TechSpot

Multiple Trojan Infection

By UnluckyComp
Aug 16, 2012
  1. As my username says I do not have any luck when it comes to computers and I am hoping for assistance. My browser began randomly redirecting to ad sites and opening tabs the day before yesterday. I had iolo System Mechanic Professional as my antivirus, but it apparently had stopped working as a separate issue, allowing my laptop to be infected. I downloaded an AVG trial which detected multiple Trojans BackDoor, Generic, and Dropped.
    I performed the 5-step preliminary removal instructions.

    Logs
    ----------------------
    Malwarebytes Anti-Malware (Trial) 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.08.16.10

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Britt :: BRITT-HP [administrator]

    Protection: Enabled

    8/16/2012 6:11:57 PM
    mbam-log-2012-08-16 (18-11-57).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 211203
    Time elapsed: 23 minute(s), 54 second(s)

    Memory Processes Detected: 1
    C:\Windows\svchost.exe (Trojan.Agent) -> 4056 -> Delete on reboot.

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 3
    C:\Windows\Installer\{c09ca9f8-9c91-b1a9-5255-93be2a2fcea3}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
    C:\Windows\Installer\{c09ca9f8-9c91-b1a9-5255-93be2a2fcea3}\U\000000cb.@ (Rootkit.0Access) -> Quarantined and deleted successfully.
    C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-08-16 22:00:05
    Windows 6.1.7601 Service Pack 1
    Running: juh98o7m.exe


    ---- Files - GMER 1.0.15 ----

    File C:\System Volume Information\{48268b84-e7f3-11e1-94b4-78e3b560e8bd}{3808876b-c176-4e48-b7ae-04046e6cc752} 0 bytes
    File C:\Windows\SysWOW64\config\systemprofile\AppData\Local\CrashDumps\svchost.exe.6668.dmp 294258 bytes

    ---- EOF - GMER 1.0.15 ----
    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
    Run by Britt at 22:17:02 on 2012-08-16
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3563.1206 [GMT -4:00]
    .
    AV: System Shield *Enabled/Updated* {C132074B-BF68-2E15-D4FD-E242EED15F18}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: System Shield *Enabled/Updated* {7A53E6AF-9952-219B-EE4D-D930955615A5}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files\IDT\WDM\STacSV64.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
    C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    C:\Windows\system32\lxdxcoms.exe
    C:\Windows\system32\Pen_Tablet.exe
    C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
    C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe
    C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
    C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
    C:\Program Files (x86)\AVG\AVG2012\avgemca.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
    C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
    C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
    C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    -netsvcs
    C:\Windows\system32\conhost.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\vssvc.exe
    C:\Windows\System32\svchost.exe -k swprv
    C:\Windows\splwow64.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\WTablet\Pen_TabletUser.exe
    C:\Windows\system32\Pen_Tablet.exe
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxmon.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
    C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
    C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
    C:\Program Files (x86)\AVG Secure Search\vprot.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxMsdMon.exe
    C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
    C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
    c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files (x86)\AVG\AVG2012\avgrsa.exe
    C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
    C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
    C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.yahoo.com/
    uInternet Settings,ProxyOverride = *.local
    mWinlogon: Userinit=userinit.exe,
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
    BHO: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - No File
    BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\12.2.0.5\AVG Secure Search_toolbar.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
    TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\12.2.0.5\AVG Secure Search_toolbar.dll
    TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    uRun: [AdobeBridge]
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    mRun: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
    mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
    mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
    mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
    mRun: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
    mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
    LSP: C:\Windows\system32\iavlsp.dll
    LSP: mswsock.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{5DA9DC91-A91E-4501-A025-0949F0DBEE0E} : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{5DA9DC91-A91E-4501-A025-0949F0DBEE0E}\2375942554730373 : DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{5DA9DC91-A91E-4501-A025-0949F0DBEE0E}\C616B65686F6573756 : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{5DA9DC91-A91E-4501-A025-0949F0DBEE0E}\D456E6167656279656 : DhcpNameServer = 192.168.2.1
    TCP: Interfaces\{5DA9DC91-A91E-4501-A025-0949F0DBEE0E}\D61687D27657563747 : DhcpNameServer = 97.81.22.195 71.92.29.130 24.217.201.67
    TCP: Interfaces\{5DA9DC91-A91E-4501-A025-0949F0DBEE0E}\E4544574541425 : DhcpNameServer = 10.0.0.1
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
    Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.0\ViProtocol.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
    BHO-X64: AVG Do Not Track - No File
    BHO-X64: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - No File
    BHO-X64: AMD SteadyVideo BHO - No File
    BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.0.5\AVG Secure Search_toolbar.dll
    BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
    TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.0.5\AVG Secure Search_toolbar.dll
    TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    mRun-x64: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
    mRun-x64: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    mRun-x64: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun-x64: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
    mRun-x64: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
    mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
    mRun-x64: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
    mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 amd_sata;amd_sata;C:\Windows\system32\DRIVERS\amd_sata.sys --> C:\Windows\system32\DRIVERS\amd_sata.sys [?]
    R0 amd_xata;amd_xata;C:\Windows\system32\DRIVERS\amd_xata.sys --> C:\Windows\system32\DRIVERS\amd_xata.sys [?]
    R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
    R1 Avgfwfd;AVG network filter service;C:\Windows\system32\DRIVERS\avgfwd6a.sys --> C:\Windows\system32\DRIVERS\avgfwd6a.sys [?]
    R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
    R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
    R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
    R1 avgtp;avgtp;\??\C:\Windows\system32\drivers\avgtpx64.sys --> C:\Windows\system32\drivers\avgtpx64.sys [?]
    R1 ElRawDisk;ElRawDisk;\??\C:\Windows\system32\drivers\ElRawDsk.sys --> C:\Windows\system32\drivers\ElRawDsk.sys [?]
    R2 AMP;Active Malware Protection Minifilter Driver;\??\C:\Windows\system32\Drivers\amp.sys --> C:\Windows\system32\Drivers\amp.sys [?]
    R2 AMPSE;Active Malware Protection Support Driver;\??\C:\Windows\system32\Drivers\ampse.sys --> C:\Windows\system32\Drivers\ampse.sys [?]
    R2 PDFsFilter;PDFsFilter;C:\Windows\system32\DRIVERS\PDFsFilter.sys --> C:\Windows\system32\DRIVERS\PDFsFilter.sys [?]
    R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
    R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
    R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
    R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
    R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
    R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]
    R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
    R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
    R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
    S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
    S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
    S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
    S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    .
    =============== Created Last 30 ================
    .
    2012-08-16 22:41:16 20480 ------w- C:\Windows\svchost.exe
    2012-08-16 22:10:43 -------- d-----w- C:\Users\Britt\AppData\Roaming\Malwarebytes
    2012-08-16 22:10:28 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-08-16 22:10:21 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-08-16 22:10:20 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-08-16 20:56:30 74703 ----a-w- C:\Windows\SysWow64\mfc45.dat
    2012-08-16 19:05:46 -------- d-----w- C:\Users\Britt\AppData\Roaming\AVG2012
    2012-08-16 19:05:00 -------- d-----w- C:\Users\Britt\AppData\Local\AVG Secure Search
    2012-08-16 19:04:50 -------- d-----w- C:\ProgramData\AVG Secure Search
    2012-08-16 19:04:35 31080 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
    2012-08-16 19:04:26 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search
    2012-08-16 19:04:22 -------- d-----w- C:\Program Files (x86)\AVG Secure Search
    2012-08-16 19:03:31 -------- d-----w- C:\Windows\SysWow64\drivers\AVG
    2012-08-16 19:00:44 -------- d--h--w- C:\$AVG
    2012-08-16 19:00:43 -------- d-----w- C:\Windows\System32\drivers\AVG
    2012-08-16 19:00:43 -------- d-----w- C:\ProgramData\AVG2012
    2012-08-16 18:59:36 -------- d-----w- C:\Program Files (x86)\AVG
    2012-08-16 18:51:05 -------- d--h--w- C:\ProgramData\Common Files
    2012-08-16 18:51:05 -------- d-----w- C:\ProgramData\MFAData
    2012-08-16 03:10:32 -------- d-----w- C:\Program Files (x86)\SpeedFan
    2012-08-15 23:14:42 -------- d-----w- C:\Windows\java
    2012-08-15 23:14:41 -------- d-----w- C:\Program Files (x86)\Cellosoft
    2012-08-15 22:15:21 -------- d-----w- C:\Program Files (x86)\Oracle
    2012-08-15 22:14:43 772544 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
    2012-08-15 21:56:18 -------- d-----w- C:\ProgramData\Authentium
    2012-08-15 21:56:18 -------- d-----w- C:\Program Files\Common Files\Authentium
    2012-08-15 21:56:18 -------- d-----w- C:\Program Files (x86)\Common Files\Authentium
    2012-08-15 21:55:40 160256 ----a-w- C:\Windows\System32\iavlsp64.dll
    2012-08-15 21:55:40 118784 ----a-w- C:\Windows\SysWow64\iavlsp.dll
    2012-08-13 01:30:06 -------- d-----w- C:\Users\Britt\AppData\Local\{900DF64C-829B-4454-AC98-3A255F31629E}
    2012-08-13 01:29:53 -------- d-----w- C:\Users\Britt\AppData\Local\{595DBE01-D303-4212-A5EC-69E5162C0289}
    2012-08-12 05:29:30 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
    2012-08-10 16:52:28 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{ED8A4666-3B84-4E3A-B543-8BAFD24D1373}\mpengine.dll
    2012-08-01 23:41:31 -------- d-----w- C:\Users\Britt\AppData\Local\{2FFEB4C2-3E3E-4E7A-AF7A-D6095F8DECD3}
    2012-08-01 23:41:19 -------- d-----w- C:\Users\Britt\AppData\Local\{7977E300-D3EB-47F8-B7E7-009E977BB1C1}
    2012-08-01 23:36:03 -------- d-----w- C:\Program Files\Western Digital
    2012-07-31 18:31:43 -------- d-----w- C:\Users\Britt\AppData\Local\{EE2C2720-BBC4-4D86-92DB-AC4F3C4A0328}
    2012-07-31 18:31:31 -------- d-----w- C:\Users\Britt\AppData\Local\{4A056682-08BA-42A6-B8FB-793DC6589378}
    2012-07-30 23:58:39 -------- d-----w- C:\Users\Britt\AppData\Local\{A99AD0F4-A4C7-4BC1-B7FE-DC666E2378EC}
    2012-07-30 23:58:27 -------- d-----w- C:\Users\Britt\AppData\Local\{4CCBE77A-B4C8-42E9-AA92-C4D89354562A}
    2012-07-30 18:15:59 -------- d-----w- C:\Users\Britt\AppData\Local\{D9F69618-90D5-47F3-9F96-EF76EFC07DF7}
    2012-07-28 21:55:00 -------- d-----w- C:\Users\Britt\AppData\Local\{C1A19B91-0ACA-40AD-9371-6CD11FF1F2A1}
    2012-07-28 21:54:48 -------- d-----w- C:\Users\Britt\AppData\Local\{0F704EDF-C59A-4DB3-9D7A-8F46DC349C96}
    2012-07-28 04:45:34 82160 ----a-w- C:\Windows\System32\drivers\PDFsFilter.sys
    2012-07-19 14:46:31 -------- d-----w- C:\Users\Britt\AppData\Local\{F27DC02C-A638-4F17-BA91-4A7AC836DCC9}
    2012-07-19 14:46:20 -------- d-----w- C:\Users\Britt\AppData\Local\{F186B8F6-850F-48FD-8C3E-D68DEDDD9C25}
    .
    ==================== Find3M ====================
    .
    2012-08-15 17:46:22 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-08-15 17:46:22 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-08-02 16:45:44 56472 ----a-w- C:\Windows\System32\iolobtdfg.exe
    2012-08-02 16:45:34 25072 ----a-w- C:\Windows\System32\smrgdf.exe
    2012-08-02 15:27:36 2154576 ----a-w- C:\Windows\System32\Incinerator64.dll
    2012-07-06 02:06:20 687544 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2012-06-12 03:08:36 3148800 ----a-w- C:\Windows\System32\win32k.sys
    2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
    2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
    2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
    2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
    2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
    2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
    2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
    2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
    2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
    2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
    2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
    2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
    2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
    2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
    2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
    2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
    2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
    2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
    2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
    2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
    2012-05-31 16:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe
    2012-05-25 16:58:30 173408 ----a-r- C:\Windows\System32\drivers\amp.sys
    2012-05-25 16:58:28 1496416 ----a-r- C:\Windows\System32\drivers\ampse.sys
    .
    ============= FINISH: 22:22:10.73 ===============

    Thank you for your time and in advance for any help you can offer.
     
  2. UnluckyComp

    UnluckyComp TS Rookie Topic Starter Posts: 30

    Forgot this other DDS log sorry

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 11/14/2011 1:22:49 PM
    System Uptime: 8/16/2012 6:39:46 PM (4 hours ago)
    .
    Motherboard: Hewlett-Packard | | 169B
    Processor: AMD A6-3400M APU with Radeon(tm) HD Graphics | Socket FS1 | 798/100mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 447 GiB total, 394.648 GiB free.
    D: is FIXED (NTFS) - 14 GiB total, 1.601 GiB free.
    E: is FIXED (FAT32) - 4 GiB total, 0.009 GiB free.
    F: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP219: 8/16/2012 7:36:28 PM - Scheduled Checkpoint
    .
    ==== Installed Programs ======================
    .
    Adobe AIR
    Adobe Community Help
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Media Player
    Adobe Photoshop CS5
    Adobe Reader X (10.1.1) MUI
    Adobe Reader X (10.1.4)
    Adobe Shockwave Player 11.5
    AMD VISION Engine Control Center
    Apple Application Support
    Apple Software Update
    Bejeweled 3
    Blackhawk Striker 2
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    CyberLink YouCam
    D3DX10
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    ESU for Microsoft Windows 7 SP1
    Evernote v. 4.2.3
    FUJIFILM MyFinePix Studio 3.2
    Hewlett-Packard ACLM.NET v1.1.2.0
    HP Customer Experience Enhancements
    HP Documentation
    HP Games
    HP On Screen Display
    HP Power Manager
    HP Quick Launch
    HP QuickWeb
    HP Setup
    HP Setup Manager
    HP Software Framework
    IDT Audio
    iolo technologies' System Mechanic Professional
    Java Auto Updater
    Java(TM) 6 Update 31
    Java(TM) 7 Update 5
    JavaFX 2.1.1
    join.me
    JTablet
    Junk Mail filter update
    Mah Jong Medley
    Malwarebytes Anti-Malware version 1.62.0.1300
    Mesh Runtime
    Messenger Companion
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Home and Student 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Single Image 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft WSE 3.0 Runtime
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    Mozilla Firefox 14.0.1 (x86 en-US)
    Mozilla Maintenance Service
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Namco All-Stars: PAC-MAN
    PDF Settings CS5
    Pen Tablet
    PlayReady PC Runtime x86
    QuickTime
    Ralink RT5390 802.11b/g/n WiFi Adapter
    Realtek Ethernet Controller Driver
    Realtek PCIE Card Reader
    Recovery Manager
    RoxioNow Player
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
    Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
    Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
    Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
    Skype™ 5.3
    SpeedFan (remove only)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2600217)
    Update for Microsoft Office 2010 (KB2494150)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
    Update Installer for WildTangent Games App
    Visual Studio 2008 x64 Redistributables
    Wildlife Park 2 GOLD
    WildTangent Games App (HP Games)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    .
    ==== Event Viewer Messages From Past Week ========
    .
    8/16/2012 6:41:03 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: FileDisk
    8/16/2012 6:40:27 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
    8/16/2012 6:40:26 PM, Error: Service Control Manager [7003] - The iolo System Service service depends the following service: BITS. This service might not be installed.
    8/16/2012 6:40:26 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
    8/16/2012 6:40:20 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
    8/16/2012 5:44:32 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000001e (0xffffffffc0000005, 0xfffff800031d86ea, 0x0000000000000001, 0x0000000000000018). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 081612-40981-01.
    8/16/2012 5:21:05 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WDRulesService with arguments "" in order to run the server: {C004E60F-2D62-4BE1-98C4-C39A8046B6BB}
    8/16/2012 5:21:05 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service WDBackup with arguments "" in order to run the server: {81213AB4-5937-4340-88CD-66B4BC80DF73}
    8/16/2012 5:09:17 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    8/16/2012 5:09:17 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    8/16/2012 5:09:17 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    8/16/2012 5:09:10 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    8/16/2012 5:09:01 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx64 Avgmfx64 discache ElRawDisk FileDisk spldr Wanarpv6
    8/16/2012 5:09:00 PM, Error: Service Control Manager [7001] - The Active Malware Protection Support Driver service depends on the Active Malware Protection Minifilter Driver service which failed to start because of the following error: The driver was not loaded because the system is booting into safe mode.
    8/16/2012 5:08:59 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    8/16/2012 5:08:58 PM, Error: Service Control Manager [7000] - The Active Malware Protection Minifilter Driver service failed to start due to the following error: The driver was not loaded because the system is booting into safe mode.
    8/16/2012 4:56:34 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1075" attempting to start the service ioloSystemService with arguments "" in order to run the server: {40310869-27A4-42B1-8AAD-E4CEFB3BE286}
    8/16/2012 4:24:13 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    8/16/2012 4:05:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    8/16/2012 4:05:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    8/16/2012 4:04:47 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgfwfd Avgldx64 Avgmfx64 Avgtdia DfsC discache ElRawDisk FileDisk NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf ws2ifsl
    8/16/2012 4:04:46 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    8/16/2012 4:04:46 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    8/16/2012 4:04:46 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    8/16/2012 4:04:46 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    8/16/2012 4:04:46 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    8/16/2012 4:04:45 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    8/16/2012 4:04:45 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    8/16/2012 4:04:45 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    8/16/2012 4:04:45 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    8/16/2012 3:37:41 PM, Error: Service Control Manager [7031] - The WD Backup service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    8/16/2012 10:02:38 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
    8/16/2012 10:02:38 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
    8/15/2012 5:47:10 PM, Error: Service Control Manager [7000] - The Active Malware Protection Support Driver service failed to start due to the following error: The parameter is incorrect.
    8/15/2012 5:29:25 PM, Error: Service Control Manager [7003] - The iolo System Service service depends the following service: vseamps. This service might not be installed.
    8/15/2012 12:11:18 PM, Error: Service Control Manager [7000] - The Compaq Dfw service failed to start due to the following error: The system cannot find the file specified.
    8/15/2012 11:57:44 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.
    8/15/2012 11:57:44 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    8/15/2012 11:57:44 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    8/15/2012 11:57:32 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    8/15/2012 11:57:30 AM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-2147218173.
    8/15/2012 11:30:53 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HP Support Assistant Service service to connect.
    8/15/2012 11:30:53 AM, Error: Service Control Manager [7000] - The HP Support Assistant Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    8/15/2012 11:28:00 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007e (0xffffffffc0000005, 0x0000000400000003, 0xfffff88007f7ca68, 0xfffff88007f7c2c0). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 081512-47377-01.
    8/15/2012 10:23:52 AM, Error: volsnap [67] - The shadow copy of volume C: being created failed to install.
    8/15/2012 1:13:59 PM, Error: Service Control Manager [7001] - The iolo System Service service depends on the vseamps service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    8/14/2012 10:35:03 AM, Error: volsnap [8] - The flush and hold writes operation on volume C: timed out while waiting for a release writes command.
    8/12/2012 9:14:29 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
    8/10/2012 11:58:55 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer BUCKLEYC-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{5DA9DC91-A91E-4501-A025-0949F0DBEE0E}. The master browser is stopping or an election is being forced.
    .
    ==== End Of File ===========================
     
  3. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =====================================

    We have at least two serious infections there, ZeroAccess rootkit and TDL rootkit.

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

    Next...

    Re-run FRST again.
    Type the following in the edit box after "Search:".

    services.exe

    Click Search button and post the log (Search.txt) it makes in your reply.

    I'll expect two logs:
    - FRST.txt
    - Search.txt
     
  4. UnluckyComp

    UnluckyComp TS Rookie Topic Starter Posts: 30

    Thank you for your quick reply. This morning the laptop could not boot normally and went into startup repair on it's own as a process I could not cancel. Since I could not stop it I performed the instructions you gave me after it finished.

