.0939 6344 fssfltr - ok
19:43:50.0110 6344 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
19:43:50.0157 6344 fsssvc - ok
19:43:50.0188 6344 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:43:50.0188 6344 Fs_Rec - ok
19:43:50.0235 6344 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
19:43:50.0235 6344 fvevol - ok
19:43:50.0266 6344 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
19:43:50.0266 6344 gagp30kx - ok
19:43:50.0376 6344 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
19:43:50.0376 6344 GamesAppService - ok
19:43:50.0422 6344 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
19:43:50.0422 6344 GEARAspiWDM - ok
19:43:50.0500 6344 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
19:43:50.0532 6344 gpsvc - ok
19:43:50.0672 6344 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:43:50.0672 6344 gupdate - ok
19:43:50.0703 6344 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
19:43:50.0703 6344 gupdatem - ok
19:43:50.0766 6344 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
19:43:50.0781 6344 gusvc - ok
19:43:50.0797 6344 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
19:43:50.0797 6344 hcw85cir - ok
19:43:50.0859 6344 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:43:50.0859 6344 HdAudAddService - ok
19:43:50.0906 6344 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
19:43:50.0906 6344 HDAudBus - ok
19:43:50.0922 6344 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
19:43:50.0922 6344 HidBatt - ok
19:43:50.0968 6344 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
19:43:50.0968 6344 HidBth - ok
19:43:51.0000 6344 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
19:43:51.0000 6344 HidIr - ok
19:43:51.0031 6344 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
19:43:51.0031 6344 hidserv - ok
19:43:51.0093 6344 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:43:51.0109 6344 HidUsb - ok
19:43:51.0140 6344 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:43:51.0156 6344 hkmsvc - ok
19:43:51.0202 6344 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
19:43:51.0218 6344 HomeGroupListener - ok
19:43:51.0265 6344 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
19:43:51.0265 6344 HomeGroupProvider - ok
19:43:51.0358 6344 [ 170233B8D743EFE35F462A5D516B93E3 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
19:43:51.0358 6344 HP Support Assistant Service - ok
19:43:51.0452 6344 [ BCC4A8B2E2E902F52E7F2E7D8E125765 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
19:43:51.0452 6344 HPDrvMntSvc.exe - ok
19:43:51.0483 6344 [ CCBE758967CC0F53F5BA3B271653C4E6 ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys
19:43:51.0483 6344 hpdskflt - ok
19:43:51.0514 6344 [ 9AF482D058BE59CC28BCE52E7C4B747C ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
19:43:51.0514 6344 HpqKbFiltr - ok
19:43:51.0577 6344 [ EC9739A46F1F83C6E52A7A4697F44A65 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
19:43:51.0608 6344 hpqwmiex - ok
19:43:51.0639 6344 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
19:43:51.0639 6344 HpSAMD - ok
19:43:51.0670 6344 [ E2223A37896A76861D7F79FD81A2A193 ] hpsrv C:\Windows\system32\Hpservice.exe
19:43:51.0670 6344 hpsrv - ok
19:43:51.0717 6344 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:43:51.0717 6344 HTTP - ok
19:43:51.0748 6344 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
19:43:51.0748 6344 hwpolicy - ok
19:43:51.0811 6344 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
19:43:51.0811 6344 i8042prt - ok
19:43:51.0858 6344 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
19:43:51.0858 6344 iaStorV - ok
19:43:51.0967 6344 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
19:43:51.0998 6344 idsvc - ok
19:43:52.0388 6344 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
19:43:52.0606 6344 igfx - ok
19:43:52.0638 6344 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
19:43:52.0638 6344 iirsp - ok
19:43:52.0778 6344 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
19:43:52.0825 6344 IKEEXT - ok
19:43:52.0887 6344 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
19:43:52.0887 6344 intelide - ok
19:43:52.0950 6344 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:43:52.0950 6344 intelppm - ok
19:43:52.0981 6344 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:43:52.0996 6344 IPBusEnum - ok
19:43:53.0043 6344 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:43:53.0059 6344 IpFilterDriver - ok
19:43:53.0137 6344 [ A34A587FFFD45FA649FBA6D03784D257 ] IpHlpSvc C:\Windows\System32\iphlpsvc.dll
19:43:53.0168 6344 IpHlpSvc - ok
19:43:53.0184 6344 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
19:43:53.0184 6344 IPMIDRV - ok
19:43:53.0230 6344 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
19:43:53.0230 6344 IPNAT - ok
19:43:53.0402 6344 [ 50D6CCC6FF5561F9F56946B3E6164FB8 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
19:43:53.0449 6344 iPod Service - ok
19:43:53.0480 6344 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:43:53.0480 6344 IRENUM - ok
19:43:53.0511 6344 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:43:53.0511 6344 isapnp - ok
19:43:53.0574 6344 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
19:43:53.0574 6344 iScsiPrt - ok
19:43:53.0620 6344 [ F8844B00C10E386C704C610E95A9847D ] JMCR C:\Windows\system32\DRIVERS\jmcr.sys
19:43:53.0620 6344 JMCR - ok
19:43:53.0636 6344 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
19:43:53.0636 6344 kbdclass - ok
19:43:53.0667 6344 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
19:43:53.0667 6344 kbdhid - ok
19:43:53.0667 6344 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
19:43:53.0667 6344 KeyIso - ok
19:43:53.0714 6344 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:43:53.0714 6344 KSecDD - ok
19:43:53.0745 6344 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
19:43:53.0761 6344 KSecPkg - ok
19:43:53.0776 6344 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
19:43:53.0776 6344 ksthunk - ok
19:43:53.0839 6344 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
19:43:53.0854 6344 KtmRm - ok
19:43:53.0901 6344 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
19:43:53.0901 6344 LanmanServer - ok
19:43:53.0964 6344 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:43:53.0964 6344 LanmanWorkstation - ok
19:43:54.0213 6344 [ 83D8BE94E1CBCBE2EA8372DB1A95A159 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
19:43:54.0213 6344 LightScribeService - ok
19:43:54.0229 6344 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:43:54.0229 6344 lltdio - ok
19:43:54.0276 6344 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:43:54.0291 6344 lltdsvc - ok
19:43:54.0307 6344 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
19:43:54.0307 6344 lmhosts - ok
19:43:54.0322 6344 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
19:43:54.0322 6344 LSI_FC - ok
19:43:54.0369 6344 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
19:43:54.0400 6344 LSI_SAS - ok
19:43:54.0432 6344 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:43:54.0432 6344 LSI_SAS2 - ok
19:43:54.0478 6344 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:43:54.0478 6344 LSI_SCSI - ok
19:43:54.0510 6344 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
19:43:54.0510 6344 luafv - ok
19:43:54.0572 6344 lxcc_device - ok
19:43:54.0634 6344 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
19:43:54.0634 6344 MBAMProtector - ok
19:43:54.0697 6344 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
19:43:54.0712 6344 MBAMScheduler - ok
19:43:54.0744 6344 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
19:43:54.0759 6344 MBAMService - ok
19:43:54.0806 6344 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:43:54.0806 6344 Mcx2Svc - ok
19:43:54.0822 6344 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
19:43:54.0822 6344 megasas - ok
19:43:54.0853 6344 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
19:43:54.0868 6344 MegaSR - ok
19:43:54.0931 6344 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
19:43:54.0931 6344 Microsoft Office Groove Audit Service - ok
19:43:54.0978 6344 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
19:43:54.0978 6344 MMCSS - ok
19:43:54.0993 6344 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
19:43:54.0993 6344 Modem - ok
19:43:55.0009 6344 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:43:55.0009 6344 monitor - ok
19:43:55.0056 6344 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
19:43:55.0056 6344 mouclass - ok
19:43:55.0102 6344 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:43:55.0102 6344 mouhid - ok
19:43:55.0212 6344 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
19:43:55.0212 6344 mountmgr - ok
19:43:55.0290 6344 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
19:43:55.0290 6344 MpFilter - ok
19:43:55.0352 6344 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
19:43:55.0352 6344 mpio - ok
19:43:55.0399 6344 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:43:55.0399 6344 mpsdrv - ok
19:43:55.0461 6344 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
19:43:55.0492 6344 MpsSvc - ok
19:43:55.0539 6344 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:43:55.0539 6344 MRxDAV - ok
19:43:55.0570 6344 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:43:55.0586 6344 mrxsmb - ok
19:43:55.0648 6344 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:43:55.0664 6344 mrxsmb10 - ok
19:43:55.0680 6344 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:43:55.0680 6344 mrxsmb20 - ok
19:43:55.0726 6344 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
19:43:55.0726 6344 msahci - ok
19:43:55.0773 6344 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:43:55.0789 6344 msdsm - ok
19:43:55.0804 6344 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
19:43:56.0038 6344 MSDTC - ok
19:43:56.0179 6344 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:43:56.0194 6344 Msfs - ok
19:43:56.0304 6344 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
19:43:56.0350 6344 mshidkmdf - ok
19:43:56.0428 6344 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:43:56.0428 6344 msisadrv - ok
19:43:56.0444 6344 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:43:56.0460 6344 MSiSCSI - ok
19:43:56.0475 6344 msiserver - ok
19:43:56.0491 6344 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:43:56.0506 6344 MSKSSRV - ok
19:43:56.0600 6344 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
19:43:56.0600 6344 MsMpSvc - ok
19:43:56.0616 6344 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:43:56.0616 6344 MSPCLOCK - ok
19:43:56.0631 6344 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:43:56.0631 6344 MSPQM - ok
19:43:56.0725 6344 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:43:56.0740 6344 MsRPC - ok
19:43:56.0818 6344 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
19:43:56.0818 6344 mssmbios - ok
19:43:56.0818 6344 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:43:56.0818 6344 MSTEE - ok
19:43:56.0850 6344 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
19:43:56.0850 6344 MTConfig - ok
19:43:56.0865 6344 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
19:43:56.0865 6344 Mup - ok
19:43:56.0896 6344 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
19:43:56.0912 6344 napagent - ok
19:43:56.0959 6344 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:43:56.0974 6344 NativeWifiP - ok
19:43:57.0037 6344 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
19:43:57.0068 6344 NDIS - ok
19:43:57.0146 6344 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
19:43:57.0146 6344 NdisCap - ok
19:43:57.0177 6344 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:43:57.0177 6344 NdisTapi - ok
19:43:57.0208 6344 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:43:57.0208 6344 Ndisuio - ok
19:43:57.0271 6344 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:43:57.0302 6344 NdisWan - ok
19:43:57.0333 6344 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:43:57.0364 6344 NDProxy - ok
19:43:57.0396 6344 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:43:57.0411 6344 NetBIOS - ok
19:43:57.0489 6344 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
19:43:57.0489 6344 NetBT - ok
19:43:57.0505 6344 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
19:43:57.0505 6344 Netlogon - ok
19:43:57.0552 6344 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
19:43:57.0583 6344 Netman - ok
19:43:57.0598 6344 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
19:43:57.0630 6344 netprofm - ok
19:43:57.0661 6344 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:43:57.0661 6344 NetTcpPortSharing - ok
19:43:57.0942 6344 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
19:43:58.0238 6344 netw5v64 - ok
19:43:58.0254 6344 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
19:43:58.0254 6344 nfrd960 - ok
19:43:58.0316 6344 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
19:43:58.0332 6344 NisDrv - ok
19:43:58.0441 6344 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
19:43:58.0456 6344 NisSrv - ok
19:43:58.0519 6344 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
19:43:58.0550 6344 NlaSvc - ok
19:43:58.0597 6344 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:43:58.0597 6344 Npfs - ok
19:43:58.0628 6344 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
19:43:58.0628 6344 nsi - ok
19:43:58.0659 6344 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:43:58.0659 6344 nsiproxy - ok
19:43:59.0034 6344 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:43:59.0080 6344 Ntfs - ok
19:43:59.0112 6344 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
19:43:59.0112 6344 Null - ok
19:43:59.0190 6344 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:43:59.0190 6344 nvraid - ok
19:43:59.0221 6344 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:43:59.0221 6344 nvstor - ok
19:43:59.0268 6344 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:43:59.0283 6344 nv_agp - ok
19:43:59.0392 6344 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:43:59.0408 6344 odserv - ok
19:43:59.0439 6344 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
19:43:59.0455 6344 ohci1394 - ok
19:43:59.0502 6344 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:43:59.0502 6344 ose - ok
19:43:59.0564 6344 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
19:43:59.0595 6344 p2pimsvc - ok
19:43:59.0829 6344 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
19:43:59.0845 6344 p2psvc - ok
19:43:59.0876 6344 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
19:44:00.0001 6344 Parport - ok
19:44:00.0032 6344 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:44:00.0110 6344 partmgr - ok
19:44:00.0172 6344 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
19:44:00.0172 6344 PcaSvc - ok
19:44:00.0235 6344 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
19:44:00.0235 6344 pci - ok
19:44:00.0282 6344 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
19:44:00.0282 6344 pciide - ok
19:44:00.0516 6344 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
19:44:00.0531 6344 pcmcia - ok
19:44:00.0562 6344 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
19:44:00.0578 6344 pcw - ok
19:44:00.0796 6344 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:44:00.0812 6344 PEAUTH - ok
19:44:01.0249 6344 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
19:44:01.0264 6344 PerfHost - ok
19:44:01.0498 6344 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
19:44:01.0545 6344 pla - ok
19:44:01.0701 6344 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:44:01.0701 6344 PlugPlay - ok
19:44:01.0732 6344 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
19:44:01.0732 6344 PNRPAutoReg - ok
19:44:01.0748 6344 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
19:44:01.0764 6344 PNRPsvc - ok
19:44:01.0842 6344 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:44:01.0873 6344 PolicyAgent - ok
19:44:01.0920 6344 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
19:44:01.0935 6344 Power - ok
19:44:01.0982 6344 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:44:01.0998 6344 PptpMiniport - ok
19:44:02.0044 6344 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
19:44:02.0044 6344 Processor - ok
19:44:02.0107 6344 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
19:44:02.0122 6344 ProfSvc - ok
19:44:02.0154 6344 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:44:02.0154 6344 ProtectedStorage - ok

 

[TruelightE525]

Hi Broni, Below is the second part of the TDSSKiller log contents. Following the log, you'll see some more info I needed to share with you:

