Jump to content

Build Theme!
  •  
  • Infected?

Welcome to What the Tech - Register now for FREE

A community of volunteers who share their knowledge, and answer your tech questions. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more. This message, and all ads will be removed once you have signed in.

Create an Account Login to Account


Photo

Trojan will not delete [Solved]


  • This topic is locked This topic is locked
15 replies to this topic

#1 AnthonySzum

AnthonySzum

    Authentic Member

  • Authentic Member
  • PipPip
  • 102 posts

Posted 28 April 2012 - 11:48 AM

I was getting the "blue screen of death. Upon scanning with enod and malewarebytes, I found multiple threats that can not be deleted. Below is my log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:45:42 PM, on 4/28/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files (x86)\Panasonic\Ncr3\ncrcore3.exe
C:\Program Files (x86)\AIM\aim.exe
C:\Program Files (x86)\Panasonic\Ncr3\Ncrwd.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Justine\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: 94.63.147.17 www.bing.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Wajam IE BHO - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\wajam.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe
O4 - HKCU\..\Run: [Ncr3] C:\Program Files (x86)\Panasonic\Ncr3\ncrcore3.exe
O4 - HKCU\..\Run: [Aim] "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe (User 'Default user')
O4 - Global Startup: Snapfish PictureMover.lnk = C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {33704B0F-9EB7-434B-B752-EA6CFFB87423} (pmjpegaudio Class) - http://192.168.1.253:5000/JpegInst.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: CinemaNow Service - CinemaNow, Inc. - C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: hpqwmiex - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12118 bytes

Advertisement


#2 JonTom

JonTom

    SuperHelper

  • Classroom Teacher
  • 5,410 posts

Posted 30 April 2012 - 01:12 AM

Hello Anthony Szum and :welcome:

My name is JonTom

  • Malware Logs can sometimes take a lot of time to research and interpret.
  • Please be patient while I try to assist with your problem. If at any time you do not understand what is required, please ask for further explanation.
  • Please note that there is no "Quick Fix" to modern malware infections and we may need to use several different approaches to get your system clean.
  • Read every reply you receive carefully and thoroughly before carrying out the instructions. You may also find it helpful to print out the instructions you receive, as in some instances you may have to disconnect your computer from the Internet.
  • PLEASE NOTE: If you do not reply after 3 days your thread will be closed.

Upon scanning with enod and malewarebytes, I found multiple threats that can not be deleted

Please post the nod and MBAM logs for me to review.

I would also like to see the logs created from the following scans:

  • Please perform the following scan


    • Please download DDS from here and save it to your desktop.
    • Disable any script blocking protection (How to Disable your Security Programs)
    • Right click on the DDS icon and select "Run as Administrator" to run the tool (may take up to 3 minutes to run).
    • When done, DDS.txt will open.
    • After a few moments, attach.txt will open in a second window.
    • Save both reports to your desktop.
    • Please post the contents of the DDS.txt and Attach.txt logs in your next reply.

  • aswMBR


    • Download aswMBR.exe to your desktop.
    • Double click the aswMBR.exe to run it.
    • When asked if you want to download Avast's virus definitions please select Yes.
    • Click the "Scan" button to start scan.

    Posted Image

    • On completion of the scan click save log, save it to your desktop and post in your next reply.

    Posted Image

    Please post both DDS logs and the aswMBR log in your next reply.


#3 AnthonySzum

AnthonySzum

    Authentic Member

  • Authentic Member
  • PipPip
  • 102 posts

Posted 30 April 2012 - 12:43 PM

Below are my hht log, malwarebyte log, dds log, and aswMBR log. I had deleted my Nod32 antivirus after posting the original thread and installed Trend Micro Titanium but it does not create a log file.


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:11:56 PM, on 4/30/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files (x86)\Panasonic\Ncr3\ncrcore3.exe
C:\Program Files (x86)\AIM\aim.exe
C:\Program Files (x86)\BitTorrent\BitTorrent.exe
C:\Program Files (x86)\Panasonic\Ncr3\Ncrwd.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\Justine\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: 94.63.147.17 www.bing.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Trend Micro NSC BHO - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Wajam IE BHO - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\wajam.dll
O2 - BHO: TmBpIeBHO - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1102\7.1.1102\TmBpIe32.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe
O4 - HKCU\..\Run: [Ncr3] C:\Program Files (x86)\Panasonic\Ncr3\ncrcore3.exe
O4 - HKCU\..\Run: [Aim] "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe" /MINIMIZED
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe (User 'Default user')
O4 - Global Startup: Snapfish PictureMover.lnk = C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {33704B0F-9EB7-434B-B752-EA6CFFB87423} (pmjpegaudio Class) - http://192.168.1.253:5000/JpegInst.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1102\7.1.1102\TmBpIe32.dll
O18 - Protocol: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Trend Micro Solution Platform (Amsp) - Trend Micro Inc. - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
O23 - Service: CinemaNow Service - CinemaNow, Inc. - C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: hpqwmiex - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12709 bytes



Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.30.07

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Justine :: JUSTINE-HP [administrator]

Protection: Disabled

4/30/2012 2:15:00 PM
mbam-log-2012-04-30 (14-20-49).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 203177
Time elapsed: 5 minute(s), 28 second(s)

Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 4772 -> No action taken.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> No action taken.

(end)



.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Justine at 14:25:14 on 2012-04-30
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8151.6555 [GMT -4:00]
.
AV: Trend Micro Titanium Internet Security 2012 *Disabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}
SP: Trend Micro Titanium Internet Security 2012 *Disabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
C:\Program Files (x86)\Panasonic\Ncr3\ncrcore3.exe
C:\Program Files (x86)\AIM\aim.exe
C:\Program Files (x86)\Panasonic\Ncr3\Ncrwd.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\DllHost.exe
-netsvcs
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Wajam: {a7a6995d-6ee1-4fd1-a258-49395d5bf99c} - C:\Program Files (x86)\Wajam\IE\wajam.dll
BHO: TmBpIeBHO Class: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1102\7.1.1102\TmBpIe32.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe
uRun: [Ncr3] C:\Program Files (x86)\Panasonic\Ncr3\ncrcore3.exe
uRun: [Aim] "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US
uRun: [BitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe" /MINIMIZED
mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
dRun: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAPFI~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {33704B0F-9EB7-434B-B752-EA6CFFB87423} - hxxp://192.168.1.253:5000/JpegInst.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{499FE582-5E9E-4A2E-AB47-CF9564A27BDE} : DhcpNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll
BHO-X64: Trend Micro NSC BHO - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Wajam: {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\wajam.dll
BHO-X64: Wajam IE BHO - No File
BHO-X64: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1102\7.1.1102\TmBpIe32.dll
BHO-X64: TmBpIeBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
Hosts: 94.63.147.17 www.bing.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Justine\AppData\Roaming\Mozilla\Firefox\Profiles\o9uwaajs.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=20110830011347617&tb_oid=05-09-2011&tb_mrud=05-09-2011
FF - prefs.js: browser.search.selectedEngine - Search
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=2&q=
FF - prefs.js: network.proxy.type - 0
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\IPSFFPlgn\components\IPSFFPl.dll
FF - component: C:\Users\Justine\AppData\Roaming\Mozilla\Firefox\Profiles\o9uwaajs.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}\components\MailUtil.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\nphdplg.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
.
---- FIREFOX POLICIES ----
.
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 3af8e9670000000000006c626d601189
FF - user.js: extensions.BabylonToolbar_i.hardId - 3af8e9670000000000006c626d601189
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15455
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1723:18:02
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
, none);
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
.
============= SERVICES / DRIVERS ===============
.
R1 tmevtmgr;tmevtmgr;C:\Windows\system32\DRIVERS\tmevtmgr.sys --> C:\Windows\system32\DRIVERS\tmevtmgr.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-6-12 400368]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-10-6 13336]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2010-10-6 635416]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-6 2320920]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 tmeevw;tmeevw;C:\Windows\system32\DRIVERS\tmeevw.sys --> C:\Windows\system32\DRIVERS\tmeevw.sys [?]
R3 tmnciesc;tmnciesc;C:\Windows\system32\DRIVERS\tmnciesc.sys --> C:\Windows\system32\DRIVERS\tmnciesc.sys [?]
S2 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2012-4-28 275912]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-28 253088]
S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-04-30 18:14:08 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-04-30 18:14:07 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-29 17:22:53 -------- d-----w- C:\temp
2012-04-28 19:03:33 -------- d-----w- C:\Users\Justine\AppData\Local\Trend Micro
2012-04-28 19:03:00 67344 ----a-w- C:\Windows\System32\drivers\tmeevw.sys
2012-04-28 19:03:00 210704 ----a-w- C:\Windows\System32\drivers\tmnciesc.sys
2012-04-28 19:02:56 105744 ----a-w- C:\Windows\System32\drivers\tmtdi.sys
2012-04-28 19:02:54 91920 ----a-w- C:\Windows\System32\drivers\tmactmon.sys
2012-04-28 19:02:54 70928 ----a-w- C:\Windows\System32\drivers\tmevtmgr.sys
2012-04-28 19:02:54 167696 ----a-w- C:\Windows\System32\drivers\tmcomm.sys
2012-04-28 19:02:37 56 ----a-w- C:\Windows\System32\SupportTool.exe.bat
2012-04-28 19:02:26 -------- d-----w- C:\Program Files\Trend Micro
2012-04-28 19:01:59 -------- d-----w- C:\ProgramData\Trend Micro
2012-04-28 18:50:02 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-04-28 18:43:59 -------- d-----w- C:\Users\Justine\AppData\Local\CRE
2012-04-28 18:43:56 -------- d-----w- C:\Program Files (x86)\Conduit
2012-04-28 18:43:55 -------- d-----w- C:\Users\Justine\AppData\Local\Conduit
2012-04-28 18:43:25 -------- d-----w- C:\Program Files (x86)\BitTorrent
2012-04-28 18:42:02 -------- d-----w- C:\Users\Justine\AppData\Roaming\BitTorrent
2012-04-28 18:15:11 8766112 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-04-28 17:23:56 20480 ----a-w- C:\Windows\svchost.exe
2012-04-28 16:28:34 -------- d-----w- C:\Program Files (x86)\ESET
2012-04-28 16:25:16 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-28 16:12:31 -------- d-----w- C:\Users\Justine\AppData\Roaming\Malwarebytes
2012-04-28 16:12:24 -------- d-----w- C:\ProgramData\Malwarebytes
2012-04-28 16:08:19 -------- d-----w- C:\Program Files\CCleaner
2012-04-28 16:02:16 -------- d-sh--w- C:\AI_RecycleBin
2012-04-27 09:57:00 8917360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DA4F9BA7-E82E-4EDF-B39D-910B08177823}\mpengine.dll
2012-04-25 03:21:06 -------- d-sh--w- C:\Windows\SysWow64\AI_RecycleBin
2012-04-25 03:17:58 -------- d-----w- C:\Users\Justine\AppData\Local\Babylon
2012-04-25 03:17:57 -------- d-----w- C:\Users\Justine\AppData\Roaming\Babylon
2012-04-25 03:17:57 -------- d-----w- C:\ProgramData\Babylon
2012-04-25 03:17:44 -------- d-----w- C:\Program Files (x86)\Wajam
2012-04-25 03:17:25 -------- d-----w- C:\ProgramData\Tarma Installer
2012-04-15 07:00:18 80896 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-15 07:00:18 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-04-15 07:00:18 22896 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-15 07:00:18 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-15 07:00:18 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-15 07:00:18 158720 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-15 07:00:17 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-04 05:53:56 182160 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
.
==================== Find3M ====================
.
2012-04-28 18:15:15 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-23 14:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-02-15 06:27:54 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-02-15 05:44:57 826368 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-02-15 04:47:21 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-02-15 04:46:59 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-02-10 06:24:01 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-10 06:23:43 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll
2012-02-10 06:23:42 902656 ----a-w- C:\Windows\System32\d2d1.dll
2012-02-10 06:23:42 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll
2012-02-10 06:23:42 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2012-02-10 05:35:40 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-10 05:35:25 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-02-10 05:35:25 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2012-02-10 05:35:25 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2012-02-10 05:35:25 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2012-02-07 15:02:40 1070352 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2012-02-03 04:16:03 3143168 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 14:26:07.29 ===============




.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 10/20/2010 8:40:48 PM
System Uptime: 4/30/2012 2:06:20 PM (0 hours ago)
.
Motherboard: MSI | | 2A9C
Processor: Intel® Core™ i5 CPU 760 @ 2.80GHz | CPU 1 | 2801/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 686 GiB total, 566.979 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 1.479 GiB free.
E: is CDROM (UDF)
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e968-e325-11ce-bfc1-08002be10318}
Description: ATI Radeon HD 5450
Device ID: PCI\VEN_1002&DEV_68F9&SUBSYS_21311462&REV_00\4&30136BC7&0&0018
Manufacturer: ATI Technologies Inc.
Name: ATI Radeon HD 5450
PNP Device ID: PCI\VEN_1002&DEV_68F9&SUBSYS_21311462&REV_00\4&30136BC7&0&0018
Service: amdkmdap
.
==== System Restore Points ===================
.
RP160: 4/20/2012 1:19:56 AM - HPSF Restore Point
RP161: 4/20/2012 3:00:12 AM - Windows Update
RP162: 4/20/2012 5:56:39 AM - Windows Update
RP163: 4/21/2012 3:00:10 AM - Windows Update
RP164: 4/22/2012 3:00:10 AM - Windows Update
RP165: 4/23/2012 3:00:10 AM - Windows Update
RP166: 4/24/2012 3:00:10 AM - Windows Update
RP167: 4/24/2012 5:56:39 AM - Windows Update
RP168: 4/25/2012 3:00:14 AM - Windows Update
RP169: 4/26/2012 3:00:10 AM - Windows Update
RP170: 4/27/2012 3:00:10 AM - Windows Update
RP171: 4/27/2012 5:56:41 AM - Windows Update
RP172: 4/28/2012 3:00:10 AM - Windows Update
RP173: 4/28/2012 12:00:28 PM - Removed Fliptoast
RP174: 4/28/2012 3:14:24 PM - Windows Update
RP175: 4/30/2012 3:00:15 AM - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Adobe AIR
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3)
AIM 7
AOL Messaging Toolbar
Bejeweled 2 Deluxe
BitTorrent
Blackhawk Striker 2
Build-a-lot 2
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chuzzle Deluxe
CinemaNow Media Manager
CyberLink DVD Suite Deluxe
D3DX10
Diner Dash 2 Restaurant Rescue
Dora's Carnival Adventure
Download Updater (AOL LLC)
DVD Menu Pack for HP MediaSmart Video
Epson Event Manager
EPSON Scan
EpsonNet Print
EpsonNet Setup
Escape Rosecliff Island
ESET Online Scanner v3
FATE
Feedback Tool
Final Drive Nitro
Heroes of Hellas 2 - Olympia
Hewlett-Packard ACLM.NET v1.1.2.0
HP Advisor
HP Customer Experience Enhancements
HP Game Console
HP Games
HP MediaSmart CinemaNow 2.0
HP MediaSmart DVD
HP MediaSmart Music
HP MediaSmart Photo
HP MediaSmart Video
HP MediaSmart/TouchSmart Netflix
HP Odometer
HP Setup
HP Support Assistant
HP Support Information
HP Update
Hulu Desktop
HydraVision
Intel® Management Engine Components
Intel® Rapid Storage Technology
Jewel Quest 3
Jewel Quest Solitaire 2
Junk Mail filter update
Kobo
LabelPrint
LightScribe System Software
Malwarebytes Anti-Malware version 1.61.0.1400
Mesh Runtime
Messenger Companion
Microsoft Default Manager
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Click-to-Run 2010
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Starter 2010 - English
Microsoft Office Word MUI (English) 2007
Microsoft PowerPoint Viewer
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft WSE 3.0 Runtime
Movie Theme Pack for HP MediaSmart Video
Mozilla Firefox 11.0 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Network Camera Recorder with Viewer Software
Norton Online Backup
PDF Complete Special Edition
PDF Reader
Penguins!
PhotoNow!
PictureMover
Plants vs. Zombies
Poker Superstars III
Polar Bowler
Polar Golfer
Power2Go
PowerDirector
PressReader
Realtek High Definition Audio Driver
Recovery Manager
Roxio CinemaNow 2.0
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Shakespeare In Bits - Romeo and Juliet
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2598306) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Virtual Families
Virtual Villagers - The Secret City
Wheel of Fortune 2
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Zinio Reader 4
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
4/30/2012 3:00:48 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Windows 7 for x64-based Systems (KB2679255).
4/28/2012 12:24:53 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running.
4/28/2012 12:24:20 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
4/28/2012 12:24:20 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
4/28/2012 1:21:01 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
4/28/2012 1:21:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
4/28/2012 1:17:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
4/28/2012 1:17:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
4/28/2012 1:17:36 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
4/28/2012 1:17:35 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/28/2012 1:17:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
4/28/2012 1:17:06 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx64 DfsC discache eeCtrl IDSVia64 NetBIOS NetBT nsiproxy Psched rdbss spldr SRTSPX SymIRON SymNetS tdx Wanarpv6 WfpLwf
4/28/2012 1:17:02 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
4/28/2012 1:17:02 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
4/28/2012 1:17:02 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
4/28/2012 1:17:02 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
4/28/2012 1:17:02 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
4/28/2012 1:17:02 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
4/28/2012 1:17:02 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
4/28/2012 1:17:02 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
4/28/2012 1:17:02 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/28/2012 1:17:02 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
4/28/2012 1:17:02 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.
4/28/2012 1:17:01 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000001000000dd, 0x0000000000000002, 0x0000000000000001, 0xfffff80002ab2f95). A dump was saved in: C:\Windows\Minidump\042812-27300-01.dmp. Report Id: 042812-27300-01.
.
==== End Of File ===========================



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-30 14:28:41
-----------------------------
14:28:41.033 OS Version: Windows x64 6.1.7600
14:28:41.033 Number of processors: 4 586 0x1E05
14:28:41.033 ComputerName: JUSTINE-HP UserName: Justine
14:28:43.782 Initialize success
14:29:05.711 AVAST engine defs: 12043000
14:29:23.798 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:29:23.802 Disk 0 Vendor: ST375052 HP35 Size: 715404MB BusType: 8
14:29:23.807 Device \Driver\iaStor -> MajorFunction fffffa8009f8e5c4
14:29:23.812 Disk 0 MBR read successfully
14:29:23.818 Disk 0 MBR scan
14:29:23.826 Disk 0 unknown MBR code
14:29:23.846 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
14:29:23.871 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 702910 MB offset 206848
14:29:23.897 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 12392 MB offset 1439766528
14:29:23.962 Disk 0 scanning C:\Windows\system32\drivers
14:29:30.707 Service scanning
14:29:43.615 Modules scanning
14:29:43.643 Disk 0 trace - called modules:
14:29:43.648 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa8009f8e5c4]<<
14:29:43.652 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007ab9060]
14:29:43.656 3 CLASSPNP.SYS[fffff88001a9543f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80077bf050]
14:29:43.660 \Driver\iaStor[0xfffffa80079efdf0] -> IRP_MJ_CREATE -> 0xfffffa8009f8e5c4
14:29:51.366 AVAST engine scan C:\Windows
14:29:55.087 AVAST engine scan C:\Windows\system32
14:32:39.435 AVAST engine scan C:\Windows\system32\drivers
14:32:51.476 AVAST engine scan C:\Users\Justine
14:38:04.321 AVAST engine scan C:\ProgramData
14:40:20.090 Scan finished successfully
14:41:47.832 Disk 0 MBR has been saved successfully to "C:\Users\Justine\Desktop\Virus Help\MBR.dat"
14:41:47.836 The log file has been saved successfully to "C:\Users\Justine\Desktop\Virus Help\aswMBR.txt"

#4 JonTom

JonTom

    SuperHelper

  • Classroom Teacher
  • 5,410 posts

Posted 30 April 2012 - 02:17 PM

Hello Anthony Szum

Thank you for the logs.

There are a number of things that have to be dealt with on this machine. Lets begin with the following:

  • P2P Programs:


    • P2P programs are a major source of Malware infections.
    • From your log I see you have BitTorrent. We do not pass judgment on file-sharing, however we must inform you that engaging in this activity and having this kind of software installed on your system will always make you more susceptible to Malware infections.
    • The use of P2P programs may be contributing to your current situation, and you would certainly be doing yourself a favour by removing them.
    • If you wish to keep the program(s), please do not use them until your computer is cleaned.
    • Information regarding the risk of using these programs can be found from here and here.
    • It is strongly recommend that you uninstall any P2P programs you have on your system.
    • To do this, Click on the "Windows Orb" (bottom left hand corner of your screen), then on "Conrol Panel" and then on the "Programs and Features" tab.
    • A list of currently installed programs will be displayed.
    • Find the "BitTorrent" program, click on it once and then click on the "Uninstall" button.
    • If you are prompted to re-boot your computer to complete the uninstall please do so.


