Trojan will not delete [Solved], Anti virus will not work Options

[AnthonySzum]

I was getting the "blue screen of death. Upon scanning with enod and malewarebytes, I found multiple threats that can not be deleted. Below is my log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:45:42 PM, on 4/28/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files (x86)\Panasonic\Ncr3\ncrcore3.exe
C:\Program Files (x86)\AIM\aim.exe
C:\Program Files (x86)\Panasonic\Ncr3\Ncrwd.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Justine\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: 94.63.147.17 www.bing.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Wajam IE BHO - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\wajam.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe
O4 - HKCU\..\Run: [Ncr3] C:\Program Files (x86)\Panasonic\Ncr3\ncrcore3.exe
O4 - HKCU\..\Run: [Aim] "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe (User 'Default user')
O4 - Global Startup: Snapfish PictureMover.lnk = C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {33704B0F-9EB7-434B-B752-EA6CFFB87423} (pmjpegaudio Class) - http://192.168.1.253:5000/JpegInst.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: CinemaNow Service - CinemaNow, Inc. - C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: hpqwmiex - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12118 bytes

[JonTom]

Hello Anthony Szum and

My name is JonTom

• Malware Logs can sometimes take a lot of time to research and interpret.
  
• Please be patient while I try to assist with your problem. If at any time you do not understand what is required, please ask for further explanation.
  
• Please note that there is no "Quick Fix" to modern malware infections and we may need to use several different approaches to get your system clean.
  
• Read every reply you receive carefully and thoroughly before carrying out the instructions. You may also find it helpful to print out the instructions you receive, as in some instances you may have to disconnect your computer from the Internet.
  
• PLEASE NOTE: If you do not reply after 3 days your thread will be closed.

Upon scanning with enod and malewarebytes, I found multiple threats that can not be deleted

Please post the nod and MBAM logs for me to review.

I would also like to see the logs created from the following scans:

1. Please perform the following scan
   
   
   
   • Please download DDS from here and save it to your desktop.
   • Disable any script blocking protection (How to Disable your Security Programs)
   • Right click on the DDS icon and select "Run as Administrator" to run the tool (may take up to 3 minutes to run).
   • When done, DDS.txt will open.
   • After a few moments, attach.txt will open in a second window.
   • Save both reports to your desktop.
   • Please post the contents of the DDS.txt and Attach.txt logs in your next reply.
   
   
   
2. aswMBR
   
   
   
   • Download aswMBR.exe to your desktop.
   • Double click the aswMBR.exe to run it.
   • When asked if you want to download Avast's virus definitions please select Yes.
   • Click the "Scan" button to start scan.
   
   
   
   
   
   • On completion of the scan click save log, save it to your desktop and post in your next reply.
   
   
   
   
   Please post both DDS logs and the aswMBR log in your next reply.

[AnthonySzum]

Below are my hht log, malwarebyte log, dds log, and aswMBR log. I had deleted my Nod32 antivirus after posting the original thread and installed Trend Micro Titanium but it does not create a log file.


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 2:11:56 PM, on 4/30/2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files (x86)\Panasonic\Ncr3\ncrcore3.exe
C:\Program Files (x86)\AIM\aim.exe
C:\Program Files (x86)\BitTorrent\BitTorrent.exe
C:\Program Files (x86)\Panasonic\Ncr3\Ncrwd.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\Justine\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPDSK/1
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: 94.63.147.17 www.bing.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Trend Micro NSC BHO - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: Wajam IE BHO - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\wajam.dll
O2 - BHO: TmBpIeBHO - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1102\7.1.1102\TmBpIe32.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe
O4 - HKCU\..\Run: [Ncr3] C:\Program Files (x86)\Panasonic\Ncr3\ncrcore3.exe
O4 - HKCU\..\Run: [Aim] "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe" /MINIMIZED
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe (User 'Default user')
O4 - Global Startup: Snapfish PictureMover.lnk = C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {33704B0F-9EB7-434B-B752-EA6CFFB87423} (pmjpegaudio Class) - http://192.168.1.253:5000/JpegInst.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1102\7.1.1102\TmBpIe32.dll
O18 - Protocol: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Trend Micro Solution Platform (Amsp) - Trend Micro Inc. - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
O23 - Service: CinemaNow Service - CinemaNow, Inc. - C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EpsonBidirectionalService - SEIKO EPSON CORPORATION - C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: hpqwmiex - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Online Backup (NOBU) - Symantec Corporation - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12709 bytes



Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.30.07

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Justine :: JUSTINE-HP [administrator]

Protection: Disabled

4/30/2012 2:15:00 PM
mbam-log-2012-04-30 (14-20-49).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 203177
Time elapsed: 5 minute(s), 28 second(s)

Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 4772 -> No action taken.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> No action taken.

(end)



.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Justine at 14:25:14 on 2012-04-30
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8151.6555 [GMT -4:00]
.
AV: Trend Micro Titanium Internet Security 2012 *Disabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}
SP: Trend Micro Titanium Internet Security 2012 *Disabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
C:\Program Files (x86)\Panasonic\Ncr3\ncrcore3.exe
C:\Program Files (x86)\AIM\aim.exe
C:\Program Files (x86)\Panasonic\Ncr3\Ncrwd.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\DllHost.exe
-netsvcs
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Wajam: {a7a6995d-6ee1-4fd1-a258-49395d5bf99c} - C:\Program Files (x86)\Wajam\IE\wajam.dll
BHO: TmBpIeBHO Class: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1102\7.1.1102\TmBpIe32.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe
uRun: [Ncr3] C:\Program Files (x86)\Panasonic\Ncr3\ncrcore3.exe
uRun: [Aim] "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US
uRun: [BitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe" /MINIMIZED
mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
dRun: [dplaysvr] C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAPFI~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {33704B0F-9EB7-434B-B752-EA6CFFB87423} - hxxp://192.168.1.253:5000/JpegInst.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{499FE582-5E9E-4A2E-AB47-CF9564A27BDE} : DhcpNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll
BHO-X64: Trend Micro NSC BHO - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Wajam: {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\wajam.dll
BHO-X64: Wajam IE BHO - No File
BHO-X64: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1102\7.1.1102\TmBpIe32.dll
BHO-X64: TmBpIeBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
Hosts: 94.63.147.17 www.bing.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Justine\AppData\Roaming\Mozilla\Firefox\Profiles\o9uwaajs.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=20110830011347617&tb_oid=05-09-2011&tb_mrud=05-09-2011
FF - prefs.js: browser.search.selectedEngine - Search
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=2&q=
FF - prefs.js: network.proxy.type - 0
FF - component: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.0.0.128\IPSFFPlgn\components\IPSFFPl.dll
FF - component: C:\Users\Justine\AppData\Roaming\Mozilla\Firefox\Profiles\o9uwaajs.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}\components\MailUtil.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\nphdplg.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
.
---- FIREFOX POLICIES ----
.
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 3af8e9670000000000006c626d601189
FF - user.js: extensions.BabylonToolbar_i.hardId - 3af8e9670000000000006c626d601189
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15455
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1723:18:02
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
, none);
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
.
============= SERVICES / DRIVERS ===============
.
R1 tmevtmgr;tmevtmgr;C:\Windows\system32\DRIVERS\tmevtmgr.sys --> C:\Windows\system32\DRIVERS\tmevtmgr.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-6-12 400368]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-10-6 13336]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2010-10-6 635416]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-6 2320920]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 tmeevw;tmeevw;C:\Windows\system32\DRIVERS\tmeevw.sys --> C:\Windows\system32\DRIVERS\tmeevw.sys [?]
R3 tmnciesc;tmnciesc;C:\Windows\system32\DRIVERS\tmnciesc.sys --> C:\Windows\system32\DRIVERS\tmnciesc.sys [?]
S2 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2012-4-28 275912]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-28 253088]
S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-04-30 18:14:08 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-04-30 18:14:07 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-29 17:22:53 -------- d-----w- C:\temp
2012-04-28 19:03:33 -------- d-----w- C:\Users\Justine\AppData\Local\Trend Micro
2012-04-28 19:03:00 67344 ----a-w- C:\Windows\System32\drivers\tmeevw.sys
2012-04-28 19:03:00 210704 ----a-w- C:\Windows\System32\drivers\tmnciesc.sys
2012-04-28 19:02:56 105744 ----a-w- C:\Windows\System32\drivers\tmtdi.sys
2012-04-28 19:02:54 91920 ----a-w- C:\Windows\System32\drivers\tmactmon.sys
2012-04-28 19:02:54 70928 ----a-w- C:\Windows\System32\drivers\tmevtmgr.sys
2012-04-28 19:02:54 167696 ----a-w- C:\Windows\System32\drivers\tmcomm.sys
2012-04-28 19:02:37 56 ----a-w- C:\Windows\System32\SupportTool.exe.bat
2012-04-28 19:02:26 -------- d-----w- C:\Program Files\Trend Micro
2012-04-28 19:01:59 -------- d-----w- C:\ProgramData\Trend Micro
2012-04-28 18:50:02 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-04-28 18:43:59 -------- d-----w- C:\Users\Justine\AppData\Local\CRE
2012-04-28 18:43:56 -------- d-----w- C:\Program Files (x86)\Conduit
2012-04-28 18:43:55 -------- d-----w- C:\Users\Justine\AppData\Local\Conduit
2012-04-28 18:43:25 -------- d-----w- C:\Program Files (x86)\BitTorrent
2012-04-28 18:42:02 -------- d-----w- C:\Users\Justine\AppData\Roaming\BitTorrent
2012-04-28 18:15:11 8766112 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-04-28 17:23:56 20480 ----a-w- C:\Windows\svchost.exe
2012-04-28 16:28:34 -------- d-----w- C:\Program Files (x86)\ESET
2012-04-28 16:25:16 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-28 16:12:31 -------- d-----w- C:\Users\Justine\AppData\Roaming\Malwarebytes
2012-04-28 16:12:24 -------- d-----w- C:\ProgramData\Malwarebytes
2012-04-28 16:08:19 -------- d-----w- C:\Program Files\CCleaner
2012-04-28 16:02:16 -------- d-sh--w- C:\AI_RecycleBin
2012-04-27 09:57:00 8917360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DA4F9BA7-E82E-4EDF-B39D-910B08177823}\mpengine.dll
2012-04-25 03:21:06 -------- d-sh--w- C:\Windows\SysWow64\AI_RecycleBin
2012-04-25 03:17:58 -------- d-----w- C:\Users\Justine\AppData\Local\Babylon
2012-04-25 03:17:57 -------- d-----w- C:\Users\Justine\AppData\Roaming\Babylon
2012-04-25 03:17:57 -------- d-----w- C:\ProgramData\Babylon
2012-04-25 03:17:44 -------- d-----w- C:\Program Files (x86)\Wajam
2012-04-25 03:17:25 -------- d-----w- C:\ProgramData\Tarma Installer
2012-04-15 07:00:18 80896 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-15 07:00:18 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-04-15 07:00:18 22896 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-15 07:00:18 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-15 07:00:18 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-15 07:00:18 158720 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-15 07:00:17 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-04 05:53:56 182160 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
.
==================== Find3M ====================
.
2012-04-28 18:15:15 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-23 14:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-02-15 06:27:54 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-02-15 05:44:57 826368 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-02-15 04:47:21 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-02-15 04:46:59 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-02-10 06:24:01 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-10 06:23:43 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll
2012-02-10 06:23:42 902656 ----a-w- C:\Windows\System32\d2d1.dll
2012-02-10 06:23:42 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll
2012-02-10 06:23:42 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2012-02-10 05:35:40 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-10 05:35:25 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-02-10 05:35:25 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2012-02-10 05:35:25 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2012-02-10 05:35:25 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2012-02-07 15:02:40 1070352 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2012-02-03 04:16:03 3143168 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 14:26:07.29 ===============




.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 10/20/2010 8:40:48 PM
System Uptime: 4/30/2012 2:06:20 PM (0 hours ago)
.
Motherboard: MSI | | 2A9C
Processor: Intel® Core™ i5 CPU 760 @ 2.80GHz | CPU 1 | 2801/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 686 GiB total, 566.979 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 1.479 GiB free.
E: is CDROM (UDF)
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e968-e325-11ce-bfc1-08002be10318}
Description: ATI Radeon HD 5450
Device ID: PCI\VEN_1002&DEV_68F9&SUBSYS_21311462&REV_00\4&30136BC7&0&0018
Manufacturer: ATI Technologies Inc.
Name: ATI Radeon HD 5450
PNP Device ID: PCI\VEN_1002&DEV_68F9&SUBSYS_21311462&REV_00\4&30136BC7&0&0018
Service: amdkmdap
.
==== System Restore Points ===================
.
RP160: 4/20/2012 1:19:56 AM - HPSF Restore Point
RP161: 4/20/2012 3:00:12 AM - Windows Update
RP162: 4/20/2012 5:56:39 AM - Windows Update
RP163: 4/21/2012 3:00:10 AM - Windows Update
RP164: 4/22/2012 3:00:10 AM - Windows Update
RP165: 4/23/2012 3:00:10 AM - Windows Update
RP166: 4/24/2012 3:00:10 AM - Windows Update
RP167: 4/24/2012 5:56:39 AM - Windows Update
RP168: 4/25/2012 3:00:14 AM - Windows Update
RP169: 4/26/2012 3:00:10 AM - Windows Update
RP170: 4/27/2012 3:00:10 AM - Windows Update
RP171: 4/27/2012 5:56:41 AM - Windows Update
RP172: 4/28/2012 3:00:10 AM - Windows Update
RP173: 4/28/2012 12:00:28 PM - Removed Fliptoast
RP174: 4/28/2012 3:14:24 PM - Windows Update
RP175: 4/30/2012 3:00:15 AM - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Adobe AIR
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3)
AIM 7
AOL Messaging Toolbar
Bejeweled 2 Deluxe
BitTorrent
Blackhawk Striker 2
Build-a-lot 2
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chuzzle Deluxe
CinemaNow Media Manager
CyberLink DVD Suite Deluxe
D3DX10
Diner Dash 2 Restaurant Rescue
Dora's Carnival Adventure
Download Updater (AOL LLC)
DVD Menu Pack for HP MediaSmart Video
Epson Event Manager
EPSON Scan
EpsonNet Print
EpsonNet Setup
Escape Rosecliff Island
ESET Online Scanner v3
FATE
Feedback Tool
Final Drive Nitro
Heroes of Hellas 2 - Olympia
Hewlett-Packard ACLM.NET v1.1.2.0
HP Advisor
HP Customer Experience Enhancements
HP Game Console
HP Games
HP MediaSmart CinemaNow 2.0
HP MediaSmart DVD
HP MediaSmart Music
HP MediaSmart Photo
HP MediaSmart Video
HP MediaSmart/TouchSmart Netflix
HP Odometer
HP Setup
HP Support Assistant
HP Support Information
HP Update
Hulu Desktop
HydraVision
Intel® Management Engine Components
Intel® Rapid Storage Technology
Jewel Quest 3
Jewel Quest Solitaire 2
Junk Mail filter update
Kobo
LabelPrint
LightScribe System Software
Malwarebytes Anti-Malware version 1.61.0.1400
Mesh Runtime
Messenger Companion
Microsoft Default Manager
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Click-to-Run 2010
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Starter 2010 - English
Microsoft Office Word MUI (English) 2007
Microsoft PowerPoint Viewer
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft WSE 3.0 Runtime
Movie Theme Pack for HP MediaSmart Video
Mozilla Firefox 11.0 (x86 en-US)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Network Camera Recorder with Viewer Software
Norton Online Backup
PDF Complete Special Edition
PDF Reader
Penguins!
PhotoNow!
PictureMover
Plants vs. Zombies
Poker Superstars III
Polar Bowler
Polar Golfer
Power2Go
PowerDirector
PressReader
Realtek High Definition Audio Driver
Recovery Manager
Roxio CinemaNow 2.0
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Shakespeare In Bits - Romeo and Juliet
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2598306) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Virtual Families
Virtual Villagers - The Secret City
Wheel of Fortune 2
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Zinio Reader 4
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
4/30/2012 3:00:48 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Windows 7 for x64-based Systems (KB2679255).
4/28/2012 12:24:53 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running.
4/28/2012 12:24:20 PM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
4/28/2012 12:24:20 PM, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-1073473535.
4/28/2012 1:21:01 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
4/28/2012 1:21:01 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
4/28/2012 1:17:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
4/28/2012 1:17:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
4/28/2012 1:17:36 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
4/28/2012 1:17:35 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
4/28/2012 1:17:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
4/28/2012 1:17:06 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx64 DfsC discache eeCtrl IDSVia64 NetBIOS NetBT nsiproxy Psched rdbss spldr SRTSPX SymIRON SymNetS tdx Wanarpv6 WfpLwf
4/28/2012 1:17:02 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
4/28/2012 1:17:02 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
4/28/2012 1:17:02 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
4/28/2012 1:17:02 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
4/28/2012 1:17:02 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
4/28/2012 1:17:02 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
4/28/2012 1:17:02 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
4/28/2012 1:17:02 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
4/28/2012 1:17:02 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
4/28/2012 1:17:02 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
4/28/2012 1:17:02 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.
4/28/2012 1:17:01 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000001000000dd, 0x0000000000000002, 0x0000000000000001, 0xfffff80002ab2f95). A dump was saved in: C:\Windows\Minidump\042812-27300-01.dmp. Report Id: 042812-27300-01.
.
==== End Of File ===========================



aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-04-30 14:28:41
-----------------------------
14:28:41.033 OS Version: Windows x64 6.1.7600
14:28:41.033 Number of processors: 4 586 0x1E05
14:28:41.033 ComputerName: JUSTINE-HP UserName: Justine
14:28:43.782 Initialize success
14:29:05.711 AVAST engine defs: 12043000
14:29:23.798 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:29:23.802 Disk 0 Vendor: ST375052 HP35 Size: 715404MB BusType: 8
14:29:23.807 Device \Driver\iaStor -> MajorFunction fffffa8009f8e5c4
14:29:23.812 Disk 0 MBR read successfully
14:29:23.818 Disk 0 MBR scan
14:29:23.826 Disk 0 unknown MBR code
14:29:23.846 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
14:29:23.871 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 702910 MB offset 206848
14:29:23.897 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 12392 MB offset 1439766528
14:29:23.962 Disk 0 scanning C:\Windows\system32\drivers
14:29:30.707 Service scanning
14:29:43.615 Modules scanning
14:29:43.643 Disk 0 trace - called modules:
14:29:43.648 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa8009f8e5c4]<<
14:29:43.652 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8007ab9060]
14:29:43.656 3 CLASSPNP.SYS[fffff88001a9543f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80077bf050]
14:29:43.660 \Driver\iaStor[0xfffffa80079efdf0] -> IRP_MJ_CREATE -> 0xfffffa8009f8e5c4
14:29:51.366 AVAST engine scan C:\Windows
14:29:55.087 AVAST engine scan C:\Windows\system32
14:32:39.435 AVAST engine scan C:\Windows\system32\drivers
14:32:51.476 AVAST engine scan C:\Users\Justine
14:38:04.321 AVAST engine scan C:\ProgramData
14:40:20.090 Scan finished successfully
14:41:47.832 Disk 0 MBR has been saved successfully to "C:\Users\Justine\Desktop\Virus Help\MBR.dat"
14:41:47.836 The log file has been saved successfully to "C:\Users\Justine\Desktop\Virus Help\aswMBR.txt"

[JonTom]

Hello Anthony Szum

Thank you for the logs.