19:44:02.0247 6344 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
19:44:02.0263 6344 Psched - ok
19:44:02.0325 6344 [ A6A7AD767BF5141665F5C675F671B3E1 ] PSI_SVC_2 C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
19:44:02.0325 6344 PSI_SVC_2 - ok
19:44:02.0466 6344 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
19:44:02.0512 6344 ql2300 - ok
19:44:02.0871 6344 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
19:44:02.0871 6344 ql40xx - ok
19:44:02.0934 6344 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
19:44:02.0949 6344 QWAVE - ok
19:44:02.0980 6344 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:44:02.0980 6344 QWAVEdrv - ok
19:44:03.0324 6344 [ A55E7D0D873B2C97585B3B5926AC6ADE ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll
19:44:03.0324 6344 RapiMgr - ok
19:44:03.0355 6344 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:44:03.0355 6344 RasAcd - ok
19:44:03.0402 6344 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
19:44:03.0417 6344 RasAgileVpn - ok
19:44:03.0464 6344 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
19:44:03.0464 6344 RasAuto - ok
19:44:03.0526 6344 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:44:03.0526 6344 Rasl2tp - ok
19:44:03.0589 6344 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
19:44:03.0604 6344 RasMan - ok
19:44:03.0714 6344 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:44:03.0714 6344 RasPppoe - ok
19:44:03.0729 6344 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:44:03.0745 6344 RasSstp - ok
19:44:03.0823 6344 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:44:03.0870 6344 rdbss - ok
19:44:03.0916 6344 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
19:44:03.0916 6344 rdpbus - ok
19:44:03.0948 6344 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:44:03.0948 6344 RDPCDD - ok
19:44:04.0010 6344 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:44:04.0010 6344 RDPENCDD - ok
19:44:04.0150 6344 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
19:44:04.0150 6344 RDPREFMP - ok
19:44:04.0260 6344 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:44:04.0260 6344 RDPWD - ok
19:44:04.0353 6344 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
19:44:04.0369 6344 rdyboost - ok
19:44:04.0509 6344 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
19:44:04.0509 6344 RemoteAccess - ok
19:44:04.0556 6344 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:44:04.0572 6344 RemoteRegistry - ok
19:44:05.0133 6344 [ 498EB62A160674E793FA40FD65390625 ] RichVideo C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
19:44:05.0133 6344 RichVideo - ok
19:44:05.0180 6344 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
19:44:05.0196 6344 RpcEptMapper - ok
19:44:05.0352 6344 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
19:44:05.0352 6344 RpcLocator - ok
19:44:05.0414 6344 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
19:44:05.0414 6344 RpcSs - ok
19:44:05.0492 6344 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:44:05.0492 6344 rspndr - ok
19:44:05.0586 6344 [ B49DC435AE3695BAC5623DD94B05732D ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
19:44:05.0601 6344 RTL8167 - ok
19:44:05.0617 6344 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
19:44:05.0617 6344 SamSs - ok
19:44:05.0648 6344 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:44:05.0664 6344 sbp2port - ok
19:44:05.0679 6344 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:44:05.0695 6344 SCardSvr - ok
19:44:05.0742 6344 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
19:44:05.0742 6344 scfilter - ok
19:44:05.0866 6344 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
19:44:05.0882 6344 Schedule - ok
19:44:05.0929 6344 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
19:44:05.0929 6344 SCPolicySvc - ok
19:44:06.0054 6344 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
19:44:06.0054 6344 sdbus - ok
19:44:06.0100 6344 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:44:06.0100 6344 SDRSVC - ok
19:44:06.0163 6344 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:44:06.0163 6344 secdrv - ok
19:44:06.0178 6344 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
19:44:06.0194 6344 seclogon - ok
19:44:06.0225 6344 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
19:44:06.0225 6344 SENS - ok
19:44:06.0272 6344 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
19:44:06.0288 6344 SensrSvc - ok
19:44:06.0319 6344 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
19:44:06.0334 6344 Serenum - ok
19:44:06.0350 6344 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
19:44:06.0350 6344 Serial - ok
19:44:06.0397 6344 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
19:44:06.0412 6344 sermouse - ok
19:44:06.0522 6344 [ 7B51D631CACD0EEEAA7ED20EDB1A7AFA ] Service Sendori C:\Program Files (x86)\Sendori\Sendori.Service.exe
19:44:06.0522 6344 Service Sendori - ok
19:44:06.0584 6344 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
19:44:06.0584 6344 SessionEnv - ok
19:44:06.0646 6344 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:44:06.0646 6344 sffdisk - ok
19:44:06.0802 6344 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:44:06.0802 6344 sffp_mmc - ok
19:44:06.0818 6344 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:44:06.0818 6344 sffp_sd - ok
19:44:06.0834 6344 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
19:44:06.0849 6344 sfloppy - ok
19:44:06.0943 6344 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:44:06.0958 6344 SharedAccess - ok
19:44:07.0005 6344 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:44:07.0021 6344 ShellHWDetection - ok
19:44:07.0052 6344 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:44:07.0052 6344 SiSRaid2 - ok
19:44:07.0208 6344 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
19:44:07.0208 6344 SiSRaid4 - ok
19:44:07.0348 6344 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
19:44:07.0348 6344 SkypeUpdate - ok
19:44:07.0426 6344 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:44:07.0426 6344 Smb - ok
19:44:07.0707 6344 [ 4E9E7C7D857EA1C83BE6160DAE25B4DA ] sndappv2 C:\Program Files (x86)\Sendori\sndappv2.exe
19:44:07.0738 6344 sndappv2 - ok
19:44:07.0785 6344 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:44:07.0785 6344 SNMPTRAP - ok
19:44:07.0801 6344 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
19:44:07.0801 6344 spldr - ok
19:44:07.0879 6344 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
19:44:07.0910 6344 Spooler - ok
19:44:08.0160 6344 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
19:44:08.0253 6344 sppsvc - ok
19:44:08.0284 6344 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
19:44:08.0300 6344 sppuinotify - ok
19:44:08.0378 6344 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
19:44:08.0394 6344 srv - ok
19:44:08.0440 6344 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:44:08.0456 6344 srv2 - ok
19:44:08.0518 6344 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
19:44:08.0518 6344 SrvHsfHDA - ok
19:44:08.0628 6344 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
19:44:08.0674 6344 SrvHsfV92 - ok
19:44:08.0815 6344 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
19:44:08.0830 6344 SrvHsfWinac - ok
19:44:08.0893 6344 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:44:08.0893 6344 srvnet - ok
19:44:08.0955 6344 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:44:08.0986 6344 SSDPSRV - ok
19:44:09.0002 6344 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:44:09.0002 6344 SstpSvc - ok
19:44:09.0408 6344 [ 810199DCC3BDC38304D7D649992EA7BC ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe
19:44:09.0501 6344 STacSV - ok
19:44:09.0548 6344 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
19:44:09.0548 6344 stexstor - ok
19:44:09.0642 6344 [ ED1722F43CE61409EF68340402D6267D ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
19:44:09.0673 6344 STHDA - ok
19:44:09.0735 6344 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
19:44:09.0735 6344 StillCam - ok
19:44:09.0876 6344 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
19:44:09.0891 6344 stisvc - ok
19:44:09.0938 6344 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
19:44:09.0938 6344 swenum - ok
19:44:09.0985 6344 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
19:44:10.0000 6344 swprv - ok
19:44:10.0078 6344 [ 3A706A967295E16511E40842B1A2761D ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
19:44:10.0078 6344 SynTP - ok
19:44:10.0250 6344 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
19:44:10.0297 6344 SysMain - ok
19:44:10.0344 6344 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:44:10.0359 6344 TabletInputService - ok
19:44:10.0422 6344 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
19:44:10.0437 6344 TapiSrv - ok
19:44:10.0468 6344 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
19:44:10.0468 6344 TBS - ok
19:44:10.0640 6344 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:44:10.0702 6344 Tcpip - ok
19:44:10.0890 6344 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
19:44:10.0921 6344 TCPIP6 - ok
19:44:10.0968 6344 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:44:10.0968 6344 tcpipreg - ok
19:44:11.0014 6344 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:44:11.0014 6344 TDPIPE - ok
19:44:11.0077 6344 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:44:11.0077 6344 TDTCP - ok
19:44:11.0124 6344 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:44:11.0139 6344 tdx - ok
19:44:11.0186 6344 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
19:44:11.0186 6344 TermDD - ok
19:44:11.0264 6344 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
19:44:11.0295 6344 TermService - ok
19:44:11.0311 6344 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
19:44:11.0311 6344 Themes - ok
19:44:11.0342 6344 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
19:44:11.0342 6344 THREADORDER - ok
19:44:11.0373 6344 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
19:44:11.0373 6344 TrkWks - ok
19:44:11.0420 6344 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:44:11.0467 6344 TrustedInstaller - ok
19:44:11.0498 6344 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:44:11.0498 6344 tssecsrv - ok
19:44:11.0560 6344 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
19:44:11.0576 6344 TsUsbFlt - ok
19:44:11.0638 6344 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:44:11.0654 6344 tunnel - ok
19:44:11.0685 6344 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
19:44:11.0685 6344 uagp35 - ok
19:44:11.0732 6344 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:44:11.0732 6344 udfs - ok
19:44:11.0779 6344 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:44:11.0794 6344 UI0Detect - ok
19:44:11.0810 6344 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:44:11.0810 6344 uliagpkx - ok
19:44:11.0888 6344 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
19:44:11.0904 6344 umbus - ok
19:44:11.0919 6344 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
19:44:11.0919 6344 UmPass - ok
19:44:11.0950 6344 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
19:44:11.0966 6344 upnphost - ok
19:44:12.0028 6344 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
19:44:12.0028 6344 USBAAPL64 - ok
19:44:12.0075 6344 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:44:12.0075 6344 usbccgp - ok
19:44:12.0122 6344 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:44:12.0138 6344 usbcir - ok
19:44:12.0153 6344 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
19:44:12.0153 6344 usbehci - ok
19:44:12.0200 6344 [ 44D9C773FEBFF10593B50DDFC2D6BC27 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
19:44:12.0200 6344 usbfilter - ok
19:44:12.0262 6344 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:44:12.0278 6344 usbhub - ok
19:44:12.0309 6344 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
19:44:12.0309 6344 usbohci - ok
19:44:12.0356 6344 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:44:12.0356 6344 usbprint - ok
19:44:12.0387 6344 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
19:44:12.0387 6344 usbscan - ok
19:44:12.0418 6344 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:44:12.0434 6344 USBSTOR - ok
19:44:12.0450 6344 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
19:44:12.0450 6344 usbuhci - ok
19:44:12.0512 6344 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
19:44:12.0528 6344 usbvideo - ok
19:44:12.0574 6344 [ 70D05EE263568A742D14E1876DF80532 ] usb_rndisx C:\Windows\system32\drivers\usb8023x.sys
19:44:12.0590 6344 usb_rndisx - ok
19:44:12.0621 6344 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
19:44:12.0621 6344 UxSms - ok
19:44:12.0652 6344 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
19:44:12.0652 6344 VaultSvc - ok
19:44:12.0762 6344 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
19:44:12.0762 6344 vdrvroot - ok
19:44:12.0824 6344 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
19:44:12.0855 6344 vds - ok
19:44:12.0902 6344 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:44:12.0918 6344 vga - ok
19:44:12.0933 6344 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
19:44:12.0933 6344 VgaSave - ok
19:44:12.0996 6344 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
19:44:12.0996 6344 vhdmp - ok
19:44:13.0027 6344 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
19:44:13.0042 6344 viaide - ok
19:44:13.0074 6344 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:44:13.0074 6344 volmgr - ok
19:44:13.0136 6344 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:44:13.0152 6344 volmgrx - ok
19:44:13.0198 6344 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:44:13.0214 6344 volsnap - ok
19:44:13.0230 6344 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
19:44:13.0230 6344 vsmraid - ok
19:44:13.0339 6344 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
19:44:13.0666 6344 VSS - ok
19:44:13.0713 6344 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
19:44:13.0729 6344 vwifibus - ok
19:44:13.0916 6344 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
19:44:13.0916 6344 vwififlt - ok
19:44:14.0072 6344 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
19:44:14.0072 6344 vwifimp - ok
19:44:14.0119 6344 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
19:44:14.0119 6344 W32Time - ok
19:44:14.0150 6344 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
19:44:14.0150 6344 WacomPen - ok
19:44:14.0212 6344 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
19:44:14.0212 6344 WANARP - ok
19:44:14.0244 6344 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:44:14.0244 6344 Wanarpv6 - ok
19:44:14.0322 6344 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
19:44:14.0353 6344 WatAdminSvc - ok
19:44:14.0415 6344 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
19:44:14.0462 6344 wbengine - ok
19:44:14.0478 6344 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
19:44:14.0493 6344 WbioSrvc - ok
19:44:14.0602 6344 [ 8BDA6DB43AA54E8BB5E0794541DDC209 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll
19:44:14.0665 6344 WcesComm - ok
19:44:14.0743 6344 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:44:14.0758 6344 wcncsvc - ok
19:44:14.0805 6344 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:44:14.0805 6344 WcsPlugInService - ok
19:44:14.0852 6344 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
19:44:14.0852 6344 Wd - ok
19:44:14.0914 6344 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:44:14.0930 6344 Wdf01000 - ok
19:44:14.0961 6344 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:44:14.0961 6344 WdiServiceHost - ok
19:44:14.0977 6344 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:44:14.0977 6344 WdiSystemHost - ok
19:44:15.0086 6344 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
19:44:15.0117 6344 WebClient - ok
19:44:15.0164 6344 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:44:15.0195 6344 Wecsvc - ok
19:44:15.0211 6344 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:44:15.0242 6344 wercplsupport - ok
19:44:15.0273 6344 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
19:44:15.0289 6344 WerSvc - ok
19:44:15.0320 6344 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
19:44:15.0320 6344 WfpLwf - ok
19:44:15.0382 6344 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
19:44:15.0382 6344 WIMMount - ok
19:44:15.0398 6344 WinDefend - ok
19:44:15.0414 6344 WinHttpAutoProxySvc - ok
19:44:15.0554 6344 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:44:15.0570 6344 Winmgmt - ok
19:44:15.0788 6344 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
19:44:15.0866 6344 WinRM - ok
19:44:15.0991 6344 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
19:44:15.0991 6344 WinUsb - ok
19:44:16.0162 6344 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
19:44:16.0225 6344 Wlansvc - ok
19:44:16.0459 6344 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
19:44:16.0474 6344 wlcrasvc - ok
19:44:16.0740 6344 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
19:44:16.0755 6344 wlidsvc - ok
19:44:16.0802 6344 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
19:44:16.0802 6344 WmiAcpi - ok
19:44:16.0896 6344 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:44:17.0005 6344 wmiApSrv - ok
19:44:17.0067 6344 WMPNetworkSvc - ok
19:44:17.0098 6344 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:44:17.0114 6344 WPCSvc - ok
19:44:17.0145 6344 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:44:17.0161 6344 WPDBusEnum - ok
19:44:17.0176 6344 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:44:17.0176 6344 ws2ifsl - ok
19:44:17.0223 6344 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
19:44:17.0239 6344 wscsvc - ok
19:44:17.0239 6344 WSearch - ok
19:44:17.0520 6344 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
19:44:17.0598 6344 wuauserv - ok
19:44:17.0676 6344 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
19:44:17.0676 6344 WudfPf - ok
19:44:17.0754 6344 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:44:17.0754 6344 WUDFRd - ok
19:44:17.0816 6344 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:44:17.0816 6344 wudfsvc - ok
19:44:17.0863 6344 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
19:44:17.0878 6344 WwanSvc - ok
19:44:18.0097 6344 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
19:44:18.0112 6344 YahooAUService - ok
19:44:18.0190 6344 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
19:44:18.0206 6344 yukonw7 - ok
19:44:18.0237 6344 ================ Scan global ===============================
19:44:18.0268 6344 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
19:44:18.0362 6344 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
19:44:18.0378 6344 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
19:44:18.0393 6344 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
19:44:18.0424 6344 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
19:44:18.0424 6344 [Global] - ok
19:44:18.0424 6344 ================ Scan MBR ==================================
19:44:18.0440 6344 [ 54899EFEDDC7CC50FAD782DFCF105EAE ] \Device\Harddisk0\DR0
19:44:18.0440 6344 Suspicious mbr (Forged): \Device\Harddisk0\DR0
19:44:18.0518 6344 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
19:44:18.0518 6344 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
19:44:18.0518 6344 ================ Scan VBR ==================================
19:44:18.0549 6344 [ C5BCE8938BC8AADC11AEDF6DCEEDE09C ] \Device\Harddisk0\DR0\Partition1
19:44:18.0580 6344 \Device\Harddisk0\DR0\Partition1 - ok
19:44:18.0596 6344 [ 983054DED5B96046F45F317903AD762D ] \Device\Harddisk0\DR0\Partition2
19:44:18.0612 6344 \Device\Harddisk0\DR0\Partition2 - ok
19:44:18.0643 6344 [ 5FB64333F5DD0B0F0E4B9FCB7231284F ] \Device\Harddisk0\DR0\Partition3
19:44:18.0643 6344 \Device\Harddisk0\DR0\Partition3 - ok
19:44:18.0643 6344 ============================================================
19:44:18.0643 6344 Scan finished
19:44:18.0643 6344 ============================================================
19:44:18.0674 3388 Detected object count: 2
19:44:18.0674 3388 Actual detected object count: 2
19:44:41.0345 3388 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
19:44:41.0345 3388 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
19:44:48.0280 3388 \Device\Harddisk0\DR0\# - copied to quarantine
19:44:48.0374 3388 \Device\Harddisk0\DR0 - copied to quarantine
19:44:52.0211 3388 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
19:44:52.0648 3388 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
19:44:53.0163 3388 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
19:44:56.0658 3388 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
19:44:56.0736 3388 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
19:44:56.0767 3388 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
19:44:56.0782 3388 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
19:44:56.0970 3388 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
19:44:57.0048 3388 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
19:44:57.0094 3388 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
19:44:57.0110 3388 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
19:44:57.0110 3388 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
19:44:57.0297 3388 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
19:44:57.0344 3388 \Device\Harddisk0\DR0 - ok
19:44:58.0983 3388 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure


Also, I wanted to let you know that the PC crashed (blue screen) before I could reboot it according to your TDSSKiller instructions, so I don't know if the infection was really cured on the reboot from the crash, or if I need to run TDSSKiller again and click on Reboot Now in order for the infection to actually be cured.

In addition, earlier today, for the first time, after the Startup Repair that I referred to in a previous post, I received an error message on the screen with the heading of "RunDLL". That error message said, "There was a problem starting C:\Users\kc\AppData\Roaming\iatufg.dll Access is denied" and then there was an OK button. Shortly thereafter, the blue screen appeared, and the system crashed.

I received a similar message prior to running TDSSKiller. It also had a heading of "RunDLL". But that error message said, "There was a problem starting C:\Users\kc\AppData\Roaming\iatufg.dll The specified module could not be found." and then there was an OK button.

The system seems to be getting worse and crashing more often than yesterday or the day before. I'm ready for your next instructions or directions. Thanks for all your help!

 

[Broni]

Don't worry about those errors at this stage of cleaning process.

Re-run MBAM one more time and post new log.

See if you can run DDS now.

 

[TruelightE525]

Hi Broni,

I re-ran MBAM, but after the scan completed and before I get to the point where I post the log, I wasn't sure if I should "Select" all of the files for removal. There are four Trojan.Agent files and one Trojan.BHO file that are already Selected, and I know to keep them Selected. But there are also nine PUP.FaceThemes files that are NOT Selected. Should I select them also before clicking the Remove Selected button? Thanks!

 

[Broni]

Select all and remove.

 

[TruelightE525]

Hi Broni,

After reading a few other threads on the forum, I decided to Select all the PUP.FaceThemes files (there were actually 11, not 9) for removal as well. I will send you the log and attempt to run DDS now.

 

[TruelightE525]

Hi Broni,

The MBAM Log is below:

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.15.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
kc :: KC-PC [administrator]

11/15/2012 9:09:02 PM
mbam-log-2012-11-15 (21-09-02).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 225108
Time elapsed: 10 minute(s), 12 second(s)

Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 4508 -> Delete on reboot.

Memory Modules Detected: 1
C:\Program Files (x86)\OApps\bho.dll (PUP.FaceThemes) -> Delete on reboot.

Registry Keys Detected: 10
HKCR\CLSID\{517E0D3E-17A4-4592-926E-A082DB43B7D3} (PUP.FaceThemes) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{517E0D3E-17A4-4592-926E-A082DB43B7D3} (PUP.FaceThemes) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{517E0D3E-17A4-4592-926E-A082DB43B7D3} (PUP.FaceThemes) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{517E0D3E-17A4-4592-926E-A082DB43B7D3} (PUP.FaceThemes) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{517E0D3E-17A4-4592-926E-A082DB43B7D3} (PUP.FaceThemes) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{517E0D3E-17A4-4592-926E-A082DB43B7D3} (PUP.FaceThemes) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{517E0D3E-17A4-4592-926E-A082DB43B7D3} (PUP.FaceThemes) -> Quarantined and deleted successfully.
HKCR\TypeLib\{B00FE392-639D-4688-976E-A1BFF368CB96} (PUP.FaceThemes) -> Quarantined and deleted successfully.
HKCR\Interface\{3AE26843-9171-4F23-A8E5-5421701276A4} (PUP.FaceThemes) -> Quarantined and deleted successfully.
HKCR\AppID\{186E19A3-B909-4F48-B687-BB81EB8BC7CE} (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 4
C:\Program Files (x86)\OApps\bho.dll (PUP.FaceThemes) -> Delete on reboot.
C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.
C:\Users\kc\Local Settings\Application Data\chromeupdate.crx (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\kc\AppData\Local\chromeupdate.crx (Trojan.Agent) -> Quarantined and deleted successfully.