    Scan result of Farbar Recovery Scan Tool Version: 15-08-2012
    Ran by SYSTEM at 17-08-2012 13:54:41
    Running from G:\
    Windows 7 Home Premium (X64) OS Language: English(US)
    The current controlset is ControlSet001

    ========================== Registry (Whitelisted) =============

    HKLM\...\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-11-29] (IDT, Inc.)
    HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2816808 2011-11-29] (Synaptics Incorporated)
    HKLM\...\Run: [SetDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [43320 2011-10-31] (Hewlett-Packard Development Company, L.P.)
    HKLM\...\Run: [lxdxmon.exe] "C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxmon.exe" [672424 2010-02-03] ()
    HKLM\...\Run: [lxdxamon] "C:\Program Files (x86)\Lexmark 3600-4600 Series\lxdxamon.exe" [16040 2010-02-03] ()
    HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [500208 2010-03-06] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe [5235128 2012-06-14] (Western Digital Technologies, Inc.)
    HKLM-x32\...\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [343168 2011-08-17] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
    HKLM-x32\...\Run: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [168504 2011-06-26] (Hewlett-Packard Company)
    HKLM-x32\...\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
    HKLM-x32\...\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin [402432 2010-07-22] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-17] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe" [2587008 2012-04-05] (AVG Technologies CZ, s.r.o.)
    HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [1162848 2012-08-16] ()
    HKLM-x32\...\Run: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 [1020512 2012-08-16] ()
    HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] ()
    HKU\Britt\...\Run: [AdobeBridge] [x]
    HKU\Default\...\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe [1475584 2010-11-20] (Microsoft Corporation)
    HKU\Default User\...\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe [1475584 2010-11-20] (Microsoft Corporation)
    HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent [462920 2012-07-03] ()
    HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript [1085000 2012-07-03] (Malwarebytes Corporation)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

    ==================== Services (Whitelisted) ======

    2 avgfws; "C:\Program Files (x86)\AVG\AVG2012\avgfws.exe" [2321560 2012-06-12] (AVG Technologies CZ, s.r.o.)
    2 AVGIDSAgent; "C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe" [5160568 2012-07-04] (AVG Technologies CZ, s.r.o.)
    2 avgwd; "C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe" [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
    2 HPAuto; "C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe" [682040 2011-02-16] (Hewlett-Packard)
    2 lxdx_device; C:\Windows\system32\lxdxcoms.exe -service [1039872 2010-02-03] ( )
    2 lxdx_device; C:\Windows\SysWow64\lxdxcoms.exe -service [589824 2010-02-03] ( )
    2 MBAMService; "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)
    2 vseamps; "C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe" [121184 2012-05-25] (Commtouch, Inc.)
    2 vsedsps; "C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe" [119136 2012-05-25] (Commtouch, Inc.)
    3 vseqrts; "C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe" [180576 2012-05-25] (Commtouch, Inc.)
    2 vToolbarUpdater12.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe [927840 2012-08-16] ()
    2 WDBackup; "C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe" [1151424 2012-06-14] (Western Digital )
    2 WDDriveService; "C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe" [248248 2012-06-14] (Western Digital)
    2 WDRulesService; "C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe" [1177536 2012-06-14] (Western Digital )
    2 ioloSystemService; "C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe" [x]

    ========================== Drivers (Whitelisted) =============

    2 AMP; C:\Windows\System32\Drivers\AMP.sys [173408 2012-05-25] (Commtouch, Inc.)
    2 AMPSE; C:\Windows\System32\Drivers\AMPSE.sys [1496416 2012-05-25] (Commtouch, Inc.)
    1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [48992 2011-05-22] (AVG Technologies CZ, s.r.o.)
    3 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [124496 2011-12-23] (AVG Technologies CZ, s.r.o. )
    3 AVGIDSFilter; C:\Windows\System32\DRIVERS\avgidsfiltera.sys [29776 2011-12-23] (AVG Technologies CZ, s.r.o. )
    0 AVGIDSHA; C:\Windows\System32\Drivers\AVGIDSHA.sys [28480 2012-04-19] (AVG Technologies CZ, s.r.o. )
    1 Avgldx64; C:\Windows\System32\Drivers\Avgldx64.sys [289872 2012-02-22] (AVG Technologies CZ, s.r.o.)
    1 Avgmfx64; C:\Windows\System32\Drivers\Avgmfx64.sys [47696 2011-12-23] (AVG Technologies CZ, s.r.o.)
    0 Avgrkx64; C:\Windows\System32\Drivers\Avgrkx64.sys [36944 2012-01-31] (AVG Technologies CZ, s.r.o.)
    1 Avgtdia; C:\Windows\System32\Drivers\Avgtdia.sys [383808 2012-03-19] (AVG Technologies CZ, s.r.o.)
    1 avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys [31080 2012-08-16] (AVG Technologies)
    1 ElRawDisk; \??\C:\Windows\system32\drivers\ElRawDsk.sys [31432 2012-04-17] (EldoS Corporation)
    3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [24904 2012-07-03] (Malwarebytes Corporation)
    2 PDFsFilter; C:\Windows\System32\Drivers\PDFsFilter.sys [82160 2012-07-26] (Raxco Software, Inc.)
    3 CpqDfw; C:\Windows\System32\drivers\CpqDfw.sys [x]
    1 FileDisk; [x]
    2 wuauserv; [x]

    ========================== NetSvcs (Whitelisted) ===========


    ============ One Month Created Files and Folders ==============

    2012-08-17 13:48 - 2012-08-17 13:48 - 00000000 ____D C:\FRST
    2012-08-17 13:00 - 2012-08-17 13:39 - 00000000 ___HD C:\_Exception1
    2012-08-16 18:24 - 2012-08-16 18:24 - 00018720 ____A C:\Users\Britt\Documents\Attach.log
    2012-08-16 18:23 - 2012-08-16 18:23 - 00024941 ____A C:\Users\Britt\Documents\DDS.log
    2012-08-16 17:21 - 2012-08-16 18:00 - 00000449 ____A C:\Users\Britt\Documents\GMER.log
    2012-08-16 14:41 - 2009-07-13 17:14 - 00020480 ____A (Microsoft Corporation) C:\Windows\svchost.exe
    2012-08-16 14:10 - 2012-08-17 12:54 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-08-16 14:10 - 2012-08-16 14:10 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-08-16 14:10 - 2012-08-16 14:10 - 00000000 ____D C:\Users\Britt\AppData\Roaming\Malwarebytes
    2012-08-16 14:10 - 2012-08-16 14:10 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-08-16 14:10 - 2012-07-03 09:46 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-08-16 14:07 - 2012-08-16 14:08 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Britt\Downloads\mbam-setup-1.62.0.1300.exe
    2012-08-16 13:44 - 2012-08-16 13:44 - 418095246 ____A C:\Windows\MEMORY.DMP
    2012-08-16 13:44 - 2012-08-16 13:44 - 00275664 ____A C:\Windows\Minidump\081612-40981-01.dmp
    2012-08-16 12:56 - 2012-08-16 12:56 - 00074703 ____A C:\Windows\SysWOW64\mfc45.dat
    2012-08-16 12:06 - 2012-08-16 13:23 - 00015678 ____A C:\Users\Britt\Desktop\avgrep.txt
    2012-08-16 11:05 - 2012-08-16 11:05 - 00000965 ____A C:\Users\Public\Desktop\AVG 2012.lnk
    2012-08-16 11:05 - 2012-08-16 11:05 - 00000000 ____D C:\Users\Britt\AppData\Roaming\AVG2012
    2012-08-16 11:05 - 2012-08-16 11:05 - 00000000 ____D C:\Users\Britt\AppData\Local\AVG Secure Search
    2012-08-16 11:04 - 2012-08-16 11:04 - 00031080 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
    2012-08-16 11:04 - 2012-08-16 11:04 - 00000000 ____D C:\Users\All Users\AVG Secure Search
    2012-08-16 11:04 - 2012-08-16 11:04 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
    2012-08-16 11:03 - 2012-08-16 11:03 - 00000000 ____D C:\Windows\SysWOW64\Drivers\AVG
    2012-08-16 11:00 - 2012-08-17 12:54 - 00000000 ____D C:\Windows\System32\Drivers\AVG
    2012-08-16 11:00 - 2012-08-17 12:52 - 00000000 ____D C:\Users\All Users\AVG2012
    2012-08-16 11:00 - 2012-08-16 11:00 - 00000000 ___HD C:\$AVG
    2012-08-16 10:59 - 2012-08-16 10:59 - 00000000 ____D C:\Program Files (x86)\AVG
    2012-08-16 10:51 - 2012-08-16 13:28 - 00000000 ____D C:\Users\All Users\MFAData
    2012-08-16 10:50 - 2012-08-16 10:50 - 03879800 ____A (AVG Technologies) C:\Users\Britt\Downloads\avg_free_stb_all_2012_2197_cnet.exe
    2012-08-15 19:10 - 2012-08-17 12:54 - 00000000 ____D C:\Program Files (x86)\SpeedFan
    2012-08-15 19:10 - 2012-08-15 19:10 - 00001007 ____A C:\Users\Britt\Desktop\SpeedFan.lnk
    2012-08-15 19:10 - 2012-08-15 19:10 - 00000045 ____A C:\Windows\SysWOW64\initdebug.nfo
    2012-08-15 19:06 - 2012-08-15 19:06 - 02135728 ____A C:\Users\Britt\Downloads\installspeedfan446.exe
    2012-08-15 15:14 - 2012-08-15 15:14 - 00123107 ____A C:\Users\Britt\Downloads\JTabletSetupv0.9.5.exe
    2012-08-15 15:14 - 2012-08-15 15:14 - 00000000 ____D C:\Windows\java
    2012-08-15 15:14 - 2012-08-15 15:14 - 00000000 ____D C:\Program Files (x86)\Cellosoft
    2012-08-15 15:02 - 2012-08-15 15:48 - 00002435 ____A C:\Users\Britt\sketcher.properties
    2012-08-15 14:15 - 2012-08-15 14:15 - 00000000 ____D C:\Program Files (x86)\Oracle
    2012-08-15 14:14 - 2012-08-15 14:13 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
    2012-08-15 14:14 - 2012-08-15 14:13 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
    2012-08-15 14:14 - 2012-07-05 18:06 - 00772544 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
    2012-08-15 14:14 - 2012-07-05 18:06 - 00227760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
    2012-08-15 14:11 - 2012-08-15 14:11 - 00893936 ____A (Oracle Corporation) C:\Users\Britt\Downloads\jxpiinstall(3).exe
    2012-08-15 13:56 - 2012-08-15 13:56 - 00000000 ____D C:\Users\All Users\Authentium
    2012-08-15 13:56 - 2012-08-15 13:56 - 00000000 ____D C:\Program Files\Common Files\Authentium
    2012-08-15 13:55 - 2012-08-02 07:21 - 00160256 ____A C:\Windows\System32\iavlsp64.dll
    2012-08-15 13:55 - 2012-08-02 07:21 - 00118784 ____A (iolo technologies, LLC) C:\Windows\SysWOW64\iavlsp.dll
    2012-08-15 13:50 - 2012-08-15 13:50 - 00459696 ____A C:\Users\Britt\Downloads\smpro_dm(2).exe
    2012-08-15 12:26 - 2012-08-15 12:26 - 00893936 ____A (Oracle Corporation) C:\Users\Britt\Downloads\jxpiinstall(2).exe
    2012-08-15 12:25 - 2012-08-15 12:25 - 00893936 ____A (Oracle Corporation) C:\Users\Britt\Downloads\jxpiinstall(1).exe
    2012-08-15 12:23 - 2012-08-15 12:23 - 00459696 ____A C:\Users\Britt\Downloads\smpro_dm(1).exe
    2012-08-15 07:27 - 2012-08-16 13:44 - 00000000 ____D C:\Windows\Minidump
    2012-08-15 07:27 - 2012-08-15 07:28 - 00275664 ____A C:\Windows\Minidump\081512-47377-01.dmp
    2012-08-12 17:30 - 2012-08-12 17:30 - 00000000 ____D C:\Users\Britt\AppData\Local\{900DF64C-829B-4454-AC98-3A255F31629E}
    2012-08-12 17:29 - 2012-08-12 17:30 - 00000000 ____D C:\Users\Britt\AppData\Local\{595DBE01-D303-4212-A5EC-69E5162C0289}
    2012-08-12 13:41 - 2012-08-12 13:41 - 14481664 ____A C:\Users\Britt\Downloads\basic_painting_brushes_by_pastelaurora-d5axdo1.zip
    2012-08-11 21:29 - 2012-08-11 21:29 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA%
    2012-08-11 21:23 - 2012-08-11 21:23 - 00000000 ____D C:\Windows\Sun
    2012-08-11 18:13 - 2012-08-11 18:13 - 00000408 ____A C:\Windows\SysWOW64\iolo.ini
    2012-08-11 18:13 - 2012-08-11 18:13 - 00000408 ____A C:\Windows\System32\iolo.ini
    2012-08-01 15:41 - 2012-08-01 15:41 - 00000000 ____D C:\Users\Britt\AppData\Local\{7977E300-D3EB-47F8-B7E7-009E977BB1C1}
    2012-08-01 15:41 - 2012-08-01 15:41 - 00000000 ____D C:\Users\Britt\AppData\Local\{2FFEB4C2-3E3E-4E7A-AF7A-D6095F8DECD3}
    2012-08-01 15:36 - 2012-08-01 15:36 - 00000000 ____D C:\Program Files\Western Digital
    2012-08-01 15:26 - 2012-08-01 15:26 - 35180670 ____A C:\Users\Britt\Downloads\SmartWare_Windows_Upgrader_1.6.2.5.zip
    2012-07-31 10:31 - 2012-07-31 10:31 - 00000000 ____D C:\Users\Britt\AppData\Local\{EE2C2720-BBC4-4D86-92DB-AC4F3C4A0328}
    2012-07-31 10:31 - 2012-07-31 10:31 - 00000000 ____D C:\Users\Britt\AppData\Local\{4A056682-08BA-42A6-B8FB-793DC6589378}
    2012-07-31 07:48 - 2012-07-31 07:48 - 13529520 ____A (Broadcom Corporation.) C:\Users\Britt\Downloads\SetupBtwDownloadSE.exe
    2012-07-30 15:58 - 2012-07-30 15:58 - 00000000 ____D C:\Users\Britt\AppData\Local\{A99AD0F4-A4C7-4BC1-B7FE-DC666E2378EC}
    2012-07-30 15:58 - 2012-07-30 15:58 - 00000000 ____D C:\Users\Britt\AppData\Local\{4CCBE77A-B4C8-42E9-AA92-C4D89354562A}
    2012-07-30 10:15 - 2012-07-30 10:15 - 00000000 ____D C:\Users\Britt\AppData\Local\{D9F69618-90D5-47F3-9F96-EF76EFC07DF7}
    2012-07-28 13:55 - 2012-07-28 13:55 - 00000000 ____D C:\Users\Britt\AppData\Local\{C1A19B91-0ACA-40AD-9371-6CD11FF1F2A1}
    2012-07-28 13:54 - 2012-07-28 13:54 - 00000000 ____D C:\Users\Britt\AppData\Local\{0F704EDF-C59A-4DB3-9D7A-8F46DC349C96}
    2012-07-27 20:45 - 2012-07-26 06:01 - 00082160 ____A (Raxco Software, Inc.) C:\Windows\System32\Drivers\PDFsFilter.sys
    2012-07-19 06:46 - 2012-07-19 06:46 - 00000000 ____D C:\Users\Britt\AppData\Local\{F27DC02C-A638-4F17-BA91-4A7AC836DCC9}
    2012-07-19 06:46 - 2012-07-19 06:46 - 00000000 ____D C:\Users\Britt\AppData\Local\{F186B8F6-850F-48FD-8C3E-D68DEDDD9C25}