There are a number of things that have to be dealt with on this machine. Lets begin with the following:

1. P2P Programs:
   
   
   
   • P2P programs are a major source of Malware infections.
   • From your log I see you have BitTorrent. We do not pass judgment on file-sharing, however we must inform you that engaging in this activity and having this kind of software installed on your system will always make you more susceptible to Malware infections.
   • The use of P2P programs may be contributing to your current situation, and you would certainly be doing yourself a favour by removing them.
   • If you wish to keep the program(s), please do not use them until your computer is cleaned.
     
     
   • Information regarding the risk of using these programs can be found from here and here.
     
   • It is strongly recommend that you uninstall any P2P programs you have on your system.
     
   • To do this, Click on the "Windows Orb" (bottom left hand corner of your screen), then on "Conrol Panel" and then on the "Programs and Features" tab.
   • A list of currently installed programs will be displayed.
   • Find the "BitTorrent" program, click on it once and then click on the "Uninstall" button.
   • If you are prompted to re-boot your computer to complete the uninstall please do so.
     
     
     PLEASE NOTE:
   • Even if you are using a P2P program that is deemed safe, it is only the program that is safe. Any files that you receive using a "safe" P2P program may be infected with Malware. The malware writers use P2P file-sharing as a major conduit to spread infected files.
   
   
   
   I would like to review a the log produced from the following tool (please do not elect to cure or quarantine anything at this time):
   
   
2. TDSS Killer
   
   
   
   • Please read carefully and follow these steps.
   • Download TDSSKiller and save it to your Desktop.
   • Extract its contents to your desktop.
   • Once extracted, open the TDSSKiller folder and Right click on TDSSKiller.exe and select "Run as Administrator" to run the application.
   • When the window opens, click on Change Parameters.
   • Under ”Additional options”, put a check mark in the box next to “Detect TDLFS File System”.
   • Click on Start Scan.
   • If an infected file is detected, the default action will be Cure, click on Skip.
   • If a suspicious file is detected, the default action will be Skip, click on Continue.
   • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
   • If no reboot is required, click on Report. A log file should appear. Please copy and paste the contents of that file here.
   • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
   
   
   Please post the TDSSKiller log in your next reply.

[AnthonySzum]