      PLEASE NOTE:
    • Even if you are using a P2P program that is deemed safe, it is only the program that is safe. Any files that you receive using a "safe" P2P program may be infected with Malware. The malware writers use P2P file-sharing as a major conduit to spread infected files.


    I would like to review a the log produced from the following tool (please do not elect to cure or quarantine anything at this time):

  • TDSS Killer


    • Please read carefully and follow these steps.
    • Download TDSSKiller and save it to your Desktop.
    • Extract its contents to your desktop.
    • Once extracted, open the TDSSKiller folder and Right click on TDSSKiller.exe and select "Run as Administrator" to run the application.
    • When the window opens, click on Change Parameters.
    • Under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”.
    • Click on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Skip.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

    Please post the TDSSKiller log in your next reply.


#5 AnthonySzum

AnthonySzum

    Authentic Member

  • Authentic Member
  • PipPip
  • 102 posts

Posted 02 May 2012 - 12:09 PM

14:06:24.0703 4712 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18 14:06:24.0957 4712 ============================================================ 14:06:24.0958 4712 Current date / time: 2012/05/02 14:06:24.0957 14:06:24.0958 4712 SystemInfo: 14:06:24.0958 4712 14:06:24.0958 4712 OS Version: 6.1.7600 ServicePack: 0.0 14:06:24.0958 4712 Product type: Workstation 14:06:24.0958 4712 ComputerName: JUSTINE-HP 14:06:24.0958 4712 UserName: Justine 14:06:24.0958 4712 Windows directory: C:\Windows 14:06:24.0958 4712 System windows directory: C:\Windows 14:06:24.0958 4712 Running under WOW64 14:06:24.0958 4712 Processor architecture: Intel x64 14:06:24.0958 4712 Number of processors: 4 14:06:24.0958 4712 Page size: 0x1000 14:06:24.0958 4712 Boot type: Normal boot 14:06:24.0958 4712 ============================================================ 14:06:26.0016 4712 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 14:06:26.0048 4712 ============================================================ 14:06:26.0048 4712 \Device\Harddisk0\DR0: 14:06:26.0048 4712 MBR partitions: 14:06:26.0048 4712 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 14:06:26.0048 4712 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x55CDF000 14:06:26.0048 4712 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x55D11800, BlocksNum 0x1834000 14:06:26.0048 4712 ============================================================ 14:06:26.0061 4712 C: <-> \Device\Harddisk0\DR0\Partition1 14:06:26.0200 4712 D: <-> \Device\Harddisk0\DR0\Partition2 14:06:26.0200 4712 ============================================================ 14:06:26.0200 4712 Initialize success 14:06:26.0200 4712 ============================================================ 14:07:28.0158 1272 ============================================================ 14:07:28.0158 1272 Scan started 14:07:28.0158 1272 Mode: Manual; 14:07:28.0158 1272 ============================================================ 14:07:36.0113 1272 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys 14:07:36.0120 1272 1394ohci - ok 14:07:36.0161 1272 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys 14:07:36.0166 1272 ACPI - ok 14:07:36.0182 1272 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys 14:07:36.0183 1272 AcpiPmi - ok 14:07:36.0384 1272 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 14:07:36.0385 1272 AdobeARMservice - ok 14:07:36.0609 1272 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 14:07:36.0614 1272 AdobeFlashPlayerUpdateSvc - ok 14:07:36.0692 1272 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 14:07:36.0697 1272 adp94xx - ok 14:07:36.0735 1272 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 14:07:36.0740 1272 adpahci - ok 14:07:36.0784 1272 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 14:07:36.0799 1272 adpu320 - ok 14:07:37.0184 1272 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll 14:07:37.0186 1272 AeLookupSvc - ok 14:07:37.0229 1272 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys 14:07:37.0233 1272 AFD - ok 14:07:37.0253 1272 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys 14:07:37.0255 1272 agp440 - ok 14:07:37.0361 1272 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe 14:07:37.0365 1272 ALG - ok 14:07:37.0369 1272 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys 14:07:37.0400 1272 aliide - ok 14:07:37.0812 1272 AMD External Events Utility (998021e7c3de3e97e441abace498ffb6) C:\Windows\system32\atiesrxx.exe 14:07:37.0821 1272 AMD External Events Utility - ok 14:07:37.0824 1272 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys 14:07:37.0833 1272 amdide - ok 14:07:37.0853 1272 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 14:07:37.0855 1272 AmdK8 - ok 14:07:40.0299 1272 amdkmdag (250d5b746fff9b7d88591ee60b63b3e4) C:\Windows\system32\DRIVERS\atikmdag.sys 14:07:40.0831 1272 amdkmdag - ok 14:07:40.0979 1272 amdkmdap (781daec0c3e63950cca53d193582f2e8) C:\Windows\system32\DRIVERS\atikmpag.sys 14:07:40.0998 1272 amdkmdap - ok 14:07:41.0062 1272 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 14:07:41.0091 1272 AmdPPM - ok 14:07:41.0241 1272 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys 14:07:41.0244 1272 amdsata - ok 14:07:41.0277 1272 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 14:07:41.0280 1272 amdsbs - ok 14:07:41.0290 1272 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys 14:07:41.0291 1272 amdxata - ok 14:07:41.0471 1272 Amsp (1b7d1f0a0dfadbc797c16364792a7aa5) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe 14:07:41.0475 1272 Amsp - ok 14:07:41.0525 1272 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys 14:07:41.0527 1272 AppID - ok 14:07:41.0622 1272 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll 14:07:41.0629 1272 AppIDSvc - ok 14:07:41.0798 1272 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll 14:07:41.0800 1272 Appinfo - ok 14:07:41.0813 1272 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 14:07:41.0816 1272 arc - ok 14:07:41.0826 1272 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 14:07:41.0829 1272 arcsas - ok 14:07:41.0848 1272 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 14:07:41.0849 1272 AsyncMac - ok 14:07:41.0899 1272 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys 14:07:41.0900 1272 atapi - ok 14:07:42.0108 1272 AtiHDAudioService (4bf5bca6e2608cd8a00bc4a6673a9f47) C:\Windows\system32\drivers\AtihdW76.sys 14:07:42.0110 1272 AtiHDAudioService - ok 14:07:42.0166 1272 AtiHdmiService (637e0753bd6deb8ea5314a5c357ec1a0) C:\Windows\system32\drivers\AtiHdmi.sys 14:07:42.0169 1272 AtiHdmiService - ok 14:07:42.0207 1272 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll 14:07:42.0217 1272 AudioEndpointBuilder - ok 14:07:42.0226 1272 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll 14:07:42.0233 1272 AudioSrv - ok 14:07:42.0277 1272 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll 14:07:42.0280 1272 AxInstSV - ok 14:07:42.0693 1272 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 14:07:42.0714 1272 b06bdrv - ok 14:07:42.0969 1272 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 14:07:42.0973 1272 b57nd60a - ok 14:07:42.0993 1272 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll 14:07:42.0995 1272 BDESVC - ok 14:07:43.0006 1272 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 14:07:43.0007 1272 Beep - ok 14:07:43.0123 1272 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll 14:07:43.0132 1272 BFE - ok 14:07:43.0183 1272 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll 14:07:43.0234 1272 BITS - ok 14:07:43.0425 1272 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 14:07:43.0427 1272 blbdrive - ok 14:07:43.0585 1272 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys 14:07:43.0587 1272 bowser - ok 14:07:43.0635 1272 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 14:07:43.0638 1272 BrFiltLo - ok 14:07:43.0654 1272 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 14:07:43.0663 1272 BrFiltUp - ok 14:07:43.0763 1272 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll 14:07:43.0766 1272 Browser - ok 14:07:43.0790 1272 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 14:07:43.0794 1272 Brserid - ok 14:07:43.0799 1272 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 14:07:43.0801 1272 BrSerWdm - ok 14:07:43.0803 1272 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 14:07:43.0805 1272 BrUsbMdm - ok 14:07:43.0810 1272 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 14:07:43.0811 1272 BrUsbSer - ok 14:07:43.0829 1272 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 14:07:43.0830 1272 BTHMODEM - ok 14:07:43.0852 1272 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll 14:07:43.0855 1272 bthserv - ok 14:07:44.0161 1272 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 14:07:44.0164 1272 cdfs - ok 14:07:44.0199 1272 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys 14:07:44.0202 1272 cdrom - ok 14:07:44.0226 1272 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll 14:07:44.0229 1272 CertPropSvc - ok 14:07:44.0343 1272 CinemaNow Service (ea3333db9ab03106eec0d6d9d487ed01) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe 14:07:44.0347 1272 CinemaNow Service - ok 14:07:44.0363 1272 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 14:07:44.0371 1272 circlass - ok 14:07:44.0618 1272 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 14:07:44.0631 1272 CLFS - ok 14:07:44.0684 1272 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 14:07:44.0686 1272 clr_optimization_v2.0.50727_32 - ok 14:07:44.0778 1272 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 14:07:44.0780 1272 clr_optimization_v2.0.50727_64 - ok 14:07:44.0818 1272 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 14:07:44.0819 1272 clr_optimization_v4.0.30319_32 - ok 14:07:44.0840 1272 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 14:07:44.0841 1272 clr_optimization_v4.0.30319_64 - ok 14:07:44.0867 1272 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 14:07:44.0924 1272 CmBatt - ok 14:07:44.0930 1272 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys 14:07:44.0932 1272 cmdide - ok 14:07:45.0027 1272 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys 14:07:45.0035 1272 CNG - ok 14:07:45.0049 1272 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 14:07:45.0051 1272 Compbatt - ok 14:07:45.0079 1272 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys 14:07:45.0081 1272 CompositeBus - ok 14:07:45.0090 1272 COMSysApp - ok 14:07:45.0101 1272 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 14:07:45.0103 1272 crcdisk - ok 14:07:45.0234 1272 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll 14:07:45.0237 1272 CryptSvc - ok 14:07:45.0627 1272 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE 14:07:45.0635 1272 cvhsvc - ok 14:07:45.0669 1272 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll 14:07:45.0678 1272 DcomLaunch - ok 14:07:45.0813 1272 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll 14:07:45.0819 1272 defragsvc - ok 14:07:45.0878 1272 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys 14:07:45.0881 1272 DfsC - ok 14:07:45.0926 1272 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll 14:07:45.0932 1272 Dhcp - ok 14:07:45.0947 1272 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 14:07:45.0949 1272 discache - ok 14:07:45.0976 1272 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 14:07:45.0978 1272 Disk - ok 14:07:46.0004 1272 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll 14:07:46.0008 1272 Dnscache - ok 14:07:46.0028 1272 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll 14:07:46.0034 1272 dot3svc - ok 14:07:46.0050 1272 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll 14:07:46.0053 1272 DPS - ok 14:07:46.0071 1272 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 14:07:46.0073 1272 drmkaud - ok 14:07:46.0183 1272 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys 14:07:46.0211 1272 DXGKrnl - ok 14:07:46.0279 1272 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll 14:07:46.0282 1272 EapHost - ok 14:07:47.0273 1272 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 14:07:47.0335 1272 ebdrv - ok 14:07:47.0431 1272 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe 14:07:47.0433 1272 EFS - ok 14:07:47.0847 1272 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe 14:07:47.0867 1272 ehRecvr - ok 14:07:47.0983 1272 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe 14:07:48.0000 1272 ehSched - ok 14:07:48.0276 1272 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 14:07:48.0284 1272 elxstor - ok 14:07:48.0348 1272 EpsonBidirectionalService (abdd5ad016affd34ad40e944ce94bf59) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe 14:07:48.0398 1272 EpsonBidirectionalService - ok 14:07:48.0608 1272 EPSON_EB_RPCV4_01 (b5581646636759d0dafa8b008881c079) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE 14:07:48.0628 1272 EPSON_EB_RPCV4_01 - ok 14:07:48.0644 1272 EPSON_PM_RPCV4_01 (1e345f2a2d95da3190596e691cde9342) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE 14:07:48.0663 1272 EPSON_PM_RPCV4_01 - ok 14:07:48.0675 1272 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys 14:07:48.0677 1272 ErrDev - ok 14:07:48.0794 1272 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll 14:07:48.0810 1272 EventSystem - ok 14:07:48.0832 1272 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 14:07:48.0836 1272 exfat - ok 14:07:48.0869 1272 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 14:07:48.0871 1272 fastfat - ok 14:07:48.0913 1272 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe 14:07:48.0922 1272 Fax - ok 14:07:48.0928 1272 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 14:07:48.0930 1272 fdc - ok 14:07:48.0954 1272 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll 14:07:48.0957 1272 fdPHost - ok 14:07:48.0965 1272 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll 14:07:48.0967 1272 FDResPub - ok 14:07:48.0997 1272 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 14:07:48.0999 1272 FileInfo - ok 14:07:49.0012 1272 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 14:07:49.0013 1272 Filetrace - ok 14:07:49.0018 1272 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 14:07:49.0019 1272 flpydisk - ok 14:07:49.0039 1272 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys 14:07:49.0041 1272 FltMgr - ok 14:07:49.0103 1272 FontCache (97223981a9214f1b4997e9075abb6bf5) C:\Windows\system32\FntCache.dll 14:07:49.0122 1272 FontCache - ok 14:07:49.0163 1272 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 14:07:49.0164 1272 FontCache3.0.0.0 - ok 14:07:49.0187 1272 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 14:07:49.0188 1272 FsDepends - ok 14:07:49.0224 1272 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys 14:07:49.0225 1272 fssfltr - ok 14:07:49.0429 1272 fsssvc (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe 14:07:49.0618 1272 fsssvc - ok 14:07:49.0703 1272 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys 14:07:49.0705 1272 Fs_Rec - ok 14:07:49.0736 1272 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys 14:07:49.0740 1272 fvevol - ok 14:07:49.0769 1272 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 14:07:49.0771 1272 gagp30kx - ok 14:07:49.0885 1272 GameConsoleService (ce16683cfd11fe70bde435dda5ea1fca) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe 14:07:49.0937 1272 GameConsoleService - ok 14:07:50.0022 1272 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll 14:07:50.0034 1272 gpsvc - ok 14:07:50.0120 1272 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 14:07:50.0122 1272 hcw85cir - ok 14:07:50.0164 1272 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys 14:07:50.0170 1272 HdAudAddService - ok 14:07:50.0193 1272 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys 14:07:50.0196 1272 HDAudBus - ok 14:07:50.0228 1272 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys 14:07:50.0230 1272 HECIx64 - ok 14:07:50.0234 1272 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 14:07:50.0236 1272 HidBatt - ok 14:07:50.0246 1272 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 14:07:50.0248 1272 HidBth - ok 14:07:50.0258 1272 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 14:07:50.0260 1272 HidIr - ok 14:07:50.0269 1272 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll 14:07:50.0271 1272 hidserv - ok 14:07:50.0279 1272 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys 14:07:50.0280 1272 HidUsb - ok 14:07:50.0301 1272 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll 14:07:50.0304 1272 hkmsvc - ok 14:07:50.0322 1272 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll 14:07:50.0326 1272 HomeGroupListener - ok 14:07:50.0343 1272 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll 14:07:50.0348 1272 HomeGroupProvider - ok 14:07:50.0445 1272 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe 14:07:50.0447 1272 HP Support Assistant Service - ok 14:07:50.0477 1272 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe 14:07:50.0497 1272 HPDrvMntSvc.exe - ok 14:07:50.0542 1272 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe 14:07:50.0583 1272 hpqwmiex - ok 14:07:50.0670 1272 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys 14:07:50.0672 1272 HpSAMD - ok 14:07:50.0787 1272 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys 14:07:50.0799 1272 HTTP - ok 14:07:50.0815 1272 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys 14:07:50.0816 1272 hwpolicy - ok 14:07:50.0886 1272 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys 14:07:50.0888 1272 i8042prt - ok 14:07:51.0269 1272 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys 14:07:51.0274 1272 iaStor - ok 14:07:51.0496 1272 IAStorDataMgrSvc (31a0e93cdf29007d6c6fffb632f375ed) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe 14:07:51.0498 1272 IAStorDataMgrSvc - ok 14:07:51.0566 1272 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys 14:07:51.0571 1272 iaStorV - ok 14:07:51.0646 1272 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 14:07:51.0657 1272 idsvc - ok 14:07:51.0675 1272 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 14:07:51.0676 1272 iirsp - ok 14:07:51.0704 1272 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll 14:07:51.0711 1272 IKEEXT - ok 14:07:51.0799 1272 IntcAzAudAddService (2b888bbdf6962e608a5e1a1d7a626adf) C:\Windows\system32\drivers\RTKVHD64.sys 14:07:51.0822 1272 IntcAzAudAddService - ok 14:07:52.0005 1272 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys 14:07:52.0007 1272 intelide - ok 14:07:52.0031 1272 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 14:07:52.0033 1272 intelppm - ok 14:07:52.0050 1272 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll 14:07:52.0053 1272 IPBusEnum - ok 14:07:52.0063 1272 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys 14:07:52.0065 1272 IpFilterDriver - ok 14:07:52.0133 1272 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll 14:07:52.0140 1272 iphlpsvc - ok 14:07:52.0148 1272 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys 14:07:52.0151 1272 IPMIDRV - ok 14:07:52.0175 1272 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 14:07:52.0177 1272 IPNAT - ok 14:07:52.0190 1272 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 14:07:52.0192 1272 IRENUM - ok 14:07:52.0196 1272 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys 14:07:52.0197 1272 isapnp - ok 14:07:52.0219 1272 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys 14:07:52.0222 1272 iScsiPrt - ok 14:07:52.0228 1272 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys 14:07:52.0229 1272 kbdclass - ok 14:07:52.0232 1272 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys 14:07:52.0234 1272 kbdhid - ok 14:07:52.0260 1272 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe 14:07:52.0262 1272 KeyIso - ok 14:07:52.0277 1272 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys 14:07:52.0279 1272 KSecDD - ok 14:07:52.0297 1272 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys 14:07:52.0299 1272 KSecPkg - ok 14:07:52.0304 1272 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 14:07:52.0305 1272 ksthunk - ok 14:07:52.0330 1272 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll 14:07:52.0336 1272 KtmRm - ok 14:07:52.0416 1272 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\system32\srvsvc.dll 14:07:52.0421 1272 LanmanServer - ok 14:07:52.0442 1272 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll 14:07:52.0445 1272 LanmanWorkstation - ok 14:07:52.0500 1272 LightScribeService (7550d101bf49fdb1f92666a233ee36c4) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe 14:07:52.0530 1272 LightScribeService - ok 14:07:52.0553 1272 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 14:07:52.0555 1272 lltdio - ok 14:07:52.0590 1272 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll 14:07:52.0596 1272 lltdsvc - ok 14:07:52.0612 1272 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll 14:07:52.0614 1272 lmhosts - ok 14:07:52.0744 1272 LMS (e38775922d4a4c05b5d96733ab4ce169) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe 14:07:52.0766 1272 LMS - ok 14:07:52.0788 1272 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 14:07:52.0790 1272 LSI_FC - ok 14:07:52.0798 1272 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 14:07:52.0800 1272 LSI_SAS - ok 14:07:52.0813 1272 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 14:07:52.0814 1272 LSI_SAS2 - ok 14:07:52.0824 1272 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 14:07:52.0826 1272 LSI_SCSI - ok 14:07:52.0845 1272 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 14:07:52.0846 1272 luafv - ok 14:07:52.0882 1272 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys 14:07:52.0884 1272 MBAMProtector - ok 14:07:53.0061 1272 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 14:07:53.0067 1272 MBAMService - ok 14:07:53.0129 1272 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys 14:07:53.0151 1272 mcdbus - ok 14:07:53.0195 1272 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll 14:07:53.0198 1272 Mcx2Svc - ok 14:07:53.0203 1272 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 14:07:53.0205 1272 megasas - ok 14:07:53.0232 1272 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 14:07:53.0237 1272 MegaSR - ok 14:07:53.0324 1272 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe 14:07:53.0343 1272 Microsoft Office Groove Audit Service - ok 14:07:53.0368 1272 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 14:07:53.0371 1272 MMCSS - ok 14:07:53.0395 1272 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 14:07:53.0397 1272 Modem - ok 14:07:53.0428 1272 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 14:07:53.0429 1272 monitor - ok 14:07:53.0464 1272 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 14:07:53.0465 1272 mouclass - ok 14:07:53.0472 1272 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 14:07:53.0474 1272 mouhid - ok 14:07:53.0490 1272 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys 14:07:53.0493 1272 mountmgr - ok 14:07:53.0537 1272 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 14:07:53.0539 1272 MozillaMaintenance - ok 14:07:53.0553 1272 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys 14:07:53.0557 1272 mpio - ok 14:07:53.0578 1272 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 14:07:53.0581 1272 mpsdrv - ok 14:07:53.0625 1272 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll 14:07:53.0636 1272 MpsSvc - ok 14:07:53.0655 1272 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys 14:07:53.0663 1272 MRxDAV - ok 14:07:53.0697 1272 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys 14:07:53.0700 1272 mrxsmb - ok 14:07:53.0727 1272 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys 14:07:53.0731 1272 mrxsmb10 - ok 14:07:53.0746 1272 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys 14:07:53.0749 1272 mrxsmb20 - ok 14:07:53.0769 1272 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys 14:07:53.0771 1272 msahci - ok 14:07:53.0786 1272 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys 14:07:53.0789 1272 msdsm - ok 14:07:53.0805 1272 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe 14:07:53.0808 1272 MSDTC - ok 14:07:53.0822 1272 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 14:07:53.0824 1272 Msfs - ok 14:07:53.0837 1272 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 14:07:53.0839 1272 mshidkmdf - ok 14:07:53.0853 1272 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys 14:07:53.0854 1272 msisadrv - ok 14:07:53.0882 1272 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll 14:07:53.0885 1272 MSiSCSI - ok 14:07:53.0888 1272 msiserver - ok 14:07:53.0893 1272 