Solved Multiple Trojan Infection

U

UnluckyComp

Posts: 30   +0
As my username says I do not have any luck when it comes to computers and I am hoping for assistance. My browser began randomly redirecting to ad sites and opening tabs the day before yesterday. I had iolo System Mechanic Professional as my antivirus, but it apparently had stopped working as a separate issue, allowing my laptop to be infected. I downloaded an AVG trial which detected multiple Trojans BackDoor, Generic, and Dropped.
I performed the 5-step preliminary removal instructions.

Logs
----------------------
Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.16.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Britt :: BRITT-HP [administrator]

Protection: Enabled

8/16/2012 6:11:57 PM
mbam-log-2012-08-16 (18-11-57).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 211203
Time elapsed: 23 minute(s), 54 second(s)

Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 4056 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Windows\Installer\{c09ca9f8-9c91-b1a9-5255-93be2a2fcea3}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
C:\Windows\Installer\{c09ca9f8-9c91-b1a9-5255-93be2a2fcea3}\U\000000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-08-16 22:00:05
Windows 6.1.7601 Service Pack 1
Running: juh98o7m.exe


---- Files - GMER 1.0.15 ----

File C:\System Volume Information\{48268b84-e7f3-11e1-94b4-78e3b560e8bd}{3808876b-c176-4e48-b7ae-04046e6cc752} 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\CrashDumps\svchost.exe.6668.dmp 294258 bytes

---- EOF - GMER 1.0.15 ----
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by Britt at 22:17:02 on 2012-08-16
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3563.1206 [GMT -4:00]
.
AV: System Shield *Enabled/Updated* {C132074B-BF68-2E15-D4FD-E242EED15F18}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: System Shield *Enabled/Updated* {7A53E6AF-9952-219B-EE4D-D930955615A5}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Windows\system32\lxdxcoms.exe
C:\Windows\system32\Pen_Tablet.exe
C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe
C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
-netsvcs
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\splwow64.exe
C:\Windows\system32\taskhost.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\WTablet\Pen_TabletUser.exe
C:\Windows\system32\Pen_Tablet.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxmon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxMsdMon.exe
C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files (x86)\AVG\AVG2012\avgrsa.exe
C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - No File
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\12.2.0.5\AVG Secure Search_toolbar.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\12.2.0.5\AVG Secure Search_toolbar.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [AdobeBridge]
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
LSP: C:\Windows\system32\iavlsp.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{5DA9DC91-A91E-4501-A025-0949F0DBEE0E} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{5DA9DC91-A91E-4501-A025-0949F0DBEE0E}\2375942554730373 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{5DA9DC91-A91E-4501-A025-0949F0DBEE0E}\C616B65686F6573756 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{5DA9DC91-A91E-4501-A025-0949F0DBEE0E}\D456E6167656279656 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{5DA9DC91-A91E-4501-A025-0949F0DBEE0E}\D61687D27657563747 : DhcpNameServer = 97.81.22.195 71.92.29.130 24.217.201.67
TCP: Interfaces\{5DA9DC91-A91E-4501-A025-0949F0DBEE0E}\E4544574541425 : DhcpNameServer = 10.0.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.0\ViProtocol.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do Not Track - No File
BHO-X64: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - No File
BHO-X64: AMD SteadyVideo BHO - No File
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.0.5\AVG Secure Search_toolbar.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.0.5\AVG Secure Search_toolbar.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun-x64: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
mRun-x64: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
mRun-x64: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\system32\DRIVERS\amd_sata.sys --> C:\Windows\system32\DRIVERS\amd_sata.sys [?]
R0 amd_xata;amd_xata;C:\Windows\system32\DRIVERS\amd_xata.sys --> C:\Windows\system32\DRIVERS\amd_xata.sys [?]
R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
R1 Avgfwfd;AVG network filter service;C:\Windows\system32\DRIVERS\avgfwd6a.sys --> C:\Windows\system32\DRIVERS\avgfwd6a.sys [?]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
R1 avgtp;avgtp;\??\C:\Windows\system32\drivers\avgtpx64.sys --> C:\Windows\system32\drivers\avgtpx64.sys [?]
R1 ElRawDisk;ElRawDisk;\??\C:\Windows\system32\drivers\ElRawDsk.sys --> C:\Windows\system32\drivers\ElRawDsk.sys [?]
R2 AMP;Active Malware Protection Minifilter Driver;\??\C:\Windows\system32\Drivers\amp.sys --> C:\Windows\system32\Drivers\amp.sys [?]
R2 AMPSE;Active Malware Protection Support Driver;\??\C:\Windows\system32\Drivers\ampse.sys --> C:\Windows\system32\Drivers\ampse.sys [?]
R2 PDFsFilter;PDFsFilter;C:\Windows\system32\DRIVERS\PDFsFilter.sys --> C:\Windows\system32\DRIVERS\PDFsFilter.sys [?]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
.
=============== Created Last 30 ================
.
2012-08-16 22:41:16 20480 ------w- C:\Windows\svchost.exe
2012-08-16 22:10:43 -------- d-----w- C:\Users\Britt\AppData\Roaming\Malwarebytes
2012-08-16 22:10:28 -------- d-----w- C:\ProgramData\Malwarebytes
2012-08-16 22:10:21 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-08-16 22:10:20 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-08-16 20:56:30 74703 ----a-w- C:\Windows\SysWow64\mfc45.dat
2012-08-16 19:05:46 -------- d-----w- C:\Users\Britt\AppData\Roaming\AVG2012
2012-08-16 19:05:00 -------- d-----w- C:\Users\Britt\AppData\Local\AVG Secure Search
2012-08-16 19:04:50 -------- d-----w- C:\ProgramData\AVG Secure Search
2012-08-16 19:04:35 31080 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
2012-08-16 19:04:26 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search
2012-08-16 19:04:22 -------- d-----w- C:\Program Files (x86)\AVG Secure Search
2012-08-16 19:03:31 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
2012-08-16 19:00:44 -------- d--h--w- C:\$AVG
2012-08-16 19:00:43 -------- d-----w- C:\Windows\System32\drivers\AVG
2012-08-16 19:00:43 -------- d-----w- C:\ProgramData\AVG2012
2012-08-16 18:59:36 -------- d-----w- C:\Program Files (x86)\AVG
2012-08-16 18:51:05 -------- d--h--w- C:\ProgramData\Common Files
2012-08-16 18:51:05 -------- d-----w- C:\ProgramData\MFAData
2012-08-16 03:10:32 -------- d-----w- C:\Program Files (x86)\SpeedFan
2012-08-15 23:14:42 -------- d-----w- C:\Windows\java
2012-08-15 23:14:41 -------- d-----w- C:\Program Files (x86)\Cellosoft
2012-08-15 22:15:21 -------- d-----w- C:\Program Files (x86)\Oracle
2012-08-15 22:14:43 772544 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-08-15 21:56:18 -------- d-----w- C:\ProgramData\Authentium
2012-08-15 21:56:18 -------- d-----w- C:\Program Files\Common Files\Authentium
2012-08-15 21:56:18 -------- d-----w- C:\Program Files (x86)\Common Files\Authentium
2012-08-15 21:55:40 160256 ----a-w- C:\Windows\System32\iavlsp64.dll
2012-08-15 21:55:40 118784 ----a-w- C:\Windows\SysWow64\iavlsp.dll
2012-08-13 01:30:06 -------- d-----w- C:\Users\Britt\AppData\Local\{900DF64C-829B-4454-AC98-3A255F31629E}
2012-08-13 01:29:53 -------- d-----w- C:\Users\Britt\AppData\Local\{595DBE01-D303-4212-A5EC-69E5162C0289}
2012-08-12 05:29:30 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-08-10 16:52:28 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{ED8A4666-3B84-4E3A-B543-8BAFD24D1373}\mpengine.dll
2012-08-01 23:41:31 -------- d-----w- C:\Users\Britt\AppData\Local\{2FFEB4C2-3E3E-4E7A-AF7A-D6095F8DECD3}
2012-08-01 23:41:19 -------- d-----w- C:\Users\Britt\AppData\Local\{7977E300-D3EB-47F8-B7E7-009E977BB1C1}
2012-08-01 23:36:03 -------- d-----w- C:\Program Files\Western Digital
2012-07-31 18:31:43 -------- d-----w- C:\Users\Britt\AppData\Local\{EE2C2720-BBC4-4D86-92DB-AC4F3C4A0328}
2012-07-31 18:31:31 -------- d-----w- C:\Users\Britt\AppData\Local\{4A056682-08BA-42A6-B8FB-793DC6589378}
2012-07-30 23:58:39 -------- d-----w- C:\Users\Britt\AppData\Local\{A99AD0F4-A4C7-4BC1-B7FE-DC666E2378EC}
2012-07-30 23:58:27 -------- d-----w- C:\Users\Britt\AppData\Local\{4CCBE77A-B4C8-42E9-AA92-C4D89354562A}
2012-07-30 18:15:59 -------- d-----w- C:\Users\Britt\AppData\Local\{D9F69618-90D5-47F3-9F96-EF76EFC07DF7}
2012-07-28 21:55:00 -------- d-----w- C:\Users\Britt\AppData\Local\{C1A19B91-0ACA-40AD-9371-6CD11FF1F2A1}
2012-07-28 21:54:48 -------- d-----w- C:\Users\Britt\AppData\Local\{0F704EDF-C59A-4DB3-9D7A-8F46DC349C96}
2012-07-28 04:45:34 82160 ----a-w- C:\Windows\System32\drivers\PDFsFilter.sys
2012-07-19 14:46:31 -------- d-----w- C:\Users\Britt\AppData\Local\{F27DC02C-A638-4F17-BA91-4A7AC836DCC9}
2012-07-19 14:46:20 -------- d-----w- C:\Users\Britt\AppData\Local\{F186B8F6-850F-48FD-8C3E-D68DEDDD9C25}
.
==================== Find3M ====================
.
2012-08-15 17:46:22 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-15 17:46:22 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-08-02 16:45:44 56472 ----a-w- C:\Windows\System32\iolobtdfg.exe
2012-08-02 16:45:34 25072 ----a-w- C:\Windows\System32\smrgdf.exe
2012-08-02 15:27:36 2154576 ----a-w- C:\Windows\System32\Incinerator64.dll
2012-07-06 02:06:20 687544 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-06-12 03:08:36 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-31 16:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-05-25 16:58:30 173408 ----a-r- C:\Windows\System32\drivers\amp.sys
2012-05-25 16:58:28 1496416 ----a-r- C:\Windows\System32\drivers\ampse.sys
.
============= FINISH: 22:22:10.73 ===============

Thank you for your time and in advance for any help you can offer.
 
Forgot this other DDS log sorry

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 11/14/2011 1:22:49 PM
System Uptime: 8/16/2012 6:39:46 PM (4 hours ago)
.
Motherboard: Hewlett-Packard | | 169B
Processor: AMD A6-3400M APU with Radeon(tm) HD Graphics | Socket FS1 | 798/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 447 GiB total, 394.648 GiB free.
D: is FIXED (NTFS) - 14 GiB total, 1.601 GiB free.
E: is FIXED (FAT32) - 4 GiB total, 0.009 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP219: 8/16/2012 7:36:28 PM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Community Help
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Media Player
Adobe Photoshop CS5
Adobe Reader X (10.1.1) MUI
Adobe Reader X (10.1.4)
Adobe Shockwave Player 11.5
AMD VISION Engine Control Center
Apple Application Support
Apple Software Update
Bejeweled 3
Blackhawk Striker 2
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CyberLink YouCam
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
ESU for Microsoft Windows 7 SP1
Evernote v. 4.2.3
FUJIFILM MyFinePix Studio 3.2
Hewlett-Packard ACLM.NET v1.1.2.0
HP Customer Experience Enhancements
HP Documentation
HP Games
HP On Screen Display
HP Power Manager
HP Quick Launch
HP QuickWeb
HP Setup
HP Setup Manager
HP Software Framework
IDT Audio
iolo technologies' System Mechanic Professional
Java Auto Updater
Java(TM) 6 Update 31
Java(TM) 7 Update 5
JavaFX 2.1.1
join.me
JTablet
Junk Mail filter update
Mah Jong Medley
Malwarebytes Anti-Malware version 1.62.0.1300
Mesh Runtime
Messenger Companion
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft WSE 3.0 Runtime
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mozilla Firefox 14.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Namco All-Stars: PAC-MAN
PDF Settings CS5
Pen Tablet
PlayReady PC Runtime x86
QuickTime
Ralink RT5390 802.11b/g/n WiFi Adapter
Realtek Ethernet Controller Driver
Realtek PCIE Card Reader
Recovery Manager
RoxioNow Player
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
Skype™ 5.3
SpeedFan (remove only)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update Installer for WildTangent Games App
Visual Studio 2008 x64 Redistributables
Wildlife Park 2 GOLD
WildTangent Games App (HP Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
8/16/2012 6:41:03 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: FileDisk
8/16/2012 6:40:27 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
8/16/2012 6:40:26 PM, Error: Service Control Manager [7003] - The iolo System Service service depends the following service: BITS. This service might not be installed.
8/16/2012 6:40:26 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
8/16/2012 6:40:20 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
8/16/2012 5:44:32 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800031d86ea, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 081612-40981-01.
8/16/2012 5:21:05 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WDRulesService with arguments "" in order to run the server: {C004E60F-2D62-4BE1-98C4-C39A8046B6BB}
8/16/2012 5:21:05 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service WDBackup with arguments "" in order to run the server: {81213AB4-5937-4340-88CD-66B4BC80DF73}
8/16/2012 5:09:17 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
8/16/2012 5:09:17 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
8/16/2012 5:09:17 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
8/16/2012 5:09:10 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
8/16/2012 5:09:01 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx64 Avgmfx64 discache ElRawDisk FileDisk spldr Wanarpv6
8/16/2012 5:09:00 PM, Error: Service Control Manager [7001] - The Active Malware Protection Support Driver service depends on the Active Malware Protection Minifilter Driver service which failed to start because of the following error: The driver was not loaded because the system is booting into safe mode.
8/16/2012 5:08:59 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
8/16/2012 5:08:58 PM, Error: Service Control Manager [7000] - The Active Malware Protection Minifilter Driver service failed to start due to the following error: The driver was not loaded because the system is booting into safe mode.
8/16/2012 4:56:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1075" attempting to start the service ioloSystemService with arguments "" in order to run the server: {40310869-27A4-42B1-8AAD-E4CEFB3BE286}
8/16/2012 4:24:13 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
8/16/2012 4:05:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
8/16/2012 4:05:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
8/16/2012 4:04:47 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgfwfd Avgldx64 Avgmfx64 Avgtdia DfsC discache ElRawDisk FileDisk NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf ws2ifsl
8/16/2012 4:04:46 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/16/2012 4:04:46 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
8/16/2012 4:04:46 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
8/16/2012 4:04:46 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
8/16/2012 4:04:46 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
8/16/2012 4:04:45 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
8/16/2012 4:04:45 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
8/16/2012 4:04:45 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
8/16/2012 4:04:45 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
8/16/2012 3:37:41 PM, Error: Service Control Manager [7031] - The WD Backup service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
8/16/2012 10:02:38 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
8/16/2012 10:02:38 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
8/15/2012 5:47:10 PM, Error: Service Control Manager [7000] - The Active Malware Protection Support Driver service failed to start due to the following error: The parameter is incorrect.
8/15/2012 5:29:25 PM, Error: Service Control Manager [7003] - The iolo System Service service depends the following service: vseamps. This service might not be installed.
8/15/2012 12:11:18 PM, Error: Service Control Manager [7000] - The Compaq Dfw service failed to start due to the following error: The system cannot find the file specified.
8/15/2012 11:57:44 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
8/15/2012 11:57:44 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/15/2012 11:57:44 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
8/15/2012 11:57:32 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
8/15/2012 11:57:30 AM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-2147218173.
8/15/2012 11:30:53 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HP Support Assistant Service service to connect.
8/15/2012 11:30:53 AM, Error: Service Control Manager [7000] - The HP Support Assistant Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
8/15/2012 11:28:00 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xffffffffc0000005, 0x0000000400000003, 0xfffff88007f7ca68, 0xfffff88007f7c2c0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 081512-47377-01.
8/15/2012 10:23:52 AM, Error: volsnap [67] - The shadow copy of volume C: being created failed to install.
8/15/2012 1:13:59 PM, Error: Service Control Manager [7001] - The iolo System Service service depends on the vseamps service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
8/14/2012 10:35:03 AM, Error: volsnap [8] - The flush and hold writes operation on volume C: timed out while waiting for a release writes command.
8/12/2012 9:14:29 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
8/10/2012 11:58:55 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer BUCKLEYC-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{5DA9DC91-A91E-4501-A025-0949F0DBEE0E}. The master browser is stopping or an election is being forced.
.
==== End Of File ===========================
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=====================================

We have at least two serious infections there, ZeroAccess rootkit and TDL rootkit.

For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Next...

Re-run FRST again.
Type the following in the edit box after "Search:".

services.exe

Click Search button and post the log (Search.txt) it makes in your reply.

I'll expect two logs:
- FRST.txt
- Search.txt
 
Thank you for your quick reply. This morning the laptop could not boot normally and went into startup repair on it's own as a process I could not cancel. Since I could not stop it I performed the instructions you gave me after it finished.