14:06:24.0703 4712 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
14:06:24.0957 4712 ============================================================
14:06:24.0958 4712 Current date / time: 2012/05/02 14:06:24.0957
14:06:24.0958 4712 SystemInfo:
14:06:24.0958 4712
14:06:24.0958 4712 OS Version: 6.1.7600 ServicePack: 0.0
14:06:24.0958 4712 Product type: Workstation
14:06:24.0958 4712 ComputerName: JUSTINE-HP
14:06:24.0958 4712 UserName: Justine
14:06:24.0958 4712 Windows directory: C:\Windows
14:06:24.0958 4712 System windows directory: C:\Windows
14:06:24.0958 4712 Running under WOW64
14:06:24.0958 4712 Processor architecture: Intel x64
14:06:24.0958 4712 Number of processors: 4
14:06:24.0958 4712 Page size: 0x1000
14:06:24.0958 4712 Boot type: Normal boot
14:06:24.0958 4712 ============================================================
14:06:26.0016 4712 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
14:06:26.0048 4712 ============================================================
14:06:26.0048 4712 \Device\Harddisk0\DR0:
14:06:26.0048 4712 MBR partitions:
14:06:26.0048 4712 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
14:06:26.0048 4712 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x55CDF000
14:06:26.0048 4712 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x55D11800, BlocksNum 0x1834000
14:06:26.0048 4712 ============================================================
14:06:26.0061 4712 C: <-> \Device\Harddisk0\DR0\Partition1
14:06:26.0200 4712 D: <-> \Device\Harddisk0\DR0\Partition2
14:06:26.0200 4712 ============================================================
14:06:26.0200 4712 Initialize success
14:06:26.0200 4712 ============================================================
14:07:28.0158 1272 ============================================================
14:07:28.0158 1272 Scan started
14:07:28.0158 1272 Mode: Manual;
14:07:28.0158 1272 ============================================================
14:07:36.0113 1272 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
14:07:36.0120 1272 1394ohci - ok
14:07:36.0161 1272 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
14:07:36.0166 1272 ACPI - ok
14:07:36.0182 1272 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
14:07:36.0183 1272 AcpiPmi - ok
14:07:36.0384 1272 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
14:07:36.0385 1272 AdobeARMservice - ok
14:07:36.0609 1272 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
14:07:36.0614 1272 AdobeFlashPlayerUpdateSvc - ok
14:07:36.0692 1272 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
14:07:36.0697 1272 adp94xx - ok
14:07:36.0735 1272 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
14:07:36.0740 1272 adpahci - ok
14:07:36.0784 1272 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
14:07:36.0799 1272 adpu320 - ok
14:07:37.0184 1272 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
14:07:37.0186 1272 AeLookupSvc - ok
14:07:37.0229 1272 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
14:07:37.0233 1272 AFD - ok
14:07:37.0253 1272 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
14:07:37.0255 1272 agp440 - ok
14:07:37.0361 1272 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
14:07:37.0365 1272 ALG - ok
14:07:37.0369 1272 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
14:07:37.0400 1272 aliide - ok
14:07:37.0812 1272 AMD External Events Utility (998021e7c3de3e97e441abace498ffb6) C:\Windows\system32\atiesrxx.exe
14:07:37.0821 1272 AMD External Events Utility - ok
14:07:37.0824 1272 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
14:07:37.0833 1272 amdide - ok
14:07:37.0853 1272 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
14:07:37.0855 1272 AmdK8 - ok
14:07:40.0299 1272 amdkmdag (250d5b746fff9b7d88591ee60b63b3e4) C:\Windows\system32\DRIVERS\atikmdag.sys
14:07:40.0831 1272 amdkmdag - ok
14:07:40.0979 1272 amdkmdap (781daec0c3e63950cca53d193582f2e8) C:\Windows\system32\DRIVERS\atikmpag.sys
14:07:40.0998 1272 amdkmdap - ok
14:07:41.0062 1272 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
14:07:41.0091 1272 AmdPPM - ok
14:07:41.0241 1272 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
14:07:41.0244 1272 amdsata - ok
14:07:41.0277 1272 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
14:07:41.0280 1272 amdsbs - ok
14:07:41.0290 1272 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
14:07:41.0291 1272 amdxata - ok
14:07:41.0471 1272 Amsp (1b7d1f0a0dfadbc797c16364792a7aa5) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
14:07:41.0475 1272 Amsp - ok
14:07:41.0525 1272 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
14:07:41.0527 1272 AppID - ok
14:07:41.0622 1272 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
14:07:41.0629 1272 AppIDSvc - ok
14:07:41.0798 1272 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
14:07:41.0800 1272 Appinfo - ok
14:07:41.0813 1272 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
14:07:41.0816 1272 arc - ok
14:07:41.0826 1272 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
14:07:41.0829 1272 arcsas - ok
14:07:41.0848 1272 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
14:07:41.0849 1272 AsyncMac - ok
14:07:41.0899 1272 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
14:07:41.0900 1272 atapi - ok
14:07:42.0108 1272 AtiHDAudioService (4bf5bca6e2608cd8a00bc4a6673a9f47) C:\Windows\system32\drivers\AtihdW76.sys
14:07:42.0110 1272 AtiHDAudioService - ok
14:07:42.0166 1272 AtiHdmiService (637e0753bd6deb8ea5314a5c357ec1a0) C:\Windows\system32\drivers\AtiHdmi.sys
14:07:42.0169 1272 AtiHdmiService - ok
14:07:42.0207 1272 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
14:07:42.0217 1272 AudioEndpointBuilder - ok
14:07:42.0226 1272 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
14:07:42.0233 1272 AudioSrv - ok
14:07:42.0277 1272 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
14:07:42.0280 1272 AxInstSV - ok
14:07:42.0693 1272 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
14:07:42.0714 1272 b06bdrv - ok
14:07:42.0969 1272 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
14:07:42.0973 1272 b57nd60a - ok
14:07:42.0993 1272 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
14:07:42.0995 1272 BDESVC - ok
14:07:43.0006 1272 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
14:07:43.0007 1272 Beep - ok
14:07:43.0123 1272 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
14:07:43.0132 1272 BFE - ok
14:07:43.0183 1272 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll
14:07:43.0234 1272 BITS - ok
14:07:43.0425 1272 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
14:07:43.0427 1272 blbdrive - ok
14:07:43.0585 1272 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
14:07:43.0587 1272 bowser - ok
14:07:43.0635 1272 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
14:07:43.0638 1272 BrFiltLo - ok
14:07:43.0654 1272 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
14:07:43.0663 1272 BrFiltUp - ok
14:07:43.0763 1272 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
14:07:43.0766 1272 Browser - ok
14:07:43.0790 1272 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
14:07:43.0794 1272 Brserid - ok
14:07:43.0799 1272 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
14:07:43.0801 1272 BrSerWdm - ok
14:07:43.0803 1272 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
14:07:43.0805 1272 BrUsbMdm - ok
14:07:43.0810 1272 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
14:07:43.0811 1272 BrUsbSer - ok
14:07:43.0829 1272 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
14:07:43.0830 1272 BTHMODEM - ok
14:07:43.0852 1272 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
14:07:43.0855 1272 bthserv - ok
14:07:44.0161 1272 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
14:07:44.0164 1272 cdfs - ok
14:07:44.0199 1272 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
14:07:44.0202 1272 cdrom - ok
14:07:44.0226 1272 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
14:07:44.0229 1272 CertPropSvc - ok
14:07:44.0343 1272 CinemaNow Service (ea3333db9ab03106eec0d6d9d487ed01) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
14:07:44.0347 1272 CinemaNow Service - ok
14:07:44.0363 1272 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
14:07:44.0371 1272 circlass - ok
14:07:44.0618 1272 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
14:07:44.0631 1272 CLFS - ok
14:07:44.0684 1272 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:07:44.0686 1272 clr_optimization_v2.0.50727_32 - ok
14:07:44.0778 1272 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
14:07:44.0780 1272 clr_optimization_v2.0.50727_64 - ok
14:07:44.0818 1272 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:07:44.0819 1272 clr_optimization_v4.0.30319_32 - ok
14:07:44.0840 1272 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
14:07:44.0841 1272 clr_optimization_v4.0.30319_64 - ok
14:07:44.0867 1272 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
14:07:44.0924 1272 CmBatt - ok
14:07:44.0930 1272 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
14:07:44.0932 1272 cmdide - ok
14:07:45.0027 1272 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
14:07:45.0035 1272 CNG - ok
14:07:45.0049 1272 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
14:07:45.0051 1272 Compbatt - ok
14:07:45.0079 1272 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
14:07:45.0081 1272 CompositeBus - ok
14:07:45.0090 1272 COMSysApp - ok
14:07:45.0101 1272 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
14:07:45.0103 1272 crcdisk - ok
14:07:45.0234 1272 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
14:07:45.0237 1272 CryptSvc - ok
14:07:45.0627 1272 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
14:07:45.0635 1272 cvhsvc - ok
14:07:45.0669 1272 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
14:07:45.0678 1272 DcomLaunch - ok
14:07:45.0813 1272 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
14:07:45.0819 1272 defragsvc - ok
14:07:45.0878 1272 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
14:07:45.0881 1272 DfsC - ok
14:07:45.0926 1272 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
14:07:45.0932 1272 Dhcp - ok
14:07:45.0947 1272 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
14:07:45.0949 1272 discache - ok
14:07:45.0976 1272 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
14:07:45.0978 1272 Disk - ok
14:07:46.0004 1272 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
14:07:46.0008 1272 Dnscache - ok
14:07:46.0028 1272 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
14:07:46.0034 1272 dot3svc - ok
14:07:46.0050 1272 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
14:07:46.0053 1272 DPS - ok
14:07:46.0071 1272 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
14:07:46.0073 1272 drmkaud - ok
14:07:46.0183 1272 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
14:07:46.0211 1272 DXGKrnl - ok
14:07:46.0279 1272 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
14:07:46.0282 1272 EapHost - ok
14:07:47.0273 1272 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
14:07:47.0335 1272 ebdrv - ok
14:07:47.0431 1272 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
14:07:47.0433 1272 EFS - ok
14:07:47.0847 1272 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
14:07:47.0867 1272 ehRecvr - ok
14:07:47.0983 1272 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
14:07:48.0000 1272 ehSched - ok
14:07:48.0276 1272 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
14:07:48.0284 1272 elxstor - ok
14:07:48.0348 1272 EpsonBidirectionalService (abdd5ad016affd34ad40e944ce94bf59) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
14:07:48.0398 1272 EpsonBidirectionalService - ok
14:07:48.0608 1272 EPSON_EB_RPCV4_01 (b5581646636759d0dafa8b008881c079) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
14:07:48.0628 1272 EPSON_EB_RPCV4_01 - ok
14:07:48.0644 1272 EPSON_PM_RPCV4_01 (1e345f2a2d95da3190596e691cde9342) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
14:07:48.0663 1272 EPSON_PM_RPCV4_01 - ok
14:07:48.0675 1272 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
14:07:48.0677 1272 ErrDev - ok
14:07:48.0794 1272 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
14:07:48.0810 1272 EventSystem - ok
14:07:48.0832 1272 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
14:07:48.0836 1272 exfat - ok
14:07:48.0869 1272 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
14:07:48.0871 1272 fastfat - ok
14:07:48.0913 1272 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
14:07:48.0922 1272 Fax - ok
14:07:48.0928 1272 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
14:07:48.0930 1272 fdc - ok
14:07:48.0954 1272 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
14:07:48.0957 1272 fdPHost - ok
14:07:48.0965 1272 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
14:07:48.0967 1272 FDResPub - ok
14:07:48.0997 1272 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
14:07:48.0999 1272 FileInfo - ok
14:07:49.0012 1272 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
14:07:49.0013 1272 Filetrace - ok
14:07:49.0018 1272 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
14:07:49.0019 1272 flpydisk - ok
14:07:49.0039 1272 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
14:07:49.0041 1272 FltMgr - ok
14:07:49.0103 1272 FontCache (97223981a9214f1b4997e9075abb6bf5) C:\Windows\system32\FntCache.dll
14:07:49.0122 1272 FontCache - ok
14:07:49.0163 1272 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
14:07:49.0164 1272 FontCache3.0.0.0 - ok
14:07:49.0187 1272 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
14:07:49.0188 1272 FsDepends - ok
14:07:49.0224 1272 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
14:07:49.0225 1272 fssfltr - ok
14:07:49.0429 1272 fsssvc (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
14:07:49.0618 1272 fsssvc - ok
14:07:49.0703 1272 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys
14:07:49.0705 1272 Fs_Rec - ok
14:07:49.0736 1272 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
14:07:49.0740 1272 fvevol - ok
14:07:49.0769 1272 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
14:07:49.0771 1272 gagp30kx - ok
14:07:49.0885 1272 GameConsoleService (ce16683cfd11fe70bde435dda5ea1fca) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
14:07:49.0937 1272 GameConsoleService - ok
14:07:50.0022 1272 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
14:07:50.0034 1272 gpsvc - ok
14:07:50.0120 1272 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
14:07:50.0122 1272 hcw85cir - ok
14:07:50.0164 1272 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
14:07:50.0170 1272 HdAudAddService - ok
14:07:50.0193 1272 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
14:07:50.0196 1272 HDAudBus - ok
14:07:50.0228 1272 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
14:07:50.0230 1272 HECIx64 - ok
14:07:50.0234 1272 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
14:07:50.0236 1272 HidBatt - ok
14:07:50.0246 1272 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
14:07:50.0248 1272 HidBth - ok
14:07:50.0258 1272 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
14:07:50.0260 1272 HidIr - ok
14:07:50.0269 1272 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
14:07:50.0271 1272 hidserv - ok
14:07:50.0279 1272 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
14:07:50.0280 1272 HidUsb - ok
14:07:50.0301 1272 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
14:07:50.0304 1272 hkmsvc - ok
14:07:50.0322 1272 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
14:07:50.0326 1272 HomeGroupListener - ok
14:07:50.0343 1272 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
14:07:50.0348 1272 HomeGroupProvider - ok
14:07:50.0445 1272 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
14:07:50.0447 1272 HP Support Assistant Service - ok
14:07:50.0477 1272 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
14:07:50.0497 1272 HPDrvMntSvc.exe - ok
14:07:50.0542 1272 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
14:07:50.0583 1272 hpqwmiex - ok
14:07:50.0670 1272 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
14:07:50.0672 1272 HpSAMD - ok
14:07:50.0787 1272 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
14:07:50.0799 1272 HTTP - ok
14:07:50.0815 1272 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
14:07:50.0816 1272 hwpolicy - ok
14:07:50.0886 1272 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
14:07:50.0888 1272 i8042prt - ok
14:07:51.0269 1272 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys
14:07:51.0274 1272 iaStor - ok
14:07:51.0496 1272 IAStorDataMgrSvc (31a0e93cdf29007d6c6fffb632f375ed) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
14:07:51.0498 1272 IAStorDataMgrSvc - ok
14:07:51.0566 1272 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
14:07:51.0571 1272 iaStorV - ok
14:07:51.0646 1272 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
14:07:51.0657 1272 idsvc - ok
14:07:51.0675 1272 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
14:07:51.0676 1272 iirsp - ok
14:07:51.0704 1272 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
14:07:51.0711 1272 IKEEXT - ok
14:07:51.0799 1272 IntcAzAudAddService (2b888bbdf6962e608a5e1a1d7a626adf) C:\Windows\system32\drivers\RTKVHD64.sys
14:07:51.0822 1272 IntcAzAudAddService - ok
14:07:52.0005 1272 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
14:07:52.0007 1272 intelide - ok
14:07:52.0031 1272 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
14:07:52.0033 1272 intelppm - ok
14:07:52.0050 1272 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
14:07:52.0053 1272 IPBusEnum - ok
14:07:52.0063 1272 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
14:07:52.0065 1272 IpFilterDriver - ok
14:07:52.0133 1272 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
14:07:52.0140 1272 iphlpsvc - ok
14:07:52.0148 1272 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
14:07:52.0151 1272 IPMIDRV - ok
14:07:52.0175 1272 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
14:07:52.0177 1272 IPNAT - ok
14:07:52.0190 1272 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
14:07:52.0192 1272 IRENUM - ok
14:07:52.0196 1272 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
14:07:52.0197 1272 isapnp - ok
14:07:52.0219 1272 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
14:07:52.0222 1272 iScsiPrt - ok
14:07:52.0228 1272 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
14:07:52.0229 1272 kbdclass - ok
14:07:52.0232 1272 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
14:07:52.0234 1272 kbdhid - ok
14:07:52.0260 1272 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
14:07:52.0262 1272 KeyIso - ok
14:07:52.0277 1272 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
14:07:52.0279 1272 KSecDD - ok
14:07:52.0297 1272 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
14:07:52.0299 1272 KSecPkg - ok
14:07:52.0304 1272 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
14:07:52.0305 1272 ksthunk - ok
14:07:52.0330 1272 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
14:07:52.0336 1272 KtmRm - ok
14:07:52.0416 1272 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\system32\srvsvc.dll
14:07:52.0421 1272 LanmanServer - ok
14:07:52.0442 1272 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
14:07:52.0445 1272 LanmanWorkstation - ok
14:07:52.0500 1272 LightScribeService (7550d101bf49fdb1f92666a233ee36c4) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
14:07:52.0530 1272 LightScribeService - ok
14:07:52.0553 1272 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
14:07:52.0555 1272 lltdio - ok
14:07:52.0590 1272 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
14:07:52.0596 1272 lltdsvc - ok
14:07:52.0612 1272 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
14:07:52.0614 1272 lmhosts - ok
14:07:52.0744 1272 LMS (e38775922d4a4c05b5d96733ab4ce169) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
14:07:52.0766 1272 LMS - ok
14:07:52.0788 1272 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
14:07:52.0790 1272 LSI_FC - ok
14:07:52.0798 1272 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
14:07:52.0800 1272 LSI_SAS - ok
14:07:52.0813 1272 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
14:07:52.0814 1272 LSI_SAS2 - ok
14:07:52.0824 1272 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
14:07:52.0826 1272 LSI_SCSI - ok
14:07:52.0845 1272 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
14:07:52.0846 1272 luafv - ok
14:07:52.0882 1272 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
14:07:52.0884 1272 MBAMProtector - ok
14:07:53.0061 1272 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
14:07:53.0067 1272 MBAMService - ok
14:07:53.0129 1272 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys
14:07:53.0151 1272 mcdbus - ok
14:07:53.0195 1272 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
14:07:53.0198 1272 Mcx2Svc - ok
14:07:53.0203 1272 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
14:07:53.0205 1272 megasas - ok
14:07:53.0232 1272 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
14:07:53.0237 1272 MegaSR - ok
14:07:53.0324 1272 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
14:07:53.0343 1272 Microsoft Office Groove Audit Service - ok
14:07:53.0368 1272 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:07:53.0371 1272 MMCSS - ok
14:07:53.0395 1272 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
14:07:53.0397 1272 Modem - ok
14:07:53.0428 1272 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
14:07:53.0429 1272 monitor - ok
14:07:53.0464 1272 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
14:07:53.0465 1272 mouclass - ok
14:07:53.0472 1272 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
14:07:53.0474 1272 mouhid - ok
14:07:53.0490 1272 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
14:07:53.0493 1272 mountmgr - ok
14:07:53.0537 1272 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
14:07:53.0539 1272 MozillaMaintenance - ok
14:07:53.0553 1272 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
14:07:53.0557 1272 mpio - ok
14:07:53.0578 1272 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
14:07:53.0581 1272 mpsdrv - ok
14:07:53.0625 1272 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
14:07:53.0636 1272 MpsSvc - ok
14:07:53.0655 1272 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
14:07:53.0663 1272 MRxDAV - ok
14:07:53.0697 1272 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
14:07:53.0700 1272 mrxsmb - ok
14:07:53.0727 1272 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
14:07:53.0731 1272 mrxsmb10 - ok
14:07:53.0746 1272 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
14:07:53.0749 1272 mrxsmb20 - ok
14:07:53.0769 1272 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
14:07:53.0771 1272 msahci - ok
14:07:53.0786 1272 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
14:07:53.0789 1272 msdsm - ok
14:07:53.0805 1272 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
14:07:53.0808 1272 MSDTC - ok
14:07:53.0822 1272 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
14:07:53.0824 1272 Msfs - ok
14:07:53.0837 1272 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
14:07:53.0839 1272 mshidkmdf - ok
14:07:53.0853 1272 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
14:07:53.0854 1272 msisadrv - ok
14:07:53.0882 1272 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
14:07:53.0885 1272 MSiSCSI - ok
14:07:53.0888 1272 msiserver - ok
14:07:53.0893 1272 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
14:07:53.0895 1272 MSKSSRV - ok
14:07:53.0898 1272 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
14:07:53.0899 1272 MSPCLOCK - ok
14:07:53.0902 1272 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
14:07:53.0903 1272 MSPQM - ok
14:07:53.0932 1272 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
14:07:53.0936 1272 MsRPC - ok
14:07:53.0952 1272 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
14:07:53.0953 1272 mssmbios - ok
14:07:53.0967 1272 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
14:07:53.0969 1272 MSTEE - ok
14:07:53.0975 1272 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
14:07:53.0977 1272 MTConfig - ok
14:07:53.0994 1272 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
14:07:53.0995 1272 Mup - ok
14:07:54.0028 1272 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
14:07:54.0035 1272 napagent - ok
14:07:54.0081 1272 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
14:07:54.0086 1272 NativeWifiP - ok
14:07:54.0189 1272 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
14:07:54.0202 1272 NDIS - ok
14:07:54.0220 1272 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
14:07:54.0222 1272 NdisCap - ok
14:07:54.0265 1272 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
14:07:54.0267 1272 NdisTapi - ok
14:07:54.0371 1272 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
14:07:54.0386 1272 Ndisuio - ok
14:07:54.0407 1272 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
14:07:54.0410 1272 NdisWan - ok
14:07:54.0418 1272 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
14:07:54.0420 1272 NDProxy - ok
14:07:54.0438 1272 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
14:07:54.0440 1272 NetBIOS - ok
14:07:54.0460 1272 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
14:07:54.0465 1272 NetBT - ok
14:07:54.0482 1272 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
14:07:54.0485 1272 Netlogon - ok
14:07:54.0512 1272 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
14:07:54.0519 1272 Netman - ok
14:07:54.0567 1272 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
14:07:54.0575 1272 netprofm - ok
14:07:54.0754 1272 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
14:07:54.0765 1272 NetTcpPortSharing - ok
14:07:54.0855 1272 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
14:07:54.0857 1272 nfrd960 - ok
14:07:54.0886 1272 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
14:07:54.0891 1272 NlaSvc - ok
14:07:55.0096 1272 NOBU (5839a8027d6d324a7cd494051a96628c) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
14:07:55.0120 1272 NOBU - ok
14:07:55.0193 1272 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
14:07:55.0196 1272 Npfs - ok
14:07:55.0211 1272 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
14:07:55.0214 1272 nsi - ok
14:07:55.0222 1272 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
14:07:55.0223 1272 nsiproxy - ok
14:07:55.0434 1272 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
14:07:55.0460 1272 Ntfs - ok
14:07:55.0584 1272 NuidFltr (d4012918d3a3847b44b888d56bc095d6) C:\Windows\system32\DRIVERS\NuidFltr.sys
14:07:55.0586 1272 NuidFltr - ok
14:07:55.0594 1272 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
14:07:55.0595 1272 Null - ok
14:07:55.0745 1272 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
14:07:55.0783 1272 nvraid - ok
14:07:56.0060 1272 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
14:07:56.0068 1272 nvstor - ok
14:07:56.0099 1272 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
14:07:56.0102 1272 nv_agp - ok
14:07:56.0237 1272 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
14:07:56.0244 1272 odserv - ok
14:07:56.0256 1272 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
14:07:56.0258 1272 ohci1394 - ok
14:07:56.0306 1272 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
14:07:56.0310 1272 ose - ok
14:07:56.0687 1272 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
14:07:56.0876 1272 osppsvc - ok
14:07:56.0977 1272 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:07:56.0984 1272 p2pimsvc - ok
14:07:57.0077 1272 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
14:07:57.0085 1272 p2psvc - ok
14:07:57.0121 1272 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
14:07:57.0123 1272 Parport - ok
14:07:57.0141 1272 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
14:07:57.0142 1272 partmgr - ok
14:07:57.0347 1272 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
14:07:57.0352 1272 PcaSvc - ok
14:07:57.0640 1272 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
14:07:57.0673 1272 pci - ok
14:07:57.0684 1272 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
14:07:57.0686 1272 pciide - ok
14:07:57.0704 1272 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
14:07:57.0708 1272 pcmcia - ok
14:07:57.0724 1272 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
14:07:57.0725 1272 pcw - ok
14:07:57.0827 1272 pdfcDispatcher - ok
14:07:58.0412 1272 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
14:07:58.0432 1272 PEAUTH - ok
14:07:58.0573 1272 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
14:07:58.0576 1272 PerfHost - ok
14:07:58.0678 1272 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
14:07:58.0706 1272 pla - ok
14:07:58.0788 1272 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
14:07:58.0796 1272 PlugPlay - ok
14:07:58.0813 1272 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
14:07:58.0817 1272 PNRPAutoReg - ok
14:07:58.0840 1272 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
14:07:58.0845 1272 PNRPsvc - ok
14:07:59.0142 1272 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
14:07:59.0160 1272 PolicyAgent - ok
14:07:59.0183 1272 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
14:07:59.0188 1272 Power - ok
14:07:59.0259 1272 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
14:07:59.0262 1272 PptpMiniport - ok
14:07:59.0276 1272 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
14:07:59.0279 1272 Processor - ok
14:07:59.0303 1272 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
14:07:59.0308 1272 ProfSvc - ok
14:07:59.0328 1272 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
14:07:59.0330 1272 ProtectedStorage - ok
14:07:59.0346 1272 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
14:07:59.0349 1272 Psched - ok
14:07:59.0544 1272 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
14:07:59.0600 1272 ql2300 - ok
14:07:59.0802 1272 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
14:07:59.0805 1272 ql40xx - ok
14:07:59.0829 1272 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
14:07:59.0835 1272 QWAVE - ok
14:07:59.0850 1272 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
14:07:59.0852 1272 QWAVEdrv - ok
14:07:59.0856 1272 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
14:07:59.0857 1272 RasAcd - ok
14:07:59.0887 1272 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
14:07:59.0889 1272 RasAgileVpn - ok
14:07:59.0904 1272 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
14:07:59.0906 1272 RasAuto - ok
14:07:59.0922 1272 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
14:07:59.0924 1272 Rasl2tp - ok
14:07:59.0941 1272 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
14:07:59.0946 1272 RasMan - ok
14:07:59.0955 1272 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
14:07:59.0958 1272 RasPppoe - ok
14:08:00.0112 1272 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
14:08:00.0115 1272 RasSstp - ok
14:08:00.0144 1272 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
14:08:00.0149 1272 rdbss - ok
14:08:00.0165 1272 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
14:08:00.0168 1272 rdpbus - ok
14:08:00.0214 1272 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
14:08:00.0216 1272 RDPCDD - ok
14:08:00.0223 1272 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
14:08:00.0225 1272 RDPENCDD - ok
14:08:00.0231 1272 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
14:08:00.0233 1272 RDPREFMP - ok
14:08:00.0357 1272 RDPWD (074ac702d8b8b660b0e1371555995386) C:\Windows\system32\drivers\RDPWD.sys
14:08:00.0369 1272 RDPWD - ok
14:08:00.0391 1272 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
14:08:00.0394 1272 rdyboost - ok
14:08:00.0434 1272 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
14:08:00.0438 1272 RemoteAccess - ok
14:08:00.0464 1272 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
14:08:00.0469 1272 RemoteRegistry - ok
14:08:00.0485 1272 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
14:08:00.0488 1272 RpcEptMapper - ok
14:08:00.0496 1272 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
14:08:00.0498 1272 RpcLocator - ok
14:08:00.0666 1272 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
14:08:00.0673 1272 RpcSs - ok
14:08:00.0726 1272 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
14:08:00.0729 1272 rspndr - ok
14:08:00.0926 1272 RTL8167 (7ea8d2eb9bbfd2ab8a3117a1e96d3b3a) C:\Windows\system32\DRIVERS\Rt64win7.sys
14:08:00.0937 1272 RTL8167 - ok
14:08:00.0959 1272 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
14:08:00.0961 1272 SamSs - ok
14:08:01.0021 1272 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
14:08:01.0024 1272 sbp2port - ok
14:08:01.0057 1272 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
14:08:01.0068 1272 SCardSvr - ok
14:08:01.0080 1272 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
14:08:01.0082 1272 scfilter - ok
14:08:01.0197 1272 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
14:08:01.0236 1272 Schedule - ok
14:08:01.0261 1272 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
14:08:01.0263 1272 SCPolicySvc - ok
14:08:01.0300 1272 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
14:08:01.0305 1272 SDRSVC - ok
14:08:01.0335 1272 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
14:08:01.0337 1272 secdrv - ok
14:08:01.0350 1272 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
14:08:01.0353 1272 seclogon - ok
14:08:01.0365 1272 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
14:08:01.0369 1272 SENS - ok
14:08:01.0379 1272 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
14:08:01.0382 1272 SensrSvc - ok
14:08:01.0459 1272 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
14:08:01.0461 1272 Serenum - ok
14:08:01.0470 1272 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
14:08:01.0473 1272 Serial - ok
14:08:01.0490 1272 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
14:08:01.0491 1272 sermouse - ok
14:08:01.0522 1272 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
14:08:01.0525 1272 SessionEnv - ok
14:08:01.0548 1272 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
14:08:01.0550 1272 sffdisk - ok
14:08:01.0612 1272 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
14:08:01.0613 1272 sffp_mmc - ok
14:08:01.0624 1272 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
14:08:01.0626 1272 sffp_sd - ok
14:08:01.0631 1272 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
14:08:01.0633 1272 sfloppy - ok
14:08:01.0676 1272 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
14:08:01.0684 1272 Sftfs - ok
14:08:01.0925 1272 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
14:08:01.0970 1272 sftlist - ok
14:08:02.0121 1272 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
14:08:02.0124 1272 Sftplay - ok
14:08:02.0136 1272 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
14:08:02.0137 1272 Sftredir - ok
14:08:02.0152 1272 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
14:08:02.0153 1272 Sftvol - ok
14:08:02.0172 1272 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
14:08:02.0216 1272 sftvsa - ok
14:08:02.0251 1272 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
14:08:02.0255 1272 SharedAccess - ok
14:08:02.0322 1272 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
14:08:02.0330 1272 ShellHWDetection - ok
14:08:02.0372 1272 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
14:08:02.0374 1272 SiSRaid2 - ok
14:08:02.0381 1272 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
14:08:02.0384 1272 SiSRaid4 - ok
14:08:02.0403 1272 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
14:08:02.0405 1272 Smb - ok
14:08:02.0429 1272 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
14:08:02.0432 1272 SNMPTRAP - ok
14:08:02.0443 1272 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
14:08:02.0445 1272 spldr - ok
14:08:02.0481 1272 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
14:08:02.0488 1272 Spooler - ok
14:08:02.0874 1272 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
14:08:02.0902 1272 sppsvc - ok
14:08:03.0364 1272 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
14:08:03.0368 1272 sppuinotify - ok
14:08:03.0412 1272 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
14:08:03.0422 1272 srv - ok
14:08:03.0459 1272 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
14:08:03.0467 1272 srv2 - ok
14:08:03.0498 1272 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
14:08:03.0501 1272 srvnet - ok
14:08:03.0567 1272 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
14:08:03.0572 1272 SSDPSRV - ok
14:08:03.0585 1272 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
14:08:03.0590 1272 SstpSvc - ok
14:08:03.0610 1272 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
14:08:03.0612 1272 stexstor - ok
14:08:03.0646 1272 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
14:08:03.0653 1272 stisvc - ok
14:08:03.0677 1272 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
14:08:03.0678 1272 swenum - ok
14:08:03.0895 1272 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
14:08:03.0904 1272 swprv - ok
14:08:04.0014 1272 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
14:08:04.0081 1272 SysMain - ok
14:08:04.0372 1272 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
14:08:04.0376 1272 TabletInputService - ok
14:08:04.0397 1272 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
14:08:04.0404 1272 TapiSrv - ok
14:08:04.0421 1272 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
14:08:04.0425 1272 TBS - ok
14:08:05.0083 1272 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
14:08:05.0114 1272 Tcpip - ok
14:08:05.0758 1272 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
14:08:05.0775 1272 TCPIP6 - ok
14:08:06.0188 1272 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
14:08:06.0190 1272 tcpipreg - ok
14:08:06.0204 1272 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
14:08:06.0206 1272 TDPIPE - ok
14:08:06.0236 1272 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
14:08:06.0238 1272 TDTCP - ok
14:08:06.0264 1272 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
14:08:06.0267 1272 tdx - ok
14:08:06.0281 1272 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
14:08:06.0283 1272 TermDD - ok
14:08:06.0617 1272 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
14:08:06.0638 1272 TermService - ok
14:08:06.0652 1272 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
14:08:06.0656 1272 Themes - ok
14:08:06.0680 1272 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
14:08:06.0682 1272 THREADORDER - ok
14:08:06.0755 1272 tmactmon (e386dd8ec68c67ca3e2a3abdc1df5c56) C:\Windows\system32\DRIVERS\tmactmon.sys
14:08:06.0757 1272 tmactmon - ok
14:08:06.0826 1272 tmcomm (ab011c569487fd65c8944ddf8cbb2572) C:\Windows\system32\DRIVERS\tmcomm.sys
14:08:06.0829 1272 tmcomm - ok
14:08:06.0845 1272 tmeevw (1161f882b3cfa8076870a09924e0adc2) C:\Windows\system32\DRIVERS\tmeevw.sys
14:08:06.0847 1272 tmeevw - ok
14:08:06.0866 1272 tmevtmgr (8870a3d7305455b47adccd226f8e51bc) C:\Windows\system32\DRIVERS\tmevtmgr.sys
14:08:06.0868 1272 tmevtmgr - ok
14:08:07.0107 1272 tmnciesc (f0ae672ee91e7f1ef24644621b57ca7f) C:\Windows\system32\DRIVERS\tmnciesc.sys
14:08:07.0110 1272 tmnciesc - ok
14:08:07.0174 1272 tmtdi (065cb7d9278d778fb9ef62cead01433f) C:\Windows\system32\DRIVERS\tmtdi.sys
14:08:07.0176 1272 tmtdi - ok
14:08:07.0203 1272 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
14:08:07.0207 1272 TrkWks - ok
14:08:07.0278 1272 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
14:08:07.0280 1272 TrustedInstaller - ok
14:08:07.0346 1272 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
14:08:07.0349 1272 tssecsrv - ok
14:08:07.0373 1272 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
14:08:07.0376 1272 tunnel - ok
14:08:07.0398 1272 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
14:08:07.0401 1272 uagp35 - ok
14:08:07.0433 1272 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
14:08:07.0438 1272 udfs - ok
14:08:07.0574 1272 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
14:08:07.0578 1272 UI0Detect - ok
14:08:07.0750 1272 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
14:08:07.0753 1272 uliagpkx - ok
14:08:07.0767 1272 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
14:08:07.0769 1272 umbus - ok
14:08:07.0791 1272 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
14:08:07.0792 1272 UmPass - ok
14:08:08.0362 1272 UNS (02c298382359653bec4c737c2ab7f9c5) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
14:08:08.0374 1272 UNS - ok
14:08:08.0719 1272 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
14:08:08.0728 1272 upnphost - ok
14:08:08.0753 1272 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
14:08:08.0756 1272 usbccgp - ok
14:08:08.0870 1272 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
14:08:08.0874 1272 usbcir - ok
14:08:08.0925 1272 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\drivers\usbehci.sys
14:08:08.0927 1272 usbehci - ok
14:08:08.0965 1272 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
14:08:08.0973 1272 usbhub - ok
14:08:08.0995 1272 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
14:08:08.0997 1272 usbohci - ok
14:08:09.0017 1272 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
14:08:09.0019 1272 usbprint - ok
14:08:09.0037 1272 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
14:08:09.0039 1272 usbscan - ok
14:08:09.0063 1272 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
14:08:09.0066 1272 USBSTOR - ok
14:08:09.0125 1272 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys
14:08:09.0127 1272 usbuhci - ok
14:08:09.0175 1272 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
14:08:09.0178 1272 UxSms - ok
14:08:09.0227 1272 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
14:08:09.0229 1272 VaultSvc - ok
14:08:09.0273 1272 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
14:08:09.0275 1272 vdrvroot - ok
14:08:09.0471 1272 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
14:08:09.0481 1272 vds - ok
14:08:09.0500 1272 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
14:08:09.0502 1272 vga - ok
14:08:09.0516 1272 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
14:08:09.0518 1272 VgaSave - ok
14:08:09.0535 1272 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
14:08:09.0538 1272 vhdmp - ok
14:08:09.0543 1272 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
14:08:09.0545 1272 viaide - ok
14:08:09.0639 1272 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
14:08:09.0650 1272 volmgr - ok
14:08:09.0677 1272 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
14:08:09.0682 1272 volmgrx - ok
14:08:09.0695 1272 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
14:08:09.0699 1272 volsnap - ok
14:08:09.0813 1272 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
14:08:09.0817 1272 vsmraid - ok
14:08:09.0940 1272 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
14:08:09.0991 1272 VSS - ok
14:08:10.0174 1272 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
14:08:10.0175 1272 vwifibus - ok
14:08:10.0217 1272 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
14:08:10.0221 1272 W32Time - ok
14:08:10.0227 1272 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
14:08:10.0228 1272 WacomPen - ok
14:08:10.0253 1272 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
14:08:10.0254 1272 WANARP - ok
14:08:10.0256 1272 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
14:08:10.0257 1272 Wanarpv6 - ok
14:08:10.0360 1272 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
14:08:10.0375 1272 WatAdminSvc - ok
14:08:10.0515 1272 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
14:08:10.0550 1272 wbengine - ok
14:08:10.0624 1272 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
14:08:10.0629 1272 WbioSrvc - ok
14:08:10.0660 1272 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
14:08:10.0665 1272 wcncsvc - ok
14:08:10.0675 1272 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
14:08:10.0678 1272 WcsPlugInService - ok
14:08:10.0753 1272 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
14:08:10.0755 1272 Wd - ok
14:08:10.0834 1272 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
14:08:10.0844 1272 Wdf01000 - ok
14:08:10.0863 1272 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:08:10.0867 1272 WdiServiceHost - ok
14:08:10.0870 1272 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
14:08:10.0873 1272 WdiSystemHost - ok
14:08:10.0912 1272 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
14:08:10.0919 1272 WebClient - ok
14:08:10.0941 1272 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
14:08:10.0947 1272 Wecsvc - ok
14:08:10.0962 1272 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
14:08:10.0966 1272 wercplsupport - ok
14:08:10.0993 1272 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
14:08:10.0997 1272 WerSvc - ok
14:08:11.0011 1272 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
14:08:11.0013 1272 WfpLwf - ok
14:08:11.0067 1272 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
14:08:11.0074 1272 WIMMount - ok
14:08:11.0123 1272 WinDefend - ok
14:08:11.0130 1272 WinHttpAutoProxySvc - ok
14:08:11.0275 1272 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
14:08:11.0280 1272 Winmgmt - ok
14:08:11.0352 1272 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
14:08:11.0408 1272 WinRM - ok
14:08:11.0614 1272 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
14:08:11.0636 1272 Wlansvc - ok
14:08:11.0682 1272 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
14:08:11.0683 1272 wlcrasvc - ok
14:08:11.0960 1272 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
14:08:11.0994 1272 wlidsvc - ok
14:08:12.0297 1272 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
14:08:12.0298 1272 WmiAcpi - ok
14:08:12.0398 1272 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
14:08:12.0403 1272 wmiApSrv - ok
14:08:12.0683 1272 WMPNetworkSvc - ok
14:08:12.0721 1272 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
14:08:12.0723 1272 WPCSvc - ok
14:08:12.0792 1272 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
14:08:12.0794 1272 WPDBusEnum - ok
14:08:12.0947 1272 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
14:08:12.0950 1272 ws2ifsl - ok
14:08:13.0121 1272 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\System32\wscsvc.dll
14:08:13.0124 1272 wscsvc - ok
14:08:13.0127 1272 WSearch - ok
14:08:13.0250 1272 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll
14:08:13.0304 1272 wuauserv - ok
14:08:13.0614 1272 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
14:08:13.0617 1272 WudfPf - ok
14:08:13.0692 1272 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
14:08:13.0695 1272 WUDFRd - ok
14:08:13.0711 1272 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
14:08:13.0713 1272 wudfsvc - ok
14:08:13.0735 1272 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
14:08:13.0740 1272 WwanSvc - ok
14:08:13.0758 1272 MBR (0x1B8) (6c6fdff834aa5d876c307bee53974486) \Device\Harddisk0\DR0
14:08:13.0802 1272 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
14:08:13.0802 1272 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
14:08:13.0840 1272 Boot (0x1200) (f475eab7444257a2dbb873425b635764) \Device\Harddisk0\DR0\Partition0
14:08:13.0842 1272 \Device\Harddisk0\DR0\Partition0 - ok
14:08:13.0849 1272 Boot (0x1200) (a939c9e728d89fc0be1b79d8e056cdb6) \Device\Harddisk0\DR0\Partition1
14:08:13.0855 1272 \Device\Harddisk0\DR0\Partition1 - ok
14:08:13.0883 1272 Boot (0x1200) (75d6b8cf0540cf8c88f190f4ab677dd2) \Device\Harddisk0\DR0\Partition2
14:08:13.0887 1272 \Device\Harddisk0\DR0\Partition2 - ok
14:08:13.0887 1272 ============================================================
14:08:13.0887 1272 Scan finished
14:08:13.0887 1272 ============================================================
14:08:13.0909 5424 Detected object count: 1
14:08:13.0909 5424 Actual detected object count: 1
14:08:25.0098 5424 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - skipped by user
14:08:25.0098 5424 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Skip