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 14:07:53.0895 1272 MSKSSRV - ok 14:07:53.0898 1272 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 14:07:53.0899 1272 MSPCLOCK - ok 14:07:53.0902 1272 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 14:07:53.0903 1272 MSPQM - ok 14:07:53.0932 1272 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys 14:07:53.0936 1272 MsRPC - ok 14:07:53.0952 1272 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys 14:07:53.0953 1272 mssmbios - ok 14:07:53.0967 1272 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 14:07:53.0969 1272 MSTEE - ok 14:07:53.0975 1272 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 14:07:53.0977 1272 MTConfig - ok 14:07:53.0994 1272 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 14:07:53.0995 1272 Mup - ok 14:07:54.0028 1272 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll 14:07:54.0035 1272 napagent - ok 14:07:54.0081 1272 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 14:07:54.0086 1272 NativeWifiP - ok 14:07:54.0189 1272 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys 14:07:54.0202 1272 NDIS - ok 14:07:54.0220 1272 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 14:07:54.0222 1272 NdisCap - ok 14:07:54.0265 1272 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 14:07:54.0267 1272 NdisTapi - ok 14:07:54.0371 1272 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys 14:07:54.0386 1272 Ndisuio - ok 14:07:54.0407 1272 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys 14:07:54.0410 1272 NdisWan - ok 14:07:54.0418 1272 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys 14:07:54.0420 1272 NDProxy - ok 14:07:54.0438 1272 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 14:07:54.0440 1272 NetBIOS - ok 14:07:54.0460 1272 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys 14:07:54.0465 1272 NetBT - ok 14:07:54.0482 1272 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe 14:07:54.0485 1272 Netlogon - ok 14:07:54.0512 1272 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll 14:07:54.0519 1272 Netman - ok 14:07:54.0567 1272 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll 14:07:54.0575 1272 netprofm - ok 14:07:54.0754 1272 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 14:07:54.0765 1272 NetTcpPortSharing - ok 14:07:54.0855 1272 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 14:07:54.0857 1272 nfrd960 - ok 14:07:54.0886 1272 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll 14:07:54.0891 1272 NlaSvc - ok 14:07:55.0096 1272 NOBU (5839a8027d6d324a7cd494051a96628c) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe 14:07:55.0120 1272 NOBU - ok 14:07:55.0193 1272 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 14:07:55.0196 1272 Npfs - ok 14:07:55.0211 1272 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll 14:07:55.0214 1272 nsi - ok 14:07:55.0222 1272 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 14:07:55.0223 1272 nsiproxy - ok 14:07:55.0434 1272 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys 14:07:55.0460 1272 Ntfs - ok 14:07:55.0584 1272 NuidFltr (d4012918d3a3847b44b888d56bc095d6) C:\Windows\system32\DRIVERS\NuidFltr.sys 14:07:55.0586 1272 NuidFltr - ok 14:07:55.0594 1272 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 14:07:55.0595 1272 Null - ok 14:07:55.0745 1272 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys 14:07:55.0783 1272 nvraid - ok 14:07:56.0060 1272 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys 14:07:56.0068 1272 nvstor - ok 14:07:56.0099 1272 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys 14:07:56.0102 1272 nv_agp - ok 14:07:56.0237 1272 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 14:07:56.0244 1272 odserv - ok 14:07:56.0256 1272 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys 14:07:56.0258 1272 ohci1394 - ok 14:07:56.0306 1272 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 14:07:56.0310 1272 ose - ok 14:07:56.0687 1272 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 14:07:56.0876 1272 osppsvc - ok 14:07:56.0977 1272 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 14:07:56.0984 1272 p2pimsvc - ok 14:07:57.0077 1272 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll 14:07:57.0085 1272 p2psvc - ok 14:07:57.0121 1272 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 14:07:57.0123 1272 Parport - ok 14:07:57.0141 1272 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys 14:07:57.0142 1272 partmgr - ok 14:07:57.0347 1272 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll 14:07:57.0352 1272 PcaSvc - ok 14:07:57.0640 1272 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys 14:07:57.0673 1272 pci - ok 14:07:57.0684 1272 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys 14:07:57.0686 1272 pciide - ok 14:07:57.0704 1272 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 14:07:57.0708 1272 pcmcia - ok 14:07:57.0724 1272 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 14:07:57.0725 1272 pcw - ok 14:07:57.0827 1272 pdfcDispatcher - ok 14:07:58.0412 1272 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 14:07:58.0432 1272 PEAUTH - ok 14:07:58.0573 1272 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe 14:07:58.0576 1272 PerfHost - ok 14:07:58.0678 1272 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll 14:07:58.0706 1272 pla - ok 14:07:58.0788 1272 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll 14:07:58.0796 1272 PlugPlay - ok 14:07:58.0813 1272 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll 14:07:58.0817 1272 PNRPAutoReg - ok 14:07:58.0840 1272 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 14:07:58.0845 1272 PNRPsvc - ok 14:07:59.0142 1272 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll 14:07:59.0160 1272 PolicyAgent - ok 14:07:59.0183 1272 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll 14:07:59.0188 1272 Power - ok 14:07:59.0259 1272 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys 14:07:59.0262 1272 PptpMiniport - ok 14:07:59.0276 1272 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 14:07:59.0279 1272 Processor - ok 14:07:59.0303 1272 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll 14:07:59.0308 1272 ProfSvc - ok 14:07:59.0328 1272 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe 14:07:59.0330 1272 ProtectedStorage - ok 14:07:59.0346 1272 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys 14:07:59.0349 1272 Psched - ok 14:07:59.0544 1272 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 14:07:59.0600 1272 ql2300 - ok 14:07:59.0802 1272 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 14:07:59.0805 1272 ql40xx - ok 14:07:59.0829 1272 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll 14:07:59.0835 1272 QWAVE - ok 14:07:59.0850 1272 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 14:07:59.0852 1272 QWAVEdrv - ok 14:07:59.0856 1272 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 14:07:59.0857 1272 RasAcd - ok 14:07:59.0887 1272 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 14:07:59.0889 1272 RasAgileVpn - ok 14:07:59.0904 1272 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll 14:07:59.0906 1272 RasAuto - ok 14:07:59.0922 1272 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys 14:07:59.0924 1272 Rasl2tp - ok 14:07:59.0941 1272 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll 14:07:59.0946 1272 RasMan - ok 14:07:59.0955 1272 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 14:07:59.0958 1272 RasPppoe - ok 14:08:00.0112 1272 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 14:08:00.0115 1272 RasSstp - ok 14:08:00.0144 1272 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys 14:08:00.0149 1272 rdbss - ok 14:08:00.0165 1272 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 14:08:00.0168 1272 rdpbus - ok 14:08:00.0214 1272 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 14:08:00.0216 1272 RDPCDD - ok 14:08:00.0223 1272 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 14:08:00.0225 1272 RDPENCDD - ok 14:08:00.0231 1272 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 14:08:00.0233 1272 RDPREFMP - ok 14:08:00.0357 1272 RDPWD (074ac702d8b8b660b0e1371555995386) C:\Windows\system32\drivers\RDPWD.sys 14:08:00.0369 1272 RDPWD - ok 14:08:00.0391 1272 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys 14:08:00.0394 1272 rdyboost - ok 14:08:00.0434 1272 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll 14:08:00.0438 1272 RemoteAccess - ok 14:08:00.0464 1272 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll 14:08:00.0469 1272 RemoteRegistry - ok 14:08:00.0485 1272 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll 14:08:00.0488 1272 RpcEptMapper - ok 14:08:00.0496 1272 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe 14:08:00.0498 1272 RpcLocator - ok 14:08:00.0666 1272 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll 14:08:00.0673 1272 RpcSs - ok 14:08:00.0726 1272 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 14:08:00.0729 1272 rspndr - ok 14:08:00.0926 1272 RTL8167 (7ea8d2eb9bbfd2ab8a3117a1e96d3b3a) C:\Windows\system32\DRIVERS\Rt64win7.sys 14:08:00.0937 1272 RTL8167 - ok 14:08:00.0959 1272 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe 14:08:00.0961 1272 SamSs - ok 14:08:01.0021 1272 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys 14:08:01.0024 1272 sbp2port - ok 14:08:01.0057 1272 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll 14:08:01.0068 1272 SCardSvr - ok 14:08:01.0080 1272 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys 14:08:01.0082 1272 scfilter - ok 14:08:01.0197 1272 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll 14:08:01.0236 1272 Schedule - ok 14:08:01.0261 1272 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll 14:08:01.0263 1272 SCPolicySvc - ok 14:08:01.0300 1272 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll 14:08:01.0305 1272 SDRSVC - ok 14:08:01.0335 1272 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 14:08:01.0337 1272 secdrv - ok 14:08:01.0350 1272 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll 14:08:01.0353 1272 seclogon - ok 14:08:01.0365 1272 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll 14:08:01.0369 1272 SENS - ok 14:08:01.0379 1272 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll 14:08:01.0382 1272 SensrSvc - ok 14:08:01.0459 1272 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 14:08:01.0461 1272 Serenum - ok 14:08:01.0470 1272 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 14:08:01.0473 1272 Serial - ok 14:08:01.0490 1272 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 14:08:01.0491 1272 sermouse - ok 14:08:01.0522 1272 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll 14:08:01.0525 1272 SessionEnv - ok 14:08:01.0548 1272 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys 14:08:01.0550 1272 sffdisk - ok 14:08:01.0612 1272 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys 14:08:01.0613 1272 sffp_mmc - ok 14:08:01.0624 1272 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys 14:08:01.0626 1272 sffp_sd - ok 14:08:01.0631 1272 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 14:08:01.0633 1272 sfloppy - ok 14:08:01.0676 1272 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys 14:08:01.0684 1272 Sftfs - ok 14:08:01.0925 1272 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe 14:08:01.0970 1272 sftlist - ok 14:08:02.0121 1272 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys 14:08:02.0124 1272 Sftplay - ok 14:08:02.0136 1272 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys 14:08:02.0137 1272 Sftredir - ok 14:08:02.0152 1272 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys 14:08:02.0153 1272 Sftvol - ok 14:08:02.0172 1272 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe 14:08:02.0216 1272 sftvsa - ok 14:08:02.0251 1272 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll 14:08:02.0255 1272 SharedAccess - ok 14:08:02.0322 1272 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll 14:08:02.0330 1272 ShellHWDetection - ok 14:08:02.0372 1272 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 14:08:02.0374 1272 SiSRaid2 - ok 14:08:02.0381 1272 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 14:08:02.0384 1272 SiSRaid4 - ok 14:08:02.0403 1272 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 14:08:02.0405 1272 Smb - ok 14:08:02.0429 1272 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe 14:08:02.0432 1272 SNMPTRAP - ok 14:08:02.0443 1272 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 14:08:02.0445 1272 spldr - ok 14:08:02.0481 1272 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe 14:08:02.0488 1272 Spooler - ok 14:08:02.0874 1272 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe 14:08:02.0902 1272 sppsvc - ok 14:08:03.0364 1272 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll 14:08:03.0368 1272 sppuinotify - ok 14:08:03.0412 1272 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys 14:08:03.0422 1272 srv - ok 14:08:03.0459 1272 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys 14:08:03.0467 1272 srv2 - ok 14:08:03.0498 1272 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys 14:08:03.0501 1272 srvnet - ok 14:08:03.0567 1272 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll 14:08:03.0572 1272 SSDPSRV - ok 14:08:03.0585 1272 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll 14:08:03.0590 1272 SstpSvc - ok 14:08:03.0610 1272 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 14:08:03.0612 1272 stexstor - ok 14:08:03.0646 1272 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll 14:08:03.0653 1272 stisvc - ok 14:08:03.0677 1272 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys 14:08:03.0678 1272 swenum - ok 14:08:03.0895 1272 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll 14:08:03.0904 1272 swprv - ok 14:08:04.0014 1272 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll 14:08:04.0081 1272 SysMain - ok 14:08:04.0372 1272 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll 14:08:04.0376 1272 TabletInputService - ok 14:08:04.0397 1272 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll 14:08:04.0404 1272 TapiSrv - ok 14:08:04.0421 1272 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll 14:08:04.0425 1272 TBS - ok 14:08:05.0083 1272 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys 14:08:05.0114 1272 Tcpip - ok 14:08:05.0758 1272 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys 14:08:05.0775 1272 TCPIP6 - ok 14:08:06.0188 1272 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys 14:08:06.0190 1272 tcpipreg - ok 14:08:06.0204 1272 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 14:08:06.0206 1272 TDPIPE - ok 14:08:06.0236 1272 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys 14:08:06.0238 1272 TDTCP - ok 14:08:06.0264 1272 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys 14:08:06.0267 1272 tdx - ok 14:08:06.0281 1272 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys 14:08:06.0283 1272 TermDD - ok 14:08:06.0617 1272 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll 14:08:06.0638 1272 TermService - ok 14:08:06.0652 1272 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll 14:08:06.0656 1272 Themes - ok 14:08:06.0680 1272 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 14:08:06.0682 1272 THREADORDER - ok 14:08:06.0755 1272 tmactmon (e386dd8ec68c67ca3e2a3abdc1df5c56) C:\Windows\system32\DRIVERS\tmactmon.sys 14:08:06.0757 1272 tmactmon - ok 14:08:06.0826 1272 tmcomm (ab011c569487fd65c8944ddf8cbb2572) C:\Windows\system32\DRIVERS\tmcomm.sys 14:08:06.0829 1272 tmcomm - ok 14:08:06.0845 1272 tmeevw (1161f882b3cfa8076870a09924e0adc2) C:\Windows\system32\DRIVERS\tmeevw.sys 14:08:06.0847 1272 tmeevw - ok 14:08:06.0866 1272 tmevtmgr (8870a3d7305455b47adccd226f8e51bc) C:\Windows\system32\DRIVERS\tmevtmgr.sys 14:08:06.0868 1272 tmevtmgr - ok 14:08:07.0107 1272 tmnciesc (f0ae672ee91e7f1ef24644621b57ca7f) C:\Windows\system32\DRIVERS\tmnciesc.sys 14:08:07.0110 1272 tmnciesc - ok 14:08:07.0174 1272 tmtdi (065cb7d9278d778fb9ef62cead01433f) C:\Windows\system32\DRIVERS\tmtdi.sys 14:08:07.0176 1272 tmtdi - ok 14:08:07.0203 1272 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll 14:08:07.0207 1272 TrkWks - ok 14:08:07.0278 1272 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe 14:08:07.0280 1272 TrustedInstaller - ok 14:08:07.0346 1272 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys 14:08:07.0349 1272 tssecsrv - ok 14:08:07.0373 1272 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys 14:08:07.0376 1272 tunnel - ok 14:08:07.0398 1272 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 14:08:07.0401 1272 uagp35 - ok 14:08:07.0433 1272 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys 14:08:07.0438 1272 udfs - ok 14:08:07.0574 1272 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe 14:08:07.0578 1272 UI0Detect - ok 14:08:07.0750 1272 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys 14:08:07.0753 1272 uliagpkx - ok 14:08:07.0767 1272 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys 14:08:07.0769 1272 umbus - ok 14:08:07.0791 1272 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 14:08:07.0792 1272 UmPass - ok 14:08:08.0362 1272 UNS (02c298382359653bec4c737c2ab7f9c5) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe 14:08:08.0374 1272 UNS - ok 14:08:08.0719 1272 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll 14:08:08.0728 1272 upnphost - ok 14:08:08.0753 1272 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys 14:08:08.0756 1272 usbccgp - ok 14:08:08.0870 1272 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys 14:08:08.0874 1272 usbcir - ok 14:08:08.0925 1272 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\drivers\usbehci.sys 14:08:08.0927 1272 usbehci - ok 14:08:08.0965 1272 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys 14:08:08.0973 1272 usbhub - ok 14:08:08.0995 1272 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys 14:08:08.0997 1272 usbohci - ok 14:08:09.0017 1272 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 14:08:09.0019 1272 usbprint - ok 14:08:09.0037 1272 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys 14:08:09.0039 1272 usbscan - ok 14:08:09.0063 1272 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS 14:08:09.0066 1272 USBSTOR - ok 14:08:09.0125 1272 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys 14:08:09.0127 1272 usbuhci - ok 14:08:09.0175 1272 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll 14:08:09.0178 1272 UxSms - ok 14:08:09.0227 1272 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe 14:08:09.0229 1272 VaultSvc - ok 14:08:09.0273 1272 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys 14:08:09.0275 1272 vdrvroot - ok 14:08:09.0471 1272 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe 14:08:09.0481 1272 vds - ok 14:08:09.0500 1272 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 14:08:09.0502 1272 vga - ok 14:08:09.0516 1272 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 14:08:09.0518 1272 VgaSave - ok 14:08:09.0535 1272 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys 14:08:09.0538 1272 vhdmp - ok 14:08:09.0543 1272 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys 14:08:09.0545 1272 viaide - ok 14:08:09.0639 1272 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys 14:08:09.0650 1272 volmgr - ok 14:08:09.0677 1272 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys 14:08:09.0682 1272 volmgrx - ok 14:08:09.0695 1272 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys 14:08:09.0699 1272 volsnap - ok 14:08:09.0813 1272 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 14:08:09.0817 1272 vsmraid - ok 14:08:09.0940 1272 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe 14:08:09.0991 1272 VSS - ok 14:08:10.0174 1272 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys 14:08:10.0175 1272 vwifibus - ok 14:08:10.0217 1272 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll 14:08:10.0221 1272 W32Time - ok 14:08:10.0227 1272 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 14:08:10.0228 1272 WacomPen - ok 14:08:10.0253 1272 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys 14:08:10.0254 1272 WANARP - ok 14:08:10.0256 1272 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys 14:08:10.0257 1272 Wanarpv6 - ok 14:08:10.0360 1272 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe 14:08:10.0375 1272 WatAdminSvc - ok 14:08:10.0515 1272 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe 14:08:10.0550 1272 wbengine - ok 14:08:10.0624 1272 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll 14:08:10.0629 1272 WbioSrvc - ok 14:08:10.0660 1272 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll 14:08:10.0665 1272 wcncsvc - ok 14:08:10.0675 1272 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll 14:08:10.0678 1272 WcsPlugInService - ok 14:08:10.0753 1272 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 14:08:10.0755 1272 Wd - ok 14:08:10.0834 1272 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 14:08:10.0844 1272 Wdf01000 - ok 14:08:10.0863 1272 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 14:08:10.0867 1272 WdiServiceHost - ok 14:08:10.0870 1272 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 14:08:10.0873 1272 WdiSystemHost - ok 14:08:10.0912 1272 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll 14:08:10.0919 1272 WebClient - ok 14:08:10.0941 1272 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll 14:08:10.0947 1272 Wecsvc - ok 14:08:10.0962 1272 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll 14:08:10.0966 1272 wercplsupport - ok 14:08:10.0993 1272 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll 14:08:10.0997 1272 WerSvc - ok 14:08:11.0011 1272 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 14:08:11.0013 1272 WfpLwf - ok 14:08:11.0067 1272 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 14:08:11.0074 1272 WIMMount - ok 14:08:11.0123 1272 WinDefend - ok 14:08:11.0130 1272 WinHttpAutoProxySvc - ok 14:08:11.0275 1272 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll 14:08:11.0280 1272 Winmgmt - ok 14:08:11.0352 1272 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll 14:08:11.0408 1272 WinRM - ok 14:08:11.0614 1272 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll 14:08:11.0636 1272 Wlansvc - ok 14:08:11.0682 1272 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe 14:08:11.0683 1272 wlcrasvc - ok 14:08:11.0960 1272 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 14:08:11.0994 1272 wlidsvc - ok 14:08:12.0297 1272 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys 14:08:12.0298 1272 WmiAcpi - ok 14:08:12.0398 1272 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe 14:08:12.0403 1272 wmiApSrv - ok 14:08:12.0683 1272 WMPNetworkSvc - ok 14:08:12.0721 1272 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll 14:08:12.0723 1272 WPCSvc - ok 14:08:12.0792 1272 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll 14:08:12.0794 1272 WPDBusEnum - ok 14:08:12.0947 1272 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 14:08:12.0950 1272 ws2ifsl - ok 14:08:13.0121 1272 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\System32\wscsvc.dll 14:08:13.0124 1272 wscsvc - ok 14:08:13.0127 1272 WSearch - ok 14:08:13.0250 1272 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll 14:08:13.0304 1272 wuauserv - ok 14:08:13.0614 1272 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys 14:08:13.0617 1272 WudfPf - ok 14:08:13.0692 1272 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys 14:08:13.0695 1272 WUDFRd - ok 14:08:13.0711 1272 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll 14:08:13.0713 1272 wudfsvc - ok 14:08:13.0735 1272 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll 14:08:13.0740 1272 WwanSvc - ok 14:08:13.0758 1272 MBR (0x1B8) (6c6fdff834aa5d876c307bee53974486) \Device\Harddisk0\DR0 14:08:13.0802 1272 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected 14:08:13.0802 1272 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0) 14:08:13.0840 1272 Boot (0x1200) (f475eab7444257a2dbb873425b635764) \Device\Harddisk0\DR0\Partition0 14:08:13.0842 1272 \Device\Harddisk0\DR0\Partition0 - ok 14:08:13.0849 1272 Boot (0x1200) (a939c9e728d89fc0be1b79d8e056cdb6) \Device\Harddisk0\DR0\Partition1 14:08:13.0855 1272 \Device\Harddisk0\DR0\Partition1 - ok 14:08:13.0883 1272 Boot (0x1200) (75d6b8cf0540cf8c88f190f4ab677dd2) \Device\Harddisk0\DR0\Partition2 14:08:13.0887 1272 \Device\Harddisk0\DR0\Partition2 - ok 14:08:13.0887 1272 ============================================================ 14:08:13.0887 1272 Scan finished 14:08:13.0887 1272 ============================================================ 14:08:13.0909 5424 Detected object count: 1 14:08:13.0909 5424 Actual detected object count: 1 14:08:25.0098 5424 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - skipped by user 14:08:25.0098 5424 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Skip