Scan result of Farbar Recovery Scan Tool Version: 15-08-2012
Ran by SYSTEM at 17-08-2012 13:54:41
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-11-29] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2816808 2011-11-29] (Synaptics Incorporated)
HKLM\...\Run: [SetDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [43320 2011-10-31] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [lxdxmon.exe] "C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxmon.exe" [672424 2010-02-03] ()
HKLM\...\Run: [lxdxamon] "C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxamon.exe" [16040 2010-02-03] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5235128 2012-06-14] (Western Digital Technologies, Inc.)
HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [343168 2011-08-17] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
HKLM-x32\...\Run: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [168504 2011-06-26] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [2587008 2012-04-05] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [1162848 2012-08-16] ()
HKLM-x32\...\Run: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 [1020512 2012-08-16] ()
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] ()
HKU\Britt\...\Run: [AdobeBridge] [x]
HKU\Default\...\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe [1475584 2010-11-20] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe [1475584 2010-11-20] (Microsoft Corporation)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [462920 2012-07-03] ()
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1085000 2012-07-03] (Malwarebytes Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

==================== Services (Whitelisted) ======

2 avgfws; "C:\Program Files (x86)\AVG\AVG2012\avgfws.exe" [2321560 2012-06-12] (AVG Technologies CZ, s.r.o.)
2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe" [5160568 2012-07-04] (AVG Technologies CZ, s.r.o.)
2 avgwd; "C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
2 HPAuto; "C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe" [682040 2011-02-16] (Hewlett-Packard)
2 lxdx_device; C:\Windows\system32\lxdxcoms.exe -service [1039872 2010-02-03] ( )
2 lxdx_device; C:\Windows\SysWow64\lxdxcoms.exe -service [589824 2010-02-03] ( )
2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)
2 vseamps; "C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe" [121184 2012-05-25] (Commtouch, Inc.)
2 vsedsps; "C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe" [119136 2012-05-25] (Commtouch, Inc.)
3 vseqrts; "C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe" [180576 2012-05-25] (Commtouch, Inc.)
2 vToolbarUpdater12.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe [927840 2012-08-16] ()
2 WDBackup; "C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe" [1151424 2012-06-14] (Western Digital )
2 WDDriveService; "C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe" [248248 2012-06-14] (Western Digital)
2 WDRulesService; "C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe" [1177536 2012-06-14] (Western Digital )
2 ioloSystemService; "C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe" [x]

========================== Drivers (Whitelisted) =============

2 AMP; C:\Windows\System32\Drivers\AMP.sys [173408 2012-05-25] (Commtouch, Inc.)
2 AMPSE; C:\Windows\System32\Drivers\AMPSE.sys [1496416 2012-05-25] (Commtouch, Inc.)
1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [48992 2011-05-22] (AVG Technologies CZ, s.r.o.)
3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [124496 2011-12-23] (AVG Technologies CZ, s.r.o. )
3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. )
1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [289872 2012-02-22] (AVG Technologies CZ, s.r.o.)
1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.)
1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [383808 2012-03-19] (AVG Technologies CZ, s.r.o.)
1 avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys [31080 2012-08-16] (AVG Technologies)
1 ElRawDisk; \??\C:\Windows\system32\drivers\ElRawDsk.sys [31432 2012-04-17] (EldoS Corporation)
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation)
2 PDFsFilter; C:\Windows\System32\Drivers\PDFsFilter.sys [82160 2012-07-26] (Raxco Software, Inc.)
3 CpqDfw; C:\Windows\System32\drivers\CpqDfw.sys [x]
1 FileDisk; [x]
2 wuauserv; [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-08-17 13:48 - 2012-08-17 13:48 - 00000000 ____D C:\FRST
2012-08-17 13:00 - 2012-08-17 13:39 - 00000000 ___HD C:\_Exception1
2012-08-16 18:24 - 2012-08-16 18:24 - 00018720 ____A C:\Users\Britt\Documents\Attach.log
2012-08-16 18:23 - 2012-08-16 18:23 - 00024941 ____A C:\Users\Britt\Documents\DDS.log
2012-08-16 17:21 - 2012-08-16 18:00 - 00000449 ____A C:\Users\Britt\Documents\GMER.log
2012-08-16 14:41 - 2009-07-13 17:14 - 00020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe
2012-08-16 14:10 - 2012-08-17 12:54 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-08-16 14:10 - 2012-08-16 14:10 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-08-16 14:10 - 2012-08-16 14:10 - 00000000 ____D C:\Users\Britt\AppData\Roaming\Malwarebytes
2012-08-16 14:10 - 2012-08-16 14:10 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-08-16 14:10 - 2012-07-03 09:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-08-16 14:07 - 2012-08-16 14:08 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Britt\Downloads\mbam-setup-1.62.0.1300.exe
2012-08-16 13:44 - 2012-08-16 13:44 - 418095246 ____A C:\Windows\MEMORY.DMP
2012-08-16 13:44 - 2012-08-16 13:44 - 00275664 ____A C:\Windows\Minidump\081612-40981-01.dmp
2012-08-16 12:56 - 2012-08-16 12:56 - 00074703 ____A C:\Windows\SysWOW64\mfc45.dat
2012-08-16 12:06 - 2012-08-16 13:23 - 00015678 ____A C:\Users\Britt\Desktop\avgrep.txt
2012-08-16 11:05 - 2012-08-16 11:05 - 00000965 ____A C:\Users\Public\Desktop\AVG 2012.lnk
2012-08-16 11:05 - 2012-08-16 11:05 - 00000000 ____D C:\Users\Britt\AppData\Roaming\AVG2012
2012-08-16 11:05 - 2012-08-16 11:05 - 00000000 ____D C:\Users\Britt\AppData\Local\AVG Secure Search
2012-08-16 11:04 - 2012-08-16 11:04 - 00031080 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
2012-08-16 11:04 - 2012-08-16 11:04 - 00000000 ____D C:\Users\All Users\AVG Secure Search
2012-08-16 11:04 - 2012-08-16 11:04 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
2012-08-16 11:03 - 2012-08-16 11:03 - 00000000 ____D C:\Windows\SysWOW64\Drivers\AVG
2012-08-16 11:00 - 2012-08-17 12:54 - 00000000 ____D C:\Windows\System32\Drivers\AVG
2012-08-16 11:00 - 2012-08-17 12:52 - 00000000 ____D C:\Users\All Users\AVG2012
2012-08-16 11:00 - 2012-08-16 11:00 - 00000000 ___HD C:\$AVG
2012-08-16 10:59 - 2012-08-16 10:59 - 00000000 ____D C:\Program Files (x86)\AVG
2012-08-16 10:51 - 2012-08-16 13:28 - 00000000 ____D C:\Users\All Users\MFAData
2012-08-16 10:50 - 2012-08-16 10:50 - 03879800 ____A (AVG Technologies) C:\Users\Britt\Downloads\avg_free_stb_all_2012_2197_cnet.exe
2012-08-15 19:10 - 2012-08-17 12:54 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2012-08-15 19:10 - 2012-08-15 19:10 - 00001007 ____A C:\Users\Britt\Desktop\SpeedFan.lnk
2012-08-15 19:10 - 2012-08-15 19:10 - 00000045 ____A C:\Windows\SysWOW64\initdebug.nfo
2012-08-15 19:06 - 2012-08-15 19:06 - 02135728 ____A C:\Users\Britt\Downloads\installspeedfan446.exe
2012-08-15 15:14 - 2012-08-15 15:14 - 00123107 ____A C:\Users\Britt\Downloads\JTabletSetupv0.9.5.exe
2012-08-15 15:14 - 2012-08-15 15:14 - 00000000 ____D C:\Windows\java
2012-08-15 15:14 - 2012-08-15 15:14 - 00000000 ____D C:\Program Files (x86)\Cellosoft
2012-08-15 15:02 - 2012-08-15 15:48 - 00002435 ____A C:\Users\Britt\sketcher.properties
2012-08-15 14:15 - 2012-08-15 14:15 - 00000000 ____D C:\Program Files (x86)\Oracle
2012-08-15 14:14 - 2012-08-15 14:13 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-08-15 14:14 - 2012-08-15 14:13 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-08-15 14:14 - 2012-07-05 18:06 - 00772544 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2012-08-15 14:14 - 2012-07-05 18:06 - 00227760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-08-15 14:11 - 2012-08-15 14:11 - 00893936 ____A (Oracle Corporation) C:\Users\Britt\Downloads\jxpiinstall(3).exe
2012-08-15 13:56 - 2012-08-15 13:56 - 00000000 ____D C:\Users\All Users\Authentium
2012-08-15 13:56 - 2012-08-15 13:56 - 00000000 ____D C:\Program Files\Common Files\Authentium
2012-08-15 13:55 - 2012-08-02 07:21 - 00160256 ____A C:\Windows\System32\iavlsp64.dll
2012-08-15 13:55 - 2012-08-02 07:21 - 00118784 ____A (iolo technologies, LLC) C:\Windows\SysWOW64\iavlsp.dll
2012-08-15 13:50 - 2012-08-15 13:50 - 00459696 ____A C:\Users\Britt\Downloads\smpro_dm(2).exe
2012-08-15 12:26 - 2012-08-15 12:26 - 00893936 ____A (Oracle Corporation) C:\Users\Britt\Downloads\jxpiinstall(2).exe
2012-08-15 12:25 - 2012-08-15 12:25 - 00893936 ____A (Oracle Corporation) C:\Users\Britt\Downloads\jxpiinstall(1).exe
2012-08-15 12:23 - 2012-08-15 12:23 - 00459696 ____A C:\Users\Britt\Downloads\smpro_dm(1).exe
2012-08-15 07:27 - 2012-08-16 13:44 - 00000000 ____D C:\Windows\Minidump
2012-08-15 07:27 - 2012-08-15 07:28 - 00275664 ____A C:\Windows\Minidump\081512-47377-01.dmp
2012-08-12 17:30 - 2012-08-12 17:30 - 00000000 ____D C:\Users\Britt\AppData\Local\{900DF64C-829B-4454-AC98-3A255F31629E}
2012-08-12 17:29 - 2012-08-12 17:30 - 00000000 ____D C:\Users\Britt\AppData\Local\{595DBE01-D303-4212-A5EC-69E5162C0289}
2012-08-12 13:41 - 2012-08-12 13:41 - 14481664 ____A C:\Users\Britt\Downloads\basic_painting_brushes_by_pastelaurora-d5axdo1.zip
2012-08-11 21:29 - 2012-08-11 21:29 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
2012-08-11 21:23 - 2012-08-11 21:23 - 00000000 ____D C:\Windows\Sun
2012-08-11 18:13 - 2012-08-11 18:13 - 00000408 ____A C:\Windows\SysWOW64\iolo.ini
2012-08-11 18:13 - 2012-08-11 18:13 - 00000408 ____A C:\Windows\System32\iolo.ini
2012-08-01 15:41 - 2012-08-01 15:41 - 00000000 ____D C:\Users\Britt\AppData\Local\{7977E300-D3EB-47F8-B7E7-009E977BB1C1}
2012-08-01 15:41 - 2012-08-01 15:41 - 00000000 ____D C:\Users\Britt\AppData\Local\{2FFEB4C2-3E3E-4E7A-AF7A-D6095F8DECD3}
2012-08-01 15:36 - 2012-08-01 15:36 - 00000000 ____D C:\Program Files\Western Digital
2012-08-01 15:26 - 2012-08-01 15:26 - 35180670 ____A C:\Users\Britt\Downloads\SmartWare_Windows_Upgrader_1.6.2.5.zip
2012-07-31 10:31 - 2012-07-31 10:31 - 00000000 ____D C:\Users\Britt\AppData\Local\{EE2C2720-BBC4-4D86-92DB-AC4F3C4A0328}
2012-07-31 10:31 - 2012-07-31 10:31 - 00000000 ____D C:\Users\Britt\AppData\Local\{4A056682-08BA-42A6-B8FB-793DC6589378}
2012-07-31 07:48 - 2012-07-31 07:48 - 13529520 ____A (Broadcom Corporation.) C:\Users\Britt\Downloads\SetupBtwDownloadSE.exe
2012-07-30 15:58 - 2012-07-30 15:58 - 00000000 ____D C:\Users\Britt\AppData\Local\{A99AD0F4-A4C7-4BC1-B7FE-DC666E2378EC}
2012-07-30 15:58 - 2012-07-30 15:58 - 00000000 ____D C:\Users\Britt\AppData\Local\{4CCBE77A-B4C8-42E9-AA92-C4D89354562A}
2012-07-30 10:15 - 2012-07-30 10:15 - 00000000 ____D C:\Users\Britt\AppData\Local\{D9F69618-90D5-47F3-9F96-EF76EFC07DF7}
2012-07-28 13:55 - 2012-07-28 13:55 - 00000000 ____D C:\Users\Britt\AppData\Local\{C1A19B91-0ACA-40AD-9371-6CD11FF1F2A1}
2012-07-28 13:54 - 2012-07-28 13:54 - 00000000 ____D C:\Users\Britt\AppData\Local\{0F704EDF-C59A-4DB3-9D7A-8F46DC349C96}
2012-07-27 20:45 - 2012-07-26 06:01 - 00082160 ____A (Raxco Software, Inc.) C:\Windows\System32\Drivers\PDFsFilter.sys
2012-07-19 06:46 - 2012-07-19 06:46 - 00000000 ____D C:\Users\Britt\AppData\Local\{F27DC02C-A638-4F17-BA91-4A7AC836DCC9}
2012-07-19 06:46 - 2012-07-19 06:46 - 00000000 ____D C:\Users\Britt\AppData\Local\{F186B8F6-850F-48FD-8C3E-D68DEDDD9C25}