[JonTom]

Hello Anthony Szum

Thank you for the log.

Please run TDSSKiller again and allow it to cure the infected items that it detects.

Once TDSSKiller has finished, follow immediately with Combofix:

1. Combofix
   
   
   
   • Download ComboFix from one of the following locations:
     
     Link 1
     Link 2
   
   
   
   • VERY IMPORTANT !!! Save ComboFix.exe to your Desktop
   
   
   
   • IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here .
   • Right click on ComboFix.exe and select "Run as Administrator" to run the program. Follow the prompts.
   
   
   
   • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
   • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
   • Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
   
   
   
   
   
   • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
   
   
   
   
   
   • Click on Yes, to continue scanning for malware.
   • When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
   • Notes: Do not mouse-click Combofix's window while it is running. That may cause it to stall.
   • Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
   • Should there be issues with internet afterward:
     
     In IE: Tools Menu -> Internet Options -> Connections Tab -> Lan Settings -> uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.
     
     In Firefox: Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection and uncheck the proxyserver, set it to No Proxy.
   
   
   Please post the TDSSKiller log and the Combofix log in your next reply.

[AnthonySzum]

15:55:18.0539 3016 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
15:55:18.0780 3016 ============================================================
15:55:18.0780 3016 Current date / time: 2012/05/02 15:55:18.0780
15:55:18.0781 3016 SystemInfo:
15:55:18.0781 3016
15:55:18.0781 3016 OS Version: 6.1.7600 ServicePack: 0.0
15:55:18.0781 3016 Product type: Workstation
15:55:18.0781 3016 ComputerName: JUSTINE-HP
15:55:18.0781 3016 UserName: Justine
15:55:18.0781 3016 Windows directory: C:\Windows
15:55:18.0781 3016 System windows directory: C:\Windows
15:55:18.0781 3016 Running under WOW64
15:55:18.0781 3016 Processor architecture: Intel x64
15:55:18.0781 3016 Number of processors: 4
15:55:18.0781 3016 Page size: 0x1000
15:55:18.0781 3016 Boot type: Normal boot
15:55:18.0781 3016 ============================================================
15:55:20.0313 3016 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:55:20.0341 3016 ============================================================
15:55:20.0341 3016 \Device\Harddisk0\DR0:
15:55:20.0342 3016 MBR partitions:
15:55:20.0342 3016 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:55:20.0342 3016 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x55CDF000
15:55:20.0342 3016 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x55D11800, BlocksNum 0x1834000
15:55:20.0342 3016 ============================================================
15:55:20.0387 3016 C: <-> \Device\Harddisk0\DR0\Partition1
15:55:20.0433 3016 D: <-> \Device\Harddisk0\DR0\Partition2
15:55:20.0433 3016 ============================================================
15:55:20.0433 3016 Initialize success
15:55:20.0433 3016 ============================================================
15:56:02.0745 2068 ============================================================
15:56:02.0745 2068 Scan started
15:56:02.0745 2068 Mode: Manual;
15:56:02.0745 2068 ============================================================
15:56:07.0504 2068 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
15:56:07.0517 2068 1394ohci - ok
15:56:07.0561 2068 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
15:56:07.0583 2068 ACPI - ok
15:56:07.0600 2068 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
15:56:07.0603 2068 AcpiPmi - ok
15:56:07.0927 2068 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:56:07.0928 2068 AdobeARMservice - ok
15:56:08.0449 2068 AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:56:08.0453 2068 AdobeFlashPlayerUpdateSvc - ok
15:56:08.0863 2068 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
15:56:08.0883 2068 adp94xx - ok
15:56:09.0098 2068 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
15:56:09.0110 2068 adpahci - ok
15:56:09.0144 2068 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
15:56:09.0148 2068 adpu320 - ok
15:56:09.0191 2068 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
15:56:09.0194 2068 AeLookupSvc - ok
15:56:09.0488 2068 AFD (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
15:56:09.0498 2068 AFD - ok
15:56:09.0550 2068 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
15:56:09.0553 2068 agp440 - ok
15:56:09.0646 2068 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
15:56:09.0648 2068 ALG - ok
15:56:09.0706 2068 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
15:56:09.0756 2068 aliide - ok
15:56:10.0000 2068 AMD External Events Utility (998021e7c3de3e97e441abace498ffb6) C:\Windows\system32\atiesrxx.exe
15:56:10.0022 2068 AMD External Events Utility - ok
15:56:10.0054 2068 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
15:56:10.0056 2068 amdide - ok
15:56:10.0151 2068 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
15:56:10.0153 2068 AmdK8 - ok
15:56:13.0515 2068 amdkmdag (250d5b746fff9b7d88591ee60b63b3e4) C:\Windows\system32\DRIVERS\atikmdag.sys
15:56:14.0300 2068 amdkmdag - ok
15:56:14.0653 2068 amdkmdap (781daec0c3e63950cca53d193582f2e8) C:\Windows\system32\DRIVERS\atikmpag.sys
15:56:14.0715 2068 amdkmdap - ok
15:56:14.0784 2068 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
15:56:14.0788 2068 AmdPPM - ok
15:56:14.0889 2068 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
15:56:14.0891 2068 amdsata - ok
15:56:15.0269 2068 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
15:56:15.0294 2068 amdsbs - ok
15:56:15.0343 2068 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
15:56:15.0344 2068 amdxata - ok
15:56:15.0669 2068 Amsp (1b7d1f0a0dfadbc797c16364792a7aa5) C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
15:56:15.0672 2068 Amsp - ok
15:56:15.0730 2068 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
15:56:15.0733 2068 AppID - ok
15:56:15.0782 2068 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
15:56:15.0784 2068 AppIDSvc - ok
15:56:15.0903 2068 Appinfo (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
15:56:15.0907 2068 Appinfo - ok
15:56:15.0931 2068 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
15:56:15.0933 2068 arc - ok
15:56:15.0960 2068 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
15:56:15.0963 2068 arcsas - ok
15:56:16.0052 2068 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
15:56:16.0059 2068 AsyncMac - ok
15:56:16.0231 2068 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
15:56:16.0244 2068 atapi - ok
15:56:16.0470 2068 AtiHDAudioService (4bf5bca6e2608cd8a00bc4a6673a9f47) C:\Windows\system32\drivers\AtihdW76.sys
15:56:16.0472 2068 AtiHDAudioService - ok
15:56:16.0537 2068 AtiHdmiService (637e0753bd6deb8ea5314a5c357ec1a0) C:\Windows\system32\drivers\AtiHdmi.sys
15:56:16.0540 2068 AtiHdmiService - ok
15:56:16.0871 2068 AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
15:56:16.0948 2068 AudioEndpointBuilder - ok
15:56:16.0958 2068 AudioSrv (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
15:56:16.0972 2068 AudioSrv - ok
15:56:17.0429 2068 AxInstSV (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
15:56:17.0433 2068 AxInstSV - ok
15:56:17.0753 2068 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
15:56:17.0775 2068 b06bdrv - ok
15:56:18.0002 2068 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
15:56:18.0008 2068 b57nd60a - ok
15:56:18.0062 2068 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
15:56:18.0065 2068 BDESVC - ok
15:56:18.0086 2068 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
15:56:18.0094 2068 Beep - ok
15:56:18.0538 2068 BFE (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
15:56:18.0569 2068 BFE - ok
15:56:19.0025 2068 BITS (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll
15:56:19.0111 2068 BITS - ok
15:56:19.0283 2068 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
15:56:19.0288 2068 blbdrive - ok
15:56:19.0340 2068 bowser (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
15:56:19.0346 2068 bowser - ok
15:56:19.0381 2068 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:56:19.0382 2068 BrFiltLo - ok
15:56:19.0388 2068 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:56:19.0389 2068 BrFiltUp - ok
15:56:19.0503 2068 Browser (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
15:56:19.0507 2068 Browser - ok
15:56:19.0524 2068 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
15:56:19.0529 2068 Brserid - ok
15:56:19.0557 2068 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
15:56:19.0559 2068 BrSerWdm - ok
15:56:19.0562 2068 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
15:56:19.0611 2068 BrUsbMdm - ok
15:56:19.0615 2068 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
15:56:19.0616 2068 BrUsbSer - ok
15:56:19.0685 2068 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
15:56:19.0687 2068 BTHMODEM - ok
15:56:19.0754 2068 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
15:56:19.0756 2068 bthserv - ok
15:56:19.0855 2068 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
15:56:19.0864 2068 cdfs - ok
15:56:19.0981 2068 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
15:56:19.0984 2068 cdrom - ok
15:56:20.0013 2068 CertPropSvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
15:56:20.0017 2068 CertPropSvc - ok
15:56:20.0239 2068 CinemaNow Service (ea3333db9ab03106eec0d6d9d487ed01) C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
15:56:20.0242 2068 CinemaNow Service - ok
15:56:20.0250 2068 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
15:56:20.0252 2068 circlass - ok
15:56:20.0458 2068 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
15:56:20.0470 2068 CLFS - ok
15:56:20.0623 2068 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:56:20.0626 2068 clr_optimization_v2.0.50727_32 - ok
15:56:20.0709 2068 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:56:20.0711 2068 clr_optimization_v2.0.50727_64 - ok
15:56:21.0025 2068 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:56:21.0146 2068 clr_optimization_v4.0.30319_32 - ok
15:56:21.0444 2068 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:56:21.0446 2068 clr_optimization_v4.0.30319_64 - ok
15:56:21.0520 2068 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
15:56:21.0522 2068 CmBatt - ok
15:56:21.0576 2068 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
15:56:21.0578 2068 cmdide - ok
15:56:21.0856 2068 CNG (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
15:56:21.0881 2068 CNG - ok
15:56:21.0894 2068 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
15:56:21.0895 2068 Compbatt - ok
15:56:21.0956 2068 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
15:56:21.0957 2068 CompositeBus - ok
15:56:21.0983 2068 COMSysApp - ok
15:56:22.0011 2068 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
15:56:22.0013 2068 crcdisk - ok
15:56:22.0178 2068 CryptSvc (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
15:56:22.0246 2068 CryptSvc - ok
15:56:22.0655 2068 cvhsvc (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
15:56:22.0662 2068 cvhsvc - ok
15:56:22.0967 2068 DcomLaunch (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
15:56:23.0127 2068 DcomLaunch - ok
15:56:23.0355 2068 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
15:56:23.0367 2068 defragsvc - ok
15:56:23.0583 2068 DfsC (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
15:56:23.0585 2068 DfsC - ok
15:56:23.0755 2068 Dhcp (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
15:56:23.0761 2068 Dhcp - ok
15:56:23.0867 2068 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
15:56:23.0868 2068 discache - ok
15:56:23.0991 2068 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
15:56:23.0992 2068 Disk - ok
15:56:24.0072 2068 Dnscache (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
15:56:24.0077 2068 Dnscache - ok
15:56:24.0199 2068 dot3svc (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
15:56:24.0222 2068 dot3svc - ok
15:56:24.0550 2068 DPS (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
15:56:24.0572 2068 DPS - ok
15:56:24.0605 2068 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
15:56:24.0607 2068 drmkaud - ok
15:56:25.0046 2068 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
15:56:25.0133 2068 DXGKrnl - ok
15:56:25.0253 2068 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
15:56:25.0257 2068 EapHost - ok
15:56:26.0870 2068 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
15:56:27.0045 2068 ebdrv - ok
15:56:27.0579 2068 EFS (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
15:56:27.0639 2068 EFS - ok
15:56:27.0973 2068 ehRecvr (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
15:56:27.0991 2068 ehRecvr - ok
15:56:28.0104 2068 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
15:56:28.0105 2068 ehSched - ok
15:56:28.0395 2068 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
15:56:28.0404 2068 elxstor - ok
15:56:28.0521 2068 EpsonBidirectionalService (abdd5ad016affd34ad40e944ce94bf59) C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
15:56:28.0553 2068 EpsonBidirectionalService - ok
15:56:28.0754 2068 EPSON_EB_RPCV4_01 (b5581646636759d0dafa8b008881c079) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
15:56:28.0774 2068 EPSON_EB_RPCV4_01 - ok
15:56:28.0811 2068 EPSON_PM_RPCV4_01 (1e345f2a2d95da3190596e691cde9342) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
15:56:28.0827 2068 EPSON_PM_RPCV4_01 - ok
15:56:28.0851 2068 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
15:56:28.0852 2068 ErrDev - ok
15:56:28.0924 2068 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
15:56:28.0952 2068 EventSystem - ok
15:56:29.0484 2068 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
15:56:29.0516 2068 exfat - ok
15:56:29.0559 2068 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
15:56:29.0563 2068 fastfat - ok
15:56:29.0925 2068 Fax (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
15:56:29.0941 2068 Fax - ok
15:56:29.0988 2068 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
15:56:29.0989 2068 fdc - ok
15:56:30.0028 2068 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
15:56:30.0031 2068 fdPHost - ok
15:56:30.0124 2068 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
15:56:30.0128 2068 FDResPub - ok
15:56:30.0178 2068 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
15:56:30.0180 2068 FileInfo - ok
15:56:30.0193 2068 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
15:56:30.0195 2068 Filetrace - ok
15:56:30.0214 2068 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
15:56:30.0253 2068 flpydisk - ok
15:56:30.0288 2068 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
15:56:30.0291 2068 FltMgr - ok
15:56:30.0716 2068 FontCache (97223981a9214f1b4997e9075abb6bf5) C:\Windows\system32\FntCache.dll
15:56:30.0737 2068 FontCache - ok
15:56:30.0936 2068 FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:56:30.0939 2068 FontCache3.0.0.0 - ok
15:56:31.0257 2068 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
15:56:31.0300 2068 FsDepends - ok
15:56:31.0434 2068 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
15:56:31.0436 2068 fssfltr - ok
15:56:31.0980 2068 fsssvc (4ce9dac1518ff7e77bd213e6394b9d77) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
15:56:32.0103 2068 fsssvc - ok
15:56:32.0704 2068 Fs_Rec (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys
15:56:32.0705 2068 Fs_Rec - ok
15:56:32.0832 2068 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
15:56:32.0837 2068 fvevol - ok
15:56:32.0900 2068 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
15:56:32.0902 2068 gagp30kx - ok
15:56:33.0233 2068 GameConsoleService (ce16683cfd11fe70bde435dda5ea1fca) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
15:56:33.0280 2068 GameConsoleService - ok
15:56:33.0705 2068 gpsvc (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
15:56:33.0739 2068 gpsvc - ok
15:56:33.0808 2068 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
15:56:33.0810 2068 hcw85cir - ok
15:56:33.0963 2068 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
15:56:33.0970 2068 HdAudAddService - ok
15:56:34.0111 2068 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
15:56:34.0125 2068 HDAudBus - ok
15:56:34.0176 2068 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
15:56:34.0177 2068 HECIx64 - ok
15:56:34.0200 2068 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
15:56:34.0223 2068 HidBatt - ok
15:56:34.0276 2068 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
15:56:34.0278 2068 HidBth - ok
15:56:34.0308 2068 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
15:56:34.0310 2068 HidIr - ok
15:56:34.0373 2068 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
15:56:34.0388 2068 hidserv - ok
15:56:34.0466 2068 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
15:56:34.0468 2068 HidUsb - ok
15:56:34.0535 2068 hkmsvc (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
15:56:34.0538 2068 hkmsvc - ok
15:56:34.0653 2068 HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
15:56:34.0661 2068 HomeGroupListener - ok
15:56:34.0792 2068 HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
15:56:34.0810 2068 HomeGroupProvider - ok
15:56:35.0372 2068 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
15:56:35.0374 2068 HP Support Assistant Service - ok
15:56:35.0444 2068 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
15:56:35.0457 2068 HPDrvMntSvc.exe - ok
15:56:35.0681 2068 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
15:56:35.0761 2068 hpqwmiex - ok
15:56:35.0980 2068 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
15:56:35.0983 2068 HpSAMD - ok
15:56:36.0091 2068 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
15:56:36.0107 2068 HTTP - ok
15:56:36.0135 2068 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
15:56:36.0136 2068 hwpolicy - ok
15:56:36.0295 2068 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
15:56:36.0298 2068 i8042prt - ok
15:56:36.0493 2068 iaStor (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys
15:56:36.0497 2068 iaStor - ok
15:56:36.0667 2068 IAStorDataMgrSvc (31a0e93cdf29007d6c6fffb632f375ed) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
15:56:36.0668 2068 IAStorDataMgrSvc - ok
15:56:36.0770 2068 iaStorV (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
15:56:36.0792 2068 iaStorV - ok
15:56:37.0176 2068 idsvc (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:56:37.0200 2068 idsvc - ok
15:56:37.0310 2068 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
15:56:37.0313 2068 iirsp - ok
15:56:37.0490 2068 IKEEXT (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
15:56:37.0571 2068 IKEEXT - ok
15:56:38.0340 2068 IntcAzAudAddService (2b888bbdf6962e608a5e1a1d7a626adf) C:\Windows\system32\drivers\RTKVHD64.sys
15:56:38.0360 2068 IntcAzAudAddService - ok
15:56:38.0784 2068 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
15:56:38.0799 2068 intelide - ok
15:56:38.0888 2068 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
15:56:38.0890 2068 intelppm - ok
15:56:38.0906 2068 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
15:56:38.0915 2068 IPBusEnum - ok
15:56:38.0924 2068 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:56:38.0925 2068 IpFilterDriver - ok
15:56:39.0090 2068 iphlpsvc (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
15:56:39.0097 2068 iphlpsvc - ok
15:56:39.0222 2068 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
15:56:39.0225 2068 IPMIDRV - ok
15:56:39.0302 2068 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
15:56:39.0371 2068 IPNAT - ok
15:56:39.0419 2068 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
15:56:39.0422 2068 IRENUM - ok
15:56:39.0452 2068 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
15:56:39.0454 2068 isapnp - ok
15:56:39.0550 2068 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
15:56:39.0571 2068 iScsiPrt - ok
15:56:39.0671 2068 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
15:56:39.0672 2068 kbdclass - ok
15:56:39.0698 2068 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
15:56:39.0700 2068 kbdhid - ok
15:56:39.0733 2068 KeyIso (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
15:56:39.0735 2068 KeyIso - ok
15:56:39.0889 2068 KSecDD (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
15:56:39.0891 2068 KSecDD - ok
15:56:40.0068 2068 KSecPkg (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
15:56:40.0074 2068 KSecPkg - ok
15:56:40.0095 2068 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
15:56:40.0096 2068 ksthunk - ok
15:56:40.0457 2068 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
15:56:40.0489 2068 KtmRm - ok
15:56:40.0660 2068 LanmanServer (81f1d04d4d0e433099365127375fd501) C:\Windows\system32\srvsvc.dll
15:56:40.0667 2068 LanmanServer - ok
15:56:40.0707 2068 LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
15:56:40.0714 2068 LanmanWorkstation - ok
15:56:40.0887 2068 LightScribeService (7550d101bf49fdb1f92666a233ee36c4) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
15:56:40.0918 2068 LightScribeService - ok
15:56:41.0055 2068 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
15:56:41.0057 2068 lltdio - ok
15:56:41.0293 2068 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
15:56:41.0330 2068 lltdsvc - ok
15:56:41.0376 2068 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
15:56:41.0443 2068 lmhosts - ok
15:56:41.0676 2068 LMS (e38775922d4a4c05b5d96733ab4ce169) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
15:56:41.0689 2068 LMS - ok
15:56:41.0757 2068 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
15:56:41.0760 2068 LSI_FC - ok
15:56:41.0768 2068 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
15:56:41.0770 2068 LSI_SAS - ok
15:56:41.0837 2068 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:56:41.0851 2068 LSI_SAS2 - ok
15:56:41.0897 2068 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:56:41.0899 2068 LSI_SCSI - ok
15:56:42.0051 2068 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
15:56:42.0053 2068 luafv - ok
15:56:42.0128 2068 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
15:56:42.0129 2068 MBAMProtector - ok
15:56:42.0652 2068 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
15:56:42.0659 2068 MBAMService - ok
15:56:43.0096 2068 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys
15:56:43.0347 2068 mcdbus - ok
15:56:43.0416 2068 Mcx2Svc (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
15:56:43.0420 2068 Mcx2Svc - ok
15:56:43.0473 2068 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
15:56:43.0488 2068 megasas - ok
15:56:43.0661 2068 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
15:56:43.0669 2068 MegaSR - ok
15:56:43.0961 2068 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
15:56:43.0982 2068 Microsoft Office Groove Audit Service - ok
15:56:44.0046 2068 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:56:44.0061 2068 MMCSS - ok
15:56:44.0101 2068 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
15:56:44.0103 2068 Modem - ok
15:56:44.0206 2068 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
15:56:44.0208 2068 monitor - ok
15:56:44.0349 2068 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
15:56:44.0350 2068 mouclass - ok
15:56:44.0385 2068 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
15:56:44.0387 2068 mouhid - ok
15:56:44.0560 2068 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
15:56:44.0562 2068 mountmgr - ok
15:56:44.0680 2068 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:56:44.0702 2068 MozillaMaintenance - ok
15:56:44.0752 2068 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
15:56:44.0756 2068 mpio - ok
15:56:44.0788 2068 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
15:56:44.0790 2068 mpsdrv - ok
15:56:45.0622 2068 MpsSvc (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
15:56:45.0645 2068 MpsSvc - ok
15:56:45.0688 2068 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
15:56:45.0691 2068 MRxDAV - ok
15:56:45.0721 2068 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
15:56:45.0724 2068 mrxsmb - ok
15:56:45.0794 2068 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:56:45.0801 2068 mrxsmb10 - ok
15:56:45.0986 2068 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:56:45.0989 2068 mrxsmb20 - ok
15:56:46.0021 2068 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
15:56:46.0029 2068 msahci - ok
15:56:46.0103 2068 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
15:56:46.0118 2068 msdsm - ok
15:56:46.0228 2068 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
15:56:46.0314 2068 MSDTC - ok
15:56:46.0407 2068 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
15:56:46.0440 2068 Msfs - ok
15:56:46.0506 2068 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
15:56:46.0540 2068 mshidkmdf - ok
15:56:46.0601 2068 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
15:56:46.0602 2068 msisadrv - ok
15:56:46.0694 2068 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
15:56:46.0699 2068 MSiSCSI - ok
15:56:46.0702 2068 msiserver - ok
15:56:46.0715 2068 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
15:56:46.0716 2068 MSKSSRV - ok
15:56:46.0719 2068 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
15:56:46.0721 2068 MSPCLOCK - ok
15:56:46.0726 2068 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
15:56:46.0728 2068 MSPQM - ok
15:56:46.0988 2068 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
15:56:46.0995 2068 MsRPC - ok
15:56:47.0171 2068 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