#6 JonTom

JonTom

    SuperHelper

  • Classroom Teacher
  • 5,410 posts

Posted 02 May 2012 - 01:07 PM

Hello Anthony Szum

Thank you for the log.

Please run TDSSKiller again and allow it to cure the infected items that it detects.

Once TDSSKiller has finished, follow immediately with Combofix:


  • Combofix


  • Download ComboFix from one of the following locations:

    Link 1
    Link 2

  • VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

  • IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here .
  • Right click on ComboFix.exe and select "Run as Administrator" to run the program. Follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • Notes: Do not mouse-click Combofix's window while it is running. That may cause it to stall.
  • Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
  • Should there be issues with internet afterward:

    In IE: Tools Menu -> Internet Options -> Connections Tab -> Lan Settings -> uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

    In Firefox: Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection and uncheck the proxyserver, set it to No Proxy.

Please post the TDSSKiller log and the Combofix log in your next reply.


#7 AnthonySzum

AnthonySzum

    Authentic Member

  • Authentic Member
  • PipPip
  • 102 posts

Posted 02 May 2012 - 03:11 PM

15:55:18.0539 3016 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18 15:55:18.0780 3016 ============================================================ 15:55:18.0780 3016 Current date / time: 2012/05/02 15:55:18.0780 15:55:18.0781 3016 SystemInfo: 15:55:18.0781 3016 15:55:18.0781 3016 OS Version: 6.1.7600 ServicePack: 0.0 15:55:18.0781 3016 Product type: Workstation 15:55:18.0781 3016 ComputerName: JUSTINE-HP 15:55:18.0781 3016 UserName: Justine 15:55:18.0781 3016 Windows directory: C:\Windows 15:55:18.0781 3016 System windows directory: C:\Windows 15:55:18.0781 3016 Running under WOW64 15:55:18.0781 3016 Processor architecture: Intel x64 15:55:18.0781 3016 Number of processors: 4 15:55:18.0781 3016 Page size: 0x1000 15:55:18.0781 3016 Boot type: Normal boot 15:55:18.0781 3016 ============================================================ 15:55:20.0313 3016 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 15:55:20.0341 3016 ============================================================ 15:55:20.0341 3016 \Device\Harddisk0\DR0: 15:55:20.0342 3016 MBR partitions: 15:55:20.0342 3016 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 15:55:20.0342 3016 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x55CDF000 15:55:20.0342 3016 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x55D11800, BlocksNum 0x1834000 15:55:20.0342 3016 ============================================================ 15:55:20.0387 3016 C: <-> \Device\Harddisk0\DR0\Partition1 15:55:20.0433 3016 D: <-> \Device\Harddisk0\DR0\Partition2 15:55:20.0433 3016 ============================================================ 15:55:20.0433 3016 Initialize success 15:55:20.0433 3016 ============================================================ 15:56:02.0745 2068 ============================================================ 15:56:02.0745 2068 Scan started 15:56:02.0745 2068 Mode: Manual; 15:56:02.0745 2068 ============================================================ 15:56:07.0504 2068 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys 15:56:07.0517 2068 1394ohci - ok 15:56:07.0561 2068 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys 15:56:07.0583 2068 ACPI - ok 15:56:07.0600 2068 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys 15:56:07.0603 2068 AcpiPmi - ok 15:56:07.0927 2068 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 15:56:07.0928 2068 AdobeARMservice - ok 15:56:08.0449 2068 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 15:56:08.0453 2068 AdobeFlashPlayerUpdateSvc - ok 15:56:08.0863 2068 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 15:56:08.0883 2068 adp94xx - ok 15:56:09.0098 2068 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 15:56:09.0110 2068 adpahci - ok 15:56:09.0144 2068 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 15:56:09.0148 2068 adpu320 - ok 15:56:09.0191 2068 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll 15:56:09.0194 2068 AeLookupSvc - ok 15:56:09.0488 2068 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys 15:56:09.0498 2068 AFD - ok 15:56:09.0550 2068 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys 15:56:09.0553 2068 agp440 - ok 15:56:09.0646 2068 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe 15:56:09.0648 2068 ALG - ok 15:56:09.0706 2068 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys 15:56:09.0756 2068 aliide - ok 15:56:10.0000 2068 AMD External Events Utility (998021e7c3de3e97e441abace498ffb6) C:\Windows\system32\atiesrxx.exe 15:56:10.0022 2068 AMD External Events Utility - ok 15:56:10.0054 2068 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys 15:56:10.0056 2068 amdide - ok 15:56:10.0151 2068 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 15:56:10.0153 2068 AmdK8 - ok 15:56:13.0515 2068 amdkmdag (250d5b746fff9b7d88591ee60b63b3e4) C:\Windows\system32\DRIVERS\atikmdag.sys 15:56:14.0300 2068 amdkmdag - ok 15:56:14.0653 2068 amdkmdap (781daec0c3e63950cca53d193582f2e8) C:\Windows\system32\DRIVERS\atikmpag.sys 15:56:14.0715 2068 amdkmdap - ok 15:56:14.0784 2068 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 15:56:14.0788 2068 AmdPPM - ok 15:56:14.0889 2068 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys 15:56:14.0891 2068 amdsata - ok 15:56:15.0269 2068 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 15:56:15.0294 2068 amdsbs - ok 15:56:15.0343 2068 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys 15:56:15.0344 2068 amdxata - ok 15:56:15.0669 2068 Amsp (1b7d1f0a0dfadbc797c16364792a7aa5) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe 15:56:15.0672 2068 Amsp - ok 15:56:15.0730 2068 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys 15:56:15.0733 2068 AppID - ok 15:56:15.0782 2068 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll 15:56:15.0784 2068 AppIDSvc - ok 15:56:15.0903 2068 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll 15:56:15.0907 2068 Appinfo - ok 15:56:15.0931 2068 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 15:56:15.0933 2068 arc - ok 15:56:15.0960 2068 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 15:56:15.0963 2068 arcsas - ok 15:56:16.0052 2068 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 15:56:16.0059 2068 AsyncMac - ok 15:56:16.0231 2068 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys 15:56:16.0244 2068 atapi - ok 15:56:16.0470 2068 AtiHDAudioService (4bf5bca6e2608cd8a00bc4a6673a9f47) C:\Windows\system32\drivers\AtihdW76.sys 15:56:16.0472 2068 AtiHDAudioService - ok 15:56:16.0537 2068 AtiHdmiService (637e0753bd6deb8ea5314a5c357ec1a0) C:\Windows\system32\drivers\AtiHdmi.sys 15:56:16.0540 2068 AtiHdmiService - ok 15:56:16.0871 2068 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll 15:56:16.0948 2068 AudioEndpointBuilder - ok 15:56:16.0958 2068 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll 15:56:16.0972 2068 AudioSrv - ok 15:56:17.0429 2068 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll 15:56:17.0433 2068 AxInstSV - ok 15:56:17.0753 2068 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 15:56:17.0775 2068 b06bdrv - ok 15:56:18.0002 2068 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 15:56:18.0008 2068 b57nd60a - ok 15:56:18.0062 2068 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll 15:56:18.0065 2068 BDESVC - ok 15:56:18.0086 2068 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 15:56:18.0094 2068 Beep - ok 15:56:18.0538 2068 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll 15:56:18.0569 2068 BFE - ok 15:56:19.0025 2068 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll 15:56:19.0111 2068 BITS - ok 15:56:19.0283 2068 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 15:56:19.0288 2068 blbdrive - ok 15:56:19.0340 2068 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys 15:56:19.0346 2068 bowser - ok 15:56:19.0381 2068 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 15:56:19.0382 2068 BrFiltLo - ok 15:56:19.0388 2068 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 15:56:19.0389 2068 BrFiltUp - ok 15:56:19.0503 2068 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll 15:56:19.0507 2068 Browser - ok 15:56:19.0524 2068 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 15:56:19.0529 2068 Brserid - ok 15:56:19.0557 2068 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 15:56:19.0559 2068 BrSerWdm - ok 15:56:19.0562 2068 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 15:56:19.0611 2068 BrUsbMdm - ok 15:56:19.0615 2068 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 15:56:19.0616 2068 BrUsbSer - ok 15:56:19.0685 2068 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 15:56:19.0687 2068 BTHMODEM - ok 15:56:19.0754 2068 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll 15:56:19.0756 2068 bthserv - ok 15:56:19.0855 2068 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 15:56:19.0864 2068 cdfs - ok 15:56:19.0981 2068 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys 15:56:19.0984 2068 cdrom - ok 15:56:20.0013 2068 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll 15:56:20.0017 2068 CertPropSvc - ok 15:56:20.0239 2068 CinemaNow Service (ea3333db9ab03106eec0d6d9d487ed01) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe 15:56:20.0242 2068 CinemaNow Service - ok 15:56:20.0250 2068 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 15:56:20.0252 2068 circlass - ok 15:56:20.0458 2068 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 15:56:20.0470 2068 CLFS - ok 15:56:20.0623 2068 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 15:56:20.0626 2068 clr_optimization_v2.0.50727_32 - ok 15:56:20.0709 2068 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 15:56:20.0711 2068 clr_optimization_v2.0.50727_64 - ok 15:56:21.0025 2068 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 15:56:21.0146 2068 clr_optimization_v4.0.30319_32 - ok 15:56:21.0444 2068 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 15:56:21.0446 2068 clr_optimization_v4.0.30319_64 - ok 15:56:21.0520 2068 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 15:56:21.0522 2068 CmBatt - ok 15:56:21.0576 2068 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys 15:56:21.0578 2068 cmdide - ok 15:56:21.0856 2068 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys 15:56:21.0881 2068 CNG - ok 15:56:21.0894 2068 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 15:56:21.0895 2068 Compbatt - ok 15:56:21.0956 2068 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys 15:56:21.0957 2068 CompositeBus - ok 15:56:21.0983 2068 COMSysApp - ok 15:56:22.0011 2068 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 15:56:22.0013 2068 crcdisk - ok 15:56:22.0178 2068 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll 15:56:22.0246 2068 CryptSvc - ok 15:56:22.0655 2068 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE 15:56:22.0662 2068 cvhsvc - ok 15:56:22.0967 2068 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll 15:56:23.0127 2068 DcomLaunch - ok 15:56:23.0355 2068 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll 15:56:23.0367 2068 defragsvc - ok 15:56:23.0583 2068 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys 15:56:23.0585 2068 DfsC - ok 15:56:23.0755 2068 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll 15:56:23.0761 2068 Dhcp - ok 15:56:23.0867 2068 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 15:56:23.0868 2068 discache - ok 15:56:23.0991 2068 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 15:56:23.0992 2068 Disk - ok 15:56:24.0072 2068 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll 15:56:24.0077 2068 Dnscache - ok 15:56:24.0199 2068 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll 15:56:24.0222 2068 dot3svc - ok 15:56:24.0550 2068 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll 15:56:24.0572 2068 DPS - ok 15:56:24.0605 2068 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 15:56:24.0607 2068 drmkaud - ok 15:56:25.0046 2068 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys 15:56:25.0133 2068 DXGKrnl - ok 15:56:25.0253 2068 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll 15:56:25.0257 2068 EapHost - ok 15:56:26.0870 2068 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 15:56:27.0045 2068 ebdrv - ok 15:56:27.0579 2068 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe 15:56:27.0639 2068 EFS - ok 15:56:27.0973 2068 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe 15:56:27.0991 2068 ehRecvr - ok 15:56:28.0104 2068 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe 15:56:28.0105 2068 ehSched - ok 15:56:28.0395 2068 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 15:56:28.0404 2068 elxstor - ok 15:56:28.0521 2068 EpsonBidirectionalService (abdd5ad016affd34ad40e944ce94bf59) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe 15:56:28.0553 2068 EpsonBidirectionalService - ok 15:56:28.0754 2068 EPSON_EB_RPCV4_01 (b5581646636759d0dafa8b008881c079) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE 15:56:28.0774 2068 EPSON_EB_RPCV4_01 - ok 15:56:28.0811 2068 EPSON_PM_RPCV4_01 (1e345f2a2d95da3190596e691cde9342) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE 15:56:28.0827 2068 EPSON_PM_RPCV4_01 - ok 15:56:28.0851 2068 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys 15:56:28.0852 2068 ErrDev - ok 15:56:28.0924 2068 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll 15:56:28.0952 2068 EventSystem - ok 15:56:29.0484 2068 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 15:56:29.0516 2068 exfat - ok 15:56:29.0559 2068 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 15:56:29.0563 2068 fastfat - ok 15:56:29.0925 2068 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe 15:56:29.0941 2068 Fax - ok 15:56:29.0988 2068 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 15:56:29.0989 2068 fdc - ok 15:56:30.0028 2068 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll 15:56:30.0031 2068 fdPHost - ok 15:56:30.0124 2068 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll 15:56:30.0128 2068 FDResPub - ok 15:56:30.0178 2068 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 15:56:30.0180 2068 FileInfo - ok 15:56:30.0193 2068 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 15:56:30.0195 2068 Filetrace - ok 15:56:30.0214 2068 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 15:56:30.0253 2068 flpydisk - ok 15:56:30.0288 2068 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys 15:56:30.0291 2068 FltMgr - ok 15:56:30.0716 2068 FontCache (97223981a9214f1b4997e9075abb6bf5) C:\Windows\system32\FntCache.dll 15:56:30.0737 2068 FontCache - ok 15:56:30.0936 2068 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 15:56:30.0939 2068 FontCache3.0.0.0 - ok 15:56:31.0257 2068 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 15:56:31.0300 2068 FsDepends - ok 15:56:31.0434 2068 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys 15:56:31.0436 2068 fssfltr - ok 15:56:31.0980 2068 fsssvc (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe 15:56:32.0103 2068 fsssvc - ok 15:56:32.0704 2068 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys 15:56:32.0705 2068 Fs_Rec - ok 15:56:32.0832 2068 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys 15:56:32.0837 2068 fvevol - ok 15:56:32.0900 2068 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 15:56:32.0902 2068 gagp30kx - ok 15:56:33.0233 2068 GameConsoleService (ce16683cfd11fe70bde435dda5ea1fca) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe 15:56:33.0280 2068 GameConsoleService - ok 15:56:33.0705 2068 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll 15:56:33.0739 2068 gpsvc - ok 15:56:33.0808 2068 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 15:56:33.0810 2068 hcw85cir - ok 15:56:33.0963 2068 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys 15:56:33.0970 2068 HdAudAddService - ok 15:56:34.0111 2068 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys 15:56:34.0125 2068 HDAudBus - ok 15:56:34.0176 2068 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys 15:56:34.0177 2068 HECIx64 - ok 15:56:34.0200 2068 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 15:56:34.0223 2068 HidBatt - ok 15:56:34.0276 2068 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 15:56:34.0278 2068 HidBth - ok 15:56:34.0308 2068 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 15:56:34.0310 2068 HidIr - ok 15:56:34.0373 2068 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll 15:56:34.0388 2068 hidserv - ok 15:56:34.0466 2068 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys 15:56:34.0468 2068 HidUsb - ok 15:56:34.0535 2068 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll 15:56:34.0538 2068 hkmsvc - ok 15:56:34.0653 2068 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll 15:56:34.0661 2068 HomeGroupListener - ok 15:56:34.0792 2068 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll 15:56:34.0810 2068 HomeGroupProvider - ok 15:56:35.0372 2068 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe 15:56:35.0374 2068 HP Support Assistant Service - ok 15:56:35.0444 2068 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe 15:56:35.0457 2068 HPDrvMntSvc.exe - ok 15:56:35.0681 2068 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe 15:56:35.0761 2068 hpqwmiex - ok 15:56:35.0980 2068 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys 15:56:35.0983 2068 HpSAMD - ok 15:56:36.0091 2068 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys 15:56:36.0107 2068 HTTP - ok 15:56:36.0135 2068 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys 15:56:36.0136 2068 hwpolicy - ok 15:56:36.0295 2068 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys 15:56:36.0298 2068 i8042prt - ok 15:56:36.0493 2068 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys 15:56:36.0497 2068 iaStor - ok 15:56:36.0667 2068 IAStorDataMgrSvc (31a0e93cdf29007d6c6fffb632f375ed) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe 15:56:36.0668 2068 IAStorDataMgrSvc - ok 15:56:36.0770 2068 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys 15:56:36.0792 2068 iaStorV - ok 15:56:37.0176 2068 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 15:56:37.0200 2068 idsvc - ok 15:56:37.0310 2068 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 15:56:37.0313 2068 iirsp - ok 15:56:37.0490 2068 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll 15:56:37.0571 2068 IKEEXT - ok 15:56:38.0340 2068 IntcAzAudAddService (2b888bbdf6962e608a5e1a1d7a626adf) C:\Windows\system32\drivers\RTKVHD64.sys 15:56:38.0360 2068 IntcAzAudAddService - ok 15:56:38.0784 2068 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys 15:56:38.0799 2068 intelide - ok 15:56:38.0888 2068 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 15:56:38.0890 2068 intelppm - ok 15:56:38.0906 2068 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll 15:56:38.0915 2068 IPBusEnum - ok 15:56:38.0924 2068 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys 15:56:38.0925 2068 IpFilterDriver - ok 15:56:39.0090 2068 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll 15:56:39.0097 2068 iphlpsvc - ok 15:56:39.0222 2068 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys 15:56:39.0225 2068 IPMIDRV - ok 15:56:39.0302 2068 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 15:56:39.0371 2068 IPNAT - ok 15:56:39.0419 2068 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 15:56:39.0422 2068 IRENUM - ok 15:56:39.0452 2068 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys 15:56:39.0454 2068 isapnp - ok 15:56:39.0550 2068 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys 15:56:39.0571 2068 iScsiPrt - ok 15:56:39.0671 2068 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys 15:56:39.0672 2068 kbdclass - ok 15:56:39.0698 2068 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys 15:56:39.0700 2068 kbdhid - ok 15:56:39.0733 2068 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe 15:56:39.0735 2068 KeyIso - ok 15:56:39.0889 2068 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys 15:56:39.0891 2068 KSecDD - ok 15:56:40.0068 2068 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys 15:56:40.0074 2068 KSecPkg - ok 15:56:40.0095 2068 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 15:56:40.0096 2068 ksthunk - ok 15:56:40.0457 2068 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll 15:56:40.0489 2068 KtmRm - ok 15:56:40.0660 2068 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\system32\srvsvc.dll 15:56:40.0667 2068 LanmanServer - ok 15:56:40.0707 2068 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll 15:56:40.0714 2068 LanmanWorkstation - ok 15:56:40.0887 2068 LightScribeService (7550d101bf49fdb1f92666a233ee36c4) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe 15:56:40.0918 2068 LightScribeService - ok 15:56:41.0055 2068 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 15:56:41.0057 2068 lltdio - ok 15:56:41.0293 2068 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll 15:56:41.0330 2068 lltdsvc - ok 15:56:41.0376 2068 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll 15:56:41.0443 2068 lmhosts - ok 15:56:41.0676 2068 LMS (e38775922d4a4c05b5d96733ab4ce169) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe 15:56:41.0689 2068 LMS - ok 15:56:41.0757 2068 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 15:56:41.0760 2068 LSI_FC - ok 15:56:41.0768 2068 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 15:56:41.0770 2068 LSI_SAS - ok 15:56:41.0837 2068 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 15:56:41.0851 2068 LSI_SAS2 - ok 15:56:41.0897 2068 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 15:56:41.0899 2068 LSI_SCSI - ok 15:56:42.0051 2068 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 15:56:42.0053 2068 luafv - ok 15:56:42.0128 2068 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys 15:56:42.0129 2068 MBAMProtector - ok 15:56:42.0652 2068 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 15:56:42.0659 2068 MBAMService - ok 15:56:43.0096 2068 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys 15:56:43.0347 2068 mcdbus - ok 15:56:43.0416 2068 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll 15:56:43.0420 2068 Mcx2Svc - ok 15:56:43.0473 2068 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 15:56:43.0488 2068 megasas - ok 15:56:43.0661 2068 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 15:56:43.0669 2068 MegaSR - ok 15:56:43.0961 2068 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe 15:56:43.0982 2068 Microsoft Office Groove Audit Service - ok 15:56:44.0046 2068 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 15:56:44.0061 2068 MMCSS - ok 15:56:44.0101 2068 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 15:56:44.0103 2068 Modem - ok 15:56:44.0206 2068 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 15:56:44.0208 2068 monitor - ok 15:56:44.0349 2068 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 15:56:44.0350 2068 mouclass - ok 15:56:44.0385 2068 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 15:56:44.0387 2068 mouhid - ok 15:56:44.0560 2068 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys 15:56:44.0562 2068 mountmgr - ok 15:56:44.0680 2068 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 15:56:44.0702 2068 MozillaMaintenance - ok 15:56:44.0752 2068 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys 15:56:44.0756 2068 mpio - ok 15:56:44.0788 2068 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 15:56:44.0790 2068 mpsdrv - ok 15:56:45.0622 2068 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll 15:56:45.0645 2068 MpsSvc - ok 15:56:45.0688 2068 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys 15:56:45.0691 2068 MRxDAV - ok 15:56:45.0721 2068 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys 15:56:45.0724 2068 mrxsmb - ok 15:56:45.0794 2068 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys 15:56:45.0801 2068 mrxsmb10 - ok 15:56:45.0986 2068 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys 15:56:45.0989 2068 mrxsmb20 - ok 15:56:46.0021 2068 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys 15:56:46.0029 2068 msahci - ok 15:56:46.0103 2068 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys 15:56:46.0118 2068 msdsm - ok 15:56:46.0228 2068 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe 15:56:46.0314 2068 MSDTC - ok 15:56:46.0407 2068 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 15:56:46.0440 2068 Msfs - ok 15:56:46.0506 2068 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 15:56:46.0540 2068 mshidkmdf - ok 15:56:46.0601 2068 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys 15:56:46.0602 2068 msisadrv - ok 15:56:46.0694 2068 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll 15:56:46.0699 2068 MSiSCSI - ok 15:56:46.0702 2068 msiserver - ok 15:56:46.0715 2068 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 15:56:46.0716 2068 MSKSSRV - ok 15:56:46.0719 2068 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 15:56:46.0721 2068 MSPCLOCK - ok 15:56:46.0726 2068 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 15:56:46.0728 2068 MSPQM - ok 15:56:46.0988 2068 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys 15:56:46.0995 2068 MsRPC - ok 15:56:47.0171 2068 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys 15:56:47.0172 2068 mssmbios - ok 15:56:47.0206 2068 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 15:56:47.0211 2068 MSTEE - ok 15:56:47.0223 2068 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 15:56:47.0225 2068 MTConfig - ok 15:56:48.0091 2068 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 15:56:48.0092 2068 Mup - ok 15:56:48.0360 2068 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll 15:56:48.0384 2068 napagent - ok 15:56:48.0531 2068 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 15:56:48.0537 2068 NativeWifiP - ok 15:56:49.0014 2068 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys 15:56:49.0083 2068 NDIS - ok 15:56:49.0420 2068 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 15:56:49.0423 2068 NdisCap - ok 15:56:49.0612 2068 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 15:56:49.0614 2068 NdisTapi - ok 15:56:49.0664 2068 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys 15:56:49.0666 2068 Ndisuio - ok 15:56:49.0943 2068 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys 15:56:49.0958 2068 NdisWan - ok 15:56:50.0004 2068 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys 15:56:50.0006 2068 NDProxy - ok 15:56:50.0045 2068 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 15:56:50.0046 2068 NetBIOS - ok 15:56:50.0314 2068 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys 15:56:50.0317 2068 NetBT - ok 15:56:50.0452 2068 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe 15:56:50.0456 2068 Netlogon - ok 15:56:50.0746 2068 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll 15:56:50.0761 2068 Netman - ok 15:56:50.0971 2068 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll 15:56:51.0013 2068 netprofm - ok 15:56:51.0577 2068 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 15:56:51.0580 2068 NetTcpPortSharing - ok 15:56:51.0675 2068 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 15:56:51.0685 2068 nfrd960 - ok 15:56:52.0138 2068 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll 15:56:52.0152 2068 NlaSvc - ok 15:56:53.0034 2068 NOBU (5839a8027d6d324a7cd494051a96628c) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe 15:56:53.0059 2068 NOBU - ok 15:56:53.0381 2068 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 15:56:53.0384 2068 Npfs - ok 15:56:53.0485 2068 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll 15:56:53.0513 2068 nsi - ok 15:56:53.0552 2068 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 15:56:53.0560 2068 nsiproxy - ok 15:56:53.0966 2068 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys 15:56:54.0023 2068 Ntfs - ok 15:56:54.0516 2068 NuidFltr (d4012918d3a3847b44b888d56bc095d6) C:\Windows\system32\DRIVERS\NuidFltr.sys 15:56:54.0531 2068 NuidFltr - ok 15:56:54.0558 2068 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 15:56:54.0560 2068 Null - ok 15:56:54.0677 2068 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys 15:56:54.0689 2068 nvraid - ok 15:56:54.0781 2068 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys 15:56:54.0798 2068 nvstor - ok 15:56:54.0877 2068 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys 15:56:54.0879 2068 nv_agp - ok 15:56:55.0434 2068 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 15:56:55.0476 2068 odserv - ok 15:56:55.0552 2068 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys 15:56:55.0611 2068 ohci1394 - ok 15:56:55.0662 2068 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 15:56:55.0666 2068 ose - ok 15:56:58.0586 2068 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 15:56:58.0848 2068 osppsvc - ok 15:56:59.0568 2068 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 15:56:59.0636 2068 p2pimsvc - ok 15:57:00.0141 2068 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll 15:57:00.0170 2068 p2psvc - ok 15:57:00.0440 2068 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 15:57:00.0442 2068 Parport - ok 15:57:00.0573 2068 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys 15:57:00.0575 2068 partmgr - ok 15:57:00.0826 2068 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll 15:57:00.0876 2068 PcaSvc - ok 15:57:01.0007 2068 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys 15:57:01.0009 2068 pci - ok 15:57:01.0244 2068 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys 15:57:01.0246 2068 pciide - ok 15:57:01.0577 2068 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 15:57:01.0591 2068 pcmcia - ok 15:57:01.0607 2068 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 15:57:01.0609 2068 pcw - ok 15:57:01.0844 2068 pdfcDispatcher - ok 15:57:02.0350 2068 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 15:57:02.0381 2068 PEAUTH - ok 15:57:02.0740 2068 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe 15:57:02.0743 2068 PerfHost - ok 15:57:03.0545 2068 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll 15:57:03.0588 2068 pla - ok 15:57:03.0990 2068 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll 15:57:04.0018 2068 PlugPlay - ok 15:57:04.0038 2068 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll 15:57:04.0051 2068 PNRPAutoReg - ok 15:57:04.0316 2068 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 15:57:04.0344 2068 PNRPsvc - ok 15:57:04.0690 2068 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll 15:57:04.0731 2068 PolicyAgent - ok 15:57:05.0034 2068 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll 15:57:05.0135 2068 Power - ok 15:57:05.0468 2068 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys 15:57:05.0477 2068 PptpMiniport - ok 15:57:05.0511 2068 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 15:57:05.0514 2068 Processor - ok 15:57:05.0663 2068 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll 15:57:05.0670 2068 ProfSvc - ok 15:57:05.0719 2068 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe 15:57:05.0722 2068 ProtectedStorage - ok 15:57:05.0839 2068 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys 15:57:05.0855 2068 Psched - ok 15:57:07.0040 2068 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 15:57:07.0082 2068 ql2300 - ok 15:57:08.0464 2068 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 15:57:08.0467 2068 ql40xx - ok 15:57:08.0583 2068 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll 15:57:08.0597 2068 QWAVE - ok 15:57:08.0647 2068 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 15:57:08.0661 2068 QWAVEdrv - ok 15:57:08.0694 2068 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 15:57:08.0695 2068 RasAcd - ok 15:57:08.0796 2068 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 15:57:08.0798 2068 RasAgileVpn - ok 15:57:08.0823 2068 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll 15:57:08.0835 2068 RasAuto - ok 15:57:08.0859 2068 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys 15:57:08.0861 2068 Rasl2tp - ok 15:57:08.0936 2068 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll 15:57:08.0942 2068 RasMan - ok 15:57:09.0064 2068 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 15:57:09.0067 2068 RasPppoe - ok 15:57:09.0205 2068 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 15:57:09.0207 2068 RasSstp - ok 15:57:09.0295 2068 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys 15:57:09.0304 2068 rdbss - ok 15:57:09.0325 2068 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 15:57:09.0326 2068 rdpbus - ok 15:57:09.0360 2068 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 15:57:09.0362 2068 RDPCDD - ok 15:57:09.0398 2068 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 15:57:09.0399 2068 RDPENCDD - ok 15:57:09.0403 2068 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 15:57:09.0404 2068 RDPREFMP - ok 15:57:09.0652 2068 RDPWD (074ac702d8b8b660b0e1371555995386) C:\Windows\system32\drivers\RDPWD.sys 15:57:09.0708 2068 RDPWD - ok 15:57:09.0929 2068 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys 15:57:09.0970 2068 rdyboost - ok 15:57:10.0085 2068 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll 15:57:10.0088 2068 RemoteAccess - ok 15:57:10.0249 2068 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll 15:57:10.0269 2068 RemoteRegistry - ok 15:57:10.0413 2068 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll 15:57:10.0418 2068 RpcEptMapper - ok 15:57:10.0433 2068 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe 15:57:10.0436 2068 RpcLocator - ok 15:57:10.0766 2068 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll 15:57:10.0871 2068 RpcSs - ok 15:57:11.0040 2068 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 15:57:11.0043 2068 rspndr - ok 15:57:11.0498 2068 RTL8167 (7ea8d2eb9bbfd2ab8a3117a1e96d3b3a) C:\Windows\system32\DRIVERS\Rt64win7.sys 15:57:11.0515 2068 RTL8167 - ok 15:57:11.0553 2068 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe 15:57:11.0564 2068 SamSs - ok 15:57:11.0696 2068 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys 15:57:11.0733 2068 sbp2port - ok 15:57:11.0921 2068 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll 15:57:11.0971 2068 SCardSvr - ok 15:57:11.0999 2068 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys 15:57:12.0001 2068 scfilter - ok 15:57:13.0150 2068 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll 15:57:13.0254 2068 Schedule - ok 15:57:13.0367 2068 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll 15:57:13.0380 2068 SCPolicySvc - ok 15:57:13.0621 2068 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll 15:57:13.0671 2068 SDRSVC - ok 15:57:13.0902 2068 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 15:57:13.0904 2068 secdrv - ok 15:57:13.0951 2068 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll 15:57:13.0974 2068 seclogon - ok 15:57:14.0054 2068 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll 15:57:14.0064 2068 SENS - ok 15:57:14.0085 2068 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll 15:57:14.0088 2068 SensrSvc - ok 15:57:14.0126 2068 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 15:57:14.0127 2068 Serenum - ok 15:57:14.0243 2068 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 15:57:14.0259 2068 Serial - ok 15:57:14.0318 2068 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 15:57:14.0319 2068 sermouse - ok 15:57:14.0494 2068 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll 15:57:14.0527 2068 SessionEnv - ok 15:57:14.0564 2068 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys 15:57:14.0569 2068 sffdisk - ok 15:57:14.0614 2068 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys 15:57:14.0616 2068 sffp_mmc - ok 15:57:14.0635 2068 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys 15:57:14.0636 2068 sffp_sd - ok 15:57:14.0730 2068 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 15:57:14.0732 2068 sfloppy - ok 15:57:15.0204 2068 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys 15:57:15.0212 2068 Sftfs - ok 15:57:16.0021 2068 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe 15:57:16.0062 2068 sftlist - ok 15:57:16.0275 2068 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys 15:57:16.0277 2068 Sftplay - ok 15:57:16.0314 2068 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys 15:57:16.0315 2068 Sftredir - ok 15:57:16.0408 2068 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys 15:57:16.0409 2068 Sftvol - ok 15:57:16.0570 2068 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe 15:57:16.0617 2068 sftvsa - ok 15:57:17.0087 2068 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll 15:57:17.0135 2068 SharedAccess - ok 15:57:17.0525 2068 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll 15:57:17.0646 2068 ShellHWDetection - ok 15:57:17.0728 2068 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 15:57:17.0731 2068 SiSRaid2 - ok 15:57:17.0821 2068 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 15:57:17.0827 2068 SiSRaid4 - ok 15:57:18.0020 2068 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 15:57:18.0128 2068 Smb - ok 15:57:18.0248 2068 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe 15:57:18.0260 2068 SNMPTRAP - ok 15:57:18.0323 2068 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 15:57:18.0324 2068 spldr - ok 15:57:18.0580 2068 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe 15:57:18.0606 2068 Spooler - ok 15:57:20.0562 2068 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe 15:57:20.0590 2068 sppsvc - ok 15:57:21.0146 2068 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll 15:57:21.0672 2068 sppuinotify - ok 15:57:21.0998 2068 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys 15:57:22.0004 2068 srv - ok 15:57:22.0046 2068 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys 15:57:22.0049 2068 srv2 - ok 15:57:22.0221 2068 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys 15:57:22.0243 2068 srvnet - ok 15:57:22.0300 2068 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll 15:57:22.0306 2068 SSDPSRV - ok 15:57:22.0356 2068 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll 15:57:22.0361 2068 SstpSvc - ok 15:57:22.0411 2068 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 15:57:22.0413 2068 stexstor - ok 15:57:22.0702 2068 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll 15:57:22.0732 2068 stisvc - ok 15:57:22.0756 2068 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys 15:57:22.0757 2068 swenum - ok 15:57:23.0260 2068 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll 15:57:23.0364 2068 swprv - ok 15:57:24.0364 2068 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll 15:57:24.0399 2068 SysMain - ok 15:57:24.0946 2068 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll 15:57:24.0951 2068 TabletInputService - ok 15:57:25.0409 2068 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll 15:57:25.0533 2068 TapiSrv - ok 15:57:25.0652 2068 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll 15:57:25.0656 2068 TBS - ok 15:57:26.0134 2068 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys 15:57:26.0191 2068 Tcpip - ok 15:57:26.0757 2068 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys 15:57:26.0770 2068 TCPIP6 - ok 15:57:27.0811 2068 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys 15:57:27.0813 2068 tcpipreg - ok 15:57:27.0835 2068 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 15:57:27.0836 2068 TDPIPE - ok 15:57:27.0861 2068 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys 15:57:27.0863 2068 TDTCP - ok 15:57:27.0996 2068 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys 15:57:28.0035 2068 tdx - ok 15:57:28.0122 2068 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys 15:57:28.0123 2068 TermDD - ok 15:57:28.0727 2068 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll 15:57:28.0756 2068 TermService - ok 15:57:28.0769 2068 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll 15:57:28.0783 2068 Themes - ok 15:57:28.0938 2068 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 15:57:28.0964 2068 THREADORDER - ok 15:57:29.0545 2068 tmactmon (e386dd8ec68c67ca3e2a3abdc1df5c56) C:\Windows\system32\DRIVERS\tmactmon.sys 15:57:29.0547 2068 tmactmon - ok 15:57:29.0923 2068 tmcomm (ab011c569487fd65c8944ddf8cbb2572) C:\Windows\system32\DRIVERS\tmcomm.sys 15:57:29.0925 2068 tmcomm - ok 15:57:29.0965 2068 tmeevw (1161f882b3cfa8076870a09924e0adc2) C:\Windows\system32\DRIVERS\tmeevw.sys 15:57:29.0967 2068 tmeevw - ok 15:57:30.0045 2068 tmevtmgr (8870a3d7305455b47adccd226f8e51bc) C:\Windows\system32\DRIVERS\tmevtmgr.sys 15:57:30.0046 2068 tmevtmgr - ok 15:57:30.0354 2068 tmnciesc (f0ae672ee91e7f1ef24644621b57ca7f) C:\Windows\system32\DRIVERS\tmnciesc.sys 15:57:30.0357 2068 tmnciesc - ok 15:57:30.0479 2068 tmtdi (065cb7d9278d778fb9ef62cead01433f) C:\Windows\system32\DRIVERS\tmtdi.sys 15:57:30.0480 2068 tmtdi - ok 15:57:30.0648 2068 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll 15:57:30.0655 2068 TrkWks - ok 15:57:30.0810 2068 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe 15:57:30.0813 2068 TrustedInstaller - ok 15:57:30.0864 2068 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys 15:57:30.0918 2068 tssecsrv - ok 15:57:31.0118 2068 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys 15:57:31.0177 2068 tunnel - ok 15:57:31.0304 2068 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 15:57:31.0307 2068 uagp35 - ok 15:57:31.0599 2068 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys 15:57:31.0621 2068 udfs - ok 15:57:31.0672 2068 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe 15:57:31.0703 2068 UI0Detect - ok 15:57:31.0792 2068 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys 15:57:31.0794 2068 uliagpkx - ok 15:57:31.0849 2068 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys 15:57:31.0851 2068 umbus - ok 15:57:31.0886 2068 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 15:57:31.0888 2068 UmPass - ok 15:57:34.0357 2068 UNS (02c298382359653bec4c737c2ab7f9c5) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe 15:57:34.0376 2068 UNS - ok 15:57:35.0918 2068 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll 15:57:35.0952 2068 upnphost - ok 15:57:36.0192 2068 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys 15:57:36.0217 2068 usbccgp - ok 15:57:36.0347 2068 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys 15:57:36.0354 2068 usbcir - ok 15:57:36.0483 2068 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\drivers\usbehci.sys 15:57:36.0486 2068 usbehci - ok 15:57:36.0548 