    ============ 3 Months Modified Files ========================

    2012-08-16 18:24 - 2012-08-16 18:24 - 00018720 ____A C:\Users\Britt\Documents\Attach.log
    2012-08-16 18:23 - 2012-08-16 18:23 - 00024941 ____A C:\Users\Britt\Documents\DDS.log
    2012-08-16 18:00 - 2012-08-16 17:21 - 00000449 ____A C:\Users\Britt\Documents\GMER.log
    2012-08-16 14:48 - 2009-07-13 20:45 - 00032064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-08-16 14:48 - 2009-07-13 20:45 - 00032064 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-08-16 14:46 - 2012-04-12 08:51 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2012-08-16 14:40 - 2010-11-20 19:47 - 00400968 ____A C:\Windows\PFRO.log
    2012-08-16 14:40 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-08-16 14:40 - 2009-07-13 20:51 - 00072137 ____A C:\Windows\setupact.log
    2012-08-16 14:10 - 2012-08-16 14:10 - 00001109 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-08-16 14:08 - 2012-08-16 14:07 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Britt\Downloads\mbam-setup-1.62.0.1300.exe
    2012-08-16 13:44 - 2012-08-16 13:44 - 418095246 ____A C:\Windows\MEMORY.DMP
    2012-08-16 13:44 - 2012-08-16 13:44 - 00275664 ____A C:\Windows\Minidump\081612-40981-01.dmp
    2012-08-16 13:23 - 2012-08-16 12:06 - 00015678 ____A C:\Users\Britt\Desktop\avgrep.txt
    2012-08-16 12:56 - 2012-08-16 12:56 - 00074703 ____A C:\Windows\SysWOW64\mfc45.dat
    2012-08-16 11:44 - 2009-07-13 21:13 - 00778660 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-08-16 11:05 - 2012-08-16 11:05 - 00000965 ____A C:\Users\Public\Desktop\AVG 2012.lnk
    2012-08-16 11:04 - 2012-08-16 11:04 - 00031080 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
    2012-08-16 10:50 - 2012-08-16 10:50 - 03879800 ____A (AVG Technologies) C:\Users\Britt\Downloads\avg_free_stb_all_2012_2197_cnet.exe
    2012-08-15 19:10 - 2012-08-15 19:10 - 00001007 ____A C:\Users\Britt\Desktop\SpeedFan.lnk
    2012-08-15 19:10 - 2012-08-15 19:10 - 00000045 ____A C:\Windows\SysWOW64\initdebug.nfo
    2012-08-15 19:06 - 2012-08-15 19:06 - 02135728 ____A C:\Users\Britt\Downloads\installspeedfan446.exe
    2012-08-15 15:48 - 2012-08-15 15:02 - 00002435 ____A C:\Users\Britt\sketcher.properties
    2012-08-15 15:14 - 2012-08-15 15:14 - 00123107 ____A C:\Users\Britt\Downloads\JTabletSetupv0.9.5.exe
    2012-08-15 14:13 - 2012-08-15 14:14 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
    2012-08-15 14:13 - 2012-08-15 14:14 - 00174064 ____A (Oracle Corporation) C:\Windows\SysWOW64\java.exe
    2012-08-15 14:11 - 2012-08-15 14:11 - 00893936 ____A (Oracle Corporation) C:\Users\Britt\Downloads\jxpiinstall(3).exe
    2012-08-15 13:50 - 2012-08-15 13:50 - 00459696 ____A C:\Users\Britt\Downloads\smpro_dm(2).exe
    2012-08-15 12:29 - 2012-02-11 22:20 - 00428504 ____A C:\Users\Britt\Documents\AVSDK5_UNINST.LOG
    2012-08-15 12:26 - 2012-08-15 12:26 - 00893936 ____A (Oracle Corporation) C:\Users\Britt\Downloads\jxpiinstall(2).exe
    2012-08-15 12:25 - 2012-08-15 12:25 - 00893936 ____A (Oracle Corporation) C:\Users\Britt\Downloads\jxpiinstall(1).exe
    2012-08-15 12:23 - 2012-08-15 12:23 - 00459696 ____A C:\Users\Britt\Downloads\smpro_dm(1).exe
    2012-08-15 10:21 - 2012-01-18 07:51 - 00007597 ____A C:\Users\Britt\AppData\Local\Resmon.ResmonCfg
    2012-08-15 09:46 - 2012-04-12 08:51 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2012-08-15 09:46 - 2011-07-20 20:31 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2012-08-15 08:00 - 2012-07-17 17:08 - 00000342 ____A C:\Windows\Tasks\HPCeeScheduleForBRITT-HP$.job
    2012-08-15 07:28 - 2012-08-15 07:27 - 00275664 ____A C:\Windows\Minidump\081512-47377-01.dmp
    2012-08-12 23:32 - 2011-11-29 19:54 - 00000132 ____A C:\Users\Britt\AppData\Roaming\Adobe PNG Format CS5 Prefs
    2012-08-12 13:41 - 2012-08-12 13:41 - 14481664 ____A C:\Users\Britt\Downloads\basic_painting_brushes_by_pastelaurora-d5axdo1.zip
    2012-08-11 21:23 - 2011-11-04 03:35 - 01069615 ____A C:\Windows\WindowsUpdate.log
    2012-08-11 18:13 - 2012-08-11 18:13 - 00000408 ____A C:\Windows\SysWOW64\iolo.ini
    2012-08-11 18:13 - 2012-08-11 18:13 - 00000408 ____A C:\Windows\System32\iolo.ini
    2012-08-11 18:13 - 2011-12-17 11:11 - 00000392 ____A C:\Windows\SysWOW64\iolo.ini.txt
    2012-08-07 14:13 - 2011-11-15 08:34 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log
    2012-08-02 19:24 - 2012-02-07 14:41 - 00000332 ____A C:\Windows\Tasks\HPCeeScheduleForBritt.job
    2012-08-02 08:45 - 2012-02-11 22:30 - 00056472 ____A (iolo technologies, LLC) C:\Windows\System32\iolobtdfg.exe
    2012-08-02 08:45 - 2012-02-11 22:30 - 00025072 ____A (iolo technologies, LLC) C:\Windows\System32\smrgdf.exe
    2012-08-02 07:27 - 2012-02-11 22:30 - 02154576 ____A (iolo technologies, LLC) C:\Windows\System32\Incinerator64.dll
    2012-08-02 07:21 - 2012-08-15 13:55 - 00160256 ____A C:\Windows\System32\iavlsp64.dll
    2012-08-02 07:21 - 2012-08-15 13:55 - 00118784 ____A (iolo technologies, LLC) C:\Windows\SysWOW64\iavlsp.dll
    2012-08-01 15:36 - 2011-11-14 14:38 - 00000415 ____A C:\Users\All Users\Microsoft.SqlServer.Compact.351.32.bc
    2012-08-01 15:36 - 2011-11-04 03:38 - 00022972 ____A C:\Windows\DPINST.LOG
    2012-08-01 15:26 - 2012-08-01 15:26 - 35180670 ____A C:\Users\Britt\Downloads\SmartWare_Windows_Upgrader_1.6.2.5.zip
    2012-07-31 07:48 - 2012-07-31 07:48 - 13529520 ____A (Broadcom Corporation.) C:\Users\Britt\Downloads\SetupBtwDownloadSE.exe
    2012-07-26 06:01 - 2012-07-27 20:45 - 00082160 ____A (Raxco Software, Inc.) C:\Windows\System32\Drivers\PDFsFilter.sys
    2012-07-24 17:23 - 2011-11-15 14:30 - 00000000 ____A C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt
    2012-07-12 16:56 - 2009-07-13 20:45 - 04900096 ____A C:\Windows\System32\FNTCACHE.DAT
    2012-07-11 23:05 - 2011-11-23 18:09 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2012-07-11 07:49 - 2012-07-11 07:48 - 03092640 ____A (Adobe Systems, Inc.) C:\Users\Britt\Downloads\install_flash_player_10_plugin.exe
    2012-07-11 07:47 - 2012-07-11 07:43 - 00686792 ____A (Adobe Systems Incorporated) C:\Users\Britt\Downloads\uninstall_flash_player(1).exe
    2012-07-11 07:43 - 2012-07-11 07:38 - 00686792 ____A (Adobe Systems Incorporated) C:\Users\Britt\Downloads\uninstall_flash_player.exe
    2012-07-09 19:15 - 2011-11-28 20:19 - 00773050 ____A C:\Windows\SysWOW64\PerfStringBackup.INI
    2012-07-09 18:58 - 2012-07-09 18:56 - 50449456 ____A (Microsoft Corporation) C:\Users\Britt\Downloads\dotNetFx40_Full_x86_x64.exe
    2012-07-05 18:06 - 2012-08-15 14:14 - 00772544 ____A (Oracle Corporation) C:\Windows\SysWOW64\npDeployJava1.dll
    2012-07-05 18:06 - 2012-08-15 14:14 - 00227760 ____A (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
    2012-07-05 18:06 - 2011-11-27 13:09 - 00687544 ____A (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
    2012-07-05 07:12 - 2012-07-05 07:12 - 01582499 ____A C:\Users\Britt\Downloads\Attachments_2012_07_5.zip
    2012-07-04 18:49 - 2012-07-04 18:49 - 00000406 ____A C:\Windows\System32\ioloBootDefrag.cfg
    2012-07-04 18:23 - 2012-07-04 18:23 - 00001783 ____A C:\Users\Public\Desktop\iTunes.lnk
    2012-07-03 09:46 - 2012-08-16 14:10 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-06-19 15:08 - 2012-06-19 15:03 - 74987170 ____A C:\Users\Britt\Downloads\Hello.zip
    2012-06-12 14:38 - 2011-11-04 03:37 - 00024358 ____A C:\Windows\System32\RaCoInst.log
    2012-06-11 19:08 - 2012-07-11 23:14 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2012-06-08 21:43 - 2012-07-11 07:07 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
    2012-06-08 20:41 - 2012-07-11 07:07 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2012-06-07 17:35 - 2012-06-07 17:35 - 00000096 ____A C:\Users\All Users\lxdx.log
    2012-06-07 16:59 - 2011-11-28 20:29 - 00000740 ____A C:\Users\All Users\lxdxDiagnostics.log
    2012-06-05 22:06 - 2012-07-11 07:07 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
    2012-06-05 22:06 - 2012-07-11 07:07 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
    2012-06-05 22:02 - 2012-07-11 07:07 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
    2012-06-05 21:05 - 2012-07-11 07:07 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
    2012-06-05 21:05 - 2012-07-11 07:07 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2012-06-05 21:03 - 2012-07-11 07:07 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
    2012-06-02 19:19 - 2012-02-24 15:19 - 00016030 ____A C:\Users\Britt\Documents\EV Horse Stats.xlsx
    2012-06-02 14:19 - 2012-06-21 09:44 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
    2012-06-02 14:19 - 2012-06-21 09:44 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
    2012-06-02 14:19 - 2012-06-21 09:44 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
    2012-06-02 14:19 - 2012-06-21 09:44 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
    2012-06-02 14:19 - 2012-06-21 09:44 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
    2012-06-02 14:15 - 2012-06-21 09:44 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
    2012-06-02 14:15 - 2012-06-21 09:44 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
    2012-06-02 11:19 - 2012-06-21 09:44 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
    2012-06-02 11:15 - 2012-06-21 09:44 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
    2012-06-02 04:49 - 2012-07-11 23:03 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2012-06-02 04:17 - 2012-07-11 23:03 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2012-06-02 04:12 - 2012-07-11 23:03 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2012-06-02 04:05 - 2012-07-11 23:03 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2012-06-02 04:05 - 2012-07-11 23:03 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2012-06-02 04:04 - 2012-07-11 23:03 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2012-06-02 04:04 - 2012-07-11 23:03 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2012-06-02 04:03 - 2012-07-11 23:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2012-06-02 04:01 - 2012-07-11 23:03 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2012-06-02 04:00 - 2012-07-11 23:03 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2012-06-02 03:59 - 2012-07-11 23:03 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2012-06-02 03:57 - 2012-07-11 23:03 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2012-06-02 03:57 - 2012-07-11 23:03 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2012-06-02 03:54 - 2012-07-11 23:03 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2012-06-02 01:07 - 2012-07-11 23:03 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2012-06-02 00:43 - 2012-07-11 23:03 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2012-06-02 00:33 - 2012-07-11 23:03 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2012-06-02 00:26 - 2012-07-11 23:03 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2012-06-02 00:25 - 2012-07-11 23:03 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2012-06-02 00:25 - 2012-07-11 23:03 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2012-06-02 00:23 - 2012-07-11 23:03 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2012-06-02 00:21 - 2012-07-11 23:03 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2012-06-02 00:20 - 2012-07-11 23:03 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2012-06-02 00:19 - 2012-07-11 23:03 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2012-06-02 00:19 - 2012-07-11 23:03 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2012-06-02 00:17 - 2012-07-11 23:03 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2012-06-02 00:16 - 2012-07-11 23:03 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2012-06-02 00:14 - 2012-07-11 23:03 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2012-06-01 21:50 - 2012-07-11 07:07 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
    2012-06-01 21:48 - 2012-07-11 07:07 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
    2012-06-01 21:48 - 2012-07-11 07:07 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
    2012-06-01 21:45 - 2012-07-11 07:07 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
    2012-06-01 21:44 - 2012-07-11 07:07 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
    2012-06-01 20:40 - 2012-07-11 07:07 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2012-06-01 20:40 - 2012-07-11 07:07 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2012-06-01 20:39 - 2012-07-11 07:07 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2012-06-01 20:34 - 2012-07-11 07:07 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2012-05-31 08:25 - 2010-11-20 19:27 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
    2012-05-25 08:58 - 2012-05-25 08:58 - 00173408 ___RA (Commtouch, Inc.) C:\Windows\System32\Drivers\amp.sys
    2012-05-25 08:58 - 2012-02-11 22:31 - 01496416 ___RA (Commtouch, Inc.) C:\Windows\System32\Drivers\ampse.sys


    ZeroAccess:
    C:\Windows\Installer\{c09ca9f8-9c91-b1a9-5255-93be2a2fcea3}
    C:\Windows\Installer\{c09ca9f8-9c91-b1a9-5255-93be2a2fcea3}\@
    C:\Windows\Installer\{c09ca9f8-9c91-b1a9-5255-93be2a2fcea3}\L
    C:\Windows\Installer\{c09ca9f8-9c91-b1a9-5255-93be2a2fcea3}\n
    C:\Windows\Installer\{c09ca9f8-9c91-b1a9-5255-93be2a2fcea3}\U
    C:\Windows\Installer\{c09ca9f8-9c91-b1a9-5255-93be2a2fcea3}\L\00000004.@
    C:\Windows\Installer\{c09ca9f8-9c91-b1a9-5255-93be2a2fcea3}\L\201d3dde
    C:\Windows\Installer\{c09ca9f8-9c91-b1a9-5255-93be2a2fcea3}\U\00000004.@
    C:\Windows\Installer\{c09ca9f8-9c91-b1a9-5255-93be2a2fcea3}\U\80000000.@
    C:\Windows\Installer\{c09ca9f8-9c91-b1a9-5255-93be2a2fcea3}\U\80000032.@
    C:\Windows\Installer\{c09ca9f8-9c91-b1a9-5255-93be2a2fcea3}\U\80000064.@

    ZeroAccess:
    C:\Windows\assembly\GAC_32\Desktop.ini

    ZeroAccess:
    C:\Windows\assembly\GAC_64\Desktop.ini

    Type 00 partition infection:
    C:\Windows\svchost.exe

    ========================= Known DLLs (Whitelisted) ============


    ========================= Bamital & volsnap Check ============

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe 014A9CB92514E27C0107614DF764BC06 ZeroAccess <==== ATTENTION!.
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    TDL4: custom:26000022 <===== ATTENTION!

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ========================= Memory info ======================

    Percentage of memory in use: 19%
    Total physical RAM: 3562.91 MB
    Available physical RAM: 2875.05 MB
    Total Pagefile: 3561.05 MB
    Available Pagefile: 2875.92 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.9 MB

    ======================= Partitions =========================

    1 Drive c: () (Fixed) (Total:447.21 GB) (Free:394.29 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    2 Drive e: (Recovery) (Fixed) (Total:14.39 GB) (Free:1.6 GB) NTFS ==>[System with boot components (obtained from reading drive)]
    4 Drive g: () (Removable) (Total:0.24 GB) (Free:0.24 GB) FAT
    5 Drive x: (Boot) (Fixed) (Total:0.25 GB) (Free:0.25 GB) NTFS
    6 Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 465 GB 4063 MB
    Disk 1 Online 250 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 199 MB 1024 KB
    Partition 2 Primary 447 GB 200 MB
    Partition 3 Primary 14 GB 447 GB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 1 Y SYSTEM NTFS Partition 199 MB Healthy

    ==================================================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 C NTFS Partition 447 GB Healthy

    ==================================================================================

    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 E Recovery NTFS Partition 14 GB Healthy

    ==================================================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 250 MB 16 KB

    ==================================================================================

    Disk: 1
    Partition 1
    Type : 06
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 G FAT Removable 250 MB Healthy

    ==================================================================================

    Last Boot: 2012-08-07 09:57

    ======================= End Of Log ==========================



    Farbar Recovery Scan Tool Version: 15-08-2012
    Ran by SYSTEM at 2012-08-17 14:13:50
    Running from G:\

    ================== Search: "services.exe" ===================

    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

    C:\Windows\System32\services.exe
    [2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 014A9CB92514E27C0107614DF764BC06

    ====== End Of Search ======
     
  5. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Next...

    Restart normally.

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     

    Attached Files:

  6. UnluckyComp

    UnluckyComp TS Rookie Topic Starter Posts: 30

    Thank you again. I performed the instructions and the computer rebooted, and has logged me in as a temporary user (I hope that is what is supposed to happen). It has given me the message that the Recycling Bin on C:\ is corrupt which I have ignored.

    Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 15-08-2012
    Ran by SYSTEM at 2012-08-17 15:00:02 Run:1
    Running from G:\

    ==============================================

    HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
    C:\Windows\System32\consrv.dll not found.
    C:\Windows\svchost.exe moved successfully.
    C:\Windows\Installer\{c09ca9f8-9c91-b1a9-5255-93be2a2fcea3} moved successfully.
    C:\Windows\assembly\GAC_32\Desktop.ini moved successfully.
    C:\Windows\assembly\GAC_64\Desktop.ini moved successfully.

    The operation completed successfully.
    The operation completed successfully.
    C:\Windows\System32\services.exe moved successfully.
    C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe copied successfully to C:\Windows\System32\services.exe

    ==== End of Fixlog ====
    16:13:08.0746 3880 TDSS rootkit removing tool 2.8.6.0 Aug 13 2012 17:24:05
    16:13:09.0198 3880 ============================================================
    16:13:09.0198 3880 Current date / time: 2012/08/17 16:13:09.0198
    16:13:09.0198 3880 SystemInfo:
    16:13:09.0198 3880
    16:13:09.0198 3880 OS Version: 6.1.7601 ServicePack: 1.0
    16:13:09.0198 3880 Product type: Workstation
    16:13:09.0198 3880 ComputerName: BRITT-HP
    16:13:09.0198 3880 UserName: Britt
    16:13:09.0198 3880 Windows directory: C:\Windows
    16:13:09.0198 3880 System windows directory: C:\Windows
    16:13:09.0198 3880 Running under WOW64
    16:13:09.0198 3880 Processor architecture: Intel x64
    16:13:09.0198 3880 Number of processors: 4
    16:13:09.0198 3880 Page size: 0x1000
    16:13:09.0198 3880 Boot type: Normal boot
    16:13:09.0198 3880 ============================================================
    16:13:11.0071 3880 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
    16:13:11.0071 3880 Drive \Device\Harddisk1\DR2 - Size: 0xFAC0000 (0.24 Gb), SectorSize: 0x200, Cylinders: 0x1F, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
    16:13:11.0081 3880 ============================================================
    16:13:11.0081 3880 \Device\Harddisk0\DR0:
    16:13:11.0101 3880 MBR partitions:
    16:13:11.0101 3880 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
    16:13:11.0101 3880 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x37E6C800
    16:13:11.0101 3880 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x37ED0800, BlocksNum 0x1CC5800
    16:13:11.0101 3880 \Device\Harddisk1\DR2:
    16:13:11.0101 3880 MBR partitions:
    16:13:11.0101 3880 \Device\Harddisk1\DR2\Partition1: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x7D5E0
    16:13:11.0101 3880 ============================================================
    16:13:11.0171 3880 C: <-> \Device\Harddisk0\DR0\Partition2
    16:13:11.0281 3880 D: <-> \Device\Harddisk0\DR0\Partition3
    16:13:11.0281 3880 ============================================================
    16:13:11.0281 3880 Initialize success
    16:13:11.0281 3880 ============================================================
    16:13:13.0062 5884 ============================================================
    16:13:13.0062 5884 Scan started
    16:13:13.0062 5884 Mode: Manual;
    16:13:13.0062 5884 ============================================================
    16:13:15.0324 5884 ================ Scan services =============================
    16:13:15.0664 5884 [ a87d604aea360176311474c87a63bb88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
    16:13:15.0674 5884 1394ohci - ok
    16:13:15.0734 5884 [ d81d9e70b8a6dd14d42d7b4efa65d5f2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
    16:13:15.0754 5884 ACPI - ok
    16:13:15.0794 5884 [ 99f8e788246d495ce3794d7e7821d2ca ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
    16:13:15.0804 5884 AcpiPmi - ok
    16:13:15.0944 5884 [ d19c4ee2ac7c47b8f5f84fff1a789d8a ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    16:13:16.0004 5884 AdobeARMservice - ok
    16:13:16.0374 5884 [ a9d3b95e8466bd58eeb8a1154654e162 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    16:13:16.0384 5884 AdobeFlashPlayerUpdateSvc - ok
    16:13:16.0464 5884 [ 2f6b34b83843f0c5118b63ac634f5bf4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
    16:13:16.0654 5884 adp94xx - ok
    16:13:16.0684 5884 [ 597f78224ee9224ea1a13d6350ced962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
    16:13:16.0844 5884 adpahci - ok
    16:13:16.0924 5884 [ e109549c90f62fb570b9540c4b148e54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
    16:13:16.0924 5884 adpu320 - ok
    16:13:16.0954 5884 [ 4b78b431f225fd8624c5655cb1de7b61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
    16:13:16.0964 5884 AeLookupSvc - ok
    16:13:17.0024 5884 [ 1c7857b62de5994a75b054a9fd4c3825 ] AFD C:\Windows\system32\drivers\afd.sys
    16:13:17.0044 5884 AFD - ok
    16:13:17.0084 5884 [ 608c14dba7299d8cb6ed035a68a15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
    16:13:17.0094 5884 agp440 - ok
    16:13:17.0114 5884 [ 3290d6946b5e30e70414990574883ddb ] ALG C:\Windows\System32\alg.exe
    16:13:17.0124 5884 ALG - ok
    16:13:17.0154 5884 [ 5812713a477a3ad7363c7438ca2ee038 ] aliide C:\Windows\system32\drivers\aliide.sys
    16:13:17.0184 5884 aliide - ok
    16:13:17.0254 5884 [ 3de8dc285540733818588cc94e7fc96e ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
    16:13:17.0254 5884 AMD External Events Utility - ok
    16:13:17.0334 5884 AMD FUEL Service - ok
    16:13:17.0354 5884 [ 1ff8b4431c353ce385c875f194924c0c ] amdide C:\Windows\system32\drivers\amdide.sys
    16:13:18.0614 5884 amdide - ok
    16:13:18.0704 5884 [ 6a2eeb0c4133b20773bb3dd0b7b377b4 ] amdiox64 C:\Windows\system32\DRIVERS\amdiox64.sys
    16:13:18.0714 5884 amdiox64 - ok
    16:13:18.0784 5884 [ 7024f087cff1833a806193ef9d22cda9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
    16:13:18.0794 5884 AmdK8 - ok
    16:13:19.0583 5884 [ 42d53daf85f948c39ce1351a8f5b5808 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
    16:13:20.0137 5884 amdkmdag - ok
    16:13:20.0197 5884 [ 75182b5784015b271932088551616a96 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
    16:13:20.0207 5884 amdkmdap - ok
    16:13:20.0277 5884 [ 1e56388b3fe0d031c44144eb8c4d6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
    16:13:20.0287 5884 AmdPPM - ok
    16:13:20.0337 5884 [ d4121ae6d0c0e7e13aa221aa57ef2d49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
    16:13:20.0347 5884 amdsata - ok
    16:13:20.0447 5884 [ f67f933e79241ed32ff46a4f29b5120b ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
    16:13:20.0467 5884 amdsbs - ok
    16:13:20.0497 5884 [ 540daf1cea6094886d72126fd7c33048 ] amdxata C:\Windows\system32\drivers
     