15:56:47.0172 2068 mssmbios - ok
15:56:47.0206 2068 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
15:56:47.0211 2068 MSTEE - ok
15:56:47.0223 2068 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
15:56:47.0225 2068 MTConfig - ok
15:56:48.0091 2068 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
15:56:48.0092 2068 Mup - ok
15:56:48.0360 2068 napagent (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
15:56:48.0384 2068 napagent - ok
15:56:48.0531 2068 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
15:56:48.0537 2068 NativeWifiP - ok
15:56:49.0014 2068 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
15:56:49.0083 2068 NDIS - ok
15:56:49.0420 2068 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
15:56:49.0423 2068 NdisCap - ok
15:56:49.0612 2068 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
15:56:49.0614 2068 NdisTapi - ok
15:56:49.0664 2068 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
15:56:49.0666 2068 Ndisuio - ok
15:56:49.0943 2068 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
15:56:49.0958 2068 NdisWan - ok
15:56:50.0004 2068 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
15:56:50.0006 2068 NDProxy - ok
15:56:50.0045 2068 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
15:56:50.0046 2068 NetBIOS - ok
15:56:50.0314 2068 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
15:56:50.0317 2068 NetBT - ok
15:56:50.0452 2068 Netlogon (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
15:56:50.0456 2068 Netlogon - ok
15:56:50.0746 2068 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
15:56:50.0761 2068 Netman - ok
15:56:50.0971 2068 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
15:56:51.0013 2068 netprofm - ok
15:56:51.0577 2068 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:56:51.0580 2068 NetTcpPortSharing - ok
15:56:51.0675 2068 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
15:56:51.0685 2068 nfrd960 - ok
15:56:52.0138 2068 NlaSvc (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
15:56:52.0152 2068 NlaSvc - ok
15:56:53.0034 2068 NOBU (5839a8027d6d324a7cd494051a96628c) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
15:56:53.0059 2068 NOBU - ok
15:56:53.0381 2068 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
15:56:53.0384 2068 Npfs - ok
15:56:53.0485 2068 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
15:56:53.0513 2068 nsi - ok
15:56:53.0552 2068 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
15:56:53.0560 2068 nsiproxy - ok
15:56:53.0966 2068 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
15:56:54.0023 2068 Ntfs - ok
15:56:54.0516 2068 NuidFltr (d4012918d3a3847b44b888d56bc095d6) C:\Windows\system32\DRIVERS\NuidFltr.sys
15:56:54.0531 2068 NuidFltr - ok
15:56:54.0558 2068 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
15:56:54.0560 2068 Null - ok
15:56:54.0677 2068 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
15:56:54.0689 2068 nvraid - ok
15:56:54.0781 2068 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
15:56:54.0798 2068 nvstor - ok
15:56:54.0877 2068 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
15:56:54.0879 2068 nv_agp - ok
15:56:55.0434 2068 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:56:55.0476 2068 odserv - ok
15:56:55.0552 2068 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
15:56:55.0611 2068 ohci1394 - ok
15:56:55.0662 2068 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:56:55.0666 2068 ose - ok
15:56:58.0586 2068 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
15:56:58.0848 2068 osppsvc - ok
15:56:59.0568 2068 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:56:59.0636 2068 p2pimsvc - ok
15:57:00.0141 2068 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
15:57:00.0170 2068 p2psvc - ok
15:57:00.0440 2068 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
15:57:00.0442 2068 Parport - ok
15:57:00.0573 2068 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
15:57:00.0575 2068 partmgr - ok
15:57:00.0826 2068 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
15:57:00.0876 2068 PcaSvc - ok
15:57:01.0007 2068 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
15:57:01.0009 2068 pci - ok
15:57:01.0244 2068 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
15:57:01.0246 2068 pciide - ok
15:57:01.0577 2068 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
15:57:01.0591 2068 pcmcia - ok
15:57:01.0607 2068 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
15:57:01.0609 2068 pcw - ok
15:57:01.0844 2068 pdfcDispatcher - ok
15:57:02.0350 2068 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
15:57:02.0381 2068 PEAUTH - ok
15:57:02.0740 2068 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
15:57:02.0743 2068 PerfHost - ok
15:57:03.0545 2068 pla (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
15:57:03.0588 2068 pla - ok
15:57:03.0990 2068 PlugPlay (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
15:57:04.0018 2068 PlugPlay - ok
15:57:04.0038 2068 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
15:57:04.0051 2068 PNRPAutoReg - ok
15:57:04.0316 2068 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
15:57:04.0344 2068 PNRPsvc - ok
15:57:04.0690 2068 PolicyAgent (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
15:57:04.0731 2068 PolicyAgent - ok
15:57:05.0034 2068 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
15:57:05.0135 2068 Power - ok
15:57:05.0468 2068 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
15:57:05.0477 2068 PptpMiniport - ok
15:57:05.0511 2068 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
15:57:05.0514 2068 Processor - ok
15:57:05.0663 2068 ProfSvc (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
15:57:05.0670 2068 ProfSvc - ok
15:57:05.0719 2068 ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
15:57:05.0722 2068 ProtectedStorage - ok
15:57:05.0839 2068 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
15:57:05.0855 2068 Psched - ok
15:57:07.0040 2068 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
15:57:07.0082 2068 ql2300 - ok
15:57:08.0464 2068 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
15:57:08.0467 2068 ql40xx - ok
15:57:08.0583 2068 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
15:57:08.0597 2068 QWAVE - ok
15:57:08.0647 2068 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
15:57:08.0661 2068 QWAVEdrv - ok
15:57:08.0694 2068 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
15:57:08.0695 2068 RasAcd - ok
15:57:08.0796 2068 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
15:57:08.0798 2068 RasAgileVpn - ok
15:57:08.0823 2068 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
15:57:08.0835 2068 RasAuto - ok
15:57:08.0859 2068 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
15:57:08.0861 2068 Rasl2tp - ok
15:57:08.0936 2068 RasMan (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
15:57:08.0942 2068 RasMan - ok
15:57:09.0064 2068 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
15:57:09.0067 2068 RasPppoe - ok
15:57:09.0205 2068 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
15:57:09.0207 2068 RasSstp - ok
15:57:09.0295 2068 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
15:57:09.0304 2068 rdbss - ok
15:57:09.0325 2068 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
15:57:09.0326 2068 rdpbus - ok
15:57:09.0360 2068 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
15:57:09.0362 2068 RDPCDD - ok
15:57:09.0398 2068 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
15:57:09.0399 2068 RDPENCDD - ok
15:57:09.0403 2068 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
15:57:09.0404 2068 RDPREFMP - ok
15:57:09.0652 2068 RDPWD (074ac702d8b8b660b0e1371555995386) C:\Windows\system32\drivers\RDPWD.sys
15:57:09.0708 2068 RDPWD - ok
15:57:09.0929 2068 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
15:57:09.0970 2068 rdyboost - ok
15:57:10.0085 2068 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
15:57:10.0088 2068 RemoteAccess - ok
15:57:10.0249 2068 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
15:57:10.0269 2068 RemoteRegistry - ok
15:57:10.0413 2068 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
15:57:10.0418 2068 RpcEptMapper - ok
15:57:10.0433 2068 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
15:57:10.0436 2068 RpcLocator - ok
15:57:10.0766 2068 RpcSs (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
15:57:10.0871 2068 RpcSs - ok
15:57:11.0040 2068 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
15:57:11.0043 2068 rspndr - ok
15:57:11.0498 2068 RTL8167 (7ea8d2eb9bbfd2ab8a3117a1e96d3b3a) C:\Windows\system32\DRIVERS\Rt64win7.sys
15:57:11.0515 2068 RTL8167 - ok
15:57:11.0553 2068 SamSs (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
15:57:11.0564 2068 SamSs - ok
15:57:11.0696 2068 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
15:57:11.0733 2068 sbp2port - ok
15:57:11.0921 2068 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
15:57:11.0971 2068 SCardSvr - ok
15:57:11.0999 2068 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
15:57:12.0001 2068 scfilter - ok
15:57:13.0150 2068 Schedule (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
15:57:13.0254 2068 Schedule - ok
15:57:13.0367 2068 SCPolicySvc (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
15:57:13.0380 2068 SCPolicySvc - ok
15:57:13.0621 2068 SDRSVC (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
15:57:13.0671 2068 SDRSVC - ok
15:57:13.0902 2068 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
15:57:13.0904 2068 secdrv - ok
15:57:13.0951 2068 seclogon (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
15:57:13.0974 2068 seclogon - ok
15:57:14.0054 2068 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
15:57:14.0064 2068 SENS - ok
15:57:14.0085 2068 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
15:57:14.0088 2068 SensrSvc - ok
15:57:14.0126 2068 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
15:57:14.0127 2068 Serenum - ok
15:57:14.0243 2068 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
15:57:14.0259 2068 Serial - ok
15:57:14.0318 2068 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
15:57:14.0319 2068 sermouse - ok
15:57:14.0494 2068 SessionEnv (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
15:57:14.0527 2068 SessionEnv - ok
15:57:14.0564 2068 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
15:57:14.0569 2068 sffdisk - ok
15:57:14.0614 2068 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
15:57:14.0616 2068 sffp_mmc - ok
15:57:14.0635 2068 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
15:57:14.0636 2068 sffp_sd - ok
15:57:14.0730 2068 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
15:57:14.0732 2068 sfloppy - ok
15:57:15.0204 2068 Sftfs (c6cc9297bd53e5229653303e556aa539) C:\Windows\system32\DRIVERS\Sftfslh.sys
15:57:15.0212 2068 Sftfs - ok
15:57:16.0021 2068 sftlist (13693b6354dd6e72dc5131da7d764b90) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
15:57:16.0062 2068 sftlist - ok
15:57:16.0275 2068 Sftplay (390aa7bc52cee43f6790cdea1e776703) C:\Windows\system32\DRIVERS\Sftplaylh.sys
15:57:16.0277 2068 Sftplay - ok
15:57:16.0314 2068 Sftredir (617e29a0b0a2807466560d4c4e338d3e) C:\Windows\system32\DRIVERS\Sftredirlh.sys
15:57:16.0315 2068 Sftredir - ok
15:57:16.0408 2068 Sftvol (8f571f016fa1976f445147e9e6c8ae9b) C:\Windows\system32\DRIVERS\Sftvollh.sys
15:57:16.0409 2068 Sftvol - ok
15:57:16.0570 2068 sftvsa (c3cddd18f43d44ab713cf8c4916f7696) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
15:57:16.0617 2068 sftvsa - ok
15:57:17.0087 2068 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
15:57:17.0135 2068 SharedAccess - ok
15:57:17.0525 2068 ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
15:57:17.0646 2068 ShellHWDetection - ok
15:57:17.0728 2068 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:57:17.0731 2068 SiSRaid2 - ok
15:57:17.0821 2068 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
15:57:17.0827 2068 SiSRaid4 - ok
15:57:18.0020 2068 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
15:57:18.0128 2068 Smb - ok
15:57:18.0248 2068 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
15:57:18.0260 2068 SNMPTRAP - ok
15:57:18.0323 2068 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
15:57:18.0324 2068 spldr - ok
15:57:18.0580 2068 Spooler (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
15:57:18.0606 2068 Spooler - ok
15:57:20.0562 2068 sppsvc (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
15:57:20.0590 2068 sppsvc - ok
15:57:21.0146 2068 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
15:57:21.0672 2068 sppuinotify - ok
15:57:21.0998 2068 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
15:57:22.0004 2068 srv - ok
15:57:22.0046 2068 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
15:57:22.0049 2068 srv2 - ok
15:57:22.0221 2068 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
15:57:22.0243 2068 srvnet - ok
15:57:22.0300 2068 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
15:57:22.0306 2068 SSDPSRV - ok
15:57:22.0356 2068 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
15:57:22.0361 2068 SstpSvc - ok
15:57:22.0411 2068 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
15:57:22.0413 2068 stexstor - ok
15:57:22.0702 2068 stisvc (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
15:57:22.0732 2068 stisvc - ok
15:57:22.0756 2068 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
15:57:22.0757 2068 swenum - ok
15:57:23.0260 2068 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
15:57:23.0364 2068 swprv - ok
15:57:24.0364 2068 SysMain (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
15:57:24.0399 2068 SysMain - ok
15:57:24.0946 2068 TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
15:57:24.0951 2068 TabletInputService - ok
15:57:25.0409 2068 TapiSrv (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
15:57:25.0533 2068 TapiSrv - ok
15:57:25.0652 2068 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
15:57:25.0656 2068 TBS - ok
15:57:26.0134 2068 Tcpip (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
15:57:26.0191 2068 Tcpip - ok
15:57:26.0757 2068 TCPIP6 (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
15:57:26.0770 2068 TCPIP6 - ok
15:57:27.0811 2068 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
15:57:27.0813 2068 tcpipreg - ok
15:57:27.0835 2068 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
15:57:27.0836 2068 TDPIPE - ok
15:57:27.0861 2068 TDTCP (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
15:57:27.0863 2068 TDTCP - ok
15:57:27.0996 2068 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
15:57:28.0035 2068 tdx - ok
15:57:28.0122 2068 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
15:57:28.0123 2068 TermDD - ok
15:57:28.0727 2068 TermService (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
15:57:28.0756 2068 TermService - ok
15:57:28.0769 2068 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
15:57:28.0783 2068 Themes - ok
15:57:28.0938 2068 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
15:57:28.0964 2068 THREADORDER - ok
15:57:29.0545 2068 tmactmon (e386dd8ec68c67ca3e2a3abdc1df5c56) C:\Windows\system32\DRIVERS\tmactmon.sys
15:57:29.0547 2068 tmactmon - ok
15:57:29.0923 2068 tmcomm (ab011c569487fd65c8944ddf8cbb2572) C:\Windows\system32\DRIVERS\tmcomm.sys
15:57:29.0925 2068 tmcomm - ok
15:57:29.0965 2068 tmeevw (1161f882b3cfa8076870a09924e0adc2) C:\Windows\system32\DRIVERS\tmeevw.sys
15:57:29.0967 2068 tmeevw - ok
15:57:30.0045 2068 tmevtmgr (8870a3d7305455b47adccd226f8e51bc) C:\Windows\system32\DRIVERS\tmevtmgr.sys
15:57:30.0046 2068 tmevtmgr - ok
15:57:30.0354 2068 tmnciesc (f0ae672ee91e7f1ef24644621b57ca7f) C:\Windows\system32\DRIVERS\tmnciesc.sys
15:57:30.0357 2068 tmnciesc - ok
15:57:30.0479 2068 tmtdi (065cb7d9278d778fb9ef62cead01433f) C:\Windows\system32\DRIVERS\tmtdi.sys
15:57:30.0480 2068 tmtdi - ok
15:57:30.0648 2068 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
15:57:30.0655 2068 TrkWks - ok
15:57:30.0810 2068 TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
15:57:30.0813 2068 TrustedInstaller - ok
15:57:30.0864 2068 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
15:57:30.0918 2068 tssecsrv - ok
15:57:31.0118 2068 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
15:57:31.0177 2068 tunnel - ok
15:57:31.0304 2068 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
15:57:31.0307 2068 uagp35 - ok
15:57:31.0599 2068 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
15:57:31.0621 2068 udfs - ok
15:57:31.0672 2068 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
15:57:31.0703 2068 UI0Detect - ok
15:57:31.0792 2068 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
15:57:31.0794 2068 uliagpkx - ok
15:57:31.0849 2068 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
15:57:31.0851 2068 umbus - ok
15:57:31.0886 2068 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
15:57:31.0888 2068 UmPass - ok
15:57:34.0357 2068 UNS (02c298382359653bec4c737c2ab7f9c5) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
15:57:34.0376 2068 UNS - ok
15:57:35.0918 2068 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
15:57:35.0952 2068 upnphost - ok
15:57:36.0192 2068 usbccgp (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
15:57:36.0217 2068 usbccgp - ok
15:57:36.0347 2068 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
15:57:36.0354 2068 usbcir - ok
15:57:36.0483 2068 usbehci (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\drivers\usbehci.sys
15:57:36.0486 2068 usbehci - ok
15:57:36.0548 2068 usbhub (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
15:57:36.0554 2068 usbhub - ok
15:57:36.0591 2068 usbohci (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
15:57:36.0593 2068 usbohci - ok
15:57:36.0643 2068 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
15:57:36.0644 2068 usbprint - ok
15:57:36.0770 2068 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
15:57:36.0775 2068 usbscan - ok
15:57:36.0830 2068 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:57:36.0832 2068 USBSTOR - ok
15:57:36.0950 2068 usbuhci (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys
15:57:36.0952 2068 usbuhci - ok
15:57:37.0084 2068 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
15:57:37.0110 2068 UxSms - ok
15:57:37.0162 2068 VaultSvc (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
15:57:37.0184 2068 VaultSvc - ok
15:57:37.0284 2068 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
15:57:37.0286 2068 vdrvroot - ok
15:57:38.0043 2068 vds (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
15:57:38.0099 2068 vds - ok
15:57:38.0168 2068 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
15:57:38.0170 2068 vga - ok
15:57:38.0216 2068 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
15:57:38.0224 2068 VgaSave - ok
15:57:38.0335 2068 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
15:57:38.0338 2068 vhdmp - ok
15:57:38.0374 2068 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
15:57:38.0376 2068 viaide - ok
15:57:38.0438 2068 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
15:57:38.0493 2068 volmgr - ok
15:57:38.0629 2068 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
15:57:38.0644 2068 volmgrx - ok
15:57:38.0831 2068 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
15:57:38.0852 2068 volsnap - ok
15:57:39.0337 2068 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
15:57:39.0340 2068 vsmraid - ok
15:57:39.0945 2068 VSS (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
15:57:40.0019 2068 VSS - ok
15:57:40.0613 2068 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
15:57:40.0620 2068 vwifibus - ok
15:57:41.0173 2068 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
15:57:41.0327 2068 W32Time - ok
15:57:41.0431 2068 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
15:57:41.0432 2068 WacomPen - ok
15:57:41.0614 2068 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
15:57:41.0620 2068 WANARP - ok
15:57:41.0624 2068 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
15:57:41.0626 2068 Wanarpv6 - ok
15:57:44.0445 2068 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
15:57:44.0502 2068 WatAdminSvc - ok
15:57:45.0178 2068 wbengine (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
15:57:45.0242 2068 wbengine - ok
15:57:46.0311 2068 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
15:57:46.0350 2068 WbioSrvc - ok
15:57:46.0738 2068 wcncsvc (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
15:57:46.0771 2068 wcncsvc - ok
15:57:46.0819 2068 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
15:57:46.0847 2068 WcsPlugInService - ok
15:57:47.0181 2068 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
15:57:47.0289 2068 Wd - ok
15:57:47.0776 2068 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
15:57:47.0900 2068 Wdf01000 - ok
15:57:48.0069 2068 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:57:48.0185 2068 WdiServiceHost - ok
15:57:48.0188 2068 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
15:57:48.0194 2068 WdiSystemHost - ok
15:57:48.0669 2068 WebClient (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
15:57:48.0743 2068 WebClient - ok
15:57:49.0171 2068 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
15:57:49.0200 2068 Wecsvc - ok
15:57:49.0552 2068 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
15:57:49.0585 2068 wercplsupport - ok
15:57:49.0930 2068 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
15:57:50.0005 2068 WerSvc - ok
15:57:50.0396 2068 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
15:57:50.0397 2068 WfpLwf - ok
15:57:50.0498 2068 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
15:57:50.0505 2068 WIMMount - ok
15:57:50.0546 2068 WinDefend - ok
15:57:50.0549 2068 WinHttpAutoProxySvc - ok
15:57:50.0945 2068 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
15:57:50.0960 2068 Winmgmt - ok
15:57:52.0483 2068 WinRM (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
15:57:52.0518 2068 WinRM - ok
15:57:54.0169 2068 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
15:57:54.0228 2068 Wlansvc - ok
15:57:54.0411 2068 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
15:57:54.0415 2068 wlcrasvc - ok
15:57:55.0882 2068 wlidsvc (7e47c328fc4768cb8beafbcfafa70362) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:57:55.0907 2068 wlidsvc - ok
15:57:56.0304 2068 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
15:57:56.0305 2068 WmiAcpi - ok
15:57:56.0491 2068 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
15:57:56.0505 2068 wmiApSrv - ok
15:57:56.0576 2068 WMPNetworkSvc - ok
15:57:56.0680 2068 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
15:57:56.0696 2068 WPCSvc - ok
15:57:56.0714 2068 WPDBusEnum (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
15:57:56.0718 2068 WPDBusEnum - ok
15:57:56.0763 2068 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
15:57:56.0813 2068 ws2ifsl - ok
15:57:56.0892 2068 wscsvc (8f9f3969933c02da96eb0f84576db43e) C:\Windows\System32\wscsvc.dll
15:57:56.0898 2068 wscsvc - ok
15:57:56.0901 2068 WSearch - ok
15:57:58.0164 2068 wuauserv (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll
15:57:58.0228 2068 wuauserv - ok
15:58:00.0066 2068 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
15:58:00.0069 2068 WudfPf - ok
15:58:00.0120 2068 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
15:58:00.0124 2068 WUDFRd - ok
15:58:00.0239 2068 wudfsvc (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
15:58:00.0244 2068 wudfsvc - ok
15:58:00.0572 2068 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
15:58:00.0590 2068 WwanSvc - ok
15:58:00.0609 2068 MBR (0x1B8) (6c6fdff834aa5d876c307bee53974486) \Device\Harddisk0\DR0
15:58:00.0636 2068 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
15:58:00.0636 2068 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
15:58:00.0675 2068 Boot (0x1200) (f475eab7444257a2dbb873425b635764) \Device\Harddisk0\DR0\Partition0
15:58:00.0677 2068 \Device\Harddisk0\DR0\Partition0 - ok
15:58:00.0750 2068 Boot (0x1200) (a939c9e728d89fc0be1b79d8e056cdb6) \Device\Harddisk0\DR0\Partition1
15:58:00.0754 2068 \Device\Harddisk0\DR0\Partition1 - ok
15:58:00.0785 2068 Boot (0x1200) (75d6b8cf0540cf8c88f190f4ab677dd2) \Device\Harddisk0\DR0\Partition2
15:58:00.0792 2068 \Device\Harddisk0\DR0\Partition2 - ok
15:58:00.0792 2068 ============================================================
15:58:00.0792 2068 Scan finished
15:58:00.0792 2068 ============================================================
15:58:00.0802 5324 Detected object count: 1
15:58:00.0802 5324 Actual detected object count: 1
15:58:15.0860 5324 \Device\Harddisk0\DR0\# - copied to quarantine
15:58:15.0867 5324 \Device\Harddisk0\DR0 - copied to quarantine
15:58:18.0823 5324 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
15:58:29.0403 5324 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
15:58:30.0663 5324 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
15:58:33.0878 5324 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
15:58:34.0019 5324 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
15:58:34.0056 5324 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
15:58:34.0064 5324 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
15:58:34.0488 5324 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
15:58:42.0102 5324 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
15:58:46.0905 5324 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
15:58:48.0322 5324 \Device\Harddisk0\DR0\TDLFS\xh.dll - copied to quarantine
15:58:52.0883 5324 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
15:58:52.0884 5324 \Device\Harddisk0\DR0 - ok
15:58:54.0983 5324 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
15:59:48.0011 2392 Deinitialize success