(end)

 

[TruelightE525]

Hi Broni,

After running DDS, my system crashed (blue screen) twice. This was after it had seemed to be running better in Normal Windows mode (I.e., without crashing in a while). So, I'm now running this PC in Safe Mode with Networking to, hopefully, prevent another crash while I send this info to you. Here is the log for DDS.txt. I am going to have to split the contents of the log for Attach.txt before sending it to you because the file is too large.

DDS.txt:

DDS (Ver_2012-11-07.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16450 BrowserJavaVersion: 1.6.0_29
Run by kc at 22:14:03 on 2012-11-15
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4092.2270 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Uniblue\DriverScanner\dsmonitor.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\Lexmark 3300 Series\lxccmon.exe
C:\Program Files (x86)\Lexmark 3300 Series\ezprint.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Citrix\GoToMeeting\723\g2mstart.exe
C:\Users\kc\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Windows\system32\lxcccoms.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\SysWOW64\rundll32.exe
c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe
c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Users\kc\AppData\Local\Akamai\netsession_win.exe
C:\PROGRA~2\Uniblue\DRIVER~1\driverscanner.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\Dell\PC Suite\Application Launcher\Application Launcher.exe
\\.\globalroot\systemroot\svchost.exe -netsvcs
C:\Program Files (x86)\Citrix\GoToMeeting\723\g2mcomm.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Sendori\SendoriTray.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Citrix\GoToMeeting\723\g2mlauncher.exe
C:\Program Files (x86)\Citrix\ICA Client\Receiver\Receiver.exe
C:\Program Files (x86)\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files (x86)\Common Files\Teleca Shared\logger.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files (x86)\Sendori\sndappv2.exe
C:\Program Files (x86)\Common Files\Teleca Shared\Generic.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Dell\PC Suite\Mobile Phone Monitor\pcc_capi.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Dell\PC Suite\Mobile Phone Monitor\TCPVBTServer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Sendori\SendoriSvc.exe
C:\Program Files (x86)\Sendori\Sendori.Service.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Sendori\SendoriUp.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.aol.com/
uWindow Title = Windows Internet Explorer provided by Yahoo!
uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie9
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
uURLSearchHooks: WhiteSmoke US New Toolbar: {462be121-2b54-4218-bf00-b9bf8135b23f} - C:\Program Files (x86)\WhiteSmoke_US_New\prxtbWhit.dll
uURLSearchHooks: FCToolbarURLSearchHook Class: {dd716bcd-bc24-e944-69b7-b26d74121c70} - C:\Program Files (x86)\BucksBee Loyalty Plugin - 100884.rs\Helper.dll
uURLSearchHooks: <No Name>: - LocalServer32 - <no file>
mURLSearchHooks: WhiteSmoke US New Toolbar: {462be121-2b54-4218-bf00-b9bf8135b23f} - C:\Program Files (x86)\WhiteSmoke_US_New\prxtbWhit.dll
mWinlogon: Userinit = userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: WhiteSmoke US New Toolbar: {462be121-2b54-4218-bf00-b9bf8135b23f} - C:\Program Files (x86)\WhiteSmoke_US_New\prxtbWhit.dll
BHO: BucksBee Loyalty Plugin - 100884.rs: {531D0355-4050-2CB4-2902-6A0CC0372774} - C:\Program Files (x86)\BucksBee Loyalty Plugin - 100884.rs\BucksBee Loyalty Plugin.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: hpBHO Class: {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: WhiteSmoke US New Toolbar: {462BE121-2B54-4218-BF00-B9BF8135B23F} - C:\Program Files (x86)\WhiteSmoke_US_New\prxtbWhit.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: WhiteSmoke US New Toolbar: {462be121-2b54-4218-bf00-b9bf8135b23f} - C:\Program Files (x86)\WhiteSmoke_US_New\prxtbWhit.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [GoToMeeting] "C:\Program Files (x86)\Citrix\GoToMeeting\723\g2mstart.exe" "/Trigger RunAtLogon"
uRun: [Akamai NetSession Interface] "C:\Users\kc\AppData\Local\Akamai\netsession_win.exe"
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
uRun: [DriverScanner] "C:\PROGRA~2\Uniblue\DRIVER~1\launcher.exe" delay 20000
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"
mRun: [Corel File Shell Monitor] C:\Program Files (x86)\Corel\Corel Paint Shop Pro Photo X2\CorelIOMonitor.exe
mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Dell PC Suite] "C:\Program Files (x86)\Dell\PC Suite\Application Launcher\Application Launcher.exe" /startoptions
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Sendori Tray] "C:\Program Files (x86)\Sendori\SendoriTray.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-System: WallpaperStyle = 2
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-System: WallpaperStyle = 2
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
LSP: C:\Windows\System32\Sendori.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {03A89EFD-E023-B200-A22D-45F77558EB4C} - hxxps://content10.ilinc.com/download/AXCltInst11.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} - hxxp://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{F7212564-7208-4EE8-9940-09F3208E7C0A} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{F93EDB5A-0437-4FB0-AE65-C0D7F6B17378} : NameServer = 216.146.35.240,216.146.36.240,75.75.75.75,75.75.76.76
TCP: Interfaces\{F93EDB5A-0437-4FB0-AE65-C0D7F6B17378} : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{F93EDB5A-0437-4FB0-AE65-C0D7F6B17378}\342514655436F66666565686F6573756 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{F93EDB5A-0437-4FB0-AE65-C0D7F6B17378}\960586F6E656 : DHCPNameServer = 69.78.96.14 66.174.95.44
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
x64-mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
x64-mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
x64-Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
x64-Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [LXCCCATS] rundll32 C:\Windows\System32\spool\DRIVERS\x64\3\LXCCtime.dll,RunDLLEntry
x64-Run: [lxccmon.exe] "C:\Program Files (x86)\Lexmark 3300 Series\lxccmon.exe"
x64-Run: [EzPrint] "C:\Program Files (x86)\Lexmark 3300 Series\ezprint.exe"
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\mssecex.exe" -hide -runkey
x64-Run: [WMNetMgr] C:\Users\kc\AppData\Local\Microsoft\Windows\18\WMNetMgr.exe
x64-Run: [iatufg] rundll32.exe "C:\Users\kc\AppData\Roaming\iatufg.dll",GetCounter
x64-Run: [nsetfg] "C:\Windows\System32\rundll32.exe" "C:\Users\kc\AppData\Roaming\nsetfg.dll",set_packing
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
x64-DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - C:\Windows\System32\rundll32.exe C:\Windows\System32\advpack.dll,LaunchINFSectionEx C:\Program Files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\kc\AppData\Roaming\Mozilla\Firefox\Profiles\4tke2egd.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://xfinity.comcast.net/?cid=insDate10032012|http://www.comcast.net/xfinity/?cid...qry/goto?app=mail&cid=xfactiv_email&cid=ffpin
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=F32EBABE-D637-4386-9953-81789545DC3B&n=77ee166e&ind=2012092014&p2=^XP^xdm044^S02131^us&si=CJCFq5fTkLICFcVFMgod6DMAcQ&searchfor=
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPCltInst11.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npicaN.dll
FF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\kc\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
FF - ExtSQL: 2012-10-24 15:47; plugin@selectionlinks.com; C:\Users\kc\AppData\Roaming\Mozilla\Firefox\Profiles\4tke2egd.default\extensions\plugin@selectionlinks.com
FF - ExtSQL: 2012-11-15 21:53; {0f8e4bc3-2895-11e2-8271-b8ac6f996f26}; C:\Users\kc\AppData\Roaming\Mozilla\Firefox\Profiles\4tke2egd.default\extensions\{0f8e4bc3-2895-11e2-8271-b8ac6f996f26}.xpi
FF - ExtSQL: !HIDDEN! 2010-04-08 13:40; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
---- FIREFOX POLICIES ----
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2011-8-11 91864]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 27136]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-7-2 203264]
R2 Application Sendori;Application Sendori;C:\Program Files (x86)\Sendori\SendoriSvc.exe [2012-9-26 118632]
R2 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-6-15 249648]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2010-7-16 30520]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-11-6 399432]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-11-6 676936]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 128456]
R2 Service Sendori;Service Sendori;C:\Program Files (x86)\Sendori\Sendori.Service.exe [2012-9-26 15208]
R2 sndappv2;sndappv2;C:\Program Files (x86)\Sendori\sndappv2.exe [2012-9-26 3569512]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-8-15 227896]
R3 enecir;ENE CIR Receiver;C:\Windows\System32\drivers\enecir.sys [2009-6-29 70656]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-11-6 25928]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-9-20 215040]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2009-9-20 36408]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-7-7 195336]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-6-27 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2009-7-20 140712]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-5-5 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-5-11 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-11-16 02:55:27 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{43B8790B-2252-444B-B5F9-1A1DE3E7596C}\offreg.dll
2012-11-16 02:53:47 20480 ----a-w- C:\Windows\svchost.exe
2012-11-16 01:07:42 9291768 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{43B8790B-2252-444B-B5F9-1A1DE3E7596C}\mpengine.dll
2012-11-16 00:44:41 -------- d-----w- C:\TDSSKiller_Quarantine
2012-11-16 00:27:52 -------- d-----w- C:\Users\kc\AppData\Local\{B769D7A2-7C6B-44BB-B11F-F990B19A8513}
2012-11-15 22:47:36 9291768 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-11-15 22:42:42 -------- d-----w- C:\Users\kc\AppData\Local\{61B32D6D-472A-411E-A5E8-9CAB5F843820}
2012-11-15 14:54:38 -------- d-----w- C:\Users\kc\AppData\Local\{DAC07FD6-5DC4-4FDD-A100-741AA414667F}
2012-11-14 20:41:54 -------- d-----w- C:\Users\kc\AppData\Local\{9F76D7C4-3114-451A-9B79-D44E544178C7}
2012-11-14 19:49:45 -------- d-----w- C:\Users\kc\AppData\Local\NPE
2012-11-14 17:53:01 -------- d-----w- C:\Users\kc\AppData\Local\{9B0E9F4D-6DB3-4E2D-8B8B-C041449E29DF}
2012-11-14 17:19:20 -------- d-----w- C:\Users\kc\AppData\Local\{C0690703-41B5-4031-9B36-8CB31BAFC201}
2012-11-14 15:14:54 -------- d-----w- C:\Users\kc\AppData\Local\{8C033251-BA03-40D7-9B85-97B113C1D1CE}
2012-11-14 03:14:12 -------- d-----w- C:\Users\kc\AppData\Local\{EA509772-1108-4F15-A934-4276F8788DB9}
2012-11-13 15:02:06 -------- d-----w- C:\Users\kc\AppData\Local\{B35C3E0F-C9EF-47A7-ACDA-538D2AFA805F}
2012-11-12 14:52:28 -------- d-----w- C:\Users\kc\AppData\Local\{A8AB62E4-44C9-4393-8EB9-AF0C102CD492}
2012-11-12 14:41:28 -------- d-----w- C:\Users\kc\AppData\Local\{E01B2219-A45F-4C09-B496-21AEAB1E08E7}
2012-11-12 08:51:42 -------- d-----w- C:\Users\kc\AppData\Local\{CD2DD2DC-BDB6-4275-9794-D5569C044D64}
2012-11-11 06:23:26 -------- d-----w- C:\Users\kc\AppData\Local\{0A769565-BBE1-45E0-AC59-AF6CA0EE9C27}
2012-11-10 18:22:57 -------- d-----w- C:\Users\kc\AppData\Local\{463FBA6D-15E7-46BC-8DB9-D7A6487E47B6}
2012-11-10 01:28:13 -------- d-----w- C:\Users\kc\AppData\Local\{4A3A8CB5-7D1A-46E6-90DF-75AF1E2F530F}
2012-11-09 13:27:56 -------- d-----w- C:\Users\kc\AppData\Local\{C91E1392-5171-497E-86E7-351A5D21534A}
2012-11-08 22:29:37 -------- d-----w- C:\Users\kc\AppData\Local\{FFE3340F-47A9-4509-AEC8-C7CFECB15424}
2012-11-08 13:53:34 -------- d-----w- C:\Users\kc\AppData\Local\{5FA35C94-7BA5-414A-B93C-66A685B9F281}
2012-11-07 21:05:01 -------- d-----w- C:\Users\kc\AppData\Local\{F0A63067-A560-4C91-97A4-A500430EBC10}
2012-11-07 04:55:18 -------- d-----w- C:\Users\kc\AppData\Local\{8CD14C7E-2CF5-461D-818A-C575D2A3800A}
2012-11-07 04:39:12 457216 ----a-w- C:\Users\kc\AppData\Roaming\nsetfg.dll
2012-11-07 04:34:42 -------- d-----w- C:\Users\kc\AppData\Local\{9458EA01-99E4-418F-A470-83E1BFC59914}
2012-11-07 04:33:42 -------- d-----w- C:\Users\kc\AppData\Roaming\hellomoto
2012-11-07 03:04:55 -------- d-----w- C:\Users\kc\AppData\Local\{633CB330-921F-4222-8822-5E739C7C886E}
2012-11-07 03:00:34 -------- d-----w- C:\Users\kc\AppData\Local\{7C391D59-0251-4F84-B7B3-05ECD1D0B8C3}
2012-11-07 02:45:09 -------- d-----w- C:\Users\kc\AppData\Roaming\Malwarebytes
2012-11-07 02:44:54 -------- d-----w- C:\ProgramData\Malwarebytes
2012-11-07 02:44:53 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-11-07 02:44:52 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-11-03 16:19:23 -------- d-----w- C:\Users\kc\AppData\Local\{59EAC105-E0D4-48D5-BFCB-FBAABAA87294}
2012-11-03 16:13:08 -------- d-sh--w- C:\found.000
2012-11-03 16:05:30 -------- d-----w- C:\Users\kc\AppData\Local\{405AA6DC-00FC-473D-AE7B-94B3600E2B15}
2012-11-02 12:59:45 -------- d-----w- C:\Users\kc\AppData\Local\{1E512B39-C3EC-4B51-811F-56FAC7D0D320}
2012-11-01 14:39:31 -------- d-----w- C:\Users\kc\AppData\Local\{5B96CDAE-7FD3-42EC-86EC-E3BA4155F7F4}
2012-10-31 16:49:30 -------- d-----w- C:\Users\kc\AppData\Local\{41E628BA-C782-4AD3-A144-36E40E13C673}
2012-10-31 04:49:08 -------- d-----w- C:\Users\kc\AppData\Local\{A8A5473B-2242-494D-9A57-12A29093BA29}
2012-10-30 16:48:45 -------- d-----w- C:\Users\kc\AppData\Local\{6D4FC340-F24D-4670-B778-5E8408B3ACC1}
2012-10-30 04:48:33 -------- d-----w- C:\Users\kc\AppData\Local\{D664DE94-7CC2-4454-8B5F-F9852283ECC9}
2012-10-30 04:37:12 -------- d-----w- C:\ProgramData\Uniblue
2012-10-30 04:36:40 -------- d-----w- C:\Users\kc\AppData\Local\{6AA2DD8A-3D34-4712-9A24-9FA4C69A4019}
2012-10-24 19:49:10 -------- d-----w- C:\Program Files (x86)\SMPlayer
2012-10-24 19:49:01 -------- d-----w- C:\Users\kc\AppData\Roaming\Uniblue
2012-10-24 19:48:54 -------- d-----w- C:\Program Files (x86)\Uniblue
2012-10-24 19:48:30 -------- d-----w- C:\Program Files (x86)\BucksBee Loyalty Plugin - 100884.rs
2012-10-24 19:48:01 321384 ----a-w- C:\Windows\SysWow64\Sendori.dll
2012-10-24 19:47:56 -------- d-----w- C:\ProgramData\Sendori
2012-10-24 19:47:53 -------- d-----w- C:\Program Files (x86)\Sendori
2012-10-24 19:47:41 -------- d-----w- C:\Program Files (x86)\OApps
2012-10-24 19:47:28 -------- d-----w- C:\Program Files (x86)\Conduit
2012-10-24 19:46:39 -------- d-----w- C:\Users\kc\AppData\Local\Conduit
2012-10-24 19:46:37 -------- d-----w- C:\Program Files (x86)\WhiteSmoke_US_New
2012-10-21 13:30:54 591720 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\NPCltInst11.dll
2012-10-21 13:30:54 -------- d-----w- C:\Users\kc\AppData\Local\iLinc
2012-10-21 13:30:23 -------- d-----w- C:\Program Files (x86)\iLinc
2012-10-21 13:19:13 -------- d-----w- C:\Users\kc\AppData\Local\{F57B6D52-6C02-4644-943D-86EAE622B207}
2012-10-21 13:13:17 972192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B2C3E238-9664-4B4C-B3FC-6527F35165ED}\gapaengine.dll
2012-10-17 13:05:26 -------- d-----w- C:\Users\kc\AppData\Local\{B6C2412A-3C9A-4C86-80FD-1A15D1163F9E}
.
==================== Find3M ====================
.
2012-10-11 14:42:19 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-10-11 14:42:18 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-08-31 03:03:48 228768 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2012-08-31 03:03:48 128456 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-08-24 18:05:07 220160 ----a-w- C:\Windows\System32\wintrust.dll
2012-08-24 16:57:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-08-21 21:01:00 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-08-20 18:48:44 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-08-20 18:48:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-08-20 18:48:43 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-08-20 18:48:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-08-20 18:48:35 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2012-08-20 18:46:22 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-08-20 17:40:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-08-20 17:38:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2012-08-20 17:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-08-20 17:37:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-08-20 15:38:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-08-20 15:38:20 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-08-20 15:33:28 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-08-20 15:33:28 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 15:33:28 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 15:33:28 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
.
============= FINISH: 22:16:39.16 ===============