2068 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys 15:57:36.0554 2068 usbhub - ok 15:57:36.0591 2068 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys 15:57:36.0593 2068 usbohci - ok 15:57:36.0643 2068 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 15:57:36.0644 2068 usbprint - ok 15:57:36.0770 2068 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys 15:57:36.0775 2068 usbscan - ok 15:57:36.0830 2068 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS 15:57:36.0832 2068 USBSTOR - ok 15:57:36.0950 2068 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys 15:57:36.0952 2068 usbuhci - ok 15:57:37.0084 2068 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll 15:57:37.0110 2068 UxSms - ok 15:57:37.0162 2068 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe 15:57:37.0184 2068 VaultSvc - ok 15:57:37.0284 2068 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys 15:57:37.0286 2068 vdrvroot - ok 15:57:38.0043 2068 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe 15:57:38.0099 2068 vds - ok 15:57:38.0168 2068 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 15:57:38.0170 2068 vga - ok 15:57:38.0216 2068 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 15:57:38.0224 2068 VgaSave - ok 15:57:38.0335 2068 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys 15:57:38.0338 2068 vhdmp - ok 15:57:38.0374 2068 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys 15:57:38.0376 2068 viaide - ok 15:57:38.0438 2068 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys 15:57:38.0493 2068 volmgr - ok 15:57:38.0629 2068 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys 15:57:38.0644 2068 volmgrx - ok 15:57:38.0831 2068 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys 15:57:38.0852 2068 volsnap - ok 15:57:39.0337 2068 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 15:57:39.0340 2068 vsmraid - ok 15:57:39.0945 2068 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe 15:57:40.0019 2068 VSS - ok 15:57:40.0613 2068 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys 15:57:40.0620 2068 vwifibus - ok 15:57:41.0173 2068 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll 15:57:41.0327 2068 W32Time - ok 15:57:41.0431 2068 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 15:57:41.0432 2068 WacomPen - ok 15:57:41.0614 2068 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys 15:57:41.0620 2068 WANARP - ok 15:57:41.0624 2068 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys 15:57:41.0626 2068 Wanarpv6 - ok 15:57:44.0445 2068 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe 15:57:44.0502 2068 WatAdminSvc - ok 15:57:45.0178 2068 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe 15:57:45.0242 2068 wbengine - ok 15:57:46.0311 2068 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll 15:57:46.0350 2068 WbioSrvc - ok 15:57:46.0738 2068 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll 15:57:46.0771 2068 wcncsvc - ok 15:57:46.0819 2068 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll 15:57:46.0847 2068 WcsPlugInService - ok 15:57:47.0181 2068 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 15:57:47.0289 2068 Wd - ok 15:57:47.0776 2068 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 15:57:47.0900 2068 Wdf01000 - ok 15:57:48.0069 2068 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 15:57:48.0185 2068 WdiServiceHost - ok 15:57:48.0188 2068 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 15:57:48.0194 2068 WdiSystemHost - ok 15:57:48.0669 2068 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll 15:57:48.0743 2068 WebClient - ok 15:57:49.0171 2068 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll 15:57:49.0200 2068 Wecsvc - ok 15:57:49.0552 2068 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll 15:57:49.0585 2068 wercplsupport - ok 15:57:49.0930 2068 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll 15:57:50.0005 2068 WerSvc - ok 15:57:50.0396 2068 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 15:57:50.0397 2068 WfpLwf - ok 15:57:50.0498 2068 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 15:57:50.0505 2068 WIMMount - ok 15:57:50.0546 2068 WinDefend - ok 15:57:50.0549 2068 WinHttpAutoProxySvc - ok 15:57:50.0945 2068 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll 15:57:50.0960 2068 Winmgmt - ok 15:57:52.0483 2068 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll 15:57:52.0518 2068 WinRM - ok 15:57:54.0169 2068 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll 15:57:54.0228 2068 Wlansvc - ok 15:57:54.0411 2068 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe 15:57:54.0415 2068 wlcrasvc - ok 15:57:55.0882 2068 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 15:57:55.0907 2068 wlidsvc - ok 15:57:56.0304 2068 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys 15:57:56.0305 2068 WmiAcpi - ok 15:57:56.0491 2068 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe 15:57:56.0505 2068 wmiApSrv - ok 15:57:56.0576 2068 WMPNetworkSvc - ok 15:57:56.0680 2068 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll 15:57:56.0696 2068 WPCSvc - ok 15:57:56.0714 2068 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll 15:57:56.0718 2068 WPDBusEnum - ok 15:57:56.0763 2068 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 15:57:56.0813 2068 ws2ifsl - ok 15:57:56.0892 2068 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\System32\wscsvc.dll 15:57:56.0898 2068 wscsvc - ok 15:57:56.0901 2068 WSearch - ok 15:57:58.0164 2068 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll 15:57:58.0228 2068 wuauserv - ok 15:58:00.0066 2068 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys 15:58:00.0069 2068 WudfPf - ok 15:58:00.0120 2068 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys 15:58:00.0124 2068 WUDFRd - ok 15:58:00.0239 2068 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll 15:58:00.0244 2068 wudfsvc - ok 15:58:00.0572 2068 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll 15:58:00.0590 2068 WwanSvc - ok 15:58:00.0609 2068 MBR (0x1B8) (6c6fdff834aa5d876c307bee53974486) \Device\Harddisk0\DR0 15:58:00.0636 2068 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected 15:58:00.0636 2068 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0) 15:58:00.0675 2068 Boot (0x1200) (f475eab7444257a2dbb873425b635764) \Device\Harddisk0\DR0\Partition0 15:58:00.0677 2068 \Device\Harddisk0\DR0\Partition0 - ok 15:58:00.0750 2068 Boot (0x1200) (a939c9e728d89fc0be1b79d8e056cdb6) \Device\Harddisk0\DR0\Partition1 15:58:00.0754 2068 \Device\Harddisk0\DR0\Partition1 - ok 15:58:00.0785 2068 Boot (0x1200) (75d6b8cf0540cf8c88f190f4ab677dd2) \Device\Harddisk0\DR0\Partition2 15:58:00.0792 2068 \Device\Harddisk0\DR0\Partition2 - ok 15:58:00.0792 2068 ============================================================ 15:58:00.0792 2068 Scan finished 15:58:00.0792 2068 ============================================================ 15:58:00.0802 5324 Detected object count: 1 15:58:00.0802 5324 Actual detected object count: 1 15:58:15.0860 5324 \Device\Harddisk0\DR0\# - copied to quarantine 15:58:15.0867 5324 \Device\Harddisk0\DR0 - copied to quarantine 15:58:18.0823 5324 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine 15:58:29.0403 5324 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine 15:58:30.0663 5324 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine 15:58:33.0878 5324 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine 15:58:34.0019 5324 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine 15:58:34.0056 5324 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine 15:58:34.0064 5324 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine 15:58:34.0488 5324 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine 15:58:42.0102 5324 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine 15:58:46.0905 5324 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine 15:58:48.0322 5324 \Device\Harddisk0\DR0\TDLFS\xh.dll - copied to quarantine 15:58:52.0883 5324 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot 15:58:52.0884 5324 \Device\Harddisk0\DR0 - ok 15:58:54.0983 5324 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure 15:59:48.0011 2392 Deinitialize success ComboFix 12-05-02.03 - Justine 05/02/2012 16:24:45.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8151.5552 [GMT -4:00] Running from: c:\users\Justine\Desktop\ComboFix.exe AV: Trend Micro Titanium Internet Security 2012 *Disabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92} SP: Trend Micro Titanium Internet Security 2012 *Disabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Justine\AppData\Roaming\Mozilla\Firefox\Profiles\o9uwaajs.default\searchplugins\bing-zugo.xml c:\users\Justine\Documents\~WRL0003.tmp c:\users\Justine\Documents\~WRL0097.tmp c:\users\Justine\Documents\~WRL0227.tmp c:\windows\Downloaded Program Files\Install.inf c:\windows\svchost.exe . . ((((((((((((((((((((((((( Files Created from 2012-04-02 to 2012-05-02 ))))))))))))))))))))))))))))))) . . 2012-05-02 20:28 . 2012-05-02 20:28 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-05-02 19:58 . 2012-05-02 19:58 -------- d-----w- C:\TDSSKiller_Quarantine 2012-05-02 18:04 . 2012-05-02 18:04 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service 2012-05-02 18:04 . 2012-05-02 18:04 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe 2012-05-02 18:04 . 2012-05-02 18:04 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe 2012-04-30 18:14 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-04-30 18:14 . 2012-04-30 18:14 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-04-29 17:22 . 2012-04-29 17:22 -------- d-----w- C:\temp 2012-04-28 19:03 . 2012-04-28 19:03 -------- d-----w- c:\users\Justine\AppData\Local\Trend Micro 2012-04-28 19:03 . 2012-04-28 19:00 67344 ----a-w- c:\windows\system32\drivers\tmeevw.sys 2012-04-28 19:03 . 2012-04-28 19:00 210704 ----a-w- c:\windows\system32\drivers\tmnciesc.sys 2012-04-28 19:02 . 2012-04-28 19:00 105744 ----a-w- c:\windows\system32\drivers\tmtdi.sys 2012-04-28 19:02 . 2012-04-28 19:00 91920 ----a-w- c:\windows\system32\drivers\tmactmon.sys 2012-04-28 19:02 . 2012-04-28 19:00 70928 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys 2012-04-28 19:02 . 2012-04-28 19:00 167696 ----a-w- c:\windows\system32\drivers\tmcomm.sys 2012-04-28 19:02 . 2012-04-28 19:02 56 ----a-w- c:\windows\system32\SupportTool.exe.bat 2012-04-28 19:02 . 2012-04-28 19:02 -------- d-----w- c:\program files\Trend Micro 2012-04-28 19:01 . 2012-04-28 19:03 -------- d-----w- c:\programdata\Trend Micro 2012-04-28 18:50 . 2012-04-29 17:10 -------- d-----w- c:\program files (x86)\Trend Micro 2012-04-28 18:43 . 2012-04-28 18:43 -------- d-----w- c:\users\Justine\AppData\Local\CRE 2012-04-28 18:43 . 2012-04-28 18:43 -------- d-----w- c:\program files (x86)\Conduit 2012-04-28 18:43 . 2012-04-28 18:45 -------- d-----w- c:\users\Justine\AppData\Local\Conduit 2012-04-28 18:43 . 2012-04-28 18:43 -------- d-----w- c:\program files (x86)\BitTorrent 2012-04-28 18:42 . 2012-05-02 20:45 -------- d-----w- c:\users\Justine\AppData\Roaming\BitTorrent 2012-04-28 18:15 . 2012-04-28 18:15 -------- d-----w- c:\windows\system32\Macromed 2012-04-28 18:15 . 2012-04-28 18:15 8766112 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2012-04-28 16:28 . 2012-04-28 16:28 -------- d-----w- c:\program files (x86)\ESET 2012-04-28 16:25 . 2012-04-28 18:15 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-04-28 16:12 . 2012-04-28 16:12 -------- d-----w- c:\users\Justine\AppData\Roaming\Malwarebytes 2012-04-28 16:12 . 2012-04-28 16:12 -------- d-----w- c:\programdata\Malwarebytes 2012-04-28 16:08 . 2012-04-28 16:08 -------- d-----w- c:\program files\CCleaner 2012-04-28 16:02 . 2012-04-28 16:02 -------- d-----w- C:\AI_RecycleBin 2012-04-27 09:57 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DA4F9BA7-E82E-4EDF-B39D-910B08177823}\mpengine.dll 2012-04-25 03:21 . 2012-04-28 16:02 -------- d-sh--w- c:\windows\SysWow64\AI_RecycleBin 2012-04-25 03:18 . 2012-04-25 03:18 237 ----a-w- C:\user.js 2012-04-25 03:17 . 2012-04-25 03:17 -------- d-----w- c:\users\Justine\AppData\Local\Babylon 2012-04-25 03:17 . 2012-04-25 03:17 -------- d-----w- c:\users\Justine\AppData\Roaming\Babylon 2012-04-25 03:17 . 2012-04-25 03:17 -------- d-----w- c:\programdata\Babylon 2012-04-25 03:17 . 2012-04-28 15:58 -------- d-----w- c:\program files (x86)\Wajam 2012-04-25 03:17 . 2012-04-28 15:59 -------- d-----w- c:\programdata\Tarma Installer 2012-04-15 07:00 . 2012-03-01 06:54 22896 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2012-04-15 07:00 . 2012-03-01 06:45 220672 ----a-w- c:\windows\system32\wintrust.dll 2012-04-15 07:00 . 2012-03-01 06:40 80896 ----a-w- c:\windows\system32\imagehlp.dll 2012-04-15 07:00 . 2012-03-01 06:35 5120 ----a-w- c:\windows\system32\wmi.dll 2012-04-15 07:00 . 2012-03-01 05:49 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-04-15 07:00 . 2012-03-01 05:45 158720 ----a-w- c:\windows\SysWow64\imagehlp.dll 2012-04-15 07:00 . 2012-03-01 05:40 5120 ----a-w- c:\windows\SysWow64\wmi.dll 2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-04-28 18:15 . 2011-09-05 03:49 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-03-01 08:08 . 2012-03-01 08:08 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2012-03-01 08:08 . 2012-03-01 08:08 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2012-03-01 08:08 . 2012-03-01 08:08 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll 2012-03-01 08:08 . 2012-03-01 08:08 85504 ----a-w- c:\windows\system32\iesetup.dll 2012-03-01 08:08 . 2012-03-01 08:08 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2012-03-01 08:08 . 2012-03-01 08:08 76800 ----a-w- c:\windows\system32\tdc.ocx 2012-03-01 08:08 . 2012-03-01 08:08 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe 2012-03-01 08:08 . 2012-03-01 08:08 74752 ----a-w- c:\windows\SysWow64\iesetup.dll 2012-03-01 08:08 . 2012-03-01 08:08 63488 ----a-w- c:\windows\SysWow64\tdc.ocx 2012-03-01 08:08 . 2012-03-01 08:08 603648 ----a-w- c:\windows\system32\vbscript.dll 2012-03-01 08:08 . 2012-03-01 08:08 49664 ----a-w- c:\windows\system32\imgutil.dll 2012-03-01 08:08 . 2012-03-01 08:08 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2012-03-01 08:08 . 2012-03-01 08:08 48640 ----a-w- c:\windows\system32\mshtmler.dll 2012-03-01 08:08 . 2012-03-01 08:08 448512 ----a-w- c:\windows\system32\html.iec 2012-03-01 08:08 . 2012-03-01 08:08 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2012-03-01 08:08 . 2012-03-01 08:08 367104 ----a-w- c:\windows\SysWow64\html.iec 2012-03-01 08:08 . 2012-03-01 08:08 35840 ----a-w- c:\windows\SysWow64\imgutil.dll 2012-03-01 08:08 . 2012-03-01 08:08 30720 ----a-w- c:\windows\system32\licmgr10.dll 2012-03-01 08:08 . 2012-03-01 08:08 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll 2012-03-01 08:08 . 2012-03-01 08:08 222208 ----a-w- c:\windows\system32\msls31.dll 2012-03-01 08:08 . 2012-03-01 08:08 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2012-03-01 08:08 . 2012-03-01 08:08 165888 ----a-w- c:\windows\system32\iexpress.exe 2012-03-01 08:08 . 2012-03-01 08:08 161792 ----a-w- c:\windows\SysWow64\msls31.dll 2012-03-01 08:08 . 2012-03-01 08:08 160256 ----a-w- c:\windows\system32\wextract.exe 2012-03-01 08:08 . 2012-03-01 08:08 152064 ----a-w- c:\windows\SysWow64\wextract.exe 2012-03-01 08:08 . 2012-03-01 08:08 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2012-03-01 08:08 . 2012-03-01 08:08 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2012-03-01 08:08 . 2012-03-01 08:08 135168 ----a-w- c:\windows\system32\IEAdvpack.dll 2012-03-01 08:08 . 2012-03-01 08:08 12288 ----a-w- c:\windows\system32\mshta.exe 2012-03-01 08:08 . 2012-03-01 08:08 11776 ----a-w- c:\windows\SysWow64\mshta.exe 2012-03-01 08:08 . 2012-03-01 08:08 114176 ----a-w- c:\windows\system32\admparse.dll 2012-03-01 08:08 . 2012-03-01 08:08 111616 ----a-w- c:\windows\system32\iesysprep.dll 2012-03-01 08:08 . 2012-03-01 08:08 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2012-03-01 08:08 . 2012-03-01 08:08 101888 ----a-w- c:\windows\SysWow64\admparse.dll 2012-02-23 14:18 . 2012-01-21 17:03 279656 ------w- c:\windows\system32\MpSigStub.exe 2012-02-15 06:27 . 2012-03-14 10:14 1031680 ----a-w- c:\windows\system32\rdpcore.dll 2012-02-15 05:44 . 2012-03-14 10:14 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll 2012-02-15 04:47 . 2012-03-14 10:14 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-02-15 04:46 . 2012-03-14 10:14 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys 2012-02-10 06:24 . 2012-03-14 10:16 1544192 ----a-w- c:\windows\system32\DWrite.dll 2012-02-10 06:23 . 2012-03-14 10:16 1837568 ----a-w- c:\windows\system32\d3d10warp.dll 2012-02-10 06:23 . 2012-03-14 10:16 902656 ----a-w- c:\windows\system32\d2d1.dll 2012-02-10 06:23 . 2012-03-14 10:16 320512 ----a-w- c:\windows\system32\d3d10_1core.dll 2012-02-10 06:23 . 2012-03-14 10:16 197120 ----a-w- c:\windows\system32\d3d10_1.dll 2012-02-10 05:35 . 2012-03-14 10:16 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll 2012-02-10 05:35 . 2012-03-14 10:16 739840 ----a-w- c:\windows\SysWow64\d2d1.dll 2012-02-10 05:35 . 2012-03-14 10:16 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll 2012-02-10 05:35 . 2012-03-14 10:16 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll 2012-02-10 05:35 . 2012-03-14 10:16 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll 2012-02-07 15:02 . 2012-02-07 15:02 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX 2012-02-03 04:16 . 2012-03-14 10:16 3143168 ----a-w- c:\windows\system32\win32k.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HPAdvisorDock"="c:\program files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe" [2010-09-28 1715768] "Ncr3"="c:\program files (x86)\Panasonic\Ncr3\ncrcore3.exe" [2008-11-29 1634304] "Aim"="c:\program files (x86)\AIM\aim.exe" [2011-05-03 4321112] "BitTorrent"="c:\program files (x86)\BitTorrent\BitTorrent.exe" [2012-04-28 6379888] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2009-10-14 563736] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-18 98304] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928] "Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-12 288088] "EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2010-6-17 1040952] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-28 253088] R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x] R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-02 129976] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S1 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x] S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-06-13 400368] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408] S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x] S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2009-10-14 635416] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2320920] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] S3 tmeevw;tmeevw;c:\windows\system32\DRIVERS\tmeevw.sys [x] S3 tmnciesc;tmnciesc;c:\windows\system32\DRIVERS\tmnciesc.sys [x] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . Contents of the 'Scheduled Tasks' folder . 2012-05-02 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-28 18:15] . 2012-04-28 c:\windows\Tasks\HPCeeScheduleForJustine.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768] "SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-18 568888] "Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2012-02-27 1304792] "Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2012-02-27 213824] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Justine\AppData\Roaming\Mozilla\Firefox\Profiles\o9uwaajs.default\ FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=20110830011347617&tb_oid=05-09-2011&tb_mrud=05-09-2011 FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=2&q= FF - prefs.js: network.proxy.type - 0 FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar_i.id - 3af8e9670000000000006c626d601189 FF - user.js: extensions.BabylonToolbar_i.hardId - 3af8e9670000000000006c626d601189 FF - user.js: extensions.BabylonToolbar_i.instlDay - 15455 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1723:18 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar_i.tlbrId - base FF - user.js: extensions.BabylonToolbar_i.instlRef - sst , none); FF - user.js: extensions.BabylonToolbar_i.tlbrId - base FF - user.js: extensions.BabylonToolbar_i.instlRef - sst . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file) Wow6432Node-HKU-Default-Run-dplaysvr - c:\windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe AddRemove-PDF Reader - c:\program files (x86)\PDFReader\Uninstall\Uninstall.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher] "ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-570134600-2935155297-4020614257-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-570134600-2935155297-4020614257-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe c:\program files (x86)\Panasonic\Ncr3\Ncrwd.exe c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe . ************************************************************************** . Completion time: 2012-05-02 16:48:14 - machine was rebooted ComboFix-quarantined-files.txt 2012-05-02 20:48 . Pre-Run: 604,869,705,728 bytes free Post-Run: 606,953,779,200 bytes free . - - End Of File - - 6AA64E7DED1B427709C05F1F5D300D82