ComboFix 12-05-02.03 - Justine 05/02/2012 16:24:45.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8151.5552 [GMT -4:00]
Running from: c:\users\Justine\Desktop\ComboFix.exe
AV: Trend Micro Titanium Internet Security 2012 *Disabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}
SP: Trend Micro Titanium Internet Security 2012 *Disabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Justine\AppData\Roaming\Mozilla\Firefox\Profiles\o9uwaajs.default\searchplugins\bing-zugo.xml
c:\users\Justine\Documents\~WRL0003.tmp
c:\users\Justine\Documents\~WRL0097.tmp
c:\users\Justine\Documents\~WRL0227.tmp
c:\windows\Downloaded Program Files\Install.inf
c:\windows\svchost.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-04-02 to 2012-05-02 )))))))))))))))))))))))))))))))
.
.
2012-05-02 20:28 . 2012-05-02 20:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-02 19:58 . 2012-05-02 19:58 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-02 18:04 . 2012-05-02 18:04 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-05-02 18:04 . 2012-05-02 18:04 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-02 18:04 . 2012-05-02 18:04 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-04-30 18:14 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-30 18:14 . 2012-04-30 18:14 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-29 17:22 . 2012-04-29 17:22 -------- d-----w- C:\temp
2012-04-28 19:03 . 2012-04-28 19:03 -------- d-----w- c:\users\Justine\AppData\Local\Trend Micro
2012-04-28 19:03 . 2012-04-28 19:00 67344 ----a-w- c:\windows\system32\drivers\tmeevw.sys
2012-04-28 19:03 . 2012-04-28 19:00 210704 ----a-w- c:\windows\system32\drivers\tmnciesc.sys
2012-04-28 19:02 . 2012-04-28 19:00 105744 ----a-w- c:\windows\system32\drivers\tmtdi.sys
2012-04-28 19:02 . 2012-04-28 19:00 91920 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2012-04-28 19:02 . 2012-04-28 19:00 70928 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2012-04-28 19:02 . 2012-04-28 19:00 167696 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-04-28 19:02 . 2012-04-28 19:02 56 ----a-w- c:\windows\system32\SupportTool.exe.bat
2012-04-28 19:02 . 2012-04-28 19:02 -------- d-----w- c:\program files\Trend Micro
2012-04-28 19:01 . 2012-04-28 19:03 -------- d-----w- c:\programdata\Trend Micro
2012-04-28 18:50 . 2012-04-29 17:10 -------- d-----w- c:\program files (x86)\Trend Micro
2012-04-28 18:43 . 2012-04-28 18:43 -------- d-----w- c:\users\Justine\AppData\Local\CRE
2012-04-28 18:43 . 2012-04-28 18:43 -------- d-----w- c:\program files (x86)\Conduit
2012-04-28 18:43 . 2012-04-28 18:45 -------- d-----w- c:\users\Justine\AppData\Local\Conduit
2012-04-28 18:43 . 2012-04-28 18:43 -------- d-----w- c:\program files (x86)\BitTorrent
2012-04-28 18:42 . 2012-05-02 20:45 -------- d-----w- c:\users\Justine\AppData\Roaming\BitTorrent
2012-04-28 18:15 . 2012-04-28 18:15 -------- d-----w- c:\windows\system32\Macromed
2012-04-28 18:15 . 2012-04-28 18:15 8766112 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-28 16:28 . 2012-04-28 16:28 -------- d-----w- c:\program files (x86)\ESET
2012-04-28 16:25 . 2012-04-28 18:15 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-28 16:12 . 2012-04-28 16:12 -------- d-----w- c:\users\Justine\AppData\Roaming\Malwarebytes
2012-04-28 16:12 . 2012-04-28 16:12 -------- d-----w- c:\programdata\Malwarebytes
2012-04-28 16:08 . 2012-04-28 16:08 -------- d-----w- c:\program files\CCleaner
2012-04-28 16:02 . 2012-04-28 16:02 -------- d-----w- C:\AI_RecycleBin
2012-04-27 09:57 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DA4F9BA7-E82E-4EDF-B39D-910B08177823}\mpengine.dll
2012-04-25 03:21 . 2012-04-28 16:02 -------- d-sh--w- c:\windows\SysWow64\AI_RecycleBin
2012-04-25 03:18 . 2012-04-25 03:18 237 ----a-w- C:\user.js
2012-04-25 03:17 . 2012-04-25 03:17 -------- d-----w- c:\users\Justine\AppData\Local\Babylon
2012-04-25 03:17 . 2012-04-25 03:17 -------- d-----w- c:\users\Justine\AppData\Roaming\Babylon
2012-04-25 03:17 . 2012-04-25 03:17 -------- d-----w- c:\programdata\Babylon
2012-04-25 03:17 . 2012-04-28 15:58 -------- d-----w- c:\program files (x86)\Wajam
2012-04-25 03:17 . 2012-04-28 15:59 -------- d-----w- c:\programdata\Tarma Installer
2012-04-15 07:00 . 2012-03-01 06:54 22896 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-15 07:00 . 2012-03-01 06:45 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-15 07:00 . 2012-03-01 06:40 80896 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-15 07:00 . 2012-03-01 06:35 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-15 07:00 . 2012-03-01 05:49 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-15 07:00 . 2012-03-01 05:45 158720 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-15 07:00 . 2012-03-01 05:40 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-04 05:53 . 2012-04-04 05:53 182160 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-28 18:15 . 2011-09-05 03:49 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-01 08:08 . 2012-03-01 08:08 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-03-01 08:08 . 2012-03-01 08:08 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-03-01 08:08 . 2012-03-01 08:08 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-03-01 08:08 . 2012-03-01 08:08 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-03-01 08:08 . 2012-03-01 08:08 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-03-01 08:08 . 2012-03-01 08:08 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-03-01 08:08 . 2012-03-01 08:08 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-03-01 08:08 . 2012-03-01 08:08 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-03-01 08:08 . 2012-03-01 08:08 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-03-01 08:08 . 2012-03-01 08:08 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-03-01 08:08 . 2012-03-01 08:08 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-03-01 08:08 . 2012-03-01 08:08 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-03-01 08:08 . 2012-03-01 08:08 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-03-01 08:08 . 2012-03-01 08:08 448512 ----a-w- c:\windows\system32\html.iec
2012-03-01 08:08 . 2012-03-01 08:08 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-03-01 08:08 . 2012-03-01 08:08 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-03-01 08:08 . 2012-03-01 08:08 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-03-01 08:08 . 2012-03-01 08:08 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 08:08 . 2012-03-01 08:08 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-03-01 08:08 . 2012-03-01 08:08 222208 ----a-w- c:\windows\system32\msls31.dll
2012-03-01 08:08 . 2012-03-01 08:08 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-03-01 08:08 . 2012-03-01 08:08 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-03-01 08:08 . 2012-03-01 08:08 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-03-01 08:08 . 2012-03-01 08:08 160256 ----a-w- c:\windows\system32\wextract.exe
2012-03-01 08:08 . 2012-03-01 08:08 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-03-01 08:08 . 2012-03-01 08:08 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-03-01 08:08 . 2012-03-01 08:08 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-03-01 08:08 . 2012-03-01 08:08 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-03-01 08:08 . 2012-03-01 08:08 12288 ----a-w- c:\windows\system32\mshta.exe
2012-03-01 08:08 . 2012-03-01 08:08 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-03-01 08:08 . 2012-03-01 08:08 114176 ----a-w- c:\windows\system32\admparse.dll
2012-03-01 08:08 . 2012-03-01 08:08 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-03-01 08:08 . 2012-03-01 08:08 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-03-01 08:08 . 2012-03-01 08:08 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-02-23 14:18 . 2012-01-21 17:03 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-15 06:27 . 2012-03-14 10:14 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-15 05:44 . 2012-03-14 10:14 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-15 04:47 . 2012-03-14 10:14 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-15 04:46 . 2012-03-14 10:14 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 06:24 . 2012-03-14 10:16 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 06:23 . 2012-03-14 10:16 1837568 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-10 06:23 . 2012-03-14 10:16 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-02-10 06:23 . 2012-03-14 10:16 320512 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-02-10 06:23 . 2012-03-14 10:16 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-10 05:35 . 2012-03-14 10:16 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-10 05:35 . 2012-03-14 10:16 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-02-10 05:35 . 2012-03-14 10:16 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2012-02-10 05:35 . 2012-03-14 10:16 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2012-02-10 05:35 . 2012-03-14 10:16 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2012-02-07 15:02 . 2012-02-07 15:02 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-02-03 04:16 . 2012-03-14 10:16 3143168 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisorDock"="c:\program files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe" [2010-09-28 1715768]
"Ncr3"="c:\program files (x86)\Panasonic\Ncr3\ncrcore3.exe" [2008-11-29 1634304]
"Aim"="c:\program files (x86)\AIM\aim.exe" [2011-05-03 4321112]
"BitTorrent"="c:\program files (x86)\BitTorrent\BitTorrent.exe" [2012-04-28 6379888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2009-10-14 563736]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-18 98304]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-12 288088]
"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2010-6-17 1040952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-28 253088]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-02 129976]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-06-13 400368]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2009-10-14 635416]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 tmeevw;tmeevw;c:\windows\system32\DRIVERS\tmeevw.sys [x]
S3 tmnciesc;tmnciesc;c:\windows\system32\DRIVERS\tmnciesc.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-28 18:15]
.
2012-04-28 c:\windows\Tasks\HPCeeScheduleForJustine.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-18 568888]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2012-02-27 1304792]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2012-02-27 213824]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/


uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Justine\AppData\Roaming\Mozilla\Firefox\Profiles\o9uwaajs.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=20110830011347617&tb_oid=05-09-2011&tb_mrud=05-09-2011


FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com


FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=2&q=


FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id

- 3af8e9670000000000006c626d601189
FF - user.js: extensions.BabylonToolbar_i.hardId - 3af8e9670000000000006c626d601189
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15455
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1723:18
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
, none);
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - (no file)
Wow6432Node-HKU-Default-Run-dplaysvr - c:\windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
AddRemove-PDF Reader - c:\program files (x86)\PDFReader\Uninstall\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-570134600-2935155297-4020614257-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-570134600-2935155297-4020614257-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Panasonic\Ncr3\Ncrwd.exe
c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe
.
**************************************************************************
.
Completion time: 2012-05-02 16:48:14 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-02 20:48
.
Pre-Run: 604,869,705,728 bytes free
Post-Run: 606,953,779,200 bytes free
.
- - End Of File - - 6AA64E7DED1B427709C05F1F5D300D82

[JonTom]

Hello Anthony Szum

Thank you for the log.