 

[TruelightE525]

Hi Broni,

The Attach.txt log file is split into multiple posts, starting with this one:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-07.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 2/21/2010 3:32:00 PM
System Uptime: 11/15/2012 9:52:11 PM (1 hours ago)
.
Motherboard: Quanta | | 363A
Processor: AMD Turion(tm) II Ultra Dual-Core Mobile M600 | Socket S1G3 | 2400/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 450 GiB total, 344.464 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 2.518 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: Canon MX860 ser Network
Device ID: ROOT\CANON_IJ_NETWORK\0000
Manufacturer: Canon
Name: Canon MX860 ser Network
PNP Device ID: ROOT\CANON_IJ_NETWORK\0000
Service: StillCam
.
==== System Restore Points ===================
.
RP497: 10/6/2012 1:20:18 AM - HPSF Restore Point
RP498: 10/6/2012 7:00:10 PM - Windows Update
RP499: 10/10/2012 7:59:20 AM - Windows Update
RP500: 10/11/2012 10:10:37 AM - Windows Update
RP501: 10/14/2012 5:23:44 PM - Windows Update
RP502: 10/17/2012 9:14:43 PM - Windows Update
RP503: 10/21/2012 9:11:48 AM - Windows Update
RP504: 10/24/2012 3:40:14 PM - Windows Update
RP505: 10/27/2012 4:38:07 PM - Windows Update
RP506: 10/30/2012 10:32:16 PM - Windows Update
RP507: 11/6/2012 11:46:47 PM - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9.4.5 MUI
Adobe Reader X (10.1.4)
Adobe Shockwave Player 11.5
Akamai NetSession Interface
Akamai NetSession Interface Service
AMD USB Filter Driver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Driver Installation Program
ATI Catalyst Install Manager
AVS DVD Copy version 4.1.1
AVS Update Manager 1.0
AVS4YOU Software Navigator 1.3
BidFellow version 0.9.0.0
Bing Bar
Bonjour
BucksBee Loyalty Plugin - 100884.rs
Burn4Free CD & DVD 5.1.0.0
Canon MX860 series MP Drivers
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Citrix Receiver
Citrix Receiver (HDX Flash Redirection)
Citrix Receiver Inside
Citrix Receiver(Aero)
Citrix Receiver(DV)
Citrix Receiver(USB)
Compatibility Pack for the 2007 Office system
ConvertGenius 3.6
Corel Paint Shop Pro Photo X2
Corel VideoStudio 12
COWON Media Center - jetAudio Basic VX
CyberLink DVD Suite
D3DX10
Dell PC Suite
dvdSanta 4.50
ENE CIR Receiver Driver
Facebook Plug-In
Full Tilt Poker.Net
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
GoToMeeting 4.8.0.723
Hewlett-Packard ACLM.NET v1.1.1.0
Homepage Protection
HP 3D DriveGuard
HP Advisor
HP Customer Experience Enhancements
HP Games
HP MediaSmart DVD
HP MediaSmart Internet TV
HP MediaSmart Live TV
HP MediaSmart Movie Themes
HP MediaSmart Music/Photo/Video
HP MediaSmart SlingPlayer
HP MediaSmart SmartMenu
HP MediaSmart Software Notebook Demo
HP MediaSmart Webcam
HP Quick Launch Buttons
HP Setup
HP Smart Web Printing 4.60
HP Support Assistant
HP Update
HP User Guides 0153
HP Wireless Assistant
iCloud
IDT Audio
iLinc 11 Client
iTunes
Java Auto Updater
Java(TM) 6 Update 14 (64-bit)
Java(TM) 6 Update 29
JMicron Flash Media Controller Driver
Junk Mail filter update
LabelPrint
Lexmark 3300 Series
LightScribe System Software
LSI HDA Modem
Malwarebytes Anti-Malware version 1.65.1.1000
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Live Search Toolbar
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional 2007
Microsoft Office Professional 2007 Trial
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Mozilla Firefox 4.0.1 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Online Plug-in
Power2Go
PowerDirector
PowerRecover
QLBCASL
QuickTime
Realtek 8136 8168 8169 Ethernet Driver
Safari
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition
SelectionLinks
Sendori
Skype Click to Call
Skype™ 5.10
SlingBoxWatchYourTVAnyWhere
SmartWebPrinting
SMPlayer 0.6.9
Synaptics Pointing Device Driver
Uniblue DriverScanner
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update Installer for WildTangent Games App
VideoStudio
WhiteSmoke US New Toolbar
WildTangent Games App (HP Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Encoder 9 Series
Windows Mobile Device Center
Yahoo! Detect
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
18906120
11/9/2012 8:27:28 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Application Sendori service.
11/9/2012 4:57:58 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HP Support Assistant Service service.
11/8/2012 9:18:07 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.139.1515.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8904.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
11/8/2012 8:53:18 AM, Error: Tcpip [4199] - The system detected an address conflict for IP address 0.0.0.0 with the system having network hardware address 00-00-00-00-00-00. Network operations on this system may be disrupted as a result.
11/8/2012 6:43:16 PM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
11/8/2012 5:29:00 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the MBAMScheduler service to connect.
11/8/2012 5:29:00 PM, Error: Service Control Manager [7000] - The MBAMScheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/8/2012 10:44:49 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.139.1515.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8904.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
11/8/2012 1:23:07 PM, Error: Service Control Manager [7031] - The Windows Event Log service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/8/2012 1:23:07 PM, Error: Service Control Manager [7031] - The Windows Audio service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/8/2012 1:23:07 PM, Error: Service Control Manager [7031] - The TCP/IP NetBIOS Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 100 milliseconds: Restart the service.
11/8/2012 1:23:07 PM, Error: Service Control Manager [7031] - The Security Center service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
11/8/2012 1:23:07 PM, Error: Service Control Manager [7031] - The HomeGroup Provider service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
11/8/2012 1:23:07 PM, Error: Service Control Manager [7031] - The DHCP Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
11/15/2012 9:55:41 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:JS/Medfos.B&threatid=2147664014 Name: Trojan:JS/Medfos.B ID: 2147664014 Severity: Severe Category: Trojan Path: containerfile:_C:\Users\kc\AppData\Local\chromeupdate.crx;file:_C:\Users\kc\AppData\Local\chromeupdate.crx->manager.js Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\SysWOW64\rundll32.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.139.2195.0, AS: 1.139.2195.0, NIS: 15.13.0.0 Engine Version: AM: 1.1.8904.0, NIS: 2.1.8600.0
11/15/2012 9:54:43 AM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
11/15/2012 9:52:51 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:JS/Medfos.B&threatid=2147664014 Name: Trojan:JS/Medfos.B ID: 2147664014 Severity: Severe Category: Trojan Path: containerfile:_C:\Users\kc\AppData\Local\chromeupdate.crx;file:_C:\Users\kc\AppData\Local\chromeupdate.crx->manager.js Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\SysWOW64\rundll32.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.139.1740.0, AS: 1.139.1740.0, NIS: 15.13.0.0 Engine Version: AM: 1.1.8904.0, NIS: 2.1.8600.0
11/15/2012 9:47:57 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:JS/Medfos.B&threatid=2147664014 Name: Trojan:JS/Medfos.B ID: 2147664014 Severity: Severe Category: Trojan Path: containerfile:_C:\Users\kc\AppData\Local\chromeupdate.crx;file:_C:\Users\kc\AppData\Local\chromeupdate.crx->manager.js Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\SysWOW64\rundll32.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.139.2195.0, AS: 1.139.2195.0, NIS: 15.13.0.0 Engine Version: AM: 1.1.8904.0, NIS: 2.1.8600.0
11/15/2012 9:42:29 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:JS/Medfos.B&threatid=2147664014 Name: Trojan:JS/Medfos.B ID: 2147664014 Severity: Severe Category: Trojan Path: containerfile:_C:\Users\kc\AppData\Local\chromeupdate.crx;file:_C:\Users\kc\AppData\Local\chromeupdate.crx->manager.js Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\SysWOW64\rundll32.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.139.2195.0, AS: 1.139.2195.0, NIS: 15.13.0.0 Engine Version: AM: 1.1.8904.0, NIS: 2.1.8600.0
11/15/2012 9:37:01 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:JS/Medfos.B&threatid=2147664014 Name: Trojan:JS/Medfos.B ID: 2147664014 Severity: Severe Category: Trojan Path: containerfile:_C:\Users\kc\AppData\Local\chromeupdate.crx;file:_C:\Users\kc\AppData\Local\chromeupdate.crx->manager.js Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\SysWOW64\rundll32.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.139.2195.0, AS: 1.139.2195.0, NIS: 15.13.0.0 Engine Version: AM: 1.1.8904.0, NIS: 2.1.8600.0
11/15/2012 9:31:33 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:JS/Medfos.B&threatid=2147664014 Name: Trojan:JS/Medfos.B ID: 2147664014 Severity: Severe Category: Trojan Path: containerfile:_C:\Users\kc\AppData\Local\chromeupdate.crx;file:_C:\Users\kc\AppData\Local\chromeupdate.crx->manager.js Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\SysWOW64\rundll32.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.139.2195.0, AS: 1.139.2195.0, NIS: 15.13.0.0 Engine Version: AM: 1.1.8904.0, NIS: 2.1.8600.0
11/15/2012 9:26:06 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:JS/Medfos.B&threatid=2147664014 Name: Trojan:JS/Medfos.B ID: 2147664014 Severity: Severe Category: Trojan Path: containerfile:_C:\Users\kc\AppData\Local\chromeupdate.crx;file:_C:\Users\kc\AppData\Local\chromeupdate.crx->manager.js Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\SysWOW64\rundll32.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.139.2195.0, AS: 1.139.2195.0, NIS: 15.13.0.0 Engine Version: AM: 1.1.8904.0, NIS: 2.1.8600.0
11/15/2012 9:20:38 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:JS/Medfos.B&threatid=2147664014 Name: Trojan:JS/Medfos.B ID: 2147664014 Severity: Severe Category: Trojan Path: containerfile:_C:\Users\kc\AppData\Local\chromeupdate.crx;file:_C:\Users\kc\AppData\Local\chromeupdate.crx->manager.js Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\SysWOW64\rundll32.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.139.2195.0, AS: 1.139.2195.0, NIS: 15.13.0.0 Engine Version: AM: 1.1.8904.0, NIS: 2.1.8600.0
11/15/2012 9:19:29 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:JS/Medfos.B&threatid=2147664014 Name: Trojan:JS/Medfos.B ID: 2147664014 Severity: Severe Category: Trojan Path: containerfile:_C:\Users\kc\AppData\Local\chromeupdate.crx;file:_C:\Users\kc\AppData\Local\chromeupdate.crx->manager.js Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.139.2195.0, AS: 1.139.2195.0, NIS: 15.13.0.0 Engine Version: AM: 1.1.8904.0, NIS: 2.1.8600.0
11/15/2012 9:15:09 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:JS/Medfos.B&threatid=2147664014 Name: Trojan:JS/Medfos.B ID: 2147664014 Severity: Severe Category: Trojan Path: containerfile:_C:\Users\kc\AppData\Local\chromeupdate.crx;file:_C:\Users\kc\AppData\Local\chromeupdate.crx->manager.js Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\SysWOW64\rundll32.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.139.2195.0, AS: 1.139.2195.0, NIS: 15.13.0.0 Engine Version: AM: 1.1.8904.0, NIS: 2.1.8600.0
11/15/2012 9:14:55 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:JS/Medfos.B&threatid=2147664014 Name: Trojan:JS/Medfos.B ID: 2147664014 Severity: Severe Category: Trojan Path: containerfile:_C:\Users\kc\AppData\Local\chromeupdate.crx;file:_C:\Users\kc\AppData\Local\chromeupdate.crx->manager.js Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.139.2195.0, AS: 1.139.2195.0, NIS: 15.13.0.0 Engine Version: AM: 1.1.8904.0, NIS: 2.1.8600.0
11/15/2012 9:09:40 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:JS/Medfos.B&threatid=2147664014 Name: Trojan:JS/Medfos.B ID: 2147664014 Severity: Severe Category: Trojan Path: containerfile:_C:\Users\kc\AppData\Local\chromeupdate.crx;file:_C:\Users\kc\AppData\Local\chromeupdate.crx->manager.js Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\SysWOW64\rundll32.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.139.2195.0, AS: 1.139.2195.0, NIS: 15.13.0.0 Engine Version: AM: 1.1.8904.0, NIS: 2.1.8600.0
11/15/2012 9:04:11 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:JS/Medfos.B&threatid=2147664014 Name: Trojan:JS/Medfos.B ID: 2147664014 Severity: Severe Category: Trojan Path: containerfile:_C:\Users\kc\AppData\Local\chromeupdate.crx;file:_C:\Users\kc\AppData\Local\chromeupdate.crx->manager.js Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\SysWOW64\rundll32.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.139.2195.0, AS: 1.139.2195.0, NIS: 15.13.0.0 Engine Version: AM: 1.1.8904.0, NIS: 2.1.8600.0
11/15/2012 8:58:22 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:JS/Medfos.B&threatid=2147664014 Name: Trojan:JS/Medfos.B ID: 2147664014 Severity: Severe Category: Trojan Path: containerfile:_C:\Users\kc\AppData\Local\chromeupdate.crx;file:_C:\Users\kc\AppData\Local\chromeupdate.crx->manager.js Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\SysWOW64\rundll32.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.139.2195.0, AS: 1.139.2195.0, NIS: 15.13.0.0 Engine Version: AM: 1.1.8904.0, NIS: 2.1.8600.0
11/15/2012 8:07:18 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.139.1642.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8904.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
11/15/2012 7:55:34 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
11/15/2012 7:55:32 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
11/15/2012 7:55:27 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
11/15/2012 7:55:23 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athihvs.dll Error Code: 21
11/15/2012 7:55:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/15/2012 7:55:08 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.139.1642.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...2.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8904.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
11/15/2012 7:55:08 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.139.1642.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...2.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8904.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
11/15/2012 7:55:08 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
11/15/2012 7:55:07 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.139.1642.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8904.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
11/15/2012 7:55:07 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
11/15/2012 7:55:06 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: ctxusbm discache MpFilter spldr Wanarpv6
11/15/2012 7:55:03 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
11/15/2012 7:54:53 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffff8807c2df450, 0x0000000000000001, 0xfffffa8004d522e6, 0x0000000000000005). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111512-18454-01.
11/15/2012 7:52:05 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:JS/Medfos.B&threatid=2147664014 Name: Trojan:JS/Medfos.B ID: 2147664014 Severity: Severe Category: Trojan Path: containerfile:_C:\Users\kc\AppData\Local\chromeupdate.crx;file:_C:\Users\kc\AppData\Local\chromeupdate.crx->manager.js Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\SysWOW64\rundll32.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.139.1642.0, AS: 1.139.1642.0, NIS: 15.13.0.0 Engine Version: AM: 1.1.8904.0, NIS: 2.1.8600.0
11/15/2012 7:50:33 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffff88075006c00, 0x0000000000000001, 0xfffffa8004ca12e6, 0x0000000000000005). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111512-23166-01.
11/15/2012 7:48:29 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load:
11/15/2012 7:47:07 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:JS/Medfos.B&threatid=2147664014 Name: Trojan:JS/Medfos.B ID: 2147664014 Severity: Severe Category: Trojan Path: containerfile:_C:\Users\kc\AppData\Local\chromeupdate.crx;file:_C:\Users\kc\AppData\Local\chromeupdate.crx->manager.js Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\SysWOW64\rundll32.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.139.1642.0, AS: 1.139.1642.0, NIS: 15.13.0.0 Engine Version: AM: 1.1.8904.0, NIS: 2.1.8600.0
11/15/2012 7:46:12 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000b8 (0xfffff80003060cc0, 0xfffffa8005a02770, 0x0000000000000000, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111512-24164-01.
11/15/2012 7:42:35 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:JS/Medfos.B&threatid=2147664014 Name: Trojan:JS/Medfos.B ID: 2147664014 Severity: Severe Category: Trojan Path: containerfile:_C:\Users\kc\AppData\Local\chromeupdate.crx;file:_C:\Users\kc\AppData\Local\chromeupdate.crx->manager.js Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\SysWOW64\rundll32.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.139.1642.0, AS: 1.139.1642.0, NIS: 15.13.0.0 Engine Version: AM: 1.1.8904.0, NIS: 2.1.8600.0
11/15/2012 7:41:28 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffff8807d530810, 0x0000000000000001, 0xfffffa8004bed2e6, 0x0000000000000005). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111512-25443-01.
11/15/2012 7:38:48 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:JS/Medfos.B&threatid=2147664014 Name: Trojan:JS/Medfos.B ID: 2147664014 Severity: Severe Category: Trojan Path: containerfile:_C:\Users\kc\AppData\Local\chromeupdate.crx;file:_C:\Users\kc\AppData\Local\chromeupdate.crx->manager.js Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\SysWOW64\rundll32.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.139.1642.0, AS: 1.139.1642.0, NIS: 15.13.0.0 Engine Version: AM: 1.1.8904.0, NIS: 2.1.8600.0
11/15/2012 7:33:46 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:JS/Medfos.B&threatid=2147664014 Name: Trojan:JS/Medfos.B ID: 2147664014 Severity: Severe Category: Trojan Path: containerfile:_C:\Users\kc\AppData\Local\chromeupdate.crx;file:_C:\Users\kc\AppData\Local\chromeupdate.crx->manager.js Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\SysWOW64\rundll32.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.139.1642.0, AS: 1.139.1642.0, NIS: 15.13.0.0 Engine Version: AM: 1.1.8904.0, NIS: 2.1.8600.0
11/15/2012 7:27:45 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:JS/Medfos.B&threatid=2147664014 Name: Trojan:JS/Medfos.B ID: 2147664014 Severity: Severe Category: Trojan Path: containerfile:_C:\Users\kc\AppData\Local\chromeupdate.crx;file:_C:\Users\kc\AppData\Local\chromeupdate.crx->manager.js Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\SysWOW64\rundll32.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.139.1642.0, AS: 1.139.1642.0, NIS: 15.13.0.0 Engine Version: AM: 1.1.8904.0, NIS: 2.1.8600.0
11/15/2012 7:27:28 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.139.1642.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...2.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8904.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
11/15/2012 7:27:28 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware

 

[Broni]

PLease re-run TDSSKIller and MBAM one more time.
Post new logs.