  7. UnluckyComp

    UnluckyComp TS Rookie Topic Starter Posts: 30

    \amdxata.sys
    16:13:20.0497 5884 amdxata - ok
    16:13:20.0527 5884 [ f9d46b6b322708bd5afcc8767ebdc901 ] amd_sata C:\Windows\system32\DRIVERS\amd_sata.sys
    16:13:20.0527 5884 amd_sata - ok
    16:13:20.0547 5884 [ 329cc9c7e20deebcd4cd10816193ef14 ] amd_xata C:\Windows\system32\DRIVERS\amd_xata.sys
    16:13:20.0557 5884 amd_xata - ok
    16:13:20.0587 5884 [ 7ff52fd7cb32fbeba5960e8f9621d734 ] AMP C:\Windows\system32\Drivers\amp.sys
    16:13:20.0617 5884 AMP - ok
    16:13:20.0667 5884 [ 6221e6de43bbbd96c122f0edd0139809 ] AMPSE C:\Windows\system32\Drivers\ampse.sys
    16:13:20.0707 5884 AMPSE - ok
    16:13:20.0747 5884 [ 89a69c3f2f319b43379399547526d952 ] AppID C:\Windows\system32\drivers\appid.sys
    16:13:20.0757 5884 AppID - ok
    16:13:20.0797 5884 [ 0bc381a15355a3982216f7172f545de1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
    16:13:20.0807 5884 AppIDSvc - ok
    16:13:20.0827 5884 [ 3977d4a871ca0d4f2ed1e7db46829731 ] Appinfo C:\Windows\System32\appinfo.dll
    16:13:20.0827 5884 Appinfo - ok
    16:13:20.0907 5884 [ f401929ee0cc92bfe7f15161ca535383 ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    16:13:20.0947 5884 Apple Mobile Device - ok
    16:13:21.0077 5884 [ c484f8ceb1717c540242531db7845c4e ] arc C:\Windows\system32\drivers\arc.sys
    16:13:21.0107 5884 arc - ok
    16:13:21.0137 5884 [ 019af6924aefe7839f61c830227fe79c ] arcsas C:\Windows\system32\drivers\arcsas.sys
    16:13:21.0147 5884 arcsas - ok
    16:13:21.0297 5884 [ 9217d874131ae6ff8f642f124f00a555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
    16:13:21.0307 5884 aspnet_state - ok
    16:13:21.0387 5884 [ 769765ce2cc62867468cea93969b2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
    16:13:21.0417 5884 AsyncMac - ok
    16:13:21.0447 5884 [ 02062c0b390b7729edc9e69c680a6f3c ] atapi C:\Windows\system32\drivers\atapi.sys
    16:13:21.0517 5884 atapi - ok
    16:13:21.0577 5884 [ cbd14f698def12ee3557604b726cb8eb ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
    16:13:21.0577 5884 AtiHDAudioService - ok
    16:13:21.0637 5884 [ f23fef6d569fce88671949894a8becf1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
    16:13:21.0647 5884 AudioEndpointBuilder - ok
    16:13:21.0677 5884 [ f23fef6d569fce88671949894a8becf1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
    16:13:21.0687 5884 AudioSrv - ok
    16:13:21.0767 5884 [ a6bf31a71b409dfa8cac83159e1e2aff ] AxInstSV C:\Windows\System32\AxInstSV.dll
    16:13:21.0787 5884 AxInstSV - ok
    16:13:21.0917 5884 [ 3e5b191307609f7514148c6832bb0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
    16:13:21.0937 5884 b06bdrv - ok
    16:13:21.0977 5884 [ b5ace6968304a3900eeb1ebfd9622df2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
    16:13:21.0997 5884 b57nd60a - ok
    16:13:22.0067 5884 [ 9e84a931dbee0292e38ed672f6293a99 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
    16:13:22.0097 5884 BCM43XX - ok
    16:13:22.0127 5884 [ fde360167101b4e45a96f939f388aeb0 ] BDESVC C:\Windows\System32\bdesvc.dll
    16:13:22.0137 5884 BDESVC - ok
    16:13:22.0147 5884 [ 16a47ce2decc9b099349a5f840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
    16:13:22.0157 5884 Beep - ok
    16:13:22.0197 5884 [ 82974d6a2fd19445cc5171fc378668a4 ] BFE C:\Windows\System32\bfe.dll
    16:13:22.0207 5884 BFE - ok
    16:13:22.0257 5884 [ 1ea7969e3271cbc59e1730697dc74682 ] BITS C:\Windows\System32\qmgr.dll
    16:13:22.0287 5884 BITS - ok
    16:13:22.0307 5884 [ 61583ee3c3a17003c4acd0475646b4d3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
    16:13:22.0307 5884 blbdrive - ok
    16:13:22.0357 5884 [ ebbcd5dfbb1de70e8f4af8fa59e401fd ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    16:13:22.0367 5884 Bonjour Service - ok
    16:13:22.0387 5884 [ 6c02a83164f5cc0a262f4199f0871cf5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
    16:13:22.0397 5884 bowser - ok
    16:13:22.0417 5884 [ f09eee9edc320b5e1501f749fde686c8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
    16:13:22.0427 5884 BrFiltLo - ok
    16:13:22.0437 5884 [ b114d3098e9bdb8bea8b053685831be6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
    16:13:22.0447 5884 BrFiltUp - ok
    16:13:22.0467 5884 [ 8ef0d5c41ec907751b8429162b1239ed ] Browser C:\Windows\System32\browser.dll
    16:13:22.0467 5884 Browser - ok
    16:13:22.0517 5884 [ 43bea8d483bf1870f018e2d02e06a5bd ] Brserid C:\Windows\System32\Drivers\Brserid.sys
    16:13:22.0527 5884 Brserid - ok
    16:13:22.0547 5884 [ a6eca2151b08a09caceca35c07f05b42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
    16:13:22.0547 5884 BrSerWdm - ok
    16:13:22.0557 5884 [ b79968002c277e869cf38bd22cd61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
    16:13:22.0567 5884 BrUsbMdm - ok
    16:13:22.0597 5884 [ a87528880231c54e75ea7a44943b38bf ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
    16:13:22.0607 5884 BrUsbSer - ok
    16:13:22.0637 5884 [ 9da669f11d1f894ab4eb69bf546a42e8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
    16:13:22.0647 5884 BTHMODEM - ok
    16:13:22.0683 5884 [ 95f9c2976059462cbbf227f7aab10de9 ] bthserv C:\Windows\system32\bthserv.dll
    16:13:22.0693 5884 bthserv - ok
    16:13:22.0723 5884 [ b8bd2bb284668c84865658c77574381a ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
    16:13:22.0743 5884 cdfs - ok
    16:13:22.0783 5884 [ f036ce71586e93d94dab220d7bdf4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
    16:13:22.0803 5884 cdrom - ok
    16:13:22.0833 5884 [ f17d1d393bbc69c5322fbfafaca28c7f ] CertPropSvc C:\Windows\System32\certprop.dll
    16:13:22.0843 5884 CertPropSvc - ok
    16:13:22.0883 5884 [ d7cd5c4e1b71fa62050515314cfb52cf ] circlass C:\Windows\system32\drivers\circlass.sys
    16:13:22.0893 5884 circlass - ok
    16:13:22.0963 5884 [ fe1ec06f2253f691fe36217c592a0206 ] CLFS C:\Windows\system32\CLFS.sys
    16:13:22.0983 5884 CLFS - ok
    16:13:23.0093 5884 [ d88040f816fda31c3b466f0fa0918f29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    16:13:23.0153 5884 clr_optimization_v2.0.50727_32 - ok
    16:13:23.0303 5884 [ d1ceea2b47cb998321c579651ce3e4f8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
    16:13:23.0313 5884 clr_optimization_v2.0.50727_64 - ok
    16:13:23.0423 5884 [ c5a75eb48e2344abdc162bda79e16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    16:13:23.0463 5884 clr_optimization_v4.0.30319_32 - ok
    16:13:23.0713 5884 [ c6f9af94dcd58122a4d7e89db6bed29d ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
    16:13:23.0733 5884 clr_optimization_v4.0.30319_64 - ok
    16:13:23.0873 5884 [ 50f92c943f18b070f166d019dfab3d9a ] clwvd C:\Windows\system32\DRIVERS\clwvd.sys
    16:13:23.0893 5884 clwvd - ok
    16:13:23.0993 5884 [ 0840155d0bddf1190f84a663c284bd33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
    16:13:24.0003 5884 CmBatt - ok
    16:13:24.0163 5884 [ e19d3f095812725d88f9001985b94edd ] cmdide C:\Windows\system32\drivers\cmdide.sys
    16:13:24.0183 5884 cmdide - ok
    16:13:24.0263 5884 [ 9ac4f97c2d3e93367e2148ea940cd2cd ] CNG C:\Windows\system32\Drivers\cng.sys
    16:13:24.0293 5884 CNG - ok
    16:13:24.0323 5884 [ 102de219c3f61415f964c88e9085ad14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
    16:13:24.0333 5884 Compbatt - ok
    16:13:24.0373 5884 [ 03edb043586cceba243d689bdda370a8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
    16:13:24.0383 5884 CompositeBus - ok
    16:13:24.0393 5884 COMSysApp - ok
    16:13:24.0413 5884 [ 1c827878a998c18847245fe1f34ee597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
    16:13:24.0423 5884 crcdisk - ok
    16:13:24.0463 5884 [ 4f5414602e2544a4554d95517948b705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
    16:13:24.0493 5884 CryptSvc - ok
    16:13:24.0533 5884 [ 5c627d1b1138676c0a7ab2c2c190d123 ] DcomLaunch C:\Windows\system32\rpcss.dll
    16:13:24.0543 5884 DcomLaunch - ok
    16:13:24.0633 5884 [ 3cec7631a84943677aa8fa8ee5b6b43d ] defragsvc C:\Windows\System32\defragsvc.dll
    16:13:24.0663 5884 defragsvc - ok
    16:13:24.0713 5884 [ 9bb2ef44eaa163b29c4a4587887a0fe4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
    16:13:24.0743 5884 DfsC - ok
    16:13:24.0813 5884 [ 43d808f5d9e1a18e5eeb5ebc83969e4e ] Dhcp C:\Windows\system32\dhcpcore.dll
    16:13:25.0123 5884 Dhcp - ok
    16:13:25.0153 5884 [ 13096b05847ec78f0977f2c0f79e9ab3 ] discache C:\Windows\system32\drivers\discache.sys
    16:13:25.0163 5884 discache - ok
    16:13:25.0233 5884 [ 9819eee8b5ea3784ec4af3b137a5244c ] Disk C:\Windows\system32\drivers\disk.sys
    16:13:25.0253 5884 Disk - ok
    16:13:25.0353 5884 [ 16835866aaa693c7d7fceba8fff706e4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
    16:13:25.0363 5884 Dnscache - ok
    16:13:25.0413 5884 [ b1fb3ddca0fdf408750d5843591afbc6 ] dot3svc C:\Windows\System32\dot3svc.dll
    16:13:25.0433 5884 dot3svc - ok
    16:13:25.0474 5884 [ b26f4f737e8f9df4f31af6cf31d05820 ] DPS C:\Windows\system32\dps.dll
    16:13:25.0568 5884 DPS - ok
    16:13:25.0692 5884 [ 9b19f34400d24df84c858a421c205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
    16:13:25.0708 5884 drmkaud - ok
    16:13:25.0755 5884 [ f5bee30450e18e6b83a5012c100616fd ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
    16:13:25.0786 5884 DXGKrnl - ok
    16:13:25.0817 5884 [ e2dda8726da9cb5b2c4000c9018a9633 ] EapHost C:\Windows\System32\eapsvc.dll
    16:13:25.0833 5884 EapHost - ok
    16:13:26.0067 5884 [ dc5d737f51be844d8c82c695eb17372f ] ebdrv C:\Windows\system32\drivers\evbda.sys
    16:13:26.0270 5884 ebdrv - ok
    16:13:26.0394 5884 [ c118a82cd78818c29ab228366ebf81c3 ] EFS C:\Windows\System32\lsass.exe
    16:13:26.0394 5884 EFS - ok
    16:13:26.0613 5884 [ c4002b6b41975f057d98c439030cea07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
    16:13:26.0660 5884 ehRecvr - ok
    16:13:26.0706 5884 [ 4705e8ef9934482c5bb488ce28afc681 ] ehSched C:\Windows\ehome\ehsched.exe
    16:13:26.0722 5884 ehSched - ok
    16:13:26.0800 5884 [ f21a07780bbd64adef872f50e8ce2e75 ] ElRawDisk C:\Windows\system32\drivers\ElRawDsk.sys
    16:13:26.0816 5884 ElRawDisk - ok
    16:13:26.0862 5884 [ 0e5da5369a0fcaea12456dd852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
    16:13:26.0894 5884 elxstor - ok
    16:13:26.0956 5884 [ 34a3c54752046e79a126e15c51db409b ] ErrDev C:\Windows\system32\drivers\errdev.sys
    16:13:26.0956 5884 ErrDev - ok
    16:13:27.0034 5884 [ 4166f82be4d24938977dd1746be9b8a0 ] EventSystem C:\Windows\system32\es.dll
    16:13:27.0034 5884 EventSystem - ok
    16:13:27.0190 5884 [ a510c654ec00c1e9bdd91eeb3a59823b ] exfat C:\Windows\system32\drivers\exfat.sys
    16:13:27.0206 5884 exfat - ok
    16:13:27.0237 5884 [ 0adc83218b66a6db380c330836f3e36d ] fastfat C:\Windows\system32\drivers\fastfat.sys
    16:13:27.0268 5884 fastfat - ok
    16:13:27.0346 5884 [ dbefd454f8318a0ef691fdd2eaab44eb ] Fax C:\Windows\system32\fxssvc.exe
    16:13:27.0393 5884 Fax - ok
    16:13:27.0471 5884 [ d765d19cd8ef61f650c384f62fac00ab ] fdc C:\Windows\system32\drivers\fdc.sys
    16:13:27.0486 5884 fdc - ok
    16:13:27.0564 5884 [ 0438cab2e03f4fb61455a7956026fe86 ] fdPHost C:\Windows\system32\fdPHost.dll
    16:13:27.0564 5884 fdPHost - ok
    16:13:27.0580 5884 [ 802496cb59a30349f9a6dd22d6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
    16:13:27.0596 5884 FDResPub - ok
    16:13:27.0596 5884 FileDisk - ok
    16:13:27.0642 5884 [ 655661be46b5f5f3fd454e2c3095b930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
    16:13:27.0674 5884 FileInfo - ok
    16:13:27.0705 5884 [ 5f671ab5bc87eea04ec38a6cd5962a47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
    16:13:27.0720 5884 Filetrace - ok
    16:13:27.0736 5884 [ c172a0f53008eaeb8ea33fe10e177af5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
    16:13:27.0752 5884 flpydisk - ok
    16:13:27.0814 5884 [ da6b67270fd9db3697b20fce94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
    16:13:27.0830 5884 FltMgr - ok
    16:13:27.0923 5884 [ 5c4cb4086fb83115b153e47add961a0c ] FontCache C:\Windows\system32\FntCache.dll
    16:13:27.0954 5884 FontCache - ok
    16:13:28.0157 5884 [ a8b7f3818ab65695e3a0bb3279f6dce6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    16:13:28.0157 5884 FontCache3.0.0.0 - ok
    16:13:28.0235 5884 [ d43703496149971890703b4b1b723eac ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
    16:13:28.0298 5884 FsDepends - ok
    16:13:28.0344 5884 [ 07da62c960ddccc2d35836aeab4fc578 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
    16:13:28.0391 5884 fssfltr - ok
    16:13:28.0656 5884 [ 28ddeeec44e988657b732cf404d504cb ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
    16:13:28.0906 5884 fsssvc - ok
    16:13:28.0953 5884 [ 6bd9295cc032dd3077c671fccf579a7b ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
    16:13:28.0968 5884 Fs_Rec - ok
    16:13:29.0031 5884 [ 1f7b25b858fa27015169fe95e54108ed ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
    16:13:29.0046 5884 fvevol - ok
    16:13:29.0119 5884 [ 8c778d335c9d272cfd3298ab02abe3b6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
    16:13:29.0129 5884 gagp30kx - ok
    16:13:29.0279 5884 [ c403c5db49a0f9aaf4f2128edc0106d8 ] GamesAppService C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
    16:13:29.0329 5884 GamesAppService - ok
    16:13:29.0369 5884 [ e403aacf8c7bb11375122d2464560311 ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    16:13:29.0389 5884 GEARAspiWDM - ok
    16:13:29.0529 5884 [ 277bbc7e1aa1ee957f573a10eca7ef3a ] gpsvc C:\Windows\System32\gpsvc.dll
    16:13:29.0569 5884 gpsvc - ok
    16:13:29.0609 5884 [ f2523ef6460fc42405b12248338ab2f0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
    16:13:29.0619 5884 hcw85cir - ok
    16:13:29.0649 5884 [ 975761c778e33cd22498059b91e7373a ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
    16:13:29.0679 5884 HdAudAddService - ok
    16:13:29.0709 5884 [ 97bfed39b6b79eb12cddbfeed51f56bb ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
    16:13:29.0719 5884 HDAudBus - ok
    16:13:29.0799 5884 [ 78e86380454a7b10a5eb255dc44a355f ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
    16:13:29.0809 5884 HidBatt - ok
    16:13:29.0849 5884 [ 7fd2a313f7afe5c4dab14798c48dd104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
    16:13:29.0859 5884 HidBth - ok
    16:13:29.0909 5884 [ 0a77d29f311b88cfae3b13f9c1a73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
    16:13:29.0919 5884 HidIr - ok
    16:13:29.0949 5884 [ bd9eb3958f213f96b97b1d897dee006d ] hidserv C:\Windows\system32\hidserv.dll
    16:13:29.0969 5884 hidserv - ok
    16:13:29.0999 5884 [ 9592090a7e2b61cd582b612b6df70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
    16:13:30.0009 5884 HidUsb - ok
    16:13:30.0179 5884 [ 387e72e739e15e3d37907a86d9ff98e2 ] hkmsvc C:\Windows\system32\kmsvc.dll
    16:13:30.0319 5884 hkmsvc - ok
    16:13:30.0369 5884 [ efdfb3dd38a4376f93e7985173813abd ] HomeGroupListener C:\Windows\system32\ListSvc.dll
    16:13:30.0379 5884 HomeGroupListener - ok
    16:13:30.0449 5884 [ 908acb1f594274965a53926b10c81e89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
    16:13:30.0469 5884 HomeGroupProvider - ok