============ 3 Months Modified Files ========================

2012-08-16 18:24 - 2012-08-16 18:24 - 00018720 ____A C:\Users\Britt\Documents\Attach.log
2012-08-16 18:23 - 2012-08-16 18:23 - 00024941 ____A C:\Users\Britt\Documents\DDS.log
2012-08-16 18:00 - 2012-08-16 17:21 - 00000449 ____A C:\Users\Britt\Documents\GMER.log
2012-08-16 14:48 - 2009-07-13 20:45 - 00032064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-16 14:48 - 2009-07-13 20:45 - 00032064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-16 14:46 - 2012-04-12 08:51 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-08-16 14:40 - 2010-11-20 19:47 - 00400968 ____A C:\Windows\PFRO.log
2012-08-16 14:40 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-16 14:40 - 2009-07-13 20:51 - 00072137 ____A C:\Windows\setupact.log
2012-08-16 14:10 - 2012-08-16 14:10 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-08-16 14:08 - 2012-08-16 14:07 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Britt\Downloads\mbam-setup-1.62.0.1300.exe
2012-08-16 13:44 - 2012-08-16 13:44 - 418095246 ____A C:\Windows\MEMORY.DMP
2012-08-16 13:44 - 2012-08-16 13:44 - 00275664 ____A C:\Windows\Minidump\081612-40981-01.dmp
2012-08-16 13:23 - 2012-08-16 12:06 - 00015678 ____A C:\Users\Britt\Desktop\avgrep.txt
2012-08-16 12:56 - 2012-08-16 12:56 - 00074703 ____A C:\Windows\SysWOW64\mfc45.dat
2012-08-16 11:44 - 2009-07-13 21:13 - 00778660 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-16 11:05 - 2012-08-16 11:05 - 00000965 ____A C:\Users\Public\Desktop\AVG 2012.lnk
2012-08-16 11:04 - 2012-08-16 11:04 - 00031080 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
2012-08-16 10:50 - 2012-08-16 10:50 - 03879800 ____A (AVG Technologies) C:\Users\Britt\Downloads\avg_free_stb_all_2012_2197_cnet.exe
2012-08-15 19:10 - 2012-08-15 19:10 - 00001007 ____A C:\Users\Britt\Desktop\SpeedFan.lnk
2012-08-15 19:10 - 2012-08-15 19:10 - 00000045 ____A C:\Windows\SysWOW64\initdebug.nfo
2012-08-15 19:06 - 2012-08-15 19:06 - 02135728 ____A C:\Users\Britt\Downloads\installspeedfan446.exe
2012-08-15 15:48 - 2012-08-15 15:02 - 00002435 ____A C:\Users\Britt\sketcher.properties
2012-08-15 15:14 - 2012-08-15 15:14 - 00123107 ____A C:\Users\Britt\Downloads\JTabletSetupv0.9.5.exe
2012-08-15 14:13 - 2012-08-15 14:14 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2012-08-15 14:13 - 2012-08-15 14:14 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2012-08-15 14:11 - 2012-08-15 14:11 - 00893936 ____A (Oracle Corporation) C:\Users\Britt\Downloads\jxpiinstall(3).exe
2012-08-15 13:50 - 2012-08-15 13:50 - 00459696 ____A C:\Users\Britt\Downloads\smpro_dm(2).exe
2012-08-15 12:29 - 2012-02-11 22:20 - 00428504 ____A C:\Users\Britt\Documents\AVSDK5_UNINST.LOG
2012-08-15 12:26 - 2012-08-15 12:26 - 00893936 ____A (Oracle Corporation) C:\Users\Britt\Downloads\jxpiinstall(2).exe
2012-08-15 12:25 - 2012-08-15 12:25 - 00893936 ____A (Oracle Corporation) C:\Users\Britt\Downloads\jxpiinstall(1).exe
2012-08-15 12:23 - 2012-08-15 12:23 - 00459696 ____A C:\Users\Britt\Downloads\smpro_dm(1).exe
2012-08-15 10:21 - 2012-01-18 07:51 - 00007597 ____A C:\Users\Britt\AppData\Local\Resmon.ResmonCfg
2012-08-15 09:46 - 2012-04-12 08:51 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-08-15 09:46 - 2011-07-20 20:31 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-08-15 08:00 - 2012-07-17 17:08 - 00000342 ____A C:\Windows\Tasks\HPCeeScheduleForBRITT-HP$.job
2012-08-15 07:28 - 2012-08-15 07:27 - 00275664 ____A C:\Windows\Minidump\081512-47377-01.dmp
2012-08-12 23:32 - 2011-11-29 19:54 - 00000132 ____A C:\Users\Britt\AppData\Roaming\Adobe PNG Format CS5 Prefs
2012-08-12 13:41 - 2012-08-12 13:41 - 14481664 ____A C:\Users\Britt\Downloads\basic_painting_brushes_by_pastelaurora-d5axdo1.zip
2012-08-11 21:23 - 2011-11-04 03:35 - 01069615 ____A C:\Windows\WindowsUpdate.log
2012-08-11 18:13 - 2012-08-11 18:13 - 00000408 ____A C:\Windows\SysWOW64\iolo.ini
2012-08-11 18:13 - 2012-08-11 18:13 - 00000408 ____A C:\Windows\System32\iolo.ini
2012-08-11 18:13 - 2011-12-17 11:11 - 00000392 ____A C:\Windows\SysWOW64\iolo.ini.txt
2012-08-07 14:13 - 2011-11-15 08:34 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
2012-08-02 19:24 - 2012-02-07 14:41 - 00000332 ____A C:\Windows\Tasks\HPCeeScheduleForBritt.job
2012-08-02 08:45 - 2012-02-11 22:30 - 00056472 ____A (iolo technologies, LLC) C:\Windows\System32\iolobtdfg.exe
2012-08-02 08:45 - 2012-02-11 22:30 - 00025072 ____A (iolo technologies, LLC) C:\Windows\System32\smrgdf.exe
2012-08-02 07:27 - 2012-02-11 22:30 - 02154576 ____A (iolo technologies, LLC) C:\Windows\System32\Incinerator64.dll
2012-08-02 07:21 - 2012-08-15 13:55 - 00160256 ____A C:\Windows\System32\iavlsp64.dll
2012-08-02 07:21 - 2012-08-15 13:55 - 00118784 ____A (iolo technologies, LLC) C:\Windows\SysWOW64\iavlsp.dll
2012-08-01 15:36 - 2011-11-14 14:38 - 00000415 ____A C:\Users\All Users\Microsoft.SqlServer.Compact.351.32.bc
2012-08-01 15:36 - 2011-11-04 03:38 - 00022972 ____A C:\Windows\DPINST.LOG
2012-08-01 15:26 - 2012-08-01 15:26 - 35180670 ____A C:\Users\Britt\Downloads\SmartWare_Windows_Upgrader_1.6.2.5.zip
2012-07-31 07:48 - 2012-07-31 07:48 - 13529520 ____A (Broadcom Corporation.) C:\Users\Britt\Downloads\SetupBtwDownloadSE.exe
2012-07-26 06:01 - 2012-07-27 20:45 - 00082160 ____A (Raxco Software, Inc.) C:\Windows\System32\Drivers\PDFsFilter.sys
2012-07-24 17:23 - 2011-11-15 14:30 - 00000000 ____A C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt
2012-07-12 16:56 - 2009-07-13 20:45 - 04900096 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-11 23:05 - 2011-11-23 18:09 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-11 07:49 - 2012-07-11 07:48 - 03092640 ____A (Adobe Systems, Inc.) C:\Users\Britt\Downloads\install_flash_player_10_plugin.exe
2012-07-11 07:47 - 2012-07-11 07:43 - 00686792 ____A (Adobe Systems Incorporated) C:\Users\Britt\Downloads\uninstall_flash_player(1).exe
2012-07-11 07:43 - 2012-07-11 07:38 - 00686792 ____A (Adobe Systems Incorporated) C:\Users\Britt\Downloads\uninstall_flash_player.exe
2012-07-09 19:15 - 2011-11-28 20:19 - 00773050 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
2012-07-09 18:58 - 2012-07-09 18:56 - 50449456 ____A (Microsoft Corporation) C:\Users\Britt\Downloads\dotNetFx40_Full_x86_x64.exe
2012-07-05 18:06 - 2012-08-15 14:14 - 00772544 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
2012-07-05 18:06 - 2012-08-15 14:14 - 00227760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2012-07-05 18:06 - 2011-11-27 13:09 - 00687544 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2012-07-05 07:12 - 2012-07-05 07:12 - 01582499 ____A C:\Users\Britt\Downloads\Attachments_2012_07_5.zip
2012-07-04 18:49 - 2012-07-04 18:49 - 00000406 ____A C:\Windows\System32\ioloBootDefrag.cfg
2012-07-04 18:23 - 2012-07-04 18:23 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-07-03 09:46 - 2012-08-16 14:10 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-19 15:08 - 2012-06-19 15:03 - 74987170 ____A C:\Users\Britt\Downloads\Hello.zip
2012-06-12 14:38 - 2011-11-04 03:37 - 00024358 ____A C:\Windows\System32\RaCoInst.log
2012-06-11 19:08 - 2012-07-11 23:14 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-08 21:43 - 2012-07-11 07:07 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 20:41 - 2012-07-11 07:07 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-07 17:35 - 2012-06-07 17:35 - 00000096 ____A C:\Users\All Users\lxdx.log
2012-06-07 16:59 - 2011-11-28 20:29 - 00000740 ____A C:\Users\All Users\lxdxDiagnostics.log
2012-06-05 22:06 - 2012-07-11 07:07 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 22:06 - 2012-07-11 07:07 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 22:02 - 2012-07-11 07:07 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-05 21:05 - 2012-07-11 07:07 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 21:05 - 2012-07-11 07:07 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-05 21:03 - 2012-07-11 07:07 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-06-02 19:19 - 2012-02-24 15:19 - 00016030 ____A C:\Users\Britt\Documents\EV Horse Stats.xlsx
2012-06-02 14:19 - 2012-06-21 09:44 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-21 09:44 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-21 09:44 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-21 09:44 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-21 09:44 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-21 09:44 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-21 09:44 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 11:19 - 2012-06-21 09:44 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 11:15 - 2012-06-21 09:44 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 04:49 - 2012-07-11 23:03 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 04:17 - 2012-07-11 23:03 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 04:12 - 2012-07-11 23:03 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 04:05 - 2012-07-11 23:03 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 04:05 - 2012-07-11 23:03 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 04:04 - 2012-07-11 23:03 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 04:04 - 2012-07-11 23:03 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 04:03 - 2012-07-11 23:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 04:01 - 2012-07-11 23:03 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 04:00 - 2012-07-11 23:03 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 03:59 - 2012-07-11 23:03 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 03:57 - 2012-07-11 23:03 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 03:57 - 2012-07-11 23:03 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 03:54 - 2012-07-11 23:03 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-02 01:07 - 2012-07-11 23:03 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-02 00:43 - 2012-07-11 23:03 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-02 00:33 - 2012-07-11 23:03 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-02 00:26 - 2012-07-11 23:03 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-02 00:25 - 2012-07-11 23:03 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-02 00:25 - 2012-07-11 23:03 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-02 00:23 - 2012-07-11 23:03 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-02 00:21 - 2012-07-11 23:03 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-02 00:20 - 2012-07-11 23:03 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-02 00:19 - 2012-07-11 23:03 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-02 00:19 - 2012-07-11 23:03 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-02 00:17 - 2012-07-11 23:03 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-02 00:16 - 2012-07-11 23:03 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-02 00:14 - 2012-07-11 23:03 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-01 21:50 - 2012-07-11 07:07 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 21:48 - 2012-07-11 07:07 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 21:48 - 2012-07-11 07:07 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 21:45 - 2012-07-11 07:07 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 21:44 - 2012-07-11 07:07 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 20:40 - 2012-07-11 07:07 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 20:40 - 2012-07-11 07:07 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 20:39 - 2012-07-11 07:07 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-01 20:34 - 2012-07-11 07:07 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-05-31 08:25 - 2010-11-20 19:27 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2012-05-25 08:58 - 2012-05-25 08:58 - 00173408 ___RA (Commtouch, Inc.) C:\Windows\System32\Drivers\amp.sys
2012-05-25 08:58 - 2012-02-11 22:31 - 01496416 ___RA (Commtouch, Inc.) C:\Windows\System32\Drivers\ampse.sys


ZeroAccess:
C:\Windows\Installer\{c09ca9f8-9c91-b1a9-5255-93be2a2fcea3}
C:\Windows\Installer\{c09ca9f8-9c91-b1a9-5255-93be2a2fcea3}\@
C:\Windows\Installer\{c09ca9f8-9c91-b1a9-5255-93be2a2fcea3}\L
C:\Windows\Installer\{c09ca9f8-9c91-b1a9-5255-93be2a2fcea3}\n
C:\Windows\Installer\{c09ca9f8-9c91-b1a9-5255-93be2a2fcea3}\U
C:\Windows\Installer\{c09ca9f8-9c91-b1a9-5255-93be2a2fcea3}\L\00000004.@
C:\Windows\Installer\{c09ca9f8-9c91-b1a9-5255-93be2a2fcea3}\L\201d3dde
C:\Windows\Installer\{c09ca9f8-9c91-b1a9-5255-93be2a2fcea3}\U\00000004.@
C:\Windows\Installer\{c09ca9f8-9c91-b1a9-5255-93be2a2fcea3}\U\80000000.@
C:\Windows\Installer\{c09ca9f8-9c91-b1a9-5255-93be2a2fcea3}\U\80000032.@
C:\Windows\Installer\{c09ca9f8-9c91-b1a9-5255-93be2a2fcea3}\U\80000064.@

ZeroAccess:
C:\Windows\assembly\GAC_32\Desktop.ini

ZeroAccess:
C:\Windows\assembly\GAC_64\Desktop.ini

Type 00 partition infection:
C:\Windows\svchost.exe

========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

TDL4: custom:26000022 <===== ATTENTION!

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 19%
Total physical RAM: 3562.91 MB
Available physical RAM: 2875.05 MB
Total Pagefile: 3561.05 MB
Available Pagefile: 2875.92 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:447.21 GB) (Free:394.29 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive e: (Recovery) (Fixed) (Total:14.39 GB) (Free:1.6 GB) NTFS ==>[System with boot components (obtained from reading drive)]
4 Drive g: () (Removable) (Total:0.24 GB) (Free:0.24 GB) FAT
5 Drive x: (Boot) (Fixed) (Total:0.25 GB) (Free:0.25 GB) NTFS
6 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 4063 MB
Disk 1 Online 250 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 199 MB 1024 KB
Partition 2 Primary 447 GB 200 MB
Partition 3 Primary 14 GB 447 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Y SYSTEM NTFS Partition 199 MB Healthy

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C NTFS Partition 447 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 E Recovery NTFS Partition 14 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 250 MB 16 KB

==================================================================================

Disk: 1
Partition 1
Type : 06
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 G FAT Removable 250 MB Healthy

==================================================================================

Last Boot: 2012-08-07 09:57

======================= End Of Log ==========================



Farbar Recovery Scan Tool Version: 15-08-2012
Ran by SYSTEM at 2012-08-17 14:13:50
Running from G:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

====== End Of Search ======
 
Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Next...

Restart normally.

Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 

Attachments

  • fixlist.txt
    526 bytes · Views: 1
Thank you again. I performed the instructions and the computer rebooted, and has logged me in as a temporary user (I hope that is what is supposed to happen). It has given me the message that the Recycling Bin on C:\ is corrupt which I have ignored.

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 15-08-2012
Ran by SYSTEM at 2012-08-17 15:00:02 Run:1
Running from G:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
C:\Windows\System32\consrv.dll not found.
C:\Windows\svchost.exe moved successfully.
C:\Windows\Installer\{c09ca9f8-9c91-b1a9-5255-93be2a2fcea3} moved successfully.
C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.

The operation completed successfully.
The operation completed successfully.
C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

==== End of Fixlog ====
16:13:08.0746 3880 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05
16:13:09.0198 3880 ============================================================
16:13:09.0198 3880 Current date / time: 2012/08/17 16:13:09.0198
16:13:09.0198 3880 SystemInfo:
16:13:09.0198 3880
16:13:09.0198 3880 OS Version: 6.1.7601 ServicePack: 1.0
16:13:09.0198 3880 Product type: Workstation
16:13:09.0198 3880 ComputerName: BRITT-HP
16:13:09.0198 3880 UserName: Britt
16:13:09.0198 3880 Windows directory: C:\Windows
16:13:09.0198 3880 System windows directory: C:\Windows
16:13:09.0198 3880 Running under WOW64
16:13:09.0198 3880 Processor architecture: Intel x64
16:13:09.0198 3880 Number of processors: 4
16:13:09.0198 3880 Page size: 0x1000
16:13:09.0198 3880 Boot type: Normal boot
16:13:09.0198 3880 ============================================================
16:13:11.0071 3880 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:13:11.0071 3880 Drive \Device\Harddisk1\DR2 - Size: 0xFAC0000 (0.24 Gb), SectorSize: 0x200, Cylinders: 0x1F, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
16:13:11.0081 3880 ============================================================
16:13:11.0081 3880 \Device\Harddisk0\DR0:
16:13:11.0101 3880 MBR partitions:
16:13:11.0101 3880 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
16:13:11.0101 3880 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x37E6C800
16:13:11.0101 3880 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x37ED0800, BlocksNum 0x1CC5800
16:13:11.0101 3880 \Device\Harddisk1\DR2:
16:13:11.0101 3880 MBR partitions:
16:13:11.0101 3880 \Device\Harddisk1\DR2\Partition1: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x7D5E0
16:13:11.0101 3880 ============================================================
16:13:11.0171 3880 C: <-> \Device\Harddisk0\DR0\Partition2
16:13:11.0281 3880 D: <-> \Device\Harddisk0\DR0\Partition3
16:13:11.0281 3880 ============================================================
16:13:11.0281 3880 Initialize success
16:13:11.0281 3880 ============================================================
16:13:13.0062 5884 ============================================================
16:13:13.0062 5884 Scan started
16:13:13.0062 5884 Mode: Manual;
16:13:13.0062 5884 ============================================================
16:13:15.0324 5884 ================ Scan services =============================
16:13:15.0664 5884 [ a87d604aea360176311474c87a63bb88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
16:13:15.0674 5884 1394ohci - ok
16:13:15.0734 5884 [ d81d9e70b8a6dd14d42d7b4efa65d5f2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
16:13:15.0754 5884 ACPI - ok
16:13:15.0794 5884 [ 99f8e788246d495ce3794d7e7821d2ca ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
16:13:15.0804 5884 AcpiPmi - ok
16:13:15.0944 5884 [ d19c4ee2ac7c47b8f5f84fff1a789d8a ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:13:16.0004 5884 AdobeARMservice - ok
16:13:16.0374 5884 [ a9d3b95e8466bd58eeb8a1154654e162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:13:16.0384 5884 AdobeFlashPlayerUpdateSvc - ok
16:13:16.0464 5884 [ 2f6b34b83843f0c5118b63ac634f5bf4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
16:13:16.0654 5884 adp94xx - ok
16:13:16.0684 5884 [ 597f78224ee9224ea1a13d6350ced962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
16:13:16.0844 5884 adpahci - ok
16:13:16.0924 5884 [ e109549c90f62fb570b9540c4b148e54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
16:13:16.0924 5884 adpu320 - ok
16:13:16.0954 5884 [ 4b78b431f225fd8624c5655cb1de7b61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:13:16.0964 5884 AeLookupSvc - ok
16:13:17.0024 5884 [ 1c7857b62de5994a75b054a9fd4c3825 ] AFD C:\Windows\system32\drivers\afd.sys
16:13:17.0044 5884 AFD - ok
16:13:17.0084 5884 [ 608c14dba7299d8cb6ed035a68a15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
16:13:17.0094 5884 agp440 - ok
16:13:17.0114 5884 [ 3290d6946b5e30e70414990574883ddb ] ALG C:\Windows\System32\alg.exe
16:13:17.0124 5884 ALG - ok
16:13:17.0154 5884 [ 5812713a477a3ad7363c7438ca2ee038 ] aliide C:\Windows\system32\drivers\aliide.sys
16:13:17.0184 5884 aliide - ok
16:13:17.0254 5884 [ 3de8dc285540733818588cc94e7fc96e ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
16:13:17.0254 5884 AMD External Events Utility - ok
16:13:17.0334 5884 AMD FUEL Service - ok
16:13:17.0354 5884 [ 1ff8b4431c353ce385c875f194924c0c ] amdide C:\Windows\system32\drivers\amdide.sys
16:13:18.0614 5884 amdide - ok
16:13:18.0704 5884 [ 6a2eeb0c4133b20773bb3dd0b7b377b4 ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys
16:13:18.0714 5884 amdiox64 - ok
16:13:18.0784 5884 [ 7024f087cff1833a806193ef9d22cda9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
16:13:18.0794 5884 AmdK8 - ok
16:13:19.0583 5884 [ 42d53daf85f948c39ce1351a8f5b5808 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
16:13:20.0137 5884 amdkmdag - ok
16:13:20.0197 5884 [ 75182b5784015b271932088551616a96 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
16:13:20.0207 5884 amdkmdap - ok
16:13:20.0277 5884 [ 1e56388b3fe0d031c44144eb8c4d6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
16:13:20.0287 5884 AmdPPM - ok
16:13:20.0337 5884 [ d4121ae6d0c0e7e13aa221aa57ef2d49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
16:13:20.0347 5884 amdsata - ok
16:13:20.0447 5884 [ f67f933e79241ed32ff46a4f29b5120b ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
16:13:20.0467 5884 amdsbs - ok
16:13:20.0497 5884 [ 540daf1cea6094886d72126fd7c33048 ] amdxata C:\Windows\system32\drivers
 