==============================

Next....

• Download RogueKiller on the desktop
• Close all the running programs
• Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
• Otherwise just double-click on RogueKiller.exe
• Pre-scan will start. Let it finish.
• Click on SCAN button.
• Wait until the Status box shows Scan Finished
• Click on Delete.
• Wait until the Status box shows Deleting Finished.
• Click on Report and copy/paste the content of the Notepad into your next reply.
• RKreport.txt could also be found on your desktop.
• If more than one log is produced post all logs.
• If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

==============================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

 

[TruelightE525]

Attach.txt (part 2):

has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.139.1642.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...2.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8904.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
11/15/2012 7:27:23 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.139.1642.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8904.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
11/15/2012 5:59:33 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.139.1642.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8904.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
11/15/2012 5:59:33 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.139.1642.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...2.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8904.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
11/15/2012 5:59:33 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.139.1642.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...2.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8904.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
11/15/2012 5:48:12 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
11/15/2012 5:48:03 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
11/15/2012 5:48:03 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
11/15/2012 5:47:59 PM, Error: Service Control Manager [7001] - The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: The dependency service or group failed to start.
11/15/2012 5:47:59 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.139.1642.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8904.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
11/15/2012 5:47:59 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.139.1642.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...2.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8904.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
11/15/2012 5:47:59 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.139.1642.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?Lin...2.0&prod=EDB4FA23-53B8-4AFA-8C5D-99752CCA7094 Signature Type: AntiSpyware Update Type: Full User: NT AUTHORITY\NETWORK SERVICE Current Engine Version: Previous Engine Version: 1.1.8904.0 Error code: 0x80072ee7 Error description: The server name or address could not be resolved
11/15/2012 5:47:36 PM, Error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070003 Error description: The system cannot find the path specified. Signature version: 1.139.1132.0;1.139.1132.0 Engine version: 1.1.8904.0
11/15/2012 5:47:33 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffff8807ce8e400, 0x0000000000000001, 0xfffffa8004f3a2e6, 0x0000000000000005). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111512-160447-01.
11/15/2012 5:47:32 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD ctxusbm DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf ws2ifsl
11/15/2012 5:47:32 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
11/15/2012 5:47:32 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
11/15/2012 5:47:32 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
11/15/2012 5:47:32 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
11/15/2012 5:47:32 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
11/15/2012 5:47:32 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
11/15/2012 5:47:32 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
11/15/2012 5:47:32 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
11/15/2012 5:47:32 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/15/2012 5:47:32 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
11/15/2012 5:41:39 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:JS/Medfos.B&threatid=2147664014 Name: Trojan:JS/Medfos.B ID: 2147664014 Severity: Severe Category: Trojan Path: containerfile:_C:\Users\kc\AppData\Local\chromeupdate.crx;file:_C:\Users\kc\AppData\Local\chromeupdate.crx->manager.js Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\SysWOW64\rundll32.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.139.1642.0, AS: 1.139.1642.0, NIS: 15.13.0.0 Engine Version: AM: 1.1.8904.0, NIS: 2.1.8600.0
11/15/2012 5:41:10 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Service Sendori service to connect.
11/15/2012 5:41:10 PM, Error: Service Control Manager [7000] - The Service Sendori service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/15/2012 5:39:39 PM, Error: Microsoft Antimalware [2004] - Microsoft Antimalware has encountered an error trying to load signatures and will attempt reverting back to a known-good set of signatures. Signatures Attempted: Current Error Code: 0x80070002 Error description: The system cannot find the file specified. Signature version: 1.139.1132.0;1.139.1132.0 Engine version: 1.1.8904.0
11/15/2012 10:39:29 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffff8807b772010, 0x0000000000000001, 0xfffffa8004cb92e6, 0x0000000000000005). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111512-35490-01.
11/15/2012 10:33:39 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:JS/Medfos.B&threatid=2147664014 Name: Trojan:JS/Medfos.B ID: 2147664014 Severity: Severe Category: Trojan Path: containerfile:_C:\Users\kc\AppData\Local\chromeupdate.crx;file:_C:\Users\kc\AppData\Local\chromeupdate.crx->manager.js Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\SysWOW64\rundll32.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.139.1740.0, AS: 1.139.1740.0, NIS: 15.13.0.0 Engine Version: AM: 1.1.8904.0, NIS: 2.1.8600.0
11/15/2012 10:28:21 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:JS/Medfos.B&threatid=2147664014 Name: Trojan:JS/Medfos.B ID: 2147664014 Severity: Severe Category: Trojan Path: containerfile:_C:\Users\kc\AppData\Local\chromeupdate.crx;file:_C:\Users\kc\AppData\Local\chromeupdate.crx->manager.js Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\SysWOW64\rundll32.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.139.1740.0, AS: 1.139.1740.0, NIS: 15.13.0.0 Engine Version: AM: 1.1.8904.0, NIS: 2.1.8600.0
11/15/2012 10:21:18 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:JS/Medfos.B&threatid=2147664014 Name: Trojan:JS/Medfos.B ID: 2147664014 Severity: Severe Category: Trojan Path: containerfile:_C:\Users\kc\AppData\Local\chromeupdate.crx;file:_C:\Users\kc\AppData\Local\chromeupdate.crx->manager.js Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\SysWOW64\rundll32.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.139.1740.0, AS: 1.139.1740.0, NIS: 15.13.0.0 Engine Version: AM: 1.1.8904.0, NIS: 2.1.8600.0
11/15/2012 10:20:34 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect.
11/15/2012 10:20:34 AM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/15/2012 10:19:46 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffff8807d330210, 0x0000000000000001, 0xfffffa8004d232e6, 0x0000000000000005). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111512-31824-01.
11/15/2012 10:16:24 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:JS/Medfos.B&threatid=2147664014 Name: Trojan:JS/Medfos.B ID: 2147664014 Severity: Severe Category: Trojan Path: containerfile:_C:\Users\kc\AppData\Local\chromeupdate.crx;file:_C:\Users\kc\AppData\Local\chromeupdate.crx->manager.js Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\SysWOW64\rundll32.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.139.1740.0, AS: 1.139.1740.0, NIS: 15.13.0.0 Engine Version: AM: 1.1.8904.0, NIS: 2.1.8600.0
11/15/2012 10:14:24 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:JS/Medfos.B&threatid=2147664014 Name: Trojan:JS/Medfos.B ID: 2147664014 Severity: Severe Category: Trojan Path: containerfile:_C:\Users\kc\AppData\Local\chromeupdate.crx;file:_C:\Users\kc\AppData\Local\chromeupdate.crx->manager.js Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Users\kc\AppData\Local\Temp\nsx9C6F.tmp\PEV.DAT Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.139.2195.0, AS: 1.139.2195.0, NIS: 15.13.0.0 Engine Version: AM: 1.1.8904.0, NIS: 2.1.8600.0
11/15/2012 10:13:37 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:JS/Medfos.B&threatid=2147664014 Name: Trojan:JS/Medfos.B ID: 2147664014 Severity: Severe Category: Trojan Path: containerfile:_C:\Users\kc\AppData\Local\chromeupdate.crx;file:_C:\Users\kc\AppData\Local\chromeupdate.crx->manager.js Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.139.1740.0, AS: 1.139.1740.0, NIS: 15.13.0.0 Engine Version: AM: 1.1.8904.0, NIS: 2.1.8600.0
11/15/2012 10:11:40 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:JS/Medfos.B&threatid=2147664014 Name: Trojan:JS/Medfos.B ID: 2147664014 Severity: Severe Category: Trojan Path: containerfile:_C:\Users\kc\AppData\Local\chromeupdate.crx;file:_C:\Users\kc\AppData\Local\chromeupdate.crx->manager.js Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\SysWOW64\rundll32.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.139.2195.0, AS: 1.139.2195.0, NIS: 15.13.0.0 Engine Version: AM: 1.1.8904.0, NIS: 2.1.8600.0
11/15/2012 10:11:21 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:JS/Medfos.B&threatid=2147664014 Name: Trojan:JS/Medfos.B ID: 2147664014 Severity: Severe Category: Trojan Path: containerfile:_C:\Users\kc\AppData\Local\chromeupdate.crx;file:_C:\Users\kc\AppData\Local\chromeupdate.crx->manager.js Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\SysWOW64\rundll32.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.139.1740.0, AS: 1.139.1740.0, NIS: 15.13.0.0 Engine Version: AM: 1.1.8904.0, NIS: 2.1.8600.0
11/15/2012 10:10:58 PM, Error: Service Control Manager [7023] - The Peer Name Resolution Protocol service terminated with the following error: %%-2140993535
11/15/2012 10:10:58 PM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140993535
11/15/2012 10:10:58 PM, Error: Microsoft-Windows-PNRPSvc [102] - The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.
11/15/2012 10:06:59 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:JS/Medfos.B&threatid=2147664014 Name: Trojan:JS/Medfos.B ID: 2147664014 Severity: Severe Category: Trojan Path: containerfile:_C:\Users\kc\AppData\Local\chromeupdate.crx;file:_C:\Users\kc\AppData\Local\chromeupdate.crx->manager.js Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.139.1740.0, AS: 1.139.1740.0, NIS: 15.13.0.0 Engine Version: AM: 1.1.8904.0, NIS: 2.1.8600.0
11/15/2012 10:06:12 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:JS/Medfos.B&threatid=2147664014 Name: Trojan:JS/Medfos.B ID: 2147664014 Severity: Severe Category: Trojan Path: containerfile:_C:\Users\kc\AppData\Local\chromeupdate.crx;file:_C:\Users\kc\AppData\Local\chromeupdate.crx->manager.js Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\SysWOW64\rundll32.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.139.2195.0, AS: 1.139.2195.0, NIS: 15.13.0.0 Engine Version: AM: 1.1.8904.0, NIS: 2.1.8600.0
11/15/2012 10:05:59 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:JS/Medfos.B&threatid=2147664014 Name: Trojan:JS/Medfos.B ID: 2147664014 Severity: Severe Category: Trojan Path: containerfile:_C:\Users\kc\AppData\Local\chromeupdate.crx;file:_C:\Users\kc\AppData\Local\chromeupdate.crx->manager.js Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\SysWOW64\rundll32.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.139.1740.0, AS: 1.139.1740.0, NIS: 15.13.0.0 Engine Version: AM: 1.1.8904.0, NIS: 2.1.8600.0
11/15/2012 10:01:09 PM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:JS/Medfos.B&threatid=2147664014 Name: Trojan:JS/Medfos.B ID: 2147664014 Severity: Severe Category: Trojan Path: containerfile:_C:\Users\kc\AppData\Local\chromeupdate.crx;file:_C:\Users\kc\AppData\Local\chromeupdate.crx->manager.js Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\SysWOW64\rundll32.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.139.2195.0, AS: 1.139.2195.0, NIS: 15.13.0.0 Engine Version: AM: 1.1.8904.0, NIS: 2.1.8600.0
11/15/2012 10:00:31 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:JS/Medfos.B&threatid=2147664014 Name: Trojan:JS/Medfos.B ID: 2147664014 Severity: Severe Category: Trojan Path: containerfile:_C:\Users\kc\AppData\Local\chromeupdate.crx;file:_C:\Users\kc\AppData\Local\chromeupdate.crx->manager.js Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\SysWOW64\rundll32.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.139.1740.0, AS: 1.139.1740.0, NIS: 15.13.0.0 Engine Version: AM: 1.1.8904.0, NIS: 2.1.8600.0
11/14/2012 9:59:53 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:JS/Medfos.B&threatid=2147664014 Name: Trojan:JS/Medfos.B ID: 2147664014 Severity: Severe Category: Trojan Path: containerfile:_C:\Users\kc\AppData\Local\chromeupdate.crx;file:_C:\Users\kc\AppData\Local\chromeupdate.crx->manager.js Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\SysWOW64\rundll32.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.139.1740.0, AS: 1.139.1740.0, NIS: 15.13.0.0 Engine Version: AM: 1.1.8904.0, NIS: 2.1.8600.0
11/14/2012 9:54:25 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:JS/Medfos.B&threatid=2147664014 Name: Trojan:JS/Medfos.B ID: 2147664014 Severity: Severe Category: Trojan Path: containerfile:_C:\Users\kc\AppData\Local\chromeupdate.crx;file:_C:\Users\kc\AppData\Local\chromeupdate.crx->manager.js Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\SysWOW64\rundll32.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.139.1740.0, AS: 1.139.1740.0, NIS: 15.13.0.0 Engine Version: AM: 1.1.8904.0, NIS: 2.1.8600.0
11/14/2012 9:49:52 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.139.1740.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8904.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
11/14/2012 9:49:30 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.139.1740.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8904.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
11/14/2012 9:48:57 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:JS/Medfos.B&threatid=2147664014 Name: Trojan:JS/Medfos.B ID: 2147664014 Severity: Severe Category: Trojan Path: containerfile:_C:\Users\kc\AppData\Local\chromeupdate.crx;file:_C:\Users\kc\AppData\Local\chromeupdate.crx->manager.js Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\SysWOW64\rundll32.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.139.1740.0, AS: 1.139.1740.0, NIS: 15.13.0.0 Engine Version: AM: 1.1.8904.0, NIS: 2.1.8600.0
11/14/2012 9:46:07 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.139.1740.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8904.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
11/14/2012 9:46:02 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.139.1740.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8904.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
11/14/2012 9:45:56 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.139.1740.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8904.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
11/14/2012 9:45:55 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.139.1740.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8904.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
11/14/2012 9:45:48 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.139.1740.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8904.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
11/14/2012 9:45:30 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.139.1740.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: Default URL Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.8904.0 Error code: 0x8007043c Error description: This service cannot be started in Safe Mode
11/14/2012 9:43:29 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:JS/Medfos.B&threatid=2147664014 Name: Trojan:JS/Medfos.B ID: 2147664014 Severity: Severe Category: Trojan Path: containerfile:_C:\Users\kc\AppData\Local\chromeupdate.crx;file:_C:\Users\kc\AppData\Local\chromeupdate.crx->manager.js Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\SysWOW64\rundll32.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.139.1740.0, AS: 1.139.1740.0, NIS: 15.13.0.0 Engine Version: AM: 1.1.8904.0, NIS: 2.1.8600.0
11/14/2012 9:37:21 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:JS/Medfos.B&threatid=2147664014 Name: Trojan:JS/Medfos.B ID: 2147664014 Severity: Severe Category: Trojan Path: containerfile:_C:\Users\kc\AppData\Local\chromeupdate.crx;file:_C:\Users\kc\AppData\Local\chromeupdate.crx->manager.js Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\SysWOW64\rundll32.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.139.1740.0, AS: 1.139.1740.0, NIS: 15.13.0.0 Engine Version: AM: 1.1.8904.0, NIS: 2.1.8600.0
11/14/2012 9:34:30 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffff8807aebf800, 0x0000000000000001, 0xfffffa8004a862e6, 0x0000000000000005). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111412-32448-01.
11/14/2012 9:30:05 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:JS/Medfos.B&threatid=2147664014 Name: Trojan:JS/Medfos.B ID: 2147664014 Severity: Severe Category: Trojan Path: containerfile:_C:\Users\kc\AppData\Local\chromeupdate.crx;file:_C:\Users\kc\AppData\Local\chromeupdate.crx->manager.js Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\SysWOW64\rundll32.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.139.1740.0, AS: 1.139.1740.0, NIS: 15.13.0.0 Engine Version: AM: 1.1.8904.0, NIS: 2.1.8600.0
11/14/2012 9:24:37 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:JS/Medfos.B&threatid=2147664014 Name: Trojan:JS/Medfos.B ID: 2147664014 Severity: Severe Category: Trojan Path: containerfile:_C:\Users\kc\AppData\Local\chromeupdate.crx;file:_C:\Users\kc\AppData\Local\chromeupdate.crx->manager.js Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\SysWOW64\rundll32.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.139.1740.0, AS: 1.139.1740.0, NIS: 15.13.0.0 Engine Version: AM: 1.1.8904.0, NIS: 2.1.8600.0
11/14/2012 9:19:09 AM, Error: Microsoft Antimalware [1119] - Microsoft Antimalware has encountered a critical error when taking action on malware or other potentially unwanted software. For more information please see the following: http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:JS/Medfos.B&threatid=2147664014 Name: Trojan:JS/Medfos.B ID: 2147664014 Severity: Severe Category: Trojan Path: containerfile:_C:\Users\kc\AppData\Local\chromeupdate.crx;file:_C:\Users\kc\AppData\Local\chromeupdate.crx->manager.js Detection Origin: Local machine Detection Type: Concrete Detection Source: Real-Time Protection User: NT AUTHORITY\SYSTEM Process Name: C:\Windows\SysWOW64\rundll32.exe Action: Quarantine Action Status: No additional actions required Error Code: 0x8007001e Error description: The system cannot read from the specified device. Signature Version: AV: 1.139.1740.0, AS: 1.139.1740.0, NIS: 15.13.0.0 Engine Version: AM: 1.1.8904.0, NIS: 2.1.8600.0

 

[TruelightE525]

Hi Broni,

OK...I'm going to stop posting Attach.txt log contents and instead, follow your next instructions, starting with re-running TDSSKiller. If you need additional Attach.txt log contents, please let me know. Thanks!

 

[Broni]

OK

 

[TruelightE525]

Hi Broni,

I had relaunched Windows in Normal mode and had another system crash (blue screen) in the midst of running TDSSKiller. I'm rebooting now and with Windows in Safe Mode with Networking. Then, I'll re-run TDSSKiller. If you have any other suggestions, please let me know. Thanks!