#8 JonTom

JonTom

    SuperHelper

  • Classroom Teacher
  • 5,410 posts

Posted 03 May 2012 - 04:40 AM

Hello Anthony Szum

Thank you for the log.

If you use this machine for any kind of financial transactions, please use an uninfected system to change all of your passwords as soon as you can.


  • Please work through the following steps


    • Hold down the Windows key (has the Windows symbol on it) and press the "R" key. A Run box will open. Type in Notepad and press Enter then click on "OK").
    • NOTE: Do not Use Wordpad or any other text editor except Notepad or the script will fail.
    • Copy and Paste the text in the quotebox below into the open Notepad window:

      Firefox::
      FF - ProfilePath - c:\users\Justine\AppData\Roaming\Mozilla\Firefox\Profiles\o9uwaajs.default\
      FF - user.js: extensions.BabylonToolbar_i.babExt -
      FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
      FF - user.js: extensions.BabylonToolbar_i.id - 3af8e9670000000000006c626d601189
      FF - user.js: extensions.BabylonToolbar_i.hardId - 3af8e9670000000000006c626d601189
      FF - user.js: extensions.BabylonToolbar_i.instlDay - 15455
      FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
      FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
      FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1723:18
      FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
      FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
      FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
      FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
      FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
      FF - user.js: extensions.BabylonToolbar_i.instlRef - sst, none);
      FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
      FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

      Folder::
      c:\users\Justine\AppData\Local\Babylon
      c:\users\Justine\AppData\Roaming\Babylon
      c:\programdata\Babylon

    • Save this as "CFScript.txt" (including the quotation marks), change the "Save as type" to "All Files" and save it to your desktop.
    • Close any open browsers.
    • Disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Refering to the picture below, drag CFScript.txt into ComboFix.exe

      Posted Image
    • When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
    • Once the log is produced, re-engage your resident anti virus.

  • MalwareBytes AntiMalware:


    • I can see that you have MBAM installed.
    • Double click on your MalwareBytes AntiMalware icon to launch the program.
    • Click on the "Update" tab and then on "Check for Updates".
    • The program will now install the latest Malware definition files.
    • Once complete, click on the "Scanner" tab, select "Perform Quick Scan"and then click on "Scan".
    • Once the program has scanned your computer, a log file will be created in Notepad.
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.


    • If the scan detects any Malware-related objects, make sure that everything is checked, and click "Remove Selected" <– Very Important.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to restart your computer.
    • The log is automatically saved by MBAM and can be viewed by clicking the "Logs" tab.
    • Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart your computer, please do so immediately.
    • Come back here to this thread and Paste the log in your next reply.

    Please post the Combofix log and the MBAM log in your next reply.


#9 AnthonySzum

AnthonySzum

    Authentic Member

  • Authentic Member
  • PipPip
  • 102 posts

Posted 05 May 2012 - 12:52 PM

ComboFix 12-05-02.03 - Justine 05/05/2012 14:26:21.2.4 - x64 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8151.6577 [GMT -4:00] Running from: c:\users\Justine\Desktop\ComboFix.exe Command switches used :: c:\users\Justine\Desktop\CFScript.txt AV: Trend Micro Titanium Internet Security 2012 *Disabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92} SP: Trend Micro Titanium Internet Security 2012 *Disabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\Babylon c:\users\Justine\AppData\Local\Babylon c:\users\Justine\AppData\Local\Babylon\Setup\bab033.tbinst.dat c:\users\Justine\AppData\Local\Babylon\Setup\bab091.norecovericon.dat c:\users\Justine\AppData\Local\Babylon\Setup\Babylon.dat c:\users\Justine\AppData\Local\Babylon\Setup\BExternal.dll c:\users\Justine\AppData\Local\Babylon\Setup\HtmlScreens\blueStar.png c:\users\Justine\AppData\Local\Babylon\Setup\HtmlScreens\eula.html c:\users\Justine\AppData\Local\Babylon\Setup\HtmlScreens\globe.png c:\users\Justine\AppData\Local\Babylon\Setup\HtmlScreens\options.js c:\users\Justine\AppData\Local\Babylon\Setup\HtmlScreens\page0.html c:\users\Justine\AppData\Local\Babylon\Setup\HtmlScreens\page2.css c:\users\Justine\AppData\Local\Babylon\Setup\HtmlScreens\page2.html c:\users\Justine\AppData\Local\Babylon\Setup\HtmlScreens\page2Lrg.css c:\users\Justine\AppData\Local\Babylon\Setup\HtmlScreens\page3.css c:\users\Justine\AppData\Local\Babylon\Setup\HtmlScreens\page3.html c:\users\Justine\AppData\Local\Babylon\Setup\HtmlScreens\page3Lrg.css c:\users\Justine\AppData\Local\Babylon\Setup\HtmlScreens\pBar.gif c:\users\Justine\AppData\Local\Babylon\Setup\HtmlScreens\progress.png c:\users\Justine\AppData\Local\Babylon\Setup\HtmlScreens\setup.js c:\users\Justine\AppData\Local\Babylon\Setup\HtmlScreens\title.png c:\users\Justine\AppData\Local\Babylon\Setup\HtmlScreens\toolBar.jpg c:\users\Justine\AppData\Local\Babylon\Setup\IECookieLow.dll c:\users\Justine\AppData\Local\Babylon\Setup\Setup-latest-30b.zpb c:\users\Justine\AppData\Local\Babylon\Setup\Setup-tbmntr903.zpb c:\users\Justine\AppData\Local\Babylon\Setup\Setup.exe c:\users\Justine\AppData\Local\Babylon\Setup\SetupStrings.dat c:\users\Justine\AppData\Local\Babylon\Setup\sign c:\users\Justine\AppData\Local\Babylon\Setup\sqlite3.dll c:\users\Justine\AppData\Roaming\Babylon c:\users\Justine\AppData\Roaming\Babylon\log_file.txt . . ((((((((((((((((((((((((( Files Created from 2012-04-05 to 2012-05-05 ))))))))))))))))))))))))))))))) . . 2012-05-05 18:30 . 2012-05-05 18:30 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-05-03 07:00 . 2012-03-06 06:43 5504880 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-05-03 07:00 . 2012-03-06 05:59 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-05-03 07:00 . 2012-03-06 05:59 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2012-05-02 19:58 . 2012-05-02 19:58 -------- d-----w- C:\TDSSKiller_Quarantine 2012-05-02 18:04 . 2012-05-02 18:04 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service 2012-05-02 18:04 . 2012-05-02 18:04 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe 2012-05-02 18:04 . 2012-05-02 18:04 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe 2012-04-30 18:14 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-04-30 18:14 . 2012-04-30 18:14 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-04-29 17:22 . 2012-04-29 17:22 -------- d-----w- C:\temp 2012-04-28 19:03 . 2012-04-28 19:03 -------- d-----w- c:\users\Justine\AppData\Local\Trend Micro 2012-04-28 19:03 . 2012-04-28 19:00 67344 ----a-w- c:\windows\system32\drivers\tmeevw.sys 2012-04-28 19:03 . 2012-04-28 19:00 210704 ----a-w- c:\windows\system32\drivers\tmnciesc.sys 2012-04-28 19:02 . 2012-04-28 19:00 105744 ----a-w- c:\windows\system32\drivers\tmtdi.sys 2012-04-28 19:02 . 2012-04-28 19:00 91920 ----a-w- c:\windows\system32\drivers\tmactmon.sys 2012-04-28 19:02 . 2012-04-28 19:00 70928 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys 2012-04-28 19:02 . 2012-04-28 19:00 167696 ----a-w- c:\windows\system32\drivers\tmcomm.sys 2012-04-28 19:02 . 2012-04-28 19:02 56 ----a-w- c:\windows\system32\SupportTool.exe.bat 2012-04-28 19:02 . 2012-04-28 19:02 -------- d-----w- c:\program files\Trend Micro 2012-04-28 19:01 . 2012-04-28 19:03 -------- d-----w- c:\programdata\Trend Micro 2012-04-28 18:50 . 2012-04-29 17:10 -------- d-----w- c:\program files (x86)\Trend Micro 2012-04-28 18:43 . 2012-04-28 18:43 -------- d-----w- c:\users\Justine\AppData\Local\CRE 2012-04-28 18:43 . 2012-04-28 18:43 -------- d-----w- c:\program files (x86)\Conduit 2012-04-28 18:43 . 2012-04-28 18:45 -------- d-----w- c:\users\Justine\AppData\Local\Conduit 2012-04-28 18:43 . 2012-04-28 18:43 -------- d-----w- c:\program files (x86)\BitTorrent 2012-04-28 18:42 . 2012-05-05 18:32 -------- d-----w- c:\users\Justine\AppData\Roaming\BitTorrent 2012-04-28 18:15 . 2012-04-28 18:15 -------- d-----w- c:\windows\system32\Macromed 2012-04-28 18:15 . 2012-05-05 07:15 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2012-04-28 16:28 . 2012-04-28 16:28 -------- d-----w- c:\program files (x86)\ESET 2012-04-28 16:25 . 2012-05-05 07:15 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-04-28 16:12 . 2012-04-28 16:12 -------- d-----w- c:\users\Justine\AppData\Roaming\Malwarebytes 2012-04-28 16:12 . 2012-04-28 16:12 -------- d-----w- c:\programdata\Malwarebytes 2012-04-28 16:08 . 2012-04-28 16:08 -------- d-----w- c:\program files\CCleaner 2012-04-28 16:02 . 2012-04-28 16:02 -------- d-----w- C:\AI_RecycleBin 2012-04-27 09:57 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DA4F9BA7-E82E-4EDF-B39D-910B08177823}\mpengine.dll 2012-04-25 03:21 . 2012-04-28 16:02 -------- d-sh--w- c:\windows\SysWow64\AI_RecycleBin 2012-04-25 03:18 . 2012-04-25 03:18 237 ----a-w- C:\user.js 2012-04-25 03:17 . 2012-04-28 15:58 -------- d-----w- c:\program files (x86)\Wajam 2012-04-25 03:17 . 2012-04-28 15:59 -------- d-----w- c:\programdata\Tarma Installer 2012-04-15 07:00 . 2012-03-01 06:54 22896 ----a-w- c:\windows\system32\drivers\fs_rec.sys 2012-04-15 07:00 . 2012-03-01 06:45 220672 ----a-w- c:\windows\system32\wintrust.dll 2012-04-15 07:00 . 2012-03-01 06:40 80896 ----a-w- c:\windows\system32\imagehlp.dll 2012-04-15 07:00 . 2012-03-01 06:35 5120 ----a-w- c:\windows\system32\wmi.dll 2012-04-15 07:00 . 2012-03-01 05:49 172544 ----a-w- c:\windows\SysWow64\wintrust.dll 2012-04-15 07:00 . 2012-03-01 05:45 158720 ----a-w- c:\windows\SysWow64\imagehlp.dll 2012-04-15 07:00 . 2012-03-01 05:40 5120 ----a-w- c:\windows\SysWow64\wmi.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-05-05 07:15 . 2011-09-05 03:49 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-03-01 08:08 . 2012-03-01 08:08 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2012-03-01 08:08 . 2012-03-01 08:08 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2012-03-01 08:08 . 2012-03-01 08:08 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll 2012-03-01 08:08 . 2012-03-01 08:08 85504 ----a-w- c:\windows\system32\iesetup.dll 2012-03-01 08:08 . 2012-03-01 08:08 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2012-03-01 08:08 . 2012-03-01 08:08 76800 ----a-w- c:\windows\system32\tdc.ocx 2012-03-01 08:08 . 2012-03-01 08:08 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe 2012-03-01 08:08 . 2012-03-01 08:08 74752 ----a-w- c:\windows\SysWow64\iesetup.dll 2012-03-01 08:08 . 2012-03-01 08:08 63488 ----a-w- c:\windows\SysWow64\tdc.ocx 2012-03-01 08:08 . 2012-03-01 08:08 603648 ----a-w- c:\windows\system32\vbscript.dll 2012-03-01 08:08 . 2012-03-01 08:08 49664 ----a-w- c:\windows\system32\imgutil.dll 2012-03-01 08:08 . 2012-03-01 08:08 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2012-03-01 08:08 . 2012-03-01 08:08 48640 ----a-w- c:\windows\system32\mshtmler.dll 2012-03-01 08:08 . 2012-03-01 08:08 448512 ----a-w- c:\windows\system32\html.iec 2012-03-01 08:08 . 2012-03-01 08:08 420864 ----a-w- c:\windows\SysWow64\vbscript.dll 2012-03-01 08:08 . 2012-03-01 08:08 367104 ----a-w- c:\windows\SysWow64\html.iec 2012-03-01 08:08 . 2012-03-01 08:08 35840 ----a-w- c:\windows\SysWow64\imgutil.dll 2012-03-01 08:08 . 2012-03-01 08:08 30720 ----a-w- c:\windows\system32\licmgr10.dll 2012-03-01 08:08 . 2012-03-01 08:08 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll 2012-03-01 08:08 . 2012-03-01 08:08 222208 ----a-w- c:\windows\system32\msls31.dll 2012-03-01 08:08 . 2012-03-01 08:08 173056 ----a-w- c:\windows\system32\ieUnatt.exe 2012-03-01 08:08 . 2012-03-01 08:08 165888 ----a-w- c:\windows\system32\iexpress.exe 2012-03-01 08:08 . 2012-03-01 08:08 161792 ----a-w- c:\windows\SysWow64\msls31.dll 2012-03-01 08:08 . 2012-03-01 08:08 160256 ----a-w- c:\windows\system32\wextract.exe 2012-03-01 08:08 . 2012-03-01 08:08 152064 ----a-w- c:\windows\SysWow64\wextract.exe 2012-03-01 08:08 . 2012-03-01 08:08 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2012-03-01 08:08 . 2012-03-01 08:08 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe 2012-03-01 08:08 . 2012-03-01 08:08 135168 ----a-w- c:\windows\system32\IEAdvpack.dll 2012-03-01 08:08 . 2012-03-01 08:08 12288 ----a-w- c:\windows\system32\mshta.exe 2012-03-01 08:08 . 2012-03-01 08:08 11776 ----a-w- c:\windows\SysWow64\mshta.exe 2012-03-01 08:08 . 2012-03-01 08:08 114176 ----a-w- c:\windows\system32\admparse.dll 2012-03-01 08:08 . 2012-03-01 08:08 111616 ----a-w- c:\windows\system32\iesysprep.dll 2012-03-01 08:08 . 2012-03-01 08:08 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2012-03-01 08:08 . 2012-03-01 08:08 101888 ----a-w- c:\windows\SysWow64\admparse.dll 2012-02-23 14:18 . 2012-01-21 17:03 279656 ------w- c:\windows\system32\MpSigStub.exe 2012-02-15 06:27 . 2012-03-14 10:14 1031680 ----a-w- c:\windows\system32\rdpcore.dll 2012-02-15 05:44 . 2012-03-14 10:14 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll 2012-02-15 04:47 . 2012-03-14 10:14 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-02-15 04:46 . 2012-03-14 10:14 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys 2012-02-10 06:24 . 2012-03-14 10:16 1544192 ----a-w- c:\windows\system32\DWrite.dll 2012-02-10 06:23 . 2012-03-14 10:16 1837568 ----a-w- c:\windows\system32\d3d10warp.dll 2012-02-10 06:23 . 2012-03-14 10:16 902656 ----a-w- c:\windows\system32\d2d1.dll 2012-02-10 06:23 . 2012-03-14 10:16 320512 ----a-w- c:\windows\system32\d3d10_1core.dll 2012-02-10 06:23 . 2012-03-14 10:16 197120 ----a-w- c:\windows\system32\d3d10_1.dll 2012-02-10 05:35 . 2012-03-14 10:16 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll 2012-02-10 05:35 . 2012-03-14 10:16 739840 ----a-w- c:\windows\SysWow64\d2d1.dll 2012-02-10 05:35 . 2012-03-14 10:16 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll 2012-02-10 05:35 . 2012-03-14 10:16 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll 2012-02-10 05:35 . 2012-03-14 10:16 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll 2012-02-07 15:02 . 2012-02-07 15:02 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX . . ((((((((((((((((((((((((((((( SnapShot@2012-05-02_20.45.49 ))))))))))))))))))))))))))))))))))))))))) . - 2012-05-02 20:29 . 2012-05-02 20:29 13342 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat + 2012-05-05 18:30 . 2012-05-05 18:30 13342 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat + 2010-10-21 00:42 . 2012-05-02 20:46 52040 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin - 2010-10-07 00:58 . 2012-04-28 18:15 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2010-10-07 00:58 . 2012-05-05 07:15 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2010-10-07 00:58 . 2012-04-28 18:15 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2010-10-07 00:58 . 2012-05-05 07:15 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2009-07-14 04:54 . 2012-04-28 18:15 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:54 . 2012-05-05 07:15 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2009-07-14 04:46 . 2012-05-03 07:19 78512 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat + 2012-05-05 18:31 . 2012-05-05 18:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-05-02 20:29 . 2012-05-02 20:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2012-05-05 18:31 . 2012-05-05 18:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2012-05-02 20:29 . 2012-05-02 20:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2012-05-05 07:15 . 2012-05-05 07:15 351904 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_Plugin.exe + 2012-05-05 06:15 . 2012-05-05 06:15 351904 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe + 2012-05-05 06:15 . 2012-05-05 06:15 424096 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.dll + 2012-04-28 16:25 . 2012-05-05 07:15 257696 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe + 2009-07-14 04:54 . 2012-05-05 07:15 278528 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2009-07-14 04:54 . 2012-05-02 19:52 278528 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2009-07-14 02:36 . 2012-05-03 07:20 639068 c:\windows\system32\perfh009.dat - 2009-07-14 02:36 . 2012-05-02 20:34 639068 c:\windows\system32\perfh009.dat - 2009-07-14 02:36 . 2012-05-02 20:34 111466 c:\windows\system32\perfc009.dat + 2009-07-14 02:36 . 2012-05-03 07:20 111466 c:\windows\system32\perfc009.dat + 2012-05-05 07:15 . 2012-05-05 07:15 630944 c:\windows\system32\Macromed\Flash\FlashUtil64_11_2_202_235_Plugin.exe + 2012-05-05 06:15 . 2012-05-05 06:15 631456 c:\windows\system32\Macromed\Flash\FlashUtil64_11_2_202_235_ActiveX.exe + 2012-05-05 06:15 . 2012-05-05 06:15 461984 c:\windows\system32\Macromed\Flash\FlashUtil64_11_2_202_235_ActiveX.dll + 2009-07-14 05:01 . 2012-05-05 18:30 401356 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2009-07-14 05:01 . 2012-05-02 20:29 401356 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2011-01-14 11:10 . 2011-01-14 11:10 155520 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKWORD6.DLL + 2011-01-14 11:10 . 2011-01-14 11:10 140160 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKEXCEL2.DLL + 2012-05-05 07:15 . 2012-05-05 07:15 8797856 c:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll - 2009-07-14 04:54 . 2012-05-02 19:52 8273920 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:54 . 2012-05-05 07:15 8273920 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2009-07-14 04:45 . 2012-05-03 07:18 3801083 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat - 2009-07-14 04:45 . 2012-04-29 17:12 3801083 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat + 2010-10-21 02:59 . 2012-05-05 18:30 1215088 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat - 2010-10-21 02:59 . 2012-04-30 18:49 1215088 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat + 2010-10-21 02:59 . 2012-05-05 18:30 1535220 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-570134600-2935155297-4020614257-1001-8192.dat - 2010-10-21 02:59 . 2012-05-02 20:29 1535220 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-570134600-2935155297-4020614257-1001-8192.dat + 2011-01-14 11:10 . 2011-01-14 11:10 2395008 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKWORD.DLL + 2011-01-14 11:10 . 2011-01-14 11:10 3443072 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKEXCEL.DLL + 2009-07-14 04:54 . 2012-05-05 07:15 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 04:54 . 2012-05-02 19:52 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2009-07-14 02:34 . 2012-05-02 20:43 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT + 2009-07-14 02:34 . 2012-05-05 11:34 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT + 2012-05-05 07:15 . 2012-05-05 07:15 11590304 c:\windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HPAdvisorDock"="c:\program files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe" [2010-09-28 1715768] "Ncr3"="c:\program files (x86)\Panasonic\Ncr3\ncrcore3.exe" [2008-11-29 1634304] "Aim"="c:\program files (x86)\AIM\aim.exe" [2011-05-03 4321112] "BitTorrent"="c:\program files (x86)\BitTorrent\BitTorrent.exe" [2012-04-28 6379888] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2009-10-14 563736] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-18 98304] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928] "Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-12 288088] "EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712] "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2010-6-17 1040952] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696] R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x] R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-02 129976] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S1 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x] S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-06-13 400368] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408] S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x] S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2009-10-14 635416] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2320920] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] S3 tmeevw;tmeevw;c:\windows\system32\DRIVERS\tmeevw.sys [x] S3 tmnciesc;tmnciesc;c:\windows\system32\DRIVERS\tmnciesc.sys [x] . . Contents of the 'Scheduled Tasks' folder . 2012-05-05 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-28 07:15] . 2012-04-28 c:\windows\Tasks\HPCeeScheduleForJustine.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768] "SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-18 568888] "Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2012-02-27 1304792] "Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2012-02-27 213824] . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Justine\AppData\Roaming\Mozilla\Firefox\Profiles\o9uwaajs.default\ FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=20110830011347617&tb_oid=05-09-2011&tb_mrud=05-09-2011 FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=2&q= FF - prefs.js: network.proxy.type - 0 , none); . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher] "ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-570134600-2935155297-4020614257-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-570134600-2935155297-4020614257-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe c:\program files (x86)\Panasonic\Ncr3\Ncrwd.exe c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe . ************************************************************************** . Completion time: 2012-05-05 14:36:19 - machine was rebooted ComboFix-quarantined-files.txt 2012-05-05 18:36 ComboFix2.txt 2012-05-02 20:48 . Pre-Run: 608,189,292,544 bytes free Post-Run: 608,340,443,136 bytes free . - - End Of File - - 7D40E3FC0541510D0127DE0B3295F78C Malwarebytes Anti-Malware (Trial) 1.61.0.1400 www.malwarebytes.org Database version: v2012.05.05.07 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 Justine :: JUSTINE-HP [administrator] Protection: Enabled 5/5/2012 2:49:06 PM mbam-log-2012-05-05 (14-49-06).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 207055 Time elapsed: 1 minute(s), 32 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)

#10 JonTom

JonTom

    SuperHelper

  • Classroom Teacher
  • 5,410 posts

Posted 05 May 2012 - 02:27 PM

Hello Anthony Szum

Thank you for the logs.