\amdxata.sys
16:13:20.0497 5884 amdxata - ok
16:13:20.0527 5884 [ f9d46b6b322708bd5afcc8767ebdc901 ] amd_sata C:\Windows\system32\DRIVERS\amd_sata.sys
16:13:20.0527 5884 amd_sata - ok
16:13:20.0547 5884 [ 329cc9c7e20deebcd4cd10816193ef14 ] amd_xata C:\Windows\system32\DRIVERS\amd_xata.sys
16:13:20.0557 5884 amd_xata - ok
16:13:20.0587 5884 [ 7ff52fd7cb32fbeba5960e8f9621d734 ] AMP C:\Windows\system32\Drivers\amp.sys
16:13:20.0617 5884 AMP - ok
16:13:20.0667 5884 [ 6221e6de43bbbd96c122f0edd0139809 ] AMPSE C:\Windows\system32\Drivers\ampse.sys
16:13:20.0707 5884 AMPSE - ok
16:13:20.0747 5884 [ 89a69c3f2f319b43379399547526d952 ] AppID C:\Windows\system32\drivers\appid.sys
16:13:20.0757 5884 AppID - ok
16:13:20.0797 5884 [ 0bc381a15355a3982216f7172f545de1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
16:13:20.0807 5884 AppIDSvc - ok
16:13:20.0827 5884 [ 3977d4a871ca0d4f2ed1e7db46829731 ] Appinfo C:\Windows\System32\appinfo.dll
16:13:20.0827 5884 Appinfo - ok
16:13:20.0907 5884 [ f401929ee0cc92bfe7f15161ca535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:13:20.0947 5884 Apple Mobile Device - ok
16:13:21.0077 5884 [ c484f8ceb1717c540242531db7845c4e ] arc C:\Windows\system32\drivers\arc.sys
16:13:21.0107 5884 arc - ok
16:13:21.0137 5884 [ 019af6924aefe7839f61c830227fe79c ] arcsas C:\Windows\system32\drivers\arcsas.sys
16:13:21.0147 5884 arcsas - ok
16:13:21.0297 5884 [ 9217d874131ae6ff8f642f124f00a555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
16:13:21.0307 5884 aspnet_state - ok
16:13:21.0387 5884 [ 769765ce2cc62867468cea93969b2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:13:21.0417 5884 AsyncMac - ok
16:13:21.0447 5884 [ 02062c0b390b7729edc9e69c680a6f3c ] atapi C:\Windows\system32\drivers\atapi.sys
16:13:21.0517 5884 atapi - ok
16:13:21.0577 5884 [ cbd14f698def12ee3557604b726cb8eb ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
16:13:21.0577 5884 AtiHDAudioService - ok
16:13:21.0637 5884 [ f23fef6d569fce88671949894a8becf1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:13:21.0647 5884 AudioEndpointBuilder - ok
16:13:21.0677 5884 [ f23fef6d569fce88671949894a8becf1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
16:13:21.0687 5884 AudioSrv - ok
16:13:21.0767 5884 [ a6bf31a71b409dfa8cac83159e1e2aff ] AxInstSV C:\Windows\System32\AxInstSV.dll
16:13:21.0787 5884 AxInstSV - ok
16:13:21.0917 5884 [ 3e5b191307609f7514148c6832bb0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
16:13:21.0937 5884 b06bdrv - ok
16:13:21.0977 5884 [ b5ace6968304a3900eeb1ebfd9622df2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
16:13:21.0997 5884 b57nd60a - ok
16:13:22.0067 5884 [ 9e84a931dbee0292e38ed672f6293a99 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
16:13:22.0097 5884 BCM43XX - ok
16:13:22.0127 5884 [ fde360167101b4e45a96f939f388aeb0 ] BDESVC C:\Windows\System32\bdesvc.dll
16:13:22.0137 5884 BDESVC - ok
16:13:22.0147 5884 [ 16a47ce2decc9b099349a5f840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
16:13:22.0157 5884 Beep - ok
16:13:22.0197 5884 [ 82974d6a2fd19445cc5171fc378668a4 ] BFE C:\Windows\System32\bfe.dll
16:13:22.0207 5884 BFE - ok
16:13:22.0257 5884 [ 1ea7969e3271cbc59e1730697dc74682 ] BITS C:\Windows\System32\qmgr.dll
16:13:22.0287 5884 BITS - ok
16:13:22.0307 5884 [ 61583ee3c3a17003c4acd0475646b4d3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
16:13:22.0307 5884 blbdrive - ok
16:13:22.0357 5884 [ ebbcd5dfbb1de70e8f4af8fa59e401fd ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
16:13:22.0367 5884 Bonjour Service - ok
16:13:22.0387 5884 [ 6c02a83164f5cc0a262f4199f0871cf5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:13:22.0397 5884 bowser - ok
16:13:22.0417 5884 [ f09eee9edc320b5e1501f749fde686c8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
16:13:22.0427 5884 BrFiltLo - ok
16:13:22.0437 5884 [ b114d3098e9bdb8bea8b053685831be6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
16:13:22.0447 5884 BrFiltUp - ok
16:13:22.0467 5884 [ 8ef0d5c41ec907751b8429162b1239ed ] Browser C:\Windows\System32\browser.dll
16:13:22.0467 5884 Browser - ok
16:13:22.0517 5884 [ 43bea8d483bf1870f018e2d02e06a5bd ] Brserid C:\Windows\System32\Drivers\Brserid.sys
16:13:22.0527 5884 Brserid - ok
16:13:22.0547 5884 [ a6eca2151b08a09caceca35c07f05b42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
16:13:22.0547 5884 BrSerWdm - ok
16:13:22.0557 5884 [ b79968002c277e869cf38bd22cd61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
16:13:22.0567 5884 BrUsbMdm - ok
16:13:22.0597 5884 [ a87528880231c54e75ea7a44943b38bf ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
16:13:22.0607 5884 BrUsbSer - ok
16:13:22.0637 5884 [ 9da669f11d1f894ab4eb69bf546a42e8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
16:13:22.0647 5884 BTHMODEM - ok
16:13:22.0683 5884 [ 95f9c2976059462cbbf227f7aab10de9 ] bthserv C:\Windows\system32\bthserv.dll
16:13:22.0693 5884 bthserv - ok
16:13:22.0723 5884 [ b8bd2bb284668c84865658c77574381a ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:13:22.0743 5884 cdfs - ok
16:13:22.0783 5884 [ f036ce71586e93d94dab220d7bdf4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
16:13:22.0803 5884 cdrom - ok
16:13:22.0833 5884 [ f17d1d393bbc69c5322fbfafaca28c7f ] CertPropSvc C:\Windows\System32\certprop.dll
16:13:22.0843 5884 CertPropSvc - ok
16:13:22.0883 5884 [ d7cd5c4e1b71fa62050515314cfb52cf ] circlass C:\Windows\system32\drivers\circlass.sys
16:13:22.0893 5884 circlass - ok
16:13:22.0963 5884 [ fe1ec06f2253f691fe36217c592a0206 ] CLFS C:\Windows\system32\CLFS.sys
16:13:22.0983 5884 CLFS - ok
16:13:23.0093 5884 [ d88040f816fda31c3b466f0fa0918f29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:13:23.0153 5884 clr_optimization_v2.0.50727_32 - ok
16:13:23.0303 5884 [ d1ceea2b47cb998321c579651ce3e4f8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:13:23.0313 5884 clr_optimization_v2.0.50727_64 - ok
16:13:23.0423 5884 [ c5a75eb48e2344abdc162bda79e16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:13:23.0463 5884 clr_optimization_v4.0.30319_32 - ok
16:13:23.0713 5884 [ c6f9af94dcd58122a4d7e89db6bed29d ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:13:23.0733 5884 clr_optimization_v4.0.30319_64 - ok
16:13:23.0873 5884 [ 50f92c943f18b070f166d019dfab3d9a ] clwvd C:\Windows\system32\DRIVERS\clwvd.sys
16:13:23.0893 5884 clwvd - ok
16:13:23.0993 5884 [ 0840155d0bddf1190f84a663c284bd33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
16:13:24.0003 5884 CmBatt - ok
16:13:24.0163 5884 [ e19d3f095812725d88f9001985b94edd ] cmdide C:\Windows\system32\drivers\cmdide.sys
16:13:24.0183 5884 cmdide - ok
16:13:24.0263 5884 [ 9ac4f97c2d3e93367e2148ea940cd2cd ] CNG C:\Windows\system32\Drivers\cng.sys
16:13:24.0293 5884 CNG - ok
16:13:24.0323 5884 [ 102de219c3f61415f964c88e9085ad14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
16:13:24.0333 5884 Compbatt - ok
16:13:24.0373 5884 [ 03edb043586cceba243d689bdda370a8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
16:13:24.0383 5884 CompositeBus - ok
16:13:24.0393 5884 COMSysApp - ok
16:13:24.0413 5884 [ 1c827878a998c18847245fe1f34ee597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
16:13:24.0423 5884 crcdisk - ok
16:13:24.0463 5884 [ 4f5414602e2544a4554d95517948b705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:13:24.0493 5884 CryptSvc - ok
16:13:24.0533 5884 [ 5c627d1b1138676c0a7ab2c2c190d123 ] DcomLaunch C:\Windows\system32\rpcss.dll
16:13:24.0543 5884 DcomLaunch - ok
16:13:24.0633 5884 [ 3cec7631a84943677aa8fa8ee5b6b43d ] defragsvc C:\Windows\System32\defragsvc.dll
16:13:24.0663 5884 defragsvc - ok
16:13:24.0713 5884 [ 9bb2ef44eaa163b29c4a4587887a0fe4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:13:24.0743 5884 DfsC - ok
16:13:24.0813 5884 [ 43d808f5d9e1a18e5eeb5ebc83969e4e ] Dhcp C:\Windows\system32\dhcpcore.dll
16:13:25.0123 5884 Dhcp - ok
16:13:25.0153 5884 [ 13096b05847ec78f0977f2c0f79e9ab3 ] discache C:\Windows\system32\drivers\discache.sys
16:13:25.0163 5884 discache - ok
16:13:25.0233 5884 [ 9819eee8b5ea3784ec4af3b137a5244c ] Disk C:\Windows\system32\drivers\disk.sys
16:13:25.0253 5884 Disk - ok
16:13:25.0353 5884 [ 16835866aaa693c7d7fceba8fff706e4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:13:25.0363 5884 Dnscache - ok
16:13:25.0413 5884 [ b1fb3ddca0fdf408750d5843591afbc6 ] dot3svc C:\Windows\System32\dot3svc.dll
16:13:25.0433 5884 dot3svc - ok
16:13:25.0474 5884 [ b26f4f737e8f9df4f31af6cf31d05820 ] DPS C:\Windows\system32\dps.dll
16:13:25.0568 5884 DPS - ok
16:13:25.0692 5884 [ 9b19f34400d24df84c858a421c205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:13:25.0708 5884 drmkaud - ok
16:13:25.0755 5884 [ f5bee30450e18e6b83a5012c100616fd ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:13:25.0786 5884 DXGKrnl - ok
16:13:25.0817 5884 [ e2dda8726da9cb5b2c4000c9018a9633 ] EapHost C:\Windows\System32\eapsvc.dll
16:13:25.0833 5884 EapHost - ok
16:13:26.0067 5884 [ dc5d737f51be844d8c82c695eb17372f ] ebdrv C:\Windows\system32\drivers\evbda.sys
16:13:26.0270 5884 ebdrv - ok
16:13:26.0394 5884 [ c118a82cd78818c29ab228366ebf81c3 ] EFS C:\Windows\System32\lsass.exe
16:13:26.0394 5884 EFS - ok
16:13:26.0613 5884 [ c4002b6b41975f057d98c439030cea07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
16:13:26.0660 5884 ehRecvr - ok
16:13:26.0706 5884 [ 4705e8ef9934482c5bb488ce28afc681 ] ehSched C:\Windows\ehome\ehsched.exe
16:13:26.0722 5884 ehSched - ok
16:13:26.0800 5884 [ f21a07780bbd64adef872f50e8ce2e75 ] ElRawDisk C:\Windows\system32\drivers\ElRawDsk.sys
16:13:26.0816 5884 ElRawDisk - ok
16:13:26.0862 5884 [ 0e5da5369a0fcaea12456dd852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
16:13:26.0894 5884 elxstor - ok
16:13:26.0956 5884 [ 34a3c54752046e79a126e15c51db409b ] ErrDev C:\Windows\system32\drivers\errdev.sys
16:13:26.0956 5884 ErrDev - ok
16:13:27.0034 5884 [ 4166f82be4d24938977dd1746be9b8a0 ] EventSystem C:\Windows\system32\es.dll
16:13:27.0034 5884 EventSystem - ok
16:13:27.0190 5884 [ a510c654ec00c1e9bdd91eeb3a59823b ] exfat C:\Windows\system32\drivers\exfat.sys
16:13:27.0206 5884 exfat - ok
16:13:27.0237 5884 [ 0adc83218b66a6db380c330836f3e36d ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:13:27.0268 5884 fastfat - ok
16:13:27.0346 5884 [ dbefd454f8318a0ef691fdd2eaab44eb ] Fax C:\Windows\system32\fxssvc.exe
16:13:27.0393 5884 Fax - ok
16:13:27.0471 5884 [ d765d19cd8ef61f650c384f62fac00ab ] fdc C:\Windows\system32\drivers\fdc.sys
16:13:27.0486 5884 fdc - ok
16:13:27.0564 5884 [ 0438cab2e03f4fb61455a7956026fe86 ] fdPHost C:\Windows\system32\fdPHost.dll
16:13:27.0564 5884 fdPHost - ok
16:13:27.0580 5884 [ 802496cb59a30349f9a6dd22d6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
16:13:27.0596 5884 FDResPub - ok
16:13:27.0596 5884 FileDisk - ok
16:13:27.0642 5884 [ 655661be46b5f5f3fd454e2c3095b930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:13:27.0674 5884 FileInfo - ok
16:13:27.0705 5884 [ 5f671ab5bc87eea04ec38a6cd5962a47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:13:27.0720 5884 Filetrace - ok
16:13:27.0736 5884 [ c172a0f53008eaeb8ea33fe10e177af5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
16:13:27.0752 5884 flpydisk - ok
16:13:27.0814 5884 [ da6b67270fd9db3697b20fce94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:13:27.0830 5884 FltMgr - ok
16:13:27.0923 5884 [ 5c4cb4086fb83115b153e47add961a0c ] FontCache C:\Windows\system32\FntCache.dll
16:13:27.0954 5884 FontCache - ok
16:13:28.0157 5884 [ a8b7f3818ab65695e3a0bb3279f6dce6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:13:28.0157 5884 FontCache3.0.0.0 - ok
16:13:28.0235 5884 [ d43703496149971890703b4b1b723eac ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
16:13:28.0298 5884 FsDepends - ok
16:13:28.0344 5884 [ 07da62c960ddccc2d35836aeab4fc578 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
16:13:28.0391 5884 fssfltr - ok
16:13:28.0656 5884 [ 28ddeeec44e988657b732cf404d504cb ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
16:13:28.0906 5884 fsssvc - ok
16:13:28.0953 5884 [ 6bd9295cc032dd3077c671fccf579a7b ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:13:28.0968 5884 Fs_Rec - ok
16:13:29.0031 5884 [ 1f7b25b858fa27015169fe95e54108ed ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
16:13:29.0046 5884 fvevol - ok
16:13:29.0119 5884 [ 8c778d335c9d272cfd3298ab02abe3b6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
16:13:29.0129 5884 gagp30kx - ok
16:13:29.0279 5884 [ c403c5db49a0f9aaf4f2128edc0106d8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
16:13:29.0329 5884 GamesAppService - ok
16:13:29.0369 5884 [ e403aacf8c7bb11375122d2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:13:29.0389 5884 GEARAspiWDM - ok
16:13:29.0529 5884 [ 277bbc7e1aa1ee957f573a10eca7ef3a ] gpsvc C:\Windows\System32\gpsvc.dll
16:13:29.0569 5884 gpsvc - ok
16:13:29.0609 5884 [ f2523ef6460fc42405b12248338ab2f0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
16:13:29.0619 5884 hcw85cir - ok
16:13:29.0649 5884 [ 975761c778e33cd22498059b91e7373a ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:13:29.0679 5884 HdAudAddService - ok
16:13:29.0709 5884 [ 97bfed39b6b79eb12cddbfeed51f56bb ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
16:13:29.0719 5884 HDAudBus - ok
16:13:29.0799 5884 [ 78e86380454a7b10a5eb255dc44a355f ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
16:13:29.0809 5884 HidBatt - ok
16:13:29.0849 5884 [ 7fd2a313f7afe5c4dab14798c48dd104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
16:13:29.0859 5884 HidBth - ok
16:13:29.0909 5884 [ 0a77d29f311b88cfae3b13f9c1a73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
16:13:29.0919 5884 HidIr - ok
16:13:29.0949 5884 [ bd9eb3958f213f96b97b1d897dee006d ] hidserv C:\Windows\system32\hidserv.dll
16:13:29.0969 5884 hidserv - ok
16:13:29.0999 5884 [ 9592090a7e2b61cd582b612b6df70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
16:13:30.0009 5884 HidUsb - ok
16:13:30.0179 5884 [ 387e72e739e15e3d37907a86d9ff98e2 ] hkmsvc C:\Windows\system32\kmsvc.dll
16:13:30.0319 5884 hkmsvc - ok
16:13:30.0369 5884 [ efdfb3dd38a4376f93e7985173813abd ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:13:30.0379 5884 HomeGroupListener - ok
16:13:30.0449 5884 [ 908acb1f594274965a53926b10c81e89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:13:30.0469 5884 HomeGroupProvider - ok
16:13:30.0669 5884 [ 13bb1114451c63bfb41ba7daa4d70a29 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