    16:13:30.0669 5884 [ 13bb1114451c63bfb41ba7daa4d70a29 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    16:13:30.0689 5884 HP Support Assistant Service - ok
    16:13:30.0819 5884 [ 7b8c1b09c11e8db7c4480abd7d17e821 ] HPAuto C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe
    16:13:30.0859 5884 HPAuto - ok
    16:13:30.0929 5884 [ 6a181452d4e240b8ecc7614b9a19bde9 ] HPClientSvc C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    16:13:30.0979 5884 HPClientSvc - ok
    16:13:31.0069 5884 [ 02ce63d8dd5e6dd5ceff336191c0859e ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    16:13:31.0129 5884 HPDrvMntSvc.exe - ok
    16:13:31.0221 5884 [ e7c7829ba0395e48f8c8fe16b8832344 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    16:13:32.0391 5884 hpqwmiex - ok
    16:13:32.0594 5884 [ 39d2abcd392f3d8a6dce7b60ae7b8efc ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
    16:13:32.0610 5884 HpSAMD - ok
    16:13:32.0656 5884 [ 2bec76bdcd1bc080210325e7b5094834 ] HPWMISVC C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    16:13:32.0719 5884 HPWMISVC - ok
    16:13:32.0766 5884 [ 0ea7de1acb728dd5a369fd742d6eee28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
    16:13:32.0797 5884 HTTP - ok
    16:13:32.0812 5884 [ a5462bd6884960c9dc85ed49d34ff392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
    16:13:32.0828 5884 hwpolicy - ok
    16:13:32.0844 5884 [ fa55c73d4affa7ee23ac4be53b4592d3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
    16:13:32.0859 5884 i8042prt - ok
    16:13:32.0937 5884 [ aaaf44db3bd0b9d1fb6969b23ecc8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
    16:13:32.0968 5884 iaStorV - ok
    16:13:33.0187 5884 [ 634bcd82fb1ce4b475b3d64935f3d2cc ] IconMan_R C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
    16:13:33.0249 5884 IconMan_R - ok
    16:13:33.0362 5884 [ 5988fc40f8db5b0739cd1e3a5d0d78bd ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
    16:13:33.0392 5884 idsvc - ok
    16:13:33.0442 5884 [ 5c18831c61933628f5bb0ea2675b9d21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
    16:13:33.0472 5884 iirsp - ok
    16:13:33.0622 5884 [ fcd84c381e0140af901e58d48882d26b ] IKEEXT C:\Windows\System32\ikeext.dll
    16:13:33.0642 5884 IKEEXT - ok
    16:13:33.0762 5884 [ f00f20e70c6ec3aa366910083a0518aa ] intelide C:\Windows\system32\drivers\intelide.sys
    16:13:33.0782 5884 intelide - ok
    16:13:33.0842 5884 [ ada036632c664caa754079041cf1f8c1 ] intelppm C:\Windows\system32\drivers\intelppm.sys
    16:13:33.0852 5884 intelppm - ok
    16:13:33.0862 5884 ioloSystemService - ok
    16:13:33.0882 5884 [ 098a91c54546a3b878dad6a7e90a455b ] IPBusEnum C:\Windows\system32\ipbusenum.dll
    16:13:33.0892 5884 IPBusEnum - ok
    16:13:33.0922 5884 [ c9f0e1bd74365a8771590e9008d22ab6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
    16:13:33.0932 5884 IpFilterDriver - ok
    16:13:33.0982 5884 [ a34a587fffd45fa649fba6d03784d257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
    16:13:33.0992 5884 iphlpsvc - ok
    16:13:34.0032 5884 [ 0fc1aea580957aa8817b8f305d18ca3a ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
    16:13:34.0042 5884 IPMIDRV - ok
    16:13:34.0082 5884 [ af9b39a7e7b6caa203b3862582e9f2d0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
    16:13:34.0092 5884 IPNAT - ok
    16:13:34.0152 5884 [ a9ab99ee7d39725eafec82732d2b3271 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
    16:13:34.0172 5884 iPod Service - ok
    16:13:34.0232 5884 [ 3abf5e7213eb28966d55d58b515d5ce9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
    16:13:34.0242 5884 IRENUM - ok
    16:13:34.0302 5884 [ 2f7b28dc3e1183e5eb418df55c204f38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
    16:13:34.0312 5884 isapnp - ok
    16:13:34.0352 5884 [ d931d7309deb2317035b07c9f9e6b0bd ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
    16:13:34.0362 5884 iScsiPrt - ok
    16:13:34.0422 5884 [ bc02336f1cba7dcc7d1213bb588a68a5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
    16:13:34.0432 5884 kbdclass - ok
    16:13:34.0472 5884 [ 0705eff5b42a9db58548eec3b26bb484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
    16:13:34.0482 5884 kbdhid - ok
    16:13:34.0602 5884 [ c118a82cd78818c29ab228366ebf81c3 ] KeyIso C:\Windows\system32\lsass.exe
    16:13:34.0612 5884 KeyIso - ok
    16:13:34.0672 5884 [ 97a7070aea4c058b6418519e869a63b4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
    16:13:34.0682 5884 KSecDD - ok
    16:13:34.0702 5884 [ 26c43a7c2862447ec59deda188d1da07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
    16:13:34.0722 5884 KSecPkg - ok
    16:13:34.0762 5884 [ 6869281e78cb31a43e969f06b57347c4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
    16:13:34.0772 5884 ksthunk - ok
    16:13:34.0862 5884 [ 6ab66e16aa859232f64deb66887a8c9c ] KtmRm C:\Windows\system32\msdtckrm.dll
    16:13:34.0882 5884 KtmRm - ok
    16:13:34.0962 5884 [ d9f42719019740baa6d1c6d536cbdaa6 ] LanmanServer C:\Windows\system32\srvsvc.dll
    16:13:35.0092 5884 LanmanServer - ok
    16:13:35.0132 5884 [ 851a1382eed3e3a7476db004f4ee3e1a ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
    16:13:35.0152 5884 LanmanWorkstation - ok
    16:13:35.0192 5884 [ 1538831cf8ad2979a04c423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
    16:13:35.0192 5884 lltdio - ok
    16:13:35.0252 5884 [ c1185803384ab3feed115f79f109427f ] lltdsvc C:\Windows\System32\lltdsvc.dll
    16:13:35.0312 5884 lltdsvc - ok
    16:13:35.0322 5884 [ f993a32249b66c9d622ea5592a8b76b8 ] lmhosts C:\Windows\System32\lmhsvc.dll
    16:13:35.0342 5884 lmhosts - ok
    16:13:35.0373 5884 [ 1a93e54eb0ece102495a51266dcdb6a6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
    16:13:35.0388 5884 LSI_FC - ok
    16:13:35.0404 5884 [ 1047184a9fdc8bdbff857175875ee810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
    16:13:35.0420 5884 LSI_SAS - ok
    16:13:35.0451 5884 [ 30f5c0de1ee8b5bc9306c1f0e4a75f93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
    16:13:35.0513 5884 LSI_SAS2 - ok
    16:13:35.0576 5884 [ 0504eacaff0d3c8aed161c4b0d369d4a ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
    16:13:35.0591 5884 LSI_SCSI - ok
    16:13:35.0622 5884 [ 43d0f98e1d56ccddb0d5254cff7b356e ] luafv C:\Windows\system32\drivers\luafv.sys
    16:13:35.0638 5884 luafv - ok
    16:13:35.0654 5884 lxdx_device - ok
    16:13:35.0732 5884 [ 0be09cd858abf9df6ed259d57a1a1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
    16:13:35.0747 5884 Mcx2Svc - ok
    16:13:35.0825 5884 [ a55805f747c6edb6a9080d7c633bd0f4 ] megasas C:\Windows\system32\drivers\megasas.sys
    16:13:35.0825 5884 megasas - ok
    16:13:35.0841 5884 [ baf74ce0072480c3b6b7c13b2a94d6b3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
    16:13:36.0324 5884 MegaSR - ok
    16:13:36.0402 5884 [ e40e80d0304a73e8d269f7141d77250b ] MMCSS C:\Windows\system32\mmcss.dll
    16:13:36.0418 5884 MMCSS - ok
    16:13:36.0465 5884 [ 800ba92f7010378b09f9ed9270f07137 ] Modem C:\Windows\system32\drivers\modem.sys
    16:13:36.0496 5884 Modem - ok
    16:13:36.0512 5884 [ b03d591dc7da45ece20b3b467e6aadaa ] monitor C:\Windows\system32\DRIVERS\monitor.sys
    16:13:36.0527 5884 monitor - ok
    16:13:36.0543 5884 [ 7d27ea49f3c1f687d357e77a470aea99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
    16:13:36.0558 5884 mouclass - ok
    16:13:36.0590 5884 [ d3bf052c40b0c4166d9fd86a4288c1e6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
    16:13:36.0605 5884 mouhid - ok
    16:13:36.0621 5884 [ 32e7a3d591d671a6df2db515a5cbe0fa ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
    16:13:36.0636 5884 mountmgr - ok
    16:13:36.0714 5884 [ 46297fa8e30a6007f14118fc2b942fbc ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    16:13:36.0777 5884 MozillaMaintenance - ok
    16:13:36.0855 5884 [ a44b420d30bd56e145d6a2bc8768ec58 ] mpio C:\Windows\system32\drivers\mpio.sys
    16:13:36.0886 5884 mpio - ok
    16:13:36.0917 5884 [ 6c38c9e45ae0ea2fa5e551f2ed5e978f ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
    16:13:36.0933 5884 mpsdrv - ok
    16:13:36.0995 5884 [ 54ffc9c8898113ace189d4aa7199d2c1 ] MpsSvc C:\Windows\system32\mpssvc.dll
    16:13:37.0011 5884 MpsSvc - ok
    16:13:37.0042 5884 [ dc722758b8261e1abafd31a3c0a66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
    16:13:37.0042 5884 MRxDAV - ok
    16:13:37.0073 5884 [ a5d9106a73dc88564c825d317cac68ac ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
    16:13:37.0089 5884 mrxsmb - ok
    16:13:37.0136 5884 [ d711b3c1d5f42c0c2415687be09fc163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
    16:13:37.0151 5884 mrxsmb10 - ok
    16:13:37.0182 5884 [ 9423e9d355c8d303e76b8cfbd8a5c30c ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
    16:13:37.0198 5884 mrxsmb20 - ok
    16:13:37.0229 5884 [ c25f0bafa182cbca2dd3c851c2e75796 ] msahci C:\Windows\system32\drivers\msahci.sys
    16:13:37.0229 5884 msahci - ok
    16:13:37.0292 5884 [ db801a638d011b9633829eb6f663c900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
    16:13:37.0292 5884 msdsm - ok
    16:13:37.0338 5884 [ de0ece52236cfa3ed2dbfc03f28253a8 ] MSDTC C:\Windows\System32\msdtc.exe
    16:13:37.0354 5884 MSDTC - ok
    16:13:37.0390 5884 [ aa3fb40e17ce1388fa1bedab50ea8f96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
    16:13:37.0400 5884 Msfs - ok
    16:13:37.0420 5884 [ f9d215a46a8b9753f61767fa72a20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
    16:13:37.0430 5884 mshidkmdf - ok
    16:13:37.0490 5884 [ d916874bbd4f8b07bfb7fa9b3ccae29d ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
    16:13:37.0490 5884 msisadrv - ok
    16:13:37.0560 5884 [ 808e98ff49b155c522e6400953177b08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
    16:13:37.0570 5884 MSiSCSI - ok
    16:13:37.0580 5884 msiserver - ok
    16:13:37.0630 5884 [ 49ccf2c4fea34ffad8b1b59d49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
    16:13:37.0640 5884 MSKSSRV - ok
    16:13:37.0680 5884 [ bdd71ace35a232104ddd349ee70e1ab3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
    16:13:37.0700 5884 MSPCLOCK - ok
    16:13:37.0710 5884 [ 4ed981241db27c3383d72092b618a1d0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
    16:13:37.0720 5884 MSPQM - ok
    16:13:37.0740 5884 [ 759a9eeb0fa9ed79da1fb7d4ef78866d ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
    16:13:37.0770 5884 MsRPC - ok
    16:13:37.0800 5884 [ 0eed230e37515a0eaee3c2e1bc97b288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
    16:13:37.0800 5884 mssmbios - ok
    16:13:37.0850 5884 [ 2e66f9ecb30b4221a318c92ac2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
    16:13:37.0860 5884 MSTEE - ok
    16:13:37.0890 5884 [ 7ea404308934e675bffde8edf0757bcd ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
    16:13:37.0900 5884 MTConfig - ok
    16:13:37.0920 5884 [ f9a18612fd3526fe473c1bda678d61c8 ] Mup C:\Windows\system32\Drivers\mup.sys
    16:13:37.0930 5884 Mup - ok
    16:13:37.0980 5884 [ 582ac6d9873e31dfa28a4547270862dd ] napagent C:\Windows\system32\qagentRT.dll
    16:13:37.0990 5884 napagent - ok
    16:13:38.0040 5884 [ 1ea3749c4114db3e3161156ffffa6b33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
    16:13:38.0070 5884 NativeWifiP - ok
    16:13:38.0160 5884 [ c38b8ae57f78915905064a9a24dc1586 ] NDIS C:\Windows\system32\drivers\ndis.sys
    16:13:38.0250 5884 NDIS - ok
    16:13:38.0300 5884 [ 9f9a1f53aad7da4d6fef5bb73ab811ac ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
    16:13:38.0320 5884 NdisCap - ok
    16:13:38.0400 5884 [ 30639c932d9fef22b31268fe25a1b6e5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
    16:13:38.0430 5884 NdisTapi - ok
    16:13:38.0450 5884 [ 136185f9fb2cc61e573e676aa5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
    16:13:38.0470 5884 Ndisuio - ok
    16:13:38.0500 5884 [ 53f7305169863f0a2bddc49e116c2e11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
    16:13:38.0510 5884 NdisWan - ok
    16:13:38.0570 5884 [ 015c0d8e0e0421b4cfd48cffe2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
    16:13:38.0710 5884 NDProxy - ok
    16:13:38.0770 5884 [ 86743d9f5d2b1048062b14b1d84501c4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
    16:13:38.0780 5884 NetBIOS - ok
    16:13:38.0860 5884 [ 09594d1089c523423b32a4229263f068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
    16:13:38.0890 5884 NetBT - ok
    16:13:38.0900 5884 [ c118a82cd78818c29ab228366ebf81c3 ] Netlogon C:\Windows\system32\lsass.exe
    16:13:38.0910 5884 Netlogon - ok
    16:13:38.0940 5884 [ 847d3ae376c0817161a14a82c8922a9e ] Netman C:\Windows\System32\netman.dll
    16:13:38.0970 5884 Netman - ok
    16:13:39.0040 5884 [ d22cd77d4f0d63d1169bb35911bff12d ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    16:13:39.0070 5884 NetMsmqActivator - ok
    16:13:39.0080 5884 [ d22cd77d4f0d63d1169bb35911bff12d ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    16:13:39.0080 5884 NetPipeActivator - ok
    16:13:39.0130 5884 [ 5f28111c648f1e24f7dbc87cdeb091b8 ] netprofm C:\Windows\System32\netprofm.dll
    16:13:39.0140 5884 netprofm - ok
    16:13:39.0320 5884 [ 31609b481cc202bfb441e37febcdea05 ] netr28x C:\Windows\system32\DRIVERS\netr28x.sys
    16:13:39.0400 5884 netr28x - ok
    16:13:39.0430 5884 [ d22cd77d4f0d63d1169bb35911bff12d ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    16:13:39.0440 5884 NetTcpActivator - ok
    16:13:39.0460 5884 [ d22cd77d4f0d63d1169bb35911bff12d ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    16:13:39.0460 5884 NetTcpPortSharing - ok
    16:13:39.0510 5884 [ 77889813be4d166cdab78ddba990da92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
    16:13:39.0520 5884 nfrd960 - ok
    16:13:39.0600 5884 [ 1ee99a89cc788ada662441d1e9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
    16:13:39.0610 5884 NlaSvc - ok
    16:13:39.0640 5884 [ 1e4c4ab5c9b8dd13179bbdc75a2a01f7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
    16:13:39.0660 5884 Npfs - ok
    16:13:39.0700 5884 [ d54bfdf3e0c953f823b3d0bfe4732528 ] nsi C:\Windows\system32\nsisvc.dll
    16:13:39.0700 5884 nsi - ok
    16:13:39.0730 5884 [ e7f5ae18af4168178a642a9247c63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
    16:13:39.0740 5884 nsiproxy - ok
    16:13:39.0850 5884 [ a2f74975097f52a00745f9637451fdd8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
    16:13:39.0940 5884 Ntfs - ok
    16:13:39.0970 5884 [ 9899284589f75fa8724ff3d16aed75c1 ] Null C:\Windows\system32\drivers\Null.sys
    16:13:39.0980 5884 Null - ok
    16:13:40.0020 5884 [ a85b4f2ef3a7304a5399ef0526423040 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys
    16:13:40.0040 5884 NVENETFD - ok
    16:13:40.0100 5884 [ 0a92cb65770442ed0dc44834632f66ad ] nvraid C:\Windows\system32\drivers\nvraid.sys
    16:13:40.0120 5884 nvraid - ok
    16:13:40.0150 5884 [ dab0e87525c10052bf65f06152f37e4a ] nvstor C:\Windows\system32\drivers\nvstor.sys
    16:13:40.0150 5884 nvstor - ok
    16:13:40.0180 5884 [ 270d7cd42d6e3979f6dd0146650f0e05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
    16:13:40.0190 5884 nv_agp - ok
    16:13:40.0230 5884 [ 3589478e4b22ce21b41fa1bfc0b8b8a0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
    16:13:40.0240 5884 ohci1394 - ok
    16:13:40.0300 5884 [ 9d10f99a6712e28f8acd5641e3a7ea6b ] ose C:\Program Files (x86)\Common
     