 

[TruelightE525]

I'm seeing something REALLY strange after re-running TDSSKiller and then Rebooting. Windows restarted in Normal Mode, but then, on a black screen, a window appeared with the title: C:\Windows\System32\cmd.exe. Then another window popped up with the title: Open File - Security Warning. There is a question which says, "Do you want to run this file?" The Name of the file is ...\6D16CD8F-9BE9-47D6-8A35-952ED225E312.exe. The Publisher is Kaspersky Lab. Is is located in a Temp directory. What do I do now? Is this another symptom of a virus?

 

[TruelightE525]

Hi Broni,

I cancelled out of that strange Open File - Security Warning window and now I'm pasting the TDSSKiller log contents below. I have to split it into two parts:

00:44:51.0440 2972 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
00:44:52.0142 2972 ============================================================
00:44:52.0142 2972 Current date / time: 2012/11/16 00:44:52.0142
00:44:52.0142 2972 SystemInfo:
00:44:52.0142 2972
00:44:52.0142 2972 OS Version: 6.1.7601 ServicePack: 1.0
00:44:52.0142 2972 Product type: Workstation
00:44:52.0142 2972 ComputerName: KC-PC
00:44:52.0142 2972 UserName: kc
00:44:52.0142 2972 Windows directory: C:\Windows
00:44:52.0142 2972 System windows directory: C:\Windows
00:44:52.0142 2972 Running under WOW64
00:44:52.0142 2972 Processor architecture: Intel x64
00:44:52.0142 2972 Number of processors: 2
00:44:52.0142 2972 Page size: 0x1000
00:44:52.0142 2972 Boot type: Safe boot with network
00:44:52.0142 2972 ============================================================
00:44:53.0468 2972 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:44:53.0468 2972 ============================================================
00:44:53.0468 2972 \Device\Harddisk0\DR0:
00:44:53.0468 2972 MBR partitions:
00:44:53.0468 2972 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
00:44:53.0468 2972 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x38444000
00:44:53.0468 2972 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x384A8000, BlocksNum 0x1EAA000
00:44:53.0468 2972 ============================================================
00:44:53.0499 2972 C: <-> \Device\Harddisk0\DR0\Partition2
00:44:53.0546 2972 D: <-> \Device\Harddisk0\DR0\Partition3
00:44:53.0546 2972 ============================================================
00:44:53.0546 2972 Initialize success
00:44:53.0546 2972 ============================================================
00:45:01.0830 3064 ============================================================
00:45:01.0830 3064 Scan started
00:45:01.0830 3064 Mode: Manual;
00:45:01.0830 3064 ============================================================
00:45:02.0797 3064 ================ Scan system memory ========================
00:45:02.0797 3064 System memory - ok
00:45:02.0797 3064 ================ Scan services =============================
00:45:02.0937 3064 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
00:45:02.0937 3064 1394ohci - ok
00:45:02.0969 3064 [ 3E2427D4966C7606097341E55AB4E105 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys
00:45:02.0969 3064 Accelerometer - ok
00:45:03.0015 3064 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
00:45:03.0015 3064 ACPI - ok
00:45:03.0047 3064 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
00:45:03.0047 3064 AcpiPmi - ok
00:45:03.0171 3064 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
00:45:03.0171 3064 AdobeARMservice - ok
00:45:03.0312 3064 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
00:45:03.0327 3064 AdobeFlashPlayerUpdateSvc - ok
00:45:03.0359 3064 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
00:45:03.0374 3064 adp94xx - ok
00:45:03.0390 3064 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
00:45:03.0390 3064 adpahci - ok
00:45:03.0421 3064 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
00:45:03.0421 3064 adpu320 - ok
00:45:03.0452 3064 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
00:45:03.0452 3064 AeLookupSvc - ok
00:45:03.0499 3064 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
00:45:03.0515 3064 AFD - ok
00:45:03.0577 3064 [ B65F8DBA54F251906BBE8611B5A0E7AB ] AgereModemAudio C:\Program Files\LSI SoftModem\agr64svc.exe
00:45:03.0593 3064 AgereModemAudio - ok
00:45:03.0608 3064 [ AF4748EF93416159459769A24A0053AF ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys
00:45:03.0639 3064 AgereSoftModem - ok
00:45:03.0671 3064 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
00:45:03.0671 3064 agp440 - ok
00:45:03.0842 3064 [ B9B98E08EC127900025F42462D3D0A66 ] Akamai c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll
00:45:03.0842 3064 Suspicious file (Hidden): c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll. md5: B9B98E08EC127900025F42462D3D0A66
00:45:03.0842 3064 Akamai ( HiddenFile.Multi.Generic ) - warning
00:45:03.0842 3064 Akamai - detected HiddenFile.Multi.Generic (1)
00:45:03.0889 3064 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
00:45:03.0905 3064 ALG - ok
00:45:03.0920 3064 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
00:45:03.0920 3064 aliide - ok
00:45:03.0967 3064 [ D0D8877969011D1B0ED9C3C55A9A9108 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
00:45:03.0983 3064 AMD External Events Utility - ok
00:45:03.0998 3064 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
00:45:03.0998 3064 amdide - ok
00:45:04.0029 3064 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
00:45:04.0029 3064 AmdK8 - ok
00:45:04.0045 3064 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
00:45:04.0061 3064 AmdPPM - ok
00:45:04.0076 3064 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
00:45:04.0076 3064 amdsata - ok
00:45:04.0107 3064 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
00:45:04.0107 3064 amdsbs - ok
00:45:04.0123 3064 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
00:45:04.0123 3064 amdxata - ok
00:45:04.0154 3064 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
00:45:04.0154 3064 AppID - ok
00:45:04.0170 3064 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
00:45:04.0185 3064 AppIDSvc - ok
00:45:04.0201 3064 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
00:45:04.0201 3064 Appinfo - ok
00:45:04.0279 3064 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
00:45:04.0295 3064 Apple Mobile Device - ok
00:45:04.0373 3064 [ 44F0479ACDBC24D20C62B63E23720B4A ] Application Sendori C:\Program Files (x86)\Sendori\SendoriSvc.exe
00:45:04.0373 3064 Application Sendori - ok
00:45:04.0404 3064 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
00:45:04.0404 3064 arc - ok
00:45:04.0419 3064 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
00:45:04.0419 3064 arcsas - ok
00:45:04.0451 3064 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
00:45:04.0451 3064 AsyncMac - ok
00:45:04.0482 3064 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
00:45:04.0482 3064 atapi - ok
00:45:04.0544 3064 [ F8633CDD09647A64EE8DB550630427FF ] athr C:\Windows\system32\DRIVERS\athrx.sys
00:45:04.0575 3064 athr - ok
00:45:04.0622 3064 [ 38467FF83C2B4265D51F418812A91E3C ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
00:45:04.0622 3064 AtiHdmiService - ok
00:45:04.0731 3064 [ C5758BF1DFD762A5B17041FF061B7750 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
00:45:04.0841 3064 atikmdag - ok
00:45:04.0887 3064 [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
00:45:04.0887 3064 AtiPcie - ok
00:45:04.0934 3064 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
00:45:04.0950 3064 AudioEndpointBuilder - ok
00:45:04.0981 3064 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
00:45:04.0981 3064 AudioSrv - ok
00:45:05.0028 3064 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
00:45:05.0028 3064 AxInstSV - ok
00:45:05.0075 3064 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
00:45:05.0090 3064 b06bdrv - ok
00:45:05.0106 3064 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
00:45:05.0121 3064 b57nd60a - ok
00:45:05.0246 3064 [ 2ED050291BC1D7F9E322E328DB3AAECF ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
00:45:05.0246 3064 BBSvc - ok
00:45:05.0293 3064 [ 785DE7ABDA13309D6065305542829E76 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
00:45:05.0309 3064 BBUpdate - ok
00:45:05.0355 3064 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
00:45:05.0355 3064 BDESVC - ok
00:45:05.0387 3064 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
00:45:05.0387 3064 Beep - ok
00:45:05.0449 3064 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
00:45:05.0465 3064 BFE - ok
00:45:05.0496 3064 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
00:45:05.0652 3064 BITS - ok
00:45:05.0683 3064 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
00:45:05.0683 3064 blbdrive - ok
00:45:05.0745 3064 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
00:45:05.0761 3064 Bonjour Service - ok
00:45:05.0808 3064 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
00:45:05.0808 3064 bowser - ok
00:45:05.0839 3064 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
00:45:05.0839 3064 BrFiltLo - ok
00:45:05.0855 3064 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
00:45:05.0855 3064 BrFiltUp - ok
00:45:05.0886 3064 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
00:45:05.0901 3064 Browser - ok
00:45:05.0917 3064 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
00:45:05.0917 3064 Brserid - ok
00:45:05.0933 3064 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
00:45:05.0933 3064 BrSerWdm - ok
00:45:05.0948 3064 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
00:45:05.0948 3064 BrUsbMdm - ok
00:45:05.0964 3064 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
00:45:05.0964 3064 BrUsbSer - ok
00:45:05.0995 3064 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
00:45:05.0995 3064 BTHMODEM - ok
00:45:06.0011 3064 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
00:45:06.0011 3064 bthserv - ok
00:45:06.0026 3064 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
00:45:06.0042 3064 cdfs - ok
00:45:06.0073 3064 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
00:45:06.0073 3064 cdrom - ok
00:45:06.0104 3064 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
00:45:06.0104 3064 CertPropSvc - ok
00:45:06.0135 3064 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
00:45:06.0135 3064 circlass - ok
00:45:06.0151 3064 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
00:45:06.0151 3064 CLFS - ok
00:45:06.0229 3064 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:45:06.0229 3064 clr_optimization_v2.0.50727_32 - ok
00:45:06.0260 3064 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
00:45:06.0276 3064 clr_optimization_v2.0.50727_64 - ok
00:45:06.0354 3064 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:45:06.0385 3064 clr_optimization_v4.0.30319_32 - ok
00:45:06.0416 3064 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
00:45:06.0416 3064 clr_optimization_v4.0.30319_64 - ok
00:45:06.0447 3064 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
00:45:06.0447 3064 CmBatt - ok
00:45:06.0479 3064 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
00:45:06.0479 3064 cmdide - ok
00:45:06.0541 3064 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
00:45:06.0541 3064 CNG - ok
00:45:06.0588 3064 [ C7A0E61D5714AC20DE52D4F66EC773B8 ] Com4QLBEx C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
00:45:06.0588 3064 Com4QLBEx - ok
00:45:06.0619 3064 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
00:45:06.0619 3064 Compbatt - ok
00:45:06.0666 3064 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
00:45:06.0666 3064 CompositeBus - ok
00:45:06.0666 3064 COMSysApp - ok
00:45:06.0697 3064 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
00:45:06.0697 3064 crcdisk - ok
00:45:06.0744 3064 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
00:45:06.0744 3064 CryptSvc - ok
00:45:06.0806 3064 [ BF62FF663AE55E4ED99DE76881C2C0F1 ] ctxusbm C:\Windows\system32\DRIVERS\ctxusbm.sys
00:45:06.0806 3064 ctxusbm - ok
00:45:06.0853 3064 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
00:45:06.0853 3064 DcomLaunch - ok
00:45:06.0884 3064 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
00:45:06.0884 3064 defragsvc - ok
00:45:06.0915 3064 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
00:45:06.0915 3064 DfsC - ok
00:45:06.0962 3064 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
00:45:06.0962 3064 Dhcp - ok
00:45:07.0009 3064 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
00:45:07.0009 3064 discache - ok
00:45:07.0040 3064 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
00:45:07.0040 3064 Disk - ok
00:45:07.0087 3064 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
00:45:07.0087 3064 Dnscache - ok
00:45:07.0134 3064 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
00:45:07.0134 3064 dot3svc - ok
00:45:07.0165 3064 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
00:45:07.0165 3064 DPS - ok
00:45:07.0196 3064 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
00:45:07.0196 3064 drmkaud - ok
00:45:07.0243 3064 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
00:45:07.0259 3064 DXGKrnl - ok
00:45:07.0290 3064 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
00:45:07.0290 3064 EapHost - ok
00:45:07.0368 3064 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
00:45:07.0430 3064 ebdrv - ok
00:45:07.0461 3064 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
00:45:07.0461 3064 EFS - ok
00:45:07.0539 3064 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
00:45:07.0555 3064 ehRecvr - ok
00:45:07.0586 3064 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
00:45:07.0586 3064 ehSched - ok
00:45:07.0617 3064 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
00:45:07.0633 3064 elxstor - ok
00:45:07.0664 3064 [ 524C79054636D2E5751169005006460B ] enecir C:\Windows\system32\DRIVERS\enecir.sys
00:45:07.0664 3064 enecir - ok
00:45:07.0680 3064 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
00:45:07.0680 3064 ErrDev - ok
00:45:07.0727 3064 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
00:45:07.0727 3064 EventSystem - ok
00:45:07.0758 3064 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
00:45:07.0758 3064 exfat - ok
00:45:07.0773 3064 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
00:45:07.0789 3064 fastfat - ok
00:45:07.0820 3064 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
00:45:07.0836 3064 Fax - ok
00:45:07.0851 3064 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
00:45:07.0851 3064 fdc - ok
00:45:07.0883 3064 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
00:45:07.0883 3064 fdPHost - ok
00:45:07.0898 3064 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
00:45:07.0898 3064 FDResPub - ok
00:45:07.0929 3064 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
00:45:07.0929 3064 FileInfo - ok
00:45:07.0945 3064 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
00:45:07.0945 3064 Filetrace - ok
00:45:07.0961 3064 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
00:45:07.0961 3064 flpydisk - ok
00:45:07.0992 3064 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
00:45:08.0007 3064 FltMgr - ok
00:45:08.0039 3064 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
00:45:08.0070 3064 FontCache - ok
00:45:08.0179 3064 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
00:45:08.0195 3064 FontCache3.0.0.0 - ok
00:45:08.0210 3064 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
00:45:08.0210 3064 FsDepends - ok
00:45:08.0366 3064 [ 07DA62C960DDCCC2D35836AEAB4FC578 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
00:45:08.0366 3064 fssfltr - ok
00:45:08.0663 3064 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
00:45:08.0709 3064 fsssvc - ok
00:45:08.0772 3064 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
00:45:08.0772 3064 Fs_Rec - ok
00:45:08.0865 3064 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
00:45:08.0881 3064 fvevol - ok
00:45:08.0928 3064 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
00:45:08.0928 3064 gagp30kx - ok
00:45:09.0131 3064 [ C403C5DB49A0F9AAF4F2128EDC0106D8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
00:45:09.0131 3064 GamesAppService - ok
00:45:09.0177 3064 [ E403AACF8C7BB11375122D2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
00:45:09.0177 3064 GEARAspiWDM - ok
00:45:09.0271 3064 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
00:45:09.0302 3064 gpsvc - ok
00:45:09.0489 3064 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
00:45:09.0489 3064 gupdate - ok
00:45:09.0505 3064 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
00:45:09.0505 3064 gupdatem - ok
00:45:09.0599 3064 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
00:45:09.0599 3064 gusvc - ok
00:45:09.0614 3064 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
00:45:09.0630 3064 hcw85cir - ok
00:45:09.0739 3064 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
00:45:09.0739 3064 HdAudAddService - ok
00:45:09.0770 3064 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
00:45:09.0770 3064 HDAudBus - ok
00:45:09.0786 3064 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
00:45:09.0801 3064 HidBatt - ok
00:45:09.0833 3064 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
00:45:09.0833 3064 HidBth - ok
00:45:09.0895 3064 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
00:45:09.0911 3064 HidIr - ok
00:45:09.0973 3064 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
00:45:09.0973 3064 hidserv - ok
00:45:10.0035 3064 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
00:45:10.0035 3064 HidUsb - ok
00:45:10.0082 3064 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
00:45:10.0082 3064 hkmsvc - ok
00:45:10.0129 3064 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
00:45:10.0145 3064 HomeGroupListener - ok
00:45:10.0176 3064 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
00:45:10.0176 3064 HomeGroupProvider - ok
00:45:10.0269 3064 [ 170233B8D743EFE35F462A5D516B93E3 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
00:45:10.0269 3064 HP Support Assistant Service - ok
00:45:10.0394 3064 [ BCC4A8B2E2E902F52E7F2E7D8E125765 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
00:45:10.0394 3064 HPDrvMntSvc.exe - ok
00:45:10.0425 3064 [ CCBE758967CC0F53F5BA3B271653C4E6 ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys
00:45:10.0441 3064 hpdskflt - ok
00:45:10.0472 3064 [ 9AF482D058BE59CC28BCE52E7C4B747C ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
00:45:10.0472 3064 HpqKbFiltr - ok
00:45:10.0535 3064 [ EC9739A46F1F83C6E52A7A4697F44A65 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
00:45:10.0550 3064 hpqwmiex - ok
00:45:10.0581 3064 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
00:45:10.0597 3064 HpSAMD - ok
00:45:10.0613 3064 [ E2223A37896A76861D7F79FD81A2A193 ] hpsrv C:\Windows\system32\Hpservice.exe
00:45:10.0613 3064 hpsrv - ok
00:45:10.0675 3064 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
00:45:10.0675 3064 HTTP - ok
00:45:10.0706 3064 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
00:45:10.0706 3064 hwpolicy - ok
00:45:10.0753 3064 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
00:45:10.0753 3064 i8042prt - ok
00:45:10.0784 3064 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
00:45:10.0784 3064 iaStorV - ok
00:45:10.0847 3064 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
00:45:10.0862 3064 idsvc - ok
00:45:11.0018 3064 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
00:45:11.0127 3064 igfx - ok
00:45:11.0174 3064 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
00:45:11.0174 3064 iirsp - ok
00:45:11.0205 3064 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
00:45:11.0221 3064 IKEEXT - ok
00:45:11.0237 3064 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
00:45:11.0237 3064 intelide - ok
00:45:11.0268 3064 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
00:45:11.0268 3064 intelppm - ok
00:45:11.0283 3064 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
00:45:11.0299 3064 IPBusEnum - ok
00:45:11.0315 3064 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:45:11.0330 3064 IpFilterDriver - ok
00:45:11.0361 3064 [ A34A587FFFD45FA649FBA6D03784D257 ] IpHlpSvc C:\Windows\System32\iphlpsvc.dll
00:45:11.0361 3064 IpHlpSvc - ok
00:45:11.0393 3064 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
00:45:11.0393 3064 IPMIDRV - ok
00:45:11.0408 3064 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
00:45:11.0408 3064 IPNAT - ok
00:45:11.0486 3064 [ 50D6CCC6FF5561F9F56946B3E6164FB8 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
00:45:11.0517 3064 iPod Service - ok
00:45:11.0564 3064 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
00:45:11.0564 3064 IRENUM - ok
00:45:11.0580 3064 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
00:45:11.0580 3064 isapnp - ok
00:45:11.0595 3064 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
00:45:11.0595 3064 iScsiPrt - ok
00:45:11.0658 3064 [ F8844B00C10E386C704C610E95A9847D ] JMCR C:\Windows\system32\DRIVERS\jmcr.sys
00:45:11.0658 3064 JMCR - ok
00:45:11.0689 3064 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
00:45:11.0689 3064 kbdclass - ok
00:45:11.0720 3064 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
00:45:11.0720 3064 kbdhid - ok
00:45:11.0736 3064 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
00:45:11.0736 3064 KeyIso - ok
00:45:11.0767 3064 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
00:45:11.0767 3064 KSecDD - ok
00:45:11.0798 3064 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
00:45:11.0798 3064 KSecPkg - ok
00:45:11.0814 3064 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
00:45:11.0814 3064 ksthunk - ok
00:45:11.0845 3064 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
00:45:11.0845 3064 KtmRm - ok
00:45:11.0876 3064 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
00:45:11.0892 3064 LanmanServer - ok
00:45:11.0923 3064 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
00:45:11.0923 3064 LanmanWorkstation - ok
00:45:12.0001 3064 [ 83D8BE94E1CBCBE2EA8372DB1A95A159 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
00:45:12.0001 3064 LightScribeService - ok
00:45:12.0032 3064 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
00:45:12.0032 3064 lltdio - ok
00:45:12.0063 3064 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
00:45:12.0063 3064 lltdsvc - ok
00:45:12.0095 3064 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
00:45:12.0095 3064 lmhosts - ok
00:45:12.0141 3064 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
00:45:12.0141 3064 LSI_FC - ok
00:45:12.0157 3064 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
00:45:12.0157 3064 LSI_SAS - ok
00:45:12.0173 3064 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
00:45:12.0188 3064 LSI_SAS2 - ok
00:45:12.0204 3064 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
00:45:12.0204 3064 LSI_SCSI - ok
00:45:12.0219 3064 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
00:45:12.0235 3064 luafv - ok
00:45:12.0251 3064 lxcc_device - ok
00:45:12.0282 3064 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
00:45:12.0282 3064 MBAMProtector - ok
00:45:12.0329 3064 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
00:45:12.0329 3064 MBAMScheduler - ok
00:45:12.0344 3064 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
00:45:12.0360 3064 MBAMService - ok
00:45:12.0391 3064 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
00:45:12.0391 3064 Mcx2Svc - ok
00:45:12.0407 3064 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
00:45:12.0407 3064 megasas - ok
00:45:12.0438 3064 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
00:45:12.0438 3064 MegaSR - ok
00:45:12.0516 3064 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
00:45:12.0516 3064 Microsoft Office Groove Audit Service - ok
00:45:12.0547 3064 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
00:45:12.0547 3064 MMCSS - ok
00:45:12.0578 3064 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
00:45:12.0578 3064 Modem - ok
00:45:12.0594 3064 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
00:45:12.0609 3064 monitor - ok
00:45:12.0641 3064 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys
00:45:12.0641 3064 mouclass - ok
00:45:12.0672 3064 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
00:45:12.0672 3064 mouhid - ok
00:45:12.0703 3064 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
00:45:12.0719 3064 mountmgr - ok
00:45:12.0750 3064 [ 05BF204EC0E82CC4A054DB189C8A3D84 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
00:45:12.0750 3064 MpFilter - ok
00:45:12.0765 3064 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
00:45:12.0765 3064 mpio - ok
00:45:12.0781 3064 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
00:45:12.0781 3064 mpsdrv - ok
00:45:12.0828 3064 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
00:45:12.0859 3064 MpsSvc - ok
00:45:12.0890 3064 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
00:45:12.0890 3064 MRxDAV - ok
00:45:12.0921 3064 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
00:45:12.0921 3064 mrxsmb - ok
00:45:12.0953 3064 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:45:12.0968 3064 mrxsmb10 - ok
00:45:12.0984 3064 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:45:12.0984 3064 mrxsmb20 - ok
00:45:13.0062 3064 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
00:45:13.0062 3064 msahci - ok
00:45:13.0109 3064 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
00:45:13.0109 3064 msdsm - ok
00:45:13.0171 3064 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
00:45:13.0187 3064 MSDTC - ok
00:45:13.0218 3064 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
00:45:13.0218 3064 Msfs - ok
00:45:13.0218 3064 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
00:45:13.0218 3064 mshidkmdf - ok
00:45:13.0265 3064 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
00:45:13.0265 3064 msisadrv - ok
00:45:13.0296 3064 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
00:45:13.0296 3064 MSiSCSI - ok
00:45:13.0296 3064 msiserver - ok
00:45:13.0327 3064 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
00:45:13.0343 3064 MSKSSRV - ok
00:45:13.0421 3064 [ CC8E4F72F21340A4D3A3D4DB50313EF5 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
00:45:13.0421 3064 MsMpSvc - ok
00:45:13.0436 3064 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
00:45:13.0452 3064 MSPCLOCK - ok
00:45:13.0452 3064 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
00:45:13.0452 3064 MSPQM - ok
00:45:13.0499 3064 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
00:45:13.0499 3064 MsRPC - ok
00:45:13.0514 3064 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
00:45:13.0514 3064 mssmbios - ok
00:45:13.0545 3064 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
00:45:13.0545 3064 MSTEE - ok
00:45:13.0561 3064 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
00:45:13.0561 3064 MTConfig - ok
00:45:13.0577 3064 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
00:45:13.0577 3064 Mup - ok
00:45:13.0608 3064 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
00:45:13.0623 3064 napagent - ok
00:45:13.0670 3064 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
00:45:13.0686 3064 NativeWifiP - ok
00:45:13.0733 3064 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
00:45:13.0764 3064 NDIS - ok
00:45:13.0764 3064 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
00:45:13.0764 3064 NdisCap - ok
00:45:13.0795 3064 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
00:45:13.0811 3064 NdisTapi - ok
00:45:13.0842 3064 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
00:45:13.0842 3064 Ndisuio - ok
00:45:13.0873 3064 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
00:45:13.0873 3064 NdisWan - ok
00:45:13.0904 3064 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
00:45:13.0904 3064 NDProxy - ok
00:45:13.0920 3064 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
00:45:13.0935 3064 NetBIOS - ok
00:45:13.0935 3064 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
00:45:13.0951 3064 NetBT - ok
00:45:13.0982 3064 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
00:45:13.0982 3064 Netlogon - ok
00:45:14.0013 3064 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
00:45:14.0029 3064 Netman - ok
00:45:14.0045 3064 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
00:45:14.0045 3064 netprofm - ok
00:45:14.0076 3064 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:45:14.0076 3064 NetTcpPortSharing - ok