16:13:30.0689 5884 HP Support Assistant Service - ok
16:13:30.0819 5884 [ 7b8c1b09c11e8db7c4480abd7d17e821 ] HPAuto C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
16:13:30.0859 5884 HPAuto - ok
16:13:30.0929 5884 [ 6a181452d4e240b8ecc7614b9a19bde9 ] HPClientSvc C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
16:13:30.0979 5884 HPClientSvc - ok
16:13:31.0069 5884 [ 02ce63d8dd5e6dd5ceff336191c0859e ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
16:13:31.0129 5884 HPDrvMntSvc.exe - ok
16:13:31.0221 5884 [ e7c7829ba0395e48f8c8fe16b8832344 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
16:13:32.0391 5884 hpqwmiex - ok
16:13:32.0594 5884 [ 39d2abcd392f3d8a6dce7b60ae7b8efc ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
16:13:32.0610 5884 HpSAMD - ok
16:13:32.0656 5884 [ 2bec76bdcd1bc080210325e7b5094834 ] HPWMISVC C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
16:13:32.0719 5884 HPWMISVC - ok
16:13:32.0766 5884 [ 0ea7de1acb728dd5a369fd742d6eee28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:13:32.0797 5884 HTTP - ok
16:13:32.0812 5884 [ a5462bd6884960c9dc85ed49d34ff392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
16:13:32.0828 5884 hwpolicy - ok
16:13:32.0844 5884 [ fa55c73d4affa7ee23ac4be53b4592d3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
16:13:32.0859 5884 i8042prt - ok
16:13:32.0937 5884 [ aaaf44db3bd0b9d1fb6969b23ecc8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
16:13:32.0968 5884 iaStorV - ok
16:13:33.0187 5884 [ 634bcd82fb1ce4b475b3d64935f3d2cc ] IconMan_R C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
16:13:33.0249 5884 IconMan_R - ok
16:13:33.0362 5884 [ 5988fc40f8db5b0739cd1e3a5d0d78bd ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:13:33.0392 5884 idsvc - ok
16:13:33.0442 5884 [ 5c18831c61933628f5bb0ea2675b9d21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
16:13:33.0472 5884 iirsp - ok
16:13:33.0622 5884 [ fcd84c381e0140af901e58d48882d26b ] IKEEXT C:\Windows\System32\ikeext.dll
16:13:33.0642 5884 IKEEXT - ok
16:13:33.0762 5884 [ f00f20e70c6ec3aa366910083a0518aa ] intelide C:\Windows\system32\drivers\intelide.sys
16:13:33.0782 5884 intelide - ok
16:13:33.0842 5884 [ ada036632c664caa754079041cf1f8c1 ] intelppm C:\Windows\system32\drivers\intelppm.sys
16:13:33.0852 5884 intelppm - ok
16:13:33.0862 5884 ioloSystemService - ok
16:13:33.0882 5884 [ 098a91c54546a3b878dad6a7e90a455b ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:13:33.0892 5884 IPBusEnum - ok
16:13:33.0922 5884 [ c9f0e1bd74365a8771590e9008d22ab6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:13:33.0932 5884 IpFilterDriver - ok
16:13:33.0982 5884 [ a34a587fffd45fa649fba6d03784d257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
16:13:33.0992 5884 iphlpsvc - ok
16:13:34.0032 5884 [ 0fc1aea580957aa8817b8f305d18ca3a ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
16:13:34.0042 5884 IPMIDRV - ok
16:13:34.0082 5884 [ af9b39a7e7b6caa203b3862582e9f2d0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
16:13:34.0092 5884 IPNAT - ok
16:13:34.0152 5884 [ a9ab99ee7d39725eafec82732d2b3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
16:13:34.0172 5884 iPod Service - ok
16:13:34.0232 5884 [ 3abf5e7213eb28966d55d58b515d5ce9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:13:34.0242 5884 IRENUM - ok
16:13:34.0302 5884 [ 2f7b28dc3e1183e5eb418df55c204f38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
16:13:34.0312 5884 isapnp - ok
16:13:34.0352 5884 [ d931d7309deb2317035b07c9f9e6b0bd ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
16:13:34.0362 5884 iScsiPrt - ok
16:13:34.0422 5884 [ bc02336f1cba7dcc7d1213bb588a68a5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
16:13:34.0432 5884 kbdclass - ok
16:13:34.0472 5884 [ 0705eff5b42a9db58548eec3b26bb484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
16:13:34.0482 5884 kbdhid - ok
16:13:34.0602 5884 [ c118a82cd78818c29ab228366ebf81c3 ] KeyIso C:\Windows\system32\lsass.exe
16:13:34.0612 5884 KeyIso - ok
16:13:34.0672 5884 [ 97a7070aea4c058b6418519e869a63b4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:13:34.0682 5884 KSecDD - ok
16:13:34.0702 5884 [ 26c43a7c2862447ec59deda188d1da07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
16:13:34.0722 5884 KSecPkg - ok
16:13:34.0762 5884 [ 6869281e78cb31a43e969f06b57347c4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
16:13:34.0772 5884 ksthunk - ok
16:13:34.0862 5884 [ 6ab66e16aa859232f64deb66887a8c9c ] KtmRm C:\Windows\system32\msdtckrm.dll
16:13:34.0882 5884 KtmRm - ok
16:13:34.0962 5884 [ d9f42719019740baa6d1c6d536cbdaa6 ] LanmanServer C:\Windows\system32\srvsvc.dll
16:13:35.0092 5884 LanmanServer - ok
16:13:35.0132 5884 [ 851a1382eed3e3a7476db004f4ee3e1a ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:13:35.0152 5884 LanmanWorkstation - ok
16:13:35.0192 5884 [ 1538831cf8ad2979a04c423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:13:35.0192 5884 lltdio - ok
16:13:35.0252 5884 [ c1185803384ab3feed115f79f109427f ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:13:35.0312 5884 lltdsvc - ok
16:13:35.0322 5884 [ f993a32249b66c9d622ea5592a8b76b8 ] lmhosts C:\Windows\System32\lmhsvc.dll
16:13:35.0342 5884 lmhosts - ok
16:13:35.0373 5884 [ 1a93e54eb0ece102495a51266dcdb6a6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
16:13:35.0388 5884 LSI_FC - ok
16:13:35.0404 5884 [ 1047184a9fdc8bdbff857175875ee810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
16:13:35.0420 5884 LSI_SAS - ok
16:13:35.0451 5884 [ 30f5c0de1ee8b5bc9306c1f0e4a75f93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
16:13:35.0513 5884 LSI_SAS2 - ok
16:13:35.0576 5884 [ 0504eacaff0d3c8aed161c4b0d369d4a ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
16:13:35.0591 5884 LSI_SCSI - ok
16:13:35.0622 5884 [ 43d0f98e1d56ccddb0d5254cff7b356e ] luafv C:\Windows\system32\drivers\luafv.sys
16:13:35.0638 5884 luafv - ok
16:13:35.0654 5884 lxdx_device - ok
16:13:35.0732 5884 [ 0be09cd858abf9df6ed259d57a1a1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
16:13:35.0747 5884 Mcx2Svc - ok
16:13:35.0825 5884 [ a55805f747c6edb6a9080d7c633bd0f4 ] megasas C:\Windows\system32\drivers\megasas.sys
16:13:35.0825 5884 megasas - ok
16:13:35.0841 5884 [ baf74ce0072480c3b6b7c13b2a94d6b3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
16:13:36.0324 5884 MegaSR - ok
16:13:36.0402 5884 [ e40e80d0304a73e8d269f7141d77250b ] MMCSS C:\Windows\system32\mmcss.dll
16:13:36.0418 5884 MMCSS - ok
16:13:36.0465 5884 [ 800ba92f7010378b09f9ed9270f07137 ] Modem C:\Windows\system32\drivers\modem.sys
16:13:36.0496 5884 Modem - ok
16:13:36.0512 5884 [ b03d591dc7da45ece20b3b467e6aadaa ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:13:36.0527 5884 monitor - ok
16:13:36.0543 5884 [ 7d27ea49f3c1f687d357e77a470aea99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
16:13:36.0558 5884 mouclass - ok
16:13:36.0590 5884 [ d3bf052c40b0c4166d9fd86a4288c1e6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
16:13:36.0605 5884 mouhid - ok
16:13:36.0621 5884 [ 32e7a3d591d671a6df2db515a5cbe0fa ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
16:13:36.0636 5884 mountmgr - ok
16:13:36.0714 5884 [ 46297fa8e30a6007f14118fc2b942fbc ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
16:13:36.0777 5884 MozillaMaintenance - ok
16:13:36.0855 5884 [ a44b420d30bd56e145d6a2bc8768ec58 ] mpio C:\Windows\system32\drivers\mpio.sys
16:13:36.0886 5884 mpio - ok
16:13:36.0917 5884 [ 6c38c9e45ae0ea2fa5e551f2ed5e978f ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:13:36.0933 5884 mpsdrv - ok
16:13:36.0995 5884 [ 54ffc9c8898113ace189d4aa7199d2c1 ] MpsSvc C:\Windows\system32\mpssvc.dll
16:13:37.0011 5884 MpsSvc - ok
16:13:37.0042 5884 [ dc722758b8261e1abafd31a3c0a66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:13:37.0042 5884 MRxDAV - ok
16:13:37.0073 5884 [ a5d9106a73dc88564c825d317cac68ac ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:13:37.0089 5884 mrxsmb - ok
16:13:37.0136 5884 [ d711b3c1d5f42c0c2415687be09fc163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:13:37.0151 5884 mrxsmb10 - ok
16:13:37.0182 5884 [ 9423e9d355c8d303e76b8cfbd8a5c30c ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:13:37.0198 5884 mrxsmb20 - ok
16:13:37.0229 5884 [ c25f0bafa182cbca2dd3c851c2e75796 ] msahci C:\Windows\system32\drivers\msahci.sys
16:13:37.0229 5884 msahci - ok
16:13:37.0292 5884 [ db801a638d011b9633829eb6f663c900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
16:13:37.0292 5884 msdsm - ok
16:13:37.0338 5884 [ de0ece52236cfa3ed2dbfc03f28253a8 ] MSDTC C:\Windows\System32\msdtc.exe
16:13:37.0354 5884 MSDTC - ok
16:13:37.0390 5884 [ aa3fb40e17ce1388fa1bedab50ea8f96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:13:37.0400 5884 Msfs - ok
16:13:37.0420 5884 [ f9d215a46a8b9753f61767fa72a20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
16:13:37.0430 5884 mshidkmdf - ok
16:13:37.0490 5884 [ d916874bbd4f8b07bfb7fa9b3ccae29d ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
16:13:37.0490 5884 msisadrv - ok
16:13:37.0560 5884 [ 808e98ff49b155c522e6400953177b08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:13:37.0570 5884 MSiSCSI - ok
16:13:37.0580 5884 msiserver - ok
16:13:37.0630 5884 [ 49ccf2c4fea34ffad8b1b59d49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:13:37.0640 5884 MSKSSRV - ok
16:13:37.0680 5884 [ bdd71ace35a232104ddd349ee70e1ab3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:13:37.0700 5884 MSPCLOCK - ok
16:13:37.0710 5884 [ 4ed981241db27c3383d72092b618a1d0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:13:37.0720 5884 MSPQM - ok
16:13:37.0740 5884 [ 759a9eeb0fa9ed79da1fb7d4ef78866d ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:13:37.0770 5884 MsRPC - ok
16:13:37.0800 5884 [ 0eed230e37515a0eaee3c2e1bc97b288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
16:13:37.0800 5884 mssmbios - ok
16:13:37.0850 5884 [ 2e66f9ecb30b4221a318c92ac2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:13:37.0860 5884 MSTEE - ok
16:13:37.0890 5884 [ 7ea404308934e675bffde8edf0757bcd ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
16:13:37.0900 5884 MTConfig - ok
16:13:37.0920 5884 [ f9a18612fd3526fe473c1bda678d61c8 ] Mup C:\Windows\system32\Drivers\mup.sys
16:13:37.0930 5884 Mup - ok
16:13:37.0980 5884 [ 582ac6d9873e31dfa28a4547270862dd ] napagent C:\Windows\system32\qagentRT.dll
16:13:37.0990 5884 napagent - ok
16:13:38.0040 5884 [ 1ea3749c4114db3e3161156ffffa6b33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:13:38.0070 5884 NativeWifiP - ok
16:13:38.0160 5884 [ c38b8ae57f78915905064a9a24dc1586 ] NDIS C:\Windows\system32\drivers\ndis.sys
16:13:38.0250 5884 NDIS - ok
16:13:38.0300 5884 [ 9f9a1f53aad7da4d6fef5bb73ab811ac ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
16:13:38.0320 5884 NdisCap - ok
16:13:38.0400 5884 [ 30639c932d9fef22b31268fe25a1b6e5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:13:38.0430 5884 NdisTapi - ok
16:13:38.0450 5884 [ 136185f9fb2cc61e573e676aa5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:13:38.0470 5884 Ndisuio - ok
16:13:38.0500 5884 [ 53f7305169863f0a2bddc49e116c2e11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:13:38.0510 5884 NdisWan - ok
16:13:38.0570 5884 [ 015c0d8e0e0421b4cfd48cffe2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:13:38.0710 5884 NDProxy - ok
16:13:38.0770 5884 [ 86743d9f5d2b1048062b14b1d84501c4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:13:38.0780 5884 NetBIOS - ok
16:13:38.0860 5884 [ 09594d1089c523423b32a4229263f068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
16:13:38.0890 5884 NetBT - ok
16:13:38.0900 5884 [ c118a82cd78818c29ab228366ebf81c3 ] Netlogon C:\Windows\system32\lsass.exe
16:13:38.0910 5884 Netlogon - ok
16:13:38.0940 5884 [ 847d3ae376c0817161a14a82c8922a9e ] Netman C:\Windows\System32\netman.dll
16:13:38.0970 5884 Netman - ok
16:13:39.0040 5884 [ d22cd77d4f0d63d1169bb35911bff12d ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:13:39.0070 5884 NetMsmqActivator - ok
16:13:39.0080 5884 [ d22cd77d4f0d63d1169bb35911bff12d ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:13:39.0080 5884 NetPipeActivator - ok
16:13:39.0130 5884 [ 5f28111c648f1e24f7dbc87cdeb091b8 ] netprofm C:\Windows\System32\netprofm.dll
16:13:39.0140 5884 netprofm - ok
16:13:39.0320 5884 [ 31609b481cc202bfb441e37febcdea05 ] netr28x C:\Windows\system32\DRIVERS\netr28x.sys
16:13:39.0400 5884 netr28x - ok
16:13:39.0430 5884 [ d22cd77d4f0d63d1169bb35911bff12d ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:13:39.0440 5884 NetTcpActivator - ok
16:13:39.0460 5884 [ d22cd77d4f0d63d1169bb35911bff12d ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
16:13:39.0460 5884 NetTcpPortSharing - ok
16:13:39.0510 5884 [ 77889813be4d166cdab78ddba990da92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
16:13:39.0520 5884 nfrd960 - ok
16:13:39.0600 5884 [ 1ee99a89cc788ada662441d1e9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
16:13:39.0610 5884 NlaSvc - ok
16:13:39.0640 5884 [ 1e4c4ab5c9b8dd13179bbdc75a2a01f7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:13:39.0660 5884 Npfs - ok
16:13:39.0700 5884 [ d54bfdf3e0c953f823b3d0bfe4732528 ] nsi C:\Windows\system32\nsisvc.dll
16:13:39.0700 5884 nsi - ok
16:13:39.0730 5884 [ e7f5ae18af4168178a642a9247c63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:13:39.0740 5884 nsiproxy - ok
16:13:39.0850 5884 [ a2f74975097f52a00745f9637451fdd8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:13:39.0940 5884 Ntfs - ok
16:13:39.0970 5884 [ 9899284589f75fa8724ff3d16aed75c1 ] Null C:\Windows\system32\drivers\Null.sys
16:13:39.0980 5884 Null - ok
16:13:40.0020 5884 [ a85b4f2ef3a7304a5399ef0526423040 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys
16:13:40.0040 5884 NVENETFD - ok
16:13:40.0100 5884 [ 0a92cb65770442ed0dc44834632f66ad ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:13:40.0120 5884 nvraid - ok
16:13:40.0150 5884 [ dab0e87525c10052bf65f06152f37e4a ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:13:40.0150 5884 nvstor - ok
16:13:40.0180 5884 [ 270d7cd42d6e3979f6dd0146650f0e05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
16:13:40.0190 5884 nv_agp - ok
16:13:40.0230 5884 [ 3589478e4b22ce21b41fa1bfc0b8b8a0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
16:13:40.0240 5884 ohci1394 - ok
16:13:40.0300 5884 [ 9d10f99a6712e28f8acd5641e3a7ea6b ] ose C:\Program Files (x86)\Common
 