If you use this machine for any kind of financial transactions, please use an uninfected system to change all of your passwords as soon as you can.

1. Please work through the following steps
   
   
   
   • Hold down the Windows key (has the Windows symbol on it) and press the "R" key. A Run box will open. Type in Notepad and press Enter then click on "OK").
   • NOTE: Do not Use Wordpad or any other text editor except Notepad or the script will fail.
   • Copy and Paste the text in the quotebox below into the open Notepad window:
     
     

     Firefox::
     FF - ProfilePath - c:\users\Justine\AppData\Roaming\Mozilla\Firefox\Profiles\o9uwaajs.default\
     FF - user.js: extensions.BabylonToolbar_i.babExt -
     FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
     FF - user.js: extensions.BabylonToolbar_i.id - 3af8e9670000000000006c626d601189
     FF - user.js: extensions.BabylonToolbar_i.hardId - 3af8e9670000000000006c626d601189
     FF - user.js: extensions.BabylonToolbar_i.instlDay - 15455
     FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
     FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
     FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1723:18
     FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
     FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
     FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
     FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
     FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
     FF - user.js: extensions.BabylonToolbar_i.instlRef - sst, none);
     FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
     FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
     
     Folder::
     c:\users\Justine\AppData\Local\Babylon
     c:\users\Justine\AppData\Roaming\Babylon
     c:\programdata\Babylon

     
     
   • Save this as "CFScript.txt" (including the quotation marks), change the "Save as type" to "All Files" and save it to your desktop.
   • Close any open browsers.
   • Disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
   • Refering to the picture below, drag CFScript.txt into ComboFix.exe
     
     
     
     
   • When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
   • Once the log is produced, re-engage your resident anti virus.
   
   
   
2. MalwareBytes AntiMalware:
   
   
   
   • I can see that you have MBAM installed.
   • Double click on your MalwareBytes AntiMalware icon to launch the program.
   • Click on the "Update" tab and then on "Check for Updates".
   • The program will now install the latest Malware definition files.
   • Once complete, click on the "Scanner" tab, select "Perform Quick Scan"and then click on "Scan".
   • Once the program has scanned your computer, a log file will be created in Notepad.
   • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
   
   
   
   
   • If the scan detects any Malware-related objects, make sure that everything is checked, and click "Remove Selected" <– Very Important.
   • When disinfection is completed, a log will open in Notepad and you may be prompted to restart your computer.
   • The log is automatically saved by MBAM and can be viewed by clicking the "Logs" tab.
   • Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process. If asked to restart your computer, please do so immediately.
   • Come back here to this thread and Paste the log in your next reply.
   
   
   Please post the Combofix log and the MBAM log in your next reply.

[AnthonySzum]

ComboFix 12-05-02.03 - Justine 05/05/2012 14:26:21.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8151.6577 [GMT -4:00]
Running from: c:\users\Justine\Desktop\ComboFix.exe
Command switches used :: c:\users\Justine\Desktop\CFScript.txt
AV: Trend Micro Titanium Internet Security 2012 *Disabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}
SP: Trend Micro Titanium Internet Security 2012 *Disabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Babylon
c:\users\Justine\AppData\Local\Babylon
c:\users\Justine\AppData\Local\Babylon\Setup\bab033.tbinst.dat
c:\users\Justine\AppData\Local\Babylon\Setup\bab091.norecovericon.dat
c:\users\Justine\AppData\Local\Babylon\Setup\Babylon.dat
c:\users\Justine\AppData\Local\Babylon\Setup\BExternal.dll
c:\users\Justine\AppData\Local\Babylon\Setup\HtmlScreens\blueStar.png
c:\users\Justine\AppData\Local\Babylon\Setup\HtmlScreens\eula.html
c:\users\Justine\AppData\Local\Babylon\Setup\HtmlScreens\globe.png
c:\users\Justine\AppData\Local\Babylon\Setup\HtmlScreens\options.js
c:\users\Justine\AppData\Local\Babylon\Setup\HtmlScreens\page0.html
c:\users\Justine\AppData\Local\Babylon\Setup\HtmlScreens\page2.css
c:\users\Justine\AppData\Local\Babylon\Setup\HtmlScreens\page2.html
c:\users\Justine\AppData\Local\Babylon\Setup\HtmlScreens\page2Lrg.css
c:\users\Justine\AppData\Local\Babylon\Setup\HtmlScreens\page3.css
c:\users\Justine\AppData\Local\Babylon\Setup\HtmlScreens\page3.html
c:\users\Justine\AppData\Local\Babylon\Setup\HtmlScreens\page3Lrg.css
c:\users\Justine\AppData\Local\Babylon\Setup\HtmlScreens\pBar.gif
c:\users\Justine\AppData\Local\Babylon\Setup\HtmlScreens\progress.png
c:\users\Justine\AppData\Local\Babylon\Setup\HtmlScreens\setup.js
c:\users\Justine\AppData\Local\Babylon\Setup\HtmlScreens\title.png
c:\users\Justine\AppData\Local\Babylon\Setup\HtmlScreens\toolBar.jpg
c:\users\Justine\AppData\Local\Babylon\Setup\IECookieLow.dll
c:\users\Justine\AppData\Local\Babylon\Setup\Setup-latest-30b.zpb
c:\users\Justine\AppData\Local\Babylon\Setup\Setup-tbmntr903.zpb
c:\users\Justine\AppData\Local\Babylon\Setup\Setup.exe
c:\users\Justine\AppData\Local\Babylon\Setup\SetupStrings.dat
c:\users\Justine\AppData\Local\Babylon\Setup\sign
c:\users\Justine\AppData\Local\Babylon\Setup\sqlite3.dll
c:\users\Justine\AppData\Roaming\Babylon
c:\users\Justine\AppData\Roaming\Babylon\log_file.txt
.
.
((((((((((((((((((((((((( Files Created from 2012-04-05 to 2012-05-05 )))))))))))))))))))))))))))))))
.
.
2012-05-05 18:30 . 2012-05-05 18:30 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-03 07:00 . 2012-03-06 06:43 5504880 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-03 07:00 . 2012-03-06 05:59 3958128 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-05-03 07:00 . 2012-03-06 05:59 3902320 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-05-02 19:58 . 2012-05-02 19:58 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-02 18:04 . 2012-05-02 18:04 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-05-02 18:04 . 2012-05-02 18:04 157352 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-02 18:04 . 2012-05-02 18:04 129976 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-04-30 18:14 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-30 18:14 . 2012-04-30 18:14 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-04-29 17:22 . 2012-04-29 17:22 -------- d-----w- C:\temp
2012-04-28 19:03 . 2012-04-28 19:03 -------- d-----w- c:\users\Justine\AppData\Local\Trend Micro
2012-04-28 19:03 . 2012-04-28 19:00 67344 ----a-w- c:\windows\system32\drivers\tmeevw.sys
2012-04-28 19:03 . 2012-04-28 19:00 210704 ----a-w- c:\windows\system32\drivers\tmnciesc.sys
2012-04-28 19:02 . 2012-04-28 19:00 105744 ----a-w- c:\windows\system32\drivers\tmtdi.sys
2012-04-28 19:02 . 2012-04-28 19:00 91920 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2012-04-28 19:02 . 2012-04-28 19:00 70928 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2012-04-28 19:02 . 2012-04-28 19:00 167696 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2012-04-28 19:02 . 2012-04-28 19:02 56 ----a-w- c:\windows\system32\SupportTool.exe.bat
2012-04-28 19:02 . 2012-04-28 19:02 -------- d-----w- c:\program files\Trend Micro
2012-04-28 19:01 . 2012-04-28 19:03 -------- d-----w- c:\programdata\Trend Micro
2012-04-28 18:50 . 2012-04-29 17:10 -------- d-----w- c:\program files (x86)\Trend Micro
2012-04-28 18:43 . 2012-04-28 18:43 -------- d-----w- c:\users\Justine\AppData\Local\CRE
2012-04-28 18:43 . 2012-04-28 18:43 -------- d-----w- c:\program files (x86)\Conduit
2012-04-28 18:43 . 2012-04-28 18:45 -------- d-----w- c:\users\Justine\AppData\Local\Conduit
2012-04-28 18:43 . 2012-04-28 18:43 -------- d-----w- c:\program files (x86)\BitTorrent
2012-04-28 18:42 . 2012-05-05 18:32 -------- d-----w- c:\users\Justine\AppData\Roaming\BitTorrent
2012-04-28 18:15 . 2012-04-28 18:15 -------- d-----w- c:\windows\system32\Macromed
2012-04-28 18:15 . 2012-05-05 07:15 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-28 16:28 . 2012-04-28 16:28 -------- d-----w- c:\program files (x86)\ESET
2012-04-28 16:25 . 2012-05-05 07:15 419488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-04-28 16:12 . 2012-04-28 16:12 -------- d-----w- c:\users\Justine\AppData\Roaming\Malwarebytes
2012-04-28 16:12 . 2012-04-28 16:12 -------- d-----w- c:\programdata\Malwarebytes
2012-04-28 16:08 . 2012-04-28 16:08 -------- d-----w- c:\program files\CCleaner
2012-04-28 16:02 . 2012-04-28 16:02 -------- d-----w- C:\AI_RecycleBin
2012-04-27 09:57 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DA4F9BA7-E82E-4EDF-B39D-910B08177823}\mpengine.dll
2012-04-25 03:21 . 2012-04-28 16:02 -------- d-sh--w- c:\windows\SysWow64\AI_RecycleBin
2012-04-25 03:18 . 2012-04-25 03:18 237 ----a-w- C:\user.js
2012-04-25 03:17 . 2012-04-28 15:58 -------- d-----w- c:\program files (x86)\Wajam
2012-04-25 03:17 . 2012-04-28 15:59 -------- d-----w- c:\programdata\Tarma Installer
2012-04-15 07:00 . 2012-03-01 06:54 22896 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-15 07:00 . 2012-03-01 06:45 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-15 07:00 . 2012-03-01 06:40 80896 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-15 07:00 . 2012-03-01 06:35 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-15 07:00 . 2012-03-01 05:49 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-15 07:00 . 2012-03-01 05:45 158720 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-15 07:00 . 2012-03-01 05:40 5120 ----a-w- c:\windows\SysWow64\wmi.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-05 07:15 . 2011-09-05 03:49 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-01 08:08 . 2012-03-01 08:08 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-03-01 08:08 . 2012-03-01 08:08 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-03-01 08:08 . 2012-03-01 08:08 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-03-01 08:08 . 2012-03-01 08:08 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-03-01 08:08 . 2012-03-01 08:08 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-03-01 08:08 . 2012-03-01 08:08 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-03-01 08:08 . 2012-03-01 08:08 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-03-01 08:08 . 2012-03-01 08:08 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-03-01 08:08 . 2012-03-01 08:08 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-03-01 08:08 . 2012-03-01 08:08 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-03-01 08:08 . 2012-03-01 08:08 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-03-01 08:08 . 2012-03-01 08:08 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-03-01 08:08 . 2012-03-01 08:08 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-03-01 08:08 . 2012-03-01 08:08 448512 ----a-w- c:\windows\system32\html.iec
2012-03-01 08:08 . 2012-03-01 08:08 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-03-01 08:08 . 2012-03-01 08:08 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-03-01 08:08 . 2012-03-01 08:08 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-03-01 08:08 . 2012-03-01 08:08 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 08:08 . 2012-03-01 08:08 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-03-01 08:08 . 2012-03-01 08:08 222208 ----a-w- c:\windows\system32\msls31.dll
2012-03-01 08:08 . 2012-03-01 08:08 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-03-01 08:08 . 2012-03-01 08:08 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-03-01 08:08 . 2012-03-01 08:08 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-03-01 08:08 . 2012-03-01 08:08 160256 ----a-w- c:\windows\system32\wextract.exe
2012-03-01 08:08 . 2012-03-01 08:08 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-03-01 08:08 . 2012-03-01 08:08 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-03-01 08:08 . 2012-03-01 08:08 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-03-01 08:08 . 2012-03-01 08:08 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-03-01 08:08 . 2012-03-01 08:08 12288 ----a-w- c:\windows\system32\mshta.exe
2012-03-01 08:08 . 2012-03-01 08:08 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-03-01 08:08 . 2012-03-01 08:08 114176 ----a-w- c:\windows\system32\admparse.dll
2012-03-01 08:08 . 2012-03-01 08:08 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-03-01 08:08 . 2012-03-01 08:08 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-03-01 08:08 . 2012-03-01 08:08 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-02-23 14:18 . 2012-01-21 17:03 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-15 06:27 . 2012-03-14 10:14 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-15 05:44 . 2012-03-14 10:14 826368 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-15 04:47 . 2012-03-14 10:14 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-15 04:46 . 2012-03-14 10:14 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 06:24 . 2012-03-14 10:16 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 06:23 . 2012-03-14 10:16 1837568 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-10 06:23 . 2012-03-14 10:16 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-02-10 06:23 . 2012-03-14 10:16 320512 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-02-10 06:23 . 2012-03-14 10:16 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-10 05:35 . 2012-03-14 10:16 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-10 05:35 . 2012-03-14 10:16 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-02-10 05:35 . 2012-03-14 10:16 218624 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2012-02-10 05:35 . 2012-03-14 10:16 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2012-02-10 05:35 . 2012-03-14 10:16 1170944 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2012-02-07 15:02 . 2012-02-07 15:02 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-02_20.45.49 )))))))))))))))))))))))))))))))))))))))))
.
- 2012-05-02 20:29 . 2012-05-02 20:29 13342 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2012-05-05 18:30 . 2012-05-05 18:30 13342 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2010-10-21 00:42 . 2012-05-02 20:46 52040 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2010-10-07 00:58 . 2012-04-28 18:15 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-10-07 00:58 . 2012-05-05 07:15 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-10-07 00:58 . 2012-04-28 18:15 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-10-07 00:58 . 2012-05-05 07:15 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-04-28 18:15 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-05 07:15 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:46 . 2012-05-03 07:19 78512 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2012-05-05 18:31 . 2012-05-05 18:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-05-02 20:29 . 2012-05-02 20:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-05-05 18:31 . 2012-05-05 18:31 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-05-02 20:29 . 2012-05-02 20:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-05-05 07:15 . 2012-05-05 07:15 351904 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_Plugin.exe
+ 2012-05-05 06:15 . 2012-05-05 06:15 351904 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe
+ 2012-05-05 06:15 . 2012-05-05 06:15 424096 c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.dll
+ 2012-04-28 16:25 . 2012-05-05 07:15 257696 c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
+ 2009-07-14 04:54 . 2012-05-05 07:15 278528 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-05-02 19:52 278528 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 02:36 . 2012-05-03 07:20 639068 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-05-02 20:34 639068 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-05-02 20:34 111466 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-05-03 07:20 111466 c:\windows\system32\perfc009.dat
+ 2012-05-05 07:15 . 2012-05-05 07:15 630944 c:\windows\system32\Macromed\Flash\FlashUtil64_11_2_202_235_Plugin.exe
+ 2012-05-05 06:15 . 2012-05-05 06:15 631456 c:\windows\system32\Macromed\Flash\FlashUtil64_11_2_202_235_ActiveX.exe
+ 2012-05-05 06:15 . 2012-05-05 06:15 461984 c:\windows\system32\Macromed\Flash\FlashUtil64_11_2_202_235_ActiveX.dll
+ 2009-07-14 05:01 . 2012-05-05 18:30 401356 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-05-02 20:29 401356 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-01-14 11:10 . 2011-01-14 11:10 155520 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKWORD6.DLL
+ 2011-01-14 11:10 . 2011-01-14 11:10 140160 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKEXCEL2.DLL
+ 2012-05-05 07:15 . 2012-05-05 07:15 8797856 c:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
- 2009-07-14 04:54 . 2012-05-02 19:52 8273920 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-05-05 07:15 8273920 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:45 . 2012-05-03 07:18 3801083 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
- 2009-07-14 04:45 . 2012-04-29 17:12 3801083 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2010-10-21 02:59 . 2012-05-05 18:30 1215088 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2010-10-21 02:59 . 2012-04-30 18:49 1215088 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2010-10-21 02:59 . 2012-05-05 18:30 1535220 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-570134600-2935155297-4020614257-1001-8192.dat
- 2010-10-21 02:59 . 2012-05-02 20:29 1535220 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-570134600-2935155297-4020614257-1001-8192.dat
+ 2011-01-14 11:10 . 2011-01-14 11:10 2395008 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKWORD.DLL
+ 2011-01-14 11:10 . 2011-01-14 11:10 3443072 c:\windows\Installer\$PatchCache$\Managed\00004109500200000000000000F01FEC\14.0.5130\GKEXCEL.DLL
+ 2009-07-14 04:54 . 2012-05-05 07:15 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-05-02 19:52 16187392 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 02:34 . 2012-05-02 20:43 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2012-05-05 11:34 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2012-05-05 07:15 . 2012-05-05 07:15 11590304 c:\windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisorDock"="c:\program files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe" [2010-09-28 1715768]
"Ncr3"="c:\program files (x86)\Panasonic\Ncr3\ncrcore3.exe" [2008-11-29 1634304]
"Aim"="c:\program files (x86)\AIM\aim.exe" [2011-05-03 4321112]
"BitTorrent"="c:\program files (x86)\BitTorrent\BitTorrent.exe" [2012-04-28 6379888]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2009-10-14 563736]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-18 98304]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-12 288088]
"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Snapfish PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2010-6-17 1040952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-02 129976]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-06-13 400368]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2009-10-14 635416]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-10-01 2320920]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 tmeevw;tmeevw;c:\windows\system32\DRIVERS\tmeevw.sys [x]
S3 tmnciesc;tmnciesc;c:\windows\system32\DRIVERS\tmnciesc.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-28 07:15]
.
2012-04-28 c:\windows\Tasks\HPCeeScheduleForJustine.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 03:15]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-18 568888]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2012-02-27 1304792]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2012-02-27 213824]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Justine\AppData\Roaming\Mozilla\Firefox\Profiles\o9uwaajs.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=20110830011347617&tb_oid=05-09-2011&tb_mrud=05-09-2011
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=2&q=
FF - prefs.js: network.proxy.type - 0
, none);
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-570134600-2935155297-4020614257-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-570134600-2935155297-4020614257-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Panasonic\Ncr3\Ncrwd.exe
c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe
.
**************************************************************************
.
Completion time: 2012-05-05 14:36:19 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-05 18:36
ComboFix2.txt 2012-05-02 20:48
.
Pre-Run: 608,189,292,544 bytes free
Post-Run: 608,340,443,136 bytes free
.
- - End Of File - - 7D40E3FC0541510D0127DE0B3295F78C







Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.05.07

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Justine :: JUSTINE-HP [administrator]

Protection: Enabled

5/5/2012 2:49:06 PM
mbam-log-2012-05-05 (14-49-06).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 207055
Time elapsed: 1 minute(s), 32 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

[JonTom]

Hello Anthony Szum

Thank you for the logs.