 

[TruelightE525]

TDSSKiller log (part 2):

00:45:14.0185 3064 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
00:45:14.0294 3064 netw5v64 - ok
00:45:14.0325 3064 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
00:45:14.0341 3064 nfrd960 - ok
00:45:14.0372 3064 [ 5FF89F20317309D28AC1EDEB0CD1BA72 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
00:45:14.0372 3064 NisDrv - ok
00:45:14.0419 3064 [ 79E80B10FE8F6662E0C9162A68C43444 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
00:45:14.0419 3064 NisSrv - ok
00:45:14.0450 3064 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
00:45:14.0466 3064 NlaSvc - ok
00:45:14.0466 3064 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
00:45:14.0481 3064 Npfs - ok
00:45:14.0481 3064 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
00:45:14.0481 3064 nsi - ok
00:45:14.0497 3064 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
00:45:14.0497 3064 nsiproxy - ok
00:45:14.0559 3064 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
00:45:14.0591 3064 Ntfs - ok
00:45:14.0606 3064 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
00:45:14.0606 3064 Null - ok
00:45:14.0637 3064 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
00:45:14.0637 3064 nvraid - ok
00:45:14.0653 3064 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
00:45:14.0669 3064 nvstor - ok
00:45:14.0684 3064 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
00:45:14.0684 3064 nv_agp - ok
00:45:14.0731 3064 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
00:45:14.0747 3064 odserv - ok
00:45:14.0762 3064 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
00:45:14.0762 3064 ohci1394 - ok
00:45:14.0809 3064 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:45:14.0809 3064 ose - ok
00:45:14.0825 3064 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
00:45:14.0825 3064 p2pimsvc - ok
00:45:14.0856 3064 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
00:45:14.0856 3064 p2psvc - ok
00:45:14.0871 3064 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
00:45:14.0871 3064 Parport - ok
00:45:14.0918 3064 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
00:45:14.0918 3064 partmgr - ok
00:45:14.0934 3064 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
00:45:14.0934 3064 PcaSvc - ok
00:45:14.0949 3064 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
00:45:14.0949 3064 pci - ok
00:45:14.0981 3064 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
00:45:14.0981 3064 pciide - ok
00:45:15.0012 3064 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
00:45:15.0012 3064 pcmcia - ok
00:45:15.0043 3064 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
00:45:15.0043 3064 pcw - ok
00:45:15.0059 3064 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
00:45:15.0074 3064 PEAUTH - ok
00:45:15.0137 3064 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
00:45:15.0308 3064 PerfHost - ok
00:45:15.0371 3064 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
00:45:15.0402 3064 pla - ok
00:45:15.0433 3064 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
00:45:15.0449 3064 PlugPlay - ok
00:45:15.0449 3064 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
00:45:15.0449 3064 PNRPAutoReg - ok
00:45:15.0464 3064 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
00:45:15.0464 3064 PNRPsvc - ok
00:45:15.0495 3064 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
00:45:15.0511 3064 PolicyAgent - ok
00:45:15.0558 3064 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
00:45:15.0558 3064 Power - ok
00:45:15.0589 3064 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
00:45:15.0589 3064 PptpMiniport - ok
00:45:15.0605 3064 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
00:45:15.0605 3064 Processor - ok
00:45:15.0651 3064 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
00:45:15.0651 3064 ProfSvc - ok
00:45:15.0667 3064 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
00:45:15.0667 3064 ProtectedStorage - ok
00:45:15.0698 3064 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
00:45:15.0714 3064 Psched - ok
00:45:15.0745 3064 [ A6A7AD767BF5141665F5C675F671B3E1 ] PSI_SVC_2 C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
00:45:15.0761 3064 PSI_SVC_2 - ok
00:45:15.0807 3064 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
00:45:15.0839 3064 ql2300 - ok
00:45:15.0854 3064 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
00:45:15.0854 3064 ql40xx - ok
00:45:15.0885 3064 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
00:45:15.0885 3064 QWAVE - ok
00:45:15.0917 3064 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
00:45:15.0917 3064 QWAVEdrv - ok
00:45:15.0963 3064 [ A55E7D0D873B2C97585B3B5926AC6ADE ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll
00:45:15.0979 3064 RapiMgr - ok
00:45:15.0979 3064 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
00:45:15.0979 3064 RasAcd - ok
00:45:16.0010 3064 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
00:45:16.0010 3064 RasAgileVpn - ok
00:45:16.0026 3064 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
00:45:16.0026 3064 RasAuto - ok
00:45:16.0057 3064 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
00:45:16.0057 3064 Rasl2tp - ok
00:45:16.0088 3064 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
00:45:16.0104 3064 RasMan - ok
00:45:16.0119 3064 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
00:45:16.0119 3064 RasPppoe - ok
00:45:16.0135 3064 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
00:45:16.0135 3064 RasSstp - ok
00:45:16.0166 3064 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
00:45:16.0182 3064 rdbss - ok
00:45:16.0197 3064 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
00:45:16.0197 3064 rdpbus - ok
00:45:16.0213 3064 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
00:45:16.0213 3064 RDPCDD - ok
00:45:16.0229 3064 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
00:45:16.0229 3064 RDPENCDD - ok
00:45:16.0244 3064 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
00:45:16.0244 3064 RDPREFMP - ok
00:45:16.0275 3064 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
00:45:16.0275 3064 RDPWD - ok
00:45:16.0338 3064 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
00:45:16.0338 3064 rdyboost - ok
00:45:16.0353 3064 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
00:45:16.0353 3064 RemoteAccess - ok
00:45:16.0385 3064 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
00:45:16.0385 3064 RemoteRegistry - ok
00:45:16.0447 3064 [ 498EB62A160674E793FA40FD65390625 ] RichVideo C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
00:45:16.0463 3064 RichVideo - ok
00:45:16.0478 3064 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
00:45:16.0478 3064 RpcEptMapper - ok
00:45:16.0494 3064 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
00:45:16.0494 3064 RpcLocator - ok
00:45:16.0541 3064 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
00:45:16.0556 3064 RpcSs - ok
00:45:16.0587 3064 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
00:45:16.0587 3064 rspndr - ok
00:45:16.0634 3064 [ B49DC435AE3695BAC5623DD94B05732D ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
00:45:16.0634 3064 RTL8167 - ok
00:45:16.0634 3064 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
00:45:16.0650 3064 SamSs - ok
00:45:16.0665 3064 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
00:45:16.0665 3064 sbp2port - ok
00:45:16.0681 3064 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
00:45:16.0681 3064 SCardSvr - ok
00:45:16.0712 3064 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
00:45:16.0712 3064 scfilter - ok
00:45:16.0743 3064 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
00:45:16.0759 3064 Schedule - ok
00:45:16.0806 3064 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
00:45:16.0821 3064 SCPolicySvc - ok
00:45:16.0931 3064 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
00:45:16.0931 3064 sdbus - ok
00:45:16.0993 3064 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
00:45:16.0993 3064 SDRSVC - ok
00:45:17.0024 3064 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
00:45:17.0024 3064 secdrv - ok
00:45:17.0071 3064 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
00:45:17.0071 3064 seclogon - ok
00:45:17.0087 3064 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
00:45:17.0087 3064 SENS - ok
00:45:17.0149 3064 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
00:45:17.0149 3064 SensrSvc - ok
00:45:17.0180 3064 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
00:45:17.0180 3064 Serenum - ok
00:45:17.0196 3064 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
00:45:17.0196 3064 Serial - ok
00:45:17.0258 3064 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
00:45:17.0258 3064 sermouse - ok
00:45:17.0321 3064 [ 7B51D631CACD0EEEAA7ED20EDB1A7AFA ] Service Sendori C:\Program Files (x86)\Sendori\Sendori.Service.exe
00:45:17.0321 3064 Service Sendori - ok
00:45:17.0367 3064 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
00:45:17.0367 3064 SessionEnv - ok
00:45:17.0383 3064 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
00:45:17.0383 3064 sffdisk - ok
00:45:17.0399 3064 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
00:45:17.0399 3064 sffp_mmc - ok
00:45:17.0414 3064 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
00:45:17.0414 3064 sffp_sd - ok
00:45:17.0430 3064 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
00:45:17.0430 3064 sfloppy - ok
00:45:17.0445 3064 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
00:45:17.0461 3064 SharedAccess - ok
00:45:17.0492 3064 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
00:45:17.0508 3064 ShellHWDetection - ok
00:45:17.0539 3064 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
00:45:17.0539 3064 SiSRaid2 - ok
00:45:17.0555 3064 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
00:45:17.0555 3064 SiSRaid4 - ok
00:45:17.0648 3064 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
00:45:17.0648 3064 SkypeUpdate - ok
00:45:17.0695 3064 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
00:45:17.0695 3064 Smb - ok
00:45:17.0789 3064 [ 4E9E7C7D857EA1C83BE6160DAE25B4DA ] sndappv2 C:\Program Files (x86)\Sendori\sndappv2.exe
00:45:17.0867 3064 sndappv2 - ok
00:45:17.0882 3064 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
00:45:17.0882 3064 SNMPTRAP - ok
00:45:17.0898 3064 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
00:45:17.0898 3064 spldr - ok
00:45:17.0929 3064 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
00:45:17.0945 3064 Spooler - ok
00:45:18.0023 3064 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
00:45:18.0101 3064 sppsvc - ok
00:45:18.0101 3064 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
00:45:18.0116 3064 sppuinotify - ok
00:45:18.0147 3064 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
00:45:18.0147 3064 srv - ok
00:45:18.0179 3064 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
00:45:18.0179 3064 srv2 - ok
00:45:18.0225 3064 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
00:45:18.0225 3064 SrvHsfHDA - ok
00:45:18.0272 3064 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
00:45:18.0303 3064 SrvHsfV92 - ok
00:45:18.0319 3064 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
00:45:18.0350 3064 SrvHsfWinac - ok
00:45:18.0366 3064 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
00:45:18.0366 3064 srvnet - ok
00:45:18.0397 3064 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
00:45:18.0397 3064 SSDPSRV - ok
00:45:18.0413 3064 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
00:45:18.0428 3064 SstpSvc - ok
00:45:18.0522 3064 [ 810199DCC3BDC38304D7D649992EA7BC ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe
00:45:18.0537 3064 STacSV - ok
00:45:18.0553 3064 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
00:45:18.0569 3064 stexstor - ok
00:45:18.0615 3064 [ ED1722F43CE61409EF68340402D6267D ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
00:45:18.0615 3064 STHDA - ok
00:45:18.0662 3064 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
00:45:18.0662 3064 StillCam - ok
00:45:18.0693 3064 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
00:45:18.0709 3064 stisvc - ok
00:45:18.0740 3064 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
00:45:18.0740 3064 swenum - ok
00:45:18.0771 3064 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
00:45:18.0787 3064 swprv - ok
00:45:18.0818 3064 [ 3A706A967295E16511E40842B1A2761D ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
00:45:18.0818 3064 SynTP - ok
00:45:18.0881 3064 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
00:45:18.0912 3064 SysMain - ok
00:45:18.0943 3064 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
00:45:18.0959 3064 TabletInputService - ok
00:45:18.0990 3064 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
00:45:18.0990 3064 TapiSrv - ok
00:45:19.0005 3064 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
00:45:19.0005 3064 TBS - ok
00:45:19.0068 3064 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
00:45:19.0115 3064 Tcpip - ok
00:45:19.0161 3064 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
00:45:19.0177 3064 TCPIP6 - ok
00:45:19.0224 3064 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
00:45:19.0224 3064 tcpipreg - ok
00:45:19.0255 3064 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
00:45:19.0255 3064 TDPIPE - ok
00:45:19.0286 3064 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
00:45:19.0286 3064 TDTCP - ok
00:45:19.0333 3064 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
00:45:19.0333 3064 tdx - ok
00:45:19.0380 3064 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
00:45:19.0380 3064 TermDD - ok
00:45:19.0395 3064 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
00:45:19.0411 3064 TermService - ok
00:45:19.0442 3064 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
00:45:19.0442 3064 Themes - ok
00:45:19.0458 3064 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
00:45:19.0458 3064 THREADORDER - ok
00:45:19.0473 3064 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
00:45:19.0473 3064 TrkWks - ok
00:45:19.0520 3064 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
00:45:19.0536 3064 TrustedInstaller - ok
00:45:19.0567 3064 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
00:45:19.0567 3064 tssecsrv - ok
00:45:19.0614 3064 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
00:45:19.0614 3064 TsUsbFlt - ok
00:45:19.0661 3064 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
00:45:19.0661 3064 tunnel - ok
00:45:19.0676 3064 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
00:45:19.0692 3064 uagp35 - ok
00:45:19.0707 3064 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
00:45:19.0707 3064 udfs - ok
00:45:19.0723 3064 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
00:45:19.0723 3064 UI0Detect - ok
00:45:19.0739 3064 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
00:45:19.0739 3064 uliagpkx - ok
00:45:19.0785 3064 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
00:45:19.0785 3064 umbus - ok
00:45:19.0801 3064 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
00:45:19.0801 3064 UmPass - ok
00:45:19.0832 3064 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
00:45:19.0832 3064 upnphost - ok
00:45:19.0879 3064 [ FB251567F41BC61988B26731DEC19E4B ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
00:45:19.0879 3064 USBAAPL64 - ok
00:45:19.0895 3064 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
00:45:19.0895 3064 usbccgp - ok
00:45:19.0926 3064 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
00:45:19.0941 3064 usbcir - ok
00:45:19.0941 3064 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
00:45:19.0941 3064 usbehci - ok
00:45:19.0973 3064 [ 44D9C773FEBFF10593B50DDFC2D6BC27 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
00:45:19.0973 3064 usbfilter - ok