Files\Microsoft Shared\Source Engine\OSE.EXE
16:13:40.0330 5884 ose - ok
16:13:40.0713 5884 [ 61bffb5f57ad12f83ab64b7181829b34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
16:13:40.0900 5884 osppsvc - ok
16:13:40.0947 5884 [ 3eac4455472cc2c97107b5291e0dcafe ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
16:13:40.0962 5884 p2pimsvc - ok
16:13:41.0009 5884 [ 927463ecb02179f88e4b9a17568c63c3 ] p2psvc C:\Windows\system32\p2psvc.dll
16:13:41.0040 5884 p2psvc - ok
16:13:41.0118 5884 [ 0086431c29c35be1dbc43f52cc273887 ] Parport C:\Windows\system32\drivers\parport.sys
16:13:41.0118 5884 Parport - ok
16:13:41.0212 5884 [ e9766131eeade40a27dc27d2d68fba9c ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:13:41.0212 5884 partmgr - ok
16:13:41.0274 5884 [ 3aeaa8b561e63452c655dc0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
16:13:41.0305 5884 PcaSvc - ok
16:13:41.0368 5884 [ 94575c0571d1462a0f70bde6bd6ee6b3 ] pci C:\Windows\system32\drivers\pci.sys
16:13:41.0383 5884 pci - ok
16:13:41.0415 5884 [ b5b8b5ef2e5cb34df8dcf8831e3534fa ] pciide C:\Windows\system32\drivers\pciide.sys
16:13:41.0430 5884 pciide - ok
16:13:41.0477 5884 [ b2e81d4e87ce48589f98cb8c05b01f2f ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
16:13:41.0508 5884 pcmcia - ok
16:13:41.0555 5884 [ d6b9c2e1a11a3a4b26a182ffef18f603 ] pcw C:\Windows\system32\drivers\pcw.sys
16:13:41.0571 5884 pcw - ok
16:13:41.0617 5884 [ 8570c04d9dbfddd2ccf655deb4d84715 ] PDFsFilter C:\Windows\system32\DRIVERS\PDFsFilter.sys
16:13:41.0633 5884 PDFsFilter - ok
16:13:41.0680 5884 [ 68769c3356b3be5d1c732c97b9a80d6e ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:13:41.0695 5884 PEAUTH - ok
16:13:42.0117 5884 [ e495e408c93141e8fc72dc0c6046ddfa ] PerfHost C:\Windows\SysWow64\perfhost.exe
16:13:42.0148 5884 PerfHost - ok
16:13:42.0273 5884 [ c7cf6a6e137463219e1259e3f0f0dd6c ] pla C:\Windows\system32\pla.dll
16:13:42.0351 5884 pla - ok
16:13:42.0413 5884 [ 25fbdef06c4d92815b353f6e792c8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:13:42.0429 5884 PlugPlay - ok
16:13:42.0475 5884 [ 7195581cec9bb7d12abe54036acc2e38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
16:13:42.0491 5884 PNRPAutoReg - ok
16:13:42.0522 5884 [ 3eac4455472cc2c97107b5291e0dcafe ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
16:13:42.0522 5884 PNRPsvc - ok
16:13:42.0569 5884 [ 4f15d75adf6156bf56eced6d4a55c389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:13:42.0600 5884 PolicyAgent - ok
16:13:42.0647 5884 [ 6ba9d927dded70bd1a9caded45f8b184 ] Power C:\Windows\system32\umpo.dll
16:13:42.0678 5884 Power - ok
16:13:42.0725 5884 [ f92a2c41117a11a00be01ca01a7fcde9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:13:42.0741 5884 PptpMiniport - ok
16:13:42.0772 5884 [ 0d922e23c041efb1c3fac2a6f943c9bf ] Processor C:\Windows\system32\drivers\processr.sys
16:13:42.0787 5884 Processor - ok
16:13:42.0834 5884 [ 53e83f1f6cf9d62f32801cf66d8352a8 ] ProfSvc C:\Windows\system32\profsvc.dll
16:13:42.0850 5884 ProfSvc - ok
16:13:42.0881 5884 [ c118a82cd78818c29ab228366ebf81c3 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:13:42.0881 5884 ProtectedStorage - ok
16:13:42.0928 5884 [ 0557cf5a2556bd58e26384169d72438d ] Psched C:\Windows\system32\DRIVERS\pacer.sys
16:13:42.0943 5884 Psched - ok
16:13:43.0037 5884 [ a53a15a11ebfd21077463ee2c7afeef0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
16:13:43.0099 5884 ql2300 - ok
16:13:43.0162 5884 [ 4f6d12b51de1aaeff7dc58c4d75423c8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
16:13:43.0177 5884 ql40xx - ok
16:13:43.0240 5884 [ 906191634e99aea92c4816150bda3732 ] QWAVE C:\Windows\system32\qwave.dll
16:13:43.0411 5884 QWAVE - ok
16:13:43.0489 5884 [ 76707bb36430888d9ce9d705398adb6c ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:13:43.0521 5884 QWAVEdrv - ok
16:13:43.0552 5884 [ 5a0da8ad5762fa2d91678a8a01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:13:43.0552 5884 RasAcd - ok
16:13:43.0599 5884 [ 7ecff9b22276b73f43a99a15a6094e90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
16:13:43.0614 5884 RasAgileVpn - ok
16:13:43.0677 5884 [ 8f26510c5383b8dbe976de1cd00fc8c7 ] RasAuto C:\Windows\System32\rasauto.dll
16:13:43.0692 5884 RasAuto - ok
16:13:43.0755 5884 [ 471815800ae33e6f1c32fb1b97c490ca ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:13:43.0770 5884 Rasl2tp - ok
16:13:43.0786 5884 [ ee867a0870fc9e4972ba9eaad35651e2 ] RasMan C:\Windows\System32\rasmans.dll
16:13:43.0817 5884 RasMan - ok
16:13:43.0848 5884 [ 855c9b1cd4756c5e9a2aa58a15f58c25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:13:43.0864 5884 RasPppoe - ok
16:13:43.0879 5884 [ e8b1e447b008d07ff47d016c2b0eeecb ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:13:43.0895 5884 RasSstp - ok
16:13:43.0926 5884 [ 77f665941019a1594d887a74f301fa2f ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:13:43.0973 5884 rdbss - ok
16:13:44.0004 5884 [ 302da2a0539f2cf54d7c6cc30c1f2d8d ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
16:13:44.0020 5884 rdpbus - ok
16:13:44.0035 5884 [ cea6cc257fc9b7715f1c2b4849286d24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:13:44.0051 5884 RDPCDD - ok
16:13:44.0082 5884 [ bb5971a4f00659529a5c44831af22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:13:44.0098 5884 RDPENCDD - ok
16:13:44.0129 5884 [ 216f3fa57533d98e1f74ded70113177a ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
16:13:44.0145 5884 RDPREFMP - ok
16:13:44.0176 5884 [ e61608aa35e98999af9aaeeea6114b0a ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:13:44.0191 5884 RDPWD - ok
16:13:44.0238 5884 [ 34ed295fa0121c241bfef24764fc4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
16:13:44.0394 5884 rdyboost - ok
16:13:44.0472 5884 [ 254fb7a22d74e5511c73a3f6d802f192 ] RemoteAccess C:\Windows\System32\mprdim.dll
16:13:44.0488 5884 RemoteAccess - ok
16:13:44.0535 5884 [ e4d94f24081440b5fc5aa556c7c62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:13:44.0550 5884 RemoteRegistry - ok
16:13:44.0628 5884 [ 085d18c71ab2611a3d61528132b6501e ] RoxioNow Service C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
16:13:44.0722 5884 RoxioNow Service - ok
16:13:44.0753 5884 [ e4dc58cf7b3ea515ae917ff0d402a7bb ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
16:13:44.0769 5884 RpcEptMapper - ok
16:13:44.0800 5884 [ d5ba242d4cf8e384db90e6a8ed850b8c ] RpcLocator C:\Windows\system32\locator.exe
16:13:44.0800 5884 RpcLocator - ok
16:13:44.0909 5884 [ 5c627d1b1138676c0a7ab2c2c190d123 ] RpcSs C:\Windows\system32\rpcss.dll
16:13:44.0925 5884 RpcSs - ok
16:13:44.0987 5884 [ c897d551ee0dfcd8e638bf78e21d4d7f ] RSPCIESTOR C:\Windows\system32\DRIVERS\RtsPStor.sys
16:13:45.0112 5884 RSPCIESTOR - ok
16:13:45.0237 5884 [ ddc86e4f8e7456261e637e3552e804ff ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:13:45.0252 5884 rspndr - ok
16:13:45.0315 5884 [ ee082e06a82ff630351d1e0ebbd3d8d0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
16:13:45.0346 5884 RTL8167 - ok
16:13:45.0393 5884 [ c118a82cd78818c29ab228366ebf81c3 ] SamSs C:\Windows\system32\lsass.exe
16:13:45.0393 5884 SamSs - ok
16:13:45.0580 5884 [ ac03af3329579fffb455aa2daabbe22b ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
16:13:45.0595 5884 sbp2port - ok
16:13:45.0627 5884 [ 9b7395789e3791a3b6d000fe6f8b131e ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:13:45.0658 5884 SCardSvr - ok
16:13:45.0720 5884 [ 253f38d0d7074c02ff8deb9836c97d2b ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
16:13:45.0720 5884 scfilter - ok
16:13:45.0798 5884 [ 262f6592c3299c005fd6bec90fc4463a ] Schedule C:\Windows\system32\schedsvc.dll
16:13:45.0814 5884 Schedule - ok
16:13:45.0923 5884 [ f17d1d393bbc69c5322fbfafaca28c7f ] SCPolicySvc C:\Windows\System32\certprop.dll
16:13:45.0923 5884 SCPolicySvc - ok
16:13:45.0985 5884 [ 111e0ebc0ad79cb0fa014b907b231cf0 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
16:13:46.0001 5884 sdbus - ok
16:13:46.0079 5884 [ 6ea4234dc55346e0709560fe7c2c1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:13:46.0095 5884 SDRSVC - ok
16:13:46.0126 5884 [ 3ea8a16169c26afbeb544e0e48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:13:46.0141 5884 secdrv - ok
16:13:46.0157 5884 [ bc617a4e1b4fa8df523a061739a0bd87 ] seclogon C:\Windows\system32\seclogon.dll
16:13:46.0173 5884 seclogon - ok
16:13:46.0219 5884 [ c32ab8fa018ef34c0f113bd501436d21 ] SENS C:\Windows\System32\sens.dll
16:13:46.0235 5884 SENS - ok
16:13:46.0266 5884 [ 0336cffafaab87a11541f1cf1594b2b2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
16:13:46.0282 5884 SensrSvc - ok
16:13:46.0313 5884 [ cb624c0035412af0debec78c41f5ca1b ] Serenum C:\Windows\system32\drivers\serenum.sys
16:13:46.0329 5884 Serenum - ok
16:13:46.0344 5884 [ c1d8e28b2c2adfaec4ba89e9fda69bd6 ] Serial C:\Windows\system32\drivers\serial.sys
16:13:46.0360 5884 Serial - ok
16:13:46.0407 5884 [ 1c545a7d0691cc4a027396535691c3e3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
16:13:46.0407 5884 sermouse - ok
16:13:46.0500 5884 [ 0b6231bf38174a1628c4ac812cc75804 ] SessionEnv C:\Windows\system32\sessenv.dll
16:13:46.0516 5884 SessionEnv - ok
16:13:46.0563 5884 [ a554811bcd09279536440c964ae35bbf ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
16:13:46.0578 5884 sffdisk - ok
16:13:46.0609 5884 [ ff414f0baefeba59bc6c04b3db0b87bf ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
16:13:46.0609 5884 sffp_mmc - ok
16:13:46.0656 5884 [ dd85b78243a19b59f0637dcf284da63c ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
16:13:46.0656 5884 sffp_sd - ok
16:13:46.0687 5884 [ a9d601643a1647211a1ee2ec4e433ff4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
16:13:46.0703 5884 sfloppy - ok
16:13:46.0765 5884 [ b95f6501a2f8b2e78c697fec401970ce ] SharedAccess C:\Windows\System32\ipnathlp.dll
16:13:46.0781 5884 SharedAccess - ok
16:13:46.0828 5884 [ aaf932b4011d14052955d4b212a4da8d ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:13:46.0843 5884 ShellHWDetection - ok
16:13:46.0906 5884 [ 843caf1e5fde1ffd5ff768f23a51e2e1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
16:13:46.0921 5884 SiSRaid2 - ok
16:13:46.0984 5884 [ 6a6c106d42e9ffff8b9fcb4f754f6da4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
16:13:46.0999 5884 SiSRaid4 - ok
16:13:47.0031 5884 [ 548260a7b8654e024dc30bf8a7c5baa4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:13:47.0046 5884 Smb - ok
16:13:47.0093 5884 [ 6313f223e817cc09aa41811daa7f541d ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:13:47.0093 5884 SNMPTRAP - ok
16:13:47.0155 5884 [ b9e31e5cacdfe584f34f730a677803f9 ] spldr C:\Windows\system32\drivers\spldr.sys
16:13:47.0155 5884 spldr - ok
16:13:47.0187 5884 [ b96c17b5dc1424d56eea3a99e97428cd ] Spooler C:\Windows\System32\spoolsv.exe
16:13:47.0202 5884 Spooler - ok
16:13:47.0623 5884 [ e17e0188bb90fae42d83e98707efa59c ] sppsvc C:\Windows\system32\sppsvc.exe
16:13:47.0935 5884 sppsvc - ok
16:13:47.0967 5884 [ 93d7d61317f3d4bc4f4e9f8a96a7de45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
16:13:47.0982 5884 sppuinotify - ok
16:13:48.0091 5884 [ 441fba48bff01fdb9d5969ebc1838f0b ] srv C:\Windows\system32\DRIVERS\srv.sys
16:13:48.0123 5884 srv - ok
16:13:48.0201 5884 [ b4adebbf5e3677cce9651e0f01f7cc28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:13:48.0247 5884 srv2 - ok
16:13:48.0388 5884 [ 0c4540311e11664b245a263e1154cef8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
16:13:48.0419 5884 SrvHsfHDA - ok
16:13:48.0544 5884 [ 02071d207a9858fbe3a48cbfd59c4a04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
16:13:48.0591 5884 SrvHsfV92 - ok
16:13:48.0684 5884 [ 18e40c245dbfaf36fd0134a7ef2df396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
16:13:48.0715 5884 SrvHsfWinac - ok
16:13:48.0778 5884 [ 27e461f0be5bff5fc737328f749538c3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:13:48.0793 5884 srvnet - ok
16:13:48.0856 5884 [ 51b52fbd583cde8aa9ba62b8b4298f33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:13:48.0871 5884 SSDPSRV - ok
16:13:48.0918 5884 [ ab7aebf58dad8daab7a6c45e6a8885cb ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:13:48.0934 5884 SstpSvc - ok
16:13:49.0090 5884 [ 7eae822e0153d5815ff842fd57d2a49e ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe
16:13:49.0105 5884 STacSV - ok
16:13:49.0137 5884 [ f3817967ed533d08327dc73bc4d5542a ] stexstor C:\Windows\system32\drivers\stexstor.sys
16:13:49.0152 5884 stexstor - ok
16:13:49.0215 5884 [ 6efe5345d1c187973760af3b7b10f636 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
16:13:49.0246 5884 STHDA - ok
16:13:49.0293 5884 [ 8dd52e8e6128f4b2da92ce27402871c1 ] stisvc C:\Windows\System32\wiaservc.dll
16:13:49.0324 5884 stisvc - ok
16:13:49.0386 5884 [ d01ec09b6711a5f8e7e6564a4d0fbc90 ] swenum C:\Windows\system32\drivers\swenum.sys
16:13:49.0386 5884 swenum - ok
16:13:49.0511 5884 [ f577910a133a592234ebaad3f3afa258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
16:13:49.0589 5884 SwitchBoard - ok
16:13:49.0651 5884 [ e08e46fdd841b7184194011ca1955a0b ] swprv C:\Windows\System32\swprv.dll
16:13:49.0667 5884 swprv - ok
16:13:49.0761 5884 [ cc13ee4af170abb99f6449cbb62ab219 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
16:13:49.0827 5884 SynTP - ok
16:13:49.0927 5884 [ bf9ccc0bf39b418c8d0ae8b05cf95b7d ] SysMain C:\Windows\system32\sysmain.dll
16:13:49.0977 5884 SysMain - ok
16:13:50.0117 5884 [ e3c61fd7b7c2557e1f1b0b4cec713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:13:50.0137 5884 TabletInputService - ok
16:13:50.0327 5884 [ 37bea19dbd43301fd987f5d277dfbea5 ] TabletServicePen C:\Windows\system32\Pen_Tablet.exe
16:13:50.0447 5884 TabletServicePen - ok
16:13:50.0497 5884 [ 40f0849f65d13ee87b9a9ae3c1dd6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
16:13:50.0517 5884 TapiSrv - ok
16:13:50.0567 5884 [ 1be03ac720f4d302ea01d40f588162f6 ] TBS C:\Windows\System32\tbssvc.dll
16:13:50.0587 5884 TBS - ok
16:13:50.0667 5884 [ acb82bda8f46c84f465c1afa517dc4b9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:13:50.0727 5884 Tcpip - ok
16:13:50.0767 5884 [ acb82bda8f46c84f465c1afa517dc4b9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
16:13:50.0797 5884 TCPIP6 - ok
16:13:50.0877 5884 [ df687e3d8836bfb04fcc0615bf15a519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:13:50.0897 5884 tcpipreg - ok
16:13:50.0957 5884 [ 3371d21011695b16333a3934340c4e7c ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:13:50.0977 5884 TDPIPE - ok
16:13:51.0027 5884 [ 51c5eceb1cdee2468a1748be550cfbc8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:13:51.0037 5884 TDTCP - ok
16:13:51.0067 5884 [ ddad5a7ab24d8b65f8d724f5c20fd806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:13:51.0087 5884 tdx - ok
16:13:51.0127 5884 [ 561e7e1f06895d78de991e01dd0fb6e5 ] TermDD C:\Windows\system32\drivers\termdd.sys
16:13:51.0137 5884 TermDD - ok
16:13:51.0207 5884 [ 2e648163254233755035b46dd7b89123 ] TermService C:\Windows\System32\termsrv.dll
16:13:51.0267 5884 TermService - ok
16:13:51.0277 5884 [ f0344071948d1a1fa732231785a0664c ] Themes C:\Windows\system32\themeservice.dll
16:13:51.0297 5884 Themes - ok
16:13:51.0327 5884 [ e40e80d0304a73e8d269f7141d77250b ] THREADORDER C:\Windows\system32\mmcss.dll
16:13:51.0327 5884 THREADORDER - ok
16:13:51.0367 5884 [ 7e7afd841694f6ac397e99d75cead49d ] TrkWks C:\Windows\System32\trkwks.dll
16:13:51.0377 5884 TrkWks - ok