Lets clean out your temporary files and then check for anything that may have been missed with an online scan:


  • Temporary File Cleaner


    • Download TFC to your desktop.
    • Close any open windows.
    • Right click the TFC icon and select "Run as Administrator" to run the program.
    • TFC will close all open programs itself in order to run.
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish.
    • Once complete it should automatically reboot your machine.
    • If your machine does not reboot automatically, manually reboot to ensure a complete clean.
    • Note: After running TFC your machine may take slightly longer to boot the first time. This is normal.

  • Please run the following scan


    • Note: You will need to use Internet Explorer for this scan.
    • Note for Vista/Windows 7 Users: ESET is compatible but Internet Explorer must be run as Administrator. To do this, right-click on your Internet Explorer icon and select "Run as Administrator".
    • Please disable your real time security programs before performing the scan.


    • Scan your system with Eset Online Scanner
    • Place a check mark in the box YES, I accept the Terms Of Use.
    • Click the Posted Image button.
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps).
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.


    • Check Posted Image
    • Click the Posted Image button.
    • Accept any security warnings from your browser.
    • Check Posted Image
    • Make sure that the option to "Remove Found Threats" is UN checked.
    • Push the "Start" button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push Posted Image
    • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • Push the Posted Image button.
    • Push Posted Image

    Please post the ESET log in your next reply along with a new set of DDS logs, and let me know how your machine is running now :)

Advertisement


#11 AnthonySzum

AnthonySzum

    Authentic Member

  • Authentic Member
  • PipPip
  • 102 posts

Posted 08 May 2012 - 02:59 PM

.

#12 AnthonySzum

AnthonySzum

    Authentic Member

  • Authentic Member
  • PipPip
  • 102 posts

Posted 08 May 2012 - 06:08 PM

Whan I ran the Eset online, it picked up 3 viruses at 21% completed. I did the stupid thing of stopping the scan because I never un-checked the box that said "remove found threats". I restarted the computer in hopes that the viruses would load again but they never did. I re-scanned using Eset again making sure I un-checked the box and nothing was found the second time around. I wasn't able to save a log as there was no log to produce. Why would my Trend Micro Internet Security 2010 not pick these up and a free online scanner would?

Another thing that concerns me is that ever since my computer has been infected, i have been receiving this messege everytime I start up my computer:

http://imageshack.us...imag0123rs.jpg/


Any way to fix this?



Below are my DDS logs

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Justine at 20:00:16 on 2012-05-08
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8151.6145 [GMT -4:00]
.
AV: Trend Micro Titanium Internet Security 2012 *Disabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}
SP: Trend Micro Titanium Internet Security 2012 *Disabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files (x86)\Panasonic\Ncr3\ncrcore3.exe
C:\Program Files (x86)\AIM\aim.exe
C:\Program Files (x86)\BitTorrent\BitTorrent.exe
C:\Program Files (x86)\Panasonic\Ncr3\Ncrwd.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Wajam: {a7a6995d-6ee1-4fd1-a258-49395d5bf99c} - C:\Program Files (x86)\Wajam\IE\wajam.dll
BHO: TmBpIeBHO Class: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1102\7.1.1102\TmBpIe32.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe
uRun: [Ncr3] C:\Program Files (x86)\Panasonic\Ncr3\ncrcore3.exe
uRun: [Aim] "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US
uRun: [BitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe" /MINIMIZED
mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAPFI~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {33704B0F-9EB7-434B-B752-EA6CFFB87423} - hxxp://192.168.1.253:5000/JpegInst.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{499FE582-5E9E-4A2E-AB47-CF9564A27BDE} : DhcpNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll
BHO-X64: Trend Micro NSC BHO - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Wajam: {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\wajam.dll
BHO-X64: Wajam IE BHO - No File
BHO-X64: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1102\7.1.1102\TmBpIe32.dll
BHO-X64: TmBpIeBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Justine\AppData\Roaming\Mozilla\Firefox\Profiles\o9uwaajs.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=20110830011347617&tb_oid=05-09-2011&tb_mrud=05-09-2011
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=2&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\nphdplg.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
.
---- FIREFOX POLICIES ----
, none);
.
============= SERVICES / DRIVERS ===============
.
R1 tmevtmgr;tmevtmgr;C:\Windows\system32\DRIVERS\tmevtmgr.sys --> C:\Windows\system32\DRIVERS\tmevtmgr.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-6-12 400368]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-10-6 13336]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-30 654408]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2010-10-6 635416]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-6 2320920]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 tmeevw;tmeevw;C:\Windows\system32\DRIVERS\tmeevw.sys --> C:\Windows\system32\DRIVERS\tmeevw.sys [?]
R3 tmnciesc;tmnciesc;C:\Windows\system32\DRIVERS\tmnciesc.sys --> C:\Windows\system32\DRIVERS\tmnciesc.sys [?]
S2 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2012-4-28 275912]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-28 257696]
S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-2 129976]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-05-08 18:22:48 -------- d-sh--w- C:\$RECYCLE.BIN
2012-05-03 07:00:24 5504880 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-03 07:00:23 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-03 07:00:23 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-02 20:21:29 98816 ----a-w- C:\Windows\sed.exe
2012-05-02 20:21:29 518144 ----a-w- C:\Windows\SWREG.exe
2012-05-02 20:21:29 256000 ----a-w- C:\Windows\PEV.exe
2012-05-02 20:21:29 208896 ----a-w- C:\Windows\MBR.exe
2012-05-02 19:58:07 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-02 18:04:13 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2012-05-02 18:04:09 157352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-02 18:04:09 129976 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-04-30 18:14:08 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-04-30 18:14:07 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-29 17:22:53 -------- d-----w- C:\temp
2012-04-28 19:03:33 -------- d-----w- C:\Users\Justine\AppData\Local\Trend Micro
2012-04-28 19:03:00 67344 ----a-w- C:\Windows\System32\drivers\tmeevw.sys
2012-04-28 19:03:00 210704 ----a-w- C:\Windows\System32\drivers\tmnciesc.sys
2012-04-28 19:02:56 105744 ----a-w- C:\Windows\System32\drivers\tmtdi.sys
2012-04-28 19:02:54 91920 ----a-w- C:\Windows\System32\drivers\tmactmon.sys
2012-04-28 19:02:54 70928 ----a-w- C:\Windows\System32\drivers\tmevtmgr.sys
2012-04-28 19:02:54 167696 ----a-w- C:\Windows\System32\drivers\tmcomm.sys
2012-04-28 19:02:37 56 ----a-w- C:\Windows\System32\SupportTool.exe.bat
2012-04-28 19:02:26 -------- d-----w- C:\Program Files\Trend Micro
2012-04-28 19:01:59 -------- d-----w- C:\ProgramData\Trend Micro
2012-04-28 18:50:02 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-04-28 18:43:59 -------- d-----w- C:\Users\Justine\AppData\Local\CRE
2012-04-28 18:43:56 -------- d-----w- C:\Program Files (x86)\Conduit
2012-04-28 18:43:55 -------- d-----w- C:\Users\Justine\AppData\Local\Conduit
2012-04-28 18:43:25 -------- d-----w- C:\Program Files (x86)\BitTorrent
2012-04-28 18:42:02 -------- d-----w- C:\Users\Justine\AppData\Roaming\BitTorrent
2012-04-28 18:15:11 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-04-28 16:28:34 -------- d-----w- C:\Program Files (x86)\ESET
2012-04-28 16:25:16 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-28 16:12:31 -------- d-----w- C:\Users\Justine\AppData\Roaming\Malwarebytes
2012-04-28 16:12:24 -------- d-----w- C:\ProgramData\Malwarebytes
2012-04-28 16:08:19 -------- d-----w- C:\Program Files\CCleaner
2012-04-28 16:02:16 -------- d-----w- C:\AI_RecycleBin
2012-04-27 09:57:00 8917360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DA4F9BA7-E82E-4EDF-B39D-910B08177823}\mpengine.dll
2012-04-25 03:21:06 -------- d-sh--w- C:\Windows\SysWow64\AI_RecycleBin
2012-04-25 03:17:44 -------- d-----w- C:\Program Files (x86)\Wajam
2012-04-25 03:17:25 -------- d-----w- C:\ProgramData\Tarma Installer
2012-04-15 07:00:18 80896 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-15 07:00:18 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-04-15 07:00:18 22896 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-15 07:00:18 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-15 07:00:18 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-15 07:00:18 158720 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-15 07:00:17 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
.
==================== Find3M ====================
.
2012-05-05 07:15:04 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-23 14:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-02-15 06:27:54 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-02-15 05:44:57 826368 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-02-15 04:47:21 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-02-15 04:46:59 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-02-10 06:24:01 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-10 06:23:43 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll
2012-02-10 06:23:42 902656 ----a-w- C:\Windows\System32\d2d1.dll
2012-02-10 06:23:42 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll
2012-02-10 06:23:42 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2012-02-10 05:35:40 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-10 05:35:25 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-02-10 05:35:25 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2012-02-10 05:35:25 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2012-02-10 05:35:25 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
.
============= FINISH: 20:00:31.98 ===============









.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 10/20/2010 8:40:48 PM
System Uptime: 5/8/2012 5:30:15 PM (2 hours ago)
.
Motherboard: MSI | | 2A9C
Processor: Intel® Core™ i5 CPU 760 @ 2.80GHz | CPU 1 | 2801/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 686 GiB total, 563.741 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 1.478 GiB free.
E: is CDROM (UDF)
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e968-e325-11ce-bfc1-08002be10318}
Description: ATI Radeon HD 5450
Device ID: PCI\VEN_1002&DEV_68F9&SUBSYS_21311462&REV_00\4&30136BC7&0&0018
Manufacturer: ATI Technologies Inc.
Name: ATI Radeon HD 5450
PNP Device ID: PCI\VEN_1002&DEV_68F9&SUBSYS_21311462&REV_00\4&30136BC7&0&0018
Service: amdkmdap
.
==== System Restore Points ===================
.
RP172: 4/28/2012 3:00:10 AM - Windows Update
RP173: 4/28/2012 12:00:28 PM - Removed Fliptoast
RP174: 4/28/2012 3:14:24 PM - Windows Update
RP175: 4/30/2012 3:00:15 AM - Windows Update
RP176: 4/30/2012 2:49:19 PM - Windows Update
RP177: 5/2/2012 3:00:15 AM - Windows Update
RP178: 5/2/2012 3:43:35 AM - Windows Update
RP179: 5/2/2012 2:11:40 PM - Windows Update
RP180: 5/3/2012 3:00:11 AM - Windows Update
RP181: 5/5/2012 2:25:27 PM - ComboFix created restore point
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Adobe AIR
Adobe Reader X (10.1.3)
AIM 7
AOL Messaging Toolbar
Bejeweled 2 Deluxe
BitTorrent
Blackhawk Striker 2
Build-a-lot 2
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chuzzle Deluxe
CinemaNow Media Manager
CyberLink DVD Suite Deluxe
D3DX10
Diner Dash 2 Restaurant Rescue
Dora's Carnival Adventure
Download Updater (AOL LLC)
DVD Menu Pack for HP MediaSmart Video
Epson Event Manager
EPSON Scan
EpsonNet Print
EpsonNet Setup
Escape Rosecliff Island
ESET Online Scanner v3
FATE
Feedback Tool
Final Drive Nitro
Heroes of Hellas 2 - Olympia
Hewlett-Packard ACLM.NET v1.1.2.0
HP Advisor
HP Customer Experience Enhancements
HP Game Console
HP Games
HP MediaSmart CinemaNow 2.0
HP MediaSmart DVD
HP MediaSmart Music
HP MediaSmart Photo
HP MediaSmart Video
HP MediaSmart/TouchSmart Netflix
HP Odometer
HP Setup
HP Support Assistant
HP Support Information
HP Update
Hulu Desktop
HydraVision
Intel® Management Engine Components
Intel® Rapid Storage Technology
Jewel Quest 3
Jewel Quest Solitaire 2
Junk Mail filter update
Kobo
LabelPrint
LightScribe System Software
Malwarebytes Anti-Malware version 1.61.0.1400
Mesh Runtime
Messenger Companion
Microsoft Default Manager
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Click-to-Run 2010
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Starter 2010 - English
Microsoft Office Word MUI (English) 2007
Microsoft PowerPoint Viewer
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft WSE 3.0 Runtime
Movie Theme Pack for HP MediaSmart Video
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Network Camera Recorder with Viewer Software
Norton Online Backup
PDF Complete Special Edition
Penguins!
PhotoNow!
PictureMover
Plants vs. Zombies
Poker Superstars III
Polar Bowler
Polar Golfer
Power2Go
PowerDirector
PressReader
Realtek High Definition Audio Driver
Recovery Manager
Roxio CinemaNow 2.0
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Shakespeare In Bits - Romeo and Juliet
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2598306) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Virtual Families
Virtual Villagers - The Secret City
Wheel of Fortune 2
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Zinio Reader 4
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
5/8/2012 2:26:52 PM, Error: Service Control Manager [7034] - The EpsonBidirectionalService service terminated unexpectedly. It has done this 1 time(s).
5/5/2012 2:33:15 PM, Error: Service Control Manager [7000] - The HP Support Assistant Service service failed to start due to the following error: A device attached to the system is not functioning.
5/5/2012 2:31:10 PM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.
5/5/2012 2:30:22 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
5/5/2012 2:29:47 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
5/2/2012 4:00:45 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
5/2/2012 3:43:42 AM, Error: Service Control Manager [7038] - The WinHttpAutoProxySvc service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
5/2/2012 3:43:42 AM, Error: Service Control Manager [7000] - The WinHTTP Web Proxy Auto-Discovery Service service failed to start due to the following error: The service did not start due to a logon failure.
5/2/2012 2:11:57 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Windows 7 Service Pack 1 for x64-based Systems (KB976932).
5/2/2012 2:11:57 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Windows 7 for x64-based Systems (KB2679255).
.
==== End Of File ===========================

#13 JonTom

JonTom

    SuperHelper

  • Classroom Teacher
  • 5,410 posts

Posted 09 May 2012 - 08:15 AM

Hello Anthony Szum

Why would my Trend Micro Internet Security 2010 not pick these up and a free online scanner would?

You presently have Trend Micro Titanium Internet Security 2012 installed (not 2010), but no security program is perfect. They all have their strengths and weaknesses. What may be picked up by one program may be missed by another.

I re-scanned using Eset again making sure I un-checked the box and nothing was found the second time around

Thank you for letting me know.

Another thing that concerns me is that ever since my computer has been infected, i have been receiving this messege everytime I start up my computer

That message relates to a problem with your ATI graphics driver. The driver itself may need to be updated or reinstalled.

Please create a new thread in our Software Forum to receive assistance with your driver issues.

Your latest DDS log appears to be clean

Lets remove our tools in the steps below:

  • Please Uninstall Combofix


    • Hold down the Windows key (has the Windows symbol on it) and press the "R" key.
    • A Run box will open.
    • Type combofix /uninstall in the run box and click "OK". Please note the space between the "x" and the "/Uninstall", it needs to be there.

  • Removal of Tools


    • You no longer need DDS, aswMBR or TDSSKiller. Please delete them from your machine.


    Once you have completed the above steps you should be good to go!

  • Finally, please take the time to read through the information provided below:

    Enhance your System Security

    • For an excellent list of free anti virus software, free online virus scanners, free spyware detection/removal and free firewalls, click here.

    • IMPORTANT! Please make sure you only have ONE firewall and ONE real-time antivirus installed on your system. When using "on demand" scanners, first update the detection signature files, then disconnect from the internet and disable your resident security program before running the scan.
    • Once complete, remember to re-engage your resident security before going online.

    Web Browsers and Browser Security

    Firefox
    • Firefox is generally considered to have greater browsing security in comparison to other popular programs. You can download Firefox 3.0 from here.

    No-Script
    • If you use Firefox as your default browser, No-Script can provide additional security by preventing malicious scripts from being executed on your system.
    • You can download No-Script by clicking here.

    Internet Explorer
    • The newest version of Internet Explorer is available from here.

    SpywareBlaster
    • If you use Internet Explorer as your default browser, SpywareBlaster would be a valuable addition to your online security.
    • SpywareBlaster prevents malicious ActiveX objects from being downloaded onto your system.
    • You can download SpywareBlaster by clicking here.

    Web of Trust
    • When using search engines, Web of Trust provides you with an easy way of telling the good sites from the bad and is compatible with both Firefox and Internet Explorer.
    • Coloured symbols are displayed next to search results, giving you more confidence in the links you choose to click on: Green (To go), Yellow (Caution) and Red (Stop).
    • You can download Web of Trust by clicking here.

    Keep your Software Updated
    • Outdated software can sometimes have vulnerabilities that are exploitable by malware.
    • Check if there are available updates for your installed software with Secunia's Online Software Inspector by clicking here.

    Passwords
    • Learn how to create strong passwords by clicking here and test the strength of the passwords you already use by clicking here.

    General Reading

    Learn How To Combat Malware
    • Would you like to learn how to fight back against malware and help others? Enroll at the What The Tech (Formerly Tom Coyotes) Malware Classroom by clicking here.


#14 AnthonySzum

AnthonySzum

    Authentic Member

  • Authentic Member
  • PipPip
  • 102 posts

Posted 11 May 2012 - 01:11 PM

Everything removed. Thank you so much for your time and help. You guys rock! :thumbup: -Anthony

#15 JonTom

JonTom

    SuperHelper

  • Classroom Teacher
  • 5,410 posts

Posted 12 May 2012 - 06:45 AM

Thank you so much for your time and help

You are Very Welcome Anthony Szum

Since this problem appears to be resolved this topic is now closed.

Glad we could help :)

Best wishes
JonTom

Advertisement




Similar Topics: Trojan will not delete [Solved]     x


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users