Lets clean out your temporary files and then check for anything that may have been missed with an online scan:

1. Temporary File Cleaner
   
   
   
   • Download TFC to your desktop.
   • Close any open windows.
   • Right click the TFC icon and select "Run as Administrator" to run the program.
   • TFC will close all open programs itself in order to run.
   • Click the Start button to begin the process.
   • Allow TFC to run uninterrupted.
   • The program should not take long to finish.
   • Once complete it should automatically reboot your machine.
   • If your machine does not reboot automatically, manually reboot to ensure a complete clean.
   • Note: After running TFC your machine may take slightly longer to boot the first time. This is normal.
   
   
   
2. Please run the following scan
   
   
   
   • Note: You will need to use Internet Explorer for this scan.
   • Note for Vista/Windows 7 Users: ESET is compatible but Internet Explorer must be run as Administrator. To do this, right-click on your Internet Explorer icon and select "Run as Administrator".
   • Please disable your real time security programs before performing the scan.
   
   
   
   
   • Scan your system with Eset Online Scanner
   • Place a check mark in the box YES, I accept the Terms Of Use.
   • Click the button.
   • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps).
   • Click on to download the ESET Smart Installer. Save it to your desktop.
   • Double click on the icon on your desktop.
   
   
   
   
   • Check
   • Click the button.
   • Accept any security warnings from your browser.
   • Check
   • Make sure that the option to "Remove Found Threats" is UN checked.
   • Push the "Start" button.
   • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
   • When the scan completes, push
   • Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
   • Push the button.
   • Push
   
   
   Please post the ESET log in your next reply along with a new set of DDS logs, and let me know how your machine is running now

[AnthonySzum]

.

[AnthonySzum]

Whan I ran the Eset online, it picked up 3 viruses at 21% completed. I did the stupid thing of stopping the scan because I never un-checked the box that said "remove found threats". I restarted the computer in hopes that the viruses would load again but they never did. I re-scanned using Eset again making sure I un-checked the box and nothing was found the second time around. I wasn't able to save a log as there was no log to produce. Why would my Trend Micro Internet Security 2010 not pick these up and a free online scanner would?

Another thing that concerns me is that ever since my computer has been infected, i have been receiving this messege everytime I start up my computer:

http://imageshack.us/photo/my-images/641/imag0123rs.jpg/


Any way to fix this?



Below are my DDS logs

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Justine at 20:00:16 on 2012-05-08
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8151.6145 [GMT -4:00]
.
AV: Trend Micro Titanium Internet Security 2012 *Disabled/Updated* {7193B549-236F-55EE-9AEC-F65279E59A92}
SP: Trend Micro Titanium Internet Security 2012 *Disabled/Updated* {CAF254AD-0555-5A60-A05C-CD200262D02F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files (x86)\Panasonic\Ncr3\ncrcore3.exe
C:\Program Files (x86)\AIM\aim.exe
C:\Program Files (x86)\BitTorrent\BitTorrent.exe
C:\Program Files (x86)\Panasonic\Ncr3\Ncrwd.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Wajam: {a7a6995d-6ee1-4fd1-a258-49395d5bf99c} - C:\Program Files (x86)\Wajam\IE\wajam.dll
BHO: TmBpIeBHO Class: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1102\7.1.1102\TmBpIe32.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe
uRun: [Ncr3] C:\Program Files (x86)\Panasonic\Ncr3\ncrcore3.exe
uRun: [Aim] "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US
uRun: [BitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe" /MINIMIZED
mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SNAPFI~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {33704B0F-9EB7-434B-B752-EA6CFFB87423} - hxxp://192.168.1.253:5000/JpegInst.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{499FE582-5E9E-4A2E-AB47-CF9564A27BDE} : DhcpNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\7.1.1102\7.1.1102\TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1078\TmIEPlg32.dll
BHO-X64: Trend Micro NSC BHO - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Wajam: {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\wajam.dll
BHO-X64: Wajam IE BHO - No File
BHO-X64: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1102\7.1.1102\TmBpIe32.dll
BHO-X64: TmBpIeBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun-x64: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Justine\AppData\Roaming\Mozilla\Firefox\Profiles\o9uwaajs.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=20110830011347617&tb_oid=05-09-2011&tb_mrud=05-09-2011
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=2&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\nphdplg.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
.
---- FIREFOX POLICIES ----
, none);
.
============= SERVICES / DRIVERS ===============
.
R1 tmevtmgr;tmevtmgr;C:\Windows\system32\DRIVERS\tmevtmgr.sys --> C:\Windows\system32\DRIVERS\tmevtmgr.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-6-12 400368]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-10-6 13336]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-30 654408]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-1 2804568]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2010-10-6 635416]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-6 2320920]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
R3 tmeevw;tmeevw;C:\Windows\system32\DRIVERS\tmeevw.sys --> C:\Windows\system32\DRIVERS\tmeevw.sys [?]
R3 tmnciesc;tmnciesc;C:\Windows\system32\DRIVERS\tmnciesc.sys --> C:\Windows\system32\DRIVERS\tmnciesc.sys [?]
S2 Amsp;Trend Micro Solution Platform;C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2012-4-28 275912]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-28 257696]
S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-2 129976]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-05-08 18:22:48 -------- d-sh--w- C:\$RECYCLE.BIN
2012-05-03 07:00:24 5504880 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-03 07:00:23 3958128 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-03 07:00:23 3902320 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-05-02 20:21:29 98816 ----a-w- C:\Windows\sed.exe
2012-05-02 20:21:29 518144 ----a-w- C:\Windows\SWREG.exe
2012-05-02 20:21:29 256000 ----a-w- C:\Windows\PEV.exe
2012-05-02 20:21:29 208896 ----a-w- C:\Windows\MBR.exe
2012-05-02 19:58:07 -------- d-----w- C:\TDSSKiller_Quarantine
2012-05-02 18:04:13 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2012-05-02 18:04:09 157352 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-02 18:04:09 129976 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-04-30 18:14:08 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-04-30 18:14:07 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-29 17:22:53 -------- d-----w- C:\temp
2012-04-28 19:03:33 -------- d-----w- C:\Users\Justine\AppData\Local\Trend Micro
2012-04-28 19:03:00 67344 ----a-w- C:\Windows\System32\drivers\tmeevw.sys
2012-04-28 19:03:00 210704 ----a-w- C:\Windows\System32\drivers\tmnciesc.sys
2012-04-28 19:02:56 105744 ----a-w- C:\Windows\System32\drivers\tmtdi.sys
2012-04-28 19:02:54 91920 ----a-w- C:\Windows\System32\drivers\tmactmon.sys
2012-04-28 19:02:54 70928 ----a-w- C:\Windows\System32\drivers\tmevtmgr.sys
2012-04-28 19:02:54 167696 ----a-w- C:\Windows\System32\drivers\tmcomm.sys
2012-04-28 19:02:37 56 ----a-w- C:\Windows\System32\SupportTool.exe.bat
2012-04-28 19:02:26 -------- d-----w- C:\Program Files\Trend Micro
2012-04-28 19:01:59 -------- d-----w- C:\ProgramData\Trend Micro
2012-04-28 18:50:02 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-04-28 18:43:59 -------- d-----w- C:\Users\Justine\AppData\Local\CRE
2012-04-28 18:43:56 -------- d-----w- C:\Program Files (x86)\Conduit
2012-04-28 18:43:55 -------- d-----w- C:\Users\Justine\AppData\Local\Conduit
2012-04-28 18:43:25 -------- d-----w- C:\Program Files (x86)\BitTorrent
2012-04-28 18:42:02 -------- d-----w- C:\Users\Justine\AppData\Roaming\BitTorrent
2012-04-28 18:15:11 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-04-28 16:28:34 -------- d-----w- C:\Program Files (x86)\ESET
2012-04-28 16:25:16 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-28 16:12:31 -------- d-----w- C:\Users\Justine\AppData\Roaming\Malwarebytes
2012-04-28 16:12:24 -------- d-----w- C:\ProgramData\Malwarebytes
2012-04-28 16:08:19 -------- d-----w- C:\Program Files\CCleaner
2012-04-28 16:02:16 -------- d-----w- C:\AI_RecycleBin
2012-04-27 09:57:00 8917360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DA4F9BA7-E82E-4EDF-B39D-910B08177823}\mpengine.dll
2012-04-25 03:21:06 -------- d-sh--w- C:\Windows\SysWow64\AI_RecycleBin
2012-04-25 03:17:44 -------- d-----w- C:\Program Files (x86)\Wajam
2012-04-25 03:17:25 -------- d-----w- C:\ProgramData\Tarma Installer
2012-04-15 07:00:18 80896 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-15 07:00:18 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-04-15 07:00:18 22896 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-15 07:00:18 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-15 07:00:18 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-15 07:00:18 158720 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-15 07:00:17 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
.
==================== Find3M ====================
.
2012-05-05 07:15:04 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-23 14:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-02-15 06:27:54 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-02-15 05:44:57 826368 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-02-15 04:47:21 204800 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-02-15 04:46:59 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-02-10 06:24:01 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-10 06:23:43 1837568 ----a-w- C:\Windows\System32\d3d10warp.dll
2012-02-10 06:23:42 902656 ----a-w- C:\Windows\System32\d2d1.dll
2012-02-10 06:23:42 320512 ----a-w- C:\Windows\System32\d3d10_1core.dll
2012-02-10 06:23:42 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2012-02-10 05:35:40 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-10 05:35:25 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-02-10 05:35:25 218624 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2012-02-10 05:35:25 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2012-02-10 05:35:25 1170944 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
.
============= FINISH: 20:00:31.98 ===============









.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 10/20/2010 8:40:48 PM
System Uptime: 5/8/2012 5:30:15 PM (2 hours ago)
.
Motherboard: MSI | | 2A9C
Processor: Intel® Core™ i5 CPU 760 @ 2.80GHz | CPU 1 | 2801/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 686 GiB total, 563.741 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 1.478 GiB free.
E: is CDROM (UDF)
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e968-e325-11ce-bfc1-08002be10318}
Description: ATI Radeon HD 5450
Device ID: PCI\VEN_1002&DEV_68F9&SUBSYS_21311462&REV_00\4&30136BC7&0&0018
Manufacturer: ATI Technologies Inc.
Name: ATI Radeon HD 5450
PNP Device ID: PCI\VEN_1002&DEV_68F9&SUBSYS_21311462&REV_00\4&30136BC7&0&0018
Service: amdkmdap
.
==== System Restore Points ===================
.
RP172: 4/28/2012 3:00:10 AM - Windows Update
RP173: 4/28/2012 12:00:28 PM - Removed Fliptoast
RP174: 4/28/2012 3:14:24 PM - Windows Update
RP175: 4/30/2012 3:00:15 AM - Windows Update
RP176: 4/30/2012 2:49:19 PM - Windows Update
RP177: 5/2/2012 3:00:15 AM - Windows Update
RP178: 5/2/2012 3:43:35 AM - Windows Update
RP179: 5/2/2012 2:11:40 PM - Windows Update
RP180: 5/3/2012 3:00:11 AM - Windows Update
RP181: 5/5/2012 2:25:27 PM - ComboFix created restore point
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Adobe AIR
Adobe Reader X (10.1.3)
AIM 7
AOL Messaging Toolbar
Bejeweled 2 Deluxe
BitTorrent
Blackhawk Striker 2
Build-a-lot 2
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Chuzzle Deluxe
CinemaNow Media Manager
CyberLink DVD Suite Deluxe
D3DX10
Diner Dash 2 Restaurant Rescue
Dora's Carnival Adventure
Download Updater (AOL LLC)
DVD Menu Pack for HP MediaSmart Video
Epson Event Manager
EPSON Scan
EpsonNet Print
EpsonNet Setup
Escape Rosecliff Island
ESET Online Scanner v3
FATE
Feedback Tool
Final Drive Nitro
Heroes of Hellas 2 - Olympia
Hewlett-Packard ACLM.NET v1.1.2.0
HP Advisor
HP Customer Experience Enhancements
HP Game Console
HP Games
HP MediaSmart CinemaNow 2.0
HP MediaSmart DVD
HP MediaSmart Music
HP MediaSmart Photo
HP MediaSmart Video
HP MediaSmart/TouchSmart Netflix
HP Odometer
HP Setup
HP Support Assistant
HP Support Information
HP Update
Hulu Desktop
HydraVision
Intel® Management Engine Components
Intel® Rapid Storage Technology
Jewel Quest 3
Jewel Quest Solitaire 2
Junk Mail filter update
Kobo
LabelPrint
LightScribe System Software
Malwarebytes Anti-Malware version 1.61.0.1400
Mesh Runtime
Messenger Companion
Microsoft Default Manager
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Click-to-Run 2010
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Starter 2010 - English
Microsoft Office Word MUI (English) 2007
Microsoft PowerPoint Viewer
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft WSE 3.0 Runtime
Movie Theme Pack for HP MediaSmart Video
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Network Camera Recorder with Viewer Software
Norton Online Backup
PDF Complete Special Edition
Penguins!
PhotoNow!
PictureMover
Plants vs. Zombies
Poker Superstars III
Polar Bowler
Polar Golfer
Power2Go
PowerDirector
PressReader
Realtek High Definition Audio Driver
Recovery Manager
Roxio CinemaNow 2.0
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Shakespeare In Bits - Romeo and Juliet
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2598306) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Virtual Families
Virtual Villagers - The Secret City
Wheel of Fortune 2
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Zinio Reader 4
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
5/8/2012 2:26:52 PM, Error: Service Control Manager [7034] - The EpsonBidirectionalService service terminated unexpectedly. It has done this 1 time(s).
5/5/2012 2:33:15 PM, Error: Service Control Manager [7000] - The HP Support Assistant Service service failed to start due to the following error: A device attached to the system is not functioning.
5/5/2012 2:31:10 PM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.
5/5/2012 2:30:22 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
5/5/2012 2:29:47 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
5/2/2012 4:00:45 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
5/2/2012 3:43:42 AM, Error: Service Control Manager [7038] - The WinHttpAutoProxySvc service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
5/2/2012 3:43:42 AM, Error: Service Control Manager [7000] - The WinHTTP Web Proxy Auto-Discovery Service service failed to start due to the following error: The service did not start due to a logon failure.
5/2/2012 2:11:57 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Windows 7 Service Pack 1 for x64-based Systems (KB976932).
5/2/2012 2:11:57 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Windows 7 for x64-based Systems (KB2679255).
.
==== End Of File ===========================

[JonTom]

Hello Anthony Szum

Why would my Trend Micro Internet Security 2010 not pick these up and a free online scanner would?

You presently have Trend Micro Titanium Internet Security 2012 installed (not 2010), but no security program is perfect. They all have their strengths and weaknesses. What may be picked up by one program may be missed by another.

I re-scanned using Eset again making sure I un-checked the box and nothing was found the second time around

Thank you for letting me know.

Another thing that concerns me is that ever since my computer has been infected, i have been receiving this messege everytime I start up my computer

That message relates to a problem with your ATI graphics driver. The driver itself may need to be updated or reinstalled.

Please create a new thread in our Software Forum to receive assistance with your driver issues.

Your latest DDS log appears to be clean

Lets remove our tools in the steps below:

1. Please Uninstall Combofix
   
   
   
   • Hold down the Windows key (has the Windows symbol on it) and press the "R" key.
   • A Run box will open.
   • Type combofix /uninstall in the run box and click "OK". Please note the space between the "x" and the "/Uninstall", it needs to be there.
   
   
   
2. Removal of Tools
   
   
   
   • You no longer need DDS, aswMBR or TDSSKiller. Please delete them from your machine.
   
   
   
   Once you have completed the above steps you should be good to go!
   
   
3. Finally, please take the time to read through the information provided below:
   
   Enhance your System Security
   
   
   • For an excellent list of free anti virus software, free online virus scanners, free spyware detection/removal and free firewalls, click here.
   
   
   
   • IMPORTANT! Please make sure you only have ONE firewall and ONE real-time antivirus installed on your system. When using "on demand" scanners, first update the detection signature files, then disconnect from the internet and disable your resident security program before running the scan.
   • Once complete, remember to re-engage your resident security before going online.
   
   
   Web Browsers and Browser Security
   
   Firefox
   
   • Firefox is generally considered to have greater browsing security in comparison to other popular programs. You can download Firefox 3.0 from here.
   
   
   No-Script
   
   • If you use Firefox as your default browser, No-Script can provide additional security by preventing malicious scripts from being executed on your system.
   • You can download No-Script by clicking here.
   
   
   Internet Explorer
   
   • The newest version of Internet Explorer is available from here.
   
   
   SpywareBlaster
   
   • If you use Internet Explorer as your default browser, SpywareBlaster would be a valuable addition to your online security.
   • SpywareBlaster prevents malicious ActiveX objects from being downloaded onto your system.
   • You can download SpywareBlaster by clicking here.
   
   
   Web of Trust
   
   • When using search engines, Web of Trust provides you with an easy way of telling the good sites from the bad and is compatible with both Firefox and Internet Explorer.
   • Coloured symbols are displayed next to search results, giving you more confidence in the links you choose to click on: Green (To go), Yellow (Caution) and Red (Stop).
   • You can download Web of Trust by clicking here.
   
   
   Keep your Software Updated
   
   • Outdated software can sometimes have vulnerabilities that are exploitable by malware.
   • Check if there are available updates for your installed software with Secunia's Online Software Inspector by clicking here.
   
   
   Passwords
   
   • Learn how to create strong passwords by clicking here and test the strength of the passwords you already use by clicking here.
   
   
   General Reading
   
   • PC Safety and Security - What do I need?
   • How to prevent Malware (by Miekiemoes)
   
   
   Learn How To Combat Malware
   
   • Would you like to learn how to fight back against malware and help others? Enroll at the What The Tech (Formerly Tom Coyotes) Malware Classroom by clicking here.

[AnthonySzum]

Everything removed. Thank you so much for your time and help.
You guys rock!

-Anthony

[JonTom]

Thank you so much for your time and help

You are Very Welcome Anthony Szum

Since this problem appears to be resolved this topic is now closed.

Glad we could help

Best wishes
JonTom