00:45:20.0004 3064 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
00:45:20.0004 3064 usbhub - ok
00:45:20.0019 3064 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
00:45:20.0019 3064 usbohci - ok
00:45:20.0051 3064 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
00:45:20.0066 3064 usbprint - ok
00:45:20.0097 3064 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
00:45:20.0097 3064 usbscan - ok
00:45:20.0097 3064 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:45:20.0113 3064 USBSTOR - ok
00:45:20.0129 3064 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
00:45:20.0129 3064 usbuhci - ok
00:45:20.0144 3064 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
00:45:20.0144 3064 usbvideo - ok
00:45:20.0191 3064 [ 70D05EE263568A742D14E1876DF80532 ] usb_rndisx C:\Windows\system32\drivers\usb8023x.sys
00:45:20.0191 3064 usb_rndisx - ok
00:45:20.0207 3064 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
00:45:20.0222 3064 UxSms - ok
00:45:20.0222 3064 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
00:45:20.0222 3064 VaultSvc - ok
00:45:20.0238 3064 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
00:45:20.0238 3064 vdrvroot - ok
00:45:20.0269 3064 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
00:45:20.0300 3064 vds - ok
00:45:20.0316 3064 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
00:45:20.0316 3064 vga - ok
00:45:20.0331 3064 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
00:45:20.0331 3064 VgaSave - ok
00:45:20.0347 3064 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
00:45:20.0363 3064 vhdmp - ok
00:45:20.0378 3064 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
00:45:20.0378 3064 viaide - ok
00:45:20.0394 3064 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
00:45:20.0394 3064 volmgr - ok
00:45:20.0425 3064 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
00:45:20.0425 3064 volmgrx - ok
00:45:20.0456 3064 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
00:45:20.0456 3064 volsnap - ok
00:45:20.0487 3064 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
00:45:20.0503 3064 vsmraid - ok
00:45:20.0550 3064 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
00:45:20.0581 3064 VSS - ok
00:45:20.0597 3064 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
00:45:20.0597 3064 vwifibus - ok
00:45:20.0628 3064 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
00:45:20.0628 3064 vwififlt - ok
00:45:20.0675 3064 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
00:45:20.0675 3064 vwifimp - ok
00:45:20.0721 3064 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
00:45:20.0721 3064 W32Time - ok
00:45:20.0753 3064 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
00:45:20.0753 3064 WacomPen - ok
00:45:20.0799 3064 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
00:45:20.0799 3064 WANARP - ok
00:45:20.0815 3064 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
00:45:20.0815 3064 Wanarpv6 - ok
00:45:20.0862 3064 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
00:45:20.0893 3064 WatAdminSvc - ok
00:45:20.0955 3064 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
00:45:20.0987 3064 wbengine - ok
00:45:21.0002 3064 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
00:45:21.0018 3064 WbioSrvc - ok
00:45:21.0065 3064 [ 8BDA6DB43AA54E8BB5E0794541DDC209 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll
00:45:21.0065 3064 WcesComm - ok
00:45:21.0111 3064 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
00:45:21.0111 3064 wcncsvc - ok
00:45:21.0127 3064 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
00:45:21.0127 3064 WcsPlugInService - ok
00:45:21.0158 3064 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
00:45:21.0158 3064 Wd - ok
00:45:21.0174 3064 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
00:45:21.0205 3064 Wdf01000 - ok
00:45:21.0205 3064 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
00:45:21.0221 3064 WdiServiceHost - ok
00:45:21.0221 3064 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
00:45:21.0221 3064 WdiSystemHost - ok
00:45:21.0236 3064 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
00:45:21.0252 3064 WebClient - ok
00:45:21.0252 3064 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
00:45:21.0267 3064 Wecsvc - ok
00:45:21.0267 3064 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
00:45:21.0283 3064 wercplsupport - ok
00:45:21.0283 3064 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
00:45:21.0283 3064 WerSvc - ok
00:45:21.0314 3064 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
00:45:21.0330 3064 WfpLwf - ok
00:45:21.0345 3064 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
00:45:21.0345 3064 WIMMount - ok
00:45:21.0361 3064 WinDefend - ok
00:45:21.0361 3064 WinHttpAutoProxySvc - ok
00:45:21.0408 3064 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
00:45:21.0408 3064 Winmgmt - ok
00:45:21.0470 3064 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
00:45:21.0517 3064 WinRM - ok
00:45:21.0564 3064 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
00:45:21.0564 3064 WinUsb - ok
00:45:21.0595 3064 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
00:45:21.0626 3064 Wlansvc - ok
00:45:21.0735 3064 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
00:45:21.0751 3064 wlcrasvc - ok
00:45:21.0845 3064 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
00:45:21.0907 3064 wlidsvc - ok
00:45:21.0923 3064 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
00:45:21.0923 3064 WmiAcpi - ok
00:45:21.0954 3064 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
00:45:21.0954 3064 wmiApSrv - ok
00:45:21.0985 3064 WMPNetworkSvc - ok
00:45:22.0001 3064 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
00:45:22.0001 3064 WPCSvc - ok
00:45:22.0016 3064 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
00:45:22.0032 3064 WPDBusEnum - ok
00:45:22.0047 3064 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
00:45:22.0047 3064 ws2ifsl - ok
00:45:22.0063 3064 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
00:45:22.0063 3064 wscsvc - ok
00:45:22.0063 3064 WSearch - ok
00:45:22.0141 3064 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
00:45:22.0188 3064 wuauserv - ok
00:45:22.0219 3064 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
00:45:22.0219 3064 WudfPf - ok
00:45:22.0266 3064 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
00:45:22.0266 3064 WUDFRd - ok
00:45:22.0297 3064 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
00:45:22.0297 3064 wudfsvc - ok
00:45:22.0328 3064 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
00:45:22.0328 3064 WwanSvc - ok
00:45:22.0422 3064 [ DD0042F0C3B606A6A8B92D49AFB18AD6 ] YahooAUService C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
00:45:22.0437 3064 YahooAUService - ok
00:45:22.0469 3064 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
00:45:22.0469 3064 yukonw7 - ok
00:45:22.0500 3064 ================ Scan global ===============================
00:45:22.0515 3064 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
00:45:22.0547 3064 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
00:45:22.0562 3064 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
00:45:22.0593 3064 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
00:45:22.0593 3064 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
00:45:22.0609 3064 [Global] - ok
00:45:22.0609 3064 ================ Scan MBR ==================================
00:45:22.0609 3064 [ 54899EFEDDC7CC50FAD782DFCF105EAE ] \Device\Harddisk0\DR0
00:45:22.0609 3064 Suspicious mbr (Forged): \Device\Harddisk0\DR0
00:45:22.0687 3064 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
00:45:22.0687 3064 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
00:45:22.0687 3064 ================ Scan VBR ==================================
00:45:22.0687 3064 [ C5BCE8938BC8AADC11AEDF6DCEEDE09C ] \Device\Harddisk0\DR0\Partition1
00:45:22.0687 3064 \Device\Harddisk0\DR0\Partition1 - ok
00:45:22.0703 3064 [ 983054DED5B96046F45F317903AD762D ] \Device\Harddisk0\DR0\Partition2
00:45:22.0703 3064 \Device\Harddisk0\DR0\Partition2 - ok
00:45:22.0734 3064 [ 5FB64333F5DD0B0F0E4B9FCB7231284F ] \Device\Harddisk0\DR0\Partition3
00:45:22.0749 3064 \Device\Harddisk0\DR0\Partition3 - ok
00:45:22.0749 3064 ============================================================
00:45:22.0749 3064 Scan finished
00:45:22.0749 3064 ============================================================
00:45:22.0749 3056 Detected object count: 2
00:45:22.0749 3056 Actual detected object count: 2
00:46:36.0803 3056 Akamai ( HiddenFile.Multi.Generic ) - skipped by user
00:46:36.0803 3056 Akamai ( HiddenFile.Multi.Generic ) - User select action: Skip
00:46:37.0598 3056 \Device\Harddisk0\DR0\# - copied to quarantine
00:46:37.0598 3056 \Device\Harddisk0\DR0 - copied to quarantine
00:46:37.0692 3056 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
00:46:37.0708 3056 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
00:46:37.0739 3056 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
00:46:37.0754 3056 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
00:46:37.0754 3056 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
00:46:37.0770 3056 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
00:46:37.0770 3056 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
00:46:37.0770 3056 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
00:46:37.0770 3056 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
00:46:37.0786 3056 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
00:46:37.0786 3056 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
00:46:37.0786 3056 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
00:46:37.0879 3056 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
00:46:37.0879 3056 \Device\Harddisk0\DR0 - ok
00:46:38.0347 3056 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
00:46:43.0870 2968 Deinitialize success

 

[TruelightE525]

Hi Broni,

Here is the latest MBAM log:

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.15.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
kc :: KC-PC [administrator]

11/16/2012 1:12:16 AM
mbam-log-2012-11-16 (01-12-16).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 225005
Time elapsed: 10 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Windows\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\kc\Local Settings\Application Data\chromeupdate.crx (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\kc\AppData\Local\chromeupdate.crx (Trojan.Agent) -> Quarantined and deleted successfully.

(end)[FONT=Comic Sans MS][/FONT]

 

[TruelightE525]

Hi Broni,

Below is the RogueKiller log contents:

RogueKiller V8.2.3 [11/07/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : kc [Admin rights]
Mode : Remove -- Date : 11/16/2012 01:44:51

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH][DLL] rundll32.exe -- C:\Windows\SysWOW64\rundll32.exe : C:\Users\kc\AppData\Roaming\nsetfg.dll -> KILLED [TermProc]

¤¤¤ Registry Entries : 14 ¤¤¤
[RUN][ROGUE ST] HKCU\[...]\Run : DriverScanner ("C:\PROGRA~2\Uniblue\DRIVER~1\launcher.exe" delay 20000 ) -> DELETED
[RUN][SUSP PATH] HKLM\[...]\Run : WMNetMgr (C:\Users\kc\AppData\Local\Microsoft\Windows\18\WMNetMgr.exe) -> DELETED
[RUN][SUSP PATH] HKLM\[...]\Run : iatufg (rundll32.exe "C:\Users\kc\AppData\Roaming\iatufg.dll",GetCounter) -> DELETED
[RUN][SUSP PATH] HKLM\[...]\Run : nsetfg ("C:\Windows\System32\rundll32.exe" "C:\Users\kc\AppData\Roaming\nsetfg.dll",set_packing) -> DELETED
[RUN][SUSP PATH] HKUS\S-1-5-19[...]\Run : CyberLink (rundll32.exe "C:\Users\kc\AppData\Local\Dell\CyberLink\tluljl.dll",ASN1_TIME_checkW) -> DELETED
[RUN][SUSP PATH] HKUS\S-1-5-20[...]\Run : CyberLink (rundll32.exe "C:\Users\kc\AppData\Local\Dell\CyberLink\tluljl.dll",ASN1_TIME_checkW) -> DELETED
[RUN][SUSP PATH] HKUS\S-1-5-21-3380616676-2187846278-3982259641-1001_Classes[...]\Run : CyberLink (rundll32.exe "C:\Users\kc\AppData\Local\Dell\CyberLink\tluljl.dll",ASN1_TIME_checkW) -> DELETED
[TASK][SUSP PATH] Update Check : C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe /s /p 1 -> DELETED
[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{F93EDB5A-0437-4FB0-AE65-C0D7F6B17378} : NameServer (216.146.35.240,216.146.36.240,75.75.75.75,75.75.76.76) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{F93EDB5A-0437-4FB0-AE65-C0D7F6B17378} : NameServer (216.146.35.240,216.146.36.240,75.75.75.75,75.75.76.76) -> NOT REMOVED, USE DNSFIX
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-18\$e9ea9d6614e30f568bd32a7abea33c20\@ --> REMOVED
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-3380616676-2187846278-3982259641-1001\$e9ea9d6614e30f568bd32a7abea33c20\@ --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-18\$e9ea9d6614e30f568bd32a7abea33c20\U --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-3380616676-2187846278-3982259641-1001\$e9ea9d6614e30f568bd32a7abea33c20\U --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-18\$e9ea9d6614e30f568bd32a7abea33c20\L --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-3380616676-2187846278-3982259641-1001\$e9ea9d6614e30f568bd32a7abea33c20\L --> REMOVED

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9500420AS ATA Device +++++
--- User ---
[MBR] d1e41d6eb1523095bbce8e31a6b3dcfc
[BSP] 7642e7a786131a3ca407809e18555274 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 460936 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 944406528 | Size: 15700 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 976560128 | Size: 103 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_11162012_02d0144.txt >>
RKreport[1]_S_11162012_02d0142.txt ; RKreport[2]_D_11162012_02d0144.txt


Broni, Thanks for all your help! It feels like we're getting close to the end of this process. Is that true?
[FONT=Comic Sans MS][/FONT]

 

[TruelightE525]

Hi Broni,

Here are the aswMBR log contents:

aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-16 01:57:35
-----------------------------
01:57:35.330 OS Version: Windows x64 6.1.7601 Service Pack 1
01:57:35.330 Number of processors: 2 586 0x602
01:57:35.330 ComputerName: KC-PC UserName: kc
01:57:37.280 Initialize success
01:59:30.297 AVAST engine defs: 12111501
01:59:38.299 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
01:59:38.315 Disk 0 Vendor: ST9500420AS 0003HPM1 Size: 476940MB BusType: 11
01:59:38.315 Disk 0 MBR read successfully
01:59:38.315 Disk 0 MBR scan
01:59:38.331 Disk 0 unknown MBR code
01:59:38.331 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
01:59:38.377 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 460936 MB offset 409600
01:59:38.440 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 15700 MB offset 944406528
01:59:38.487 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 976560128
01:59:38.736 Disk 0 scanning C:\Windows\system32\drivers
01:59:55.662 Service scanning
02:00:35.305 Modules scanning
02:00:35.320 Disk 0 trace - called modules:
02:00:35.336 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
02:00:35.352 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004672060]
02:00:35.367 3 CLASSPNP.SYS[fffff880010eb43f] -> nt!IofCallDriver -> [0xfffffa8004671040]
02:00:35.383 5 hpdskflt.sys[fffff88001c4e2bd] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80045f6060]
02:00:38.505 AVAST engine scan C:\Windows
02:00:43.512 AVAST engine scan C:\Windows\system32
02:05:53.180 AVAST engine scan C:\Windows\system32\drivers
02:06:13.070 AVAST engine scan C:\Users\kc
02:39:52.748 AVAST engine scan C:\ProgramData
02:46:46.397 Scan finished successfully
02:53:17.068 Disk 0 MBR has been saved successfully to "C:\Users\kc\Desktop\MBR.dat"
02:53:17.162 The log file has been saved successfully to "C:\Users\kc\Desktop\aswMBR.txt"

What's the next step? My PC hasn't crashed in awhile...
[FONT=Comic Sans MS][/FONT]