  8. UnluckyComp

    UnluckyComp TS Rookie Topic Starter Posts: 30

    Files\Microsoft Shared\Source Engine\OSE.EXE
    16:13:40.0330 5884 ose - ok
    16:13:40.0713 5884 [ 61bffb5f57ad12f83ab64b7181829b34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    16:13:40.0900 5884 osppsvc - ok
    16:13:40.0947 5884 [ 3eac4455472cc2c97107b5291e0dcafe ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
    16:13:40.0962 5884 p2pimsvc - ok
    16:13:41.0009 5884 [ 927463ecb02179f88e4b9a17568c63c3 ] p2psvc C:\Windows\system32\p2psvc.dll
    16:13:41.0040 5884 p2psvc - ok
    16:13:41.0118 5884 [ 0086431c29c35be1dbc43f52cc273887 ] Parport C:\Windows\system32\drivers\parport.sys
    16:13:41.0118 5884 Parport - ok
    16:13:41.0212 5884 [ e9766131eeade40a27dc27d2d68fba9c ] partmgr C:\Windows\system32\drivers\partmgr.sys
    16:13:41.0212 5884 partmgr - ok
    16:13:41.0274 5884 [ 3aeaa8b561e63452c655dc0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
    16:13:41.0305 5884 PcaSvc - ok
    16:13:41.0368 5884 [ 94575c0571d1462a0f70bde6bd6ee6b3 ] pci C:\Windows\system32\drivers\pci.sys
    16:13:41.0383 5884 pci - ok
    16:13:41.0415 5884 [ b5b8b5ef2e5cb34df8dcf8831e3534fa ] pciide C:\Windows\system32\drivers\pciide.sys
    16:13:41.0430 5884 pciide - ok
    16:13:41.0477 5884 [ b2e81d4e87ce48589f98cb8c05b01f2f ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
    16:13:41.0508 5884 pcmcia - ok
    16:13:41.0555 5884 [ d6b9c2e1a11a3a4b26a182ffef18f603 ] pcw C:\Windows\system32\drivers\pcw.sys
    16:13:41.0571 5884 pcw - ok
    16:13:41.0617 5884 [ 8570c04d9dbfddd2ccf655deb4d84715 ] PDFsFilter C:\Windows\system32\DRIVERS\PDFsFilter.sys
    16:13:41.0633 5884 PDFsFilter - ok
    16:13:41.0680 5884 [ 68769c3356b3be5d1c732c97b9a80d6e ] PEAUTH C:\Windows\system32\drivers\peauth.sys
    16:13:41.0695 5884 PEAUTH - ok
    16:13:42.0117 5884 [ e495e408c93141e8fc72dc0c6046ddfa ] PerfHost C:\Windows\SysWow64\perfhost.exe
    16:13:42.0148 5884 PerfHost - ok
    16:13:42.0273 5884 [ c7cf6a6e137463219e1259e3f0f0dd6c ] pla C:\Windows\system32\pla.dll
    16:13:42.0351 5884 pla - ok
    16:13:42.0413 5884 [ 25fbdef06c4d92815b353f6e792c8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
    16:13:42.0429 5884 PlugPlay - ok
    16:13:42.0475 5884 [ 7195581cec9bb7d12abe54036acc2e38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
    16:13:42.0491 5884 PNRPAutoReg - ok
    16:13:42.0522 5884 [ 3eac4455472cc2c97107b5291e0dcafe ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
    16:13:42.0522 5884 PNRPsvc - ok
    16:13:42.0569 5884 [ 4f15d75adf6156bf56eced6d4a55c389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
    16:13:42.0600 5884 PolicyAgent - ok
    16:13:42.0647 5884 [ 6ba9d927dded70bd1a9caded45f8b184 ] Power C:\Windows\system32\umpo.dll
    16:13:42.0678 5884 Power - ok
    16:13:42.0725 5884 [ f92a2c41117a11a00be01ca01a7fcde9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
    16:13:42.0741 5884 PptpMiniport - ok
    16:13:42.0772 5884 [ 0d922e23c041efb1c3fac2a6f943c9bf ] Processor C:\Windows\system32\drivers\processr.sys
    16:13:42.0787 5884 Processor - ok
    16:13:42.0834 5884 [ 53e83f1f6cf9d62f32801cf66d8352a8 ] ProfSvc C:\Windows\system32\profsvc.dll
    16:13:42.0850 5884 ProfSvc - ok
    16:13:42.0881 5884 [ c118a82cd78818c29ab228366ebf81c3 ] ProtectedStorage C:\Windows\system32\lsass.exe
    16:13:42.0881 5884 ProtectedStorage - ok
    16:13:42.0928 5884 [ 0557cf5a2556bd58e26384169d72438d ] Psched C:\Windows\system32\DRIVERS\pacer.sys
    16:13:42.0943 5884 Psched - ok
    16:13:43.0037 5884 [ a53a15a11ebfd21077463ee2c7afeef0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
    16:13:43.0099 5884 ql2300 - ok
    16:13:43.0162 5884 [ 4f6d12b51de1aaeff7dc58c4d75423c8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
    16:13:43.0177 5884 ql40xx - ok
    16:13:43.0240 5884 [ 906191634e99aea92c4816150bda3732 ] QWAVE C:\Windows\system32\qwave.dll
    16:13:43.0411 5884 QWAVE - ok
    16:13:43.0489 5884 [ 76707bb36430888d9ce9d705398adb6c ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
    16:13:43.0521 5884 QWAVEdrv - ok
    16:13:43.0552 5884 [ 5a0da8ad5762fa2d91678a8a01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
    16:13:43.0552 5884 RasAcd - ok
    16:13:43.0599 5884 [ 7ecff9b22276b73f43a99a15a6094e90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
    16:13:43.0614 5884 RasAgileVpn - ok
    16:13:43.0677 5884 [ 8f26510c5383b8dbe976de1cd00fc8c7 ] RasAuto C:\Windows\System32\rasauto.dll
    16:13:43.0692 5884 RasAuto - ok
    16:13:43.0755 5884 [ 471815800ae33e6f1c32fb1b97c490ca ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
    16:13:43.0770 5884 Rasl2tp - ok
    16:13:43.0786 5884 [ ee867a0870fc9e4972ba9eaad35651e2 ] RasMan C:\Windows\System32\rasmans.dll
    16:13:43.0817 5884 RasMan - ok
    16:13:43.0848 5884 [ 855c9b1cd4756c5e9a2aa58a15f58c25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
    16:13:43.0864 5884 RasPppoe - ok
    16:13:43.0879 5884 [ e8b1e447b008d07ff47d016c2b0eeecb ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
    16:13:43.0895 5884 RasSstp - ok
    16:13:43.0926 5884 [ 77f665941019a1594d887a74f301fa2f ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
    16:13:43.0973 5884 rdbss - ok
    16:13:44.0004 5884 [ 302da2a0539f2cf54d7c6cc30c1f2d8d ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
    16:13:44.0020 5884 rdpbus - ok
    16:13:44.0035 5884 [ cea6cc257fc9b7715f1c2b4849286d24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
    16:13:44.0051 5884 RDPCDD - ok
    16:13:44.0082 5884 [ bb5971a4f00659529a5c44831af22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
    16:13:44.0098 5884 RDPENCDD - ok
    16:13:44.0129 5884 [ 216f3fa57533d98e1f74ded70113177a ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
    16:13:44.0145 5884 RDPREFMP - ok
    16:13:44.0176 5884 [ e61608aa35e98999af9aaeeea6114b0a ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
    16:13:44.0191 5884 RDPWD - ok
    16:13:44.0238 5884 [ 34ed295fa0121c241bfef24764fc4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
    16:13:44.0394 5884 rdyboost - ok
    16:13:44.0472 5884 [ 254fb7a22d74e5511c73a3f6d802f192 ] RemoteAccess C:\Windows\System32\mprdim.dll
    16:13:44.0488 5884 RemoteAccess - ok
    16:13:44.0535 5884 [ e4d94f24081440b5fc5aa556c7c62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
    16:13:44.0550 5884 RemoteRegistry - ok
    16:13:44.0628 5884 [ 085d18c71ab2611a3d61528132b6501e ] RoxioNow Service C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
    16:13:44.0722 5884 RoxioNow Service - ok
    16:13:44.0753 5884 [ e4dc58cf7b3ea515ae917ff0d402a7bb ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
    16:13:44.0769 5884 RpcEptMapper - ok
    16:13:44.0800 5884 [ d5ba242d4cf8e384db90e6a8ed850b8c ] RpcLocator C:\Windows\system32\locator.exe
    16:13:44.0800 5884 RpcLocator - ok
    16:13:44.0909 5884 [ 5c627d1b1138676c0a7ab2c2c190d123 ] RpcSs C:\Windows\system32\rpcss.dll
    16:13:44.0925 5884 RpcSs - ok
    16:13:44.0987 5884 [ c897d551ee0dfcd8e638bf78e21d4d7f ] RSPCIESTOR C:\Windows\system32\DRIVERS\RtsPStor.sys
    16:13:45.0112 5884 RSPCIESTOR - ok
    16:13:45.0237 5884 [ ddc86e4f8e7456261e637e3552e804ff ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
    16:13:45.0252 5884 rspndr - ok
    16:13:45.0315 5884 [ ee082e06a82ff630351d1e0ebbd3d8d0 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
    16:13:45.0346 5884 RTL8167 - ok
    16:13:45.0393 5884 [ c118a82cd78818c29ab228366ebf81c3 ] SamSs C:\Windows\system32\lsass.exe
    16:13:45.0393 5884 SamSs - ok
    16:13:45.0580 5884 [ ac03af3329579fffb455aa2daabbe22b ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
    16:13:45.0595 5884 sbp2port - ok
    16:13:45.0627 5884 [ 9b7395789e3791a3b6d000fe6f8b131e ] SCardSvr C:\Windows\System32\SCardSvr.dll
    16:13:45.0658 5884 SCardSvr - ok
    16:13:45.0720 5884 [ 253f38d0d7074c02ff8deb9836c97d2b ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
    16:13:45.0720 5884 scfilter - ok
    16:13:45.0798 5884 [ 262f6592c3299c005fd6bec90fc4463a ] Schedule C:\Windows\system32\schedsvc.dll
    16:13:45.0814 5884 Schedule - ok
    16:13:45.0923 5884 [ f17d1d393bbc69c5322fbfafaca28c7f ] SCPolicySvc C:\Windows\System32\certprop.dll
    16:13:45.0923 5884 SCPolicySvc - ok
    16:13:45.0985 5884 [ 111e0ebc0ad79cb0fa014b907b231cf0 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
    16:13:46.0001 5884 sdbus - ok
    16:13:46.0079 5884 [ 6ea4234dc55346e0709560fe7c2c1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
    16:13:46.0095 5884 SDRSVC - ok
    16:13:46.0126 5884 [ 3ea8a16169c26afbeb544e0e48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
    16:13:46.0141 5884 secdrv - ok
    16:13:46.0157 5884 [ bc617a4e1b4fa8df523a061739a0bd87 ] seclogon C:\Windows\system32\seclogon.dll
    16:13:46.0173 5884 seclogon - ok
    16:13:46.0219 5884 [ c32ab8fa018ef34c0f113bd501436d21 ] SENS C:\Windows\System32\sens.dll
    16:13:46.0235 5884 SENS - ok
    16:13:46.0266 5884 [ 0336cffafaab87a11541f1cf1594b2b2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
    16:13:46.0282 5884 SensrSvc - ok
    16:13:46.0313 5884 [ cb624c0035412af0debec78c41f5ca1b ] Serenum C:\Windows\system32\drivers\serenum.sys
    16:13:46.0329 5884 Serenum - ok
    16:13:46.0344 5884 [ c1d8e28b2c2adfaec4ba89e9fda69bd6 ] Serial C:\Windows\system32\drivers\serial.sys
    16:13:46.0360 5884 Serial - ok
    16:13:46.0407 5884 [ 1c545a7d0691cc4a027396535691c3e3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
    16:13:46.0407 5884 sermouse - ok
    16:13:46.0500 5884 [ 0b6231bf38174a1628c4ac812cc75804 ] SessionEnv C:\Windows\system32\sessenv.dll
    16:13:46.0516 5884 SessionEnv - ok
    16:13:46.0563 5884 [ a554811bcd09279536440c964ae35bbf ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
    16:13:46.0578 5884 sffdisk - ok
    16:13:46.0609 5884 [ ff414f0baefeba59bc6c04b3db0b87bf ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
    16:13:46.0609 5884 sffp_mmc - ok
    16:13:46.0656 5884 [ dd85b78243a19b59f0637dcf284da63c ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
    16:13:46.0656 5884 sffp_sd - ok
    16:13:46.0687 5884 [ a9d601643a1647211a1ee2ec4e433ff4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
    16:13:46.0703 5884 sfloppy - ok
    16:13:46.0765 5884 [ b95f6501a2f8b2e78c697fec401970ce ] SharedAccess C:\Windows\System32\ipnathlp.dll
    16:13:46.0781 5884 SharedAccess - ok
    16:13:46.0828 5884 [ aaf932b4011d14052955d4b212a4da8d ] ShellHWDetection C:\Windows\System32\shsvcs.dll
    16:13:46.0843 5884 ShellHWDetection - ok
    16:13:46.0906 5884 [ 843caf1e5fde1ffd5ff768f23a51e2e1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
    16:13:46.0921 5884 SiSRaid2 - ok
    16:13:46.0984 5884 [ 6a6c106d42e9ffff8b9fcb4f754f6da4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
    16:13:46.0999 5884 SiSRaid4 - ok
    16:13:47.0031 5884 [ 548260a7b8654e024dc30bf8a7c5baa4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
    16:13:47.0046 5884 Smb - ok
    16:13:47.0093 5884 [ 6313f223e817cc09aa41811daa7f541d ] SNMPTRAP C:\Windows\System32\snmptrap.exe
    16:13:47.0093 5884 SNMPTRAP - ok
    16:13:47.0155 5884 [ b9e31e5cacdfe584f34f730a677803f9 ] spldr C:\Windows\system32\drivers\spldr.sys
    16:13:47.0155 5884 spldr - ok
    16:13:47.0187 5884 [ b96c17b5dc1424d56eea3a99e97428cd ] Spooler C:\Windows\System32\spoolsv.exe
    16:13:47.0202 5884 Spooler - ok
    16:13:47.0623 5884 [ e17e0188bb90fae42d83e98707efa59c ] sppsvc C:\Windows\system32\sppsvc.exe
    16:13:47.0935 5884 sppsvc - ok
    16:13:47.0967 5884 [ 93d7d61317f3d4bc4f4e9f8a96a7de45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
    16:13:47.0982 5884 sppuinotify - ok
    16:13:48.0091 5884 [ 441fba48bff01fdb9d5969ebc1838f0b ] srv C:\Windows\system32\DRIVERS\srv.sys
    16:13:48.0123 5884 srv - ok
    16:13:48.0201 5884 [ b4adebbf5e3677cce9651e0f01f7cc28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
    16:13:48.0247 5884 srv2 - ok
    16:13:48.0388 5884 [ 0c4540311e11664b245a263e1154cef8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
    16:13:48.0419 5884 SrvHsfHDA - ok
    16:13:48.0544 5884 [ 02071d207a9858fbe3a48cbfd59c4a04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
    16:13:48.0591 5884 SrvHsfV92 - ok
    16:13:48.0684 5884 [ 18e40c245dbfaf36fd0134a7ef2df396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
    16:13:48.0715 5884 SrvHsfWinac - ok
    16:13:48.0778 5884 [ 27e461f0be5bff5fc737328f749538c3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
    16:13:48.0793 5884 srvnet - ok
    16:13:48.0856 5884 [ 51b52fbd583cde8aa9ba62b8b4298f33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
    16:13:48.0871 5884 SSDPSRV - ok
    16:13:48.0918 5884 [ ab7aebf58dad8daab7a6c45e6a8885cb ] SstpSvc C:\Windows\system32\sstpsvc.dll
    16:13:48.0934 5884 SstpSvc - ok
    16:13:49.0090 5884 [ 7eae822e0153d5815ff842fd57d2a49e ] STacSV C:\Program Files\IDT\WDM\STacSV64.exe
    16:13:49.0105 5884 STacSV - ok
    16:13:49.0137 5884 [ f3817967ed533d08327dc73bc4d5542a ] stexstor C:\Windows\system32\drivers\stexstor.sys
    16:13:49.0152 5884 stexstor - ok
    16:13:49.0215 5884 [ 6efe5345d1c187973760af3b7b10f636 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
    16:13:49.0246 5884 STHDA - ok
    16:13:49.0293 5884 [ 8dd52e8e6128f4b2da92ce27402871c1 ] stisvc C:\Windows\System32\wiaservc.dll
    16:13:49.0324 5884 stisvc - ok
    16:13:49.0386 5884 [ d01ec09b6711a5f8e7e6564a4d0fbc90 ] swenum C:\Windows\system32\drivers\swenum.sys
    16:13:49.0386 5884 swenum - ok
    16:13:49.0511 5884 [ f577910a133a592234ebaad3f3afa258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    16:13:49.0589 5884 SwitchBoard - ok
    16:13:49.0651 5884 [ e08e46fdd841b7184194011ca1955a0b ] swprv C:\Windows\System32\swprv.dll
    16:13:49.0667 5884 swprv - ok
    16:13:49.0761 5884 [ cc13ee4af170abb99f6449cbb62ab219 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
    16:13:49.0827 5884 SynTP - ok
    16:13:49.0927 5884 [ bf9ccc0bf39b418c8d0ae8b05cf95b7d ] SysMain C:\Windows\system32\sysmain.dll
    16:13:49.0977 5884 SysMain - ok
    16:13:50.0117 5884 [ e3c61fd7b7c2557e1f1b0b4cec713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
    16:13:50.0137 5884 TabletInputService - ok
    16:13:50.0327 5884 [ 37bea19dbd43301fd987f5d277dfbea5 ] TabletServicePen C:\Windows\system32\Pen_Tablet.exe
    16:13:50.0447 5884 TabletServicePen - ok
    16:13:50.0497 5884 [ 40f0849f65d13ee87b9a9ae3c1dd6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
    16:13:50.0517 5884 TapiSrv - ok
    16:13:50.0567 5884 [ 1be03ac720f4d302ea01d40f588162f6 ] TBS C:\Windows\System32\tbssvc.dll
    16:13:50.0587 5884 TBS - ok
    16:13:50.0667 5884 [ acb82bda8f46c84f465c1afa517dc4b9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
    16:13:50.0727 5884 Tcpip - ok
    16:13:50.0767 5884 [ acb82bda8f46c84f465c1afa517dc4b9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
    16:13:50.0797 5884 TCPIP6 - ok
    16:13:50.0877 5884 [ df687e3d8836bfb04fcc0615bf15a519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
    16:13:50.0897 5884 tcpipreg - ok
    16:13:50.0957 5884 [ 3371d21011695b16333a3934340c4e7c ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
    16:13:50.0977 5884 TDPIPE - ok
    16:13:51.0027 5884 [ 51c5eceb1cdee2468a1748be550cfbc8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
    16:13:51.0037 5884 TDTCP - ok
    16:13:51.0067 5884 [ ddad5a7ab24d8b65f8d724f5c20fd806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
    16:13:51.0087 5884 tdx - ok
    16:13:51.0127 5884 [ 561e7e1f06895d78de991e01dd0fb6e5 ] TermDD C:\Windows\system32\drivers\termdd.sys
    16:13:51.0137 5884 TermDD - ok
    16:13:51.0207 5884 [ 2e648163254233755035b46dd7b89123 ] TermService C:\Windows\System32\termsrv.dll
    16:13:51.0267 5884 TermService - ok
    16:13:51.0277 5884 [ f0344071948d1a1fa732231785a0664c ] Themes C:\Windows\system32\themeservice.dll
    16:13:51.0297 5884 Themes - ok
    16:13:51.0327 5884 [ e40e80d0304a73e8d269f7141d77250b ] THREADORDER C:\Windows\system32\mmcss.dll
    16:13:51.0327 5884 THREADORDER - ok
    16:13:51.0367 5884 [ 7e7afd841694f6ac397e99d75cead49d ] TrkWks C:\Windows\System32\trkwks.dll
    16:13:51.0377 5884 TrkWks - ok