16:13:51.0417 5884 [ 773212b2aaa24c1e31f10246b15b276c ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:13:51.0427 5884 TrustedInstaller - ok
16:13:51.0447 5884 [ ce18b2cdfc837c99e5fae9ca6cba5d30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:13:51.0457 5884 tssecsrv - ok
16:13:51.0487 5884 [ d11c783e3ef9a3c52c0ebe83cc5000e9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
16:13:51.0497 5884 TsUsbFlt - ok
16:13:51.0527 5884 [ 9cc2ccae8a84820eaecb886d477cbcb8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
16:13:51.0527 5884 TsUsbGD - ok
16:13:51.0627 5884 [ 3566a8daafa27af944f5d705eaa64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:13:51.0637 5884 tunnel - ok
16:13:51.0687 5884 [ b4dd609bd7e282bfc683cec7eaaaad67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
16:13:51.0697 5884 uagp35 - ok
16:13:51.0797 5884 [ ff4232a1a64012baa1fd97c7b67df593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:13:51.0807 5884 udfs - ok
16:13:51.0867 5884 [ 3cbdec8d06b9968aba702eba076364a1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:13:51.0887 5884 UI0Detect - ok
16:13:51.0947 5884 [ 4bfe1bc28391222894cbf1e7d0e42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
16:13:51.0957 5884 uliagpkx - ok
16:13:52.0017 5884 [ dc54a574663a895c8763af0fa1ff7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
16:13:52.0027 5884 umbus - ok
16:13:52.0067 5884 [ b2e8e8cb557b156da5493bbddcc1474d ] UmPass C:\Windows\system32\drivers\umpass.sys
16:13:52.0077 5884 UmPass - ok
16:13:52.0107 5884 [ d47ec6a8e81633dd18d2436b19baf6de ] upnphost C:\Windows\System32\upnphost.dll
16:13:52.0137 5884 upnphost - ok
16:13:52.0167 5884 [ fb251567f41bc61988b26731dec19e4b ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
16:13:52.0187 5884 USBAAPL64 - ok
16:13:52.0247 5884 [ 6f1a3157a1c89435352ceb543cdb359c ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
16:13:52.0267 5884 usbccgp - ok
16:13:52.0297 5884 [ af0892a803fdda7492f595368e3b68e7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
16:13:52.0317 5884 usbcir - ok
16:13:52.0357 5884 [ c025055fe7b87701eb042095df1a2d7b ] usbehci C:\Windows\system32\drivers\usbehci.sys
16:13:52.0367 5884 usbehci - ok
16:13:52.0417 5884 [ 573d192e268f0c5b486b7e96f661e538 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
16:13:52.0427 5884 usbfilter - ok
16:13:52.0487 5884 [ 287c6c9410b111b68b52ca298f7b8c24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
16:13:52.0517 5884 usbhub - ok
16:13:52.0547 5884 [ 9840fc418b4cbd632d3d0a667a725c31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
16:13:52.0557 5884 usbohci - ok
16:13:52.0627 5884 [ 73188f58fb384e75c4063d29413cee3d ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
16:13:52.0637 5884 usbprint - ok
16:13:52.0687 5884 [ aaa2513c8aed8b54b189fd0c6b1634c0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
16:13:52.0697 5884 usbscan - ok
16:13:52.0747 5884 [ fed648b01349a3c8395a5169db5fb7d6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:13:52.0757 5884 USBSTOR - ok
16:13:52.0797 5884 [ 62069a34518bcf9c1fd9e74b3f6db7cd ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
16:13:52.0817 5884 usbuhci - ok
16:13:52.0867 5884 [ 454800c2bc7f3927ce030141ee4f4c50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
16:13:52.0887 5884 usbvideo - ok
16:13:52.0918 5884 [ edbb23cbcf2cdf727d64ff9b51a6070e ] UxSms C:\Windows\System32\uxsms.dll
16:13:52.0928 5884 UxSms - ok
16:13:52.0938 5884 [ c118a82cd78818c29ab228366ebf81c3 ] VaultSvc C:\Windows\system32\lsass.exe
16:13:52.0948 5884 VaultSvc - ok
16:13:52.0968 5884 [ c5c876ccfc083ff3b128f933823e87bd ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
16:13:52.0978 5884 vdrvroot - ok
16:13:53.0028 5884 [ 8d6b481601d01a456e75c3210f1830be ] vds C:\Windows\System32\vds.exe
16:13:53.0068 5884 vds - ok
16:13:53.0118 5884 [ da4da3f5e02943c2dc8c6ed875de68dd ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:13:53.0168 5884 vga - ok
16:13:53.0208 5884 [ 53e92a310193cb3c03bea963de7d9cfc ] VgaSave C:\Windows\System32\drivers\vga.sys
16:13:53.0218 5884 VgaSave - ok
16:13:53.0238 5884 [ 2ce2df28c83aeaf30084e1b1eb253cbb ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
16:13:53.0258 5884 vhdmp - ok
16:13:53.0278 5884 [ e5689d93ffe4e5d66c0178761240dd54 ] viaide C:\Windows\system32\drivers\viaide.sys
16:13:53.0288 5884 viaide - ok
16:13:53.0328 5884 [ d2aafd421940f640b407aefaaebd91b0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
16:13:53.0348 5884 volmgr - ok
16:13:53.0378 5884 [ a255814907c89be58b79ef2f189b843b ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:13:53.0398 5884 volmgrx - ok
16:13:53.0478 5884 [ 0d08d2f3b3ff84e433346669b5e0f639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
16:13:53.0508 5884 volsnap - ok
16:13:53.0608 5884 [ 1de8494eb32a68d2140fd120bab2de43 ] vseamps C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
16:13:53.0618 5884 vseamps - ok
16:13:53.0688 5884 [ 53604f5091eb1100b930b7e34f593660 ] vsedsps C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
16:13:53.0708 5884 vsedsps - ok
16:13:53.0788 5884 [ 54f18665937f657842bc195bd2cb489c ] vseqrts C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe
16:13:53.0798 5884 vseqrts - ok
16:13:53.0868 5884 [ 5e2016ea6ebaca03c04feac5f330d997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
16:13:53.0888 5884 vsmraid - ok
16:13:54.0074 5884 [ b60ba0bc31b0cb414593e169f6f21cc2 ] VSS C:\Windows\system32\vssvc.exe
16:13:54.0136 5884 VSS - ok
16:13:54.0152 5884 [ 36d4720b72b5c5d9cb2b9c29e9df67a1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
16:13:54.0168 5884 vwifibus - ok
16:13:54.0214 5884 [ 6a3d66263414ff0d6fa754c646612f3f ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
16:13:54.0230 5884 vwififlt - ok
16:13:54.0339 5884 [ 6a638fc4bfddc4d9b186c28c91bd1a01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
16:13:54.0339 5884 vwifimp - ok
16:13:54.0370 5884 [ 1c9d80cc3849b3788048078c26486e1a ] W32Time C:\Windows\system32\w32time.dll
16:13:54.0402 5884 W32Time - ok
16:13:54.0448 5884 [ f39fc224758290a3193c68c091e6f11a ] wacmoumonitor C:\Windows\system32\DRIVERS\wacmoumonitor.sys
16:13:54.0464 5884 wacmoumonitor - ok
16:13:54.0480 5884 [ e04d43c7d1641e95d35cae6086c7e350 ] wacommousefilter C:\Windows\system32\DRIVERS\wacommousefilter.sys
16:13:54.0495 5884 wacommousefilter - ok
16:13:54.0526 5884 [ 4e9440f4f152a7b944cb1663d3935a3e ] WacomPen C:\Windows\system32\drivers\wacompen.sys
16:13:54.0542 5884 WacomPen - ok
16:13:54.0558 5884 [ 53b03e71e88109a5c3c074a33889258a ] wacomvhid C:\Windows\system32\DRIVERS\wacomvhid.sys
16:13:54.0573 5884 wacomvhid - ok
16:13:54.0604 5884 [ 8b4255329edfba3ecfbd0714476fad38 ] WacomVKHid C:\Windows\system32\DRIVERS\WacomVKHid.sys
16:13:54.0620 5884 WacomVKHid - ok
16:13:54.0651 5884 [ 356afd78a6ed4457169241ac3965230c ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
16:13:54.0667 5884 WANARP - ok
16:13:54.0682 5884 [ 356afd78a6ed4457169241ac3965230c ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:13:54.0682 5884 Wanarpv6 - ok
16:13:54.0776 5884 [ 3cec96de223e49eaae3651fcf8faea6c ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
16:13:54.0823 5884 WatAdminSvc - ok
16:13:54.0901 5884 [ 78f4e7f5c56cb9716238eb57da4b6a75 ] wbengine C:\Windows\system32\wbengine.exe
16:13:54.0994 5884 wbengine - ok
16:13:55.0026 5884 [ 3aa101e8edab2db4131333f4325c76a3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
16:13:55.0057 5884 WbioSrvc - ok
16:13:55.0072 5884 [ 7368a2afd46e5a4481d1de9d14848edd ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:13:55.0135 5884 wcncsvc - ok
16:13:55.0182 5884 [ 20f7441334b18cee52027661df4a6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:13:55.0182 5884 WcsPlugInService - ok
16:13:55.0228 5884 [ 72889e16ff12ba0f235467d6091b17dc ] Wd C:\Windows\system32\drivers\wd.sys
16:13:55.0244 5884 Wd - ok
16:13:55.0431 5884 [ d634cfe93e0cd001499d0d6d68890c9e ] WDBackup C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
16:13:55.0540 5884 WDBackup - ok
16:13:55.0587 5884 [ a3d04ebf5227886029b4532f20d026f7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys
16:13:55.0603 5884 WDC_SAM - ok
16:13:55.0681 5884 [ 2277cd5b13b18b6df5f80e8a84254ea7 ] WDDriveService C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
16:13:55.0681 5884 WDDriveService - ok
16:13:55.0806 5884 [ 441bd2d7b4f98134c3a4f9fa570fd250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:13:55.0837 5884 Wdf01000 - ok
16:13:55.0868 5884 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:13:55.0868 5884 WdiServiceHost - ok
16:13:55.0915 5884 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:13:55.0915 5884 WdiSystemHost - ok
16:13:56.0133 5884 [ a578ae45097acad346c86c96f1c0d5a7 ] WDRulesService C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe
16:13:56.0227 5884 WDRulesService - ok
16:13:56.0289 5884 [ 3db6d04e1c64272f8b14eb8bc4616280 ] WebClient C:\Windows\System32\webclnt.dll
16:13:56.0320 5884 WebClient - ok
16:13:56.0367 5884 [ c749025a679c5103e575e3b48e092c43 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:13:56.0430 5884 Wecsvc - ok
16:13:56.0445 5884 [ 7e591867422dc788b9e5bd337a669a08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:13:56.0461 5884 wercplsupport - ok
16:13:56.0492 5884 [ 6d137963730144698cbd10f202e9f251 ] WerSvc C:\Windows\System32\WerSvc.dll
16:13:56.0508 5884 WerSvc - ok
16:13:56.0554 5884 [ 611b23304bf067451a9fdee01fbdd725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
16:13:56.0554 5884 WfpLwf - ok
16:13:56.0570 5884 [ 05ecaec3e4529a7153b3136ceb49f0ec ] WIMMount C:\Windows\system32\drivers\wimmount.sys
16:13:56.0586 5884 WIMMount - ok
16:13:56.0617 5884 WinDefend - ok
16:13:56.0648 5884 WinHttpAutoProxySvc - ok
16:13:56.0742 5884 [ 19b07e7e8915d701225da41cb3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:13:56.0773 5884 Winmgmt - ok
16:13:56.0898 5884 [ bcb1310604aa415c4508708975b3931e ] WinRM C:\Windows\system32\WsmSvc.dll
16:13:56.0991 5884 WinRM - ok
16:13:57.0085 5884 [ fe88b288356e7b47b74b13372add906d ] WinUSB C:\Windows\system32\DRIVERS\WinUSB.sys
16:13:57.0100 5884 WinUSB - ok
16:13:57.0178 5884 [ 4fada86e62f18a1b2f42ba18ae24e6aa ] Wlansvc C:\Windows\System32\wlansvc.dll
16:13:57.0194 5884 Wlansvc - ok
16:13:57.0272 5884 [ 06c8fa1cf39de6a735b54d906ba791c6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
16:13:57.0272 5884 wlcrasvc - ok
16:13:57.0459 5884 [ 2bacd71123f42cea603f4e205e1ae337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:13:57.0709 5884 wlidsvc - ok
16:13:57.0771 5884 [ f6ff8944478594d0e414d3f048f0d778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
16:13:57.0787 5884 WmiAcpi - ok
16:13:57.0880 5884 [ 38b84c94c5a8af291adfea478ae54f93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:13:57.0896 5884 wmiApSrv - ok
16:13:57.0912 5884 WMPNetworkSvc - ok
16:13:57.0958 5884 [ 96c6e7100d724c69fcf9e7bf590d1dca ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:13:57.0974 5884 WPCSvc - ok
16:13:57.0990 5884 [ 93221146d4ebbf314c29b23cd6cc391d ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:13:58.0005 5884 WPDBusEnum - ok
16:13:58.0052 5884 [ 6bcc1d7d2fd2453957c5479a32364e52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:13:58.0052 5884 ws2ifsl - ok
16:13:58.0083 5884 [ e8b1fe6669397d1772d8196df0e57a9e ] wscsvc C:\Windows\System32\wscsvc.dll
16:13:58.0099 5884 wscsvc - ok
16:13:58.0114 5884 WSearch - ok
16:13:58.0255 5884 [ d9ef901dca379cfe914e9fa13b73b4c4 ] wuauserv C:\Windows\system32\wuaueng.dll
16:13:58.0411 5884 wuauserv - ok
16:13:58.0442 5884 [ d3381dc54c34d79b22cee0d65ba91b7c ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
16:13:58.0458 5884 WudfPf - ok
16:13:58.0504 5884 [ cf8d590be3373029d57af80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
16:13:58.0520 5884 WUDFRd - ok
16:13:58.0582 5884 [ 7a95c95b6c4cf292d689106bcae49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:13:58.0598 5884 wudfsvc - ok
16:13:58.0660 5884 [ ce8cf9de9cbfdaa318bd04d8be3fcada ] WwanSvc C:\Windows\System32\wwansvc.dll
16:13:58.0692 5884 WwanSvc - ok
16:13:58.0707 5884 ================ Scan global ===============================
16:13:58.0785 5884 (ba0cd8c393e8c9f83354106093832c7b) C:\Windows\system32\basesrv.dll
16:13:58.0832 5884 (eb6a48cc998e1090e44e8e7f1009a640) C:\Windows\system32\winsrv.dll
16:13:58.0863 5884 (eb6a48cc998e1090e44e8e7f1009a640) C:\Windows\system32\winsrv.dll
16:13:58.0910 5884 (d6160f9d869ba3af0b787f971db56368) C:\Windows\system32\sxssrv.dll
16:13:58.0957 5884 (24acb7e5be595468e3b9aa488b9b4fcb) C:\Windows\system32\services.exe
16:13:58.0972 5884 [Global] - ok
16:13:58.0972 5884 ================ Scan MBR ==================================
16:13:58.0988 5884 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
16:13:58.0988 5884 Suspicious mbr (Forged): \Device\Harddisk0\DR0
16:13:59.0097 5884 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
16:13:59.0097 5884 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
16:13:59.0113 5884 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk1\DR2
16:14:04.0530 5884 \Device\Harddisk1\DR2 - ok
16:14:04.0530 5884 ================ Scan VBR ==================================
16:14:04.0562 5884 Boot (0x1200) (7b9c5f0ec4a3c25011f7654a51f11bc4) \Device\Harddisk0\DR0\Partition1
16:14:04.0562 5884 \Device\Harddisk0\DR0\Partition1 - ok
16:14:04.0655 5884 Boot (0x1200) (4666324b87581580b62beca8d57f0154) \Device\Harddisk0\DR0\Partition2
16:14:04.0702 5884 \Device\Harddisk0\DR0\Partition2 - ok
16:14:04.0764 5884 Boot (0x1200) (ef2c93a716d35abe0f8f0c8fcf1b6b0a) \Device\Harddisk0\DR0\Partition3
16:14:04.0811 5884 \Device\Harddisk0\DR0\Partition3 - ok
16:14:04.0827 5884 Boot (0x1200) (85971423b642ade55f86abd0de1d24d5) \Device\Harddisk1\DR2\Partition1
16:14:04.0827 5884 \Device\Harddisk1\DR2\Partition1 - ok
16:14:04.0827 5884 ============================================================
16:14:04.0827 5884 Scan finished
16:14:04.0827 5884 ============================================================
16:14:04.0967 5820 Detected object count: 1
16:14:04.0967 5820 Actual detected object count: 1
16:14:24.0713 5820 \Device\Harddisk0\DR0\# - copied to quarantine
16:14:24.0723 5820 \Device\Harddisk0\DR0 - copied to quarantine
16:14:25.0463 5820 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
16:14:25.0473 5820 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
16:14:25.0483 5820 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
16:14:25.0503 5820 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
16:14:25.0743 5820 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
16:14:25.0763 5820 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
16:14:25.0763 5820 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
16:14:25.0793 5820 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
16:14:25.0803 5820 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
16:14:25.0813 5820 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
16:14:25.0823 5820 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
16:14:25.0833 5820 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
16:14:25.0893 5820 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
16:14:25.0943 5820 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
16:14:26.0051 5820 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
16:14:26.0176 5820 \Device\Harddisk0\DR0 - ok
16:14:27.0517 5820 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
16:14:37.0035 4104 Deinitialize success
 