    16:13:51.0417 5884 [ 773212b2aaa24c1e31f10246b15b276c ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
    16:13:51.0427 5884 TrustedInstaller - ok
    16:13:51.0447 5884 [ ce18b2cdfc837c99e5fae9ca6cba5d30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
    16:13:51.0457 5884 tssecsrv - ok
    16:13:51.0487 5884 [ d11c783e3ef9a3c52c0ebe83cc5000e9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
    16:13:51.0497 5884 TsUsbFlt - ok
    16:13:51.0527 5884 [ 9cc2ccae8a84820eaecb886d477cbcb8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
    16:13:51.0527 5884 TsUsbGD - ok
    16:13:51.0627 5884 [ 3566a8daafa27af944f5d705eaa64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
    16:13:51.0637 5884 tunnel - ok
    16:13:51.0687 5884 [ b4dd609bd7e282bfc683cec7eaaaad67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
    16:13:51.0697 5884 uagp35 - ok
    16:13:51.0797 5884 [ ff4232a1a64012baa1fd97c7b67df593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
    16:13:51.0807 5884 udfs - ok
    16:13:51.0867 5884 [ 3cbdec8d06b9968aba702eba076364a1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
    16:13:51.0887 5884 UI0Detect - ok
    16:13:51.0947 5884 [ 4bfe1bc28391222894cbf1e7d0e42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
    16:13:51.0957 5884 uliagpkx - ok
    16:13:52.0017 5884 [ dc54a574663a895c8763af0fa1ff7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
    16:13:52.0027 5884 umbus - ok
    16:13:52.0067 5884 [ b2e8e8cb557b156da5493bbddcc1474d ] UmPass C:\Windows\system32\drivers\umpass.sys
    16:13:52.0077 5884 UmPass - ok
    16:13:52.0107 5884 [ d47ec6a8e81633dd18d2436b19baf6de ] upnphost C:\Windows\System32\upnphost.dll
    16:13:52.0137 5884 upnphost - ok
    16:13:52.0167 5884 [ fb251567f41bc61988b26731dec19e4b ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
    16:13:52.0187 5884 USBAAPL64 - ok
    16:13:52.0247 5884 [ 6f1a3157a1c89435352ceb543cdb359c ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
    16:13:52.0267 5884 usbccgp - ok
    16:13:52.0297 5884 [ af0892a803fdda7492f595368e3b68e7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
    16:13:52.0317 5884 usbcir - ok
    16:13:52.0357 5884 [ c025055fe7b87701eb042095df1a2d7b ] usbehci C:\Windows\system32\drivers\usbehci.sys
    16:13:52.0367 5884 usbehci - ok
    16:13:52.0417 5884 [ 573d192e268f0c5b486b7e96f661e538 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
    16:13:52.0427 5884 usbfilter - ok
    16:13:52.0487 5884 [ 287c6c9410b111b68b52ca298f7b8c24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
    16:13:52.0517 5884 usbhub - ok
    16:13:52.0547 5884 [ 9840fc418b4cbd632d3d0a667a725c31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
    16:13:52.0557 5884 usbohci - ok
    16:13:52.0627 5884 [ 73188f58fb384e75c4063d29413cee3d ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
    16:13:52.0637 5884 usbprint - ok
    16:13:52.0687 5884 [ aaa2513c8aed8b54b189fd0c6b1634c0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
    16:13:52.0697 5884 usbscan - ok
    16:13:52.0747 5884 [ fed648b01349a3c8395a5169db5fb7d6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
    16:13:52.0757 5884 USBSTOR - ok
    16:13:52.0797 5884 [ 62069a34518bcf9c1fd9e74b3f6db7cd ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
    16:13:52.0817 5884 usbuhci - ok
    16:13:52.0867 5884 [ 454800c2bc7f3927ce030141ee4f4c50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
    16:13:52.0887 5884 usbvideo - ok
    16:13:52.0918 5884 [ edbb23cbcf2cdf727d64ff9b51a6070e ] UxSms C:\Windows\System32\uxsms.dll
    16:13:52.0928 5884 UxSms - ok
    16:13:52.0938 5884 [ c118a82cd78818c29ab228366ebf81c3 ] VaultSvc C:\Windows\system32\lsass.exe
    16:13:52.0948 5884 VaultSvc - ok
    16:13:52.0968 5884 [ c5c876ccfc083ff3b128f933823e87bd ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
    16:13:52.0978 5884 vdrvroot - ok
    16:13:53.0028 5884 [ 8d6b481601d01a456e75c3210f1830be ] vds C:\Windows\System32\vds.exe
    16:13:53.0068 5884 vds - ok
    16:13:53.0118 5884 [ da4da3f5e02943c2dc8c6ed875de68dd ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
    16:13:53.0168 5884 vga - ok
    16:13:53.0208 5884 [ 53e92a310193cb3c03bea963de7d9cfc ] VgaSave C:\Windows\System32\drivers\vga.sys
    16:13:53.0218 5884 VgaSave - ok
    16:13:53.0238 5884 [ 2ce2df28c83aeaf30084e1b1eb253cbb ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
    16:13:53.0258 5884 vhdmp - ok
    16:13:53.0278 5884 [ e5689d93ffe4e5d66c0178761240dd54 ] viaide C:\Windows\system32\drivers\viaide.sys
    16:13:53.0288 5884 viaide - ok
    16:13:53.0328 5884 [ d2aafd421940f640b407aefaaebd91b0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
    16:13:53.0348 5884 volmgr - ok
    16:13:53.0378 5884 [ a255814907c89be58b79ef2f189b843b ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
    16:13:53.0398 5884 volmgrx - ok
    16:13:53.0478 5884 [ 0d08d2f3b3ff84e433346669b5e0f639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
    16:13:53.0508 5884 volsnap - ok
    16:13:53.0608 5884 [ 1de8494eb32a68d2140fd120bab2de43 ] vseamps C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe
    16:13:53.0618 5884 vseamps - ok
    16:13:53.0688 5884 [ 53604f5091eb1100b930b7e34f593660 ] vsedsps C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe
    16:13:53.0708 5884 vsedsps - ok
    16:13:53.0788 5884 [ 54f18665937f657842bc195bd2cb489c ] vseqrts C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe
    16:13:53.0798 5884 vseqrts - ok
    16:13:53.0868 5884 [ 5e2016ea6ebaca03c04feac5f330d997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
    16:13:53.0888 5884 vsmraid - ok
    16:13:54.0074 5884 [ b60ba0bc31b0cb414593e169f6f21cc2 ] VSS C:\Windows\system32\vssvc.exe
    16:13:54.0136 5884 VSS - ok
    16:13:54.0152 5884 [ 36d4720b72b5c5d9cb2b9c29e9df67a1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
    16:13:54.0168 5884 vwifibus - ok
    16:13:54.0214 5884 [ 6a3d66263414ff0d6fa754c646612f3f ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
    16:13:54.0230 5884 vwififlt - ok
    16:13:54.0339 5884 [ 6a638fc4bfddc4d9b186c28c91bd1a01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
    16:13:54.0339 5884 vwifimp - ok
    16:13:54.0370 5884 [ 1c9d80cc3849b3788048078c26486e1a ] W32Time C:\Windows\system32\w32time.dll
    16:13:54.0402 5884 W32Time - ok
    16:13:54.0448 5884 [ f39fc224758290a3193c68c091e6f11a ] wacmoumonitor C:\Windows\system32\DRIVERS\wacmoumonitor.sys
    16:13:54.0464 5884 wacmoumonitor - ok
    16:13:54.0480 5884 [ e04d43c7d1641e95d35cae6086c7e350 ] wacommousefilter C:\Windows\system32\DRIVERS\wacommousefilter.sys
    16:13:54.0495 5884 wacommousefilter - ok
    16:13:54.0526 5884 [ 4e9440f4f152a7b944cb1663d3935a3e ] WacomPen C:\Windows\system32\drivers\wacompen.sys
    16:13:54.0542 5884 WacomPen - ok
    16:13:54.0558 5884 [ 53b03e71e88109a5c3c074a33889258a ] wacomvhid C:\Windows\system32\DRIVERS\wacomvhid.sys
    16:13:54.0573 5884 wacomvhid - ok
    16:13:54.0604 5884 [ 8b4255329edfba3ecfbd0714476fad38 ] WacomVKHid C:\Windows\system32\DRIVERS\WacomVKHid.sys
    16:13:54.0620 5884 WacomVKHid - ok
    16:13:54.0651 5884 [ 356afd78a6ed4457169241ac3965230c ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
    16:13:54.0667 5884 WANARP - ok
    16:13:54.0682 5884 [ 356afd78a6ed4457169241ac3965230c ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
    16:13:54.0682 5884 Wanarpv6 - ok
    16:13:54.0776 5884 [ 3cec96de223e49eaae3651fcf8faea6c ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
    16:13:54.0823 5884 WatAdminSvc - ok
    16:13:54.0901 5884 [ 78f4e7f5c56cb9716238eb57da4b6a75 ] wbengine C:\Windows\system32\wbengine.exe
    16:13:54.0994 5884 wbengine - ok
    16:13:55.0026 5884 [ 3aa101e8edab2db4131333f4325c76a3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
    16:13:55.0057 5884 WbioSrvc - ok
    16:13:55.0072 5884 [ 7368a2afd46e5a4481d1de9d14848edd ] wcncsvc C:\Windows\System32\wcncsvc.dll
    16:13:55.0135 5884 wcncsvc - ok
    16:13:55.0182 5884 [ 20f7441334b18cee52027661df4a6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
    16:13:55.0182 5884 WcsPlugInService - ok
    16:13:55.0228 5884 [ 72889e16ff12ba0f235467d6091b17dc ] Wd C:\Windows\system32\drivers\wd.sys
    16:13:55.0244 5884 Wd - ok
    16:13:55.0431 5884 [ d634cfe93e0cd001499d0d6d68890c9e ] WDBackup C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
    16:13:55.0540 5884 WDBackup - ok
    16:13:55.0587 5884 [ a3d04ebf5227886029b4532f20d026f7 ] WDC_SAM C:\Windows\system32\DRIVERS\wdcsam64.sys
    16:13:55.0603 5884 WDC_SAM - ok
    16:13:55.0681 5884 [ 2277cd5b13b18b6df5f80e8a84254ea7 ] WDDriveService C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
    16:13:55.0681 5884 WDDriveService - ok
    16:13:55.0806 5884 [ 441bd2d7b4f98134c3a4f9fa570fd250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
    16:13:55.0837 5884 Wdf01000 - ok
    16:13:55.0868 5884 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiServiceHost C:\Windows\system32\wdi.dll
    16:13:55.0868 5884 WdiServiceHost - ok
    16:13:55.0915 5884 [ bf1fc3f79b863c914687a737c2f3d681 ] WdiSystemHost C:\Windows\system32\wdi.dll
    16:13:55.0915 5884 WdiSystemHost - ok
    16:13:56.0133 5884 [ a578ae45097acad346c86c96f1c0d5a7 ] WDRulesService C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe
    16:13:56.0227 5884 WDRulesService - ok
    16:13:56.0289 5884 [ 3db6d04e1c64272f8b14eb8bc4616280 ] WebClient C:\Windows\System32\webclnt.dll
    16:13:56.0320 5884 WebClient - ok
    16:13:56.0367 5884 [ c749025a679c5103e575e3b48e092c43 ] Wecsvc C:\Windows\system32\wecsvc.dll
    16:13:56.0430 5884 Wecsvc - ok
    16:13:56.0445 5884 [ 7e591867422dc788b9e5bd337a669a08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
    16:13:56.0461 5884 wercplsupport - ok
    16:13:56.0492 5884 [ 6d137963730144698cbd10f202e9f251 ] WerSvc C:\Windows\System32\WerSvc.dll
    16:13:56.0508 5884 WerSvc - ok
    16:13:56.0554 5884 [ 611b23304bf067451a9fdee01fbdd725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
    16:13:56.0554 5884 WfpLwf - ok
    16:13:56.0570 5884 [ 05ecaec3e4529a7153b3136ceb49f0ec ] WIMMount C:\Windows\system32\drivers\wimmount.sys
    16:13:56.0586 5884 WIMMount - ok
    16:13:56.0617 5884 WinDefend - ok
    16:13:56.0648 5884 WinHttpAutoProxySvc - ok
    16:13:56.0742 5884 [ 19b07e7e8915d701225da41cb3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
    16:13:56.0773 5884 Winmgmt - ok
    16:13:56.0898 5884 [ bcb1310604aa415c4508708975b3931e ] WinRM C:\Windows\system32\WsmSvc.dll
    16:13:56.0991 5884 WinRM - ok
    16:13:57.0085 5884 [ fe88b288356e7b47b74b13372add906d ] WinUSB C:\Windows\system32\DRIVERS\WinUSB.sys
    16:13:57.0100 5884 WinUSB - ok
    16:13:57.0178 5884 [ 4fada86e62f18a1b2f42ba18ae24e6aa ] Wlansvc C:\Windows\System32\wlansvc.dll
    16:13:57.0194 5884 Wlansvc - ok
    16:13:57.0272 5884 [ 06c8fa1cf39de6a735b54d906ba791c6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
    16:13:57.0272 5884 wlcrasvc - ok
    16:13:57.0459 5884 [ 2bacd71123f42cea603f4e205e1ae337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    16:13:57.0709 5884 wlidsvc - ok
    16:13:57.0771 5884 [ f6ff8944478594d0e414d3f048f0d778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
    16:13:57.0787 5884 WmiAcpi - ok
    16:13:57.0880 5884 [ 38b84c94c5a8af291adfea478ae54f93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
    16:13:57.0896 5884 wmiApSrv - ok
    16:13:57.0912 5884 WMPNetworkSvc - ok
    16:13:57.0958 5884 [ 96c6e7100d724c69fcf9e7bf590d1dca ] WPCSvc C:\Windows\System32\wpcsvc.dll
    16:13:57.0974 5884 WPCSvc - ok
    16:13:57.0990 5884 [ 93221146d4ebbf314c29b23cd6cc391d ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
    16:13:58.0005 5884 WPDBusEnum - ok
    16:13:58.0052 5884 [ 6bcc1d7d2fd2453957c5479a32364e52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
    16:13:58.0052 5884 ws2ifsl - ok
    16:13:58.0083 5884 [ e8b1fe6669397d1772d8196df0e57a9e ] wscsvc C:\Windows\System32\wscsvc.dll
    16:13:58.0099 5884 wscsvc - ok
    16:13:58.0114 5884 WSearch - ok
    16:13:58.0255 5884 [ d9ef901dca379cfe914e9fa13b73b4c4 ] wuauserv C:\Windows\system32\wuaueng.dll
    16:13:58.0411 5884 wuauserv - ok
    16:13:58.0442 5884 [ d3381dc54c34d79b22cee0d65ba91b7c ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
    16:13:58.0458 5884 WudfPf - ok
    16:13:58.0504 5884 [ cf8d590be3373029d57af80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
    16:13:58.0520 5884 WUDFRd - ok
    16:13:58.0582 5884 [ 7a95c95b6c4cf292d689106bcae49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
    16:13:58.0598 5884 wudfsvc - ok
    16:13:58.0660 5884 [ ce8cf9de9cbfdaa318bd04d8be3fcada ] WwanSvc C:\Windows\System32\wwansvc.dll
    16:13:58.0692 5884 WwanSvc - ok
    16:13:58.0707 5884 ================ Scan global ===============================
    16:13:58.0785 5884 (ba0cd8c393e8c9f83354106093832c7b) C:\Windows\system32\basesrv.dll
    16:13:58.0832 5884 (eb6a48cc998e1090e44e8e7f1009a640) C:\Windows\system32\winsrv.dll
    16:13:58.0863 5884 (eb6a48cc998e1090e44e8e7f1009a640) C:\Windows\system32\winsrv.dll
    16:13:58.0910 5884 (d6160f9d869ba3af0b787f971db56368) C:\Windows\system32\sxssrv.dll
    16:13:58.0957 5884 (24acb7e5be595468e3b9aa488b9b4fcb) C:\Windows\system32\services.exe
    16:13:58.0972 5884 [Global] - ok
    16:13:58.0972 5884 ================ Scan MBR ==================================
    16:13:58.0988 5884 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
    16:13:58.0988 5884 Suspicious mbr (Forged): \Device\Harddisk0\DR0
    16:13:59.0097 5884 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
    16:13:59.0097 5884 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
    16:13:59.0113 5884 MBR (0x1B8) (e5fa06aca0d60ba9c870d0ef3d9898c9) \Device\Harddisk1\DR2
    16:14:04.0530 5884 \Device\Harddisk1\DR2 - ok
    16:14:04.0530 5884 ================ Scan VBR ==================================
    16:14:04.0562 5884 Boot (0x1200) (7b9c5f0ec4a3c25011f7654a51f11bc4) \Device\Harddisk0\DR0\Partition1
    16:14:04.0562 5884 \Device\Harddisk0\DR0\Partition1 - ok
    16:14:04.0655 5884 Boot (0x1200) (4666324b87581580b62beca8d57f0154) \Device\Harddisk0\DR0\Partition2
    16:14:04.0702 5884 \Device\Harddisk0\DR0\Partition2 - ok
    16:14:04.0764 5884 Boot (0x1200) (ef2c93a716d35abe0f8f0c8fcf1b6b0a) \Device\Harddisk0\DR0\Partition3
    16:14:04.0811 5884 \Device\Harddisk0\DR0\Partition3 - ok
    16:14:04.0827 5884 Boot (0x1200) (85971423b642ade55f86abd0de1d24d5) \Device\Harddisk1\DR2\Partition1
    16:14:04.0827 5884 \Device\Harddisk1\DR2\Partition1 - ok
    16:14:04.0827 5884 ============================================================
    16:14:04.0827 5884 Scan finished
    16:14:04.0827 5884 ============================================================
    16:14:04.0967 5820 Detected object count: 1
    16:14:04.0967 5820 Actual detected object count: 1
    16:14:24.0713 5820 \Device\Harddisk0\DR0\# - copied to quarantine
    16:14:24.0723 5820 \Device\Harddisk0\DR0 - copied to quarantine
    16:14:25.0463 5820 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
    16:14:25.0473 5820 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
    16:14:25.0483 5820 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
    16:14:25.0503 5820 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
    16:14:25.0743 5820 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
    16:14:25.0763 5820 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
    16:14:25.0763 5820 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
    16:14:25.0793 5820 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
    16:14:25.0803 5820 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
    16:14:25.0813 5820 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
    16:14:25.0823 5820 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
    16:14:25.0833 5820 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
    16:14:25.0893 5820 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
    16:14:25.0943 5820 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
    16:14:26.0051 5820 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
    16:14:26.0176 5820 \Device\Harddisk0\DR0 - ok
    16:14:27.0517 5820 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
    16:14:37.0035 4104 Deinitialize success
     
  9. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Good :)

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
    iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     
  10. UnluckyComp

    UnluckyComp TS Rookie Topic Starter Posts: 30

    I am trying to disable my AVG 2012 protection, but when I attempt opening it I get this screen. All I can do is close it. Capture.PNG
     
  11. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    If you read my instructions CAREFULY....you need to uninstall AVG using provided tool in order to run Combofix.
     
  12. UnluckyComp

    UnluckyComp TS Rookie Topic Starter Posts: 30

    I apologize, I misunderstood the part about AVG. Here is the ComboFix log

    ComboFix 12-08-17.03 - Britt 08/17/2012 19:23:52.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3563.2233 [GMT -4:00]
    Running from: c:\users\TEMP.Britt-HP\Desktop\ComboFix.exe
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Britt\AppData\Local\Microsoft\Windows\Temporary Internet Files\{2086B6AB-AB37-4CB3-8B56-9D0D6A3BD23E}.xps
    c:\users\Britt\AppData\Local\Microsoft\Windows\Temporary Internet Files\{3A24EF2E-E91F-481B-89A7-A1B5F11CC3F3}.xps
    c:\users\Britt\AppData\Local\Microsoft\Windows\Temporary Internet Files\{713D71F8-A1BD-49FF-8391-B2058A64564F}.xps
    c:\users\Britt\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C6C76292-3E02-413A-A4D4-ABC5761D757A}.xps
    c:\users\Britt\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F10C4420-7B71-41E4-B21C-4EEB621033C9}.xps
    c:\windows\svchost.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_KXESCORE
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-07-17 to 2012-08-17 )))))))))))))))))))))))))))))))
    .
    .
    2012-08-17 23:38 . 2012-08-17 23:38 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-08-17 21:48 . 2012-08-17 21:48 -------- d-----w- C:\FRST
    2012-08-17 21:00 . 2012-08-17 21:39 -------- d-----w- C:\_Exception1
    2012-08-17 20:14 . 2012-08-17 20:14 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-08-17 19:19 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{36C50DFB-E2A0-48BD-BF5D-91F96216595A}\mpengine.dll
    2012-08-17 19:01 . 2012-08-17 20:15 -------- d-----w- c:\users\TEMP
    2012-08-16 22:10 . 2012-08-16 22:10 -------- d-----w- c:\users\Britt\AppData\Roaming\Malwarebytes
    2012-08-16 22:10 . 2012-08-16 22:10 -------- d-----w- c:\programdata\Malwarebytes
    2012-08-16 22:10 . 2012-07-03 17:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-08-16 22:10 . 2012-08-17 20:54 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-08-16 20:56 . 2012-08-16 20:56 74703 ----a-w- c:\windows\SysWow64\mfc45.dat
    2012-08-16 19:05 . 2012-08-16 19:05 -------- d-----w- c:\users\Britt\AppData\Roaming\AVG2012
    2012-08-16 19:05 . 2012-08-16 19:05 -------- d-----w- c:\users\Britt\AppData\Local\AVG Secure Search
    2012-08-16 19:04 . 2012-08-16 19:04 -------- d-----w- c:\programdata\AVG Secure Search
    2012-08-16 19:04 . 2012-08-16 19:04 31080 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
    2012-08-16 19:04 . 2012-08-16 19:04 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
    2012-08-16 19:04 . 2012-08-16 19:04 -------- d-----w- c:\program files (x86)\AVG Secure Search
    2012-08-16 19:03 . 2012-08-16 19:03 -------- d-----w- c:\windows\SysWow64\drivers\AVG
    2012-08-16 19:00 . 2012-08-16 19:00 -------- d-----w- C:\$AVG
    2012-08-16 19:00 . 2012-08-17 20:54 -------- d-----w- c:\windows\system32\drivers\AVG
    2012-08-16 19:00 . 2012-08-17 20:52 -------- d-----w- c:\programdata\AVG2012
    2012-08-16 18:51 . 2012-08-16 21:28 -------- d-----w- c:\programdata\MFAData
    2012-08-16 18:51 . 2012-08-16 18:51 -------- d--h--w- c:\programdata\Common Files
    2012-08-16 03:10 . 2012-08-17 20:54 -------- d-----w- c:\program files (x86)\SpeedFan
    2012-08-15 23:14 . 2012-08-15 23:14 -------- d-----w- c:\windows\java
    2012-08-15 23:14 . 2012-08-15 23:14 -------- d-----w- c:\program files (x86)\Cellosoft
    2012-08-15 22:16 . 2012-08-15 22:16 -------- d-----w- c:\program files (x86)\Common Files\Java
    2012-08-15 22:15 . 2012-08-15 22:15 -------- d-----w- c:\program files (x86)\Oracle
    2012-08-15 22:14 . 2012-07-06 02:06 772544 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
    2012-08-15 21:56 . 2012-08-15 21:56 -------- d-----w- c:\programdata\Authentium
    2012-08-15 21:56 . 2012-08-15 21:56 -------- d-----w- c:\program files\Common Files\Authentium
    2012-08-15 21:56 . 2012-08-15 21:56 -------- d-----w- c:\program files (x86)\Common Files\Authentium
    2012-08-15 21:55 . 2012-08-02 15:21 160256 ----a-w- c:\windows\system32\iavlsp64.dll
    2012-08-15 21:55 . 2012-08-02 15:21 118784 ----a-w- c:\windows\SysWow64\iavlsp.dll
    2012-08-12 05:29 . 2012-08-12 05:29 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
    2012-08-12 05:23 . 2012-08-12 05:23 -------- d-----w- c:\windows\Sun
    2012-08-01 23:36 . 2012-08-01 23:36 -------- d-----w- c:\program files\Western Digital
    2012-07-28 04:45 . 2012-07-26 14:01 82160 ----a-w- c:\windows\system32\drivers\PDFsFilter.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-08-17 20:46 . 2012-04-12 16:51 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-08-17 20:46 . 2011-07-21 04:31 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-08-02 16:45 . 2012-02-12 06:30 56472 ----a-w- c:\windows\system32\iolobtdfg.exe
    2012-08-02 16:45 . 2012-02-12 06:30 25072 ----a-w- c:\windows\system32\smrgdf.exe
    2012-08-02 15:27 . 2012-02-12 06:30 2154576 ----a-w- c:\windows\system32\Incinerator64.dll
    2012-07-12 07:05 . 2011-11-24 02:09 59701280 ----a-w- c:\windows\system32\MRT.exe
    2012-07-06 02:06 . 2011-11-27 21:09 687544 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2012-06-12 03:08 . 2012-07-12 07:14 3148800 ----a-w- c:\windows\system32\win32k.sys
    2012-06-09 05:43 . 2012-07-11 15:07 14172672 ----a-w- c:\windows\system32\shell32.dll
    2012-06-06 06:06 . 2012-07-11 15:07 2004480 ----a-w- c:\windows\system32\msxml6.dll
    2012-06-06 06:06 . 2012-07-11 15:07 1881600 ----a-w- c:\windows\system32\msxml3.dll
    2012-06-06 06:02 . 2012-07-11 15:07 1133568 ----a-w- c:\windows\system32\cdosys.dll
    2012-06-06 05:05 . 2012-07-11 15:07 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
    2012-06-06 05:05 . 2012-07-11 15:07 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
    2012-06-06 05:03 . 2012-07-11 15:07 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
    2012-06-02 22:19 . 2012-06-21 17:44 38424 ----a-w- c:\windows\system32\wups.dll
    2012-06-02 22:19 . 2012-06-21 17:44 2428952 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 22:19 . 2012-06-21 17:44 57880 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 22:19 . 2012-06-21 17:44 44056 ----a-w- c:\windows\system32\wups2.dll
    2012-06-02 22:19 . 2012-06-21 17:44 701976 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-02 22:15 . 2012-06-21 17:44 2622464 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-02 22:15 . 2012-06-21 17:44 99840 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-02 19:19 . 2012-06-21 17:44 186752 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-02 19:15 . 2012-06-21 17:44 36864 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-02 12:49 . 2012-07-12 07:03 17807360 ----a-w- c:\windows\system32\mshtml.dll
    2012-06-02 12:17 . 2012-07-12 07:03 10924032 ----a-w- c:\windows\system32\ieframe.dll
    2012-06-02 12:12 . 2012-07-12 07:03 2311680 ----a-w- c:\windows\system32\jscript9.dll
    2012-06-02 12:05 . 2012-07-12 07:03 1346048 ----a-w- c:\windows\system32\urlmon.dll
    2012-06-02 12:05 . 2012-07-12 07:03 1392128 ----a-w- c:\windows\system32\wininet.dll
    2012-06-02 12:04 . 2012-07-12 07:03 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-06-02 12:04 . 2012-07-12 07:03 237056 ----a-w- c:\windows\system32\url.dll
    2012-06-02 12:03 . 2012-07-12 07:03 85504 ----a-w- c:\windows\system32\jsproxy.dll
    2012-06-02 12:01 . 2012-07-12 07:03 173056 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-06-02 12:00 . 2012-07-12 07:03 818688 ----a-w- c:\windows\system32\jscript.dll
    2012-06-02 11:59 . 2012-07-12 07:03 2144768 ----a-w- c:\windows\system32\iertutil.dll
    2012-06-02 11:57 . 2012-07-12 07:03 96768 ----a-w- c:\windows\system32\mshtmled.dll
    2012-06-02 11:57 . 2012-07-12 07:03 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-06-02 11:54 . 2012-07-12 07:03 248320 ----a-w- c:\windows\system32\ieui.dll
    2012-06-02 08:33 . 2012-07-12 07:03 1800192 ----a-w- c:\windows\SysWow64\jscript9.dll
    2012-06-02 08:25 . 2012-07-12 07:03 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
    2012-06-02 08:25 . 2012-07-12 07:03 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
    2012-06-02 08:20 . 2012-07-12 07:03 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2012-06-02 08:16 . 2012-07-12 07:03 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2012-06-02 05:50 . 2012-07-11 15:07 458704 ----a-w- c:\windows\system32\drivers\cng.sys
    2012-06-02 05:48 . 2012-07-11 15:07 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
    2012-06-02 05:48 . 2012-07-11 15:07 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2012-06-02 05:45 . 2012-07-11 15:07 340992 ----a-w- c:\windows\system32\schannel.dll
    2012-06-02 05:44 . 2012-07-11 15:07 307200 ----a-w- c:\windows\system32\ncrypt.dll
    2012-06-02 04:40 . 2012-07-11 15:07 22016 ----a-w- c:\windows\SysWow64\secur32.dll
    2012-06-02 04:40 . 2012-07-11 15:07 225280 ----a-w- c:\windows\SysWow64\schannel.dll
    2012-06-02 04:39 . 2012-07-11 15:07 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
    2012-06-02 04:34 . 2012-07-11 15:07 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
    2012-05-31 16:25 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
    2012-05-25 16:58 . 2012-05-25 16:58 173408 ----a-r- c:\windows\system32\drivers\amp.sys
    2012-05-25 16:58 . 2012-02-12 06:31 1496416 ----a-r- c:\windows\system32\drivers\ampse.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files (x86)\Windows Sidebar\Sidebar.exe" [2010-11-21 1174016]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-08-17 343168]
    "HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
    "HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-03-05 578944]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
    "WD Quick View"="c:\program files (x86)\Western Digital\WD Quick View\WDDMStatus.exe" [2012-06-14 5235128]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\EventSystem]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vseamps]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vsedsps]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vseqrts]
    @="Service"
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
    R2 ioloSystemService;iolo System Service;c:\program files (x86)\iolo\Common\Lib\ioloServiceManager.exe [x]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-17 250056]
    R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-30 113120]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
    R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
    R3 vseqrts;vseqrts;c:\program files\Common Files\Authentium\AntiVirus5\vseqrts.exe [2012-05-25 180576]
    R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2008-10-06 18216]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-16 1255736]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
    R4 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    R4 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-03-14 197504]
    R4 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-03-05 35200]
    R4 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2011-04-16 79488]
    S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2011-04-16 40064]
    S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [2012-04-17 31432]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-09-15 204288]
    S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-08-04 365568]
    S2 AMP;Active Malware Protection Minifilter Driver;c:\windows\system32\Drivers\amp.sys [2012-05-25 173408]
    S2 AMPSE;Active Malware Protection Support Driver;c:\windows\system32\Drivers\ampse.sys [2012-05-25 1496416]
    S2 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-02-17 682040]
    S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
    S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-11-30 2424424]
    S2 lxdx_device;lxdx_device;c:\windows\system32\lxdxcoms.exe [2010-02-04 1039872]
    S2 PDFsFilter;PDFsFilter;c:\windows\system32\DRIVERS\PDFsFilter.sys [2012-07-26 82160]
    S2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2008-12-11 3589416]
    S2 vseamps;vseamps;c:\program files\Common Files\Authentium\AntiVirus5\vseamps.exe [2012-05-25 121184]
    S2 vsedsps;vsedsps;c:\program files\Common Files\Authentium\AntiVirus5\vsedsps.exe [2012-05-25 119136]
    S2 WDBackup;WD Backup;c:\program files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [2012-06-14 1151424]
    S2 WDDriveService;WD Drive Manager;c:\program files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [2012-06-14 248248]
    S2 WDRulesService;WD Rules;c:\program files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [2012-06-14 1177536]
    S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-09-15 10206208]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-09-15 317952]
    S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-03-30 114704]
    S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088]
    S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [2012-04-12 1860672]
    S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-11-30 339048]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-11-30 539240]
    S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-12-16 47232]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-08-17 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-12 20:46]
    .
    2012-08-15 c:\windows\Tasks\HPCeeScheduleForBRITT-HP$.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
    .
    2012-08-03 c:\windows\Tasks\HPCeeScheduleForBritt.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-11-30 1128448]
    "SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-10-31 43320]
    "combofix"="c:\combofix\CF29419.3XE" [2010-11-21 345088]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    LSP: c:\windows\system32\iavlsp.dll
    TCP: DhcpNameServer = 192.168.1.1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKLM-Run-iolo Startup - c:\program files (x86)\iolo\Common\Lib\ioloLManager.exe
    SafeBoot-35874057.sys
    SafeBoot-AMP
    SafeBoot-AMPSE
    HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
    AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
    .
    **************************************************************************
    .
    Completion time: 2012-08-17 19:57:44 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-08-17 23:57
    .
    Pre-Run: 422,490,054,656 bytes free
    Post-Run: 423,039,614,976 bytes free
    .
    - - End Of File - - B5B808BE2E427EECC4C784E792C3C69E
     
  13. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Looks good :)

    Any current issues?

    =====================================

    I can see Authentium AntiVirus5 running.
    You have to decide which one AV program (AVG or Authentium AntiVirus5) you want to keep.
    Let me know.

    Next....

    Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
    Alternate download: http://www.filehippo.com/download_malwarebytes_anti_malware/
    NOTE. If you already have MBAM installed, update it before running the scan.

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform quick scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    Be sure to restart the computer IF MBAM asks you to do so.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    =====================================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  14. UnluckyComp

    UnluckyComp TS Rookie Topic Starter Posts: 30

    The laptop appears to be running fine besides logging me in as a temporary user and not showing my personal files. This bothers me because I write my own books on it, but I have those on an external hard drive anyway.
    I don't recall ever installing Authentium AntiVirus5 on my computer and do not see a file for it. I uninstalled my trial AVG so I am confused as to why this other program is shown.
     
  15. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    We'll remove Authentium manually.

    At this point you can reinstall AVG.

    What happens when you try to login as you?
     
  16. UnluckyComp

    UnluckyComp TS Rookie Topic Starter Posts: 30

    It logs me in, but as a temporary profile that cannot access my files and the changes I make are deleted each time I log on.
     
  17. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Are you getting any message?
     
  18. UnluckyComp

    UnluckyComp TS Rookie Topic Starter Posts: 30

    Here is the Malwarebytes log. I have reinstalled AVG 2012

    Malwarebytes Anti-Malware (Trial) 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.08.17.08

    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Britt :: BRITT-HP [administrator]

    Protection: Disabled

    8/17/2012 8:38:01 PM
    mbam-log-2012-08-17 (20-38-01).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 227067
    Time elapsed: 9 minute(s), 37 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
  19. UnluckyComp

    UnluckyComp TS Rookie Topic Starter Posts: 30

    After I log on and the computer is loading it says "Preparing your desktop..." which is not normal. Upon arriving to the desktop screen I receive the Windows message "You have been logged on with a temporary profile. You cannot access your files and files created in this profile will be deleted when you log off. To fix this, log off and try logging on later. Please see the event log for details or contact your system administrator."
    I am the system Administrator, but since I wasn't sure if it would impact the removal process I haven't done anything about it.
     
  20. Broni

    Broni Malware Annihilator Posts: 52,898   +344

  21. UnluckyComp

    UnluckyComp TS Rookie Topic Starter Posts: 30

    Thank you I am now logged in properly.
     
  22. UnluckyComp

    UnluckyComp TS Rookie Topic Starter Posts: 30

    I've been checking through all my programs and files to ensure everything is there and working. Currently the only issue I am having is firefox being slow and unresponsive and a few icons on my task bar showing up blank. I received a message upon opening firefox saying "Could not initialize the application's security component. The most likely cause is problems with files in your application's profile directory. Please check that this directory has no read/write restrictions and your hard disk is not full or close to full. It is recommended that you exit the application and fix the problem. If you continue to use this session, you might see incorrect application behavior."
     
  23. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Cool :)

    Due to the infection you may need to reinstall some programs.

    Go ahead with OTL.
     
  24. UnluckyComp

    UnluckyComp TS Rookie Topic Starter Posts: 30

    Fixed Firefox myself.
     
  25. UnluckyComp

    UnluckyComp TS Rookie Topic Starter Posts: 30

    OTL logfile created on: 8/17/2012 10:18:47 PM - Run 1
    OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Britt\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.48 Gb Total Physical Memory | 1.90 Gb Available Physical Memory | 54.50% Memory free
    6.96 Gb Paging File | 5.05 Gb Available in Paging File | 72.64% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 447.21 Gb Total Space | 393.64 Gb Free Space | 88.02% Space Free | Partition Type: NTFS
    Drive D: | 14.39 Gb Total Space | 1.60 Gb Free Space | 11.12% Space Free | Partition Type: NTFS
    Drive G: | 3.96 Gb Total Space | 1.10 Gb Free Space | 27.74% Space Free | Partition Type: FAT32

    Computer Name: BRITT-HP | User Name: Britt | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/08/17 22:17:18 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Britt\Desktop\OTL.exe
    PRC - [2012/08/17 20:51:39 | 001,162,848 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
    PRC - [2012/08/17 16:46:22 | 001,536,712 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
    PRC - [2012/07/29 21:45:29 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    PRC - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2012/07/04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe
    PRC - [2012/06/21 03:48:40 | 004,368,504 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgui.exe
    PRC - [2012/06/14 11:04:26 | 001,177,536 | R--- | M] (Western Digital ) -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe
    PRC - [2012/06/14 11:04:24 | 001,151,424 | R--- | M] (Western Digital ) -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe
    PRC - [2012/06/14 10:58:24 | 005,235,128 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe
    PRC - [2012/06/14 10:57:20 | 000,248,248 | R--- | M] (Western Digital) -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe
    PRC - [2012/06/13 03:48:50 | 002,321,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgfws.exe
    PRC - [2012/04/05 05:12:34 | 002,587,008 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
    PRC - [2012/03/05 13:38:38 | 000,578,944 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    PRC - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
    PRC - [2011/08/19 15:48:44 | 000,379,960 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    PRC - [2011/07/06 21:13:48 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe


    ========== Modules (No Company Name) ==========

    MOD - [2012/08/17 20:51:39 | 001,162,848 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
    MOD - [2012/08/17 16:46:21 | 009,465,032 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll
    MOD - [2012/08/16 15:04:32 | 000,132,704 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.0\SiteSafety.dll
    MOD - [2012/07/29 21:45:27 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
    MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2012/05/25 12:53:24 | 000,180,576 | ---- | M] (Commtouch, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseqrts.exe -- (vseqrts)
    SRV:64bit: - [2012/05/25 12:53:20 | 000,119,136 | R--- | M] (Commtouch, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vsedsps.exe -- (vsedsps)
    SRV:64bit: - [2012/05/25 12:53:12 | 000,121,184 | R--- | M] (Commtouch, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Authentium\AntiVirus5\vseamps.exe -- (vseamps)
    SRV:64bit: - [2011/11/29 22:33:07 | 000,302,592 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
    SRV:64bit: - [2011/09/15 18:12:12 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2011/08/04 04:04:58 | 000,365,568 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
    SRV:64bit: - [2011/02/17 01:47:28 | 000,682,040 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Auto\HPAuto.exe -- (HPAuto)
    SRV:64bit: - [2010/10/11 05:48:14 | 000,346,168 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
    SRV:64bit: - [2010/09/22 21:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
    SRV:64bit: - [2010/02/04 01:44:10 | 001,039,872 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxdxcoms.exe -- (lxdx_device)
    SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2008/12/11 14:05:32 | 003,589,416 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Windows\SysNative\Pen_Tablet.exe -- (TabletServicePen)
    SRV - [2012/08/17 16:46:23 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
    SRV - [2012/07/29 21:45:28 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
    SRV - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2012/07/04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
    SRV - [2012/06/14 11:04:26 | 001,177,536 | R--- | M] (Western Digital ) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe -- (WDRulesService)
    SRV - [2012/06/14 11:04:24 | 001,151,424 | R--- | M] (Western Digital ) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe -- (WDBackup)
    SRV - [2012/06/14 10:57:20 | 000,248,248 | R--- | M] (Western Digital) [Auto | Running] -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe -- (WDDriveService)
    SRV - [2012/06/13 03:48:50 | 002,321,560 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgfws.exe -- (avgfws)
    SRV - [2012/03/14 10:28:28 | 000,197,504 | ---- | M] (Hewlett-Packard Company) [Disabled | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
    SRV - [2012/03/05 13:38:38 | 000,035,200 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Disabled | Stopped] -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe -- (HPWMISVC)
    SRV - [2012/02/14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
    SRV - [2011/11/29 22:29:29 | 002,424,424 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe -- (IconMan_R)
    SRV - [2011/09/09 18:10:28 | 000,086,072 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe -- (HP Support Assistant Service)
    SRV - [2010/11/26 10:09:12 | 000,399,344 | ---- | M] (Roxio) [Disabled | Stopped] -- C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe -- (RoxioNow Service)
    SRV - [2010/10/12 13:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
    SRV - [2010/02/04 01:43:56 | 000,589,824 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lxdxcoms.exe -- (lxdx_device)
    SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2012/07/26 10:01:28 | 000,082,160 | ---- | M] (Raxco Software, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\PDFsFilter.sys -- (PDFsFilter)
    DRV:64bit: - [2012/05/25 12:58:30 | 000,173,408 | R--- | M] (Commtouch, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\amp.sys -- (AMP)
    DRV:64bit: - [2012/05/25 12:58:28 | 001,496,416 | R--- | M] (Commtouch, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\ampse.sys -- (AMPSE)
    DRV:64bit: - [2012/04/19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
    DRV:64bit: - [2012/04/17 08:25:02 | 000,031,432 | ---- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElRawDsk.sys -- (ElRawDisk)
    DRV:64bit: - [2012/04/12 19:45:04 | 001,860,672 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
    DRV:64bit: - [2012/03/19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
    DRV:64bit: - [2012/03/08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
    DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
    DRV:64bit: - [2012/02/22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
    DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2012/01/31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
    DRV:64bit: - [2011/12/23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
    DRV:64bit: - [2011/12/23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
    DRV:64bit: - [2011/12/23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
    DRV:64bit: - [2011/11/29 22:33:08 | 000,528,896 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
    DRV:64bit: - [2011/11/29 22:30:55 | 001,448,496 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2011/11/29 22:29:29 | 000,339,048 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsPStor.sys -- (RSPCIESTOR)
    DRV:64bit: - [2011/11/29 22:27:35 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2011/09/15 18:51:12 | 010,206,208 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
    DRV:64bit: - [2011/09/15 17:38:42 | 000,317,952 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
    DRV:64bit: - [2011/07/21 00:12:50 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/07/21 00:12:50 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/05/23 01:03:28 | 000,048,992 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd)
    DRV:64bit: - [2011/04/16 06:37:50 | 000,079,488 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
    DRV:64bit: - [2011/04/16 06:37:50 | 000,040,064 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
    DRV:64bit: - [2011/03/30 18:46:46 | 000,114,704 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
    DRV:64bit: - [2010/12/16 15:06:46 | 000,047,232 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
    DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/11/20 23:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
    DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
    DRV:64bit: - [2010/07/28 10:13:50 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)
    DRV:64bit: - [2010/02/18 12:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
    DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 17:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
    DRV:64bit: - [2009/06/10 17:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
    DRV:64bit: - [2009/06/10 17:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
    DRV:64bit: - [2009/06/10 16:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
    DRV:64bit: - [2009/06/10 16:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
    DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2008/10/06 13:53:26 | 000,018,216 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacmoumonitor.sys -- (wacmoumonitor)
    DRV:64bit: - [2008/08/18 17:45:00 | 000,015,272 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacomvhid.sys -- (wacomvhid)
    DRV:64bit: - [2008/05/06 17:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
    DRV:64bit: - [2007/02/16 14:12:36 | 000,012,848 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wacommousefilter.sys -- (wacommousefilter)
    DRV:64bit: - [2007/02/15 19:11:26 | 000,012,976 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WacomVKHid.sys -- (WacomVKHid)
    DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
    IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
    IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
    IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
    IE:64bit: - HKLM\..\SearchScopes\{C8F2DD3D-79C7-4C8A-B0B4-8649F4D0E67A}: "URL" = http://www.amazon.com/s/ref=azs_osd...ode=qs&index=aps&field-keywords={searchTerms}
    IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
    IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = http://search.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
    IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
    IE - HKLM\..\SearchScopes\{C8F2DD3D-79C7-4C8A-B0B4-8649F4D0E67A}: "URL" = http://www.amazon.com/s/ref=azs_osd...ode=qs&index=aps&field-keywords={searchTerms}
    IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
    IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/711-30572-11896-2/4?mpre=http://shop.ebay.com/?_nkw={searchTerms}


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...