Good :)

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on combofix.exe & follow the prompts.

  • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

Restart computer in safe mode

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
 
I am trying to disable my AVG 2012 protection, but when I attempt opening it I get this screen. All I can do is close it. Capture.PNG
 
If you read my instructions CAREFULY....you need to uninstall AVG using provided tool in order to run Combofix.
 
I apologize, I misunderstood the part about AVG. Here is the ComboFix log

ComboFix 12-08-17.03 - Britt 08/17/2012 19:23:52.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3563.2233 [GMT -4:00]
Running from: c:\users\TEMP.Britt-HP\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Britt\AppData\Local\Microsoft\Windows\Temporary Internet Files\{2086B6AB-AB37-4CB3-8B56-9D0D6A3BD23E}.xps
c:\users\Britt\AppData\Local\Microsoft\Windows\Temporary Internet Files\{3A24EF2E-E91F-481B-89A7-A1B5F11CC3F3}.xps
c:\users\Britt\AppData\Local\Microsoft\Windows\Temporary Internet Files\{713D71F8-A1BD-49FF-8391-B2058A64564F}.xps
c:\users\Britt\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C6C76292-3E02-413A-A4D4-ABC5761D757A}.xps
c:\users\Britt\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F10C4420-7B71-41E4-B21C-4EEB621033C9}.xps
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_KXESCORE
.
.
((((((((((((((((((((((((( Files Created from 2012-07-17 to 2012-08-17 )))))))))))))))))))))))))))))))
.
.
2012-08-17 23:38 . 2012-08-17 23:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-17 21:48 . 2012-08-17 21:48 -------- d-----w- C:\FRST
2012-08-17 21:00 . 2012-08-17 21:39 -------- d-----w- C:\_Exception1
2012-08-17 20:14 . 2012-08-17 20:14 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-17 19:19 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{36C50DFB-E2A0-48BD-BF5D-91F96216595A}\mpengine.dll
2012-08-17 19:01 . 2012-08-17 20:15 -------- d-----w- c:\users\TEMP
2012-08-16 22:10 . 2012-08-16 22:10 -------- d-----w- c:\users\Britt\AppData\Roaming\Malwarebytes
2012-08-16 22:10 . 2012-08-16 22:10 -------- d-----w- c:\programdata\Malwarebytes
2012-08-16 22:10 . 2012-07-03 17:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-16 22:10 . 2012-08-17 20:54 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-16 20:56 . 2012-08-16 20:56 74703 ----a-w- c:\windows\SysWow64\mfc45.dat
2012-08-16 19:05 . 2012-08-16 19:05 -------- d-----w- c:\users\Britt\AppData\Roaming\AVG2012
2012-08-16 19:05 . 2012-08-16 19:05 -------- d-----w- c:\users\Britt\AppData\Local\AVG Secure Search
2012-08-16 19:04 . 2012-08-16 19:04 -------- d-----w- c:\programdata\AVG Secure Search
2012-08-16 19:04 . 2012-08-16 19:04 31080 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2012-08-16 19:04 . 2012-08-16 19:04 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
2012-08-16 19:04 . 2012-08-16 19:04 -------- d-----w- c:\program files (x86)\AVG Secure Search
2012-08-16 19:03 . 2012-08-16 19:03 -------- d-----w- c:\windows\SysWow64\drivers\AVG
2012-08-16 19:00 . 2012-08-16 19:00 -------- d-----w- C:\$AVG
2012-08-16 19:00 . 2012-08-17 20:54 -------- d-----w- c:\windows\system32\drivers\AVG
2012-08-16 19:00 . 2012-08-17 20:52 -------- d-----w- c:\programdata\AVG2012
2012-08-16 18:51 . 2012-08-16 21:28 -------- d-----w- c:\programdata\MFAData
2012-08-16 18:51 . 2012-08-16 18:51 -------- d--h--w- c:\programdata\Common Files
2012-08-16 03:10 . 2012-08-17 20:54 -------- d-----w- c:\program files (x86)\SpeedFan
2012-08-15 23:14 . 2012-08-15 23:14 -------- d-----w- c:\windows\java
2012-08-15 23:14 . 2012-08-15 23:14 -------- d-----w- c:\program files (x86)\Cellosoft
2012-08-15 22:16 . 2012-08-15 22:16 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-08-15 22:15 . 2012-08-15 22:15 -------- d-----w- c:\program files (x86)\Oracle
2012-08-15 22:14 . 2012-07-06 02:06 772544 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-08-15 21:56 . 2012-08-15 21:56 -------- d-----w- c:\programdata\Authentium
2012-08-15 21:56 . 2012-08-15 21:56 -------- d-----w- c:\program files\Common Files\Authentium
2012-08-15 21:56 . 2012-08-15 21:56 -------- d-----w- c:\program files (x86)\Common Files\Authentium
2012-08-15 21:55 . 2012-08-02 15:21 160256 ----a-w- c:\windows\system32\iavlsp64.dll
2012-08-15 21:55 . 2012-08-02 15:21 118784 ----a-w- c:\windows\SysWow64\iavlsp.dll
2012-08-12 05:29 . 2012-08-12 05:29 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2012-08-12 05:23 . 2012-08-12 05:23 -------- d-----w- c:\windows\Sun
2012-08-01 23:36 . 2012-08-01 23:36 -------- d-----w- c:\program files\Western Digital
2012-07-28 04:45 . 2012-07-26 14:01 82160 ----a-w- c:\windows\system32\drivers\PDFsFilter.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-17 20:46 . 2012-04-12 16:51 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-17 20:46 . 2011-07-21 04:31 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-02 16:45 . 2012-02-12 06:30 56472 ----a-w- c:\windows\system32\iolobtdfg.exe
2012-08-02 16:45 . 2012-02-12 06:30 25072 ----a-w- c:\windows\system32\smrgdf.exe
2012-08-02 15:27 . 2012-02-12 06:30 2154576 ----a-w- c:\windows\system32\Incinerator64.dll
2012-07-12 07:05 . 2011-11-24 02:09 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-06 02:06 . 2011-11-27 21:09 687544 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-06-12 03:08 . 2012-07-12 07:14 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-06-09 05:43 . 2012-07-11 15:07 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-06 06:06 . 2012-07-11 15:07 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-11 15:07 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-11 15:07 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-11 15:07 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-11 15:07 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-11 15:07 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-06-02 22:19 . 2012-06-21 17:44 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 17:44 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 17:44 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 17:44 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 17:44 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 17:44 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 17:44 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-21 17:44 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-21 17:44 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 12:49 . 2012-07-12 07:03 17807360 ----a-w- c:\windows\system32\mshtml.dll
2012-06-02 12:17 . 2012-07-12 07:03 10924032 ----a-w- c:\windows\system32\ieframe.dll
2012-06-02 12:12 . 2012-07-12 07:03 2311680 ----a-w- c:\windows\system32\jscript9.dll
2012-06-02 12:05 . 2012-07-12 07:03 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-06-02 12:05 . 2012-07-12 07:03 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-06-02 12:04 . 2012-07-12 07:03 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-02 12:04 . 2012-07-12 07:03 237056 ----a-w- c:\windows\system32\url.dll
2012-06-02 12:03 . 2012-07-12 07:03 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-06-02 12:01 . 2012-07-12 07:03 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-02 12:00 . 2012-07-12 07:03 818688 ----a-w- c:\windows\system32\jscript.dll
2012-06-02 11:59 . 2012-07-12 07:03 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-06-02 11:57 . 2012-07-12 07:03 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-06-02 11:57 . 2012-07-12 07:03 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-06-02 11:54 . 2012-07-12 07:03 248320 ----a-w- c:\windows\system32\ieui.dll
2012-06-02 08:33 . 2012-07-12 07:03 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-06-02 08:25 . 2012-07-12 07:03 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-06-02 08:25 . 2012-07-12 07:03 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-06-02 08:20 . 2012-07-12 07:03 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-06-02 08:16 . 2012-07-12 07:03 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-06-02 05:50 . 2012-07-11 15:07 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-11 15:07 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:48 . 2012-07-11 15:07 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:45 . 2012-07-11 15:07 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-11 15:07 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-11 15:07 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-11 15:07 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-11 15:07 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-11 15:07 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-05-31 16:25 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-25 16:58 . 2012-05-25 16:58 173408 ----a-r- c:\windows\system32\drivers\amp.sys
2012-05-25 16:58 . 2012-02-12 06:31 1496416 ----a-r- c:\windows\system32\drivers\ampse.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files (x86)\Windows Sidebar\Sidebar.exe" [2010-11-21 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-08-17 343168]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-03-05 578944]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"WD Quick View"="c:\program files (x86)\Western Digital\WD Quick View\WDDMStatus.exe" [2012-06-14 5235128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventSystem]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vseamps]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vsedsps]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vseqrts]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R2 ioloSystemService;iolo System Service;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-17 250056]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-30 113120]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 vseqrts;vseqrts;c:\program files\Common Files\Authentium\AntiVirus5\vseqrts.exe [2012-05-25 180576]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2008-10-06 18216]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-16 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
R4 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R4 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-03-14 197504]
R4 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-03-05 35200]
R4 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2011-04-16 79488]
S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2011-04-16 40064]
S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [2012-04-17 31432]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-09-15 204288]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-08-04 365568]
S2 AMP;Active Malware Protection Minifilter Driver;c:\windows\system32\Drivers\amp.sys [2012-05-25 173408]
S2 AMPSE;Active Malware Protection Support Driver;c:\windows\system32\Drivers\ampse.sys [2012-05-25 1496416]
S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-02-17 682040]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-11-30 2424424]
S2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe [2010-02-04 1039872]
S2 PDFsFilter;PDFsFilter;c:\windows\system32\DRIVERS\PDFsFilter.sys [2012-07-26 82160]
S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2008-12-11 3589416]
S2 vseamps;vseamps;c:\program files\Common Files\Authentium\AntiVirus5\vseamps.exe [2012-05-25 121184]
S2 vsedsps;vsedsps;c:\program files\Common Files\Authentium\AntiVirus5\vsedsps.exe [2012-05-25 119136]
S2 WDBackup;WD Backup;c:\program files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [2012-06-14 1151424]
S2 WDDriveService;WD Drive Manager;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [2012-06-14 248248]
S2 WDRulesService;WD Rules;c:\program files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [2012-06-14 1177536]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-09-15 10206208]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-09-15 317952]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-03-30 114704]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2012-04-12 1860672]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-11-30 339048]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-11-30 539240]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-12-16 47232]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 20:46]
.
2012-08-15 c:\windows\Tasks\HPCeeScheduleForBRITT-HP$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
2012-08-03 c:\windows\Tasks\HPCeeScheduleForBritt.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-11-30 1128448]
"SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-10-31 43320]
"combofix"="c:\combofix\CF29419.3XE" [2010-11-21 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
LSP: c:\windows\system32\iavlsp.dll
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-iolo Startup - c:\program files (x86)\iolo\Common\Lib\ioloLManager.exe
SafeBoot-35874057.sys
SafeBoot-AMP
SafeBoot-AMPSE
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
.
**************************************************************************
.
Completion time: 2012-08-17 19:57:44 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-17 23:57
.
Pre-Run: 422,490,054,656 bytes free
Post-Run: 423,039,614,976 bytes free
.
- - End Of File - - B5B808BE2E427EECC4C784E792C3C69E
 
Looks good :)

Any current issues?

=====================================

I can see Authentium AntiVirus5 running.
You have to decide which one AV program (AVG or Authentium AntiVirus5) you want to keep.
Let me know.

Next....

Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
Alternate download: http://www.filehippo.com/download_malwarebytes_anti_malware/
NOTE. If you already have MBAM installed, update it before running the scan.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer IF MBAM asks you to do so.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=====================================

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
The laptop appears to be running fine besides logging me in as a temporary user and not showing my personal files. This bothers me because I write my own books on it, but I have those on an external hard drive anyway.
I don't recall ever installing Authentium AntiVirus5 on my computer and do not see a file for it. I uninstalled my trial AVG so I am confused as to why this other program is shown.
 
We'll remove Authentium manually.

At this point you can reinstall AVG.

What happens when you try to login as you?
 
It logs me in, but as a temporary profile that cannot access my files and the changes I make are deleted each time I log on.
 
Here is the Malwarebytes log. I have reinstalled AVG 2012

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.17.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Britt :: BRITT-HP [administrator]

Protection: Disabled

8/17/2012 8:38:01 PM
mbam-log-2012-08-17 (20-38-01).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 227067
Time elapsed: 9 minute(s), 37 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 
After I log on and the computer is loading it says "Preparing your desktop..." which is not normal. Upon arriving to the desktop screen I receive the Windows message "You have been logged on with a temporary profile. You cannot access your files and files created in this profile will be deleted when you log off. To fix this, log off and try logging on later. Please see the event log for details or contact your system administrator."
I am the system Administrator, but since I wasn't sure if it would impact the removal process I haven't done anything about it.
 
I've been checking through all my programs and files to ensure everything is there and working. Currently the only issue I am having is firefox being slow and unresponsive and a few icons on my task bar showing up blank. I received a message upon opening firefox saying "Could not initialize the application's security component. The most likely cause is problems with files in your application's profile directory. Please check that this directory has no read/write restrictions and your hard disk is not full or close to full. It is recommended that you exit the application and fix the problem. If you continue to use this session, you might see incorrect application behavior."
 
Cool :)

Due to the infection you may need to reinstall some programs.

Go ahead with OTL.
 
OTL logfile created on: 8/17/2012 10:18:47 PM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Britt\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.48 Gb Total Physical Memory | 1.90 Gb Available Physical Memory | 54.50% Memory free
6.96 Gb Paging File | 5.05 Gb Available in Paging File | 72.64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 447.21 Gb Total Space | 393.64 Gb Free Space | 88.02% Space Free | Partition Type: NTFS
Drive D: | 14.39 Gb Total Space | 1.60 Gb Free Space | 11.12% Space Free | Partition Type: NTFS
Drive G: | 3.96 Gb Total Space | 1.10 Gb Free Space | 27.74% Space Free | Partition Type: FAT32

Computer Name: BRITT-HP | User Name: Britt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/17 22:17:18 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Britt\Desktop\OTL.exe
PRC - [2012/08/17 20:51:39 | 001,162,848 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2012/08/17 16:46:22 | 001,536,712 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
PRC - [2012/07/29 21:45:29 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/07/04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
PRC - [2012/06/21 03:48:40 | 004,368,504 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgui.exe
PRC - [2012/06/14 11:04:26 | 001,177,536 | R--- | M] (Western Digital ) -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe
PRC - [2012/06/14 11:04:24 | 001,151,424 | R--- | M] (Western Digital ) -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
PRC - [2012/06/14 10:58:24 | 005,235,128 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
PRC - [2012/06/14 10:57:20 | 000,248,248 | R--- | M] (Western Digital) -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
PRC - [2012/06/13 03:48:50 | 002,321,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012/03/05 13:38:38 | 000,578,944 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2011/08/19 15:48:44 | 000,379,960 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
PRC - [2011/07/06 21:13:48 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe


========== Modules (No Company Name) ==========

MOD - [2012/08/17 20:51:39 | 001,162,848 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
MOD - [2012/08/17 16:46:21 | 009,465,032 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
MOD - [2012/08/16 15:04:32 | 000,132,704 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.0\SiteSafety.dll
MOD - [2012/07/29 21:45:27 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/05/25 12:53:24 | 000,180,576 | ---- | M] (Commtouch, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe -- (vseqrts)
SRV:64bit: - [2012/05/25 12:53:20 | 000,119,136 | R--- | M] (Commtouch, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe -- (vsedsps)
SRV:64bit: - [2012/05/25 12:53:12 | 000,121,184 | R--- | M] (Commtouch, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe -- (vseamps)
SRV:64bit: - [2011/11/29 22:33:07 | 000,302,592 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2011/09/15 18:12:12 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/08/04 04:04:58 | 000,365,568 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2011/02/17 01:47:28 | 000,682,040 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe -- (HPAuto)
SRV:64bit: - [2010/10/11 05:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/02/04 01:44:10 | 001,039,872 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxdxcoms.exe -- (lxdx_device)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2008/12/11 14:05:32 | 003,589,416 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\SysNative\Pen_Tablet.exe -- (TabletServicePen)
SRV - [2012/08/17 16:46:23 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/29 21:45:28 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012/06/14 11:04:26 | 001,177,536 | R--- | M] (Western Digital ) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe -- (WDRulesService)
SRV - [2012/06/14 11:04:24 | 001,151,424 | R--- | M] (Western Digital ) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe -- (WDBackup)
SRV - [2012/06/14 10:57:20 | 000,248,248 | R--- | M] (Western Digital) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe -- (WDDriveService)
SRV - [2012/06/13 03:48:50 | 002,321,560 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgfws.exe -- (avgfws)
SRV - [2012/03/14 10:28:28 | 000,197,504 | ---- | M] (Hewlett-Packard Company) [Disabled | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2012/03/05 13:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Disabled | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011/11/29 22:29:29 | 002,424,424 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2011/09/09 18:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
SRV - [2010/11/26 10:09:12 | 000,399,344 | ---- | M] (Roxio) [Disabled | Stopped] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010/02/04 01:43:56 | 000,589,824 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxdxcoms.exe -- (lxdx_device)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/07/26 10:01:28 | 000,082,160 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\PDFsFilter.sys -- (PDFsFilter)
DRV:64bit: - [2012/05/25 12:58:30 | 000,173,408 | R--- | M] (Commtouch, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\amp.sys -- (AMP)
DRV:64bit: - [2012/05/25 12:58:28 | 001,496,416 | R--- | M] (Commtouch, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\ampse.sys -- (AMPSE)
DRV:64bit: - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012/04/17 08:25:02 | 000,031,432 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElRawDsk.sys -- (ElRawDisk)
DRV:64bit: - [2012/04/12 19:45:04 | 001,860,672 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2012/03/19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:64bit: - [2011/12/23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2011/11/29 22:33:08 | 000,528,896 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/11/29 22:30:55 | 001,448,496 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011/11/29 22:29:29 | 000,339,048 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
DRV:64bit: - [2011/11/29 22:27:35 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/09/15 18:51:12 | 010,206,208 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/09/15 17:38:42 | 000,317,952 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/07/21 00:12:50 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/07/21 00:12:50 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/05/23 01:03:28 | 000,048,992 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd)
DRV:64bit: - [2011/04/16 06:37:50 | 000,079,488 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2011/04/16 06:37:50 | 000,040,064 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2011/03/30 18:46:46 | 000,114,704 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/12/16 15:06:46 | 000,047,232 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/07/28 10:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
DRV:64bit: - [2010/02/18 12:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009/06/10 16:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 16:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/10/06 13:53:26 | 000,018,216 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV:64bit: - [2008/08/18 17:45:00 | 000,015,272 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)
DRV:64bit: - [2008/05/06 17:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2007/02/16 14:12:36 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV:64bit: - [2007/02/15 19:11:26 | 000,012,976 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WacomVKHid.sys -- (WacomVKHid)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE:64bit: - HKLM\..\SearchScopes\{C8F2DD3D-79C7-4C8A-B0B4-8649F4D0E67A}: "URL" = http://www.amazon.com/s/ref=azs_osd...ode=qs&index=aps&field-keywords={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
IE - HKLM\..\SearchScopes\{C8F2DD3D-79C7-4C8A-B0B4-8649F4D0E67A}: "URL" = http://www.amazon.com/s/ref=azs_osd...ode=qs&index=aps&field-keywords={searchTerms}
IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
You must log in or register to reply here.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
793
uber_beetle
uber_beetle
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A

Latest posts

Back